Glyn Moody’s Techdirt Profile

glynmoody

About Glyn MoodyTechdirt Insider




Posted on Techdirt - 11 July 2018 @ 7:37pm

European Parliament Turns Up The Pressure On US-EU Privacy Shield Data Transfer Deal A Little More

from the how-much-longer-can-it-last? dept

Many stories on Techdirt seem to grind on forever, with new twists and turns constantly appearing, including unexpected developments -- or small, incremental changes. The transatlantic data transfer saga has seen a bit of both. Back in 2015, the EU's top court ruled that the existing legal framework for moving data across the Atlantic, Safe Harbor, was "invalid". That sounds mild, but it isn't. Safe Harbor was necessary in order for data transfers across the Atlantic to comply with EU data protection laws. A declaration that it was "invalid" meant that it could no longer be used to provide legal cover for huge numbers of commercial data flows that keep the Internet and e-commerce ticking over. The solution was to come up with a replacement, Privacy Shield, that supposedly addressed the shortcomings cited by the EU court.

The problem is that a growing number of influential voices don't believe that Privacy Shield does, in fact, solve the problems of the Safe Harbor deal. For example, in March last year, two leading civil liberties groups -- the American Civil Liberties Union and Human Rights Watch -- sent a joint letter to the EU's Commissioner for Justice, Consumers and Gender Equality, and other leading members of the European Commission and Parliament, urging the EU to re-examine the Privacy Shield agreement. In December, an obscure but influential advisory group of EU data protection officials asked the US to fix problems of Privacy Shield or expect the EU's top court to be asked to rule on its validity. In April of this year, the Irish High Court made just such a referral as a result of a complaint by the Austrian privacy expert Max Schrems. Since he was instrumental in getting Safe Harbor struck down, that's not something to be taken lightly.

Lastly, one of the European Parliament's powerful committees, which helps determine policy related to civil liberties, added its voice to the discussion. It called on the European Commission to suspend the Privacy Shield agreement unless the US fixed the problems that the committee discerned in its current implementation. At that point, it was just a committee making the call. However, in a recent plenary session, the European Parliament itself voted to back the idea, and by a healthy margin:

MEPs call on the EU Commission to suspend the EU-US Privacy Shield as it fails to provide enough data protection for EU citizens.

The data exchange deal should be suspended unless the US complies with EU data protection rules by 1 September 2018, say MEPs in a resolution passed on Thursday by 303 votes to 223, with 29 abstentions. MEPs add that the deal should remain suspended until the US authorities comply with its terms in full.

It's important to note that this vote is largely symbolic: if the US refuses to improve the data protection of EU citizens, there's nothing to force the European Commission to comply with the demand of the European Parliament. That said, the call by arguably the most democratic part of the EU -- MEPs are directly elected by European citizens -- piles more pressure on the European Commission, which is appointed by EU governments, not elected. If nothing else, this latest move adds to the general impression that Privacy Shield is not likely to survive in its present form much longer.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

5 Comments | Leave a Comment..

Posted on Techdirt - 9 July 2018 @ 7:36pm

Elsevier Will Monitor Open Science In EU Using Measurement System That Favors Its Own Titles

from the conflict-of-interest?-I've-heard-of-it dept

Back in April, we wrote about a curious decision to give the widely-hated publisher Elsevier the job of monitoring open science in the EU. That would include open access too, an area where the company has major investments. The fact that the European Commission seemed untroubled by that clear conflict of interest stunned supporters of open access. Now one of them -- the paleontologist Jon Tennant -- is calling on the European Commission to remove Elsevier, and to find another company with no conflicts of interest. As Tennant writes in the Guardian:

How is it reasonable for a multi-billion dollar publishing corporation to not only produce metrics that evaluate publishing impact [of scientific articles], but also to use them to monitor Open Science and help to define its future direction? Elsevier will be providing data through the monitor that will be used to help facilitate future policy making in the EU that it inevitably will benefit from. That's like having McDonald's monitor the eating habits of a nation and then using that to guide policy decisions.

Elsevier responded with a blog post challenging what it calls "misinformation" in Tennant's article:

We are one of the leading open access publishers, and we make more articles openly available than any other publisher. We make freely available open science products and services we have developed and acquired to enable scientists to collaborate, post their early findings, store their data and showcase their output.

It added:

We have co-developed CiteScore and Snowball Metrics with the research community -- all of which are open, transparent, and free indicators.

CiteScore may be "open, transparent, and free", but Tennant writes:

Consider Elsevier's CiteScore metric, a measure of the apparent impact of journals that competes with the impact factor based on citation data from Scopus. An independent analysis showed that titles owned by Springer Nature, perhaps Elsevier’s biggest competitor, scored 40% lower and Elsevier titles 25% higher when using CiteScore rather than previous journal impact factors.

In other words, one of the core metrics that Elsevier will be applying as part of the Open Science Monitor appears to show bias in favor of Elsevier's own titles. One result of that bias could be that when the Open Science Monitor publishes its results based on Elsevier's metrics, the European Commission and other institutions will start using Elsevier's academic journals in preference to its competitors. The use of CiteScore creates yet another conflict of interest for Elsevier.

As well as writing about his concerns, Tennant is also making a formal complaint to the European Commission Ombudsman regarding the relationship between Elsevier and the Open Science Monitor:

The reason we are pursuing this route is due to the fact that the opportunity to raise a formal appeal was denied to us. In the tender award statement, it states that "Within 2 months of the notification of the award decision you may lodge an appeal to the body referred to in VI.4.1.", which is the General Court in Luxembourg. The notification of the award was on January 11, 2018, and it was exactly 2 months and 1 day later when the role of Elsevier as subcontracted was first publicly disclosed. Due to this timing, we were unable to lodge an appeal.

In other words, it was only revealed that Elsevier was the sub-contractor when it was too late to appeal against that choice. A cynic might almost think those behind the move knew people would object, and kept it quiet until it was impossible under the rules to appeal. Open science? Not so much…

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

10 Comments | Leave a Comment..

Posted on Techdirt - 3 July 2018 @ 11:51am

Copyright Industries Reveal Their Ultimate Goal: An Internet Where Everything Online Requires A License From Them

from the now-would-be-a-good-time-to-stop-it-happening dept

Yesterday, Mike took apart an extraordinarily weak attempt by the UK's music collection society, PRS for Music, to counter what it claimed were "myths" about the deeply-harmful Article 13 of the proposed EU Copyright Directive. On the same day, the Guardian published a letter from the PRS and related organizations entitled "How the EU can make the internet play fair with musicians". It is essentially a condensed version of the "myth-busting" article, and repeats many of the same fallacious arguments. It also contains some extremely telling passages that are worth highlighting for the insights that they provide into the copyright industries' thinking and ultimate goal. Here is the main thrust of the letter:

This is not about censorship of the internet, as the likes of Google and Facebook would have you believe. The primary focus of this legislation is concerned with whether or not the internet functions as a fair and efficient marketplace -- and currently it doesn't.

Once again, there is no attempt to demonstrate that Article 13 is not about censorship, merely an assertion that it isn't, together with the usual claim that it's all being orchestrated by big US Internet companies. The fact that over two-thirds of a million people have signed an online petition calling for the "censorship machine" of Article 13 to be stopped rather punctures that tired argument.

More interesting is the second sentence, which essentially confirms that for the recording industry, the Copyright Directive -- and, indeed, the Internet itself -- is purely about getting as much money as possible. There is no sense that there are other important aspects -- like encouraging ordinary people to express themselves, and to be creative for the sheer joy of creating, or in order to amuse and engage with friends and strangers. The fact that all these non-commercial uses will be adversely affected by Article 13 is irrelevant to the recording industry, which seems to believe that making a profit takes precedence over everything else. However, even if they choose to ignore this side of the Internet, the signatories of the letter are well-aware that there is a huge backlash against the proposed law precisely because it is a threat to this kind of everyday online use. Attempting to counter this, they go on:

It is important to recognise that article 13 of the proposed EU copyright directive imposes no obligation on users. The obligations relate only to platforms and rightsholders. Contrary to some sensationalist headlines, internet memes will not be affected, as they are already covered by exceptions to copyright, and nothing in the proposed article will allow rightsholders to block the use of them.

Techdirt pointed out yesterday why the first part of that is intellectually dishonest. The Copyright Directive won't impose obligations on users directly, but on the platforms that people use, which amounts to the same thing in practice. The letter then trots out the claim that Internet memes will not be affected, and specifically says this is because they are already covered by EU exceptions to copyright.

This is simply not true. Article 5 of the EU's 2001 Directive on the "harmonization of certain aspects of copyright and related rights in the information society" lays down that "Member States may provide for exceptions or limitations", including "for the purpose of caricature, parody or pastiche". However, that is optional, not compulsory. In fact, nineteen EU Member States -- including the EU's most populous country, Germany -- have chosen not to provide an exception for parody. Even assuming that memes would be covered by parody exceptions -- by no means guaranteed -- they are in any case illegal in 19 EU nations.

Licensing is not an option here. There are many diverse sources for the material used in memes, most of which have no kind of organization that could give a license. The only way for online companies to comply with Article 13 would be to block all memes using any kind of pre-existing material in those 19 countries without a parody exception. Worse: because it will be hard to apply different censorship rules for each EU nation, it is likely that the upload filters will block all such memes in the whole EU, erring on the side of caution. It will then be up to the person whose meme has been censored to appeal against that decision, using an as-yet undefined appeals mechanism. The chilling effect this "guilty until proven innocent" approach will have on memes and much else is clear.

The blatant misinformation about whether memes would be blocked is bad enough. But in many ways, the most shocking phrase in the letter is the following:

Actually, article 13 makes it easier for users to create, post and share content online, as it requires platforms to get licences, and rightsholders to ensure these licences cover the acts of all individual users acting in a non-commercial capacity.

There, in black and white, is the end-game that the recording industry is seeking: that every online act of individual users, even the non-commercial ones, on the major platforms must be licensed. But the desire to control the online world, and to dictate who may do what there, is not limited to the recording companies: it's what all the copyright industries want. That can be seen in Article 11 of the Copyright Directive -- the so-called "snippet tax" -- which will require licensing for the use by online sites of even small excerpts of news material.

It's also at the root of the core problem with Article 3 of the proposed EU law. This section deals with the important new field of text and data mining (TDM), which takes existing texts and data, and seeks to extract new information by collating them and analyzing them using powerful computers. The current Copyright Directive text allows TDM to be carried out freely by non-profit research organisations, on material to which they have lawful access. However, companies must pay publishers for a new, additional, license to carry out TDM, even on material they have already licensed for traditional uses like reading. That short-sighted double-licensing approach pretty much guarantees that AI startups, which typically require frictionless access to large amounts of training data, won't choose to set up shop in the EU. But the publishing industry never cares about the collateral damage it inflicts, provided it attains its purely selfish goals.

Although it's rather breathtaking to see the copyright world openly admit that its ultimate aim is to turn the Internet into a space where everything is licensed, we shouldn't be surprised. Back in 2013, Techdirt wrote about the first stages of the EU's revision of its copyright law. One preliminary initiative was called "Licences for Europe", and its stated aim was to "explore the potential and limits of innovative licensing and technological solutions in making EU copyright law and practice fit for the digital age". What we are seeing now in the proposed Copyright Directive is simply a fulfillment of these ambitions, long-cherished by the copyright industries. If you aren't happy about that, now would be a good time to tell the EU Parliament to Save Your Internet. It may be your last chance.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

111 Comments | Leave a Comment..

Posted on Techdirt - 2 July 2018 @ 7:48pm

Researchers Reveal Details Of Printer Tracking Dots, Develop Free Software To Defeat It

from the whistleblowers-of-the-world,-rejoice,-but-still-be-careful dept

As Techdirt has reported previously in the case of Reality Leigh Winner, most modern color laser printers place tiny yellow tracking dots on every page printed -- what Wikipedia calls "printer steganography". The Electronic Frontier Foundation (EFF) first started warning about this sneaky form of surveillance back in 2005. It published a list of printers and whether it was known that they used tracking dots. In 2017, the EFF stopped updating the list, and wrote:

It appears likely that all recent commercial color laser printers print some kind of forensic tracking codes, not necessarily using yellow dots. This is true whether or not those codes are visible to the eye and whether or not the printer models are listed here. This also includes the printers that are listed here as not producing yellow dots.

Despite the EFF's early work in exposing the practice, there has been limited information available about the various tracking systems. Two German researchers at the Technical University in Dresden, Timo Richter and Stephan Escher, have now greatly extended our knowledge about the yellow dot code (via Netzpolitik.org). As the published paper on the work explains, the researchers looked at 1286 printed pages from 141 printers, produced by 18 different manufacturers. They discovered four different encoding systems, including one that was hitherto unknown. The yellow dots formed grids with 48, 64, 69 or 98 points; using the grid to encode binary data, the hidden information was repeated multiple times across the printed page. In all cases the researchers were able to extract the manufacturer's name, the model's serial number, and for some printers the date and time of printing too.

It's obviously good to have all this new information about tracking dots, but arguably even more important is a software tool that the researchers have written, and made freely available. It can be used to obfuscate tracking information that a printer places in one of the four grid patterns, thus ensuring that the hard copy documents cannot easily be used to trace who printed them. Printer manufacturers will doubtless come up with new ways of tracking documents, and may already be using some we don't know about, but this latest work at least makes it harder with existing models.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

39 Comments | Leave a Comment..

Posted on Techdirt - 2 July 2018 @ 3:23am

Over 60 Organizations Want Sanctions For EU Nations' Failure To Repeal 'Invalid' Data Retention Laws

from the attacking-the-data-retention-zombie dept

We recently wrote about a slight setback in the fight against mass surveillance in Europe. But in general, there have been some good decisions in this field by the EU's top court. In 2014, the Court of Justice of the European Union (CJEU) ruled that the region's Data Retention Directive was "invalid", in what is generally known as the "Digital Rights Ireland" case. In 2016, the CJEU took a similarly dim view of the UK's Data Retention and Investigatory Powers Bill (DRIPA), in the "Tele-2/Watson" judgment. Under EU law, those decisions had to be implemented by all the EU Member States. But a report by Privacy International published in September last year showed that compliance has been dismal (pdf):

in an alarmingly large number of Member States (roughly 40% of all countries surveyed in this report) the pre-Digital Rights Ireland regime transposing Directive 2006/24 is still in place.

That is, the national laws that implemented the Data Retention Directive had not been repealed, despite the CJEU's ruling that they were invalid, nor had new legislation been passed. The research also showed something interesting about the other countries that had repealed or amended their data retention laws:

What has emerged from our analysis is that as a rule of thumb repeal or amendments to data retention legislation have mainly occurred as a result of challenges in national courts, predominately by human rights NGOs, while Governments and legislators have been largely inactive.

In other words, governments have to be kicked into doing something, otherwise they just ignore the CJEU's ruling. Based on that fact, dozens of NGOs, community networks, academics and activists have decided to increase the pressure on Member States that are slacking:

60 organisations, community networks and academics in 19 EU Member States are sharing their concerns to the European Commission, to demand action, and to stand for the protection of fundamental rights enshrined in Articles 7, 8 and 11 of the Charter of Fundamental Rights of the European Union, as interpreted by the Grand Chamber of the CJEU. We call for the application of sanctions for non-compliant Member States by referring to the CJEU, which should logically strike down all current data retention national frameworks.

As the dedicated web site stopdataretention.eu indicates, there are now over 60 organizations backing the move and signatories to the formal letter of complaint sent to the European Commission (pdf). Given the CJEU's clear ruling against the earlier data retention frameworks, it seems likely that it will also strike down the national implementations of them. Whether the European Commission will send these cases to the CJEU, and how long it will take if it decides to do so, is less clear. If nothing else, the latest move underlines just how important it is for digital rights organizations to keep up the pressure -- and how hard it is to kill off bad EU laws once they are passed.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Leave a Comment..

Posted on Techdirt - 21 June 2018 @ 11:58am

In A Surprising Decision, European Court Of Human Rights Says Sweden's Mass Surveillance Is Fine

from the but-top-EU-court's-views-may-matter-more dept

In the wake of Snowden's revelations of the scale of mass surveillance around the world, various cases have been brought before the courts in an attempt to stop or at least limit this activity. One involved Sweden's use of bulk interception for gathering foreign intelligence. A public interest law firm filed a complaint at the European Court of Human Rights (ECtHR). It alleged that governmental spying breached its privacy rights under Article 8 of the European Convention on Human Rights (pdf). The complaint said that the system of secret surveillance potentially affected all users of the Internet and mobile phones in Sweden, and pointed out that there was no system for citizens to use if they suspected their communications had been intercepted. The ECtHR has just ruled that "although there were some areas for improvement, overall the Swedish system of bulk interception provided adequate and sufficient guarantees against arbitrariness and the risk of abuse":

In particular, the scope of the signals intelligence measures and the treatment of intercepted data were clearly defined in law, permission for interception had to be by court order after a detailed examination, it was only permitted for communications crossing the Swedish border and not within Sweden itself, it could only be for a maximum of six months, and any renewal required a review. Furthermore, there were several independent bodies, in particular an inspectorate, tasked with the supervision and review of the system. Lastly, the lack of notification of surveillance measures was compensated for by the fact that there were a number of complaint mechanisms available, in particular via the inspectorate, the Parliamentary Ombudsmen and the Chancellor of Justice.

When coming to that conclusion, the Court took into account the State's discretionary powers in protecting national security, especially given the present-day threats of global terrorism and serious cross-border crime.

One expert in this area, TJ McIntyre, expressed on Twitter his disappointment with the judgment:

It might have been too much to expect bulk intercept ruled out in principle, but it is surprising to see a retreat from existing standards on safeguards.

McIntyre played a leading role in one of the key cases brought against mass surveillance, by Digital Rights Ireland in 2014. It resulted in the EU's top court, the Court of Justice of the European Union (CJEU), ruling the EU's Data Retention Directive was "invalid". As McIntyre notes, the detailed ECtHR analysis mentions the CJEU decision, but not the more recent ruling by the latter that struck down the "Safe Harbor" framework because of mass surveillance by the NSA.

The judgment significantly waters down safeguards previously developed by the ECtHR in relation to notification and possibility of a remedy against unlawful surveillance.

For example, McIntyre points out the ECtHR accepted that it is necessary for the Swedish signals intelligence service to store raw material before it can be manually processed:

Remarkably weak controls on storage and downstream use of intercept material were accepted by the ECtHR -- in particular, it was satisfied with retention of bulk intercept "raw material" for one year!

Something of a setback in terms of limiting mass surveillance, the latest judgment goes against the general trend of decisions by the arguably more important CJEU court. In 2014 the latter effectively ruled that its own decisions should take precedence over those of the ECtHR if they came into conflict. That is now more likely, given the CJEU's hardening position against mass surveillance, and the diverging judgment from the ECtHR, which shows some softening.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

16 Comments | Leave a Comment..

Posted on Techdirt - 20 June 2018 @ 7:38pm

China's Latest Censorship Crackdown Target: Videos Of Women Rubbing, Kissing And Licking Binaural Microphones

from the whisper-sweet-nothings-in-my-ear dept

A few weeks back, we wrote about some unpublished censorship guidelines that provided insights into what the Chinese government is trying to stamp out online. However, one of the more curious activities whose depiction was forbidden was "vulgar use of a microphone controller". That seemed both surprisingly specific, and yet tantalizingly vague. A new post on Abacus News may explain what was meant by that phrase. It reports on yet another censorship move by the Chinese authorities:

the country's anti-pornography office ordered a number of platforms to remove a lot of ASMR content -- because they say some are akin to softcore porn.

Autonomous sensory meridian response (ASMR) is defined by Wikipedia as follows:

a term used for an experience characterized by a static-like or tingling sensation on the skin that typically begins on the scalp and moves down the back of the neck and upper spine. It has been compared with auditory-tactile synesthesia. ASMR signifies the subjective experience of "low-grade euphoria" characterized by "a combination of positive feelings and a distinct static-like tingling sensation on the skin". It is most commonly triggered by specific auditory or visual stimuli, and less commonly by intentional attention control.

The banned videos in China typically show people -- well, nearly always young women -- whispering into special high-quality binaural microphones that aim to capture audio the same way our ears hear sounds. As well as producing extremely realistic results, the microphones also allow sounds to move from one ear to the other -- best experienced with headphones to enhance this effect -- as if the person speaking is right next to you, and moving around very close to you.

The women in the videos whisper, rather than speak, because it has been found to be the most effective way to produce ASMR's characteristic "tingling" sensation. But ASMR videos also include the sounds of people licking, kissing, and rubbing the microphones in various ways -- which may explain that "vulgar use of a microphone controller" the Chinese authorities want to censor. As a representative example, the Abacus News points to a two-hour long YouTube video of one of the ASMR stars in China, Xuanzi Giant 2 Rabbit:

In the video, she speaks softly into an ear-shaped microphone, taps it, covers it in plastic, even rubs a Q-tip inside it, creating a variety of sounds to trigger ASMR.

But she does it while dressed in the revealing outfit of Mai Shiranui from The King of Fighters, and whispers things like "Husband, your highness, do you have any instructions?" In another clip, wearing the same outfit, she strikes a provocative pose on the bed.

ASMR is even referred to as "in-skull orgasm" by many Chinese internet users, highlighting the sexual image of some videos.

It's not hard to see why China's anti-pornography department might want to block this kind of thing. However, as a short video by The New York Times exploring the phenomenon makes clear, mainstream ADMR is rather different from these Chinese variants. The aim is to relax rather than excite, and to tap into what may be a calming physiological response similar to that produced when animals groom each other. In any case, the Chinese attempt to censor ASMR videos seems pretty hopeless:

After hearing about this crackdown, we tried to search by the keyword "ASMR" on some of China's biggest streaming platforms, like Bilibili and Douyu. The searches yielded no results. But the videos still appear if you go directly to the playlists of many ASMR hosts. And since they're not banned in the West, many are available on YouTube.

This probably means we can expect yet another Chinese crackdown on ASMR videos at some point in the future, and yet another failure to eradicate that "vulgar use of a microphone controller".

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

17 Comments | Leave a Comment..

Posted on Techdirt - 18 June 2018 @ 7:48pm

Open Source Industry Australia Says Zombie TPP Could Destroy Free Software Licensing

from the another-reason-not-to-ratify dept

It seems incredible, but the TPP trade deal is still staggering on, zombie-like. It's official name is now the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), but even the Australian government just calls it TPP-11. The "11" refers to the fact that TPP originally involved 12 nations, but the US pulled out after Donald Trump's election. The Australian Senate Standing Committee on Foreign Affairs, Defence & Trade is currently conducting an inquiry into TPP-11 as a step towards ratification by Australia. However, in its submission to the committee (pdf), Open Source Industry Australia (OSIA) warns that provisions in TPP-11's Electronic Commerce Chapter "have the potential to destroy the Australian free & open source software (FOSS) sector altogether", and calls on the Australian government not to ratify the deal. The problem lies in Article 14.17 of the TPP-11 text (pdf):

No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory.

In its submission to the committee, the OSIA writes:

Article 14.17 of CPTPP prohibits requirements for transfer or access to the source code of computer software. Whilst it does contain some exceptions, those are very narrow and appear rather carelessly worded in places. The exception that has OSIA up in arms covers "the inclusion of terms and conditions related to the provision of source code in commercially negotiated contracts". If Australia ratifies CPTPP, much will turn on whether the Courts interpret the term "commercially negotiated contracts" as including FOSS licences all the time, some of the time or none of the time.

If the Australian courts rule that open source licenses are not "commercially negotiated contracts", those licences will no longer be enforceable in Australia, and free software as we know it will probably no longer exist there. Even if the courts rule that free software licenses are indeed "commercially negotiated contracts", there is another problem, the OSIA says:

The wording of Art. 14.17 makes it unclear whether authors could still seek injunctions to enforce compliance with licence terms requiring transfer of source code in cases where their copyright has been infringed.

Without the ability to enforce compliance through the use of injunctions, open source licenses would once again be pointless. Although the OSIA is concerned about free software in Australia, the same logic would apply to any TPP-11 country. It would also impact other nations that joined the Pacific pact later, as the UK is considering (the UK government seems not to have heard of the gravity theory for trade). It would presumably apply to the US if it did indeed rejoin the pact, as has been mooted. In other words, the impact of this section on open source globally could be significant.

It's worth remembering why this particular article is present in TPP. It grew out of concerns that nations like China and Russia were demanding access to source code as a pre-requisite of allowing Western software companies to operate in their countries. Article 14.17 was designed as a bulwark against such demands. It's unlikely that it was intended to destroy open source licensing too, although some spotted early on that this was a risk. And doubtless a few big software companies will be only too happy to see free software undermined in this way. Unfortunately, it's probably too much to hope that the Australian Senate Standing Committee on Foreign Affairs, Defence & Trade will care about or even understand this subtle software licensing issue. The fate of free software in Australia will therefore depend on whether TPP-11 comes into force, and if so, what judges think Article 14.17 means.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

23 Comments | Leave a Comment..

Posted on Techdirt - 14 June 2018 @ 12:00pm

EU Politicians Tell European Commission To Suspend Privacy Shield Data Transfer Framework

from the US-must-try-harder dept

A couple of months ago, we wrote about an important case at the Court of Justice of the European Union (CJEU), the region's highest court. The final judgment is expected to rule on whether the Privacy Shield framework for transferring EU personal data to the US is legal under EU data protection law. Many expect the CJEU to throw out Privacy Shield, which does little to address the earlier criticisms of the preceding US-EU agreement: the Safe Harbor framework, struck down by the same court in 2015. However, that's not the only problem that Privacy Shield is facing. One of the European Parliament's powerful committees, which helps determine policy related to civil liberties, has just issued a call to the European Commission to suspend the Privacy Shield agreement unless the US tries harder:

The data exchange deal should be suspended unless the US complies with it by 1 September 2018, say MEPs, adding that the deal should remain suspended until the US authorities comply with its terms in full.

There are a couple of reasons why the European Parliament's committee has taken this unusual step. One is the recent furore surrounding Cambridge Analytica's use of personal data collected by Facebook, which the EU politicians incorrectly call a "data breach". However, as they correctly point out, both companies were certified under Privacy Shield, which doesn't seem to have prevented the data from being misused:

Following the Facebook-Cambridge Analytica data breach, Civil Liberties MEPs emphasize the need for better monitoring of the agreement, given that both companies are certified under the Privacy Shield.

MEPs call on the US authorities to act upon such revelations without delay and if needed, to remove companies that have misused personal data from the Privacy Shield list. EU authorities should also investigate such cases and if appropriate, suspend or ban data transfers under the Privacy Shield, they add.

The other concern is the recently-passed Clarifying Lawful Overseas Use of Data Act (CLOUD Act), which grants the US and foreign police access to personal data across borders. This undermines the effectiveness of the privacy protections of the data transfer scheme, since it would allow the personal data of EU citizens to be accessed more easily. The head of the civil liberties committee, Claude Moraes, is quoted as saying:

While progress has been made to improve on the Safe Harbor agreement, the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter. It is therefore up to the US authorities to effectively follow the terms of the agreement and for the Commission to take measures to ensure that it will fully comply with the GDPR.

The mention of the new GDPR there is significant, since it raises the bar for the Privacy Shield framework's compliance with EU data protection laws. A greater stringency makes it more likely that the European Commission will suspend the deal, and that the CJEU will strike it down permanently at some point.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

5 Comments | Leave a Comment..

Posted on Techdirt - 13 June 2018 @ 11:58am

Top German Publisher Says: 'You Wouldn't Steal A Pound Of Butter... So We Need A Snippet Tax'

from the articles-11-and-13-must-go dept

Last week, Mike provided a virtuoso excoriation of the European publishers' shameless demand to be given even more copyright control over tiny snippets of news stories as part of the awful EU copyright directive. As that post pointed out, the publishers' "mythbuster" did nothing of the sort, but it did indicate a growing panic among the industry as more critical attention is brought to bear on the ridiculous "snippet tax" -- Article 11 of the proposed new EU copyright law -- which has already failed twice elsewhere. The German site Über Medien -- "About Media" -- offers another glimpse of publishers trying desperately to justify the unjustifiable (original in German). Actually, it's one publisher in particular: Mathias Döpfner. He's the CEO of the German company Axel Springer, one of the world's largest publishers, although even his company is unlikely to benefit much from the snippet tax. Speaking on Austrian television, Döpfner made a rather remarkable claim:

It's about the question of whether the intellectual good that is produced is a protected good or not. At the moment it is a good that is not protected in the digital world. Anyone can take an article, a video, a journalistic element that a publisher has prepared, copy it, put it in another context and even market it successfully.

Yes, the boss of one of the biggest and most successful publishers in the world is claiming that digital material is not protected by copyright, and that anyone can take and use it, which is why new laws are needed. Since he was talking about the EU's Article 11, he also seems to be conflating using snippets with taking an entire article. To underline his point, Döpfner offered a homely comparison:

If I can go to the grocery store and just grab a pound of butter or a carton of milk without paying for it, why should anyone come and pay for it, and why would anyone else offer butter or milk?

But that's not what Google is doing when it uses snippets. It's more like it is taking a picture of the pound of butter, and then showing people the photo along with the address of the grocery store when they search for "butter" using Google's search engine. Google is not stealing anything, just sending business to the store. It's the same with displaying snippets that link to the original article. The Über Medien post rightly goes on to note that publishers don't really have a problem with Google showing snippets and sending them traffic. But their sense of entitlement is so great they want to force the US company to pay for the privilege of sending them traffic. Or, to put it in terms of Döpfner's forced analogy:

Publishers do not want Google to stop stealing butter and milk in their supermarkets. The publishers want to oblige Google to steal bread and milk from them and pay for it.

The fact that the head of German's biggest publisher resorts to the old "you wouldn't steal a car/pound of butter/carton of milk" rhetoric shows just how vanishingly thin the argument in favor of a snippet tax really is. It's time for the EU politicians to recognize this, and remove it from the proposed copyright directive, along with Article 13's even-more pernicious upload filter. EU citizens can use the new SaveYourInternet site to contact their representatives. Ahead of the important EU vote on the proposed law early next week, now would be a really good time to do that.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

50 Comments | Leave a Comment..

Posted on Free Speech - 7 June 2018 @ 8:13pm

Unpublished Censorship Guidelines Lay Bare The Deepest Fears Of The Chinese Government

from the vulgar-use-of-a-microphone-controller dept

It's hardly a state secret that China is instituting the most complete surveillance and censorship system ever attempted by a society (so far), and on an unprecedented scale. Techdirt has been tracking that sad saga over the years, mostly reporting on how censorship is being implemented. Less information has been available about what exactly the Chinese government doesn't want people to know about/discuss. Aside from the obvious issues -- repression of Tibetans and Uyghurs, Tiananmen Square protests, environmental problems, government corruption etc. -- just what is Beijing afraid of? A document obtained by the The Globe and Mail may shed some light on this question, although it's still not entirely clear who wrote it:

It began circulating early this year, and is believed to have been issued by the powerful Cyberspace Administration of China, China's central Internet authority, which did not respond to requests for comment.

It's also possible that the document, which outlines 10 basic categories of banned content, was written by a government-affiliated trade association, a censorship expert said.

In any case, experts seem to accept that it represents the Chinese government's position quite well, which makes the insights it gives into official thinking extremely valuable. Forbidden activities include many that come as no surprise, such as: insulting leaders, criticizing official policies, spreading information about "made-up" accidents, epidemics, police incidents, and issues related to the economy. Celebrities are protected to a certain extent, with a ban on over-the-top stories about their sex scandals or luxurious lifestyles. Talking about violence, superstitions or religions are also out, as are the following:

Not only is pornography banned, but so is all obscenity, a category that includes "using a bed or sofa as a prop or background," appearing shirtless, wearing tattoos or dancing in a way "that has flirtatious and vulgar elements." Also forbidden is the spreading of harmful information, a category that includes cursing, smoking and drinking, gambling or "vulgar use of a microphone controller (or any mimicking of it)."

But alongside much that is outright wacky -- what on earth does "vulgar use of a microphone controller" even mean? -- the article quotes Yaxue Cao, the founder and editor of ChinaChange.org, who points out a more serious underlying strategy discernible here:

"It targets political dissent of course, but any activities that might cause a large number of people to coalesce, whether through popular entertainment such as Duanzi (jokes) and cartoons, or through direct sales network," she said, in an e-mail. "It also aims at content that might give people ideas of resistance and how-to knowledge. I go through each category, this is the theme I see: a heightened sense of regime insecurity."

It's a great point that explains much of what the Chinese government has done over the last few years. What the authorities fear above all else is not so much any of the topics mentioned above in themselves, but the thought that they might help people to band together, and even formulate an idea that is truly frightening for Beijing: that they could start to resist.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

44 Comments | Leave a Comment..

Posted on Techdirt - 5 June 2018 @ 3:23am

Study Shows That Wartime Program To Abolish Copyright On German Science Books Brought Significant Benefits To US

from the perhaps-we-should-do-it-more-often dept

As Techdirt readers know, there is a ratchet effect that means copyright always gets longer and stronger. As well as being inherently unfair -- why must the public always lose out when copyright law is changed? -- there's another unfortunate consequence. If the term or breadth of copyright were reduced from time to time, we would be able to test the effects of doing so on things like creativity. For example, if it turned out that shortening copyright increased the number of works being produced, then there would be a strong argument for reducing it further in the hope that the effect would be strengthened. The fact that we have been unable test this hypothesis is rather convenient for copyright maximalists. It means they can continue to call for the term of copyright to be increased without having to address the argument that this will cause less creativity, or reduce access to older works.

Even though it is not possible to test the effects of reduced copyright directly, two US academics, Barbara Biasi and Petra Moser, have spotted a clever way of investigating the idea indirectly, in the field of science publishing. As they write in a post on CEPR's policy portal, in 1942 the US Book Republication Program (BRP) allowed US publishers to reprint exact copies of German-owned science books, effectively abolishing copyright for that class of works. They have looked at what impact this dramatic change had on the use of those reprinted works by scientists. Comparing citation rates before and after the BRP was introduced is not enough on its own: citation rates fluctuate, so it is necessary to compare the BRP citation rate with something else. The researchers' solution is to look at the citation rate of Swiss books from the same time:

This approach addresses the issue that English-language citations may have increased mechanically after 1942, if English-language scientists published more after the war. Like German scientists, Swiss scientists were leaders in chemistry and mathematics and wrote primarily in German, but due to Switzerland's neutrality, Swiss-owned copyrights were not accessible to the BRP. [Office of Library Services] estimates of a matched sample of BRP and Swiss books (in similar fields and with similar levels of pre-BRP non-English citations) confirm the significant increase in citations in response to the BRP.

Specifically, there was a 67% increase in citations of BRP books compared to similar Swiss books. The research suggests this was driven largely by the 25% drop in average prices seen after the BRP scheme was introduced. The reduction in price seems to have allowed a wider range of US libraries to purchase the more affordable BRP texts, whereas Swiss books remained concentrated in the holdings of two wealthy research libraries (Yale and Chicago). Better access was correlated with more citations: the data shows that the latter increased most near the locations of BRP libraries. The researchers conclude:

In the context of contemporary debates, our findings imply that policies which strengthen copyrights, such as extensions in copyright length, can create enormous welfare costs by discouraging follow-on science, especially among less affluent institutions and scientists.

Critics might point out that this is just one study of one rather specific area. But that's an argument for reducing copyright terms, perhaps on a trial basis, to see whether the results of this research are confirmed. However, the copyright ratchet will never allow that, not least because the companies involved probably know it would confirm that constantly strengthening copyright is bad for everyone except themselves.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

34 Comments | Leave a Comment..

Posted on Techdirt - 31 May 2018 @ 7:40pm

ICANN's Pre-emptive Attack On The GDPR Thrown Out By Court In Germany

from the who-is-whois-for? dept

The EU's General Data Protection Regulation (GDPR) has only just started to be enforced, but it is already creating some seriously big waves in the online world, as Techdirt has reported. Most of those are playing out in obvious ways, such as Max Schrems's formal GDPR complaints against Google and Facebook over "forced consent" (pdf). That hardly came as a shock -- he's been flagging up the move on Twitter for some time. But there's another saga underway that may have escaped people's notice. It involves ICANN (Internet Corporation for Assigned Names and Numbers), which runs the Internet's namespace. Back in 2015, Mike memorably described the organization as "a total freaking mess", in an article about ICANN's "war against basic privacy". Given that history, it's perhaps no surprise that ICANN is having trouble coming to terms with the GDPR. The bone of contention is the information that is collected by the world's registrars for the Whois system, run by ICANN. EPAG, a Tucows-owned registrar based in Bonn, Germany, is concerned that this personal data might fall foul of the GDPR, and thus expose it to massive fines. As it wrote in a recent blog post:

We realized that the domain name registration process, as outlined in ICANN's 2013 Registrar Accreditation Agreement, not only required us to collect and share information we didn't need, it also required us to collect and share people's information where we may not have a legal basis to do so. What's more, it required us to process personal information belonging to people with whom we may not even have a direct relationship, namely the Admin and Tech contacts [for each domain name].

All of those activities are potentially illegal under the GDPR. EPAG therefore built a new domain registration system with "consent management processes", and a data flow "aligned with the GDPR's principles". ICANN was not happy with this minimalist approach, and sought an injunction in Germany in order to "preserve Whois data" -- that is, to force EPAG to collect those administrative and technical contacts. A post on the Internet Governance Project site explains why those extra Whois contacts matter, and what the real issue here is:

The filing by ICANN's Jones Day lawyers, which can be found here, asserts a far more sweeping purpose for Whois data, which is part of an attempt to make ICANN the facilitator of intellectual property enforcement on the Internet. "The technical contact and the administrative contact have important functions," the brief asserts. "Access to this data is required for the stable and secure operation of the domain name system, as well as a way to identify those customers that may be causing technical problems and legal issues with the domain names and/or their content."

As the tell-tale word "content" there reveals, the real reason ICANN requires registrars to collect technical and administrative contacts is because the copyright industry wants easy access to this information. It uses the personal details provided by Whois to chase the people behind sites that it alleges are offering unauthorized copies of copyright material. This is precisely the same ICANN overreach that Techdirt reported on back in 2015: the organization is supposed to be running the Internet's domain name system, not acting as a private copyright police force. The difference is that now the GDPR provides good legal and financial reasons to ignore ICANN's demands, as EPAG has noted.

In a surprisingly swift decision, the German court hearing ICANN's request for an injunction against EPAG has already turned it down:

the Court said that the collection of the domain name registrant data should suffice in order to safeguard against misuse the security aspects in connection with the domain name (such as criminal activity, infringement or security problems).

The Court reasoned that because it is possible for a registrant to provide the same data elements for the registrant as for the administrative and technical contacts, ICANN did not demonstrate that it is necessary to collect additional data elements for those contacts. The Court also noted that a registrant could consent and provide administrative and technical contact data at its discretion.

However, as ICANN rightly notes, that still leaves unanswered the key question: would collecting the administrative and technical contact information contravene the GDPR? ICANN says it is "continuing to pursue the ongoing discussions" with the EU on this, and a clarification of the legal situation here would certainly be in everyone's interests. But there is another important angle to this. As the security researcher Brian Krebs wrote on his blog back in February:

For my part, I can say without hesitation that few resources are as critical to what I do here at KrebsOnSecurity than the data available in the public WHOIS records. WHOIS records are incredibly useful signposts for tracking cybercrime, and they frequently allow KrebsOnSecurity to break important stories about the connections between and identities behind various cybercriminal operations and the individuals/networks actively supporting or enabling those activities. I also very often rely on WHOIS records to locate contact information for potential sources or cybercrime victims who may not yet be aware of their victimization.

There's no reason to doubt the importance of Whois information to Krebs's work. But the central issue is which is more important for society: protecting millions of people from spammers, scammers and copyright trolls by limiting the publicly-available Whois data, or making it easier for security researchers to track down online criminals by using that same Whois information? It's an important discussion that is likely to rage for some time, along with many others now being brought into sharper focus thanks to the arrival of the GDPR.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

58 Comments | Leave a Comment..

Posted on Techdirt - 29 May 2018 @ 7:53pm

New Organization Formed In South Africa To Promote The Rights Of Creators And Support Intelligent Copyright Reform

from the fair-use-is-only-fair dept

Over the years, Techdirt has written about some pretty bad stuff happening in South Africa on the copyright front. For example, there was the Business Software Alliance using made-up figures in an attempt to revise copyright law in its favor. The South African music rights organization tried to put public domain works under copyright. And -- most insane of all -- the South African recording industry association ran a stupid "anti-piracy" campaign called "Shoot the Pirate", which resulted in actual violence. So it makes a pleasant change to report on some good news from the country. A new organization of creators has been formed to press for a more balanced copyright system in South Africa. They call themselves ReCreate, although apparently the group has no connection with the similar US organization Re:Create. Here are the South African ReCreate's basic principles:

ReCreate exists to promote the interests of South African creatives with regards to copyright legislation.

As much as we are creators, we are users of existing cultural products. Currently our work can be blocked through censorship by those who claim to own our culture. Moreover we often do not not own the work we create. And many of us have been disadvantaged by an exploitative system which fails to pay us for our work.

Growing the digital economy requires innovation. South Africa is at a disadvantage to other countries with flexible copyright laws that support creativity.

We call on Government to include in the ongoing copyright reform three key issues to enable us to create the next generation of South African content for the world.

An update about the South African copyright reform currently underway can be found on the infojustice.org site. There's also an opinion piece in South Africa's Mail & Guardian written by some of ReCreate's founders, in which they explain some of the problems they face under current copyright legislation, and the fair use rights they need to help them produce new works in the digital world:

Parody and satire

Incidental use of background content

Use of works in public places

Digital archival

Creation of educational works

Non expressives uses on the Internet, including indexing, data mining and search

Re-mixing, transforming and re-interpreting

Creation of accessible copies for people with disabilities

Adaptation to future technology

However, according to another post on infojustice.org, the South African Department of Arts and Culture has come out against introducing fair use, claiming:

Fair use by its nature is open-ended and it creates uncertainties in the management of rights. If adopted, this model will permit uncontrollable and unreasonable access to copyright materials resulting into reduction of real income for copyright owners.

Although it's disappointing to see this kind of tired old FUD being spread, it's great to see artists standing up for themselves like this in South Africa. For too long, the copyright companies have claimed to represents artists while doing precious little to help them create new works or earn a decent living. The founding of ReCreate is a hopeful sign that things may be about to change.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

27 Comments | Leave a Comment..

Posted on Techdirt - 21 May 2018 @ 3:37am

Report Confirms Deep Flaws Of Automated Facial Recognition Software In The UK, Warns Its Use In The US Is Spreading

from the mind-the-step-change dept

Techdirt has written many stories about facial recognition systems. But there's a step-change taking place in this area at the moment. The authorities are moving from comparing single images with database holdings, to completely automated scanning of crowds to obtain and analyze huge numbers of facial images in real time. Recently, Tim Cushing described the ridiculously high level of false positives South Wales Police had encountered during its use of automated facial recognition software. Before that, a post noted a similarly unacceptable failure rate of automated systems used by the Metropolitan Police in London last year.

Now Big Brother Watch has produced a report bringing together everything we know about the use by UK police of automated facial recognition software (pdf), and its deep flaws. The report supplements that information with analyses of the legal and human rights framework for such systems, and points out that facial recognition algorithms often disproportionately misidentify minority ethnic groups and women.

The UK situation is fairly well known. There's been less coverage of automated facial recognition systems in the US, and the Big Brother Report offers some comments from experts about what is happening there. For example, Clare Garvie from the Georgetown Law Center on Privacy and Technology, writes:

Face recognition surveillance -- identifying people in real-time from live video feeds -- risks being an imminent reality for many Americans. Are we comfortable with a society where face recognition allows police to identify anyone with a driver’s license, without suspicion or consent? Are we comfortable with a society where the government can find anyone, at any time, by continuously scanning the faces of people on the sidewalk? Face recognition fundamentally changes the nature of privacy in public spaces. As government agencies themselves have cautioned, face recognition surveillance 'has the potential to make people feel extremely uncomfortable, cause people to alter their behaviour, and lead to self-censorship and inhibition,' chilling the exercise of the rights protected under the First Amendment and calling into question the scope of protections offered by the Fourth Amendment.

Alongside its report, Big Brother Watch has launched the "Face Off" campaign calling for the UK public authorities to stop using automated facial recognition software with surveillance cameras, and to remove the thousands of images of unconvicted individuals from the UK's Police National Database. Given the UK authorities' world-famous love of CCTV and surveillance, it's unlikely they will take much notice.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

53 Comments | Leave a Comment..

Posted on Techdirt - 8 May 2018 @ 9:08pm

New Report Shines Much-Needed Light On Shadow Libraries Around The World

from the another-reason-to-defend-privacy-and-anonymity-online dept

Techdirt readers with long memories may recall a post back in 2011 about a 440-page report entitled "Media Piracy in Emerging Economies." As Mike wrote then, this detailed study effectively debunked the entire foundation of US attempts to impose maximalist copyright regimes on other countries. That report was edited by Joe Karaganis, who has put together another collection of articles, called "Shadow Libraries: Access to Knowledge in Global Higher Education", that are also likely to be of interest to Techdirt readers. As Karaganis writes in his introduction:

To a large extent, our work on Shadow Libraries started where Media Piracy ended, with the confirmation that the main factors underlying high rates of piracy in the developing world were the obvious ones: high prices for legal media, low incomes, and the continued diffusion of cheap copying technologies.

Unsurprisingly, Karaganis takes Sci-Hub as the emblematic "shadow library":

As everyone from [Sci-Hub's creator] Elbakyan to Elsevier knew, however, Sci-Hub's importance was not its permanence as a service but its status as a proof of concept. Its core archive of fifty million articles was freely available and its basic search and archive features easily replicated.

...

If Elbakyan's story has struck a chord, it is in part because it brings this contradiction in the academic project into sharp relief -- universalist in principle and unequal in practice. Shadow Libraries is a study of that tension in the digital era.

The rest of the 321 pages explores how that tension -- between striving for free and frictionless access to all human knowledge and the copyright industry's attempts to turn learning into a luxury product -- is playing out in eight different countries. Techdirt has covered many of the stories -- for example, those in Russia, India and Argentina. But the report fleshes out the bare facts previously reported here, and provides far more context and analysis. The detailed history of Library Genesis, a precursor to Sci-Hub in Russia, is particularly fascinating. For other countries such as South Africa, Poland, Brazil and Uruguay, the new studies offer insights into regions rarely discussed in the West, and provide good starting points for deeper understanding of those countries. As Karaganis notes, the new study is a transitional one:

catching the moment of widespread digitization of materials and related infrastructure but not yet the digitization of the wider teaching, learning, and research ecosystem, and not the stabilization of legal models and frameworks that can keep pace with the growth of higher education and the global scale of emerging knowledge communities.

Importantly, though, the underlying dynamics of sharing knowledge are the same as those driving the unauthorized distribution of media materials, discussed in the 2011 study:

this informal copy culture is shaped by high prices, low incomes, and cheap technology -- and only in very limited ways by copyright enforcement. As long as the Internet remains "open" in the sense of affording privacy and anonymity, shadow libraries, large and small, will remain powerful facts of educational life. As in the case of music and movies, we think the language of crisis serves this discussion poorly. This is an era of radical abundance of scholarship, instructional materials, and educational opportunity. The rest is politics.

Those are points we've made here on Techdirt many times before. We are enjoying an era of unprecedented digital abundance, which the copyright industries are fighting to shut down in order to preserve their outdated business models based on scarcity. One way they try to do that is to attack the Internet's openness by striving to weaken privacy and anonymity online, regardless of the collateral harm this causes. The importance of shadow libraries in global higher education is another reason to resist that.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 7 May 2018 @ 9:24am

Irish Judge Slaps Down Facebook's Attempt To Halt EU's Top Court Examining The Legality Of Sending Personal Data To US

from the unquantifiable-and-incapable-of-being-remedied dept

A few weeks ago, we wrote about the Irish High Court referring to the EU's highest court, the Court of Justice of the European Union (CJEU), eleven questions concerning the legality of personal data transfer across the Atlantic.The questions were prompted by a case brought by the privacy expert Max Schrems challenging Facebook's data transfers. When the Irish High Court judge indicated that she intended to make an order for a so-called "preliminary ruling" by the CJEU -- that is, one which addresses the fundamental legal questions raised by the case -- Facebook applied for a stay in order to appeal against the judge's decision at other, higher Irish courts. That's hardly surprising: Facebook's business model depends on being able to move sensitive user data around as it wishes. If both Privacy Shield and the "Standard Contractual Clauses" (SCCs) are ruled illegal, then Facebook -- and many other companies -- will have big problems. Given the danger, it's no wonder that Facebook is trying everything it can to prevent the CJEU from answering those questions.

Considering Facebook's application, the same High Court judge who had made the reference to the CJEU explained that in her view (pdf) there is no right to appeal against that request for clarification under Irish law. However, she went on to consider what the relative harms to each party would be if she were in fact wrong on this matter, and came down firmly in favor of Schrems:

In my opinion, the very real prejudice is potentially suffered by Mr. Schrems and the millions of EU data subjects if the matter is further delayed by a stay as sought in this case. Their potential loss is unquantifiable and incapable of being remedied.

The High Court judge also tackled Facebook's main argument why the reference to the CJEU should be put on hold: because the EU's new General Data Protection Regulation (GDPR) was about to be enforced, and that would change the legal context dramatically. However, the judge was having none of this, not least because Facebook was trying to introduce a completely new argument at this very late stage of the legal process. As she wrote in her judgment:

The fact that the point is only now being raised gives rise to considerable concern as to the conduct of the case by Facebook and the manner in which it has dealt with the court.

This is the judge's polite way of saying that Facebook's behavior is bloody outrageous. She goes on:

Clearly the existing delays have already potentially gravely prejudice[d] the [Irish Data Protection Commissioner] and Mr. Schrems. I do not propose to exacerbate this potential prejudice any further. If I had been prepared to grant a limited stay on the order of reference to allow for an application to be made to the [Irish] Supreme Court for leave to appeal, I am firmly of the view that this argument clearly weighs against the grant of any stay in the circumstances.

I am of the opinion that the court will cause the least injustice if it refuses any stay and delivers the reference immediately to the [EU] Court of Justice. I so order.

That's a "no", then...

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

2 Comments | Leave a Comment..

Posted on Techdirt - 2 May 2018 @ 8:05pm

Thousands Of Academics Pledge To Boycott Springer's New Machine Learning Title In Support Of Long-Established Open Access Journal

from the if-it-ain't-broke,-and-it's-free,-don't-fix-it dept

Among Techdirt's many stories chronicling the (slow) rise of open access publishing, a number have been about dramatic action taken by researchers to protest against traditional publishers and their exploitative business model. For example, in 2012, a boycott of the leading publisher Elsevier was organized to protest against its high journal prices and its support for the now long-forgotten Research Works Act. In 2015, the editors and editorial board of the Elsevier title Lingua resigned in order to start up their own open access journal. Now we have another boycott, this time as a reaction against the launch of the for-profit Nature Machine Intelligence, from the German publishing giant Springer. Thousands of academics in the field have added their names to a statement about the new title expressing their concerns:

the following list of researchers hereby state that they will not submit to, review, or edit for this new journal.

We see no role for closed access or author-fee publication in the future of machine learning research and believe the adoption of this new journal as an outlet of record for the machine learning community would be a retrograde step. In contrast, we would welcome new zero-cost open access journals and conferences in artificial intelligence and machine learning.

The contact person for the statement is Thomas G. Dietterich, Distinguished Professor (Emeritus) and Director of Intelligent Systems at Oregon State University. He has a long history of supporting open access. In 2001, he was one of 40 signatories to another statement. It announced their resignation from the editorial board of the Machine Learning Journal (MLJ), which was not open access, and their support for the Journal of Machine Learning Research (JMLR), launched in 2000, which was open access. As they wrote:

our resignation from the editorial board of MLJ reflects our belief that journals should principally serve the needs of the intellectual community, in particular by providing the immediate and universal access to journal articles that modern technology supports, and doing so at a cost that excludes no one. We are excited about JMLR, which provides this access and does so unconditionally. We feel that JMLR provides an ideal vehicle to support the near-term and long-term evolution of the field of machine learning and to serve as the flagship journal for the field.

That confidence seems to have been justified. JMLR is now up to its 18th volume, and is flourishing. It is "zero cost" open access -- it makes no charge either to read or to be published if a paper is accepted by the editors. The last thing this minimalist operation needs is a rival title from a well-funded publisher able to pour money into its new launch in order to attract authors and take over the market. Hence the current boycott of Nature Machine Intelligence, and the call for "new zero-cost open access journals and conferences in artificial intelligence and machine learning" instead.

As to why Springer decided to announce a competitor to a well-established, and well-respected journal, an article in The Next Web points out that the German publishing company is about to offer shares worth up to €1.6 billion (around $1.95 billion) in its imminent IPO. A new journal covering the super-hot areas of AI, machine learning and robotics is just the sort of thing to help give the share price a boost. And when there's serious money to be made, who cares about the collateral damage to a much-loved open access title running on a shoestring?

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

7 Comments | Leave a Comment..

Posted on Techdirt - 1 May 2018 @ 10:42am

Germany's Supreme Court Confirms That Adblocking Is Legal, In Sixth Consecutive Defeat For Publishers

from the never-gonna-give-you-up dept

Adblocking is something that many people feel strongly about, as the large number of comments on previous posts dealing with the topic indicates. Publishers, too, have strong feelings here, including the belief that they have a right to make people view the ads they carry on their sites. (Techdirt, of course, has a rather different position.) In Germany, publishers have sued the makers of AdBlock Plus no less than five times -- and lost every case. It will not surprise Techdirt readers to learn that those persistent defeats did not stop the German media publishing giant Axel Springer from trying yet again, at Germany's Supreme Court. It has just lost. As Adblock Plus explains in a justifiably triumphant blog post:

This ruling confirms -- just as the regional courts in Munich and Hamburg stated previously -- that people have the right in Germany to block ads. This case had already been tried in the Cologne Regional Court, then in the Regional Court of Appeals, also in Cologne -- with similar results. It also confirms that Adblock Plus can use a whitelist to allow certain acceptable ads through.

Reuters notes that Springer's case was just the first of five against Adblock Plus to reach the Supreme Court in Germany, although the others are presumably moot in the light of this definitive decision. However, that does not mean Springer is giving up. There remains one final option:

Springer said it would appeal to the [German] Constitutional Court on the grounds that adblockers violated press freedom by disrupting online media and their financial viability.

Yes, that's right: if you are using an adblocker, you are a bad person, who hates press freedom....

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+.

34 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2018 @ 10:42am

Innocent Man Charged With Murder Because His DNA Was Found On The Fingernails Of Victim, Whom He Had Never Met

from the DNA-is-formidable,-not-infallible dept

The forensic use of DNA is rightly regarded as one of the most reliable ways of establishing the identity of someone who was present at a crime scene. As technology has advanced, it is possible to use extremely small traces of genetic material to identify people. One possibility that has so far received little attention is that the DNA of someone might be transferred accidentally to a murder victim's body, say, even though the former person had absolutely nothing to do with the latter's death, and maybe had never even met him or her. The Marshall Project has a fascinating and important report on just such a case.

Back in 2012, a group of men broke into the Silicon Valley home of a 66-year-old investor, tied him up, blindfolded him, and gagged him with duct tape. The duct tape caused him to suffocate, turning a robbery into a murder. Some DNA found on the victim's fingernails matched that of a homeless man, who was well-known to local police. It seemed an open-and-shut case -- even the alleged murderer, who had memory problems, admitted he might have done it, given this apparently incontrovertible proof. Fortunately, his lawyer was diligent in checking everything about her client in the hope of at least mitigating his punishment. As she examined his medical records, she discovered the following:

The medical records showed that [the accused] Anderson was also a regular in county hospitals. Most recently, he had arrived in an ambulance to Valley Medical Center, where he was declared inebriated nearly to the point of unconsciousness. Blood alcohol tests indicated he had consumed the equivalent of 21 beers. He spent the night detoxing. The next morning he was discharged, somewhat more sober.

That night her client had been in hospital was when the murder had been committed. Further research confirmed that he could not have been on the crime scene, and also that he had never met the victim. The question then became: how had his DNA -- for there was no doubt it was his -- ended up on the fingernails of a murdered man?

The connection was found in the paramedics who had responded to the discovery of the murder victim. It turned out that earlier that day they had taken the innocent man accused of the murder to Valley Medical Center after he had collapsed drunk in a supermarket. Somehow, improbable as it might seem, they had transferred his DNA onto the murder victim, where it was later discovered by the forensic scientists.

The Marshall Project article goes into much more detail about the case and the history of using DNA to solve crimes -- it's well-worth reading. It highlights two crucial facts that need to be taken into account when DNA is used as evidence, especially for serious crimes carrying heavy penalties. One is that we all leave our DNA everywhere:

An average person may shed upward of 50 million skin cells a day. Attorney Erin Murphy, author of "Inside the Cell," a book about forensic DNA, has calculated that in two minutes the average person sheds enough skin cells to cover a football field. We also spew saliva, which is packed with DNA. If we stand still and talk for 30 seconds, our DNA may be found more than a yard away. With a forceful sneeze, it might land on a nearby wall.

To find out the prevalence of DNA in the world, a group of Dutch researchers tested 105 public items -- escalator rails, public toilet door handles, shopping basket handles, coins. Ninety-one percent bore human DNA, sometimes from half a dozen people. Even items intimate to us -- the armpits of our shirts, say -- can bear other people's DNA, they found.

The other fact is that contamination of key DNA samples by those investigating a crime is the rule, not the exception:

A 2016 study by Gill, the British forensic researcher, found DNA on three-quarters of crime scene tools he tested, including cameras, measuring tapes, and gloves. Those items can pick up DNA at one scene and move it to the next.

Once it arrives in the lab, the risk continues: One set of researchers found stray DNA in even the cleanest parts of their lab. Worried that the very case files they worked on could be a source of contamination, they tested 20. Seventy-five percent held the DNA of people who hadn't handled the file.

As the article emphasizes, DNA is indeed an incredibly powerful forensic tool, which has helped convict the guilty, as well as exonerate the innocent. But it is not infallible. The question is: how many other people have been wrongly charged, convicted and punished because of stray DNA?

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+.

20 Comments | Leave a Comment..

More posts from Glyn Moody >>