He estado viendo diferentes versiones de la siguiente declaración de privacidad en Facebook:

“Hoy día X, haciendo pleno uso de mis facultades mentales y de mi titularidad de esta cuenta en Facebook, declaro, a quien pueda interesar y en particular al administrador de la empresa Facebook, que mis derechos [...]]]> Translation into Spanish of this article.

He estado viendo diferentes versiones de la siguiente declaración de privacidad en Facebook:

“Hoy día X, haciendo pleno uso de mis facultades mentales y de mi titularidad de esta cuenta en Facebook, declaro, a quien pueda interesar y en particular al administrador de la empresa Facebook, que mis derechos de autor están relacionados con todos mis datos personales, comentarios, textos, artículos, ilustraciones, comics, pinturas, fotos, videos profesionales y demás publicaciones en formato electrónico que bajo mi firma yo difunda en este sitio.

Lo anterior tomando como base el principio consagrado en el Convenio de Berna para la Protección de las Obras Literarias y Artísticas, así como lo concerniente a la respectiva ley nacional de derecho de autor. Para el uso comercial de los artículos mencionados, siempre será necesario mi consentimiento por escrito. Por esta declaración, notifico a Facebook que se prohíbe terminantemente a divulgar, copiar, distribuir, divulgar o tomar cualquier otra acción contra mí en base a este perfil y/o su contenido. Estas acciones prohibidas también se aplican a empleados, estudiantes, agentes o miembros de cualquier equipo, bajo la dirección o control de Facebook. El contenido de este perfil es información privada y confidencial. La violación de privacidad puede ser castigada por la ley (UCC 1-308-1 1 308-103 y el estatuto de Roma).

Nota: Facebook es ahora una entidad pública. Todos los miembros deben publicar una nota como ésta. Si lo prefiere, puede copiar y pegar esta versión. Si no publica una declaración al menos una vez estará tácitamente permitiendo el uso de tus fotos, así como la información contenida en las actualizaciones de estado de perfil. No comparta; copie y pegue)”

Es interesante como los bromistas modernos parecen explotar ansiedades de hoy en día a través de Facebook. Las leyendas urbanas solían explotar ansiedades sociales y sexuales, o en algunos casos se aprovechaban de la codicia (todavía recuerdo el famoso correo de Bill Gates ofreciendo miles de dólares). Ahora los mitos toman forma del miedo a perder todo su contenido en Facebook. Es aún más interesante que las declaraciones anteriores se están reproduciendo fuera de los EE.UU., como si de alguna manera todos estamos sujetos a la jurisdicción y las leyes gringas.

No habría que repetir que el valor legal de dichas declaraciones es completamente nulo. A mi parecer, esta declaración parece estar relacionada con un viejo (e inútil) mito legal en algunos sitios web que se suponía podrían inmunizar al usuario contra las demandas de infracción de derechos de autor.

Cuando los usuarios se inscriben en Facebook, o cualquier otro servicio Web, tienen que aceptar los términos de uso del sitio que rigen los derechos de las partes interesadas (es decir, usted y el proveedor). No es posible seleccionar y elegir secciones de las condiciones de uso. Si bien puede haber partes del convenio que uno firma con Facebook que podrían considerarse ilegales en algunas jurisdicciones, esto tiene que ser declarado por un juez, uno no puede adherirse a un convenio y después unilateralmente declarar que hay partes en las que no está de acuerdo. Si no le gustan las políticas de Facebook, puede borrar su cuenta y salirse del sitio.

Lo peor de la mencionada declaración es que habla de la sección 1-308 del Unified Commercial Code (UCC) de los Estados Unidos , el cual no tiene el significado que los bromistas le tratan de dar. El asunto es que esta sección es muy popular con gente que no tiene conocimiento legal alguno. La sección mencionada ofrece a contratantes de algunos convenios comerciales el continuar con el rendimiento de lo obligado bajo protesta, o sin perjuicio. Esto se realiza bajo el entendido que la parte va a demandar en un futuro cercano. Lo anterior significa que el acuerdo no afecta los derechos reservados actuales, nada más, nada menos. Amantes de las teorías de conspiración creen que ésta sección de alguna manera concede a la persona que la usa increíbles poderes legales, tales como el poder conducir ebrio, o los exime de otras violaciones de tráfico. Esto viene de un error en el concepto legal de contrato. La verdad es que no se puede renunciar unilatealmente de las obligaciones legales.

Y ni que decir que ni el Convenio de Berna ni el Estatuto de Roma tienen nada que ver con el UCC ni con la privacidad de datos en Facebook. La verdad es que el Convenio de Berna otorga derechos de autor a quien los crea, sin necesitar registro ni otras formalidades. Esto implica que no es necesario poner nada en el muro para proteger los derechos propios. El Estatuto de Roma de la Corte Penal Internacional no tiene nada que ver con Facebook, a menos que uno se encuentre cometiendo genocidio u otros delitos contra la humanidad en su cuenta.

En resumen, si tienen ansiedades legales sobre Facebook, mejor dejen de usarlo.

Since September 11, 2001, whenever I was visiting or passing through the United States, I have been subjected to more “random” security checks than could ever be expected by chance alone. Similarly, I have come to expect to be stopped by the Immigration officers about 50% of the time. The TSA are also keen [...]]]>

Since September 11, 2001, whenever I was visiting or passing through the United States, I have been subjected to more “random” security checks than could ever be expected by chance alone. Similarly, I have come to expect to be stopped by the Immigration officers about 50% of the time. The TSA are also keen on conducting humiliating pat-downs, and going through the full-body scan scares me silly. Why all of these security measures? I have no idea, I happen to have one of those Latin American looks that could belong anywhere in the Mediterranean, I could be North-African, Spanish, Italian, Greek, Turkish, Lebanese, or Egyptian. My passport is also full of stamps from exotic (and dangerous) locations, from Pakistan to Rwanda. I also usually travel on my own, and I guess that I exude a perennial “I am lost” vibe that might trigger suspicion amongst security types.

In short, I do not conform to the norm, and therefore I am usually asked to explain my finances, work situation, family, and travel arrangements; the underlying implication being that my look and life choices make it very likely that I am a terrorist drug-dealing money-laundering anarchist subversive. The level of humiliation suffered at the hands of the TSA and their ilk has left me feeling very cynical when it comes to the United States security agencies, one cannot have any patience with the kind of people who treat visitors this way. So I was not even remotely surprised by the NSA surveillance revelations, I have come to expect that and worst from a country that gives agencies such as Homeland Security and the TSA a green light to treat human beings as nothing better than cattle. I have also come to expect very little of a political system that allows such security apparatus to operate, and which has elevated its own military to the status of demi-gods.

I was also not surprised by the NSA surveillance revelations because they help to make sense of some legislation such as CISPA, which directly attacks encryption intermediary services. In fact, I would not even be surprised to learn that the current Prism leaks are just the tip of the surveillance iceberg.

As horrendous as the revelations are, I am startled by the fact that one important aspect of the whole affair seems to be lost. So the US government is performing surveillance using data obtained from private enterprises, including mobile phone networks, social media, search engines, and other intermediary services. The key point that I have yet to see addressed is the fact that the NSA did not have to build new surveillance mechanisms, they are using existing private data! In other words, there is no privacy already, all of this data is already probably being (mis)used for private purposes. There is no privacy, what shocked people is that the government is taking all of the data that is stored already by private services.

This became evident when reading the response to the leaks from some of the people in my timeline who are the most outrageous over-sharers that I know. It seems like the more someone shares on social media, the more likely they are to complain about privacy breaches. “Shame on you NSA” is followed by a FourSquare check-in and a bunch of geo-tagged Instagram pictures.

Privacy is dead. We killed it willingly. Governments obsessed with security will always try to use all of the data that we are already giving away, be they democracies or more authoritarian regimes.

Is there a solution? Unfortunately, I suspect nothing will change. The UK is already a surveillance society where the presence of a CCTV camera increases property value. The US already allows all sorts of abuses as long as they keep the terrorists at bay. We are also to blame, we are providing most of the data willingly; we are too in love with our shiny mobile phones, too obsessed with our social media, too enamoured with sharing.

We do have a choice. Leave Google, Facebook, Twitter, Foursquare, Waze, Instagram. Ditch the smart-phones. Turn off the GPS. As long as this trove of juicy data is in private hands, it will be misused, be it by the services themselves, or by governments. However, I am not an optimist in this respect, I am ashamed to admit that I am not likely to give up my new phone and turn off any of my social media. I suspect that I am not alone in this decision.

We can have the Internet, or we can have privacy. We can’t have both.

I have to admit that I have not read Jaron Lanier’s “Who Owns the Future?“, but mainstream media seems to be filled with snippets from the book. Often described as a visionary, Lanier has become one of the most prominent and outspoken critics of the digital economy. The most [...]]]>

Jobs, blink and they’re gone

I have to admit that I have not read Jaron Lanier’s “Who Owns the Future?“, but mainstream media seems to be filled with snippets from the book. Often described as a visionary, Lanier has become one of the most prominent and outspoken critics of the digital economy. The most publicised and quoted part of the book, offered as the ultimate evidence that the Internet destroys jobs and hurts the economy, has been the statement that at its height Kodak employed 140,000 people, while Instagram only employs 13. Where did all the jobs go?

The statement has been rightly criticised as both shallow and disingenuous. Firstly, Kodak was not killed by the Internet, it was destroyed by poor management, low margins, and bad decisions. It is true that Kodak was synonymous with film, but it actually attempted to manufacture printers and digital cameras for more than a decade, it was just trying to compete with companies that were more efficient at doing both.

Moreover, Lanier’s statement reeks of a certain technophobe conceit. Hidden in his Kodak statement is the implication that digital photography is not as good as film photography. Anyone over a certain age must remember the time of film cameras, how you had only a limited number of shots, how you could not preview your pictures, how you had to buy film and then wait to have it developed, and how pictures rested unseen at the bottom of some drawer. To bemoan the demise of film photography is akin to longing for the good old days of steam engines and the telegraph. Technologies change, this is an inescapable fact of life. I, for one, welcome digital photography with open arms.

But the true shallowness of the Instagram comparison is that it is purposefully misleading. It may sound profound at first, until you really think about what it is really saying and realise that it is a case of false equivalence. Lanier hints strongly that all of the jobs lost by Kodak should have been picked up by Instagram, if that is not the intention, then the analogy simply breaks down. But obviously there is no one-to-one substitution, Instagram does not equal digital photography. A more accurate analogy would be to look at other elements of the economy that have directly replaced Kodak, and this gives us a lengthy list of companies. Let’s just look at the memory card market, which provides a better type of comparison. We have several types of technologies here, including Secure Digital card (SD), MiniSD Card, CompactFlash (CF-I), Memory Stick, MultiMediaCard (MMC), and SmartMedia. Listing some of the jobs created by some of the top card manufacturers, we get a better picture of just how wrong Lanier truly is (this is not an exhaustive list):

Sandisk – 4,600 employees.
PNY – 1,000 employees in 13 company locations around the world.
Kingston – 4,200 employees.
Transcend – 2,200 employees.
Fujifilm – 35,274 (proving that you can make a successful transition from film to digital).
Samsung – 17% of South Korea’s total GDP.

And this does not even include chip manufacturers, external hard drive manufacturers, printer manufacturers, ink cartridge providers, digital printing services, digital camera makers, mobile phone manufacturers, computer manufacturers, media server providers, cloud storage services, social media… you get the picture (pardon the pun).

To use the Instagram analogy is lazy journalism of the worst kind. It sounds good, but it truly fails to consider the whole of the digital photography industry. To blame technology for job losses displays both lack of knowledge and imagination. The Internet creates jobs. True, it also replaces jobs, but given the preposterously poor level of journalism on display in some of the articles that praise Lanier, I think that we can accurately guess where the next number of jobs will be lost.

Many years ago I started reading The Wheel of Time fantasy series (yes… I know…) I started with Book 5, which I think is still the best of the franchise, just before it descended into a nightmarish description of clothes, and endless comments on the act of braid pulling. My interest in the series [...]]]>

Many years ago I started reading The Wheel of Time fantasy series (yes… I know…) I started with Book 5, which I think is still the best of the franchise, just before it descended into a nightmarish description of clothes, and endless comments on the act of braid pulling. My interest in the series coincided with the early Internet, and I discovered dozens of websites dedicated to all things WoT, from FAQs which detailed the complex world, to forums discussing major plot mysteries and twists. It was then that I discovered fan fiction. Not content with simply discussing characters and cultures, fans started inhabiting spaces where they could create their own characters, or expand on existing ones. I still remember a fan-based White Tower where people could create their own Aes Sedai, or bond a new Warder. It was all in good fun, and while I never really got into it, I did enjoy reading some stories, the level of detail and love that people would put into their characters was quite amazing.

Then I discovered the seedier neighbourhoods of fan fiction, and I vowed never to return.

Don’t get me wrong, I am no prude, but I honestly could never understand phenomena like slash fiction.  I never got why people had to sexualise beloved characters and make them do things that, to put mildly, might turn off even those with a strong will. I guess I am just too literal and like characters the way they were written. Yes, fan fiction has always had a bit of a sleazy reputation, which both explains its lack of mainstream allure, and unending popularity. Some people do really like to read about the imagined sexual escapades of their characters.

Until recently, fan fiction had no commercial interest, so authors simply shrugged it off as an the obscure Internet fad. But then a little-known UK TV executive wrote a racy re-telling of the Twilight saga called Master of the Universe, which took off like a rocket in fan fiction circles. This story was so popular that the author realised she could make real money from it, so she took out the Twilight elements and turned it into an ebook, which also started selling quite well. The ebooks were then picked up by traditional publishers and turned into a successful trilogy. You may have heard of the book, it’s now called 50 Shades of Grey.

Surprised? Not many people seem to know that 50 Shades is popular precisely because it is a BDSM version of Twilight, yet a text analysis confirms that 50 Shades of Grey is 89% similar to Master of the Universe.

However, the moral of the story is that there is potentially a lot of money in fan fiction, something that many of us have been saying for years. Some people in the content industry have finally woken up to the fact that fan creativity may very well prove to be a profitable revenue stream. If people are re-working and recreating their beloved characters, it is also possible that they will pay to read other people’s efforts.

This is why Amazon has announced a deal to sell fan fiction as ebooks in the Kindle network in a new platform called Kindle Worlds. Amazon has secured the support of Alloy Entertainment, a division of Warner Bros which creates books based on some of their shows, namely Gossip Girl, Pretty Little Liars, and Vampire Diaries. According to the deal, fans will be able to make and sell their fan fiction based on these shows (or more accurately, based on the books of these shows). The fan fiction author will get a 20% share of the sales, while the IP owners will get a generous cut of 35%, with the rest going to Amazon.

It will be interesting to see if other large content creators will follow this model. At the moment Kindle Worlds seems to be targeting the female teenage market (although I suspect Vampire Diaries has a more mature audience). Will Kindle Worlds allow the type of more sexual content that seems to be the hallmark of recent fan fiction? Only time will tell.

One thing is certain, I predict that there is a very small market for Game of Thrones fan fiction. There is little that a fan can think of that G R R Martin has not already done to his characters.

The world is finally waking up to the promises and threats of 3D printing, when a group of people calling themselves Defense Distributed published the plans online to make a 3D printed gun make almost entirely out of plastic, and posted a video of the gun being fired.

3D printing is [...]]]>

The Liberator gun

The world is finally waking up to the promises and threats of 3D printing, when a group of people calling themselves Defense Distributed published the plans online to make a 3D printed gun make almost entirely out of plastic, and posted a video of the gun being fired.

3D printing is set to be one of the biggest technical revolutions the world has ever seen, comparable only with the Internet in recent years. At the moment 3D printers are either expensive, slow, or have material limitations, but the potential is mind-blowing, as this video of a 3D printed wrench with movable parts shows. As prices start dropping, materials start getting better, and the technology becomes more widespread, we will be able to see an explosion of everyday items that can be printed.

3D printed itself opens up interesting legal questions, some of which are explored in this trail-blazing paper by Simon Bradshaw published in SCRIPTed. What seems certain is that we will have to rethink some areas of law. For example, I believe that design law, the Cinderella of IP rights, is about to get a serious boost akin to that received by copyright law because of the Internet. When every person with a scanner and a printer can reproduce an item we will certainly encounter unexplored conflicts. Car parts, trainer soles, sculptures, mobile phone covers… the possibilities are intriguing.

But the 3D printed gun has opened up an entirely new type of legal questions, particularly about Internet regulation. Defense Distributed set out to build a 3D weapon because they could. The motivations of the group, and particularly of their front-man, Cody Wilson, seem to be mostly political. There is a strong libertarian seam running through many of the interviews given by Wilson, there seems to be a direct attack on the power of government to control citizens. There is also a very US-centric view of the world in the project. Guns are a right that should not be denied to people. Guns are freedom… etc. Defense Distributed’s website offers Milton’s Areopagitica as one of the foundational documents explaining the reasons why there is a need for a 3D printed gun. This is a strange document to cite, freedom of speech is one thing, freedom to own a gun is an entirely different affair.

The danger of an easily available and relatively affordable undetectable gun is clear. I wonder if the first time a plastic gun is used to hijack a plane the justifications of freedom as the highest human value will stand to scrutiny.

Governments recognise the danger, and that is why the US acted quickly to remove the plans from Defense Distributed’s website. But the damage was already done, the design is already out in the open and can be easily found in most torrent sites (I won’t provide links, but a simple search should produce hundreds of torrent files carrying the printing instructions). Cody Wilson has managed some of his intended effects, to show the difficulty of removing information from the Internet.

So the 3D printed gun lies at the heart of the debates about Internet regulation from the last few years. Here is a technology that could be tremendously dangerous, but it is nigh impossible to stop. In the end, the benefits of 3D printing are to great to ban the entire technology. It may be possible to enact laws that ban the production of 3D printed weapons, but these will likely be as easily circumvented as file-sharing practices.

I have to admit that I have no answers to the conundrum presented by 3D printed guns. I am against this use of the technology. Thankfully, initial reports indicate that the Liberator gun is too dangerous and unreliable, but at some point someone will make a much better one. I do not think that a world where everyone is armed is a more free world. But there is no easy way to stop this technology from spreading throughout the internet, unless government make more restrictions to online environments.

In the end, a gun designed to make people more free, may bring about more stringent Internet regulation, an ironic turn of events that does not benefit anyone.

Has the UK abolished copyright law with the passing of orphan works legislation? I’ll answer quickly with Betteridge’s Law of Headlines: NO.

However, if you listen to some copyright maximalist outlets, and particularly to the photograph lobby, you would believe that all copyright has been abolished [...]]]>

Please, sir, I want some more copyright protection

Has the UK abolished copyright law with the passing of orphan works legislation? I’ll answer quickly with Betteridge’s Law of Headlines: NO.

However, if you listen to some copyright maximalist outlets, and particularly to the photograph lobby, you would believe that all copyright has been abolished as of now. Just look at some of the headlines:

• UK.Gov passes Instagram Act: All your pics belong to everyone now (wtih the even more delightful subtitle: “Everyone = Silicon Valley ad platforms tech companies”, subtlety was never one of Orlowski’s strengths).
• UK copyright owners no longer control the right to copy their work (the URL for this reads Cretins 1, Creators 0).
• Did the UK just abolish copyright? (a bit more measured)

Although all of the above coverage is a distorted exaggeration of the actual law, one has to give some credit to Andrew Orlowski for beating everyone to the news and setting the tone of the debate by warning that Google owns everyone’s pictures now, and by coining a media-friendly term Instagram Act. Well played, sir, well played.

So, I will first explain what are orphan works, why do they matter, and what is actually in the law.

Orphan works

The term orphan work is widely used to define copyright works for which no author can be found after an exhaustive search. This area has been identified as of serious concern for galleries, archives, publishers, film-makers, museums, libraries, researchers, universities, and private users, as sometimes good-faith uses are not possible by the difficulty of finding the owner of a work A 2006 report by the US Register of Copyrights found that:

“Archives, libraries and museums maintain vast collections (in some cases, millions) of photographs, very few of which have any indication of who the author was. Typically these institutions acquire these works by donation, such as where individuals give personal effects to a museum upon the death of a family member, or where a scholar donates professional writings to a library upon retirement, and similar situations. While these occurrences are common, the donors rarely have information about the copyright provenance of the materials they donate. These institutions then face a dilemma in striving to meet the expectations of donors and in fulfilling their institutional purpose of preserving and making works available, while also complying with the law of copyright and minimizing their exposure to liability for infringement.”

A EU report similarly stated the problem of orphan works sating that “Comprehensive, large scale digitisation and online accessibility could be greatly hampered, if adequate solutions are not found to the problem of orphan works.” A joint report by JISC, the British Library, the BBC, and other public bodies found that the amount of orphan works held in public sectors institutions ranged from 5-10%, with some sectors holding considerably higher percentages. In total, the report found that there were an estimated 25 million orphan works held in public collections.

Both the Gowers and Hargreaves reports on IP made very strong recommendations in favour of orphan works legislation. The Hargreaves Review specifically commented that:

“These works raise particular difficulties in the context of mass digitisation. Libraries and archives seek to digitise collections, and have the technological capacity to do so and to provide access to them for users, but they are unable to act where rights holders cannot be found for some of the works, because to digitise those works could be a copyright infringement. The issue is exacerbated in that where rights information is lacking, it is often not even clear whether works are still in copyright or not. There are two distinct situations to consider: mass licensing of collections which include some orphans, and use of individual orphan works.”

The dismissal of the orphan work issue presented by some of the articles opposing changes to the legislation is therefore laughable. This is a serious issue that affects memory institutions, but also stifles important digitisation efforts by private bodies.

Legislative solutions

There are usually three solutions offered to solve the orphan work conundrum. First is to create some form of exception or limitation to existing rights. The second is to create a form of licensing scheme in which bodies pay a price that will eventually be given to authors, if they can be found. The third is to create some form of register of orphan works. Some of the most notable concrete solutions out there are:

• The US tried to implement legislation on the subject, particularly in the Orphan Works Act of 2008 and the Shawn Bentley Orphan Works Act of 2008. After strong opposition from the commercial photographers lobby, both efforts failed.
• Canada has in place an “Unlocatable Owner Provision”, by which a person can apply for a licence to the Copyright Board if, after exercising due diligence, an author cannot be found. Needless to say, copyright seems to be doing quite well in Canada despite having this type of licensing scheme in their legislation.
• The UK’s Digital Economy Bill contained a section on orphan works, but after fierce opposition from photographers, it was removed.
• The EU has passed the Directive 2012/28/EU on certain permitted uses of orphan works. This mostly sets out a regime for the use of orphan works by libraries, educational establishments, archives, public broadcasting organisations, and museums. This provides an exception or limitation to the right of reproduction and making available to the public to the benefit of any of the listed institutions.

So, this is not really a subject that benefits great media organisations.

The UK Act

Enter the source of so much fear, uncertainty and doubt, the Enterprise and Regulatory Reform Act 2013 (ERRA). This is a broad piece of legislation that makes several changes to existing laws across the board, including finance, employment, competition law, reduction of red-tape, and copyright licensing.

The ERRA is controversial because it is a different solution to that proposed by the EU Directive, it is not limited to memory institutions such as archives, libraries and museums, but it is a broad commercial-use licensing scheme. The new section of the UK’s CDPA will read:

“116A Power to provide for licensing of orphan works
(1) The Secretary of State may by regulations provide for the grant of licences in respect of works that qualify as orphan works under the regulations.”

This says that the law is not the final word on the subject, and that we have to wait for the Secretary of State of provide more detail through forthcoming regulation, which one has to assume will be released in the near future. This serves to explain the very acrimonious language that is being used by the opponents of orphan work legislation, they are trying to force a U-Turn from the government, or at least a very watered-down licensing scheme that will be good for nothing.

The key point seems to be in this section:

“(3) The regulations must provide that, for a work to qualify as an orphan work, it is a requirement that the owner of copyright in it has not been found after a diligent search made in accordance with the regulations.”

The definition of “diligent search” will be vital. There are several indications of how this will be defined. The Canadian act is quite clear that this search has to be exhaustive. Similarly, the EU Directive defines diligent search as:

“For the purposes of establishing whether a work or phonogram is an orphan work, the organisations referred to in Article 1(1) shall ensure that a diligent search is carried out in good faith in respect of each work or other protected subject-matter, by consulting the appropriate sources for the category of works and other protected subject-matter in question. The diligent search shall be carried out prior to the use of the work or phonogram.”

It is quite clear that there will be a very high-threshold of what constitutes an orphan work, a simple Google search will not suffice. Countries which have enacted similar legislation do not seem to have had problems so far, and no abuse has been found, at least none that I am aware of, and you can bet that orphan works opponents would be shouting bloody murder if there had been something already.

It is also quite clear that photographers have had fear instilled into them through a concerted campaign. The law will not be likely to affect new works, these have to be assumed to be under copyright. Similarly, metadata is still strongly protected in copyright law by Rights Management Information (see a presentation on the subject that I made for WIPO). Professional photographers should still be able to provide metadata and embed it in their pictures, and such data cannot be removed! So any professional photographer should be as protected after the publication of the ERRA as they were before. It is also highly unlikely that Google will start commercially using images right away, which is the not-very-subtle accusation by Orlowski and his ilk.

We still have to wait for the regulations to come out, but the over-the-top rhetoric and scaremongering have to stop. Orphan work legislation is a good thing, it helps digitisation efforts that will have both cultural and commercial benefits.

Do you remember the time when important events were described by journalists, re-enacted by actors, or retold by witnesses? Lucky snapshots were rare, and viral videos and citizen journalism were alien concepts. Now we are increasingly presented with pictures that give us every angle of an explosion, CCTV cameras catching a meteorite, the incredible [...]]]>

Do you remember the time when important events were described by journalists, re-enacted by actors, or retold by witnesses?  Lucky snapshots were rare, and viral videos and citizen journalism were alien concepts. Now we are increasingly presented with pictures that give us every angle of an explosion, CCTV cameras catching a meteorite, the incredible crash of a cargo plane in Afghanistan, or to expect recordings of abusive behaviour on public transport.

It has become trite to point out that technology has done away with privacy to an extent previously unknown. It is trite because it is true. Smart phones have become ultimate anti-privacy tools, cameras and GPS devices that record everything we do at all times. And yet, even when we are aware of these capabilities, we decide to carry them always. With Google Glass just over the horizon, things are about to get worse for privacy.

This future is not one only created by mindless corporations, people are more than willing to give up privacy in exchange for shiny gadgets. I have to admit that I like the idea of Google Glass, while understanding the leap that it brings. Even a casual glance at social media outlets can give an idea of just how willing people are to share (and overshare) about their personal lives, even to the point of resenting those who do not engage in the practice of sharing absolutely everything. Last week I had an interesting exchange when I posted a cryptic picture on Facebook, an online acquaintance got seemingly upset by the lack of detail, even describing the practice of posting cryptic content as “passive-aggressive”. An interesting choice of words, is not posting detail about one’s life an act of aggression towards those who contribute to the public space? But I digress…

One of my favourite science fiction books is The Quantum Thief by Haanu Rajaniemi, which describes a world in which both quantum computing and nanotechnology have managed to produce perfect surveillance where every event is recorded at the molecular level. The inhabitants of such a world have given up some of their privacy in exchange for convenience. However, the technology has created a solution for the privacy nightmare, citizens can have a nano-privacy cloud, a  sub-atomic information filter that allows them to present only what they want the rest of the world to see. There are public spaces where privacy is not possible, but most people seem to operate with a mix of settings by previously agreed privacy protocols.

So perhaps we should begin to try to build privacy filters into our technology. In Zero History, William Gibson describes a t-shirt that can be used to defy CCTV detection, that is, hardware has been coded with some visual switch that will make the wearer disappear from surveillance. Perhaps we can start building similar types of built-in filters, but for consumer devices like mobile phones and Google Glass. So, if you are in a public space, you turn on a privacy device that will let consumer devices that you do not want to be recorded.

Or you could choose to wear this on your t-shirt:

When reading [...]]]> On April 18, 2013, the US House of Representatives passed the Bill H.R. 624, also known as the Cyber Intelligence Sharing and Protection Act (CISPA). An earlier version of the bill had been passed already by the US HR, but did not pass the Senate (for earlier analysis of the Bill, see here).

When reading the new version of CISPA, it would be easy to dismiss it as mostly hot air about intelligence agencies sharing information with one another. It is true that the first half of the bill is dedicated to creating mechanisms that will coordinate between the Department of Homeland Security and other government offices with regards to cybersecurity data. The fun begins with Section 3 on Cyber threat intelligence and information sharing. Sec. 1104(1) reads:

(1) IN GENERAL- The Director of National Intelligence shall establish procedures to allow elements of the intelligence community to share cyber threat intelligence with private-sector entities and utilities and to encourage the sharing of such intelligence.

This sets the procedure for intelligence agencies to give information to the private sector in order to make them aware of some “cyber threat”. But what xactly is a cyber threat? According to the bill, it is:

“(A) IN GENERAL- The term ‘cyber threat intelligence’ means intelligence in the possession of an element of the intelligence community directly pertaining to–

‘(i) a vulnerability of a system or network of a government or private entity or utility;

‘(ii) a threat to the integrity, confidentiality, or availability of a system or network of a government or private entity or utility or any information stored on, processed on, or transiting such a system or network;

‘(iii) efforts to deny access to or degrade, disrupt, or destroy a system or network of a government or private entity or utility; or

‘(iv) efforts to gain unauthorized access to a system or network of a government or private entity or utility, including to gain such unauthorized access for the purpose of exfiltrating information stored on, processed on, or transiting a system or network of a government or private entity or utility.”

This is terribly broad, it puts in the same category a relatively harmless DDoS attack, and serious international cyber-spying by means of gaining access to a computer.

CISPA is also very broad about the types of private entities that will be subject of communication from intelligence agencies. There are three types of private enterprises covered by the Bill:

“CYBERSECURITY PROVIDER- The term ‘cybersecurity provider’ means a non-Federal entity that provides goods or services intended to be used for cybersecurity purposes.[...]

PROTECTED ENTITY- The term ‘protected entity’ means an entity, other than an individual, that contracts with a cybersecurity provider for goods or services to be used for cybersecurity purposes.[...]

SELF-PROTECTED ENTITY- The term ‘self-protected entity’ means an entity, other than an individual, that provides goods or services for cybersecurity purposes to itself.”

“Cyber-security purposes” are also broadly defined, almost in identical fashion to cyber-threat intelligence. These definitions cover pretty much any Internet intermediary service, from anti-DDoS cloud providers, to any company with a firewall and antivirus installed. It is as strike of inspired legislative drafting that manages to make such broad provisions sound so narrow.

The icing on the cake is the fact that private enterprises will have no other recourse but to comply with this intelligence collaboration, because if they do so, they are immune from prosecution. The Bill reads:

“‘(A) EXEMPTION- No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, self-protected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self-protected entity, or cybersecurity provider, acting in good faith–

‘(i) for using cybersecurity systems to identify or obtain cyber threat information or for sharing such information in accordance with this section; or

‘(ii) for decisions made for cybersecurity purposes and based on cyber threat information identified, obtained, or shared under this section.

‘(B) LACK OF GOOD FAITH- For purposes of the exemption from liability under subparagraph (A), a lack of good faith includes any act or omission taken with intent to injure, defraud, or otherwise endanger any individual, government entity, private entity, or utility.”

The above pretty much compels all intermediaries to share any sort of information they may have on their customers if it is deemed by some obscure intelligence agency that the subject might be engaged in some cyber threat, which is also broadly defined.

To translate from Legalese to Plain English, CISPA allows US intelligence agencies to contact practically any private provider of information technology services to ask them to snoop on their customers if there is suspicion that they may be engaged in an online activity that could be considered threatening, which includes anything from whistleblowing to participation in a DDoS protest. The intermediary will have to comply, as this is the only way in which they will be exempt from criminal and/or civil liability. In other words, spy for us, or else.

Why should people outside of the US care about CISPA? Because a vast majority of people in the world employ a US company one way or another. This includes:

• Hosting: 83% of the world’s content is hosted in the US.
• Cloud providers:  The top 10 cloud provider are based in the US.
• Domain name registries: The United States is the country with the most domain names registered under its jurisdiction.
• Email: Top 4 webmail providers are based in the US (Microsoft, Yahoo, Google and AOL).

This does not even consider other services, such as VPN providers, anonymisers, browsers… anything that can be considered a self-protected entity could be covered by CISPA.

So make your voice heard and try to help defeat this nefarious piece of legislation.