Glyn Moody’s Techdirt Profile


About Glyn MoodyTechdirt Insider

Posted on Techdirt - 16 March 2018 @ 7:39pm

If You Ratify The CETA Trade Deal, You'll Break The Law, Legal Expert Tells EU Member States

from the corporate-sovereignty-is-the-problem,-as-usual dept

We recently wrote about an important judgment from the EU's top court, the Court of Justice of the European Union (CJEU). The ruling said that that corporate sovereignty provisions included in trade deals between the EU's member states were illegal. Significantly, the logic behind that decision suggests that any form of investor-state dispute settlement (ISDS) -- the official name for the corporate sovereignty framework -- even in trade deals involving countries outside the EU, would be forbidden too. Christina Eckes, professor of European law at the University of Amsterdam and director of the Amsterdam Centre for European Law and Governance, believes that the implications of the CJEU ruling are even broader.

Eckes says that in the wake of the judgment, serious doubts hang over the investment chapter in the Canada-EU trade deal, CETA, which has still not been ratified by all EU member states yet -- a process that is necessary before it comes into force definitively. In fact, Belgium has explicitly asked the CJEU to rule on the legality of the Investor Court System (ICS) in CETA, which is the modified version of corporate sovereignty that supposedly addresses its flaws. As a result, a ruling on whether CETA's investment chapter is legal is definitely on its way, and could have major implications for CETA and its ratification. However, Ecke points out that there is something called "EU loyalty", which:

requires that Member States amongst others 'facilitate the achievement of the Union's tasks and refrain from any measure which could jeopardise the attainment of the Union's objectives.' In external relations, they are obliged not to undermine the EU’s external actions and ensure unity in international representation. ... Furthermore, EU loyalty covers not just the present state of EU law but also ‘the foreseeable future development of EU law’ and should hence be interpreted as requiring certain actions or omissions in the present in order to avoid a potential future conflict between international legal obligations and EU law.

What this means in practice, Eckes suggests, is that the EU's member states should not go ahead and ratify CETA without knowing the outcome of the CJEU deliberation on the legality of the ICS. If they were to complete ratification, and the investment chapter were then found inadmissible by the court, this would undermine the authority of the CJEU, since its ruling would be null and void. As a consequence, she says:

In the light of the foreseeable risk that CJEU declares the CETA investment chapter to be capable of undermining the autonomy of the EU legal order, Member States are required by the principle of EU loyalty to halt ratification in order to demonstrate a uniform position as one Party, together with the EU and the other Member States, on the international plane in general and vis-à-vis Canada in particular.

It's an interesting argument, which the European Commission will doubtless do its best to ignore in the hope that it can just steamroller CETA through the ratification process before the CJEU issues its ruling. However, if, as seems likely, CETA's investment chapter is indeed ruled illegal by the top court, this will present a rather thorny problem for the EU. Given the other challenges it faces thanks to rising populism in many EU countries, the Commission could probably do without this kind of constitutional crisis that would undermine further people's support for the European project. That might be a good reason for putting those ratifications on hold for a while.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 15 March 2018 @ 7:27pm

German Lawyers Call For Their Profession's Bug-Ridden, Soon-To-Be Mandatory, Email System To Be Open Sourced

from the public-trust,-public-code dept

Given the sensitive nature of their work, lawyers need to take particular care when communicating online. One way to address this -- quite reasonable, in theory -- is to create a dedicated system with strong security built in. That's the route being taken by Germany's Federal Bar Association (Bundesrechtsanwaltskammer -- BRAK) with its "besondere elektronisches Anwaltspostfach" (special electronic mailbox for lawyers, or beA). However, the reality has not matched the theory, and beA has been plagued with serious security problems. As a post on the Free Software Foundation Europe (FSFE) site explains (original in German)

Numerous scandals and a questionable understanding of security characterize the project, which has been in development for several years. Lawyers should have been reachable through this software since January 1, 2018, but numerous known vulnerabilities have prevented the planned start of the service.


Although a security audit was commissioned and carried out in 2015, its scope and results have not been published to date; the full extent of the faulty programming became known only at the end of 2017. Thus the project, which has cost lawyers so far about 38 million euros, has already lost people's trust. In view of the numerous errors, the confidentiality of the sent messages can no longer be guaranteed -- and this is for software whose use from 2022 onwards becomes mandatory for all court documentation traffic.

Because of the continuing lack of transparency about the evident problems with the project, a number of German lawyers are supporting a petition that asks for an alternative approach, reported here by the Open Source Observatory:

The petition calls on Germany's Bundesrechtsanwaltskammer (Federal Bar Association, or BRAK) to publish the beA software under a free and open source software licence and open the software development process. "Only in this way can it slowly restore the trust of the users -- all lawyers, authorities and courts," the petition says.

As the petition notes (original in German):

Disclosure of the program code allows independent IT professionals to report potential security vulnerabilities early on so that they can be fixed; it has been shown once more that keeping the source code secret, and carrying out the audits as agreed in the contract [for creating the beA system] does not lead to the desired result. Free software also guarantees much-needed manufacturer independence.

Over and above the increased transparency that open-sourcing the beA code would bring, and the hope that this would allow security issues to be caught earlier, there is another good reason why the German system for lawyers should be released as free software. Since it will perform a key service for the public, it is only right for representatives of the German public to be able to confirm its trustworthiness. This is part of a larger campaign by the FSFE called "Public Money, Public Code", which Techdirt wrote about last year. Unfortunately, what ought to be a pretty uncontroversial idea still has a long way to go, as the painful beA saga demonstrates.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

17 Comments | Leave a Comment..

Posted on Techdirt - 13 March 2018 @ 7:48pm

Research Shows That Published Versions Of Papers In Costly Academic Titles Add Almost Nothing To The Freely-Available Preprints They Are Based On

from the all-that-glitters-is-not-gold dept

The open access movement believes that academic publications should be freely available to all, not least because most of the research is paid for by the public purse. Open access supporters see the high cost of many academic journals, whose subscriptions often run into thousands of dollars per year, as unsustainable for cash-strapped libraries, and unaffordable for researchers in emerging economies. The high profit margins of leading academic publishers -- typically 30-40% -- seem even more outrageous when you take into account the fact that publishers get almost everything done for free. They don't pay the authors of the papers they publish, and rely on the unpaid efforts of public-spirited academics to carry out crucial editorial functions like choosing and reviewing submissions.

Academic publishers justify their high prices and fat profit margins by claiming that they "add value" as papers progress through the publication process. Although many have wondered whether that is really true -- does a bit of sub-editing and design really justify the ever-rising subscription costs? -- hard evidence has been lacking that could be used to challenge the publishers' narrative. A paper from researchers at the University of California and Los Alamos Laboratory is particularly relevant here. It appeared first on in 2016 (pdf), but has only just been "officially" published (paywall). It does something really obvious but also extremely valuable: it takes around 12,000 academic papers as they were originally released in their preprint form, and compares them in detail with the final version that appears in the professional journals, sometimes years later, as the paper's own history demonstrates. The results are unequivocal:

We apply five different similarity measures to individual extracted sections from the articles' full text contents and analyze their results. We have shown that, within the boundaries of our corpus, there are no significant differences in aggregate between pre-prints and their corresponding final published versions. In addition, the vast majority of pre-prints (90%-95%) are published by the open access pre-print service first and later by a commercial publisher.

That is, for the papers considered, which were taken from the preprint repository, and compared with the final versions that appeared, mostly in journals published by Elsevier, there were rarely any important additions. That applies to titles, abstracts and the main body of the articles. The five metrics applied looked at letter-by-letter changes between the two versions, as well as more subtle semantic differences. All five agreed that the publishers made almost no changes to the initial preprint, which nearly always appeared before the published version, minimizing the possibility that the preprint merely reflected the edited version.

The authors of the paper point out a number of ways in which their research could be improved and extended. For example, the reference section of papers before and after editing was not compared, so it is possible that academic publishers add more value in this section; the researchers plan to investigate this aspect. Similarly, since the papers are heavily slanted towards physics, mathematics, statistics, and computer science, further work will look at articles from other fields, such as economics and biology.

Such caveats aside, this is an important result that has not received the attention it deserves. It provides hard evidence of something that many have long felt: that academic publishers add almost nothing during the process of disseminating research in their high-profile products. The implications are that libraries should not be paying for expensive subscriptions to academic journals, but simply providing access to the equivalent preprints, which offer almost identical texts free of charge, and that researchers should concentrate on preprints, and forget about journals. Of course, that means that academic institutions must do the same when it comes to evaluating the publications of scholars applying for posts.

If it was felt that more user-friendly formats were needed than the somewhat austere preprints, it would be enough for funding organizations to pay third-party design companies to take the preprint texts as-is, and simply reformat them in a more attractive way. Given the relatively straightforward skills required, the costs of doing so would be far less than paying high page charges, which is the main model used to fund so-called "gold" open access journals, as opposed to the "green" open access based on preprints freely available from repositories.

In theory, gold open access offers "better" quality texts than green open access, which supposedly justifies the higher cost of the former. What the research shows is that when it comes to academic publishing, as in many other spheres, all that glitters is not gold: humble preprints turn out to be almost identical to the articles later published in big-name journals, but available sooner, and much more cheaply.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

23 Comments | Leave a Comment..

Posted on Techdirt - 8 March 2018 @ 7:37pm

Top Court Throws Out Corporate Sovereignty For All Trade Deals Within EU; Those Involving Other Nations Likely To Suffer Same Fate

from the ISDS-is-dying dept

Techdirt has been writing about what the world calls investor-state dispute settlement (ISDS) for over five years. But early on, we decided that the harmless-sounding initials "ISDS" didn't really convey the seriousness of what was going on here. Instead, we've been using the phrase "corporate sovereignty", because that is what ISDS is: an assertion that the rights of corporates can trump those of entire countries. That's achieved by means of special tribunals that exist outside national legal systems, and which can effectively over-rule them. Many people think this is a really bad idea, and in an important new ruling, the EU's top court has just agreed (pdf):

the Court concludes that the arbitration clause in the BIT [bilateral investment treaty] has an adverse effect on the autonomy of EU law, and is therefore incompatible with EU law.

The specifics of the case concern a dispute between a Dutch insurance company and the Slovak government:

In 2004 Slovakia opened its sickness insurance market to private investors. Achmea, an undertaking belonging to a Netherlands insurance group, set up a subsidiary in Slovakia with a view to offering private sickness insurance services there. However, in 2006 Slovakia partly reversed the liberalisation of its sickness insurance market, and prohibited in particular the distribution of profits generated by sickness insurance activities.

In 2008 Achmea brought arbitration proceedings against Slovakia under the BIT, on the ground that the prohibition was contrary to the agreement and had caused it financial damage. In 2012 the arbitral tribunal found that Slovakia had indeed infringed the BIT, and ordered it to pay Achmea damages in the amount of approximately €22.1 million.

This is a classic case of a government changing its policy, as governments often do, and a company demanding compensation as a result. What this -- and the general theory behind ISDS -- overlooks is that business is by its nature risky; profits are the reward for taking on risks successfully. Corporate sovereignty demands free insurance for foreign investors, guaranteeing that they will not lose out, whatever happens, without actually needing to pay for a formal insurance policy (which is in any case available for those that want such protection). That kind of guarantee is not something that members of the public ever get for free, so it's not clear why corporates should either.

In this case, the Slovak government brought an action in a German court asking for the ISDS award to be set aside. The German court recognized that the case raised important general issues, and referred it to the EU's highest court, the Court of Justice of the European Union (CJEU), for a ruling on the underlying law. The CJEU confirmed something that Techdirt and many others have pointed out for years -- that the arbitration tribunal was outside the entire EU system of law:

by concluding the BIT, Slovakia and the Netherlands established a mechanism for settling disputes which is not capable of ensuring that those disputes will be decided by a court within the judicial system of the EU, only such a court being able to ensure the full effectiveness of EU law.

As such, it was incompatible with EU law, and therefore not valid. That's great news for the Slovak government, and for other Member States that have been hit or threatened with huge corporate sovereignty penalties because of similar intra-EU BITs. But much more significant than the specific result is the general reasoning of the court. Given that the ISDS tribunal in the dispute between the Slovak government and the Dutch insurance company was outside the EU system of law, and therefore deemed illegal, it would seem that any similar arbitration tribunal considering corporate sovereignty cases would also be illegal under EU law. That would apply not just to those adjudicating disputes between EU countries and EU companies, but also to any trade deal that included ISDS. Potentially, then, the CJEU's ruling means that every corporate sovereignty chapter in every EU trade deal is illegal, and unenforceable.

We should find out soon enough. In December last year, Belgium submitted a request to the CJEU asking it to rule on whether the European Union's updated version of ISDS, the Investment Court System (ICS), was compatible with the EU's core treaties. Since the ICS too is outside the EU's main legal system, it's hard to see how the CJEU could rule that it is compatible, assuming it applies the logic of the case discussed above. If the ICS falls, then ISDS will be effectively dead in the EU, and probably dying everywhere else.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

42 Comments | Leave a Comment..

Posted on Techdirt - 7 March 2018 @ 3:23am

Project Gutenberg Blocks Access In Germany To All Its Public Domain Books Because Of Local Copyright Claim On 18 Of Them

from the worse-to-come dept

Project Gutenberg, which currently offers 56,000 free ebooks, is one of the treasures of the Internet, but it is not as well known as it should be. Started in 1991 by Michael S. Hart, who sadly died in 2011, Project Gutenberg is dedicated to making public domain texts widely available. Over the last 25 years, volunteers have painstakingly entered the text of books that are out of copyright, and released them in a variety of formats. The site is based in the US, and applies US law to determine whether a book has entered the public domain. Since copyright law is fragmented and inconsistent around the world, this can naturally lead to the situation that a book in the public domain in the US is still in copyright elsewhere. To deal with this, the site has the following "terms of use":

Our eBooks may be freely used in the United States because most are not protected by U.S. copyright law, usually because their copyrights have expired. They may not be free of copyright in other countries. Readers outside of the United States must check the copyright terms of their countries before downloading or redistributing our eBooks. We also have a number of copyrighted titles, for which the copyright holder has given permission for unlimited non-commercial worldwide use.

That approach seemed to be working, at least until this happened to the Project Gutenberg Literary Archive Foundation (PGLAF):

On December 30, 2015, PGLAF received notification that a lawsuit had been filed in Germany against it, and its CEO. The lawsuit was concerned with 18 eBooks, by three authors, which are part of the Project Gutenberg collection.

The lawsuit was filed in the Frankfurt am Main Regional Court, in Germany.

The Plaintiff is S. Fischer Verlag, GmbH. Hedderichstrasse 114, 60956 Frankfurt am Main, Germany. They are represented by the law firm, Waldorf Frommer of Munich.

The essence of the lawsuit is that the Plaintiff wants the 18 eBooks to no longer be accessible, at least from Germany. It also seeks punitive damages and fines.

Based on legal advice from its US attorneys, PGLAF declined to remove or block the items. The lawsuit proceeded, with a series of document filings by both sides, and hearings before the judges (all of which occurred in German, in the German court). PGLAF hired a German law firm, Wilde Beuger Solmecke, in Köln, to represent it in Germany.

On February 9 2018, the Court issued a judgement granting essentially all of the Plaintiff's demands.

Court's original decision (in German). [pdf]

Decision translated into English. [pdf]

PGLAF complied with the Court's order on February 28, 2018 by blocking all access to and sub-pages to all of Germany.

The German court agreed with the publisher that since people in Germany could access Project Gutenberg files stored in the US, and freely download the 18 ebooks in question, they were making unauthorized copies in Germany, even though they had entered the public domain in the US. A recent EU-funded study showed that unauthorized copies have almost no effect on sales, and can even be beneficial, so it is likely that the German publisher in this case suffered negligible losses as a result of these downloads. This legal action is evidently more about enforcing copyright to the hilt, than about seeking redress for serious harm suffered.

The most famous among the three authors mentioned in the lawsuit, Thomas Mann, died in 1955, so his writings will enter the public domain in Germany in 2025. The fact that the publishing house is trying to stop Project Gutenberg from distributing works written between 1897 and 1920 (listed in the court documents above) shows how absurdly long the term of copyright has become -- the first modern copyright law envisaged just 14 years' protection. The lawsuit also underlines that it is always the longer copyright term that trumps a shorter one, never the other way around.

There's another important point that this case raises. As the Project Gutenberg page on the lawsuit explains:

PGLAF is a small volunteer organization, with no income (it doesn't sell anything) other than donations. There is every reason to fear that this huge corporation, with the backing of the German Court, will continue to take legal action. In fact, at least one other similar complaint arrived in 2017 about different books in the Project Gutenberg collection, from another company in Germany.

Project Gutenberg's focus is to make as much of the world's literature available as possible, to as many people as possible. But it is, and always has been, entirely US-based, and entirely operating within the copyright laws of the US. Blocking Germany, in an effort to forestall further legal actions, seems the best way to protect the organization and retain focus on its mission.

This is a classic example of the chilling effect of heavy-handed moves by the copyright industry. In order to forestall further legal action, organizations lacking resources to stand up to legal bullying often decide it is safer to over-block. In this case, the whole of Project Gutenberg is now inaccessible to people in Germany. That's a serious loss of an important public domain resource, but it's just a taste of what could become routine in Europe.

As Techdirt has reported, there is a new Copyright Directive currently working its way through the EU legislative process. One of its key elements, Article 13, is a requirement for all major sites that make user-uploaded material available to filter those beforehand to remove possible copyright infringements. Such an upload filter would not only represent a gross invasion of privacy, but could lead to sites opting to block access to users in the EU when they receive legal threats for not filtering certain material, rather than contesting the claim in court. The Gutenberg Project's experience should stand as a warning to EU politicians not to allow the copyright industry to take away people's rights to privacy and freedom of expression in this way.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Read More | 60 Comments | Leave a Comment..

Posted on Techdirt - 5 March 2018 @ 8:13pm

Analysis Finds TISA's Benefits Are 'Insignificant', Points Out That Costs Of Deregulation Are Completely Ignored

from the anyone-remember-TISA? dept

Back in 2014, Techdirt first wrote about TISA, the Trade in Services Agreement, another massive international trade deal that was being negotiated behind closed doors with no public scrutiny. Its central aim was to establish a common regulatory framework for services globally. But in doing so, it would circumscribe the ability of governments to bring in their own national laws, since many options would be forbidden by the agreement. For key areas, then, TISA would impose globally-agreed standards for services, with little freedom to diverge, whatever the local populace or democratically-elected politicians might think or want.

During 21 rounds of talks, good progress was made on agreeing what should be in TISA, and it seemed that a final text was quite near. But with the election of Donald Trump, everything went quiet, as TISA negotiators waited to find out what his views on the deal would be. Since then, not much has happened, although TISA's supporters are doubtless hoping that negotiations can be picked up again at some point.

As part of its participation in TISA, the European Commission is obliged to undertake a trade sustainability impact assessment of the likely effects. In this case, the analysis was carried out by the Dutch consultancy ECORYS and the London-based CEPR, both familiar names in this context. The final report was submitted in July 2017, which has given others a chance to examine what benefits the EU expects TISA to bring with it, and the assumptions that lie behind those predictions. The Chamber of Labour, Vienna, commissioned the Austrian Foundation for Development Research (OFSE in German) to produce a report on the report, and this has now been published. Drawing on the sustainability impact assessment's own predictions, the OFSE underlines that TISA is really pretty pointless from an economic point of view:

The economic effects of TiSA according to the SIA study are positive, but insignificant: The economic effects reported are miniscule and do not make for a convincing case for concluding TiSA. EU GDP is expected to increase by 0.1%, exports by 0.2%.

For the US, the figures are 0% for GDP and 0.6% -- in other words, exports rise slightly, but for no overall economic benefit. The average increase for all 23 participating countries is 0.05% for GDP and 0.4% for exports. As the report puts it: "This magnitude of effects is close to statistical insignificance."

These figures taken from the report commissioned by the EU are likely to err on the side of optimism in order to support the European Commission's view that TISA is a Good Thing. But as the Austrian Foundation for Development Research points out, there is a huge flaw in the published analysis. The figures quoted above are the predicted benefits to flow from bringing regulatory systems into alignment. That is typically achieved not by levelling standards up, which would be an acceptable way of accomplishing harmonization, but by levelling down through the removal of stricter regulations. As the OFSE explain:

the benefits of regulation accrue to society at large, insofar as they help to forestall harm from society, for instance by restricting the use of toxic chemicals, or directly confer a benefit, e.g. by increasing the quality of a product or service. Typically, the positive externalities generated by regulation greatly exceed their economic cost. These insights notwithstanding, the empirical trade literature has considered the cost side of regulation only, by conceptualizing regulation as a non-tariff barrier to trade.

As with other trade deals, such as TPP and TTIP, regulations are seen in a purely negative light, as costs borne by businesses, which should be removed for that reason. No account is taken of the fact that they have important benefits for the public -- for example, in terms of protecting their health, and the environment. The Austrian Foundation for Development Research rightly notes that the costs of deregulation must be included alongside the economic benefits in order to arrive at a fair picture of whether trade deals like TISA are worth pursuing. The organization also makes some suggestions for improving TISA and other future trade deals:

Include legal remedies for safeguarding the public interest in EU trade agreements that (i) maintain the right to withdraw commitments in cases of extreme changes in economic conditions, e.g. during a severe economic crisis, or a change in collective preferences due to democratically legitimate regime changes; (ii) reserve the right to impose trade sanctions, e.g. withdrawal of liberalization commitments, for severe breaches of internationally agreed standards and fundamental rights, e.g. with respect to [International Labour Organization] Core Labor Standards or international environmental agreements; and (iii) facilitate access to legal remedies for affected communities and individuals in partner countries, e.g. in cases where the economic activities of EU companies or local companies de-facto controlled by EU companies are in breach of international law or EU legislation.

Although some may see these ideas as evidence that the OFSE espouses a particular political viewpoint, which is probably true, it's larger point about the need to include all the costs and benefits when assessing whether to proceed with TISA is inarguable. No responsible management about to embark on a course of action in a company -- no matter how small -- would consider only the benefits of doing so, without examining the costs and the risks too. Given the far greater economic and social impact of globe-spanning trade deals, the same balanced approach must surely apply to TISA and any future trade agreements.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Free Speech - 1 March 2018 @ 1:43pm

China Briefly Bans The Letter 'N' On Social Media After Anger Over Plans To Make Xi Jinping 'Dictator For Life'

from the Winnie-the-Pooh-strikes-back dept

Last week, the Communist Party of China issued a short statement:

The Communist Party of China Central Committee proposed to remove the expression that the President and Vice-President of the People's Republic of China "shall serve no more than two consecutive terms" from the country's Constitution.

As analysts were quick to point out, that seemingly minor change effectively allows China's current leader, Xi Jinping. to become "dictator for life". It wasn't just Westerners who were taken aback by the unexpected boldness of the move. One of the leading China experts, Victor Mair, explained in a post on his Language Log blog:

for as long as I've been studying China and observing Chinese affairs, I've never witnessed so much opposition to the CCP [Chinese Communist Party] as what I've been seeing and hearing during the last couple of days -- except for the months leading up to the Tiananmen Massacre of June 4, 1989.

But as he points out, the big difference between then and now is that today people can turn to the Internet to express their feelings. Naturally, that has led China's huge censorship machine to go into overdrive, leading to some really weird bans:

since the Roman alphabet is part of the Chinese writing system, it's only fair for letters to be subject to censorship the way Sinographs are. Comments like this Twitter thread show the letter N being censored on Weibo (a microblogging website that is one of the most popular social media platforms in China). This is probably out of fear on the part of the government that "N" = "n terms in office", where possibly n > 2

China Digital Times notes that the block on the letter "N" was only temporary, but that doesn't mean the censorship was eased. On the contrary. The same post lists dozens of words and phrases that are forbidden because they contain direct references or even just allusions to the move to make Xi Jinping's rule life-long. Here are some of the less obvious ones:

Winnie the Pooh -- Images of Winnie the Pooh have been used to mock Xi Jinping since as early as 2013. The animated bear continues to be sensitive in China. Weibo users shared a post from Disney's official account that showed Pooh hugging a large pot of honey along with the caption "find the thing you love and stick with it."

The Emperor's Dream -- The title of a 1947 animated puppet film.

trust this woman is willing to be a vegetarian for the rest of her life -- Allusion to a meme inspired by the popular historical drama Empresses in the Palace. A screenshot of this line, being said by an empress as she pledges lifelong vegetarianism in return for the imminent death of the emperor, has been shared online.

Many activists received warnings not to make negative comments about the planned change. Some that did had their online accounts permanently disabled for daring to discuss the matter. The degree of censorship was so great that it led to people being "blank-screened", as Yuan Yang reported on Twitter:

Friend: *sighs, looking at her smartphone*

I've been "blank-screened."

Me: You've been what?

Friend: It's the word for when all the people you're following on Weibo (China's Twitter) have their accounts censored so your live feed is now a blank screen.

But as Techdirt has noted before, the Chinese online world has plenty of experience in circumventing censorship in clever ways. Here's a fine example of that, noted by Owen Churchill:

Durex in China reminding followers not to trust any advertising that isn't from their official accounts after "Two rounds just aren't enough" poster goes viral #XiJinping

The characters on the fake Durex ad are rather more explicit than "two rounds", which seems appropriate given what many people think Xi Jinping is doing to the Chinese people with this proposed change to the country's constitution.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

17 Comments | Leave a Comment..

Posted on Techdirt - 27 February 2018 @ 7:41pm

Now It's The Turn Of Mercedes-Benz To Grovel Before China, Over An Instagram Post Quoting The Dalai Lama

from the extremely-erroneous dept

A couple of weeks ago, Techdirt wrote about Marriott International kowtowing to China because of a drop-down menu that dared to suggest that Tibet might be a country. We noted that a newly-confident and increasingly aggressive China might well start finding more of these alleged "insults" to use as pretexts for asserting itself internationally. And sure enough, that's already happened again, this time with Mercedes-Benz. As a New York Times story explains, the German car maker posted an image of a white car parked on a beach, along with a quotation popularly ascribed to the Dalai Lama -- "Look at the situations from all angles, and you will become more open. #MondayMotivation" -- to its official Instagram account.

Becoming "more open" by looking at things from this particular angle didn't go down at all well in China, where the authorities regard Tibetan veneration of the Dalai Lama as a threat to political stability in the region. According to the New York Times, the post provoked an "outcry" from Chinese internet users, many of whom pledged to boycott the Mercedes brand. It's hard to gauge to what extent Chinese citizens did this spontaneously, or whether some of those protesting online were part of the authorities' well-oiled Internet surveillance and propaganda machine. In any case, what mattered was that the Chinese government was not happy at all, and Mercedes-Benz realized that if it wanted to carry on selling its cars in China, it had better start apologizing quickly and deeply. This it did by posting to its official Weibo account, translated here by the Shanghaiist:

This morning, we noticed that our company's international social media had posted an extremely erroneous message. For this, we sincerely apologize.

Although we deleted the post as soon as possible, we fully understand how it has hurt the feelings of people in this country, including our colleagues who work in the country. For this, we express our sincerest apologies.

The Chinese government evidently wanted to make the most of this new opportunity to humiliate a Western company. The People’s Daily, the ruling Communist Party's official newspaper, went so far as to berate Mercedes-Benz thus in a headline (original in Chinese):

If you do like this, you are an enemy of the Chinese people!

What makes the situation even more absurd is that Instagram is blocked in China, and so in theory nobody in the country could even see the ad. As with the Marriott International story, it underlines that the Chinese government now believes it has a right to dictate what should happen outside its borders, as well as within them.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

30 Comments | Leave a Comment..

Posted on Techdirt - 23 February 2018 @ 10:43am

It You Can't Beat Purveyors Of Unauthorized Copies, Join Them -- With Style

from the win-win-win-win dept

One of the perennial questions around here is what companies should do about unauthorized copies of physical products. As readers will know, on Techdirt we don't think automatically filing lawsuits is the way to go. This little vignette from the New York Times reveals an alternative approach that is smarter and more remunerative:

At a pop-up market stall just off Canal Street, the Madison Avenue of the unauthenticated, shoppers have spent the last week snapping up off-price, jeans, hoodies, T-shirts and boxer briefs with a familiar, almost-right logo: Diesel Deisel. Sure, the "i" and "e" are on the wrong side of their usual do-si-do. But you get what you pay for. They're $69.99; Diesel jeans generally start well over $200. Forget it, Jake -- it's Chinatown.

Companies like Diesel spend significant resources chasing down counterfeiters and stamping them out. According to Renzo Rosso, the founder of Diesel and president of its parent company, the Only the Brave Group, the label shut down 86 websites hawking fake products last year. But Mr. Rosso was crammed into the small, wood-paneled shop on Friday with no intention of dampening Diesel. He'd created it.

Rosso has realized that even unauthorized copies act as marketing for the original, and help to boost the brand. By producing his own fake versions, Rosso not only spreads the word about his company's products, but he even makes money from it. Moreover, by introducing a rival into the market of copies, he probably dilutes the other fake brands and maybe even their profits. It's a win-win-win-win situation, which Gucci too is keen to exploit:

Gucci has riffed on its own bootlegs (and styled its own "Guccy" logo) and set up shop with Daniel Day, better known as Dapper Dan, the counterfeit couturier it had once threatened out of business.

It's such a simple, clever idea, you wonder why no one has thought of it before. And the answer is -- they have. As Techdirt reported nearly nine years ago, a South African t-shirt designer sold its own counterfeit line and used that to boost awareness of the original products, while also being able to differentiate and sell into new markets -- and make money too. What's significant about the latest examples in the New York Times story is that it is top brands that have realized the power of this approach. And even if the idea of coming out with authorized "counterfeits", as Diesel and Gucci are doing, is not original, that somehow seems appropriate.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

21 Comments | Leave a Comment..

Posted on Techdirt - 21 February 2018 @ 12:00pm

EU Publishers Acknowledge Snippet Tax Concerns, But Say: 'It's OK, You Can Trust Us'

from the yeah,-sure dept

Techdirt has been following the ridiculous proposal to extend EU copyright even further to include tiny snippets from articles for years now. The idea has already been tried twice in the European Union, and failed dismally on both occasions. In Spain, a study showed the move there caused serious economic damage, especially to smaller companies; German publishers tacitly admitted the law was pointless when they granted Google a free license to use snippets from their titles. More recently, the European Commission's own research confirmed that far from harming publishers, news aggregators have a positive impact on the industry's advertising revenue. Despite the clear indications that a snippet tax is a terrible idea, some want to go even further, and make it apply to hyperlinks too. Writing in the French newspaper Le Monde back in December, large news agencies including Germany's DPA and France's AFP complained that sites:

offer internet users the work done by others, the news media, by freely publishing hypertext links to their stories. […] Solutions must be found. […] We strongly urge our governments, the European parliament and the commission to proceed with this directive.

Now EU publishers have weighed in on the snippet tax, formally known as Article 11 of the proposed Copyright Directive. Their latest position paper, embedded below, makes a confession:

We acknowledge that concerns have been raised that Article 11 as proposed by the Commission may have a negative effect on the legitimate personal non-commercial use of excerpts from press publications by a natural person by way of hyperlinking or sharing.

But there's no reason to worry, they say, for the following reason:

However, we would like to emphasize that it is in publishers' interest to make their products available as widely as possible, on as many platforms as possible and this is why publishers themselves encourage their readers to share articles and news on social media for free.

In other words: trust us, we won't misuse a new right to forbid anyone from sharing even tiny snippets. Except, of course, copyright holders have repeatedly abused their intellectual monopoly to censor material, in precisely this way. EU publishers want this new right to block snippets to apply even to single words:

We therefore question the necessity of introducing in the new [EU] Presidency's compromise text, a reduction of the scope of protection granted to press publishers to acts of reproduction and making available to the public performed by "service providers" and excluding "individual words or very short extracts of text".

They also want to extend the scope of the snippet ban:

In our view it is essential that any commercial entity or organisation, regardless of their business model, including those currently licensed by press publishers, exclusively or collectively, continues to be within scope of protection. Typically these organisations can be aggregators, media monitoring and press clipping agencies, individual companies, or public institutions.

This isn't just about making search engines pay for the privilege of using snippets of text: it would include every company, of whatever size, and every public body, however meritorious or altruistic its activities, that uses them. The new position paper is important because it makes clearer than ever before that the snippet tax is not about stopping a few big players like Google from indexing stories from publications. After all, that could be easily achieved by blocking the crawlers using the robot.txt file. Article 11 is about something much bigger. It is the latest expression of the publishing industry's apparently infinite sense of entitlement -- that it has a right to control even "individual words or very short extracts of text" used by "any commercial entity or organisation, regardless of their business model", as the document puts it. The egotism of publishers is so monstrous that they don't even care if achieving this insane level of control over the Internet goes against their own economic interests, as the evidence shows it will. Power, it seems, is more important than profits.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Read More | 33 Comments | Leave a Comment..

Posted on Techdirt - 20 February 2018 @ 8:40pm

France Says 'No' To Company Hack-Backs Following Online Attacks -- But Wants To Keep The Option Open For Itself

from the French-have-a-word-for-it dept

Ten years ago, Techdirt was warning about the hype surrounding the concept of "cyberattacks", and after that "cyberwar", both of which were routinely presented in apocalyptic terms. As we now know, the real online battles are being fought much more subtly in the form of low-profile foreign organizations subverting nations in sophisticated ways. Unlike the predicted take-downs of an entire electricity grid, these kind of attacks by foreign states and their proxies have already happened, and with troubling effects.

Governments have a responsibility to consider all possible attacks that may be conducted via the Internet, which means that drawing up policy documents in the field is important. The French government has just published its "Revue stratégique de cyberdéfense (pdf)" -- that is, a Strategic Review of Cyberdefense. It was written by the General Secretariat for Defense and National Security, which operates under the authority of the French Prime Minister, and assists the head of government in designing and implementing security and defense policies. It's extremely thorough and well worth reading, but it's also rather long (and in French). Fortunately, Lukasz Olejnik has put together a post discussing some of the main highlights of the document, which is much shorter -- and in English. As he notes, in France, cyberdefense and cyberoffense are two separate domains, and the strategy document lays out six main approaches to the former: prevention, anticipation, protection, detection, attribution, and reaction (remediation). On the offense side:

France strongly opposes giving private companies the rights to retaliate following a cyberattack. In the French view, such actions would constitute a point of instability in cyberspace. Especially when considering retaliation against actors located in a different state. France wants to put forward the issue of hack-back on the international level.

Notable thing. The fact that the strategy mentions these concepts should probably be interpreted as an indirect response to the ideas discussed in the US, where certain proposals considered giving companies the powers to hack-back.

As far as offensive actions are concerned, the review may not want companies to unleash hack-backs after an online attack, but it does want to keep that option open for the French authorities:

Annex 7 considers retaliatory actions following a cyberattack. Although the text points out that such actions should be considered provided that all the other approaches (prevention, cooperation, negotiation) fail, it acknowledges that a response can be made using cyber or non-cyber means. The strategy also highlights that major cyberattack can be interpreted as an armed aggression, in line with the Article 51 of Charter of United Nations.

Olejnik points out the following interesting idea from the document:

France apparently suggested a desire to put the security liability in hands of product suppliers. In other words, making companies responsible for the security of products they put on the market -- as long as the products are commercially available. The strategy then mentions that one of the solutions could be to release source code and documentation after an end of support date. The strategy itself mentions taking this discussion to the international level.

France's Strategic Review offers a good starting point for thinking about these issues. It would be great if somebody could translate it into English for even wider appreciation.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

9 Comments | Leave a Comment..

Posted on Techdirt - 15 February 2018 @ 6:38pm

Mozilla's Open Letter To Expert Committee Drafting India's First Data Protection Law Slams Aadhaar Biometric Identity System

from the the-lizard-wrangler-speaks dept

Techdirt has been covering India's monster biometric database, Aadhaar, since 2015. Media in India, naturally, have been on the story longer, and continue to provide detailed coverage of its roll-out and application. But wider knowledge of the trailblazing identity project remains limited. One international organization that has been working to raise awareness is Mozilla, home of the Firefox browser and Thunderbird email client.

Last May, an opinion piece entitled "Aadhaar isn't progress -- it's dystopian and dangerous", by Mozilla Executive Chairwoman and Lizard Wrangler Mitchell Baker and Mozilla community member Ankit Gadgil, appeared in India's Business Standard newspaper. In July 2017, Mozilla released a statement on the Indian Supreme Court hearings on Aadhaar. A blog post in November pointed out that the Aadhaar system is increasingly being used by private companies for their services, something Techdirt covered earlier. Similarly, after it was revealed that anybody's Aadhaar details could be bought for around $8 each, Mozilla issued a statement saying "this latest, egregious breach should be a giant red flag to all companies as well as to the UIDAI [Unique Identification Authority of India] and the [Indian] Government."

Following the creation of a committee to draft India’s first comprehensive data protection law, Mozilla has now paid for an open letter to appear in The Hindustan Times. It was written by Baker, and co-signed by 1,447 Mozilla India community members. Although the letter welcomes the work being carried out by the committee of experts, it criticizes Aadhaar for its many failings, and points out some serious omissions in the committee's report on data protection:

The current proposal exempts biometric info from the definition of sensitive personal information that must be especially protected. This is backwards, biometric info is some of the most personal info, and can’t be "reset" like a password.

The design of Aadhaar fails to provide meaningful consent to users. This is seen, for example, by the ever increasing number of public and private services that are linked to Aadhaar without users being given a meaningful choice in the matter. This can and should be remedied by stronger consent, data minimization, collection limitation, and purpose limitation obligations.

Instead of crafting narrow exemptions for the legitimate needs of law enforcement, you propose to exempt entire agencies from accountability and legal restrictions on how user data may be accessed and processed.

Your report also casts doubt on whether individuals should be allowed a right to object over how their data is processed; this is a core pillar of data protection, without a right to object, consent is not meaningful and individual liberty is curtailed.

On a Web page called "Key challenges and the way forward", Mozilla calls on the Indian government to "pause further roll out of Aadhaar until the major problems with Aadhaar have been addressed." It also has a further suggestion:

The Indian government must release Aadhaar as true open source software rather than use language of open source, and encourage the use, development, and adoption of open source as a pillar of the Aadhaar system

Of course, you might expect an open source foundation like Mozilla to say that, but nonetheless it's good to see what is at heart a software organization engaging with global problems that affect huge numbers of people in this way. Others should do the same.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 14 February 2018 @ 7:50pm

What Are The Ethical Issues Of Google -- Or Anyone Else -- Conducting AI Research In China?

from the don't-be-evil,-but-AI-first? dept

AI is hot, and nowhere more so than in China:

The present global verve about artificial intelligence (AI) and machine learning technologies has resonated in China as much as anywhere on earth. With the State Council’s issuance of the "New Generation Artificial Intelligence Development Plan" on July 20 [2017], China's government set out an ambitious roadmap including targets through 2030. Meanwhile, in China's leading cities, flashy conferences on AI have become commonplace. It seems every mid-sized tech company wants to show off its self-driving car efforts, while numerous financial tech start-ups tout an AI-driven approach. Chatbot startups clog investors' date books, and Shanghai metro ads pitch AI-taught English language learning.

That's from a detailed analysis of China's new AI strategy document, produced by New America, which includes a full translation of the development plan. Part of AI's hotness is driven by all the usual Internet giants piling in with lots of money to attract the best researchers from around the world. One of the companies that is betting on AI in a big way is Google. Here's what Sundar Pichai wrote in his 2016 Founders' Letter:

Looking to the future, the next big step will be for the very concept of the "device" to fade away. Over time, the computer itself -- whatever its form factor -- will be an intelligent assistant helping you through your day. We will move from mobile first to an AI first world.

Given that emphasis, and the rise of China as a hotbed of AI activity, the announcement in December last year that Google was opening an AI lab in China made a lot of sense:

This Center joins other AI research groups we have all over the world, including in New York, Toronto, London and Zurich, all contributing towards the same goal of finding ways to make AI work better for everyone.

Focused on basic AI research, the Center will consist of a team of AI researchers in Beijing, supported by Google China's strong engineering teams.

So far, so obvious. But an interesting article on the Macro Polo site points out that there's a problem with AI research in China. It flows from the continuing roll-out of intrusive surveillance technologies there, as Techdirt has discussed in numerous posts. The issue is this:

Many, though not all, of these new surveillance technologies are powered by AI. Recent advances in AI have given computers superhuman pattern-recognition skills: the ability to spot correlations within oceans of digital data, and make predictions based on those correlations. It's a highly versatile skill that can be put to use diagnosing diseases, driving cars, predicting consumer behavior, or recognizing the face of a dissident captured by a city's omnipresent surveillance cameras. The Chinese government is going for all of the above, making AI core to its mission of upgrading the economy, broadening access to public goods, and maintaining political control.

As the Macro Polo article notes, Google is unlikely to allow any of its AI products or technologies to be sold directly to the authorities for surveillance purposes. But there are plenty of other ways in which advances in AI produced at Google's new lab could end up making life for Chinese dissidents, and for ordinary citizens in Xinjiang and Tibet, much, much worse. For example, the fierce competition for AI experts is likely to see Google's Beijing engineers headhunted by local Chinese companies, where knowledge can and will flow unimpeded to government departments. Although arguably Chinese researchers elsewhere -- in the US or Europe, for example -- might also return home, taking their expertise with them, there's no doubt that the barriers to doing so are higher in that case.

So does that mean that Google is wrong to open up a lab in Beijing, when it could simply have expanded its existing AI teams elsewhere? Is this another step toward re-entering China after it shut down operations there in 2010 over the authorities' insistence that it should censor its search results -- which, to its credit, Google refused to do? "AI first" is all very well, but where does "Don't be evil" fit into that?

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

7 Comments | Leave a Comment..

Posted on Techdirt - 8 February 2018 @ 7:51pm

An English-Language, Algorithmically-Personalized News Aggregator, Based In China -- What Could Possibly Go Wrong?

from the no-social-graph-required dept

Techdirt has been exploring the important questions raised by so-called "fake news" for some time. A new player in the field of news aggregation brings with it some novel issues. It's called TopBuzz, and it comes from the Chinese company Toutiao, whose rapid rise is placing it alongside the country's more familiar "BAT" Internet giants -- Baidu, Alibaba and Tencent. It's currently expanding its portfolio in the West: recently it bought the popular social video app for about $800 million:

Toutiao aggregates news and videos from hundreds of media outlets and has become one of the world's largest news services in the span of five years. Its parent company [Bytedance] was valued at more than $20 billion, according to a person familiar with the matter, on par with Elon Musk's SpaceX. Started by Zhang Yiming, it's on track to pull in about $2.5 billion in revenue this year, largely from advertising.

An in-depth analysis of the company on Ycombinator's site explains what makes this aggregator so successful, and why it's unlike other social networks offering customized newsfeeds based on what your friends are reading:

Toutiao, one of the flagship products of Bytedance, may be the largest app you’ve never heard of -- it's like every news feed you read, YouTube, and TechMeme in one. Over 120M people in China use it each day. Yet what's most interesting about Toutiao isn't that people consume such varied content all in one place... it's how Toutiao serves it up. Without any explicit user inputs, social graph, or product purchase history to rely on, Toutiao offers a personalized, high quality-content feed for each user that is powered by machine and deep learning algorithms.

However, as people are coming to appreciate, over-dependence on algorithmic personalization can lead to a rapid proliferation of "fake news" stories. A post about TopBuzz on the Technode site suggests this could be a problem for the Chinese service:

What's been my experience? Well, simply put, it's been a consistent and reliable multi-course meal of just about every variety of fake news.

The post goes on to list some of the choice stories that TopBuzz's AI thought were worth serving up:

Roy Moore Sweeps Alabama Election to Win Senate Seat

Yoko Ono: "I Had An Affair With Hillary Clinton in the '70s"

John McCain's Legacy is DEMOLISHED Overnight As Alarming Scandals Leak

Julia Roberts Claims 'Michelle Obama Isn't Fit To Clean Melania's Toilet'

The post notes that Bytedance is aware of the problem of blatantly false stories in its feeds, and the company claims to be using both its artificial intelligence tools as well as user reports to weed them out. It says that "when the system identifies any fake content that has been posted on its platform, it will notify all who have read it that they had read something fake." But:

this is far from my experience with TopBuzz. Although I receive news that is verifiably fake on a near-daily basis, often in the form of push notifications, I have never once received a notification from the app informing me that Roy Moore is in fact not the new junior senator from Alabama, or that Hillary Clinton was actually not Yoko Ono's sidepiece when she was married to John Lennon.

The use of highly-automated systems, running on server farms in China, represents new challenges beyond those encountered so far with Facebook and similar social media, where context and curation are being used to an increasing degree to mitigate the potential harm of algorithmic newsfeeds. The fact that a service like TopBuzz is provided by systems outside the control of the US or other Western jurisdictions poses additional problems. As deep-pocketed Chinese Internet companies seek to expand outside their home markets, bringing with them their own approaches and legal frameworks, we can expect these kind of issues to become increasingly thorny. We are also likely to see those same services begin to wrestle with some of the same problems currently being tackled in the West.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

21 Comments | Leave a Comment..

Posted on Techdirt - 7 February 2018 @ 10:39am

Single-Pixel Tracker Leads Paranoid Turkish Authorities To Wrongly Accuse Over 10,000 People Of Treason

from the tiny-web-beacons,-massive-consequences dept

We've written many articles about the thin-skinned Turkish president, Recep Tayyip Erdoğan, and his massive crackdown on opponents, real or imagined, following the failed coup attempt in 2016. Boing Boing points us to a disturbing report on the Canadian CBC News site revealing how thousands of innocent citizens have ended up in prison because they were falsely linked with the encrypted messaging app Bylock:

The Turkish government under President Recep Tayyip Erdogan links Bylock with treason, because of the app's alleged connection to followers of Fethullah Gülen, the man the Turkish government believes is behind the deadly 2016 coup attempt. Gülen denies the allegations.

Alleged Bylock users are a large part of the nearly 150,000 Turks detained, arrested or forced from their jobs under state of emergency decrees since the summer of 2016.

An estimated 30,000 are believed to be among the innocent swept up in this particular campaign, victims of the chaos, confusion and fear in Turkey.

It's bad enough that the Turkish authorities are equating the mere use of the Bylock app with treason. But it gets worse. It turns out that many of those arrested for that reason didn't even use Bylock, but were falsely accused:

it was due to a single line of code, which created a window "one pixel high, one pixel wide" -- essentially invisible to the human eye -- to Hypothetically, people could be accused of accessing the site without having knowingly viewed it.

That line redirected people to the Bylock server using several other applications, including a Spotify-like music app called Freezy and apps to look up prayer times or find the direction of Mecca. Some people have been accused because someone they shared a wifi connection with was linked to Bylock.

According to the CBC News report, the single-pixel trackers that linked back to were used intentionally by the Bylock developers in order to muddy the waters, and make it harder to identify real Bylock users. However, it's not clear how these Web "beacons" came to be associated with other apps. Whatever the mechanism used to accuse innocent people, the Turkish authorities have confirmed indirectly that the misleading calls to did indeed take place, albeit releasing that information in a way that violates the victims' privacy pretty badly:

The Turkish government and the country's courts rarely admit they are wrong, but in December, they revealed the gravity of the mistake they'd made by publishing a list of 11,480 mobile phone numbers. Each number represented a person wrongly accused of terrorism in the Bylock affair.

As well as confirming that Turkey remains in the grip of institutionalized paranoia emanating from the country's president, this episode underlines just how serious the implications of single-pixel tracking can be. In an ideal world, such surreptitious tracking would not be taking place. As a second best, browsers would incorporate technology that warned users of such tricks and blocked their callbacks as a matter of course, but it's hard to see how this could be done in a way that isn't easily circumvented.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

26 Comments | Leave a Comment..

Posted on Techdirt - 1 February 2018 @ 3:28am

China Exporting Its Surveillance Tech And Philosophy To Other Countries, Helped By Equipment Donations

from the laboratory-for-comprehensive-security-systems dept

It will probably come as zero surprise to Techdirt readers to learn the following:

China's state surveillance apparatus is trying out a new tool in one of its favorite test beds, the restive region of Xinjiang.

The Muslim-dominated villages on China's western frontier are testing facial-recognition systems that alert authorities when targeted people venture more than 300 meters (1,000 feet) beyond designated "safe areas," according to a person familiar with the project. The areas comprise individuals' homes and workplaces, said the person, who requested anonymity to speak to the media without authorization.

As that Bloomberg report rightly notes, this further extension of the Chinese state's surveillance system is taking place in Xinjiang, which acts as a kind of test-bed for moves of this kind, many of which are then rolled out to the rest of the country. That's clearly terrible news for people in China, but superficially doesn't directly concern the rest of the world. However, a story in the South China Morning Post reveals that China's surveillance tech and philosophy are now appearing in countries outside China:

Ecuador has introduced a security system using monitoring technology from China, including facial recognition, as it tries to bring down its crime rate and improve emergency management, according to state-run Xinhua news agency.

A network of cameras has been installed across the South American nation's 24 provinces -- keeping watch on its population of 16.4 million people -- using a system known as the ECU911 Integrated Security Service, Xinhua reported.

The article explains that experiments are being run to turn footage from Chinese surveillance cameras into data at the Laboratory for Comprehensive Security Systems, which is located in the ECU911 headquarters in Ecuador's capital. China had a hand in that, too:

State-owned China National Electronics Import and Export Corporation (CEIEC) was involved in setting up the laboratory. CEIEC is a subsidiary of China Electronics Corporation (CEC), one of the country's largest defence contractors.

CEC's reach extends far beyond China’s homeland security, and the system in Ecuador is not its first project in South America. In Brazil, CEC was involved in using Chinese technology to monitor environmental risks in the Amazon rainforest. But in Bolivia and Venezuela, as in Ecuador, its projects are to do with public security.

Soft power is key focus for China at the moment, particularly as part of its One Belt, One Road mega infrastructure project. Another way China spreads its influence around the world is by donating surveillance equipment, as happened in Ecuador. It's a shrewd move. Local governments can say that it would be foolish to turn down generous gifts from such a powerful nation, and that once accepted, it would be a waste not to use the equipment. China can claim that it is "helping" other nations improve their internal security, while establishing a beachhead for Chinese companies that manufacture the surveillance equipment. The latter can then build on that to win further sales -- and to help spread Chinese-style surveillance yet further.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

14 Comments | Leave a Comment..

Posted on Techdirt - 30 January 2018 @ 7:31pm

EU's Highest Court Says Privacy Activist Can Litigate Against Facebook In Austria, But Not As Part Of A Class Action

from the new-EU-law-will-soon-make-that-possible-anyway dept

Last November we reported on the legal opinion of one of the Advocates General that advises the EU's top court, the Court of Justice of the European Union (CJEU). It concerned yet another case brought by the data protection activist and lawyer Max Schrems against Facebook, which he claims does not follow EU privacy laws properly. There were two issues: whether Schrems could litigate against Facebook in his home country, Austria, and whether he could join with 25,000 people to bring a class action against the company. The Advocate General said "yes" to the first, and "no" to the second, and in its definitive ruling, the CJEU has agreed with both of those views (pdf). Here's what Schrems has to say on the judgment (pdf):

The Court of Justice of the European Union (CJEU) confirms that Max Schrems can litigate in Vienna against Facebook for violation of EU privacy rules. Facebook's attempt to block the privacy lawsuit was not successful.

However, today the CJEU gave a very narrowly definition of the notion of a "consumer" which deprives many consumer from consumer protection and also makes an Austrian-style "class action" impossible.

The rest of his press release gives background details of the case. Schrems explains why being able to bring a class action in Austria is important:

If a multinational knows that they cannot win a case, they try to find reasons so that a case is not admissible, or they try to squeeze a plaintiff out of the case by inflating the costs.. Facebook wanted to ensure that the case can only be heard in Dublin [where its EU headquarters are located], as Ireland does not have any class action and litigating even one model claim would cost millions of Euros in legal fees. In this case we'd have a valid claim, but it would be basically unenforceable.

EU consumer groups agree that an option to bring class actions is needed, as EurActiv reports:

The ECJ's finding has caused outrage among consumer groups that have campaigned for years for the [European] Commission to propose legislation allowing for EU-level class action lawsuits involving complainants from different member states. They argue that collective redress will make it easier and cheaper for consumer to sue.

The same articles notes that Schrems and the consumer groups may soon get their wish: the European Commission is expected to unveil proposals for a new law that will allow collective redress to be sought across the EU. Even if that does happen, it's likely to take years to implement. Before then, Facebook has many other problems it needs to confront. First, there is Schrem's personal suit against the company, which can now proceed in the Austrian courts. As he points out:

Facing a lawsuit, which questions Facebook's business model, is a huge risk for the company. Any judgement in Austria is directly enforceable at Facebook's Irish headquarter and throughout Europe.

That is, if Schrems wins his case, other EU citizens will be able to use the judgment to sue Facebook more easily. And Facebook may have headed off the threat of a class action under existing law, but the EU's new General Data Protection Regulation (GDPR), which will be enforced from May of this year, explicitly allows non-profit organizations to sue on the behalf of individuals. Article 80 of the GDPR says:

The data subject shall have the right to mandate a not-for-profit body, organisation or association which has been properly constituted in accordance with the law of a Member State, has statutory objectives which are in the public interest, and is active in the field of the protection of data subjects' rights and freedoms with regard to the protection of their personal data to lodge the complaint on his or her behalf

With that in mind, Schrems is crowdfunding just such a public interest, not-for-profit body, None of Your Business (noyb), which Techdirt discussed in December. At the time of writing, noyb is within a few percent of achieving its goal of €250,000. Facebook is naturally well-aware of the GDPR's likely impact. The company's Chief Operating Officer Sheryl Sandberg said recently:

We're rolling out a new privacy center globally that will put the core privacy settings for Facebook in one place and make it much easier for people to manage their data

Satisfying the requirements of the GDPR is not the only looming problem for Facebook. In Germany, the company is facing what is potentially an even more serious challenge, as the FT reports (paywall):

Germany is threatening curbs on how Facebook amasses data from millions of users in what would be an unprecedented intervention in the social network's business model.

Andreas Mundt, head of Germany's main antitrust agency, the Federal Cartel Office, said Facebook could be banned from collecting and processing third-party user data as one possible outcome of an investigation that in December concluded the US technology group was abusing its dominant market position.

If Germany goes ahead with these plans, it will drastically reduce the scope for Facebook to make money by using consolidated data about its users to sell advertising space, and may well encourage other EU nations to follow suit.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

4 Comments | Leave a Comment..

Posted on Techdirt - 25 January 2018 @ 7:22pm

Genome Of A Man Born In 1784 Recreated From The DNA Of His Descendants

from the I-am-your-(great-great-great-grand)-father dept

The privacy implications of collecting DNA are wide-ranging, not least because they don't relate solely to the person from whom the sample is taken. Our genome is a direct product of our parents' genetic material, so the DNA strings of siblings from the same mother and father are closely related. Even that of more distant relations has many elements in common, since they derive from common ancestors. Thus a DNA sample contains information not just about the donor, but about many others on the relevant family tree as well. A new paper published in Nature Genetics (behind a paywall, unfortunately) shows how that fact enables the genomes of long-dead ancestors to be reconstructed, using just the DNA of their descendants.

As an article in Futurism explains, the unique circumstances of the individual chosen for the reconstruction, the Icelander Hans Jonatan, aided the research team as they sought to piece together his genome nearly two centuries after his death in 1827. The scientists mainly came from the Icelandic company deCODE Genetics, one of the pioneers in the world of genomics, and highly-familiar with Iceland's unique genetic resources. The following factors were key:

For one, Jonatan was the first Icelandic inhabitant with African heritage. Iceland also boasts an extensive and highly detailed collection of genealogical records. The combination of Jonatan's unique heritage and the country's record-keeping for inhabitants' family trees made this remarkable recreation possible.

For cultural and historical reasons, Iceland has one of the most complete genealogical records of any nation. This allowed the research team to establish with high probability 788 of Jonatan's descendants. Samples were taken from 182 of those individuals and then genotyped -- a kind of DNA screening. The deCODE group picked out those genomes most likely to provide the longest DNA sequences that had been passed down through the generations from Jonatan's mother, by looking for fragments of African-pattern chromosomes amidst the otherwise European genetic material. The full genomes of 20 of those 182 were sequenced, and then the parts derived from Jonatan's African ancestry pieced together to recreate 38% of his mother's DNA. From this, the researchers were able to establish that Jonatan's mother was probably from the African region spanned by Benin, Nigeria and Cameroon.

This kind of large-scale reconstruction in the absence of physical samples has never been achieved before, and is certainly a major triumph of biological and computational technology. An important question is whether this is a one-off, made possible by the unique circumstances of Jonatan's life, or whether it could be applied more widely. According to the Futurism article:

Theoretically, a technique like this could help researchers create "virtual ancient DNA," which would allow scientists to recreate the DNA of historical figures. Agnar Helgason of deCODE stated that "Any historic figure born after 1500 who has known descendants could be reconstructed."

While it's exciting, there are still major hurdles to overcome in terms of the potential future applications. The quantity, scale, and detail of the DNA from living ancestors required to recreate a person's DNA make it impractical for use within most families. Additionally, with each new generation identifiable DNA fragments get smaller and more difficult to work with.

As DNA sequencing becomes cheaper and more accurate, it will be possible to carry out DNA profiling and collection faster and more economically. Similarly, as computational power increases, chromosome fragments can be analyzed and stitched together more easily. In due course, these kinds of genomic reconstructions will probably become more common. Already, deCODE's research confirms how DNA can establish the connections not just between present-day members of a family, but also with those long dead. When unexpected patterns of maternity or paternity are revealed, they will bring with them who knows what social consequences for their descendants.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

9 Comments | Leave a Comment..

Posted on Techdirt - 25 January 2018 @ 11:54am

TPP Is Back, Minus Copyright Provisions And Pharma Patent Extensions, In A Clear Snub To Trump And The US

from the canada,-leader-of-the-free-world? dept

As Techdirt noted back in November, the Trans Pacific Partnership (TPP) agreement was not killed by Donald Trump's decision to pull the US out of the deal. Instead, something rather interesting happened: one of the TPP's worst chapters, dealing with copyright, was "suspended" at the insistence of the Canadian government, which suddenly took on a leading role. At the time, it wasn't clear whether this was merely a temporary ploy, or was permanent. With news that the clumsily-named "Comprehensive and Progressive Agreement for Trans-Pacific Partnership" (CPTPP) has been "concluded", it now seems that the exclusion of both copyright and pharma patent extensions is confirmed. As Michael Geist writes:

the IP chapter largely reflected U.S. demands and with its exit from the TPP, an overhaul that more closely aligns the agreement to international standards was needed. Canada succeeded on that front with an agreement to suspend most of the controversial IP provisions including those involving copyright term, patent extension, biologics protection, and digital lock rules.

That's the good news. But there's still plenty of bad stuff in the CPTPP, a sample of which is listed here by The Atlantic:

A controversial arrangement whereby companies can sue countries over their domestic laws, known as the investor-state dispute settlement [ISDS -- corporate sovereignty] system, remains in a reduced fashion. Labor and environmental protections are largely unchanged [and unsatisfactory]. The EFF's [Jeremy] Malcolm pointed to e-commerce provisions that provide only weak privacy protections, among other issues, as still being problematic. But overall, the new deal is so similar to the original that Canadian labor unions are furious that their government is still advancing it, just as labor groups in the U.S. objected under Obama.

That anger means that even in the absence of the copyright and pharma patent extensions, there is still likely to be some resistance to the new deal, and not just in Canada. For example, economists estimate that the CPTPP will boost Australia's economy by only 0.04% per year -- a negligible amount that will be swamped by fluctuations in other factors. Some Australian businesses warn that the continuing existence of bilateral trade deals with eight of the CPTPP countries will lead to a complex "noodle bowl" of rules and regulations that could make it harder, not easier, to conduct business with them. In New Zealand, a long-standing critic of TPP, Professor Jane Kelsey, is particularly worried about a chapter on electronic commerce. And in Malaysia, a consumer group has urged the government there not to sign the deal, which it said would be "even worse" than TPP for the country.

Although we still don't have the final details of the deal, and the lingering presence of corporate sovereignty is regrettable, the CPTPP signals a hopeful shift away from the usual intellectual monopoly maximalism. The omission of copyright and patents from the new deal is a significant defeat for the US, which has been the main driving force behind their routine inclusion. And the fact that the CPTPP is going ahead at all without the US is a clear snub to Trump and his rejection of such multilateral trade negotiations.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

58 Comments | Leave a Comment..

Posted on Techdirt - 24 January 2018 @ 7:54pm

Danish Police Charge Over 1,000 People With Sharing Underage Couple's Sexting Video And Images

from the some-kind-of-progress dept

Techdirt posts about sexting have a depressingly similar story line: young people send explicit photos of themselves to their partners, and one or both of them end up charged with distributing or possessing child pornography. Even more ridiculously, the authorities typically justify branding young people who do this as sex offenders on the grounds that it "protects" the same individuals whose lives they are ruining. Judging by a story in The Local, reporting on a press release that first appeared on the MyNewsDesk site (original in Danish), the police in Denmark seem to be taking a more rational approach. Rather than charging the two young people involved for sexting, they are charging 1,004 people who shared the video and images afterwards, some several hundred times:

The video was primarily sent to and shared between young people, the police said in a major announcement on Monday morning.

Individuals under police suspicion in the case may have broken Danish child pornography laws, police wrote.

The material contains sexual images involving persons under the age of 15 years at the time of recording, the Danish National Police (Rigspolitiet) confirmed in a press statement.

The case came to light after Facebook received reports of sexual video material involving young people under 18 being shared on its Messenger platform last year, and alerted the US authorities as a result. They, in their turn, passed the information on to Europol, the European police agency, who forwarded it to the authorities in Denmark. The Local quotes a Danish police officer pointing out the long-term effects of being convicted of breaking the country's child pornography laws:

"If you receive a criminal conviction as a minor it can stay on your record for it least ten years. That means you cannot get a job in a daycare or as a football coach. If American authorities are informed, it can also cause difficulties with travelling to the USA. So this is serious and has serious consequences far into the future."

It could be argued that child pornography laws are not the right way to deal with this kind of sharing by third parties. And it is not clear how the explicit material came to be spread around so widely -- to what extent, for example, one or both of the people involved in the sexting started sharing it elsewhere themselves. But it is surely some kind of progress that the police are concentrating on that wider diffusion, which involved hundreds of people, rather than on the initial sexting by two young people, as so many previous cases have done.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

19 Comments | Leave a Comment..

More posts from Glyn Moody >>