Glyn Moody’s Techdirt Profile

glynmoody

About Glyn MoodyTechdirt Insider




Posted on Net Neutrality Special Edition - 3 March 2015 @ 6:10am

Nokia CEO: We Have To Get Rid Of Net Neutrality, Otherwise Self-Driving Cars Will Keep On Crashing Into Each Other

from the not-just-packet-collisions dept

It would be an understatement to say that net neutrality has been in the news quite a lot recently. One of the supposed arguments against it is that requiring all data packets to be treated equally within a connection will prevent companies from offering us a cornucopia of "specialized services." The main example cited is for medical applications -- the implication being that if net neutrality is required, people are going to die. Speaking at the Mobile World Congress that is currently underway, Nokia's CEO Rajeev Suri has come up with a novel variation on that theme, as reported by CNET (via @AdV007):

Suri emphasises that self-driving cars need to talk over wireless networks fast enough to make decisions with the split-second timing required on the roads. "You cannot prevent collisions if the data that can prevent them is still making its way through the network", said Suri, discussing Nokia's drive toward instantaneous low-latency communication across the network.
Yes, according to Suri, there are going to be terrible pile-ups on the roads unless we get rid of net neutrality. Leaving aside the fact that low-latency communications across the internet will come anyway -- if there's one thing that's certain in the world of digital technology, it's that everything gets faster and cheaper -- there's another problem with this argument.

Self-driving cars that are so reliant on such guaranteed, high-performance networks are hardly going to be very resilient in real-life situations -- and certainly not the kind of system that the public will want to entrust with the lives of themselves and their families. If self-driving cars are to be widely accepted, one of their key features must be the ability to work safely even with the flakiest of internet connections. Suri's attempt to use this emerging technology as a weapon against net neutrality instead undermines the argument for self-driving cars themselves.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

85 Comments | Leave a Comment..

Posted on Techdirt - 3 March 2015 @ 1:06am

Is America About To Experience The Billion-Dollar Pain Of Corporate Sovereignty First Hand?

from the not-your-parents'-ISDS dept

Readers of Techdirt have been hearing about corporate sovereignty -- the ability of foreign investors to sue governments directly in special courts over alleged losses, also known as Investor-State Dispute Settlement (ISDS) -- for a while now. For others who have yet to discover this particular feature of so-called trade agreements, Senator Elizabeth Warren has a good, approachable summary of the key issues in a Washington Post opinion piece. In fact, it was clearly so good that the White House Blog felt obliged to try to rebut its main arguments (there's also a great point-by-point response to that response by the Cato Institute's Simon Lester.). The White House Blogt post, written by Jeff Zients, Director of the National Economic Council, pretty much concedes that the criticisms of ISDS are valid, but would have us believe that everything has been fixed now:

ISDS has come under criticism because of some legitimate complaints about poorly written agreements. The U.S. shares some of those concerns, and agrees with the need for new, higher standards, stronger safeguards and better transparency provisions. Through TPP and other agreements, that is exactly what we are putting in place.
There are two massive problems with that assurance. First, the extreme secrecy of the TPP negotiations means that we have no idea just how strong those "safeguards" are. And secondly, in some sense it doesn't even matter: companies can use the mere threat of an ISDS action to cast a chill over future regulatory action. That's why the following comment is true but misses the point:
The reality is that ISDS does not and cannot require countries to change any law or regulation.
The ability to use ISDS to discourage governments from introducing inconvenient laws or regulations is no mere theoretical fear. As this important 2001 article in The Nation explains:
Carla Hills, the US Trade Representative who oversaw the NAFTA negotiations for Bush I and now heads her own trade-consulting firm, was among the very first to play this game of bump-and-run intimidation. Her corporate clients include big tobacco -- R.J. Reynolds and Philip Morris. Sixteen months after leaving office, Hills dispatched Julius Katz, her former chief deputy at USTR, to warn Ottawa to back off its proposed law to require plain packaging for cigarettes. If it didn't, Katz said, Canada would have to compensate his clients under NAFTA and the new legal doctrine he and Hills had helped create [ISDS]. "No US multinational tobacco manufacturer or its lobbyists are going to dictate health policy in this country," the Canadian health minister vowed. Canada backed off, nevertheless.
Nor was that an isolated incident:
A former government official in Ottawa told me: "I've seen the letters from the New York and DC law firms coming up to the Canadian government on virtually every new environmental regulation and proposition in the last five years. They involved dry-cleaning chemicals, pharmaceuticals, pesticides, patent law.Virtually all of the new initiatives were targeted and most of them never saw the light of day."
Zients goes on to say that corporate sovereignty chapters are needed because foreign courts can't be trusted to provide justice:
U.S. investors often face a heightened risk of bias or discrimination when abroad.
But Warren already answered that with several extremely powerful points:
Countries in the TPP are hardly emerging economies with weak legal systems. Australia and Japan have well-developed, well-respected legal systems, and multinational corporations navigate those systems every day, but ISDS would preempt their courts too. And to the extent there are countries that are riskier politically, market competition can solve the problem. Countries that respect property rights and the rule of law — such as the United States — should be more competitive, and if a company wants to invest in a country with a weak legal system, then it should buy political-risk insurance.
Zients also tries to argue that since the US hasn't suffered as a result of ISDS cases in the past, it'll be fine in the future:
There have only been 13 cases brought to judgment against the United States in the three decades since we’ve been party to these agreements. By contrast, during the same period of time in our domestic system, individual and companies have brought hundreds of thousands of challenges against Federal, state, and local governments in U.S. courts under U.S. law.

We have never lost an ISDS case because of the strong safeguards in the U.S. approach. And because we have continued to raise standards through each agreement, in recent years we have seen a drop in ISDS claims, despite increased levels of investment.
But that line of reasoning ignores why there have been so few cases in the past: because corporate sovereignty provisions were mainly included to protect US investments in developing countries with weaker legal systems. By definition, such nations are unlikely to have the resources to make many or significant investments in the US, and therefore have few opportunities to use the ISDS system. That is what will change dramatically with TAFTA/TTIP, as this analysis by Public Citizen explains:
TAFTA would vastly expand the investor-state threat, given the thousands of corporations doing business in both the United States and EU that would be newly empowered to attack public interest policies. More than 3,400 EU parent corporations own more than 24,200 subsidiaries in the United States, any one of which could provide the basis for an investor-state claim. This exposure to investor-state attacks far exceeds that associated with all other U.S. "free trade" agreement partners.
In fact, the US may be about to find out about the modern reality of billion-dollar corporate sovereignty lawsuits, thanks to the 21-year-old NAFTA agreement, and the controversial Keystone XL project, which President Obama recently vetoed. Here's Politico's explanation of how corporate sovereignty could enter the equation:
President Barack Obama may decide to kill Keystone XL for good, but that could be no easy task -- thanks in part to the North American Free Trade Agreement.

The 21-year-old free-trade pact allows foreign companies or governments to haul the U.S. in front of an international tribunal to face accusations of putting their investments at risk through regulations or other decisions. The CEO of Keystone developer TransCanada has raised the prospect as a potential last resort if Obama rejects the $8 billion project, although for now the company is focused on getting him to say yes.

Administration officials involved in reviewing the proposed Canada-to-Texas pipeline are aware of the potential for a NAFTA challenge and the importance of minimizing that risk in the event the president rejects Keystone.
So even though the President retains full powers to reject Keystone, it’s easy to see how the threat of a billion-dollar ISDS lawsuit might encourage him to approve it anyway. That would offer the perfect demonstration of how corporate sovereignty chapters can interfere with democratic decision-making -- at even the highest levels.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

34 Comments | Leave a Comment..

Posted on Techdirt - 2 March 2015 @ 3:52am

Surveillance Software Company Gamma Found To Have Violated Human Rights; Receives Unprecedented Slap On The Wrist

from the critical-decisions dept

As Techdirt has reported on the increasingly active world of commercial spyware, one name in particular has cropped up several times: Gamma, with its FinFisher suite of spyware products. In October last year, we reported that Privacy International had filed a criminal complaint against the company with the National Cyber Crime Unit of the UK's National Crime Agency. There's no update on that move, but it seems that a parallel action has had more success (pdf):

British-German surveillance company Gamma has been condemned by a human rights watchdog for its failure to adhere to human rights and due diligence standards, after a two year investigation into the company's sale of surveillance technology to Bahrain.
Here's what Privacy International says was happening in Bahrain:
The complaint alleged that Gamma sold its notorious FinFisher intrusion software product to Bahrain as early as 2009, after which time it was used by the Bahraini government to violate the human rights of three Bahraini nationals and human rights activists, Ala'a Shehabi, Husain Abdulla and Shehab Hashem.
You're probably wondering what the penalty is if you are found in breach of human rights in this way -- clearly a serious matter. Well, here it is:
The Organisation for Economic Cooperation and Development’s UK National Contact Point (“"CP") concluded today that Gamma International should make changes to its business practices in order to ensure that in the future it respects the human rights of those affected by the surveillance technologies it sells.
Yes, you are told to do better next time. However, looking at things more positively, Privacy International points out:
Today's decision is the first time that the OECD has found a companies selling surveillance technologies to be in violation of human rights guidelines, and one of the most critical decisions ever issued by the OECD. In it, the NCP sets out in strong terms that Gamma has no human rights policies and due diligence processes that would protect against the abusive use of its products.
In other words, just as with the recent court victories against the UK government over its surveillance activities, what's important here is not so much the punishment -- or lack of it -- as the fact that for the first time a company selling invasive surveillance tools was condemned in this way. At the very least, it puts such companies on notice that they are being watched and will be hauled up before these kind of bodies for public shaming. Well, it's a start.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

44 Comments | Leave a Comment..

Posted on Techdirt - 27 February 2015 @ 2:44pm

We Now Know The NSA And GCHQ Have Subverted Most (All?) Of The Digital World: So Why Can't We See Any Benefits?

from the less-is-more dept

As Mike pointed out recently, thanks to Snowden (and possibly other sources), we now know the NSA, with some help from GCHQ, has subverted just about every kind of digital electronic device where it is useful to do so -- the latest being hard drives and mobile phones. That's profoundly shocking when you consider what most non-paranoid observers thought the situation was as recently as a couple of years ago. However, given that's how things stand, there are a couple of interesting ramifications.

First, that the recent attempts by politicians to demonize strong encryption look like an attempt to cover up the fact that most digital systems are already vulnerable using one or more of the techniques that have been revealed over the last year or two. That is, the NSA and GCHQ can probably access most digital content stored or transmitted in any way -- either because the encryption itself or the end-points have been compromised. Even standalone strong encryption systems like PGP -- thought still to be immune to direct attacks -- can be circumvented by breaking into the systems on which they are used.

Perhaps the dark hints that encryption could be banned or backdoored are simply part of a cynical ploy to present such an appalling vision of what could happen, that we gladly accept anything less extreme without complaint. In fact, the authorities have no intention of attempting anything so stupid -- it would put all online business at risk -- because they don't need to: they already have methods to access everything anyway.

That being the case, there is another important question. If the NSA and other parties do have ways of turning practically every digital electronic device into a system for spying on its users, that essentially means there is no criminal organization in the world -- ranging from the so-called "terrorist" ones that are used to justify so much bad policy currently, to the "traditional" ones that represent the bulk of the real threat to society -- that is not vulnerable to being infiltrated and subverted by government agencies.

And yet we don't see this happen. Drug cartels thrive; people trafficking is surging; the smuggling of ivory and endangered animals is profitable as never before. Similarly, despite the constant and sophisticated monitoring of events across the Middle East, the rise of Islamic State evidently took the US and its allies completely by surprise. How is it that global criminality has not been brought to its knees, or that such massive geopolitical developments were not picked up well in advance -- and nipped in the bud?

One obvious explanation for this pattern is that just as the attackers of London, Boston, Paris and Copenhagen were all known to the authorities, so early tell-tale signs of the rise of Islamic State were detected, but remained drowned out by the sheer volume of similar and confounding information that was being gathered. Similarly, it is presumably easy to create huge stores of information on drug bosses or people smugglers -- but hard to find enough personnel to analyze and act on that data mountain.

Now that we have a better idea of the extraordinary reach of the global surveillance being carried out at all times, the failure of that activity to make us safer by countering criminal activity, at whatever scale, becomes all the more striking. It's time the intelligence agencies accepted that the "collect it all" approach is not just failing, but actually exactly wrong: what we need is not more surveillance, but much less of it and much better targeted.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

61 Comments | Leave a Comment..

Posted on Techdirt - 27 February 2015 @ 1:00am

After Open Source, Open Access, Open Data And The Rest, Here Comes The Open Jihad

from the massively-parallel-codevelopment dept

Even to those of us who are not experts in foreign policy, it is obvious that the security situation is deteriorating across a huge swathe of the Near East and Africa, as attacks in Afghanistan, Iraq, Syria, Yemen, Egypt, Libya, Nigeria, Cameroon and elsewhere multiply. Western analysts seem to be struggling to come up with a cogent explanation for this increasing success. That makes this short but illuminating post by John Robb particularly valuable. He describes what is happening across this vast area as the "open jihad." Here are its key characteristics:

Open jihad evolves (gets better) through massively parallel co-development. All of the groups in the open jihad, no matter how small (even down to individuals), can contribute. They do this by:

1. tinkering with tactics, strategies, and technologies that can be used to advance the open jihad.

2. testing the efficacy of these innovations by using them against the enemy. In other words, throwing them against the wall to see what sticks.

3. copying the innovations that work.
These are also some of the key features of open source -- hence the name "open jihad." Their appearance in the context of international violence is a reminder that they are not limited to the digital world, with things like open source, open access, open data and all the other "opens," but are a set of very general principles for producing extremely rapid innovation in any domain. That might provide a clue to governments struggling to deal with this growing threat to stability that they ought to try something similar, rather than resorting to traditional responses that are doomed to fail when dealing with a new kind of enemy.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

64 Comments | Leave a Comment..

Posted on Techdirt - 26 February 2015 @ 9:23am

Despite Lack Of Evidence It Will Help, Australia Still Planning To Bring In Data Retention, Still Not Clear If It Could Be Used Against Copyright Infringement

from the learning-the-hard-way dept

Last year, we noted that one danger of bringing in data retention in Australia is that stored metadata might end up being used for all kinds of purposes that have nothing to do with fighting "terrorism," its principal justification. One particular concern is that it could be used to hunt for people downloading files illegally. Several months later, the signals are still very mixed. On the one hand, we have the following, as reported by the Guardian:

Authorities are not interested in using the Abbott government's proposed data retention scheme to go after internet pirates and would be prevented from doing so by the commonwealth ombudsman, the assistant commissioner of the Australian federal police, Tim Morris, has said.

Morris also said any changes to the way metadata is collected and used would have to be approved by the ombudsman.

But that guarantee is less than watertight because of the following:
The ombudsman, Colin Neave, has told Guardian Australia his office would not play a formal oversight role in the scheme and would give advice only at the attorney general’s discretion.
The Greens senator Scott Ludlam, noted that the ombudsman's oversight provided only "weak" protection against function creep, and that the public could not therefore depend on Morris’s assurances that the scope of the scheme would not expand in the future.

Whether or not stored metadata will be used against copyright infringement may be in doubt, but it seems that the Australian government's intention to bring in data retention is not, despite the fact that when asked on multiple occasions for evidence the move was justified, it has been unable to provide any. That's not really surprising given the Danish experience that keeping this kind of data didn't help, and may actually have hindered police investigations. Sadly, it looks like Australia is determined to discover this fact the hard and expensive way.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

18 Comments | Leave a Comment..

Posted on Techdirt - 25 February 2015 @ 8:59pm

Should Open Source Intelligence Be Used For Policy Making?

from the transparent-and-verifiable dept

Last summer, we wrote about the rise of open journalism, whereby people take publicly-available information, typically on social networks, to extract important details that other, more official sources either overlook or try to hide. Since then, one of the pioneers of that approach, Eliot Higgins, has used crowdfunding to set up a site called "Bellingcat", dedicated to applying these techniques. Principal themes there include the shooting down of Malaysian Airlines Flight 17 (MH17), and the civil war in Syria.

Higgins recently published a post on the blog of the Policy Institute at King's College, London, in which he suggested that such open source intelligence (OSINT) could be used for formulating policy in situations where traditional sources of information are limited:

In recent years, content shared via social media from conflict war zones has allowed us to gain a far deeper understanding of the on-the-ground realities of specific conflicts than previously possible. This presents a real opportunity for providing robust evidence which can underpin foreign and security policymaking about emerging, or rapidly escalating, conflict zones.
He cites his own group's work on the shooting-down of the MH17 flight as an example, noting some of the advantages and challenges:
Our research on the Buk missile launcher demonstrates that not only is there a wealth of largely untapped information available online and especially on social media, but also that a relatively small team of analysts is able to derive a rich picture of a conflict zone. Clearly, research of this kind must be underpinned by an understanding of the way in which content is being produced, who is sharing it, and, crucially, how to verify it -- and these are methodological challenges which need to be addressed systematically.
That call for open source information to be used more widely has now been echoed by two researchers at the International Centre for Security Analysis, also at King's College -- not surprisingly, perhaps, since they too use this technique in their work:
There is a powerful case for incorporating OSINT approaches to evidence-based policymaking. In the first place, evidence produced by OSINT methods can be both robust and rigorous, not least because it can be underpinned by extensive datasets. And in the second, it has the potential to be both transparent and verifiable; all open source evidence is, by definition, based on data that is publicly (and often freely) available.
However, they note that so far the uptake of such methods to inform policy-making has been very limited. Here's why:
At the heart of the problem is the fact that OSINT approaches are still relatively 'young' and, all too often in our experience, lack the rigour and reliability needed to underpin effective policymaking.
To overcome those issues, they suggest that practitioners of OSINT should develop more reliable open intelligence tools and methods, and should communicate better the advantages of this approach. They also urge policy makers to take open source intelligence into consideration as an additional form of evidence, but given the conservatism and risk aversion in these circles, I imagine it will take some time before that happens.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

12 Comments | Leave a Comment..

Posted on Techdirt - 25 February 2015 @ 12:54am

Facebook's Updated Privacy Policy Breaches EU Law, Belgian Study Claims; Other Countries Investigating

from the must-try-harder dept

Europeans have a rather ambivalent attitude to Facebook. On the one hand, millions of them love using it. On the other, many people are worried about the huge stores of personal information it is building up on its users -- and what it does with it. This has led to various attempts by the Austrian Max Schrems to find out what Facebook knows about him -- and to establish whether its handling of his data is compliant with EU data protection laws. Separately from those efforts, the Belgian privacy commission has been investigating Facebook's privacy policy. It asked researchers at a pair of local universities to provide an analysis. Here's what they found, as reported by the Guardian:

A report commissioned by the Belgian privacy commission has found that Facebook is acting in violation of European law, despite updating its privacy policy.

Conducted by the Centre of Interdisciplinary Law and ICT at the University of Leuven in Belgium, the report claimed that Facebook's privacy policy update in January had only expanded older policy and practices, and found that it still violates European consumer protection law.
The report runs to over 60 pages (pdf). The key findings are as follows:
To be clear: the changes introduced in 2015 weren't all that drastic. Most of Facebook's "new" policies and terms are simply old practices made more explicit. Our analysis indicates, however, that Facebook is acting in violation of European law. First, Facebook places too much burden on its users. Users are expected to navigate Facebook's complex web of settings (which include "Privacy", "Apps", "Adds", "Followers", etc.) in search of possible opt-outs. Facebook's default settings related to behavioural profiling or Social Ads, for example, are particularly problematic. Moreover, users are offered no choice whatsoever with regard to their appearance in "Sponsored Stories" or the sharing of location data. Second, users do not receive adequate information. For instance, it isn't always clear what is meant by the use of images "for advertising purposes". Will profile pictures only be used for "Sponsored Stories" and "Social Adverts", or will it go beyond that? Who are the "third party companies", "service providers" and "other partners" mentioned in Facebook's data use policy? What are the precise implications of Facebooks' extensive data gathering through third-party websites, mobile applications, as well recently acquired companies such as WhatsApp and Instagram?
Unfortunately for Facebook, this is just the start of a much wider investigation across Europe:
The Belgian Privacy Commission is also part of a European task force, which includes data protection authorities from the Netherlands, Belgium and Germany. [Leuven University's] ICRI/CIR and [Vrije Universiteit Brussel's] iMinds-SMIT will continue to support the Privacy Commission in the context of its investigation and future updates to the report will also be shared with their German and Dutch colleagues.
The Guardian notes that other European groups are scrutinizing Facebook's privacy policy:
Facebook is already being investigated by the Dutch data protection authority, which asked Facebook to delay rollout of its new privacy policy, and is being probed by the Article 29 working party formed of data regulators from individual countries across Europe, including the UK’s Information Commissioner’s Office.
Looks like Facebook has a busy few years ahead of it -- and what applies to Facebook is also likely to apply to a host of other companies that offer online services based on gathering large amounts of personal data in Europe.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

7 Comments | Leave a Comment..

Posted on Techdirt - 24 February 2015 @ 1:41pm

Head Of UK Parliamentary Committee Overseeing Intelligence Agencies Resigns After Being Caught In Sting

from the a-question-of-trust dept

The UK government's response to Snowden's leaks has been twofold: that everything is legal, and that everything is subject to rigorous scrutiny. We now know that the first of these is not true, and the second is hardly credible either, given that the UK's main intelligence watchdog has only one full-time member. There's one other main oversight body, the UK's Intelligence and Security Committee of Parliament (ISC), which is tasked with examining:

the policy, administration and expenditure of the Security Service, Secret Intelligence Service (SIS), and the Government Communications Headquarters (GCHQ).
The ISC was criticized as part of a larger condemnation of intelligence oversight by another UK Parliament committee. The head of the ISC, Sir Malcolm Rifkind, was reported by the Guardian as dismissing those criticisms as "old hat," as if that somehow made them acceptable. Rifkind has now been caught up in a rather more serious row, which involves reporters from the UK's Channel 4 and The Telegraph newspaper posing as representatives of a Chinese company:
PMR, a communications agency based in Hong Kong was set up, backed by a fictitious Chinese businessman. PMR has plenty of money to spend and wants to hire influential British politicians to join its advisory board and get a foothold in the UK and Europe.
Here's what Channel 4 and the Telegraph allege happened in their meeting with Rifkind:
Sir Malcolm also claimed he could write to a minister on behalf of our company without saying exactly who he was representing

Sir Malcolm added that he could see any foreign ambassador in London if he wanted, so could provide 'access' that is 'useful'
Rifkind said that he was "self-employed" -- in fact, he is a Member of Parliament, and receives a salary of £67,000 per year -- and that his normal fee was "somewhere in the region of £5,000 to £8,000" for half a day's work. There's no suggestion that Rifkind made any reference during the sting to his role as head of the ISC, but that's not really the point. He was offering a Chinese company access to influential people purely because he would get paid to do so, and that is surely not the kind of person you would want to grant the high-level security clearance Rifkind enjoys.

Then there is the question of what happens when Rifkind leaves Parliament: as Techdirt noted back in 2012, politicians can earn huge amounts of money by going to work as lobbyists, drawing on their contacts to ease the path for legislation or contracts or whatever. According to the disgraced lobbyist Jack Abramoff, merely letting politicians know that a job as lobbyist was waiting for them if they wanted it can be enough to shift their loyalties. That would be hugely troubling if it concerned someone occupying such a sensitive position as Rifkind.

After initially being suspended from the Conservative party, pending a disciplinary review, Rifkind has now resigned as chairman of the ISC, and announced that he will not be a candidate for re-election in the UK's general election later this year. He probably decided to fall on his sword in an attempt to spare the UK government further embarrassment, but his move will do little to bolster the dwindling credibility of the ISC, or the repeated claim that there are no problems with oversight of UK intelligence services.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

19 Comments | Leave a Comment..

Posted on Techdirt - 24 February 2015 @ 1:11am

Digital Rights Group And ISPs Bring Legal Challenge Against New French Surveillance Law

from the just-the-beginning dept

As we've been reporting, seemingly hopeless legal challenges to UK surveillance have already notched up two wins, and revealed previously secret details about what has been going on. Now the French digital rights group La Quadrature du Net (LQDN) is taking the same approach in France:

Together with FFDN, a federation of community-driven non-profit ISPs, La Quadrature du Net is bringing a legal action before the French Council of State against a decree on administrative access to online communications metadata. Through this decree, it is a whole pillar of the legal basis for Internet surveillance that is being challenged. This appeal, which builds on the European Union Court of Justice's recent decision on data retention, comes as the French government is instrumentalizing last month's tragic events to further its securitarian agenda, with an upcoming bill on intelligence services.
LQDN is referring to the fact that in December 2014, the French government quietly passed an executive decree bringing in controversial surveillance measures that were passed by the French parliament a year before -- more details are given in LQDN's post. This is the first legal challenge carried out directly by La Quadrature du Net, but is unlikely to be the last:
Eventually, this legal challenge will make it possible not only to formally refer the issue to the Constitutional Council, since the [new surveillance law] never underwent a constitutionality check, but also to confront existing French Law with the [Court of Justice of the EU] and the [European Court of Human Rights]'s case laws.
In other words, even if the present challenge before the French Council of State fails, there are further legal avenues that can be explored afterwards, which makes the likelihood that at least one of them will be successful much higher.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

9 Comments | Leave a Comment..

Posted on Techdirt - 20 February 2015 @ 6:16am

Humiliating Admission By UK Government That Yet More Of Its Surveillance Was Unlawful

from the well,-not-*completely*-legal dept

A couple of weeks ago, we reported on a small but important defeat for the UK government when the Investigatory Powers Tribunal (IPT) ruled that intelligence sharing between the NSA and GCHQ was unlawful. Now, in a sign that the cracks in the UK's impenetrable silence on its surveillance activities are beginning to spread, the Guardian reports on the following surprising development:

The regime under which UK intelligence agencies, including MI5 and MI6, have been monitoring conversations between lawyers and their clients for the past five years is unlawful, the British government has admitted.
Here's why the UK government has suddenly started owning up to these misdeeds:
The admission that the regime surrounding state snooping on legally privileged communications has also failed to comply with the European convention on human rights comes in advance of a legal challenge, to be heard early next month, in which the security services are alleged to have unlawfully intercepted conversations between lawyers and their clients to provide the government with an advantage in court.
Remarkably, the confession has brought with it an unprecedented explanatory statement:
"In view of recent IPT judgments, we acknowledge that the policies adopted since [January] 2010 have not fully met the requirements of the ECHR, specifically article 8 (right to privacy). This includes a requirement that safeguards are made sufficiently public.

"It does not mean that there was any deliberate wrongdoing on their part of the security and intelligence agencies, which have always taken their obligations to protect legally privileged material extremely seriously. Nor does it mean that any of the agencies' activities have prejudiced or in any way resulted in an abuse of process in any civil or criminal proceedings."
This surprise admission shows once again the value of taking legal action against government surveillance, even when the odds of succeeding seem slim. Twice now the UK has revealed details purely as a result of challenges. Perhaps even more importantly, twice now the UK government's standard response to leaks -- that it wouldn't confirm or deny anything, but the British public could rest assured that whatever may have happened was completely legal -- has been shown to be false.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

29 Comments | Leave a Comment..

Posted on Techdirt - 20 February 2015 @ 1:05am

Cerf Warns Of A 'Lost Century' Caused By Bit Rot; Patents And Copyright Largely To Blame

from the and-he-should-know dept

According to his online biography, Vint Cerf is:

Vice president and Chief Internet Evangelist for Google. He is responsible for identifying new enabling technologies and applications on the Internet and other platforms for the company.
That suggests someone whose main job is to look forward, rather than back, and with a certain optimism too. But an article in the Guardian reports on a speech he gave in which he is not only concerned with the past of online technologies, rather than their future, but is also issuing an important warning about their fatal flaws:
Humanity's first steps into the digital world could be lost to future historians, Vint Cerf told the American Association for the Advancement of Science's annual meeting in San Jose, California, warning that we faced a "forgotten generation, or even a forgotten century" through what he called "bit rot", where old computer files become useless junk.
Of course, he's not the first person to raise that issue -- Techdirt wrote about this recently -- but Cerf's important contributions to the creation of the Internet, and his current role at Google, lend particular weight to his warning. That said, the Guardian article seems to miss the central reason all this is happening. It's not that it's really hard to create emulators to run old programs or open old files. The real issue is tucked away right at the end of the article, which quotes Cerf as saying:
"the rights of preservation might need to be incorporated into our thinking about things like copyright and patents and licensing. We're talking about preserving them for hundreds to thousands of years," said Cerf.
The main obstacles to creating software that can run old programs, read old file formats, or preserve old webpages, are patents and copyright. Patents stop people creating emulators, because clean-room implementations that avoid legal problems are just too difficult and expensive to carry out for academic archives to contemplate. At least patents expire relatively quickly, freeing up obsolete technology for reimplementation. Copyright, by contrast, keeps getting extended around the world, which means that libraries would probably be unwilling to make backup copies of digital artefacts unless the law was quite clear that they could -- and in many countries, it isn't.

Once again, we see that far from promoting and preserving culture, intellectual monopolies like patents and copyright represent massive impediments that may, as Cerf warns, result in vast swathes of our digital culture simply being lost forever.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

21 Comments | Leave a Comment..

Posted on Techdirt - 19 February 2015 @ 4:08am

If You Care About The Environment In Canada, You May Be Targeted As An 'Anti-Petroleum Extremist'

from the muzzling-dissent-again dept

As Techdirt has been warning for some time, one of the dangers with the flood of "anti-terrorist" laws and powers is that they are easily redirected against other groups for very different purposes. A story in the Globe and Mail provides another chilling reminder of how that works:

The RCMP [Royal Canadian Mounted Police] has labelled the "anti-petroleum" movement as a growing and violent threat to Canada's security, raising fears among environmentalists that they face increased surveillance, and possibly worse, under the Harper government's new terrorism legislation.
As the Globe and Mail article makes clear, environmentalists are now being considered as part of an "anti-petroleum" movement. That's not just some irrelevant rebranding: it means that new legislation supposedly targeting "terrorism" can be applied.
The legislation identifies "activity that undermines the security of Canada" as anything that interferes with the economic or financial stability of Canada or with the country's critical infrastructure, though it excludes lawful protest or dissent. And it allows the Canadian Security and Intelligence Service to take measures to reduce what it perceives to be threats to the security of Canada.
Clearly, that's an incredibly broad definition, and would apply to just about any environmental or social movement -- especially since even the most peaceful protests are often considered "illegal." That, in its turn would allow Canada's security agencies to collect information on these groups, and "disrupt" them. What's also troubling about the leaked RCMP "intelligence assessment" that forms the source for the Globe and Mail story is the very clear political position it seems to be taking on fossil fuels and climate change:
The report extolls the value of the oil and gas sector to the Canadian economy, and adds that many environmentalists "claim" that climate change is the most serious global environmental threat, and "claim" it is a direct consequence of human activity and is "reportedly" linked to the use of fossil fuels.
That sounds more like something that would come from the oil and gas industries' marketing departments, rather than from a country's impartial police force. However, as Techdirt has reported before, the current Canadian government has been muzzling other groups that dare to disagree with its policies, especially on climate change, for some time. Redefining environmentalists as anti-petroleum extremists is clearly part of the same repressive approach.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

43 Comments | Leave a Comment..

Posted on Techdirt - 19 February 2015 @ 1:01am

Is Arduino Heading Towards The First Open Hardware Fork?

from the adventure-continues dept

Although Arduino has figured a few times here on Techdirt in the DailyDirt section, it's not very well-known outside the world of open hardware, where it was one of the pioneers (its reference designs are distributed under a CC-BY-SA license, and all of its software under the GNU GPL or LGPL). One sad sign that Arduino has arrived is that there is currently a falling out between some of the founders (original in Italian), partly over the rising monetary stakes involved.

The Italian company set up by one founder, Gianluca Martino, has been the main supplier of Arduino products for years -- the open hardware license allows others to make them, too, but not to claim that they are "official." Originally called Smart Projects, it has now renamed itself Arduino Srl, and taken on a new CEO with the aim of growing sales and taking the company public in a few years' time. That hasn't gone down too well with perhaps the best-known of the founders, Massimo Banzi, who oversees the development of the whole Arduino project, and heads up the Swiss-based company Arduino Sa, a subsidiary of the main Arduino Llc, registered in Massachusetts.

Alongside the original Arduino site arduino.cc, Martino's company has now created arduino.org, with a similar color scheme, and the motto "the adventure continues." Both Martino and Banzi say they are discussing partnerships with other manufacturers -- Martino with Bosch and Panasonic, Banzi with Intel -- with a view to selling more Arduino boards around the world (original in Italian). Inevitably, perhaps, the two factions are fighting each other in lawsuits.

However those suits are decided, it seems possible that there will be some kind of fork of Arduino, with the two rival camps claiming to be the true heirs of the original project. That's common enough in the world of open source software, but this will probably be the first time it has happened in the open hardware field.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 18 February 2015 @ 9:31am

China To Require Real-Name Registration For Online Services And Bans On Parody Accounts

from the boring-but-not-necessarily-effective dept

China has been trying for some time to clamp down on the Internet, in an attempt to prevent it from being used in ways that threaten the authorities' control. Since the appointment of China's new leader, Xi Jinping, the situation has deteriorated -- China Digital Times speaks of the "new normal" of sharpened control. Here's yet another move to that end, as reported by Reuters:

China will ban from March 1 internet accounts that impersonate people or organizations, and enforce the requirement that people use real names when registering accounts online, its internet watchdog said on Wednesday.
The ban on parody accounts might seem strange, but is likely to have quite an impact on China's online culture:
The ban on impersonations includes accounts that purport to be government bodies, such as China's anti-corruption agency and news organizations like the People's Daily state newspaper, as well as accounts that impersonate foreign leaders, such as U.S. President Barack Obama and Russia's Vladimir Putin, the Cyberspace Administration of China (CAC) said on its website.

Many users of social media create parody accounts of prominent figures and institutions to poke fun at them.
However, once users have registered their real names, they will be permitted to use nicknames, as the new regulation explains:
Internet information service providers shall, according to the principle of "real name backstage, voluntary choice front stage”, demand Internet information service users to register accounts after undergoing real identity information authentication.

Internet information service users shall, when registering accounts, conclude an agreement with the Internet information service provider, and commit to respect the seven baselines of laws and regulations, the Socialist system, the national interest, citizens' lawful rights and interest, the public order, social moral customs and the veracity of information.
That comes from China Copyright and Media's complete translation of the new CAC regulation. Here are the rather stringent rules that apply when choosing an online nickname:
The Internet user account name registered and used by any body or individual may not contain the following elements:

(1) content violating the provisions of the Constitution, laws or regulations;

(2) content violating national security, leaking State secrets, subverting the national regime, or destroying national unity;

(3) content harming the honour and interests of the State, or harming the public interest;

(4) content inciting ethnic hatred or ethnic discrimination, or destroying ethnic unity;

(5) content destroying State religious policies, propagating heresy or feudal superstition;

(6) content disseminating rumours, disrupting social order, or destroying social stability;

(7) content disseminating obscenity, sex, gambling, violence, murder, terror or instigating crime;

(8) content defaming or slandering others, or infringing others’ lawful rights and interests;

(9) other content prohibited by laws and administrative regulations.
That's obviously a pretty comprehensive list, and might suggest that the Chinese Internet is doomed to become totally boring -- and completely censored. That may be the authorities' intention, but it's worth bearing in mind that this is not the first time that the Chinese government has attempted to impose real-name registration online.

A fascinating series of five articles on the Fei Chang Dao site details how similar campaigns to tame the online world have been introduced many times since 2003, evidently without much success. Although the current crackdown on Internet freedom certainly appears more serious than earlier ones, it remains to be seen whether the Chinese authorities manage to impose real-name registration on all services, or whether this will turn out to be just the latest in a long string of failures.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

15 Comments | Leave a Comment..

Posted on Techdirt - 18 February 2015 @ 12:58am

UK Police Forces Have Secret Facial Recognition Database Of 18 Million People, Many Innocent

from the false-positives dept

The UK already has a pretty awful reputation when it comes to surveillance, what with millions of CCTV cameras, DRIPA and two recent attempts to shove the Snooper's Charter through Parliament without scrutiny. So perhaps it should come as no surprise to discover that UK police forces have created a giant facial recognition database that includes hundreds of thousands of innocent people:

Police forces in England and Wales have uploaded up to 18 million "mugshots" to a facial recognition database -- despite a court ruling it could be unlawful.

They include photos of people never charged, or others cleared of an offence, and were uploaded without Home Office approval, [the BBC's] Newsnight has learned.
As BBC News notes, the photos of innocent people have been retained in contempt of an explicit order from the court to remove them:
It comes despite a ruling in 2012, when two people went to the High Court to force the Metropolitan Police to delete their photos from databases.

The judge warned forces should revise their policies in "months, not years".
Also worrying is this belief in the database's infallibility:
Andy Ramsay, identification manager at Leicestershire Police, told Newsnight the force now had a database with 100,000 custody photos.

He said searches of the database using facial recognition were 100% reliable in cases where there were clear images, and could be completed in seconds.
No non-trivial matching system is "100% reliable": there are always false positives that make detection of criminals harder, not easier. There is a danger that the UK police will start using this supposed infallibility as an argument in itself: since our system never makes mistakes, if it says you are guilty, you must be guilty. And there is another important issue, articulated here by David Davis, a former Conservative minister:
"It's quite understandable, police always want more powers, but I'm afraid the courts and parliament say there are limits," he said.

"You cannot treat innocent people the same way you treat guilty people."
What's worrying is that UK police forces don't seem to care what the courts say, as they strive to create their video surveillance database that does indeed treat everyone in exactly the same way: as potential criminals until the "100% reliable" system turns them into recognized criminals.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

23 Comments | Leave a Comment..

Posted on Techdirt - 17 February 2015 @ 3:43am

Russia Reaches The Censorship Endgame: Banning VPNs, Tor And Web Proxies

from the ghouls,-all-gathered-in-one-place dept

We have been tracking for some time the increasingly repressive measures that the Russian authorities have brought in to censor and control the Internet. Of course, Techdirt readers know that an easy way to circumvent both censorship and control is to use tools like VPNs and Tor. Unfortunately, the Russian authorities also know this, and are now calling for action against them, as TorrentFreak reports:

Speaking at Infoforum-2015, Russian MP Leonid Levin, who is deputy head of the Duma Committee on information politics, indicated that access to anonymization and circumvention tools such as TOR, VPNs and even web proxies, needs to be restricted.
Levin also called for Roskomnadzor, the state agency that oversees communications and the Internet, to be given more powers to intervene. If the views of Vadim Ampelonskogo, Roskomnadzor's chief press officer, are anything to go by, that is likely to have serious consequences for online freedom:
Describing the Tor network as a "den of criminals" and "ghouls, all gathered in one place", Ampelonskogo said Roskomnadzor would find a solution to block anonymous networks if it was supported by a relevant regulatory framework.
What's troubling about this latest call for even tighter control is that it was entirely predictable. Once governments start blocking sites and restricting freedom of speech online, people inevitably respond by using VPNs and Tor to circumvent these measures. And that means that if governments want their laws to be effective, at some point they will take direct action against circumvention tools. That's why it's particularly worrying that Western governments have started down this road: it implies that they, too, might one day try to ban VPNs and Tor.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

51 Comments | Leave a Comment..

Posted on Techdirt - 13 February 2015 @ 1:14am

UK Surveillance Consultation Suggests It Is End-Point Security, Not Encryption, That Cameron Wants To Subvert

from the Snowden-was-right,-again dept

A few weeks ago, we reported on David Cameron's apparent call to undermine all encryption in the UK. But as we noted then, it was not clear from his offhand remark what exactly he meant, or how he planned to implement the idea. A new consultation document on the legal framework of surveillance in the UK provides a clue, as spotted by The Guardian:

Britain's security services have acknowledged they have the worldwide capability to bypass the growing use of encryption by internet companies by attacking the computers themselves.

The Home Office release of the innocuously sounding "draft equipment interference code of practice" on Friday put into the public domain the rules and safeguards surrounding the use of computer hacking outside the UK by the security services for the first time.

The publication of the draft code follows David Cameron's speech last month in which he pledged to break into encryption and ensure there was no "safe space" for terrorists or serious criminals which could not be monitored online by the security services with a ministerial warrant, effectively spelling out how it might be done.
That certainly makes sense. As Edward Snowden said during an early Q&A:
Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.
The new consultation document from the UK's Home Office seems to confirm that GCHQ can also find ways around it. It is one of two draft "codes of practice" for the main UK law governing surveillance, the Regulation of Investigatory Powers Act 2000 (RIPA). Although it's welcome that more details about the legislative framework are being provided, the way that is being done is problematic, as Carly Nyst, legal director of Privacy International, points out in the Guardian article:
"GCHQ cannot legitimise their unlawful activities simply by publishing codes of conduct with no legislative force. In particular, the use by intelligence agencies of hacking -- an incredibly invasive and intrusive form of surveillance -- cannot be snuck in by the back door through the introduction of a code of conduct that has undergone neither parliamentary nor judicial scrutiny. It is surely no mistake that this code of conduct comes only days before GCHQ is due to argue the lawfulness of its hacking activities in court."
It is also striking that the codes of conduct were released on the same day that the UK's secretive Investigatory Powers Tribunal ruled that British intelligence services had broken the law, but that they were now in compliance because previously unknown policies had been made public. As Nyst speculates, it could be that the UK government is releasing more details of its spying in the form of these consultation documents in an attempt to head off future losses in the courts.

Whether or not that is the case, it certainly seems that the attempts by civil liberties groups to end or at least limit mass surveillance are already having an effect on the UK government, and forcing it to provide basic details of its hitherto completely-secret activities. That success is a strong incentive to continue fighting for more proportionality and meaningful oversight here.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

14 Comments | Leave a Comment..

Posted on Techdirt - 12 February 2015 @ 1:05am

Political Meltdown In Macedonia Shows Destabilizing Effect Of Massive Government Surveillance

from the what-a-mess dept

Techdirt writes a lot about surveillance and its potential dangers. But if you want to see the reality of abusive governmental spying, look no further than Macedonia, where a huge surveillance scandal is unfolding (original in German, found via @Netzpolitik):

In a press conference announced weeks ago, opposition leader Zoran Zaev accused Prime Minister Nikola Gruevski of being responsible for a massive wiretapping scandal. Those spied upon include government ministers, opposition politicians, journalists, entrepreneurs and many members of the judiciary and the security apparatus.

"More than 20,000 people in Macedonia have been monitored over the years," said Zaev. "We have evidence that there has been a comprehensive, illegal wiretap program, on the direct instructions of the head of intelligence Saso Mijalkov and Prime Minister Nikola Gruevski."
With targeted surveillance affecting 1% of the population, it is hard to believe that alongside immediately useful information about what political opponents and key figures in society were saying and doing, a certain amount of blackmail material wasn't collected by the government spies and squirrelled away for future use. According to the Deutschlandfunk story translated above, for his part, Gruevski alleges that Zaev threatened to release damaging material he had obtained unless elections were called immediately.

The whole situation is a mess, and at its heart lies uncontrolled, abusive surveillance, where the inevitable leaks of incriminating material have now destabilized the entire political system. Sadly, there's no obvious way out. As the article notes, the lack of press freedom or even an independent judiciary in Macedonia means that it will be very hard to get to the bottom of what is happening here, and then move on.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

13 Comments | Leave a Comment..

Posted on Techdirt - 11 February 2015 @ 9:26am

Millions Of Users Unaware That Facebook Is On The Internet -- Or Think It *Is* The Internet

from the that's-what-I-call-a-gatekeeper dept

Facebook figures often enough on Techdirt, and most people here know what they are getting and giving when they sign up. But according to a fascinating article on qz.com, that's not true for everyone around the world who uses Facebook:

It was in Indonesia three years ago that Helani Galpaya first noticed the anomaly.

Indonesians surveyed by Galpaya told her that they didn't use the internet. But in focus groups, they would talk enthusiastically about how much time they spent on Facebook. Galpaya, a researcher (and now CEO) with LIRNEasia, a think tank, called Rohan Samarajiva, her boss at the time, to tell him what she had discovered. "It seemed that in their minds, the Internet did not exist; only Facebook," he concluded.
Nor are Indonesian users alone in this view:
In Africa, Christoph Stork stumbled upon something similar. Looking at results from a survey on communications use for Research ICT Africa, Stork found what looked like an error. The number of people who had responded saying they used Facebook was much higher than those who said they used the internet. The discrepancy accounted for some 3% to 4% of mobile phone users, he says.
The rest of the article goes on to present more evidence that many people are unaware that Facebook is on the Internet, or believe that Facebook is the Internet, and to explore the consequences. For example, one survey shows that 56% of Indonesians who use Facebook but say they don't use the Internet never follow links out of Facebook, against 25% who are on Facebook but say they also use the Internet; for Nigeria, the figures are 69% and 21% respectively. That confirms the immense power of Facebook to act as a gatekeeper -- to people online, to information, and to the lucrative advertising that powers most of the Web.

Although you can hardly blame Facebook for people's misunderstanding of how the Internet works when they use the social network, one major project from the company is likely to make things worse. Here's what the significantly-named Internet.org app hopes to achieve:
Over 85% of the world’s population lives in areas with existing cellular coverage, yet only about 30% of the total population accesses the internet. Affordability and awareness are significant barriers to internet adoption for many and today we are introducing the Internet.org app to make the internet accessible to more people by providing a set of free basic services.

With this app, people can browse a set of useful health, employment and local information services without data charges. By providing free basic services via the app, we hope to bring more people online and help them discover valuable services they might not have otherwise.
The aim here is to provide low-cost access to the Internet for those who might not otherwise be able to afford it. In fact, Internet.org goes further: it provides totally free access to the Internet -- or rather, free access to a very small list of pre-selected sites, including, of course, Facebook.

The intention is laudable, but Internet.org is a classic demonstration of why we need net neutrality. Providing free services may look great in principle, but effectively discriminates against everything not on the list, especially startups with limited resources. We certainly need to work on providing very low-cost Internet access to everyone who wants it, but not by creating a set of privileged services. One other risk with Facebook's Internet.org app is that it will probably encourage yet more people to think that those free services are not on the Internet, or that they are Internet -- all of it.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

60 Comments | Leave a Comment..

More posts from Glyn Moody >>