Glyn Moody’s Techdirt Profile


About Glyn MoodyTechdirt Insider

Posted on Techdirt - 1 May 2015 @ 1:10am

The Great Database of China: Rating Moral Behavior, Blacklisting Citizens

from the really-bad-credit-score dept

The Great Firewall of China is well known; a report in the Dutch newspaper de Volkskrant discusses a translation by Rogier Creemers of China's new Social Credit System plan -- a national store of citizens' ratings that promises to become the Great Database of China:

The intentions of the new system are not only economical, fighting fraudulent practices, but also moral. 'This is a deliberate effort by the Chinese government to promote among its citizens "socialist core values" such as patriotism, respecting the elderly, working hard and avoiding extravagant consumption', says Creemers. A bad 'credit code' can result in being not eligible for certain jobs, housing or credit to start a company. 'On the labour market you might need a certain score to get a specific job.'
Here are some details about how this would apply to online activities:
Forcefully move forward the construction of online sincerity, foster ideas of running the Internet according to the law and using the Internet in a sincere manner, progressively implement the online real-name system, perfect legal guarantees for the construction of online credit, forcefully move forward the construction of online credit supervision and management mechanisms.
The "online real-name system" is something we've written about before. A small consolation here is that China has been trying to bring this in for over a decade; its continuing failure to do so offers hope that the Great Database of China might be even harder to construct.
Establish online credit evaluation systems, evaluate the credit of the operational behaviour of Internet enterprises and the online behaviour of netizens, and record their credit rank. Establish network credit files covering Internet enterprises and individual netizens, vigorously move forward with the establishment of exchange and sharing mechanisms for online credit information and corresponding credit information in other areas, forcefully promote the broad application of online credit information in various areas of society.
The following section of the planned Social Credit System is particularly chilling:
Establish online credit black list systems, list enterprises and individuals engaging in online swindles, rumourmongering, infringement of other persons’ lawful rights and interests and other grave acts of breaking trust online onto black lists, adopt measures against subjects listed on black lists including limitation of online conduct and barring sectoral access, and report them to corresponding departments for publication and exposure.
As well as the sheer ambition of this database, which would cover the entire population of China, another novel aspect is where some of the ratings will come from, as de Volkskrant explains:
Innovative will be the active contribution of citizens rating other citizens. 'Imagine a Chinese person being able to rate his doctor or his professor, as is already happening in the US. And he or she might also give a bad score to polluting companies, as the system will be applied to companies and institutions as well', says Creemers.
Of course, online rating systems are already commonplace in other fields. There, they have led to fierce arguments and costly legal battles. The proposed system in China probably won't suffer from those problems, since the Social Credit System will presumably be secret. However, it will be far more insidious since the resulting "credit score" will have a major impact on people's lives and the opportunities open to them, notably for anyone that finds themselves -- unbeknownst -- on one of those blacklists.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

16 Comments | Leave a Comment..

Posted on Techdirt - 30 April 2015 @ 4:12am

UK Tribunal Rules GCHQ Conducted Illegal Surveillance And Must Destroy Legally Privileged Documents

from the unlawful,-unnecessary-and-disproportionate dept

A couple of months ago, we reported on a surprising admission by the UK government that GCHQ has been carrying out illegal surveillance by monitoring privileged conversations between lawyers and their clients. As we noted at the time, the reason for this sudden access of conscience was simply that it knew it was going to lose an imminent case before the Investigatory Powers Tribunal (IPT), the body that considers complaints about UK government surveillance. And that, indeed, is what has just happened. As the human rights organization Reprieve, which helped bring the legal action, explains, not only has GCHQ been found guilty of illegal spying, it has also been ordered to destroy the materials it collected as a result:

Today's decision marks the first time in the IPT's fifteen-year history that it has upheld a complaint against the security services. It is also thought to be the first time the secretive tribunal has ordered an intelligence agency to give up surveillance material.
The Reprieve post has more details about the case, which involves Sami al-Saadi, a former opponent of Libya's Muammar Gaddafi. al-Saadi and his family were kidnapped in a joint MI6-CIA operation and 'rendered' to Libya in 2004, as was his colleague, the Libyan politician Abdul-Hakim Belhaj and his pregnant wife:
Both families have brought civil claims against the then-Foreign Secretary Jack Straw, former MI6 counter-terror head Sir Mark Allen, and the UK Government for their kidnap. The al-Saadi family settled their civil claim in December 2012 for 2.2 million pounds; the Belhaj claim comes before the [UK] Supreme Court this year. A Metropolitan Police investigation into both kidnappings, Operation Lydd, is thought to be near conclusion
Whatever happens with those cases, the latest IPT judgment is another important step in forcing the UK government to acknowledge that its mass surveillance programs broke the law in numerous ways. Moreover, as Richard Stein, the lawyer who represented the families before the Tribunal, pointed out:
Today marks the end of GCHQ's standard boilerplate response that its activities are lawful, necessary and proportionate. GCHQ unlawfully spied on privileged legal communications for years, and the secret oversight mechanisms failed to stop it.
That alone would be reason enough to celebrate this decision. But the IPT's ruling is unsatisfactory in other respects:
The IPT made 'no determination' in favor of Mr Belhaj and his wife. The IPT can make 'no determination' either if there was no spying, or if the IPT finds that spying did take place but was lawful. But the couple may never know the precise reasons for the decision.
That's an indication that still more must be done to bring greater transparency and accountability to the UK's surveillance programs. Fortunately, as the UK government continues to lose the fight against legal challenges to its activities, it is being forced to move in that direction, albeit very slowly.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

11 Comments | Leave a Comment..

Posted on Techdirt - 30 April 2015 @ 1:09am

Crowdfunding Weaponized Drones In Ukraine

from the not-a-toy dept

Although it rarely makes it into the Western media these days, the bloody conflict between Russia and Ukraine continues to smoulder along a vague and shifting front. The lack of direct support from the West means that the Ukrainians have had to come up with other approaches to counter Russia's massive superiority in both technology and resources. According to a fascinating article in the Guardian, one way they are doing this is by using lost-cost drones, paid for by crowdfunding. One of Ukraine’s top IT outsourcing companies, Eleks, has been helping with the technical side:

Eleks, which is a private company based in both Ukraine and Nevada, pays healthy salaries. It allows staff to work on software and drone hardware projects that receive no government support or funding during work hours. They are doing this because, as their project manager, Ivan Dmytrasevych, told us, "We know we have to invest in the defence of our country. If our research works, and we can show the people that it works, then we will turn to crowdfunding to realise it."
Eleks is working on a number of drone projects. One is to help Ukrainian drones return to base automatically if signals are jammed by the Russians:
Ivan says that the Russian forces have highly advanced systems to jam and intercept Ukrainian drones, which can easily send them off course and into enemy hands. "They have $7m systems to jam drones that cost thousands of dollars,” he explains. "We just can’t match their resources." However, if they can slow down these types of losses, they can build up a useful force.
Another is to use drones to map Russian forces on the ground to provide coordinates for shelling:
"Just imagine that you take a map of some territory from Google Maps, and then your drone flies over the territory to take a picture. Artillery teams need exact coordinates from enemy positions shown on those images. Our software will help them get it instantly."
That's an indication that these crowdfunded drones are not just digital toys for the combatants, but designed to cause serious casualties in the real world. Indeed, they already have -- on the Ukrainian side, during attempts to construct drones that could drop bombs on the Russians. According to the Guardian report, some of the engineers were killed as they worked on this project:
Firstly, these were essentially homemade and potentially faulty bombs. Secondly, the fact that they were launching drones multiple times from the same position quickly exposed their location. From what I'd been told, a mortar or sniper attack was guaranteed at this point.
Those risks are unlikely to dissuade engineers from using these up-to-the-minute means to counter the huge disparity between the opposing forces, since the Ukrainians don't really have many other options.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

23 Comments | Leave a Comment..

Posted on Techdirt - 29 April 2015 @ 12:59am

UN Expert: Secret Trade Negotiations Are A 'Threat To Human Rights'

from the null-and-void dept

Here on Techdirt, we've had plenty of posts looking at the major trade agreements currently being negotiated. As we've noted, criticism of TPP and TAFTA/TTIP has come from many quarters, particularly for the corporate sovereignty provisions, which are seen as problematic both on the left and right wings of the political spectrum. Intellectual Property Watch carries a fascinating statement criticizing key aspects of trade negotiations, which looks at things from quite a different angle. It's written by Alfred de Zayas, who is the "Independent Expert on the promotion of a democratic and equitable international order" -- apparently an honorary and unpaid position. In his statement, he expresses:

his deep concern over the general lack of awareness on the adverse effects that existing, or under negotiations, bilateral and multilateral free trade and investment agreements have on the enjoyment of human rights in many countries, particularly in the developing world.
Specifically, he is concerned about the secrecy of trade talks, and the fact that key stakeholders like trade unions, environmental protection grups and health professionals are excluded -- something that we've commented on many times here on Techdirt. He also thinks that fast-tracking the adoption of treaties -- as is currently being attempted in the US -- has a "detrimental impact on the promotion of a democratic and equitable world order." That's because, as de Zayas puts it:
It is tantamount to disenfranchising the public and constitutes a violation to accepted human rights law, which stipulates that every citizen shall have the right and the opportunity to take part in the conduct of public affairs.
No surprise, then, that de Zayas has particular concerns about an area that is very familiar to Techdirt readers: corporate sovereignty.
I am especially worried about the impact that investor-state-arbitrations (ISDS) have already had and foreseeably will have on human rights, in particular the provision which allows investors to challenge domestic legislation and administrative decisions if these can potentially reduce their profits.


The establishment of parallel systems of dispute settlement and their exemption from scrutiny and appeal are incompatible with principles of constitutionality and the rule of law, and as such are harmful to the moral welfare of society ("contra bonos mores").
One intriguing point de Zayas makes is that since all nations are bound by the UN Charter, any treaties they negotiate must also conform to its provisions. Article 103 of that Charter states that if there is any conflict between a treaty and the UN Charter, it is the Charter that prevails. That has interesting implications for corporate sovereignty cases before ISDS tribunals:
Provisions of free trade and investment agreements as well as decisions of ISDS arbitrators must conform with the UN Charter and must not lead to a violation, erosion of or retrogression in human rights protection or compromise State sovereignty and the State’s fundamental obligation to ensure the human rights and well-being of all persons living under its jurisdiction. Agreements or arbitral decisions that violate international human rights law are null and void as incompatible with Article 103 of the UN Charter and contrary to international ordre public.
That's a great point, although it's a little hard to see it having much practical impact on the current negotiations. Unfortunately, the same might be said about the whole of de Zayas's statement, but it's certainly good to have his analysis here.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

20 Comments | Leave a Comment..

Posted on Techdirt - 28 April 2015 @ 1:15am

China's Top Mobile Company Complains About Counterfeits

from the delicious-irony dept

The rise of China has been predicted for a while now, and in the field of technology we are already seeing Chinese companies that are likely to have a global impact. One manifestation of that is the $25 billion US IPO of Alibaba -- roughly, China's equivalent of eBay, but much bigger -- which was the largest in history. Another is Xiaomi, only founded in 2010, but already shipping 61 million smartphones a year. Writing in the Guardian, Charles Arthur called it "China's Apple", although Apple’s head of design, Jonathan Ive, is not too enamored of the comparison:

when asked about the company last October [Ive] was blunt: he "didn’t see [the similarities in design] as flattery" and called the superficial similarity in appearance of Xiaomi's phones and software "theft" and "lazy".
Xiami is not shy about borrowing ideas from Samsung either:
Certainly it has mimicked some of its names: one of the new phones unveiled on Wednesday, a 5.7in device called the “Mi Note”, echoes the 5.7in Galaxy Note phablet range.
No surprise there, you might think, since China is (in)famous for its Shanzhai culture, even though that now goes well beyond producing cheap knock-offs of popular products. But given a tendency to draw on others for inspiration, the following news about Xiaomi, reported by Bloomberg, is nonetheless rather satisfying:
Sales of the company's Mi Power Bank battery pack for smartphones hit 14.6 million units last year, less than half what the total should have been, Chief Executive Officer Lei Jun said at a press conference at the company's headquarters in Beijing Thursday.

"What is the biggest problem? There are many fakes," Lei said. "If there were no counterfeits, our sales would be double or triple. The product has been recognized by everyone."
There is, of course, a delicious irony in that comment, but there's something else. It shows -- just as expected -- that China is recapitulating the early history of the US. Once, America too was a pirate nation, happy to, er, borrow ideas from Europe without worrying too much about asking or paying for permission. Now, of course, the US is the biggest fan of people owning ideas, and forcing others to pay for the privilege of building on them. The comments by Xiaomi's CEO show that China is following the same evolution. Put another way, it can only be a matter of time before Chinese companies regularly sue those in other parts of the world for "infringement" of their ideas, and the country replaces the US as the loudest cheerleader for longer copyright and patent terms, and harsher punishments for those who dare to ignore them.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

9 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2015 @ 3:48am

Senior Police Officer Suggests Companies Allowing People To Use Strong Crypto Are 'Friendly To Terrorists'

from the just-stop-whining dept

Last November, we ran through the list of senior law enforcement officers on both sides of the Atlantic who all came out with suspiciously similar whines about how strong crypto was turning the internet into a "dark and ungoverned" place. Judging by this story in Reuters, others want to join the choir:

Some technology and communication firms are helping militants avoid detection by developing systems that are "friendly to terrorists", Britain's top anti-terrorism police officer said on Tuesday.
That remark comes from Assistant Commissioner Mark Rowley, who is the UK's National Policing Lead for Counter-Terrorism, replacing Cressida Dick. Here's the problem according to Rowley:
"Some of the acceleration of technology, whether it's communications or other spheres, can be set up in different ways," Rowley told a conference in London.

"It can be set up in a way which is friendly to terrorists and helps them ... and creates challenges for law enforcement and intelligence agencies. Or it can be set up in a way which doesn't do that."
"Set up in a way which is friendly to terrorists and helps them" obviously means using strong crypto; "set up in a way which doesn't do that" therefore means with compromised crypto. Like his colleagues, Rowley too blames the current mistrust between the intelligence agencies and computer companies on Edward Snowden:
"Snowden has created an environment where some technology companies are less comfortable working with law reinforcement and intelligence agencies and the bad guys are better informed," Rowley told Reuters after his speech.
Well, no, actually. That "environment" has been created by the NSA and GCHQ working together to break into the main online services, and undermine key aspects of digital technology, with no thought for the collateral damage that ruining internet security might cause for the world. Rowley is also quoted as saying:
"We all love the benefit of the internet and all the rest of it, but we need [technology companies'] support in making sure that they're doing everything possible to stop their technology being exploited by terrorists. I'm saying that needs to be front and centre of their thinking and for some it is and some it isn't."
The technology is not being "exploited" by terrorists, it's being used by them, just as they use telephones or microwaves or washing machines. That's what those devices are there for. The idea that trying to make broken internet technologies should be "front and center" of technology companies' thinking bespeaks a complete contempt for their users.

This constant refrain about how awful strong crypto is, and how we must break it, is simply the intelligence services implicitly admitting that they find the idea of doing their job in a free society, where people are able to keep some messages private, too hard, so they would be really grateful if technology companies could just fall in line and make life easier by destroying privacy for everyone.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

69 Comments | Leave a Comment..

Posted on Techdirt - 24 April 2015 @ 9:14am

Japanese Court Orders Google To Remove Customer Reviews From Its Maps Service -- Globally

from the long-arm-of-the-law dept

The following story from Japan, reported by Techcrunch, might seem to be an everyday internet tale of privacy and freedom of speech interacting badly:

The Chiba District Court today issued a preliminary injunction forcing the U.S. internet company to remove two anonymous reviews for an undisclosed medical clinic in the country. While they document negative customer experiences at the clinic, neither review violates the policies that Google has in place for user generated content within the Maps service.
Nothing special there, you might think, but there's a sting in the tail:
The court ruled that Google not only removes the content in Japan, but across the entire globe too.
That's troubling, because it's yet another case of a local court asserting its right to affect what happens across the entire internet -- the best-known example being the EU's claim that its privacy regulations have to apply globally if they are to be effective. It's worrying to see a similar ruling from Japan, albeit only in a preliminary injunction, and one that Google is appealing against, because it risks normalizing that view, with serious consequences for the online world. Far from being a domain subject to no rules, as politicians love to claim, the internet would begin to turn into the one place that has to obey every country's laws.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

38 Comments | Leave a Comment..

Posted on Techdirt - 23 April 2015 @ 1:03am

Corporate Sovereignty Trumps National Laws; Here's How The US Thinks It Can Get Around That

from the ain't-gonna-work dept

For a while now, Techdirt has been writing about the extraordinary corporate sovereignty chapters in trade agreements that grant foreign companies far-reaching powers to sue a government simply for issuing regulations that impact their investments. Recently, there has been a textbook example of how the investor-state dispute settlement (ISDS) tribunals that adjudicate corporate sovereignty cases are literally a law unto themselves. A post on The Hill explains the background:

A company sought to develop a mining and marine terminal project in Canada, but it had to obtain approval from provincial and federal authorities. As part of that process, the company had to submit an environmental impact study (EIS) addressing the project’s potential impacts on the natural and human environment.
A panel of experts was appointed to review that study, and to issue a recommendation on whether the project should go ahead. The experts recommended against approval, partly on the basis that it would have been inconsistent with "core community values." As a result, the federal and provincial officials rejected the project. The company involved, Bilcon, appealed against that decision, but did so invoking NAFTA's corporate sovereignty provisions. The ISDS tribunal ruled that:
The advisory panel's consideration of "core community values" went beyond the panel’s duty to consider impacts on the "human environment" taking into account the local "economy, life style, social traditions, or quality of life." The arbitrators then proclaimed that the government's decision to reject Bilcon's proposed project based on the experts' recommendation was a violation of the NAFTA.
As The Hill article points out, that shouldn't have happened:
The parties to the NAFTA -- the United States, Canada and Mexico -- have all repeatedly clarified that ISDS is not meant to be a court of appeals sitting in judgment of domestic administrative or judicial decisions.
Nonetheless, the ISDS tribunal's lawyers ignored the clear intent of NAFTA's corporate sovereignty provisions, and issued their judgment dismissing local decisions following national laws. Because of the astonishing way that ISDS works, Canada can't even appeal. However, as the article in The Hill points out, the situation would have been even worse had the ISDS tribunal argued correctly:
It shows that ISDS stymies crucial evolution in domestic law. Under the tribunal's reasoning, a breach of international law arises when government officials interpret vague concepts such as the "human environment" or "socio-economic" impacts using principles or terms not expressly found in earlier decisions. Yet, particularly in common-law jurisdictions such as the US's, law develops in large part through new interpretations, adapting to changing circumstances and times. If this evolving process were indeed a breach of international law, the US should expect to face significant liability to foreign companies, especially as ISDS is included in new treaties with capital-exporting countries.
In fact, there is a first hint that the US government is well aware of these huge problems with corporate sovereignty provisions, and that it is already preparing for the day when it loses a major ISDS case. That hasn't happened so far in part because relatively few foreign companies covered by existing trade agreements with corporate sovereignty provisions have major investments in the US that would allow them to make claims. However, that will change dramatically if an ISDS chapter is included in the TTIP/TAFTA deal currently being negotiated. According to Public Citizen's calculations (pdf):
More than 3,400 parent corporations in EU nations own more than 24,200 subsidiaries in the United States, any one of which could provide the basis for an investor-state claim if TAFTA were to be enacted with ISDS.
That might explain a very interesting aspect of the Fast Track Bill released recently, as Sean M. Flynn, Associate Director, Program on Information Justice, and Intellectual Property Professorial Lecturer in Residence, American University Washington College of Law, explains:
The Trade Promotion Authority (TPA) bill that was released last week contains a fascinating Section 8 on "Sovereignty." The section appears intended to make all trade agreements with the U.S. not binding to the extent that they contradict any provision of U.S. law, current or future. If valid, the section would go a long way to calming fears in this country that new trade agreements, like the old ones, could be used by corporations or other countries to force the U.S. to alter domestic regulations.
However, Flynn then goes on to argue Section 8 actually has no effect in protecting US law, and that:
If Congress changes our law to be in violation of a treaty commitment, the only way to avoid liability for that change is to re-negotiate the applicable treaties to remove the confining language at issue.
That threat of being sued in international courts for non-compliance with treaties is precisely how corporations have used international agreements to force the signatories to strengthen protection for copyright and patents thanks to measures they themselves lobbied for, and to block any moves to change the law in favor of the public.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

34 Comments | Leave a Comment..

Posted on Techdirt - 22 April 2015 @ 1:02am

Welcome To The New League Of Leakers -- Courtesy Of Edward Snowden

from the courage-is-contagious dept

Whistleblowers are hardly a new phenomenon -- Wikipedia lists dozens of the more famous ones, going back to the 18th century. There have also been important government whistleblowers before -- people like Daniel Ellsberg, William Binney, Thomas Drake and John Kiriakou. Chelsea Manning's leak was on a huge scale, and garnered enormous media attention. And yet there is no doubt that it is Edward Snowden who has really changed the whistleblowing world most dramatically.

Because of what he leaked, and the way he leaked it -- the fact that he has evaded arrest, and is still free, even if living a somewhat circumscribed existence in Russia -- Snowden has ignited debates at multiple levels. As well as the obvious ones about surveillance, privacy, power and democracy, there's another one around whistleblowing itself, which has already had important knock-on effects. Evidence of that comes in an interesting post by Bruce Schneier, where he tots up the likely number of leakers that have recently started to provide information about the US intelligence community. Alongside Manning and Snowden, he thinks there are probably five more:

Leaker #3: The person who leaked secret documents to Jake Appelbaum, Laura Poitras and others in Germany: the Angela Merkel surveillance story, the TAO catalog, the X-KEYSCORE rules.


Leaker #4: "A source in the intelligence community," according to the Intercept, who leaked information about the Terrorist Screening Database, the "second leaker" from the movie Citizen Four


Leaker #5: Someone who is leaking CIA documents.


Leaker #6: The person who leaked secret information about WTO spying to The Intercept and the New Zealand Herald


Leaker #7: The person who just leaked secret information about the U.S. drone program to The Intercept and Speigel.
Schneier's post gives links for all those stories, as well as his reasons for thinking they are likely to be separate people (although he notes numbers 3 and 7 might be the same person.) As he concludes:
Way back in June 2013, Glenn Greenwald said that "courage is contagious." He seems to be correct.
It's almost as if people taking extremely high risks to leak important information about dubious activities by the US intelligence community has become normal. That's really pretty remarkable, and show just how big Snowden's impact has been.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

15 Comments | Leave a Comment..

Posted on Techdirt - 21 April 2015 @ 1:11am

Hosting Companies Threaten To Leave France Over (Yet Another) Surveillance Law. But Where Could They Go?

from the black-box dept

Back in December, we reported on how France sneakily enacted a controversial surveillance law on Christmas Eve, obviously hoping nobody would notice. Now the French government is quite brazenly saying last year's law didn't go far enough, and that it must bring in yet another surveillance law that is even more intrusive, and do it quickly with only minimal scrutiny. Here are just some of the problems with the new bill according to Human Rights Watch:

Serious flaws include expansive powers for the prime minister to authorize surveillance for purposes far beyond those recognized in international human rights law; lack of meaningful judicial oversight; requirements for private service providers to monitor and analyze user data and report suspicious patterns; prolonged retention periods for some captured data; and little public transparency.
That requirement for ISPs to install "black boxes" for algorithmic surveillance of "suspicious patterns" is particularly troubling:
The bill's requirement for service providers to install secret, unspecified, state-provided means of analyzing suspicious patterns -- for example, visits to websites advocating terrorism, or contacts with persons under investigation -- could potentially be applied to a virtually unlimited set of indicators, Human Rights Watch said.
Once these black boxes are in place, it can only be a matter of time before the copyright industry starts pushing to use them to detect copyright infringement. After all, it will doubtless point out, since the equipment will already be there, it wouldn't impose any further costs on service providers to carry out such scans. Who could possible object? Leading French Internet companies certainly do. As ZDNet reports, some are threatening to leave the country if the law is passed in its present form when it comes to the final vote on 5 May:
Seven companies, including web hosting and technology companies OVH, IDS, and Gandi have said in a letter to the French prime minister Manuel Valls that they will be pushed into de facto "exile" if the French government goes ahead with the "real-time capture of data" by its intelligence agencies.

The companies argued that being required by the law to install "black boxes" on their networks will "destroy a major segment of the economy," and if passed it will force them to "move our infrastructure, investments, and employees where our customers will want to work with us."
The companies say that between 30 to 40% of their turnover comes from customers outside France, attracted by the current framework's strong protection for online privacy (original in French.) It's a great gesture, but the question is: could the companies carry out their threat? After all, given the rush to introduce far-reaching surveillance laws in many other European countries, it's not clear where exactly those companies could go. Even Switzerland, that old standby, has its surveillance programs, and the risk is that it, too, will bring in measures like those of its neighbors.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

25 Comments | Leave a Comment..

Posted on Techdirt - 17 April 2015 @ 1:11am

Whistleblowers Urge UN To Strengthen Protection For Those Revealing Abuses

from the echoes-of-Snowden dept

Aside from the extraordinary information that he revealed about massive yet unsuspected surveillance programs, Edward Snowden has produced several other collateral benefits through his actions in 2013. For example, recently we learned that the DEA's phone tracking program was cancelled as a direct result of the revelations and the ensuing uproar. Other leakers have started to come forward, apparently inspired by his actions. And as the press has pored over Snowden's actions, it has become clear that support for government whistleblowers is woefully inadequate -- indeed, that they are regarded by the Obama administration pretty much as traitors.

More generally, the debate around Snowden has highlighted the important part that whistleblowers play in sustaining the rule of law and defending democracy. Now a group of whistleblowers has written a letter calling on the United Nations to recognize that role (pdf), and to improve protections within the organization (via Intellectual Property Watch):

As our experience shows, retaliation against whistleblowers affects the entire UN system and goes largely unchecked at all levels, including in the Executive suites. Some UN whistleblowers have been fired or demoted; others have been subject to more subtle forms of abuse like non-renewal of contracts or sudden transfer to duty stations on the other side of the globe; many face plain, simple harassment and intimidation.
The problems they have to deal with are very similar to those encountered by Snowden when he sought to use official channels to raise his concerns:
UN whistleblowers are forced to go through lengthy, and often expensive, internal appeal processes in which the burden of proof, as a practical matter, rests on the whistleblower to demonstrate retaliation (the usual standard in national systems requires the employer to justify their actions were not retaliatory).
As a result, they often end up taking the same route that he did:
Put simply, the UN system of justice fails whistleblowers, and most of us have been forced to leave the UN to save our livelihoods, our health and our reputations.
The letter's signatories go on to call for the UN to review whistleblower protection at the organization, and they make concrete suggestions on improving the lot of those revealing abuses, including recognizing that:
Whistleblower rights are human rights, which must be promoted and protected within the UN, as well as in affiliated specialized agencies and international organisations with immunity from national laws.
And extending whistleblower protections to:
UN peacekeepers, police officers, contractors, victims and any other person who provides information about misconduct that could undermine the organisation’s mission. The key to receiving protection should be the content of the information disclosed, not the identity of the person disclosing it.
Like much of the letter, that last point is applicable generally. It underlines the fact that a completely new framework for whistleblowers is required at every level, both nationally and internationally. The letter to the UN is part of an important move towards making that happen, in what could prove to be a key aspect of Snowden's long-term legacy.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

9 Comments | Leave a Comment..

Posted on Techdirt - 16 April 2015 @ 1:09am

Crowdsourcing The Human Telescope

from the great-spherical-insect-eye dept

One of the most interesting realizations in recent years is that done right, massive, open collaborations are not just an efficient way of working, but they scale in a way that can take us to entirely new levels. A good example -- and perhaps the first project to exploit this fact -- is Linux, which grew from a small bunch of hackers working together across the internet on some bedroom code into a global, distributed project that now dominates every sector of computing bar one (the desktop -- so far.)

The open source methodology has inspired all kinds of cognate projects in different fields, including that of citizen science, which pools the efforts of large numbers of people working with simple tools to produce important results that can be published in academic journals. The best-known example of this is Galaxy Zoo, which asks members of the public to help classify some of the millions of images taken as part of the Sloan Digital Sky Survey, many of them unseen by any human previously.

Adrian Bowyer, the man behind RepRap, an open-source project to construct a 3D printer that is capable of self-replicating -- that is, printing all of its parts -- has written a fascinating blog post about another application of citizen science. It involves hundreds of people taking a picture of the same patch of night-sky with their smartphones, and then uploading the digital image to the website of a BBC program, which coordinated the whole project. As Bowyer explains:

Each individual picture was just a black rectangle -- not enough starlight had gone through the lens to make an image that could be seen. But some had gone through, and registered in the camera's pixels as a slightly less-dark patch of black.
On its own, then, each image showed so little that it was impossible to make out anything. But this is what happens when you combine hundreds of them:
A computer first matched them up by making sure that the centres of the prominent stars were all in the same place, and then added up the slightly-less-black bits to make the picture. Of course the pixels in all the cameras were not in the same place relative to the stars, which means that each camera pixel could be split into thousands of final-image pixels, which gives the fabulous resolution
The resulting composite image (available as a 40 Mbyte tif file) looks like it was taken using a high-power telescope, and is a wonderful demonstration of how combining a large number of apparently insignificant contributions can create something unexpectedly impressive. Here's just part of the image:
Typically, Bowyer wants to take this striking example of open, distributed collaboration even further:
The human race is a species on which the stars never set. So let's make the Human Telescope. Set up a website to which anyone anywhere in the world can upload any sky images that they have taken with any digital camera, phone or telescope. The images will have a timestamp and a GPS location, and will be continually stacked by a computer in the background to give an exquisitely detailed evolving picture of the whole vault of the heavens.

The world would become a great spherical insect eye looking at every star, galaxy, planet and nebula all the time. We would be automatically finding comets, supernovae and near-Earth asteroids. We would never miss an astronomical trick.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

5 Comments | Leave a Comment..

Posted on Techdirt - 15 April 2015 @ 1:13am

UK Government Refuses To Reveal Job Title Or Salary Of Top Law Enforcement Officer Because Terrorism

from the oh,-come-on dept

As Techdirt has reported previously, the UK government is so reflexively secretive that it even refuses to confirm or deny information that it has previously confirmed. The Intercept reports on another absurd case of completely trivial requests for information being turned down because "terrorism". It's refusing to reveal either the job title or salary of Cressida Dick, a top government official in some apparently mysterious role:

The British government is refusing to disclose the job title and taxpayer-funded salary of one of the most senior law enforcement officials in the United Kingdom, claiming the details have to be kept a secret for security reasons.

Cressida Dick (pictured above) was formerly one of the highest ranking officers at London’s Metropolitan Police, the largest police force in the U.K., where she headed the Specialist Operations unit and oversaw a controversial criminal investigation into journalists who reported on Edward Snowden’s leaked documents.

In December, Dick announced she was leaving the London police to take up a top job with the government’s Foreign Office. But her new role is being shrouded in intense secrecy.
It's just about theoretically possible that the job title could reveal operational details of the role in question -- something along the lines of "Head of Department Trying To Use Man-In-Middle Attacks To Spy On Google Users in the Middle East" -- but only if that job title were extremely ill-chosen. Moreover, the British civil service has centuries of experience in coming up with grand-sounding but totally meaningless job titles, so it's hard to believe that for the first time in its glorious history it was really stumped, and had to resort to literalism. Refusing to release details of the salary attached to the position is even more ridiculous -- unless, of course, UK officials are required to use their secret stipend's digits as a password to access government systems.

All that the UK government achieves by refusing to release this information is that it comes across as risible and petty, ridiculously focused on controlling unimportant details, instead of concentrating on what really matters. Things like respecting the public's desire to know how its taxes are being spent, rather than dismissing it as if it were an impertinent question from a tedious child.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

22 Comments | Leave a Comment..

Posted on Techdirt - 14 April 2015 @ 1:15am

Another Reason To Deploy Encryption Widely: Spiking China's 'Great Cannon' Attack

from the reasons-to-be-crypto dept

A couple of weeks ago, Mike provided an in-depth analysis of China's new tactic in its longstanding efforts to restrict access by its population to material that challenges the official narrative. This powerful DDoS attack has now been dubbed "China's Great Cannon" by researchers in a fascinating analysis published by The Citizen Lab. As Mike pointed out, one reason why this new approach has been developed is that it is not possible to block individual URLs when HTTPS traffic is involved. Thus, ironically, the increased use of encryption -- which is meant to protect users online -- led to the development of a powerful new digital weapon that potentially makes them not just victims, but even part of the attack. However, encryption is also a remedy, as The Citizen Lab researchers write:

Our findings in China add another documented case to at least two other known instances of governments tampering with unencrypted Internet traffic to control information or launch attacks -- the other two being the use of QUANTUM by the US NSA and UK’s GCHQ. In addition, product literature from two companies, FinFisher and Hacking Team, indicate that they sell similar "attack from the Internet" tools to governments around the world. These latest findings emphasize the urgency of replacing legacy web protocols, like HTTP, with their cryptographically strong versions, like HTTPS.
However, the remedy is only partial. Writing on his blog, Brian Krebs quotes Bill Marczak, one of the lead authors of the Great Cannon report, as saying:
Relying on an always-on encryption strategy is not a foolproof counter to this attack, because plug-ins like https-everywhere will still serve regular unencrypted content when Web sites refuse to or don't offer the same content over an encrypted connection. What's more, many Web sites draw content from a variety of sources online, meaning that the Great Cannon attack could succeed merely by drawing on resources provided by online ad networks that serve ads on a variety of Web sites from a dizzying array of sources. "Some of the scripts being injected in this attack are from online ad networks," Marczak said. “But certainly this kind of attack suggests a far more aggressive use of https where available."
This confirms that encryption is no panacea, but is certainly worth deploying. The fact that it can make China's Great Cannon attacks harder, if not impossible, should also give pause to government officials around the world as they try to demonize encryption and call for it to be weakened or even banned.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

18 Comments | Leave a Comment..

Posted on Techdirt - 13 April 2015 @ 3:56am

Latest Russian Censorship Move: Banning Internet Memes Using Photos Of Celebrities

from the just-putin-it-out-there dept

For a while now, Techdirt has been tracking the continuing efforts of the Russian government to rein in the Internet, at the cost of squeezing much of the life out of it. As an article on Global Voices reports, this has now reached ridiculous levels:

Russian censors have determined that one of the most popular forms of Internet meme is illegal. According to Roskomnadzor, the Kremlin's media watchdog, it's now against the law to use celebrities' photographs in a meme, "when the image has nothing to do with the celebrity's personality."
Roskomnadzor's statement is the result of a decision by a court in Moscow, which decided that a particular photo meme violated the privacy of Russian singer Valeri Syutkin -- the Global Voices post has the fascinating details. Although no new law is involved, Roskomnadzor's power is such that it is able to make these kinds of rule changes -- and enforce them. Along with a ban on the use of celebrities' photographs in what are termed "image macros," the new ruling also forbids the creation of parody accounts or sites (original in Russian.) The key problem with the image macro part is the following:
Roskomnadzor's vague new policy threatens to do more than crack down on potentially defamatory juxtaposition, however. By saying it is illegal to add celebrities' images to memes that "have nothing to do with the celebrity's personality," the Kremlin could be opening the door to banning a whole genre of absurdist online humor.
Even if the policy is not rigorously enforced, it could have a chilling effect on the Russian online space, already under pressure because of previous censorship moves. And that's probably precisely what the authorities are seeking to achieve here. After all, when it comes to Russian celebrities' photographs with witty captions, what name springs to mind?

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

20 Comments | Leave a Comment..

Posted on Techdirt - 9 April 2015 @ 1:07am

EU Politicians Say: Don't Undermine Data Protection Rules With TAFTA/TTIP -- And Stop The Mass Surveillance

from the you-have-been-warned dept

The mosaic of interlocking political, economic and civil society groups at multiple levels -- local, national, regional and continental -- makes decision-making within the European Union extremely complex. That means the European Parliament's decision whether or not to ratify TAFTA/TTIP at the end of the negotiations is subject to a vast array of contrasting forces and opinions, which can lead to the outcome of that final vote shifting dramatically in a very short space of time, as the ACTA saga demonstrated so clearly.

The European Parliament's committees play a key role in determining policy, and one of the most important -- for civil liberties -- has just formally adopted an "opinion" on TAFTA/TTIP that will feed into the final position of European politicians. It re-iterates many of the points the committee made last year, and places great emphasis on protecting the personal data of Europeans:

The European Commission should incorporate in the Transatlantic Trade and Investment Partnership (TTIP), as a key priority, an unambiguous horizontal self-standing provision that "fully exempts the existing and future EU legal framework on the protection of personal data from the agreement", says the Civil Liberties Committee in its TTIP opinion adopted on Tuesday.
That "horizontal provision" basically means across the entire agreement, and not just in certain chapters. To achieve that, the Civil Liberties MEPs call on the Commission:
to incorporate, as a key priority, "a comprehensive and unambiguous horizontal self-standing provision based on Article XIV of the GATS [general exceptions] that fully exempts the existing and future EU legal framework on the protection of personal data from the agreement, without any condition that it must be consistent with other parts of the TTIP".
Article XIV of the General Agreement on Trade in Services (GATS) says:
Subject to the requirement that such measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between countries where like conditions prevail, or a disguised restriction on trade in services, nothing in this Agreement shall be construed to prevent the adoption or enforcement by any Member of measures:


(c) necessary to secure compliance with laws or regulations which are not inconsistent with the provisions of this Agreement including those relating to:


(ii) the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts;
The Committee points out that this threat to data protection is present not only in TTIP, but also in TISA, as Techdirt has discussed before:
Ongoing negotiations on international trade agreements, such as TTIP and the Trade in Services Agreement (TiSA), also touch upon international data flows, while excluding privacy and data protection entirely, which will be discussed in parallel track within the framework of the US-EU Safe Harbor and the data protection "umbrella agreement".
Safe Harbor, as we've noted, is major point of contention between the US and EU. Another, of course, is the mass surveillance revealed by Edward Snowden, and the Civil Liberties Committee is not shy about mentioning that, too:
The negotiators should keep in mind that that the consent of the European Parliament to the final TTIP agreement "could be endangered as long as the blanket mass surveillance activities are not completely abandoned and an adequate solution is found for the data privacy rights of EU citizens, including administrative and judicial redress", MEPs say
This is only one committee, albeit a key one. But at the very least it gives an indication of some of the serious issues that will be raised if and when it comes to a vote on ratifying TAFTA/TTIP -- and of the difficulty of gaining enough support among MEPs to do so.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

2 Comments | Leave a Comment..

Posted on Techdirt - 8 April 2015 @ 1:08am

Is It Acceptable For Academics To Pay For Privatized, Expedited Peer Review?

from the bumps-along-the-way dept

Academic publishing is going through a turbulent time, not least because of the rise of open access, which disrupts the traditional model in key ways. But in one respect, open access is just like the old-style academic publishing it is replacing: it generally employs peer review to decide whether papers should be accepted, although there are some moves to open up peer review too. As this story from Science makes clear, commercial publishers are innovating here as well, although not always in ways that academics like:

An editor of Scientific Reports, one of Nature Publishing Group's (NPG's) open-access journals, has resigned in a very public protest of NPG's recent decision to allow authors to pay money to expedite peer review of their submitted papers.
According to the Science article, there are now several companies making millions of dollars from this kind of privatized, expedited peer review. Here's more about Research Square, the one employed by NPG:
"We have about 100 employees with Ph.D.s,” says Research Square’s CEO, Shashi Mudunuri. That small army of editors recruits scientists around the world as reviewers, guiding the papers through the review process. The reviewers get paid $100 for each completed review. The review process itself is also streamlined, using an online "scorecard" instead of the traditional approach of comments, questions, and suggestions.
Authors pay $750 to NPG, and are guaranteed a review within three weeks or they get their money back. Research Square seems to be flourishing:
So far, Mudunuri says, the company has about 1400 active reviewers who have scored 920 papers. The company pulled in $20 million in revenue last year.
Still, the question has to be whether this leads to key benefits of the peer review process being lost. After all, the system is not just about accepting or rejecting papers. The NPG editor who resigned, Professor Mark Maslin, is quoted as saying:
"Deep consideration and a well thought out review is much more important than its speed. I have had brilliant reviews which have considerably improved my papers and I really appreciated all the time taken."
The other issue is that the expedited, paid-for route is discriminatory:
"My objections are that it sets up a two-tiered system and instead of the best science being published in a timely fashion it will further shift the balance to well-funded labs and groups," Mark Maslin, a biogeographer at University College London, tells ScienceInsider. "Academic Publishing is going through a revolution and we should expect some bumps along the way. This was just one that I felt I could not accept."
Follow me @glynmoody on Twitter or, and +glynmoody on Google+

26 Comments | Leave a Comment..

Posted on Techdirt - 7 April 2015 @ 1:13am

Should People Be Told Key Results Of Genetic Tests They Never Took?

from the ethical-dilemmas dept

The population of Iceland is unusual in a number of ways. Icelanders are descendants from a relatively small group of early settlers that remained isolated for hundreds of years. They have unmatched genealogical records that allow the family tree of many Icelanders to be traced back a thousand years, and thus for familial interrelationships on the island to be established with unprecedented completeness. Put those together, and you have a population that offers unique advantages for studying human genetics. That fact led to the founding of the Icelandic company Decode, which was set up in the hope that it would be possible to use Iceland's population to pinpoint genes associated with medical conditions, and then come up with new ways of diagnosing, treating and preventing them.

That didn't work out, and in 2012, Decode was bought by Amgen. But technology has advanced hugely since Decode's founding in 1996. The cost of sequencing the human genome has fallen dramatically, allowing the DNA of thousands of people to be compared -- something prohibitively expensive 20 years ago. The New York Times reports on research by Decode that has resulted in the sequencing of the genomes of 2,636 Icelanders, the largest collection ever analyzed in a single human population. Because of the completeness of Iceland's genealogical records, Decode's scientists were able to do something rather remarkable: work out the full genomes of another 100,000 Icelanders, a third of the entire country, without collecting any of their DNA.

With a technique called imputation, the researchers say they are able to ascertain the full genomes of people they have not even examined. Dr. Stefansson said that means that his firm could generate a report for genetic disease on every person in Iceland.
Once those "imputed" genomes have been constructed using computers, they can be interrogated in novel ways:
With the push of a button, for instance, the firm can identify every person with the well-known BRCA2 mutation, which dramatically raises the risk of breast and ovarian cancer -- even if they have not submitted to genetic testing themselves.

Currently, that information is withheld from Icelanders, but Dr. Stefansson hopes that the government will change its policy. “It’s a crime not to approach these people,” he said.
That raises an interesting ethical question. Should people who have never had their genome sequenced be told the results of this kind of computer-based analysis? Although the Icelandic case might seem unique, it is only a matter of time before sequencing costs fall so far that millions, rather than thousands of individuals can be sequenced within a population. And the more genomes that are available, the more imputed genomes that can be calculated, making the ethical dilemmas faced in Iceland something that people in other countries will soon have to confront too.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

29 Comments | Leave a Comment..

Posted on Techdirt - 3 April 2015 @ 9:49am

Australian Politicians Create An Exemption From Data Retention Laws For Themselves... Or Not, Because We Got Fooled

from the not-thinking-it-through dept

Update: Or not. Turns out this was an April Fool's joke that Glyn missed. So, congrats, Crikey, on fooling our most careful writer...

Now that the completely disproportionate data retention law has been rushed through the Australian Parliament, politicians are suddenly realizing that their metadata will be collected too. And so, as was perhaps inevitable, they have asked for an exemption, as reported here by Crikey:

An in-camera meeting of the high-powered Joint Committee on Intelligence and Security last week agreed to task the Department of Defence's signals intelligence arm, the Australian Signals Directorate, and the new Australian Cyber Security Centre with ensuring politicians' metadata is not captured by the government's new data retention regime while they are at work in [the Australian capital] Canberra.
The argument was that:
given Parliament House is supposed to be the centre of Australian democracy, they shouldn't be, you know, tracked while at work there
Well, many people would argue that they shouldn't be tracked either, but obviously politicians are special. It seems that there were two options for achieving this carve-out. One required officials personally identifying and deleting the metadata of politicians, staffers and senior public servants -- a manual process aptly dubbed "handwashing". The other, cheaper, approach -- the one chosen -- was simply to remove metadata from all communications generated within Australia's Parliament House.

Problem solved -- except that some 680,000 visitors enter the building annually, and while they are there, their metadata will not be collected either. Ironically, then, the new exemption for politicians from a scheme allegedly to help the fight against terrorism and crime will turn Parliament House into the perfect location for plotting precisely those things in relative safety.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

12 Comments | Leave a Comment..

Posted on Techdirt - 3 April 2015 @ 1:00am

Immovable North Korean Authoritarianism Meets Irresistible Moore's Law: Which Wins?

from the I-know-who-I'm-backing dept

North Korea has become a by-word for oppressive tyranny and technological backwardness. But Reuters reports on an interesting development that may begin to chip away at both:

A $50 portable media player is providing many North Koreans a window to the outside world despite the government's efforts to keep its people isolated -- a symbol of change in one of the world's most repressed societies.

By some estimates, up to half of all urban North Korean households have an easily concealed "notel", a small portable media player used to watch DVDs or content stored on USB sticks that can be easily smuggled into the country and passed hand to hand.

People are exchanging South Korean soaps, pop music, Hollywood films and news programs, all of which are expressly prohibited by the Pyongyang regime, according to North Korean defectors, activists and recent visitors to the isolated country.
The Reuters story reports that the device has become so popular that the North Korean government felt obliged to legalize the "notel" -- but with the requirement that they had to be registered. These versions must be fixed to official state television and radio channels, but the smuggled models are more versatile:
The low-voltage notel differs from the portable DVD players of the late 1990s in that they have USB and SD card ports, and a built-in TV and radio tuner. They can also be charged with a car battery -- an essential piece of household equipment in electricity-scarce North Korea.
The dual media capability means a North Korean DVD can be inserted while watching smuggled, forbidden content from South Korea on a USB stick, which can be quickly removed if the authorities turn up to conduct a check on a household.

A key factor driving the uptake of these new devices is Moore's Law. This has pushed down the price of the components used in the notel box to the point where even North Koreans, with their rising, but still very limited disposable incomes, can afford them. It has increased the capacities of USBs and SD cards such that several film-length videos can be stored on devices that are very easy to hide at short notice. That means it only requires one copy of a South Korean film -- or other, even more subversive material -- to enter North Korea, and it can be copied and passed around on a scale that makes stopping it almost impossible for the authorities. It will be fascinating to watch the social and political ramifications of this silent struggle between tyranny and technology.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

11 Comments | Leave a Comment..

More posts from Glyn Moody >>