B2fxxx

What terrorists really want

2008-10-11T10:21:00.002+01:00

Max Abrahms, a doctoral candidate in political science at the University of California, Los Angeles, has written an excellent paper What Terrorists Really Want: Terrorist Motives and Counterterrorism Strategy

"What do terrorists want? No question is more fundamental for devising an effective counterterrorism strategy. The international community cannot expect to make terrorism unprofitable and thus scarce without knowing the incentive structure of its practitioners. The strategic model—the dominant paradigm in terrorism studies—posits that terrorists are political utility maximizers. According to this view, individuals resort to terrorism when the expected political gains minus the expected costs outweigh the net expected benefits of alternative forms of protest. The strategic model has widespread currency in the policy community; extant counterterrorism strategies seek to defeat terrorism by reducing its political utility. The most common strategies are to fight terrorism by decreasing its political benefits via a strict no concessions policy; decreasing its prospective political benefits via appeasement; or decreasing its political benefits relative to nonviolence via democracy promotion. Despite its policy relevance, the strategic model has not been tested. This is the first study to comprehensively assess its empirical validity. The actual record of terrorist behavior does not conform to the strategic model's premise that terrorists are rational actors primarily motivated to achieving political ends. The preponderance of empirical and theoretical evidence is that terrorists are rational people who use terrorism primarily to develop strong affective ties with fellow terrorists. Major revisions in both the dominant paradigm in terrorism studies and the policy community's basic approach to fighting terrorism are consequently in order...

Demand-side strategies should focus on divesting terrorism's social utility, in two ways. First, it is vital to drive a wedge between organization members. Since the advent of modern terrorism in the late 1960s, the sole counter-terrorism strategy that was a clear-cut success attacked the social bonds of the terrorist organization, not its utility as a political instrument. By commuting prison sentences in the early 1980s in exchange for actionable intelligence against their fellow Brigatisti, the Italian government infiltrated the Red Brigades, bred mistrust and resentment among the members, and quickly rolled up the organization. Similar deals should be cut with al-Qaida in cases where detainees' prior involvement in terrorism and their likelihood of rejoining the underground are minor. Greater investment in developing and seeding double agents will also go a long way toward weakening the social ties undergirding terrorist organizations and cells around the world. Second, counter-terrorism strategies must reduce the demand for at-risk populations to turn to terrorist organizations in the first place. To lessen Muslims' sense of alienation from democratic societies, these societies must improve their records of cracking down on bigotry, supporting hate-crime legislation, and most crucially, encouraging moderate places of worship—an important alternative for dislocated youth to develop strong affective ties with politically moderate peers and mentors."

Makes a lot of sense. The full paper is here. Thanks to Ian Brown and Bruce Schneier for the pointer.

Bird and Fortune on the financial markets

2008-10-10T13:08:00.003+01:00

Last year John Bird and John Fortune did one of their brilliant skits for the South Bank Show, talking about the financial markets. Spot on the money, if you'll forgive the pun, given the meltdown of recent weeks.

The liberty voice has a transcript.

TelePresence

2008-10-09T19:44:00.001+01:00

Fernando has some interesting thoughts on Cisco's Telepresence technology.

"The technology seems quite amazing and gives users the opportunity to carry out meeting that seem real while the participants are scattered around the globe... The idea is that big companies, that can afford it, will buy the whole system (hardware and software) while smaller ones will either lease it or pay per use in dedicated TelePresence centres, and here is where things get complicated...

The first and most obvious issue related to data protection, privacy and security. Will the provider of the service put in place the technological and legal safeguards to make sure that only the participants of the meeting have access to the data that the meeting generates? Will the company paying for the services have access to such a data? If that is the case and some of the participants are in England, will the company have to inform the meeting participants about such monitoring and data retention as requested by RIPA 2000? Just a general notification or one each time that a meeting starts?
It seems unlikely that companies using the service as lessee or on pay per use basis would accept the owner of the system to monitor the meeting and/or retain the data resulting from it, but it the provider of the service does not do so and the system is used for illegal purposes, would the provider be liable? While the answer seems to be no, we are facing a very strong attack against third party’s immunity, which may end in making intermediaries liable for almost anything that happens in their systems.
Other important issue relates to the differences between the need of a warrant to bug a real-life meeting and the potentially easier access that the authorities would have to tap into electronic communications (without mentioning the possibilities of hacking)..."

Piracy Statistics and the Importance of Journalistic Skepticism

2008-10-09T19:37:00.002+01:00

Timothy B. Lee has been explaining at Freedom to Tinker why journalistic skepticism is important when considering piracy statistics. It's worth reading in full:

" If you've paid attention to copyright debates in recent years, you've probably seen advocates for more restrictive copyright laws claim that "counterfeiting and piracy" cost the US economy as much as $250 billion. When pressed, those who make these kinds of claims are inevitably vague about exactly where these figures come from. For example, I contacted Thomas Sydnor, the author of the paper I linked above, and he was able to point me to a 2002 press release from the FBI, which claims that "losses to counterfeiting are estimated at $200-250 billion a year in U.S. business losses."

There are a couple of things that are notable about this. In the first place, notice that the press release says counterfeiting, which is an entirely different issue from copyright infringement. Passing stronger copyright legislation in order to stop counterfeiting is a non-sequitur.

But the more serious issue is that the FBI can't actually explain how it arrived at these figures. And indeed, it appears that nobody knows who came up with these figures and how they were computed. Julian Sanchez has done some sleuthing and found that these figures have literally been floating around inside the beltway for decades. Julian contacted the FBI, which wasn't able to point to any specific source. Further investigation led him to a 1993 Forbes article:

Ars eagerly hunted down that issue and found a short article on counterfeiting, in which the reader is informed that "counterfeit merchandise" is "a $200 billion enterprise worldwide and growing faster than many of the industries it's preying on." No further source is given.

Quite possibly, the authors of the article called up an industry group like the IACC and got a ballpark guess. At any rate, there is nothing to indicate that Forbes itself had produced the estimate, Mr. Conyers' assertion notwithstanding. What is very clear, however, is that even assuming the figure is accurate, it is not an estimate of the cost to the U.S. economy of IP piracy. It's an estimate of the size of the entire global market in counterfeit goods. Despite the efforts of several witnesses to equate them, it is plainly not on par with the earlier calculation by the ITC that many had also cited.

It's not surprising that no one is able to cite a credible source because the figure is plainly absurd. For example, the Institute for Policy Innovation, a group that pushes for more restrictive copyright law, has claimed that copyright infringement costs the economy $58.0 billion. As I've written before, these estimates vastly overstate losses because IPI used a dubious methodology that double- and triple-counts each lost sale. The actual figure—even accepting some of the dubious assumptions in the IPI estimate, is almost certainly less than $20 billion. But whether it's $10, $20, or $58 billion, it's certainly not $250 billion.

There are a couple of important lessons here. One concerns the importance of careful scholarship. Before citing any statistic, you should have a clear understanding of what that figure is measuring, who calculated it, and how. The fact that this figure has gotten repeated so many times inside the beltway suggests that the people using the figure have not been doing their homework. It's not surprising that lobbyists cite the largest figures they can find, but public servants have a duty to be more skeptical.

The more important lesson is for the journalistic profession. Far too many reporters at reputable media outlets credulously repeat these figures in news stories without paying enough attention to where they come from. If a statistic is provided by a party with a vested interest in the subject of a story—if, say, a content industry group provides a statistic on the costs of piracy—reporters should double-check that figure against more reputable sources. And, sadly, a government agency isn't always a reliable source. Agencies like the BLS and BEA who are in the business of collecting official statistics are generally reliable. But it's not safe to assume that other agencies have done their homework. The FBI, for example, has made little effort to correct the record on the $250 billion figure, despite the fact that it is regularly cited as the source of the figure and despite the fact that it has admitted that it can't explain where the figure comes from.

Julian gives all the gory details on the origins of the $250 billion figure. He also digs into the oft-repeated claim that piracy costs 750,000 jobs, which dates back even further (to 1986) and is no more credible. And he offers some interesting theoretical reasons to think that the costs of copyright infringement are much, much less than $250 billion."

Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Assessment

2008-10-09T11:46:00.004+01:00

The National Research Council in the US has just published an important report,
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Assessment They conclude:

Thanks to Caspar Bowden for the pointer and sorry about the formatting. Here's the NYT's take on it.

EU reject three strikes approach with amendments to Telecoms package

2008-10-09T11:29:00.002+01:00

From the excellent EDRI newsletter:

"The European Parliament voted the Telecoms Package

8 October, 2008

EU Policy | Privacy | Intellectual Property Enforcement

The Package of rules governing the Internet and telecoms sectors proposed by the European Commission in view of supporting competition and providing clearer information and a wider range of services to consumers was approved by the European Parliament on 24 September 2008, in the first reading. The measures that would have allowed a control on Internet users were rejected.

The package including four legislative proposals was proposed on 13 November 2007 and had in view the establishment of a new EU telecoms authority, the introduction of functional separation in order to boost competition, a review of radio-spectrum management and a range of consumer protection measures.

Following a strong pressure from the consumers, privacy groups and telecoms industry, the MEPs rejected the idea that ISPs should filter all downloads and punish the infringers of anti-piracy rules, being thus transformed into a sort of online police.

The key amendments in this respect were Amendment 166 to the Harbour report and Amendment 138 to the Trautmann report, both adopted by the EP. "They state that users' access may not be restricted in any way that infringes their fundamental rights, and (166) that any sanctions should be proportionate and (138) require a court order. They both reinforce the principle established on April 9th in the Bono report, that the Parliament is against cutting off people's Internet access as a sanction for copyright infringement. Cutting off Internet access was not explicitly in the Telecoms Package, but it did open the door to 3-strikes. These amendments close that door." as Monica Horten correctly points out.

The EP decided that personal data processing should not require the user's prior consent. Also, there was no clear decision on the issue of whether IP addresses should be considered as personal data.

However, the EP approved the application of a prior consent clause to software such as cookies, which are installed in the users' computers and which provide information on their behaviour to the companies having created them, such as search engines. Another amendment requires the telecom companies to inform the national telecom regulators if they suffered serious data security breaches, that might affect their users' privacy.

The Parliament's vote was welcomed by most interested parties being considered as a good step in the direction of privacy, the protection of personal data, and principles of proportionality and separation of powers.

The European consumers organisation, BEUC stated: "Today MEPs voted to reinforce consumer rights and competition in telecoms markets across Europe. We hope the Council will follow the same line towards improving and facilitating consumers' daily lives. Many consumers still suffer from problems with their telecom providers: from complicated information to very long-term contracts, not to mention difficulties in switching. Concretely, thanks to today's move, consumers could benefit from more transparent information about tariffs and conditions of contracts."

La Quadrature du Net, the group of citizens acting for individual rights and freedoms and supported by French as well as international NGOs, wanted to thank "all MEPs who have worked in this direction, and all citizens who mobilized en masse to alert their delegates on these issues. We'd like to thank particularly the MEPs who have been able to reconsider their positions as they became aware of the risks to the rights and freedoms of their fellow-citizens." However, the body still warns on some issues of concern particularly that of the danger that the adopted Amendment 138 may be withdrawn. Amendment 138 states that no restriction on the rights and freedoms of end users can be taken without prior decision of the judicial authority, only in cases when public safety is concerned.

There is strong support for the adoption of the telecoms package by the end of the mandate of the present Parliament, at the middle of 2009. The next step in this issue will be the next Telecoms Council which is planned for the end of November.

Parliament backs major telecoms, Internet overhaul (25.09.2008)
http://www.euractiv.com/en/infosociety/parliament-backs-major-telecoms...

MEPs back altered telecoms reform (25.09.2008)
http://www.out-law.com/page-9456

European Parliament votes against 3-strikes (24.09.2008)
http://www.iptegrity.com/index.php?option=com_content&task=view&am...

Telecoms Package : European democracy's victory already threatened (26.09.2008)
http://www.laquadrature.net/en/telecoms-package-european-democracys-vi...

EDRIgram: The telecom package debated by the European Parliament (10.09.2008)
http://www.edri.org/edrigram/number6.17/telecom-package-debated"

And:

"Sarkozy snubbed by Barroso in the three strikes approach

8 October, 2008

Barroso, President of the European Commission has refused French President Sarkozy's request to withdraw Amendment 138 included in the Telecoms Package recently voted by the European Parliament.

Amendment 138 which basically reinstates the legal issue of the freedom to communicate of Internet users, reaffirming that only threats to public security can justify the restriction to the free circulation of information on the Internet without a court decision, was voted with a large majority by the MEPs, fact which largely displeased EU French presidency who has continuously pushed and pressed for the application of the three strike approach introduced by its "Création et Internet" draft bill.

Sarkozy sent a letter to Barroso asking for the withdrawal of the amendment which would force France to give up its draft law. If the Commission does not reject the amendment, France would be in the position to obtain the refusal of the entire Telecoms Package which would practically be impossible. Therefore, Sarkozy is trying to obtain the withdrawal of the amendment by the Council of Ministers during the meeting scheduled for 27 November, before the second reading of the European Parliament that will take place during the first term of 2009. "Sarkozy tries to force his way through in Council, and his close staff does not hide that they want to subsequently outstrip the European Parliament by having the French bill adopted in emergency procedure before the second reading on the Telecoms Package" says La Quadrature du Net.

But Mr. Barroso, president of the EC sent a non-receipt denial by reminding the French President that the amendment was voted with 573 pro votes against 74 and stating that the EC will "respect this democratic decision of the European Parliament" adding that the "amendment is a significant reminder of the legal principles that are inherent keys to the legal order of the European Union, especially as regards the citizens' fundamental rights".

The position was stranghtned by the European Commission spokesman for information society issues, Martin Selmayr that said: "The European Commission respects this democratic decision of the European Parliament. In our opinion this amendment is an important re-affirmation of the basic principles of the rule of law in the EU, in particular the fundamental rights of its citizens."

The European Commission has therefore accepted the amendment thus forcing France to accept the report. The Commission has invited France to discuss the issue at the Council of Ministers meeting where an agreement has to be reached between the Council and the EP in order to pass the Telecoms Package. As the Commission has no legislative power it can only act as negotiator between the two bodies. If France goes on with its plans to present its Creation et Internet draft law on 18 November, it might be under violation of a European provision in progress of being adopted.

"The French President seems to have too soon forgotten how the European Union institutions work by pretending to ignore the co-decision principle" stated MEP Guy Bono, co-author of the amendment.

On the other hand, the British Government which in July seemed ready to pursue a gradual response approach for p2p users now denies any such attempt. The British Prime Minister stated in a response to a petition asking him not to force ISPs to spy on their users for the purpose of monitoring copyrighted content. "Unfortunately, much of the media reports around this issue have been incorrect. There are no proposals to make ISPs liable for the content that travels across their networks. Nor are there proposals for ISPs to monitor customer activity for illegal downloading, or to enforce a '3 strikes' policy."

Letter from Sarkozy to Barrosso (only in French)
http://www.ecrans.fr/IMG/pdf/Lettre_Barroso.pdf

President Sarkozy requires the withdrawal of Amendment 138 (only in French, 4.10.2008)
http://www.numerama.com/magazine/10783-President-de-l-UE-Sarkozy-exige...

Gradual response: Barroso said no to Nicolas Sarkozy (only in French, 6.10.2008) http://www.numerama.com/magazine/10791-URGENT-Riposte-Graduee-Barroso-...

UK Prime Minister Denies Three Strikes Proposal... After Europe Tossed It (5.10.2008)
http://www.zeropaid.com/news/9791/UK+Prime+Minister+Denies+Three+Strik...

Graduated response: Europe must resist Sarkozy's authoritarianism (6.10.2008)
http://www.laquadrature.net/en/graduated-reponse-europe-must-resist-sa...

Graduated Response : The Lesson (7.10.2008)
http://www.laquadrature.net/en/graduated-response-lesson

EDRIgram: French law on 'graduate response' opposed by ISOC Europe (10.09.2008)
http://www.edri.org/edrigram/number6.17/3strikes-opposed-isoc-europe"

Lebanese group to sue Israel copyright infringement of food

2008-10-09T11:24:00.004+01:00

The latest in the long line of strange but true IP stories is that a Lebanese group is reportedly going to sue Israel for violating their "food copyright"

"Along the same lines as various regions in France declaring that only they can sell "Champagne" or Greece being the only one allowed to offer "feta," a group in Lebanon is claiming that various popular middle eastern foods such as hummus, falafel, tabouleh and baba gannouj are property of Lebanon and Lebanon alone. In fact, the group is planning to sue Israel for "stealing" its food. They're actually claiming that this could be a violation of a "food copyright" (something that doesn't actually exist)."

Cory to leave database nation UK

2008-10-09T11:04:00.003+01:00

Cory Doctorow is considering leaving the UK because of governmental obsession with building a techno-panopticon society. He says:

"My grandparents escaped the Soviet Union to get away from state prying. Now it looks like I'll be leaving the UK for the same reason

When I moved from my native Canada to the UK in 2003, I thought it was ironic that the Doctorows had returned to Europe. My father was born to Polish-Russian parents in a refugee camp in Azerbaijan just before the second world war ended. My grandparents – deserting Red Army conscriptees – destroyed their documents and became, in the parlance of the day, Displaced People.

When the war ended, they went west again, but when they reached Russia, they kept going. When they reached Poland, they kept going. They moved with the great refugee herd into Germany, to a camp near Hamburg (where my aunt was born), before boarding a refugee boat and sailing to the port of Halifax, where an immigration official truncated their names – Doctorowicz became Doctorow – and gave them a train ticket to Toronto, where my great-uncle Max and his family lived.

My grandmother is still alive, and sharp as a tack. I asked her recently why they didn't stay in the Soviet Union. Despite her aversion to military service, she was a war hero. She had gone through her adolescence as a civil defence worker during the hard years of the Siege of Leningrad, digging trenches and hauling bodies as a girl of 12, until she was evacuated to Siberia at the age of 15. Her family still lived in Leningrad – mother, father, baby brother. Leningrad is a majestic city, cosmopolitan and vibrant, even with the war scars on its face. In Toronto she knew no one, didn't speak the language. Her years as a refugee would stretch out for decades until she could truly consider herself a Canadian.

I asked her why she didn't stay, and she shook her head like I'd asked the stupidest possible question. "It was the Soviet Union", she said. She waved her hand, groped for the answer. "Papers," she said, finally. "We had to carry papers. The police could stop you at any time and make you turn over your papers." The floodgates opened. They spied on you. They made you spy on each other. Your grandfather wouldn't have been allowed to stay – he was Polish, they wouldn't let him stay with the family in Russia, he'd have to go back to Poland...

A few years later, I was living with my partner, and had fathered a British daughter (when I mentioned this to a UK immigration official at Heathrow, he sneeringly called her "half a British citizen"). We were planning a giant family wedding in Toronto when the news came down: the Home Secretary had unilaterally, on 24 hours' notice, changed the rules for highly skilled migrants to require a university degree...

My partner and I scrambled. We got married. We applied for a spousal visa. A few weeks later, I presented myself in Croydon at the Home Office immigration centre to turn over my biometrics and have a visa glued into my Canadian passport. I got two years' breathing room. My family could stay in Britain.

Then came last week's announcement: effective immediately, spousal visa holders (and foreign students) would be issued mandatory, biometric radio-frequency ID papers that we will have to carry at all times. And I started to look over my shoulder...

Now, we immigrants are to be the beta testers for Britain's sleepwalk into the surveillance society. We will have to carry internal passports and the press will say, "If you don't like it, you don't have to live here – it's unseemly for a guest to complain about the terms of the hospitality." But this beta test is not intended to stop with immigrants. Government freely admits that immigrants are only the first stage of a universal rollout of mandatory biometric RFID identity cards. What happens to us now will happen to you, next.

Not me, though. If the government of the day when I renew my visa in 2010 requires that I carry these papers as a condition of residence, the Doctorows will again leave their country and find a freer one. My wife – born here, raised here, with family here – is with me. We won't raise our British daughter in the database nation. It's not safe."

It's a really powerful essay and should be read and inwardly digested in full

Palin email hack indictment

2008-10-09T10:17:00.003+01:00

Orin Kerr wonders if the Palin email hack indictment, against the son of a Tennessee Democratic politician, is legally flawed?

"Here's the indictment. And here's the potential problem with the indictment. In order to charge the case as a felony rather than a misdemeanor, the government needed to claim that the intrusion was committed to further criminal or tortious activity. The statute, 18 U.S.C. 1030, states that the intrusion is a felony if the intrusion "was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State."

Oddly, though, the indictment doesn't exactly state what the crime or tort is that the intrusion was designed to further. It just states that the intrusion was "in furtherance of the commission of a criminal act in violation of the laws of the United States, including 18 U.S.C. Section 2701 and 18 U.S.C. Section lO30(a)(2)" But Section 2701 and Section 1030 are the intrusion statutes themselves! It makes no sense to allow a felony enhancement for a crime committed in furtherance of the crime itself; presumably the enhancement is only for intrusions committed in furtherance of some other crime. Otherwise the felony enhancement is meaningless, as every misdemeanor becomes a felony.

I'm not sure if the indictment is facially defective based on that. It might be, because it effectively doesn't say what crime the government is charging (in that the the government must show the unauthorized access and also the crime that the access is in furtherance of -- if you're the defendant, how to you defend yourself against an unnamed crime?). But if the government is trying to make this a felony on the theory that the intrusion was designed to further the crime of the intrusion, that strikes me as an extremely weak argument."

What's the betting that if this one gets thrown out by a judge due to the paperwork stretching a point ("the defendant looked at the email in order to... er... look at the email your honour"), that the prosecutors will 'find' a criminal or tortious activity that the teenager intended when considering putting their paperwork together for a second prosecution?

ACLU safe and free

2008-10-07T17:01:00.003+01:00

I was reminded earlier today of the ACLU's safe and free surveillance campaign. Given the UK government's attraction to gauranteed-to-fail large IT projects, it's worth periodically taking the time to view the short video they produced to help with that campaign.

UK government's unlucky 13 IT projects

2008-10-07T16:47:00.003+01:00

Tony Collins at Computer Weekly has been compiling a list of UK government IT disasters. He thinks the failures are down to politics.

"In 2000 the Cabinet office published "Successful IT", a worthwhile guide to avoiding not-so-obvious traps. The Public Accounts Committee and the National Audit Office have published many reports for more than a decade on what tends to make projects successes or not.

As well as these, the Office of Government Commerce launched the "gateway review" scheme early in the new millennium which is supposed to filter out flawed projects and programmes before their defects become manifest to MPs, the media and public. Impressive government CIOs including Ian Watmore and John Suffolk have tried to pre-empt high-profile failures.

But still the high-profile calamities drown out the successes: the IT fiasco over SAT tests, delays of four years in the "Scope" system to help combat terrorism and other threats by linking intelligence services and provide interfaces with the MoD and government departments, the anger among junior doctors over the failed MTAS applications system, and some local implementations under the NHS's £12.7bn National Programme for IT which have seriously disrupted patient care and operations and appointments. These are only a few of New Labour's IT embarrassments.

Why is its record on large projects so bad? The failures, we believe, have more to do with politics and culture than technical architectures and project management methodologies.

Building a bridge from the US to England may seem a good idea in theory but it is not practical. Yet ministers embarked on the technological equivalent with the NHS's £12.7bn National Programme for IT because nobody they would want to listen to told them it was fanciful.

One reason so many large public sector projects fail is that executives from some IT suppliers regularly propose to government unrealistic but ostensibly credible and beneficial solutions to problems civil servants did not know existed until suppliers explained what could be achieved with new technology."

Home Office extend deadline for ORG FOI request on Intercept Modernisation

2008-10-07T16:30:00.002+01:00

ORG have had a response to their FOI request on the UK government's interception modernisation programme (IMP), the objective of which, according to a Home Office minister, "to maintain the UK's lawful intercept and communications data capabilities in the changing communications environment." What exactly that means is another question. In keeping with government through obscurity the response to ORG basically says 'we're thinking about getting back to you but we're not sure we should; and just because we're thinking about getting back to you doesn't mean that we're admitting to having the information you're fishing for'

" Back in August, we submitted a Freedom of Information request to the Home Office, asking them to shed light on the Intercept Modernisation Programme (IMP). Over the Summer, a number of news reports had claimed that as part of this programme a new national database would be created containing the electronic communications data of the entire population. You can read more about the IMP here.

The Home Office have now got in touch to say they are extending the 20 working day response period (which ended today) in order to consider whether our request meets the public interest test. They write:

We are considering your information request. Although the Freedom of Information Act carries a presumption in favour of disclosure, it provides exemptions which may be used to refuse to confirm whether or not we hold information, or where we do, to withhold that information in specified circumstances. Some of these exemptions are subject to a public interest test. These exemptions are known as qualified exemptions. The public interest test is used to balance the public interest in openness against the public interest in favour of applying exemptions. Section 10(3) of the Act allows us to exceed the 20 working day response target where reasonably necessary to consider the public interest test fully. This is subject to us telling applicants when we expect to conclude our deliberations and provide a full response.

We are currently assessing the public interest in saying whether or not we hold the information you have requested, and should we do so, in providing the information you have requested. We are doing so under the exemptions contained in Sections 23(5) and 24(2) (national security), 35(3) (formulation of government policy, 31(3) (prevention and detection of crime) and 43(3) (prejudice to commercial interests) of the Freedom of Information Act.

This letter should not be taken as conclusive evidence that the information you have requested exists or does not exist."

The Trouble with Data

2008-10-07T14:28:00.003+01:00

William Heath alerts us to a 'terrific article by SA Mathieson in Government Computing in response to the earlier piece by Matthew Taylor about government use of data.'

"He points to limitations and unexpected side-effects of government driven by data. He argues that it ignores the human costs in something like abolishing the common travel area with Ireland, or of endemic workplace surveillance, and adds the dangers of new forms of discrimination eg against those unable to provide biometrics, or whose data is inaccurate...

The trouble with data by SA Mathieson

On a comparison of timetables, many of Britain’s train services are slower now than two decades ago. Part of the reason is that train companies are judged on punctuality, with fines if they miss targets, so they pad the timetables.

In September’s GC, Matthew Taylor, chief executive of the RSA, cogently made the case for increased government use of data. He sees it as a way for the government to govern more intelligently and to help those disadvantaged in society, such as in choice of school.

Gathering and analysing data is the dominant management technique of the age, standard practice for the management consultancies that have influenced and got much business, out of this government. Yet even in the private sector, managing by data has its drawbacks. In the public sector, these problems are significantly magnified.

The first, as with train companies, is that when data is used as the yardstick, those being judged start ‘teaching to the test’. Sats tests, taken at 11 and 14 mainly to gather data on the performance of schools, have a financial and administrative cost. But the opportunity cost, of training and examining all children for tests with little point to them when they could have been learning, is surely greater.

This is the main problem with managing government by data: you have to gather a lot of data on the governed.

The human costs of this are often ignored by government...

...data discrimination can hit two groups. There are those who do something wrong then suffer disproportionately. With the greatly increased use of criminal record checks in employment, a trivial offence long ago can narrow someone’s chances in life years after they have supposedly paid their debt to society.

Then there are those who suffer because their data is wrong, whether through error or fraud, and a greater reliance on data makes its fraudulent use much more attractive. The time taken sorting out the mess tends to be spent by the innocent data subject, not the organisation which fails to keep records properly.

It would be daft to say that government should stop using data. But the current government has tended to treat its gathering and analysis as a panacea. It is not."

There was another post at IdealGovernment that really tickled me recently and I never got round to blogging about it: the reverse Turing test.

"Dealing with the daily IdealGov spam dose it occurs to me we should have a reverse Turing test. If the original test is

a human judge engages in a natural language conversation with one human and one machine, each of which try to appear human; if the judge cannot reliably tell which is which, then the machine is said to pass the test

then our reverse Turing test is

a citizen or customer engages in a natural language conversation with one public servant and one machine, each of which adheres to prevailing policies and targets. If the citizen cannot reliably tell which is which, then the public servant is said to fail the test

We could include that in Sam’s UK Feedback/Bureaucracy Bingo service.

Wibbi public servants took pride and were rewarded for their humanity and not for their conformance to rules and targets? Wibbi we dropped the idea that personal service is something we can mechanise? "

Absolutely spot on!

Hollywood swoops on playschools

2008-10-06T15:43:00.001+01:00

From the Sunday Times:

"PLAYSCHOOLS have been given an unexpected lesson on copyright law after a company representing Hollywood studios demanded that each child pay a fee of €3 plus 17.5% Vat per year to watch DVDs in their playgroup.

The Motion Picture Licensing Company (MPLC), which collects royalties on behalf of companies such as Walt Disney, Universal and 20th Century Fox, wrote to 2,500 playschools last month warning that it is illegal to show copyrighted DVDs in public without the correct license.

The letter was sent with the approval of the Irish Preschool Play Association (IPPA), which represents the schools and their 50,000 children...

...the MPLC had failed to register with the Irish Patent Office as a copyright licensing body. Under the 2000 Copyright Act, royalty collectors such as the Irish Music Rights Organisation (IMRO) and Phonographic Performance Ireland (PPI) are required to register before they can collect fees.

A spokesman for the Patent Office said that if an organisation collects money but hasn’t registered it may be fined or staff may be jailed if a complaint is made and it is found guilty."

FOIANet

2008-10-06T15:36:00.001+01:00

The excellent InSITE Service of the Cornell Law Library has pointed me at

"FOIAnet: Freedom of Information Advocates Network http://www.foiadvocates.net/

FOIAnet--the Freedom of Information Advocates
Network--is an international organization
dedicated to the principle that the "right of
access to information is an important human
right, necessary for the enjoyment of other human
rights," and that the "right to information is
essential for transparent and accountable
government." For U.S. researchers, FOIAnet
provides an international perspective on a right
in most cases taken for granted in the United
States. The site is clearly intended for
activists (i.e., an "Experts" tab exists solely
to invite submissions of new information on how
to acquire government-held information in
different countries) and its greatest potential
usefulness for researchers and citizens lies in
the "Members" tab, which lists constituent NGOs
in different countries around the world, and
under "Resources" where are listed procedural
guides to laws in various countries regarding
citizens' right to obtain government information.
Regrettably, the "News" tab does not seem to
function and the "Projects" page only lists
activities for the annual Right to Know Day, held
on September 28 each year. No search engine is
available but the site is, at present, quite limited in scope. [JPC]"

Judge Suppresses Report on Voting Machine Security

2008-10-06T13:47:00.002+01:00

Having recently been drafting a case study on electronic voting for a forthcoming Open University course I was interested to hear via Andrew Appel at Ed Felten's now multi-authored Freedom to Tinker blog that:

"

A judge of the New Jersey Superior Court has prohibited the scheduled release of a report on the security and accuracy of the Sequoia AVC Advantage voting machine. Last June, Judge Linda Feinberg ordered Sequoia Voting Systems to turn over its source code to me (serving as an expert witness, assisted by a team of computer scientists) for a thorough examination. At that time she also ordered that we could publish our report 30 days after delivering it to the Court--which should have been today.

Three weeks after we delivered the report, on September 24th Judge Feinberg ordered us not to release it. This is part of a lawsuit filed by the Rutgers Constitutional Litigation Clinic, seeking to decommission of all of New Jersey's voting computers. New Jersey mostly uses Sequoia AVC Advantage direct-recording electronic (DRE) models. None of those DREs can be audited: they do not produce a voter verified paper ballot that permit each voter to create a durable paper record of her electoral choices before casting her ballot electronically on a DRE. The legal basis for the lawsuit is quite simple: because there is no way to know whether the DRE voting computer is actually counting votes as cast, there is no proof that the voting computers comply with the constitution or with statutory law that require that all votes be counted as cast.

The question of whether this report can legally be suppressed was already argued once in this Court, in June 2008, and the Court concluded then that it should be released; I will discuss this below. But as a matter of basic policy--of running a democracy--the public and legislators who want to know the basic facts about the reliability of their elections need to be able to read reports such as this one...

On September 2nd we provided to the Court (and to the defendants and to Sequoia) a lengthy report concerning the accuracy and security of the Sequioa AVC Advantage. The terms of the Court's Protective Order of June 20 permit us to release the report today, October 2nd.

However, on September 24 Judge Feinberg, "with great reluctance," orally ordered the plaintiffs not to release the report on October 2nd, and not to publicly discuss their conclusions from the study. She did so after the attorney for Sequoia grossly mischaracterized our report. In order to respect the Judge's temporary stay, I cannot now comment further on what the report does contain.

The plaintiffs are deeply troubled by the Court's issuance of what is essentially a temporary restraining order restricting speech, without any motion or briefing whatsoever. Issuing such an order is an extreme measure, which should be done only in rare circumstances, and only if the moving party has satisfied its high burden of showing both imminent harm and likelihood of success on the merits. Those two requirements have not been satisfied, nor can they be. The plaintiffs have asked the Court to reconsider her decision to suppress our report. The Court will likely hear arguments on this issue sometime in October. We hope and expect that the Court will soon permit publication of our report."

That a month before a US presidential election a judge should feel obliged to veto a report on specific machines that count votes is yet another an indicator of serious fault lines in the US electoral process. If you'd like a dramatic take on how bad it gets then HBO's excellent Emmy award winning movie, Recount, which had its UK premiere on More4 over the weekend, details the shenanigans in the Florida vote count debacle in the 2000 presidential election. The depths that both the main parties will sink to in order to win the election should be prominent in voters minds when they go to the polls in November and reports on the security of the voting machines should certainly not be suppressed. Whatever the vendor might claim about trade secrets it should not be allowed to interfere with the transparency of the electoral process.

Senators Warn Bush Administration On ACTA

2008-10-06T13:34:00.002+01:00

In what might be wrongly interpreted as a break from their usual support for expansion of intellectual property laws, Intellectual Property Watch reports two US Senators' concerns about ACTA, the proposed Anti-Counterfeiting Trade Alliance.

"The leaders of the powerful United States Senate Judiciary Committee on Thursday warned US trade negotiators to rein in the scope of negotiations on an international treaty against counterfeiting, and to make the process more transparent...

At issue is the Anti-Counterfeiting Trade Agreement (ACTA), which the United States has been trying to push through by year’s end.

“We are concerned … that the ACTA under consideration will prescribe rules for protection so specifically that it could impede Congress’s ability to make constructive policy changes in the future,” Senators Patrick Leahy (Democrat, Vermont) and Arlen Specter (Republican, Pennsylvania) said in a 2 October letter to US Trade Representative Susan Schwab."

The letter is available online.

Interestingly the senators are not concerned that ACTA will expand the reach of IP law too much. Rather they worry that the trade agreement might limit the ability of the US to expand IP law. That's a novel interpretation of what we know about ACTA but fits with generic concerns in the US Senate whenever the US negotiates international treaties and trade agreements. On an international economic scale it is not a bad model to assume that the US will act like an island with a protectionist agenda.

NHS Connecting for Health (CFH) public consultation

2008-10-03T10:22:00.002+01:00

NHS Connecting for Health (CFH) are conducting a public consultation about sharing medical data for research and other purposes. I've filled it in in a bit of a hurry since I'm buried in various things again but I'm hoping the consultation gets a large and informed response.

At several points the survey claims that patients have no legal right to control information they have given the NHS about themselves once it has been anonymised. Thanks to Nicholas Bohm via the ORG list for pointing out that as a matter of law this claim is false. Information given in confidence may not be used or disclosed except for the purpose for which it was supplied unless the person supplying the information gives their consent.

The consultation also contains several underlying questionable assumptions. It talks about data being held in sealed envelopes. AFAIK these electronic sealed envelopes still don't exist and some of the proposed versions of them are not very secure. Richard Clayton and Ross Anderson at Cambridge University would be the people to check that with. The consultation also seems to seriously underestimate the real practical complexities of securing large amounts of medical data across a range of big networked databases.

They are suggesting setting up an office of an "Information Custodian" essentially to manage the sharing of medical data for a variety of purposes and "some of the tasks the Information Cusotdian might do" would be:

• manage the way patient data is anonymised
• link data from different sources using a code and then remove the identifiers
• perform data quality checks
• receive applications from researchers and others who want to use patient data and decide which ones to allow

I noted some concerns about this in my own rushed response:

"The idea of setting up such an office, the purpose of which is to be responsible for making patient data available for uses other than patient care, undermines the whole basis of medical privacy and patient doctor confidentiality. The nature of bureaucracy is also such that were such an office to exist the pressures to open up access to patient data would be difficult to withstand."

Towards the end they asked for suggestions on a list of organisations they should consult about the data sharing plan. I suggested about 25 including FIPR, ORG, Privacy International, the BMA, the Royal College of Nursing, the BCS, the Association of Medical Research Charities.

Universal v RealNetworks

2008-10-02T11:53:00.000+01:00

Fred von Lohmann has temporarily posted the complaints and the TRO briefing in Universal v.
RealNetworks on his personal page:

http://homepage.mac.com/fvl

Apple threaten to shut iTunes due to royalty rate increase

2008-10-02T11:39:00.002+01:00

From the BBC:

"A veiled threat by Apple to close its iTunes store has emerged 18 months after it was issued and just a day before royalty rates are to be set.

The Copyright Royalty Board meets on Thursday to rule on a requested 66% increase for sales of digital music from 9 cents to 15 cents a track.

A rise would have to be paid by either Apple, the record company or consumer.

Apple opposed the rate hike and has said it is unwilling to raise its 99 cents a song price or absorb a rise."

Update: There's an error in the story (thanks to Paul Saunders via the ORG list for pointing it out). It is not the percentage royalty paid to artists which will change but the percentage paid to composers and songwriters.

Home Office Launch New e-crime unit

2008-10-01T12:03:00.002+01:00

It seems that the Home Office has recognised that shutting down the high tech crime unit a couple of years ago was a mistake and they are now launching a new e-crime unit.

"

New £7m specialist e-crime unit launches

30 September 2008

A new £7M police unit dedicated to tackling electronic crime and internet fraud was announced today.

The new Police Central e-crime Unit (PCeU) will provide specialist officer training and coordinate cross-force initiatives to crack down on on-line offences.

E-crime is a global menace. An estimated 80%-90% of crime on the internet (excluding crime relating to children or images of child sexual abuse) is believed to be fraud-related.

The new unit will focus on supporting the new National Fraud Reporting Centre (NFRC) when it comes into operation in 2009. It will also work closely with other crime-fighting agencies to tackle international and serious organised crime groups operating on the internet.

Based in the Metropolitan Police Service, the PCeU will work with the NFRC and support the development of the police response to e-crime across the country.

Home Office minister's statement

E-crime Minister Vernon Coaker said, 'It is important that we stay one step ahead of criminals who increasingly use sophisticated computer networks and the internet to commit and facilitate crime.

'The new Police Central e-crime Unit will work closely with the National Fraud Reporting Centre to tackle electronic crime reported to it. This will ensure that the National Fraud Reporting Centre has support in this highly specialised area.

'The Police Central e-crime Unit will also play a vital role in helping police forces across the country improve skills and techniques needed to clamp down on e-crime.'

Association of Chief Police Officers' statement

Association of Chief Police Officers (ACPO) lead for e-crime, Deputy Assistant Commissioner Janet Williams, said, 'I am delighted that the Home Office has confirmed funding for this new unit that ACPO and law enforcement agencies have been developing. We can now work towards creating a national coordination centre to combat e-crime in England, Wales and Northern Ireland.

'It is our aim to improve the police response to victims of e-crime by developing the capability of the Police Service. We will be coordinating the law enforcement approach to all types of e-crime, and providing a national investigative capability for the most serious e-crime incidents.'

Attorney General's statement

Attorney General Baroness Scotland said, 'It is widely recognised that e-crime is the most rapidly expanding form of criminality and knows no borders. The network is a good example of the UK leading on an international initiative which improves our capability to prosecute e-crime.

'The new e-crime unit will work closely with the National Fraud Reporting Centre and National Fraud Intelligence Bureau, both currently in development, recognising the fact the majority of e-crime is fraud-related. I believe this relationship will deliver a strong and emphatic response to fraudsters and help encourage public confidence in electronic services and communication.'"

MPAA to sue RealNetworks over DVD copying software

2008-10-01T10:59:00.002+01:00

Via Findlaw: Hollywood aims to block RealNetworks' DVD software

"Hollywood's six major movie studios plan to sue RealNetworks Inc. to prevent it from distributing DVD copying software, The Associated Press has learned.

A person close to the matter, who requested anonymity because the suit had not yet been filed, says the studios will ask for a temporary restraining order in federal court."

From Hollywood Reporter:

"The digital entertainment service was sued Tuesday by the MPAA in Los Angeles federal court over its RealDVD software, which went on sale to the public on the same day.

The studios, including Fox, Sony, Disney, Paramount, Warner Bros. and Universal, claim the software circumvents the copyright protections on DVDs, allowing users to make multiple copies and distribute them to others. The MPAA claims such software is a violation of the federal Digital Millennium Copyright Act and seeks a temporary restraining order to stop RealDVD from distributing the software.

Meanwhile, RealNetworks filed suit in federal court in Northern California, asking it to rule that Real is in full compliance with the DVD Copy Control Assn.'s license agreement.

When RealDVD was announced in early September, the studios appeared receptive to the idea, largely because of RealNetworks' claim that the software would leave Content Scramble System encryption intact and that it was targeting consumers with large DVD collections who were looking for a way to store and access purchased content without the hassle of "constantly removing and inserting new discs," the company said.

Three high-ranking home entertainment executives from the studios expressed interest, with one saying he "might consider" a licensing deal should the copy-protection turn out to be rock solid."

Conservatives promise to scrap ContactPoint

2008-09-30T19:20:00.002+01:00

The Conservative Party has promised to scrap the big ContactPoint children's database if they get elected. Terri Dowty is pleased.

"

Here’s a headline that makes our last 5 years of hard slog feel more than worthwhile:

Conservatives would scrap controversial ContactPoint child database

A flagship database of every child living in England, which is due to be launched by the government next year, will be shutdown by a Conservative government.

I’ve just unearthed a briefing I wrote as a policy adviser to CRAE in 2003, when the plans for a giant database were first announced. It’s only available in archives now. The only response I received was a request from one of CRAE’s member orgs that a disclaimer was added to make it clear that the concerns it raised were not shared by all of the membership. The Guardian asked for an op-ed piece but I was forbidden to submit it. So I jumped ship and picked up the baton within ARCH.

Fortunately, I met the excellent Eileen Munro and we put on our first conference at LSE in April 2004: ‘Tracking Children’. A lot of people thought we were crazy and it was hard to get the media to take the problem seriously. We ploughed on.

Can you understand why I jumped up and down yelling like an idiot when I read that headline?"

Government sets up online child safety watchdog

2008-09-30T11:28:00.002+01:00

The Government's new online child safety watchdog was all over the news yesterday.

"The Government has established a body to advise it on how it can increase the protection from dangers posed by the internet.

The UK Council for Child Internet Safety (UKCCIS) will police websites containing inappropriate content, write industry codes of practice for publishers and advertise to children about how to stay safe online.

UKCCIS said that it would tell the publishers of sites which accept material from the public for publication how quickly they must take down content once they have been told that it is inappropriate."

Norwegian test case to open iTunes drm

2008-09-30T10:38:00.002+01:00

Via Findlaw: Apple faces iTunes test case in Norway

"Norway's top consumer advocate said Monday he is taking Apple Inc. to the government's Market Council in a test case seeking to force the American company to open its iTunes music store to digital players other than its own iPod.

Norway is leading a European campaign that began two years ago to get Apple to make its iTunes online store compatible with rivals' digital music players."