Glyn Moody’s Techdirt Profile


About Glyn MoodyTechdirt Insider

Posted on Techdirt - 21 May 2018 @ 3:37am

Report Confirms Deep Flaws Of Automated Facial Recognition Software In The UK, Warns Its Use In The US Is Spreading

from the mind-the-step-change dept

Techdirt has written many stories about facial recognition systems. But there's a step-change taking place in this area at the moment. The authorities are moving from comparing single images with database holdings, to completely automated scanning of crowds to obtain and analyze huge numbers of facial images in real time. Recently, Tim Cushing described the ridiculously high level of false positives South Wales Police had encountered during its use of automated facial recognition software. Before that, a post noted a similarly unacceptable failure rate of automated systems used by the Metropolitan Police in London last year.

Now Big Brother Watch has produced a report bringing together everything we know about the use by UK police of automated facial recognition software (pdf), and its deep flaws. The report supplements that information with analyses of the legal and human rights framework for such systems, and points out that facial recognition algorithms often disproportionately misidentify minority ethnic groups and women.

The UK situation is fairly well known. There's been less coverage of automated facial recognition systems in the US, and the Big Brother Report offers some comments from experts about what is happening there. For example, Clare Garvie from the Georgetown Law Center on Privacy and Technology, writes:

Face recognition surveillance -- identifying people in real-time from live video feeds -- risks being an imminent reality for many Americans. Are we comfortable with a society where face recognition allows police to identify anyone with a driver’s license, without suspicion or consent? Are we comfortable with a society where the government can find anyone, at any time, by continuously scanning the faces of people on the sidewalk? Face recognition fundamentally changes the nature of privacy in public spaces. As government agencies themselves have cautioned, face recognition surveillance 'has the potential to make people feel extremely uncomfortable, cause people to alter their behaviour, and lead to self-censorship and inhibition,' chilling the exercise of the rights protected under the First Amendment and calling into question the scope of protections offered by the Fourth Amendment.

Alongside its report, Big Brother Watch has launched the "Face Off" campaign calling for the UK public authorities to stop using automated facial recognition software with surveillance cameras, and to remove the thousands of images of unconvicted individuals from the UK's Police National Database. Given the UK authorities' world-famous love of CCTV and surveillance, it's unlikely they will take much notice.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

53 Comments | Leave a Comment..

Posted on Techdirt - 8 May 2018 @ 9:08pm

New Report Shines Much-Needed Light On Shadow Libraries Around The World

from the another-reason-to-defend-privacy-and-anonymity-online dept

Techdirt readers with long memories may recall a post back in 2011 about a 440-page report entitled "Media Piracy in Emerging Economies." As Mike wrote then, this detailed study effectively debunked the entire foundation of US attempts to impose maximalist copyright regimes on other countries. That report was edited by Joe Karaganis, who has put together another collection of articles, called "Shadow Libraries: Access to Knowledge in Global Higher Education", that are also likely to be of interest to Techdirt readers. As Karaganis writes in his introduction:

To a large extent, our work on Shadow Libraries started where Media Piracy ended, with the confirmation that the main factors underlying high rates of piracy in the developing world were the obvious ones: high prices for legal media, low incomes, and the continued diffusion of cheap copying technologies.

Unsurprisingly, Karaganis takes Sci-Hub as the emblematic "shadow library":

As everyone from [Sci-Hub's creator] Elbakyan to Elsevier knew, however, Sci-Hub's importance was not its permanence as a service but its status as a proof of concept. Its core archive of fifty million articles was freely available and its basic search and archive features easily replicated.


If Elbakyan's story has struck a chord, it is in part because it brings this contradiction in the academic project into sharp relief -- universalist in principle and unequal in practice. Shadow Libraries is a study of that tension in the digital era.

The rest of the 321 pages explores how that tension -- between striving for free and frictionless access to all human knowledge and the copyright industry's attempts to turn learning into a luxury product -- is playing out in eight different countries. Techdirt has covered many of the stories -- for example, those in Russia, India and Argentina. But the report fleshes out the bare facts previously reported here, and provides far more context and analysis. The detailed history of Library Genesis, a precursor to Sci-Hub in Russia, is particularly fascinating. For other countries such as South Africa, Poland, Brazil and Uruguay, the new studies offer insights into regions rarely discussed in the West, and provide good starting points for deeper understanding of those countries. As Karaganis notes, the new study is a transitional one:

catching the moment of widespread digitization of materials and related infrastructure but not yet the digitization of the wider teaching, learning, and research ecosystem, and not the stabilization of legal models and frameworks that can keep pace with the growth of higher education and the global scale of emerging knowledge communities.

Importantly, though, the underlying dynamics of sharing knowledge are the same as those driving the unauthorized distribution of media materials, discussed in the 2011 study:

this informal copy culture is shaped by high prices, low incomes, and cheap technology -- and only in very limited ways by copyright enforcement. As long as the Internet remains "open" in the sense of affording privacy and anonymity, shadow libraries, large and small, will remain powerful facts of educational life. As in the case of music and movies, we think the language of crisis serves this discussion poorly. This is an era of radical abundance of scholarship, instructional materials, and educational opportunity. The rest is politics.

Those are points we've made here on Techdirt many times before. We are enjoying an era of unprecedented digital abundance, which the copyright industries are fighting to shut down in order to preserve their outdated business models based on scarcity. One way they try to do that is to attack the Internet's openness by striving to weaken privacy and anonymity online, regardless of the collateral harm this causes. The importance of shadow libraries in global higher education is another reason to resist that.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 7 May 2018 @ 9:24am

Irish Judge Slaps Down Facebook's Attempt To Halt EU's Top Court Examining The Legality Of Sending Personal Data To US

from the unquantifiable-and-incapable-of-being-remedied dept

A few weeks ago, we wrote about the Irish High Court referring to the EU's highest court, the Court of Justice of the European Union (CJEU), eleven questions concerning the legality of personal data transfer across the Atlantic.The questions were prompted by a case brought by the privacy expert Max Schrems challenging Facebook's data transfers. When the Irish High Court judge indicated that she intended to make an order for a so-called "preliminary ruling" by the CJEU -- that is, one which addresses the fundamental legal questions raised by the case -- Facebook applied for a stay in order to appeal against the judge's decision at other, higher Irish courts. That's hardly surprising: Facebook's business model depends on being able to move sensitive user data around as it wishes. If both Privacy Shield and the "Standard Contractual Clauses" (SCCs) are ruled illegal, then Facebook -- and many other companies -- will have big problems. Given the danger, it's no wonder that Facebook is trying everything it can to prevent the CJEU from answering those questions.

Considering Facebook's application, the same High Court judge who had made the reference to the CJEU explained that in her view (pdf) there is no right to appeal against that request for clarification under Irish law. However, she went on to consider what the relative harms to each party would be if she were in fact wrong on this matter, and came down firmly in favor of Schrems:

In my opinion, the very real prejudice is potentially suffered by Mr. Schrems and the millions of EU data subjects if the matter is further delayed by a stay as sought in this case. Their potential loss is unquantifiable and incapable of being remedied.

The High Court judge also tackled Facebook's main argument why the reference to the CJEU should be put on hold: because the EU's new General Data Protection Regulation (GDPR) was about to be enforced, and that would change the legal context dramatically. However, the judge was having none of this, not least because Facebook was trying to introduce a completely new argument at this very late stage of the legal process. As she wrote in her judgment:

The fact that the point is only now being raised gives rise to considerable concern as to the conduct of the case by Facebook and the manner in which it has dealt with the court.

This is the judge's polite way of saying that Facebook's behavior is bloody outrageous. She goes on:

Clearly the existing delays have already potentially gravely prejudice[d] the [Irish Data Protection Commissioner] and Mr. Schrems. I do not propose to exacerbate this potential prejudice any further. If I had been prepared to grant a limited stay on the order of reference to allow for an application to be made to the [Irish] Supreme Court for leave to appeal, I am firmly of the view that this argument clearly weighs against the grant of any stay in the circumstances.

I am of the opinion that the court will cause the least injustice if it refuses any stay and delivers the reference immediately to the [EU] Court of Justice. I so order.

That's a "no", then...

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

2 Comments | Leave a Comment..

Posted on Techdirt - 2 May 2018 @ 8:05pm

Thousands Of Academics Pledge To Boycott Springer's New Machine Learning Title In Support Of Long-Established Open Access Journal

from the if-it-ain't-broke,-and-it's-free,-don't-fix-it dept

Among Techdirt's many stories chronicling the (slow) rise of open access publishing, a number have been about dramatic action taken by researchers to protest against traditional publishers and their exploitative business model. For example, in 2012, a boycott of the leading publisher Elsevier was organized to protest against its high journal prices and its support for the now long-forgotten Research Works Act. In 2015, the editors and editorial board of the Elsevier title Lingua resigned in order to start up their own open access journal. Now we have another boycott, this time as a reaction against the launch of the for-profit Nature Machine Intelligence, from the German publishing giant Springer. Thousands of academics in the field have added their names to a statement about the new title expressing their concerns:

the following list of researchers hereby state that they will not submit to, review, or edit for this new journal.

We see no role for closed access or author-fee publication in the future of machine learning research and believe the adoption of this new journal as an outlet of record for the machine learning community would be a retrograde step. In contrast, we would welcome new zero-cost open access journals and conferences in artificial intelligence and machine learning.

The contact person for the statement is Thomas G. Dietterich, Distinguished Professor (Emeritus) and Director of Intelligent Systems at Oregon State University. He has a long history of supporting open access. In 2001, he was one of 40 signatories to another statement. It announced their resignation from the editorial board of the Machine Learning Journal (MLJ), which was not open access, and their support for the Journal of Machine Learning Research (JMLR), launched in 2000, which was open access. As they wrote:

our resignation from the editorial board of MLJ reflects our belief that journals should principally serve the needs of the intellectual community, in particular by providing the immediate and universal access to journal articles that modern technology supports, and doing so at a cost that excludes no one. We are excited about JMLR, which provides this access and does so unconditionally. We feel that JMLR provides an ideal vehicle to support the near-term and long-term evolution of the field of machine learning and to serve as the flagship journal for the field.

That confidence seems to have been justified. JMLR is now up to its 18th volume, and is flourishing. It is "zero cost" open access -- it makes no charge either to read or to be published if a paper is accepted by the editors. The last thing this minimalist operation needs is a rival title from a well-funded publisher able to pour money into its new launch in order to attract authors and take over the market. Hence the current boycott of Nature Machine Intelligence, and the call for "new zero-cost open access journals and conferences in artificial intelligence and machine learning" instead.

As to why Springer decided to announce a competitor to a well-established, and well-respected journal, an article in The Next Web points out that the German publishing company is about to offer shares worth up to €1.6 billion (around $1.95 billion) in its imminent IPO. A new journal covering the super-hot areas of AI, machine learning and robotics is just the sort of thing to help give the share price a boost. And when there's serious money to be made, who cares about the collateral damage to a much-loved open access title running on a shoestring?

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

7 Comments | Leave a Comment..

Posted on Techdirt - 1 May 2018 @ 10:42am

Germany's Supreme Court Confirms That Adblocking Is Legal, In Sixth Consecutive Defeat For Publishers

from the never-gonna-give-you-up dept

Adblocking is something that many people feel strongly about, as the large number of comments on previous posts dealing with the topic indicates. Publishers, too, have strong feelings here, including the belief that they have a right to make people view the ads they carry on their sites. (Techdirt, of course, has a rather different position.) In Germany, publishers have sued the makers of AdBlock Plus no less than five times -- and lost every case. It will not surprise Techdirt readers to learn that those persistent defeats did not stop the German media publishing giant Axel Springer from trying yet again, at Germany's Supreme Court. It has just lost. As Adblock Plus explains in a justifiably triumphant blog post:

This ruling confirms -- just as the regional courts in Munich and Hamburg stated previously -- that people have the right in Germany to block ads. This case had already been tried in the Cologne Regional Court, then in the Regional Court of Appeals, also in Cologne -- with similar results. It also confirms that Adblock Plus can use a whitelist to allow certain acceptable ads through.

Reuters notes that Springer's case was just the first of five against Adblock Plus to reach the Supreme Court in Germany, although the others are presumably moot in the light of this definitive decision. However, that does not mean Springer is giving up. There remains one final option:

Springer said it would appeal to the [German] Constitutional Court on the grounds that adblockers violated press freedom by disrupting online media and their financial viability.

Yes, that's right: if you are using an adblocker, you are a bad person, who hates press freedom....

Follow me @glynmoody on Twitter or, and +glynmoody on Google+.

34 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2018 @ 10:42am

Innocent Man Charged With Murder Because His DNA Was Found On The Fingernails Of Victim, Whom He Had Never Met

from the DNA-is-formidable,-not-infallible dept

The forensic use of DNA is rightly regarded as one of the most reliable ways of establishing the identity of someone who was present at a crime scene. As technology has advanced, it is possible to use extremely small traces of genetic material to identify people. One possibility that has so far received little attention is that the DNA of someone might be transferred accidentally to a murder victim's body, say, even though the former person had absolutely nothing to do with the latter's death, and maybe had never even met him or her. The Marshall Project has a fascinating and important report on just such a case.

Back in 2012, a group of men broke into the Silicon Valley home of a 66-year-old investor, tied him up, blindfolded him, and gagged him with duct tape. The duct tape caused him to suffocate, turning a robbery into a murder. Some DNA found on the victim's fingernails matched that of a homeless man, who was well-known to local police. It seemed an open-and-shut case -- even the alleged murderer, who had memory problems, admitted he might have done it, given this apparently incontrovertible proof. Fortunately, his lawyer was diligent in checking everything about her client in the hope of at least mitigating his punishment. As she examined his medical records, she discovered the following:

The medical records showed that [the accused] Anderson was also a regular in county hospitals. Most recently, he had arrived in an ambulance to Valley Medical Center, where he was declared inebriated nearly to the point of unconsciousness. Blood alcohol tests indicated he had consumed the equivalent of 21 beers. He spent the night detoxing. The next morning he was discharged, somewhat more sober.

That night her client had been in hospital was when the murder had been committed. Further research confirmed that he could not have been on the crime scene, and also that he had never met the victim. The question then became: how had his DNA -- for there was no doubt it was his -- ended up on the fingernails of a murdered man?

The connection was found in the paramedics who had responded to the discovery of the murder victim. It turned out that earlier that day they had taken the innocent man accused of the murder to Valley Medical Center after he had collapsed drunk in a supermarket. Somehow, improbable as it might seem, they had transferred his DNA onto the murder victim, where it was later discovered by the forensic scientists.

The Marshall Project article goes into much more detail about the case and the history of using DNA to solve crimes -- it's well-worth reading. It highlights two crucial facts that need to be taken into account when DNA is used as evidence, especially for serious crimes carrying heavy penalties. One is that we all leave our DNA everywhere:

An average person may shed upward of 50 million skin cells a day. Attorney Erin Murphy, author of "Inside the Cell," a book about forensic DNA, has calculated that in two minutes the average person sheds enough skin cells to cover a football field. We also spew saliva, which is packed with DNA. If we stand still and talk for 30 seconds, our DNA may be found more than a yard away. With a forceful sneeze, it might land on a nearby wall.

To find out the prevalence of DNA in the world, a group of Dutch researchers tested 105 public items -- escalator rails, public toilet door handles, shopping basket handles, coins. Ninety-one percent bore human DNA, sometimes from half a dozen people. Even items intimate to us -- the armpits of our shirts, say -- can bear other people's DNA, they found.

The other fact is that contamination of key DNA samples by those investigating a crime is the rule, not the exception:

A 2016 study by Gill, the British forensic researcher, found DNA on three-quarters of crime scene tools he tested, including cameras, measuring tapes, and gloves. Those items can pick up DNA at one scene and move it to the next.

Once it arrives in the lab, the risk continues: One set of researchers found stray DNA in even the cleanest parts of their lab. Worried that the very case files they worked on could be a source of contamination, they tested 20. Seventy-five percent held the DNA of people who hadn't handled the file.

As the article emphasizes, DNA is indeed an incredibly powerful forensic tool, which has helped convict the guilty, as well as exonerate the innocent. But it is not infallible. The question is: how many other people have been wrongly charged, convicted and punished because of stray DNA?

Follow me @glynmoody on Twitter or, and +glynmoody on Google+.

20 Comments | Leave a Comment..

Posted on Techdirt - 24 April 2018 @ 7:43pm

Want To Blog In Tanzania, Or Read Social Media In Uganda? Pay The Government, Please

from the consequences-of-lugambo dept

Although blogging may have lost its early excitement for many, in some countries it still represents a vital channel for news that may not be available elsewhere. For example, as Global Voices explains:

Blogging emerged in Tanzania around 2007 and became popular as an alternative news platform with educated, middle class people, as well as politicians and political parties. In Tanzania, where media historically holds strong ties to government interests, blogging opened up possibilities for individuals to establish private news outlets that proved immensely powerful in terms of reach and readership.

The current Tanzanian government is not very happy about this uncontrolled flow of information to the people. But instead of anything so crude as shutting down blogs directly, it has come up with a more subtle, but no less effective, approach:

On March 16, 2018, the United Republic of Tanzania issued the Electronic and Postal Communications (Online Content) Regulations demanding that bloggers must register and pay over USD $900 per year to publish online.

To put that in context, Tanzania's GDP per capita was under $900 in 2016, so the new fees are completely out of reach for the majority of people in the country. As Quartz notes, in addition, the registration process is onerous, and the fines for infringement serious:

applicants are expected to fill a form detailing the estimated cost of investment, the number of directors and stakeholders in the platform, their share of capital, staff qualifications, expected dates of commencing operations, besides future growth plans.

But even after providing this documentation, authorities still reserve the right to revoke a permit if a site publishes content that "causes annoyance, threatens harm or evil, encourages or incites crimes" or jeopardizes "national security or public health and safety." Officials could also force managers to remove "prohibited content" within 12 hours or face fines not less than five million shillings ($2,210) or a year in prison.

The situation is slightly easier in Tanzania's northern neighbor, Uganda. Under a new order there (pdf), "All online data communication service providers, including online publishers, online news platforms, online radio and television operators" are required to register with the Uganda Communications Commission. However, there's no mention of fees, or punishments for non-compliance. But if life for Ugandan bloggers seems to be easier than for those in Tanzania, a new daily tax on social media is designed to discourage ordinary users from engaging in what Ugandan President Yoweri Museveni calls "lugambo", or gossip, online. A report in the local Daily Monitor newspaper quotes the President as saying:

"I am not going to propose a tax on internet use for educational, research or reference purposes... these must remain free. However, olugambo on social media (opinions, prejudices, insults, friendly chats) and advertisements by Google and I do not know who else must pay tax because we need resources to cope with the consequences of their lugambo"

The amount of the daily tax is not clear -- a BBC report on the move says it might be either 100 or 200 Ugandan shillings ($0.013 or $0.027) a day -- and there are no details yet on how the new law will be enforced and the taxes collected for services deemed to involve "gossip". But as another Global Voices post notes, this social media tax is just the latest clampdown on the online world in Uganda. It quotes a January 2018 report from Unwanted Witness, a Ugandan NGO, which said:

2017 registered the highest number of Ugandans ever arrested for their online expression and these arrests are clearly targeted crackdown on free flow of information and speech on the Internet.

Different as they are, what the moves in Tanzania and Uganda both show is African governments coming up with new ways to muzzle online commentators that seek to tell people what the official media don't.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+.

8 Comments | Leave a Comment..

Posted on Techdirt - 19 April 2018 @ 3:33pm

Publisher Helps To Keep Sci-Hub In The Public Eye By Trying To Bully It Into Submission Using Ineffectual Legal Remedies

from the but-please-feel-free-to-carry-on dept

As Techdirt has pointed out a number of times, attacking the huge free online repository of academic papers, Sci-Hub, is wrong from a number of viewpoints. It's wrong because Sci-Hub is not a site aiming to profit from the labor of others, but is simply trying to make knowledge accessible to everyone. That's also what academic publishers like to claim they are doing, except that strangely many of the largest end up with profit margins of 30%-40%, and the papers aren't accessible to all, just to those rich enough to pay the "egregious price increases" that roll in every year. It's wrong because most of the research published was paid for by the public through their taxes, who surely ought to be able to access it from convenient repositories that are as easy to use as Sci-Hub. It's also provided free of charge for publishers to repackage, often with few changes. And yet the latter want people to pay again, typically $30 for a single article.

It's not just wrong: it's really foolish on the part of the publishers to pursue Sci-Hub in this way. It simply provides another example of the Streisand Effect, with every legal action alerting more people to Sci-Hub's existence, and encouraging them to find out more. It's foolish, too, because it underlines the fundamental inability of publishers to stop people sharing online, which probably leads others to start doing so. Techdirt has already covered previous failures to shut down Sci-Hub. A new post on TorrentFreak provides us with an update on that continuing fiasco, with details of a new injunction obtained by one of Sci-Hub's arch-enemies, the American Chemical Society:

The amended injunction now requires search engines, hosting companies, domain registrars, and other service or software providers, to cease facilitating access to Sci-Hub. This includes, but is not limited to, the following domain names.

',,,,,,,,,,,,,, sci-hub.onion, scihub22266oqcxt.onion,, and'

Obtaining an injunction is one thing; applying it is another. As the TorrentFreak post notes, many of the non-US service companies involved aren't interested in obeying US injunctions. At the time of writing, a list of Sci-Hub mirrors around the world showed several still operating without any difficulty. And even if some service providers go on to shut down Sci-Hub's domains, it would be easy to come up with new names for mirrors, whether close to "Sci-Hub" in form, or quite different. And ultimately people can use Tor to access sites that are even harder to take down. In the meantime, all that these vindictive and pointless legal moves achieve is to ensure that Sci-Hub remains in the public eye, and gains ever-more users and supporters.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

10 Comments | Leave a Comment..

Posted on Techdirt - 18 April 2018 @ 10:39am

Goldman Sachs Analyst Asks Whether Curing Patients Is A Sustainable Business Model

from the better-to-ask-whether-the-traditional-drug-development-model-is-sustainable dept

Pharma companies generally like to give the impression that their business is a win-win kind of thing: you get better, they get sales. But sometimes the mask slips, and the real strategy that lies behind the benevolent exterior is revealed. For example, back in 2014 we wrote about the CEO of Bayer, one of the biggest drug companies in the world, openly admitting it developed medicines for rich patients in the West that can pay high prices, not for those in places like India that need them just as much, but can't afford them.

Now CNBC has spotted another revealing remark that probably reflects what many in the Big Pharma world say privately. It appears in a report called "The Genome Revolution" about a new generation of treatments based on powerful genomic techniques like CRISPR. They hold out the hope that many diseases can be cured permanently, for example by editing the patient's DNA to replace genetic code that is causing the problem. The report asks: "Is curing patients a sustainable business model?" It goes on to explain the issue here:

"The potential to deliver 'one shot cures' is one of the most attractive aspects of gene therapy, genetically-engineered cell therapy and gene editing. However, such treatments offer a very different outlook with regard to recurring revenue versus chronic therapies," analyst Salveen Richter wrote in the note to clients Tuesday. "While this proposition carries tremendous value for patients and society, it could represent a challenge for genome medicine developers looking for sustained cash flow."

That's a fair analysis. Given the choice between creating a product that cures people after one use, and another that requires a lifetime's supply, the rational choice for a company is the latter. The analyst's question, shocking as it is, exposes neatly the tension between what Big Pharma and its shareholders may want -- fat, recurring profits -- and what patients and society desire -- a short course of treatment that results in a complete cure. As genomic medicine continues to progress, that question is likely to be posed more frequently, both behind closed doors, and in public debates. It will also bring with it another one: if curing patients isn't a sustainable business model for traditional pharma companies, why not find other ways to fund the development of genomic treatments?

Follow me @glynmoody on Twitter or, and +glynmoody on Google+.

66 Comments | Leave a Comment..

Posted on Techdirt - 16 April 2018 @ 7:31pm

Bad News For 'Privacy Shield': As Expected, EU's Top Court Will Examine Legality Of Sending Personal Data To US

from the knock-on-effects-could-be-rather-serious dept

Last October, Techdirt wrote about an important decision by the Irish High Court in a case concerning data transfers from the EU to the US. The original complaint was brought by Max Schrems in the wake of revelations by Edward Snowden back in 2013 that the NSA had routine access to user information held by companies like Facebook. As the post explained, the judge found that there were important legal issues that could only be answered by the EU's highest court, the Court of Justice of the European Union (CJEU). The High Court said that it intended to refer various questions to the CJEU, but has done so only now, as Schrems explains in an update on the case (pdf). He points out that the eleven questions sent to the CJEU (found at the end of the document embedded below) go further than considering general questions of law:

While I was of the view that the Irish Data Protection Authority could have decided over this case itself, but I welcome that the issue will hopefully be dealt with once and forever by the Court of Justice. What is remarkable, is that the High Court also included questions on the 'Privacy Shield', which has the potential for a full review of all EU-US data transfer instruments in this case.

That more or less guarantees that the CJEU will rule definitively on whether the Privacy Shield framework for transferring EU personal data to the US is legal under EU data protection law. And as Mike noted in his October post, it is hard to see the CJEU approving Privacy Shield, which does little to address the court's earlier criticisms of the preceding US-EU agreement, the Safe Harbor framework, which the same court struck down in 2015. That would be a serious problem for companies like Facebook and Google whose data is routinely accessed by the NSA. As Schrems suggests:

In the long run the only reasonable solution is to cut back on mass surveillance laws. If there is no such political solution between the EU and the US, Facebook would have to split global and US services in two systems and keep European data outside of reach for US authorities, or face billions in penalties under the upcoming EU data protection regulation.

In theory, a ruling that Facebook has broken EU privacy laws by allowing the NSA to access the personal data of EU citizens would not necessarily be an issue for other companies not involved in these surveillance programs. However, there is a cloud on the horizon even for them. As Schrems explains, data transfers from the EU to the US typically use contract law in the form of "Standard Contractual Clauses" (SCCs) to lay down the legal framework. Schrems says he is fine with that approach, because the Irish Data Protection Commissioner (DPC) can use an "emergency clause", built in to SCCs, to halt dodgy data sharing in cases like Facebook. However:

The Irish Data Protection Commissioner took the view that there is a larger, systematic issue concerning SCCs. The DPC took the view, that as the validity of the SCCs is at stake the case should therefore be referred to the CJEU.

The danger with this decision to ask the CJEU to examine the validity of SCCs is that if it rules against them, it would affect every company using them, whether or not they were involved in NSA surveillance. Schrems has a theory as to why the DPC has taken this risky route:

I am of the view the Standard Contractual Clauses are perfectly valid, as they would allow the DPC to do its job and suspend individual problematic data flows, such as Facebook's. It is still unclear to me why the DPC is taking the extreme position that the SCCs should be invalidated across the board, when a targeted solution is available. The only explanation that I have is that that they want to shift the responsibility back to Luxembourg [where the CJEU sits] instead of deciding themselves.

Given the massive knock-on effects that the ruling could have on digital flows across the Atlantic, including political consequences, the desire for the Irish DPC to give that responsibility to someone else is plausible. The CJEU is unlikely to feel intimidated in the same way, which means that US companies must now worry about the prospect of SCCs being struck down along with Privacy Shield.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Read More | 7 Comments | Leave a Comment..

Posted on Techdirt - 13 April 2018 @ 6:36am

Canadian Music Industry Confirms Once More That For Copyright Companies, Enough Is Never Enough

from the sounding-like-a-broken-record dept

One of the striking features of copyright is how over three centuries, it always seems to become longer, broader and stronger. Just as a matter of probabilities, you might expect copyright to become a little shorter once in a while, but strangely that doesn't appear to happen. One consequence of the copyright ratchet is that the public is often cheated. Copyright is based on a bargain: that a time-limited, government-backed intellectual monopoly will be granted to creators in return for allowing the work to enter the public domain at the end of that limited period. Instead, what has happened repeatedly is that the copyright term has been extended before works enter the public domain, thus denying society its promised payback. If anything deserves to be called "copyright theft", it is this.

The copyright ratchet is on display once more in a new op-ed Michael Geist has written for The Globe and Mail. He reports on some documents obtained under Freedom of Information laws, including a 30-page reform proposal from the Canadian Music Policy Coalition, an umbrella group representing 17 music associations. It's a submission to the Canadian government regarding a copyright review that is currently underway in that country. According to Geist, the document calls for:

radical changes that would spark significant new consumer fees and Internet regulation. The plan features new levies on smartphones and tablets, Internet service provider tracking of subscribers and content blocking, longer copyright terms, and even the industry's ability to cancel commercial agreements with Internet companies if the benefits from the deal become "disproportionate."

You can read the full details of how the Canadian music industry wants to ratchet copyright up a notch or two in Geist's post. With remarkable honesty, the report is entitled "Sounding Like a Broken Record", and the familiar demands to make copyright longer, broader and stronger are indeed tiresomely repetitive and anachronistic. But what makes those one-sided proposals to demand more money from the public, while depriving them of basic rights like privacy and freedom of speech, even more outrageous is the fact that the Canadian music industry is thriving under the current legal framework:

The Canadian music market is growing much faster than the world average, with Canada jumping past Australia last year to become the sixth largest music market in the world. Music collective SOCAN, a coalition member, has seen Internet streaming revenues balloon from [Canadian] $3.4 million in 2013 to a record-setting $49.3 million in 2017.

Moreover, data confirms that music piracy has diminished dramatically in Canada. Music Canada reports that Canada is below global averages for "stream ripping", the process of downloading streamed versions of songs from services such as YouTube. Last month Sandvine reported that file sharing technology BitTorrent is responsible for only 1.6 per cent of Canadian Internet traffic, down from as much as 15 per cent in 2014.

Since shrinking markets and increasing levels of unauthorized downloads are routinely used to justify a strengthening of copyright legislation, it seems only fair that the public should be allowed to argue that copyright law in Canada can be dialed back now that the reverse is taking place. But the music, film and publishing industries and their lobbyists would scream in horrified outrage if such a thing were even whispered. After all, everyone knows that when it comes to copyright, enough is never enough.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

34 Comments | Leave a Comment..

Posted on Techdirt - 13 April 2018 @ 3:33am

UK Police Use Zipcode Profiles, Garden Size And First Names For AI-Based Custody Decision System

from the black-box-says-you're-a-bad-person dept

As you have doubtless noticed, Cambridge Analytica has been much in the headlines of late. There is still plenty of disagreement about the extent to which the company's profiling tools provide the kind of fine-grained categorization of people that it claims, and whether it played a significant -- or indeed any -- role in deciding key elections, both in the US and elsewhere. What is not disputed is that such profiling is widely used throughout the online world, mostly to sell ads, and that it is likely to become more accurate as further data is gathered, and analytical techniques are honed. The continuing flow of reports about Cambridge Analytica and related companies has therefore at least served the purpose of alerting people to the important issues raised by this approach. Against that background, news that UK police in the north of England are applying similar techniques is troubling:

Durham Police has paid global data broker Experian for UK postcode [zipcode] stereotypes built on 850 million pieces of information to feed into an artificial intelligence (AI) tool used in custody decisions, a Big Brother Watch investigation has revealed.

Durham Police is feeding Experian's 'Mosaic' data, which profiles all 50 million adults in the UK to classify UK postcodes, households and even individuals into stereotypes, into its AI 'Harm Assessment Risk Tool' (HART). The 66 'Mosaic' categories include 'Disconnected Youth', 'Asian Heritage' and 'Dependent Greys'.

In order to decide whether someone should be charged with an offense, the HART system aims to help the police evaluate whether they are likely to re-offend. "High-risk" offenders are charged. Those with a "moderate" risk of re-offending are offered the option of joining a rehabilitation program; if they complete it successfully, they do not receive a criminal conviction. To build the specialized AI system, the local UK police force has been working with a team of researchers at the University of Cambridge:

Called the Harm Assessment Risk Tool (HART), the AI-based technology uses 104,000 histories of people previously arrested and processed in Durham custody suites over the course of five years, with a two-year follow-up for each custody decision. Using a method called "random forests", the model looks at vast numbers of combinations of 'predictor values', the majority of which focus on the suspect's offending history, as well as age, gender and geographical area.

The basic HART system has been in use since 2016. But Big Brother Watch has discovered that HART has been extended in a significant way through the use of the profiling information acquired from Experian. This Dublin-based company -- not to be confused with Equifax, which works in the same field -- has amassed personal information on hundreds of millions of people around the world. Where things become more problematic is how the profiles that Experian has passed to the Durham police force for its HART system are compiled. As well as using basic zipcodes, a wide range of sensitive "predictor values" are gathered, aggregated and analyzed, such as:

Family composition, including children,
Family/personal names linked to ethnicity,
Online data, including data scraped from the pregnancy advice website 'Emma's Diary', and Rightmove [UK real estate site],
Child [support] benefits, tax credits, and income support,
Health data,
[Children's exam] results,
Ratio of gardens to buildings,
Census data,
Gas and electricity consumption.

The use of first names to help assign people to categories is a striking feature of the approach:

Experian’s 'Mosaic' links names to stereotypes: for example, people called 'Stacey’ are likely to fall under 'Families with Needs' who receive 'a range of [government] benefits'; 'Abdi' and 'Asha' are 'Crowded Kaleidoscope' described as 'multi-cultural' families likely to live in 'cramped' and 'overcrowded flats'; whilst 'Terrence' and ‘Denise' are 'Low Income Workers' who have 'few qualifications' and are 'heavy TV viewers'

By stereotyping people on the basis of where and how they live, there is an evident risk that people will find it harder to escape from more challenging life situations, since those with less favorable stereotypes are more likely to be prosecuted than those with more favorable profiles, thus reducing social mobility.

An additional issue is that the black box nature of the HART system, coupled with the complexity of the 850 million data points it draws on, will inevitably make it very hard for police officers to challenge its outputs. They might disagree with its decisions, but in the face of this leading-edge AI-based approach, it would take a very self-assured and experienced officer to ignore a HART recommendation to prosecute, particularly with the risk that the person might re-offend. It is much more likely that officers will take the safe option and accept the HART system's recommendations, whatever they think. As a result, an essentially inscrutable black box will be making critical decisions about a person's life, based in part on where they live, how big their garden is, and whether they are called "Stacey" or "Terrence".

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

31 Comments | Leave a Comment..

Posted on Techdirt - 3 April 2018 @ 7:31pm

Hated Science Publisher Elsevier To Help EU Monitor Open Science - Including Open Access

from the conflict-of-interest,-what-conflict-of-interest? dept

Techdirt has written many stories about the publisher Elsevier. They have all been pretty negative: the company seems determined to represent the worst of academic publishing. It's no surprise, then, that many academics loathe the company. Against that background, news that the EU "Open science Monitor" will use Elsevier as a subcontractor is surprising, to say the least. The official notice of the contract has some details of what the project involves:

the contractors will design, draft, execute and deliver a full-fledged monitoring system in order to determine open science scope, nature, impacts on science and scientific knowledge, and its socio-economic impacts. In turn, this will provide an evidence-based view of evolution of open science. It should be able to facilitate policy making.

One of the main academic participants in the project, the Centre for Science and Technology Studies at Leiden University -- which "stresses the importance of the collaboration with Elsevier" -- explains what is meant by open science in this context:

Open Science is an umbrella concept that embraces the ideas of different open movement such as open source, open access and open data, while embracing trends of open distributed collaboration, data-intensive science and citizen science. Governments are quickly moving towards the open science paradigm (see for instance the Dutch plan on Open Science), while asking for evidence about its reality and impact in the different domains.

An important element of Elsevier's contract will therefore be to help monitor open access. The core aim of open access is to make publicly-funded knowledge freely available to everyone, in a way that is as cost-efficient as possible given the limited resources that can be brought to bear on the problem. One of the issues with the current academic publishing system is the high level of costs for educational institutions, reflected in the level of profits notched up by companies like Elsevier. For many years these have typically been in the 35% to 40% range, well in excess of most other industries.

The fact that Elsevier will be paid to help monitor the dysfunctional publishing world it has helped to create and strives to sustain seems an insensitive decision. Moreover, the contract specifically calls for the "socio-economic impacts" to be evaluated in order to "facilitate policy making". This means that Elsevier will be providing data to guide EU policy decisions that it stands to gain from materially in significant ways. The obvious conflict of interest here should have disqualified the company immediately. But the main contractors seem to have no issues with ignoring this glaring problem, or with the fact that many EU researchers will regard Elsevier as the last organization on the planet that should be involved in any way.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

25 Comments | Leave a Comment..

Posted on Free Speech - 30 March 2018 @ 7:39pm

Quixotic Approaches To Circumventing Censorship, Using Books And Music

from the but-not-tilting-at-windmills dept

The topic of censorship crops up far too much here on Techdirt. Less common are stories about how to circumvent it. The two which follow are great examples of how human ingenuity is able to find unexpected ways to tackle this problem. The first story comes from Spain, and concerns a banned book. As the Guardian reports:

Nacho Carretero’s Fariña, an expose of drug trafficking in Galicia, was published in 2015, but publication and sales were halted last month after the former mayor of O Grove in Galicia, Jose Alfredo Bea Gondar, brought legal action against Carretero and his publisher, Libros del KO. Bea Gondar is suing over details in the book about his alleged involvement in drug shipping.

To get around that ban, a new Web site has been created, Finding Fariña, which explains:

A digital tool searches and finds the 80,000 thousand words that make up "Fariña" within "Don Quijote", the most universal classic of Spanish literature, and then extracts them, one by one, so that you can read the forbidden story.

Because what they will never be able to censor your rights as a reader. Nor words. And least of all, "Don Quijote".

The site sifts through the classic Spanish text to find the words that are then recombined to form the forbidden book. You can click on any word in the book's online text to find the corresponding section of Don Quijote. Since Fariña contains words that did not exist in the early 17th century, when Cervantes wrote his novel, the Web site recreates them from fragments of words that are found within the work. That's quite important, since it means that Don Quijote can potentially be used to reconstitute any book, if necessary breaking down unusual words into fragments or even single letters. Equally, the same approach could be adopted for banned texts in other languages: all that is needed is some well-known public domain work that can be mined in the same way.

The other approach comes from Germany, but "The Uncensored Playlist," is being used in China, Egypt, Thailand, Uzbekistan and Vietnam to circumvent censorship in those nations:

While press freedom is not available in the worlds most oppressed societies -- global music streaming sites are.

Five acclaimed independent journalists from five countries suffering from strict government censorship teamed up with Musical Director Lucas Mayer to turn 10 articles that had previously been censored into 10 uncensored pop songs. These songs were then uploaded onto freely available music streaming sites. Allowing these stories to be slipped back into the countries where they had once been forbidden.

That is, censored information, written by local journalists, is set to music, and then added to playlists that are available on the main streaming platforms like Spotify, Deezer, and Apple Music. In addition, all the songs are freely available from the project's Web site, in both the original languages and in English.

Although neither method represents a foolproof anti-circumvention technique, or a serious challenge to the authorities concerned, they do underline that however bad the censorship, there is always a way around it.

Update: The Finding Fariña site has now been censored. So far, there's no sign of a mirror site being set up outside Spanish jurisdiction, which would seem the obvious response.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

33 Comments | Leave a Comment..

Posted on Techdirt - 29 March 2018 @ 7:39pm

China's Tencent Proves You Can Make A Decent Profit From Online Publishing -- If You Have A Platform With A Billion Users

from the blame-the-innovation-gap,-not-the-value-gap dept

A constant refrain from the publishing industry is that it's impossible to make a decent profit from online publishing because of all those people downloading and sharing digital stuff for free. An interesting article in Caixin reporting on the Chinese digital giant Tencent offers an interesting perspective on that issue. It provides an update to a story we wrote last year about Tencent moving into online publishing, with evident success:

Net profit for Tencent's online publishing unit China Literature was 15 times greater in 2017 compared to 2016, according to the company's first annual results released after its blockbuster initial public offering (IPO).

Revenue grew by 60% to 4.1 billion yuan ($648 million), from 2016's 2.6 billion yuan. Profit attributable to shareholders jumped by a staggering 1,416% from last year's 36.7 million yuan [$5.8 million] to 556.1 million yuan [$88 million] in 2017.

As the article explains, revenues came mostly from payments by readers of the company's online offerings, which cater for a wide range of tastes -- from comics to romance. In total, works are supplied by 6.9 million writers, most of whom are contracted to produce original material for the company. The scale of the operation is similarly large: last year around 11.1 million people paid to use China Literature's services, up from 8.3 million in 2016.

Although those are all impressive figures, it's worth noting one of the key factors driving this business. Tencent is the company behind the WeChat messaging app. Last year, there were 963 million users, so it's likely that more a billion people now use WeChat's powerful and wide-ranging platform. That naturally makes selling China Literature's services much easier.

Traditional publishers will doubtless claim this means they are unable to compete with this kind of platform power, and that they can never generate significant profits online. Their conclusion seems to be that companies like Google and Facebook should be punished for their success. Indeed, this demand has been crystallized into a slogan -- the so-called "value gap", which supposedly represents the money that publishers would have received had it not been for the online giants.

In truth, this "value gap" is more of an "innovation gap": if the publishing companies had embraced the Internet fully in the early days, there is no reason why they could not have turned into Google and Tencent themselves. Instead, publishers have fought the Internet from its first appearance, as they still do. They hanker for the more profitable days of analog publishing, when they were the undisputed gatekeepers. And in their heart of hearts, they secretly hope one day those times might return if only they can persuade politicians to bring in enough retrogressive copyright laws to hobble innovative online companies.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 29 March 2018 @ 9:31am

US Might Start A Nuclear War... Because Iranians Wanted Access To Academic Papers Locked Behind A Paywall?

from the seems-a-little-harsh dept

You probably saw one of the many stories about the US government charging nine Iranians with "conducting massive cyber theft campaign on behalf of the Islamic Revolutionary Guard Corps", as the Department of Justice put it in its press release on the move:

"These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries," said Deputy Attorney General Rosenstein. "For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps. The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America's ideas by infiltrating our computer systems and stealing intellectual property. This case is important because it will disrupt the defendants' hacking operations and deter similar crimes."

That certainly sounds pretty serious, not least because some believe the US government may use this is a pretext for military action against Iran, possibly involving nuclear strikes. But what exactly did those Iranians allegedly steal?

The members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, which they used to steal research, and other academic data and documents, including, among other things, academic journals, theses, dissertations, and electronic books.

That is, they "stole" things like "academic journals, theses, dissertations, and electronic books" -- you know, the stuff that professors routinely publish as part of their work. The stuff that they desperately want as many people to read as possible, since that's how ideas spread, and academic credit is assigned. So rather than some "massive cyber theft" on behalf of the Islamic Revolutionary Guard Corps, is this not actually a bunch of people making copies of academic materials they and others want to read? We already know that Iranians have a particular hunger for academic knowledge of exactly this kind. An article published in Science in 2016 analyzed who was downloading unauthorized copies of scientific papers from Sci-Hub. Here's one striking result:

Of the 24,000 city locations to which [Sci-Hub downloaders] cluster, the busiest is Tehran, with 1.27 million requests. Much of that is from Iranians using programs to automatically download huge swaths of Sci-Hub's papers to make a local mirror of the site, [Sci-Hub's founder] Elbakyan says. Rahimi, the engineering student in Tehran, confirms this. "There are several Persian sites similar to Sci-Hub," he says. "So you should consider Iranian illegal [paper] downloads to be five to six times higher" than what Sci-Hub alone reveals.

Given that concentration of downloads from Sci-Hub in Iran, it's almost surprising the accused needed to break into US universities at all. The Department of Justice press release says that this activity has been going on since 2013, so maybe Iranians hadn't turned to Sci-Hub at that point. And perhaps there was other information they were seeking that was not available on Sci-Hub. A surprisingly precise figure of 31 terabytes in total is mentioned: how, exactly, was that calculated? After all, making copies of documents does not remove them, and people who break into systems tend not to leave notes about what they have "exfiltrated". It's hard to escape the feeling that 31 terabytes is simply the total amount of data they could have copied with all the credentials they obtained, and is used in the press release to make the incident sound bigger than it really is in order to justify any subsequent bellicose actions.

Of course, however much of whatever material was downloaded, breaking into other people's systems and accounts using stolen credentials is never justified. It's likely that the 8,000 compromised email accounts exposed a great deal of highly-sensitive personal information, which would arguably be a much more serious matter than the fact that journals, theses, dissertations, and electronic books were downloaded.

Still, this story doesn't really seem to be about 1337 Iranian government haxxors trying to undermine the US university system with a "massive cyber theft", as the over-the-top press release rather implies. It's more a bunch of unscrupulous individuals using fairly simple phishing techniques to get their hands on otherwise unavailable academic material, apparently to sell to others, at least according to the Department of Justice. It also suggests that if more of this academic work were freely available under open access licenses for everyone's benefit, rather than locked up behind paywalls, there would be less of an incentive for people to engage in this kind of illegal behavior. To say nothing of less risk of a nuclear war.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

46 Comments | Leave a Comment..

Posted on Techdirt - 28 March 2018 @ 7:27pm

Italian Court Rules The Wikimedia Foundation Is Just A Hosting Provider For Wikipedia's Volunteer-Written Articles

from the could-come-in-handy-one-day dept

Many of us tend to take the amazing resource of Wikipedia for granted: it's hard to imagine online life without it. But that doesn't mean its position is assured. As well as continuing funding uncertainty, it is also subject to legal attacks that call into question its innovative way of letting anyone create and edit articles. For example, in 2012 a former Italian Minister of Defense sued the Wikimedia Foundation in Italy for hosting a Wikipedia article he alleged contained defamatory information. He had sent a letter demanding that the article in question should be removed, without even specifying the exact page or where the problem lay, and filed the suit when the page was not taken down.

In 2013, the Civil Court in Rome ruled that the Wikimedia Foundation, which hosts Wikipedia, cannot be held liable for the content of Wikipedia articles, which it does not control. Unsurprisingly, the former minister appealed, and the Court of Appeals in Rome has just handed down its judgment, which is in favor of the Wikimedia Foundation:

In a ruling that provides strong protection for Wikipedia's community governance model, the Court once again recognized that the Wikimedia Foundation is a hosting provider, and that the volunteer editors and contributors create and control content on the Wikimedia projects. The Court also made clear that a general warning letter, without additional detail about the online location, unlawfulness, or the harmful nature of the content as recognized by a court, does not impose a removal obligation on a hosting provider like the Wikimedia Foundation.


the Court took notice of Wikipedia's unique model of community-based content creation, and the mechanisms by which someone can suggest edits or additions to project content. It found that Wikipedia has a clear community procedure for content modification, which Mr. Previti should have used to address his concerns. He could have reached out to the volunteer editors, provided reliable sources, and suggested amendments to the article, instead of sending a general warning letter to the Foundation.

According to the post on the Wikimedia blog, the article about the former minister will remain online, and Previti will pay the Wikimedia Foundation some of the expenses incurred in defending the lawsuit and appeal. That suggests the matter is now over. The ruling is good news in other ways. As well as recognizing the validity of the the community-based creation model, it also affirms that the Wikimedia Foundation is a hosting provider, not an organization that controls the articles themselves. That's important in the context of the proposed EU Copyright Directive, currently under discussion. Article 13 of the Directive would require upload filters on major sites that are actively involved in the publishing of material. The Italian Appeals Court ruling may help to shield Wikimedia from such an impossible requirement if it is still present in the final version of the EU legislation.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

6 Comments | Leave a Comment..

Posted on Techdirt - 19 March 2018 @ 7:47pm

Crowdfunded OpenSCHUFA Project Wants To Reverse-Engineer Germany's Main Credit-Scoring Algorithm

from the opening-the-black-boxes dept

We've just written about calls for a key legal communications system to be open-sourced as a way of re-building confidence in a project that has been plagued by problems. In many ways, it's surprising that these moves aren't more common. Without transparency, there can be little trust that a system is working as claimed. In the past this was just about software, but today there's another aspect to the problem. As well as the code itself, there are the increasingly-complex algorithms, which the software implements. There is a growing realization that algorithms are ruling important parts of our lives without any public knowledge of how they work or make decisions about us. In Germany, for example, one of the most important algorithms determines a person's SCHUFA credit rating: the name comes from an abbreviation of its German "Schutzorganisation für Allgemeine Kreditsicherung", which means "Protection Agency for General Credit Security". As a site called Algorithm Watch explains:

SCHUFA holds data on round about 70 million people in Germany. That's nearly everyone in the country aged 18 or older. According to SCHUFA, nearly one in ten of these people living in Germany (some 7 million people) have negative entries in their record. That's a lot!

SCHUFA gets its data from some 9,000 partners, such as banks and telecommunication companies. Incredibly, SCHUFA doesn't believe it has a responsibility to check the accuracy of data it receives from its partners.

In addition, the algorithm used by SCHUFA to calculate credit scores is protected as a trade secret so no one knows how the algorithm works and whether there are errors or injustices built into the model or the software.

So basically, if you are an adult living in Germany, it's a good chance your financial life is affected by a credit score produced by a multimillion euro private company using an automatic process that they do not have to explain and an algorithm based on data that nobody checks for inaccuracies.

A new crowd-sourced project called OpenSCHUFA aims to change that. It's being run by Algorithm Watch and Open Knowledge Foundation Germany (full disclosure: I am an unpaid member of the Open Knowledge International Advisory Council). As well as asking people for monetary support, OpenSCHUFA wants German citizens to request a copy of their credit record, which they can obtain free of charge from SCHUFA. People can then send the main results -- not the full record, and with identifiers removed -- to OpenSCHUFA. The project will use the data to try to understand what real-life variables produce good and bad credit scores when fed into the SCHUFA system. Ultimately, the hope is that it will be possible to model, perhaps even reverse-engineer, the underlying algorithm.

This is an important attempt to pry open one of the major black boxes that are starting to rule our lives. Whether or not it manages to understand the SCHUFA algorithm, the exercise will provide useful experience for other projects to build on in the future. And if you are wondering whether it's worth expending all this money and effort, look no further than SCHUFA's response to the initiative, reported here by (original in German):

SCHUFA considers the project as clearly directed against the overarching interests of the economy, society and the world of business in Germany.

The fact that SCHUFA apparently doesn't want people to know how its algorithm works is a pretty good reason for trying to find out.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

9 Comments | Leave a Comment..

Posted on Techdirt - 16 March 2018 @ 7:39pm

If You Ratify The CETA Trade Deal, You'll Break The Law, Legal Expert Tells EU Member States

from the corporate-sovereignty-is-the-problem,-as-usual dept

We recently wrote about an important judgment from the EU's top court, the Court of Justice of the European Union (CJEU). The ruling said that that corporate sovereignty provisions included in trade deals between the EU's member states were illegal. Significantly, the logic behind that decision suggests that any form of investor-state dispute settlement (ISDS) -- the official name for the corporate sovereignty framework -- even in trade deals involving countries outside the EU, would be forbidden too. Christina Eckes, professor of European law at the University of Amsterdam and director of the Amsterdam Centre for European Law and Governance, believes that the implications of the CJEU ruling are even broader.

Eckes says that in the wake of the judgment, serious doubts hang over the investment chapter in the Canada-EU trade deal, CETA, which has still not been ratified by all EU member states yet -- a process that is necessary before it comes into force definitively. In fact, Belgium has explicitly asked the CJEU to rule on the legality of the Investor Court System (ICS) in CETA, which is the modified version of corporate sovereignty that supposedly addresses its flaws. As a result, a ruling on whether CETA's investment chapter is legal is definitely on its way, and could have major implications for CETA and its ratification. However, Ecke points out that there is something called "EU loyalty", which:

requires that Member States amongst others 'facilitate the achievement of the Union's tasks and refrain from any measure which could jeopardise the attainment of the Union's objectives.' In external relations, they are obliged not to undermine the EU’s external actions and ensure unity in international representation. ... Furthermore, EU loyalty covers not just the present state of EU law but also ‘the foreseeable future development of EU law’ and should hence be interpreted as requiring certain actions or omissions in the present in order to avoid a potential future conflict between international legal obligations and EU law.

What this means in practice, Eckes suggests, is that the EU's member states should not go ahead and ratify CETA without knowing the outcome of the CJEU deliberation on the legality of the ICS. If they were to complete ratification, and the investment chapter were then found inadmissible by the court, this would undermine the authority of the CJEU, since its ruling would be null and void. As a consequence, she says:

In the light of the foreseeable risk that CJEU declares the CETA investment chapter to be capable of undermining the autonomy of the EU legal order, Member States are required by the principle of EU loyalty to halt ratification in order to demonstrate a uniform position as one Party, together with the EU and the other Member States, on the international plane in general and vis-à-vis Canada in particular.

It's an interesting argument, which the European Commission will doubtless do its best to ignore in the hope that it can just steamroller CETA through the ratification process before the CJEU issues its ruling. However, if, as seems likely, CETA's investment chapter is indeed ruled illegal by the top court, this will present a rather thorny problem for the EU. Given the other challenges it faces thanks to rising populism in many EU countries, the Commission could probably do without this kind of constitutional crisis that would undermine further people's support for the European project. That might be a good reason for putting those ratifications on hold for a while.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

10 Comments | Leave a Comment..

Posted on Techdirt - 15 March 2018 @ 7:27pm

German Lawyers Call For Their Profession's Bug-Ridden, Soon-To-Be Mandatory, Email System To Be Open Sourced

from the public-trust,-public-code dept

Given the sensitive nature of their work, lawyers need to take particular care when communicating online. One way to address this -- quite reasonable, in theory -- is to create a dedicated system with strong security built in. That's the route being taken by Germany's Federal Bar Association (Bundesrechtsanwaltskammer -- BRAK) with its "besondere elektronisches Anwaltspostfach" (special electronic mailbox for lawyers, or beA). However, the reality has not matched the theory, and beA has been plagued with serious security problems. As a post on the Free Software Foundation Europe (FSFE) site explains (original in German)

Numerous scandals and a questionable understanding of security characterize the project, which has been in development for several years. Lawyers should have been reachable through this software since January 1, 2018, but numerous known vulnerabilities have prevented the planned start of the service.


Although a security audit was commissioned and carried out in 2015, its scope and results have not been published to date; the full extent of the faulty programming became known only at the end of 2017. Thus the project, which has cost lawyers so far about 38 million euros, has already lost people's trust. In view of the numerous errors, the confidentiality of the sent messages can no longer be guaranteed -- and this is for software whose use from 2022 onwards becomes mandatory for all court documentation traffic.

Because of the continuing lack of transparency about the evident problems with the project, a number of German lawyers are supporting a petition that asks for an alternative approach, reported here by the Open Source Observatory:

The petition calls on Germany's Bundesrechtsanwaltskammer (Federal Bar Association, or BRAK) to publish the beA software under a free and open source software licence and open the software development process. "Only in this way can it slowly restore the trust of the users -- all lawyers, authorities and courts," the petition says.

As the petition notes (original in German):

Disclosure of the program code allows independent IT professionals to report potential security vulnerabilities early on so that they can be fixed; it has been shown once more that keeping the source code secret, and carrying out the audits as agreed in the contract [for creating the beA system] does not lead to the desired result. Free software also guarantees much-needed manufacturer independence.

Over and above the increased transparency that open-sourcing the beA code would bring, and the hope that this would allow security issues to be caught earlier, there is another good reason why the German system for lawyers should be released as free software. Since it will perform a key service for the public, it is only right for representatives of the German public to be able to confirm its trustworthiness. This is part of a larger campaign by the FSFE called "Public Money, Public Code", which Techdirt wrote about last year. Unfortunately, what ought to be a pretty uncontroversial idea still has a long way to go, as the painful beA saga demonstrates.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

17 Comments | Leave a Comment..

More posts from Glyn Moody >>