Glyn Moody’s Techdirt Profile


About Glyn MoodyTechdirt Insider

Posted on Techdirt - 27 March 2015 @ 2:39pm

UN Appoints Special Expert To Report On Online Privacy; Surprisingly, US And UK Don't Object

from the wonders-will-never-cease dept

The world of online privacy was changed forever by Edward Snowden's revelations of massive, global spying by the US, UK and others. And the repercussions of his actions continue to make themselves felt. Two countries particularly affected by the surveillance conducted against them, Germany and Brazil, have led efforts to appoint a new rapporteur (special expert) for privacy at the United Nations Human Rights Council, and with surprising success. Despite fears that the US or UK might try to block the move, or neuter the role, they both accepted the following resolution, which was adopted by consensus, without a vote:

The Council invites the Special Rapporteur to include in the first report considerations on the right to privacy in the digital age; calls upon all States to cooperate fully with and assist the Special Rapporteur in the performance of the mandate, including by providing all necessary information requested by him or her, to respond promptly to his or her urgent appeals and other communications, to consider favourably the mandate holder’s requests to visit their countries and to consider implementing the recommendations made by the mandate holder in his or her reports.
It will be interesting to see what happens when the Rapporteur comes calling on the NSA and GCHQ asking for more details of their surveillance operations. The resolution affirmed a general right to privacy:
according to which no one shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, and the right to the protection of the law against such interference...; recognizes the global and open nature of the Internet and the rapid advancement in information and communications technology as a driving force in accelerating progress towards development in its various forms; and affirms that the same rights that people have offline must also be protected online, including the right to privacy.
The Rapporteur will have no real powers to demand information or enforce recommendations. But at the very least, the creation of this new role will help to increase international awareness of the importance of privacy in the digital world, and of the scale of the threats ranged against it.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 26 March 2015 @ 1:05am

Unimpressed, UK's Parliamentary Committee For Business Calls For 'Evidence-Based Approach' To TAFTA/TTIP

from the making-astrology-look-respectable dept

Given the magnitude of the effect that TAFTA/TTIP could have on the economies and daily life of both the US and EU, it is surprising that there has not been more analysis of its likely impact. In particular, you would have thought that the governments who favor it would have made great efforts to deploy plenty of evidence supporting the agreement. Instead, the European Commission simply repeats the same set of figures from the 2013 analysis that it commissioned from the London-based CEPR group (pdf), while the US side seems to think even one study is one too many.

Analyses from the public's political representatives are also surprisingly thin on the ground. That makes a new report from one of the UK Parliament's specialist committees, which are made up of current MPs, particularly welcome. It comes from the Business, Innovation and Skills (BIS) Committee, so you might expect it to be really upbeat about the TTIP negotiations. Instead, it is pretty unimpressed by the debate so far:

The BIS Committee finds that while a lack of detail on negotiations makes it difficult to assess the benefits of TTIP, all involved in the debate -- campaigners, lobbyists, business groups, the UK Government and the European Commission -- must ensure they take an evidence-based approach when assessing TTIP’s potential.
The report focuses on two main areas: TTIP's economic benefits and the corporate sovereignty provisions, also known as investor-state dispute settlement (ISDS). As it notes, the main figures used time and again in support of the trade deal come from the European Commission's CEPR report. Leaving aside its many debatable assumptions, one key fact that has emerged is that the core prediction for the best-case scenario -- US and EU economies to grow by 0.4% and 0.5% respectively as a result of TTIP -- refers to cumulative growth by 2027, and therefore amounts to around 0.05% extra GDP per year, on average. Regarding this fact, the economist Dean Baker wrote: "As growth policy, this trade deal doesn't pass the laugh test." On this issue, the Committee commented:
When we challenged the [UK Trade] Minister on the accuracy of the estimated benefits of TTIP, he appeared to agree that they should not be taken as fact. In doing so he quoted JK Galbraith, who said that the only purpose of economic forecasts was to make astrology look respectable.
The Committee was equally unimpressed with the arguments in favor of including a corporate sovereignty chapter:
We have yet to be convinced of the need for ISDS provisions in TTIP. The UK Government and the EU must demonstrate that the advanced legal institutions of the EU and the US cannot protect foreign investors before any ISDS is considered in the TTIP.
Again, coming from a naturally pro-business Parliamentary Committee, that's a pretty damning comment. It shows just how much work the US and EU governments need to do in order to convince people -- even those favorably inclined to the idea -- that TAFTA/TTIP is worth bothering with at all.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

13 Comments | Leave a Comment..

Posted on Techdirt - 25 March 2015 @ 8:23am

Copyright Industry Keeps Asking For More In Australia: VPN Ban Next?

from the collateral-damage dept

Techdirt has been following the rather depressing saga of the Australian government's attempt to ram through new copyright powers for some time now. As TorrentFreak reports, under great pressure from the Australian government, local ISPs have put together a draft voluntary code for dealing with alleged copyright infringement (pdf). The Australasian Music Publishers Association (AMPAL) has now weighed in, and basically wants everything to be much harsher, including the following:

"The Code does not place a general obligation on ISPs to monitor and detect online copyright infringement," the publishers write. "AMPAL submits that ideally the Code should include such a duty using ISPs’ monitoring and filtering techniques."


"The Code does not require ISPs to block access to infringing material. AMPAL submits that ideally the Code should include provisions obliging ISPs to take such action following provision of the relevant information by Rights Holders and/or following discovery of copyright infringing websites by ISPs’ monitoring and filtering techniques," the publishers write.


"AMPAL submits that ideally additional options should be available to Rights Holders in the form of sanctions or mitigation procedures to be imposed on Account Holders," the publishers write.
In other words, AMPAL wants to get ISPs do all the dirty work, turning them into both cops and executioner. But AMPAL isn't alone in coming up with disproportionate responses to the ISP code. Via ZDNet, here's a comment from BBC Worldwide (pdf), the wholly-owned commercial arm of the British broadcaster:
The Code is ill-equipped [to] deal with consumers who spoof or mask their IP addresses to avoid detection, behaviour that we believe will increase as a result of an introduction of a notice scheme.
The footnote for that point refers to a TorrentFreak article about Canadian piracy notifications boosting demand for VPNs, which confirms that what BBC Worldwide is concerned about here is the ease with which Australians will be able to use things like VPNs to evade sanctions by masking their IP address.

Of course, anyone who understands how the Internet works -- and how people use it -- has been pointing this out for years. But the worrying thing is that the copyright industry seems to be surprised by this possibility. Knowing the way it thinks, and its complete indifference to the collateral damage it might cause, the fear has to be that the next stage in its war on sharing will be demanding that governments ban VPNs.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

35 Comments | Leave a Comment..

Posted on Techdirt - 24 March 2015 @ 9:11pm

Open Letter To Key EU Copyright Working Group Calls For 'Balanced Representation Of Views'

from the good-luck-with-that dept

Back in January, we wrote about the report from the Pirate Party MEP Julia Reda, which made a number of bold but sensible proposals for reforming the EU's 2001 copyright directive. Not surprisingly, the lobbyists have been hard at work, and no less than 556 amendments to the report have been proposed (pdf), many of them clearly aiming to undermine some of Reda's ideas completely -- for example, those seeking to rein in DRM. One of the important players in the revision process is the European Parliament's Working Group on Intellectual Property Rights and Copyright Reform, which describes itself as follows:

The aim of the Working Group is to reflect on IPR issues and especially to pave the way to the upcoming reform of the EU legal framework on copyright. The Working Group will meet once a month and will exchange views with the widest range of stakeholders and civil society. The result of the work would serve as a starting point for future legislative review in the field and would enable Members to present concrete and innovative proposals to the European Commission.
Of course, one of the problems with reform in this area is that rarely do lawmakers engage with "the widest range of stakeholders and civil society": instead, they tend to listen to what the copyright industries tell them, and act accordingly. Hoping to head off that risk this time, a group of industry and civil society groups has sent an open letter to the coordinator of the Working Group (pdf), Jean-Marie Cavada, calling for a more balanced representation of views. Here's the key section (found via Netzpolitik):
We would like to express our concern with regard to the lack of diversity of expert speakers and the corresponding representation of views. In the digital age, copyright impacts a great variety of stakeholders. Apart from established copyright industries and authors, it is of great relevance to citizens, consumers, cultural heritage institutions, libraries, researchers, universities and the Internet industries. It is also of fundamental importance to creators who are taking advantage of new, digital opportunities and who are not represented by traditional copyright industries.

In that context, we call on the WG to make sure that these views are appropriately represented in the upcoming meetings. Making copyright rules future-proof requires a holistic approach. This can only be achieved if the full spectrum of stakeholders is adequately represented and given a chance to speak in front of Members of Parliament who will ultimately be tasked with passing new copyright legislation.
That pre-emptive call is a shrewd move: it makes the Working Group's coordinator aware that people are watching carefully who exactly he calls to give their views. Whether it succeeds in producing a more balanced representation is another matter.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

7 Comments | Leave a Comment..

Posted on Techdirt - 24 March 2015 @ 11:36am

Indian Supreme Court Strikes Down Censorship Law -- But Leaves Web Blocking

from the pillars-of-democracy dept

Back in 2012, Techdirt reported on a poor Twitter user who was arrested after tweeting to his 16 followers something vaguely unflattering about a politician. The law invoked in this case, Section 66A of India's Information Technology (IT) Act, has been used on other occasions against many quite harmless online comments, particularly if they embarrassed the powerful. Now India's Supreme Court has struck it down, as the Times of India reports:

The court said such a law hit at the root of liberty and freedom of expression, the two cardinal pillars of democracy. The court said the section has to be erased from the law books as it has gone much beyond the reasonable restrictions put by the Constitution on freedom of speech. The Supreme Court said section 66A was vaguely worded and allowed its misuse by police.
But the judges did not eliminate another controversial power granted by the IT Act:
The court, however, upheld the validity of section 69B and the 2011 guidelines for the implementation of the I-T Act that allowed the government to block websites if their content had the potential to create communal disturbance, social disorder or affect India's relationship with other countries.
Those are pretty vague criteria, and it's easy to see them being abused, just as Section 66A was. Nonetheless, this is an important ruling (pdf), not least for the Indian Supreme Court's robust defense of free speech. Let's hope future Indian laws attempting to control online activities take note of its wisdom.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Read More | 1 Comments | Leave a Comment..

Posted on Techdirt - 24 March 2015 @ 1:05am

All Parties In Austrian Parliament Support Resolution Calling For Action Against NSA And GCHQ Spying

from the largely-symbolic,-still-significant dept

However much the US government might hope otherwise, there is still widespread concern in Europe about the activities of the NSA and its Five Eyes friends. Here's the latest proof of that: a joint motion signed by all political parties in the Austrian parliament, against illegal surveillance (via Netzpolitik). The Parliament's own summary of what the motion contained reads as follows (original in German):

The recent revelations of the US whistleblower Edward Snowden have now acted as a call to action for the six parliamentary groups. In a resolution introduced jointly, they express their support for tackling seriously the illegal spying by the US foreign intelligence NSA, its British counterpart GCHQ and other foreign intelligence services. In their opinion, the [Austrian] government should exhaust all available diplomatic options, and diligently pursue violations of the Austrian Criminal Code. In addition, the MPs urge taking steps at the European level to promote the technological independence of Europe in the field of information and communication technology.

In the justification for the motion, reference was made to the recently-discovered "cyberbug", presumably attributable to the NSA. With this new malware, which cannot be detected by anti-virus software, and can even survive wiping the hard disk undamaged, it is possible for encryption to be circumvented, for example. The Members find equally worrying the theft of millions of electronic encryption keys from the Dutch SIM card producer Gemalto.
Although the motion in itself is unlikely to achieve much, it's a clear indication of continuing anger among European politicians at the activities of the NSA and GCHQ in spying on innocent members of the public, and undermining key elements of telecommunications infrastructure. If nothing else, it's a timely reminder that there are plenty of unresolved issues here, and that they are likely to have serious ramifications on US-EU relations in the future, not least in areas like Safe Harbor and TAFTA/TTIP.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

16 Comments | Leave a Comment..

Posted on Techdirt - 23 March 2015 @ 9:29am

Does Patent Licensing by Patent Trolls - Or Anyone - Serve A Useful Purpose?

from the nope,-not-really dept

Patent trolls -- sometimes known more politely as "Non-Practising Entities" (NPEs) -- probably have few fans among Techdirt readers, but there are some who try to justify their activities. Here's how the argument usually goes:

Defenders of patent trolls ... argue that they serve as business intermediaries between inventors and commercializers. While the traditional theory of the patent system is that patents encourage innovation by allowing inventors to exclude competitors from the market and therefore earn supracompetitive returns, a number of scholars have argued that the patent system can encourage commercialization of inventions once they are made by allowing the inventor to control who can develop the technology.
That comes from an interesting new paper from Robin Feldman and Mark A. Lemley, which explores whether patent trolls really do fulfill this theoretical function in practice. It's long and detailed, but its results are pretty clear-cut:
Based on our preliminary evidence, the theory that NPEs facilitate innovation either through the creation of new products or by delivering actual technical know-how from inventors to implementers doesn’t hold water. NPEs almost never actually provide any valuable information to their licensees, and they rarely, if ever, prompt the development of any new products. Licensees are paying for freedom to operate -- the right not to be sued for implementing technology they developed on their own but which someone has asserted will fit within their patent rights. Thus, the study does not support the efficient middleman hypothesis for characterizing the role of NPEs.
That's a valuable contribution to the debate about patent trolls, but the paper offers other insights. For example, it finds that not only do patent trolls not bring about much technology transfer with their patent licensing, neither does anyone else, either:
That doesn’t mean technology transfer doesn’t happen; it does. But it may mean that technology transfer happens early in the life of a technology, and that secrets, collaborations, and informal know-how, not patents, are the primary focus of real technology licensing agreements.
That's an important point. The paper also provides yet more evidence that the 1980 Bayh-Dole Act, designed to encourage the commercialization of research results through licensing, actually turns universities into patent trolls -- something that Techdirt has discussed before. Although the authors suggest that further research is needed to confirm their results, it already seems pretty clear that both patent trolls and Bayh-Dole need to go.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

52 Comments | Leave a Comment..

Posted on Techdirt - 20 March 2015 @ 7:39pm

UK Government Admits Intelligence Services Allowed To Break Into Any System, Anywhere, For Any Reason

from the confession-time dept

Recently, Techdirt noted that the FBI may soon have permission to break into computers anywhere on the planet. It will come as no surprise to learn that the US's partner in crime, the UK, granted similar powers to its own intelligence services some time back. What's more unexpected is that it has now publicly said as much, as Privacy International explains:

The British Government has admitted its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justifed to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime.
That important admission was made in what the UK government calls its "Open Response" to court cases started last year against GCHQ. Here's what it reveals, according to Privacy International:
Buried deep within the document, Government lawyers claim that while the intelligence services require authorisation to hack into the computer and mobile phones of "intelligence targets", GCHQ is equally permitted to break into computers anywhere in the world even if they are not connected to a crime or a threat to national security.
The intelligence services assert the right to exploit communications networks in covert manoeuvres that severely undermine the security of the entire internet. The deployment of such powers is confirmed by recent news stories detailing how GCHQ hacked into Belgacom using the malware Regin, and targeted Gemalto, the world's largest maker of SIM cards used in countries around the world.
What's important about this revelation is not just the information itself -- many people had assumed this was the case -- but the fact that once more, bringing court cases against the UK's GCHQ has ferreted out numerous details that were previously secret. This shows the value of the strategy, and suggests it should be used again where possible.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

55 Comments | Leave a Comment..

Posted on Techdirt - 20 March 2015 @ 6:32pm

Beyond Freedom Of Information Requests: Freedom Of Code Requests

from the let-my-software-go dept

Freedom of information requests have become one of the most useful weapons in the armory of those seeking to bring more transparency and oversight to governments. Indeed, so powerful are they that the person responsible for introducing them in the UK, Tony Blair, later came to regret doing so:

"You idiot. You naive, foolish, irresponsible nincompoop," Blair wrote of himself in his autobiography "A Journey" last year, recalling his adoption of the law, which took effect in 2005. "There is really no description of stupidity, no matter how vivid, that is adequate. I quake at the imbecility of it."
A recent decision in France expands the power of the freedom of information law there in a rather interesting way. The case concerns a request to the Commission for Access to Administrative Documents (CADA, in French), an independent administrative authority responsible for ensuring the freedom of access to administrative documents. Here's what happened, as reported by the French free software organization April:
At the end of November 2014, the CADA received a request by Mr X, who asked the Public Finance Department (Direction Générale des Finances Publiques -- DGFiP) to send him the source code of the software for simulating personal income tax, in order to use it for academic research. At its board of 8 January 2015, the CADA issued its opinion, which was "favourable to communicating the requested source code to Mister X, in the format under which the government services store it. The requestor is free to reuse it according to Section 12 of the Act of 17 July 1978, barring any intellectual property rights held by third parties to the government services, which wouldn't have been mentioned by the Director General for Finances".
That broadens the application of access to government documents to include government software -- presumably on the basis that its source code is indeed a kind of document. It will be interesting to see whether similar requests will be granted by other government departments in France, and if other countries could be persuaded to adopt the same view.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

10 Comments | Leave a Comment..

Posted on Techdirt - 20 March 2015 @ 3:39pm

Major Campaign Against TPP's Unbalanced Copyright Rules Launched In Japan

from the otaku-culture-at-risk dept

As TPP allegedly draws near to completion -- although the participants have been saying this for a long time now -- a new sense of urgency is beginning to spread among those worried by the adverse impact it is likely to have on many aspects of everyday life. This has led to an important declaration in Japan by a group of organizations particularly concerned about TPP's copyright provisions, notably plans to raise the term of copyright to life plus 70 years. As Maira Sutton reports for the EFF:

Representatives of the Japanese digital rights organizations, MIAU, Creative Commons Japan, and thinkC, presented a joint statement endorsed by 63 organizations and businesses that describes the threats that the TPP's copyright provisions would pose to Japan's culture. The event was also streamed online, where over 15,000 users tuned in to watch.
Specific features of Japan's culture are at risk from TPP:
In addition to opposing lengthy copyright terms, the anime and fan-art community are also concerned about the TPP's criminal enforcement provisions. There is a particular section that says that "competent authorities may act upon their own initiative to initiate a legal action without the need for a formal complaint" by the copyright holder. The fear is that this would lead to a major crackdown on derivative works, including written or drawn fan fiction, recorded music covers of songs, or cosplayers, who may upload photos of themselves dressed as characters. These are all elements of Japan's thriving "otaku" culture, which has spread around the world and brought in millions of dollars for Japanese creators.
As Sutton points out, both the copyright extension and the "non-complaint" provisions failed to pass in Japan because they were so controversial. The growing realization that TPP will force them on the country anyway may provide the wake-up call needed for more people in Japan to start resisting TPP's unjustified strengthening of already-unbalanced intellectual monopolies.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

10 Comments | Leave a Comment..

Posted on Techdirt - 20 March 2015 @ 12:56am

How Corporate Sovereignty Provisions Could Undermine Anti-Trust Actions

from the are-you-sure-you-want-to-do-that? dept

One of the (many) problems with corporate sovereignty provisions in treaties is that their practical effects are highly unpredictable. Unlike courts operating in the Anglo-Saxon tradition, investor-state dispute settlement (ISDS) tribunals are not obliged to take into account precedents set in previous hearings. Essentially, they can come to more or less any decision -- one, moreover, against which there is no real appeal. That means the inclusion of ISDS in TAFTA/TTIP and TPP is giving hostages to fortune: nobody can honestly say that they know how things will work out later on.

Writing on the International Economic Law and Policy Blog, Simon Lester has raised an intriguing -- and deeply troubling -- possibility in this context. He points to a pro-TPP piece that appeared in the Washington Post recently. It includes the following point:

[Qualcomm's] substantial share of the Chinese chip market attracted the attention of the Chinese government, which proceeded to extract $1 billion in fines for alleged anti-competitive practices. In the U.S., where Qualcomm also sells its chipsets, the company has faced no such anti-trust penalties.

Under current trade law, Qualcomm has little recourse to appeal its treatment by the Chinese government. Under a trade agreement with China like the TPP, however, Qualcomm and other U.S. companies would have access to an investor-state dispute settlement mechanism.
Lester points out that if Qualcomm were indeed able to use corporate sovereignty provisions to fend off anti-trust actions, it would be very big:
The suggestion that ISDS could be used against antitrust/competition policy actions was something I hadn't thought of before. Would this mean that, in the future, Microsoft or Google could use ISDS in the TTIP -- if that happens -- to challenge the various European actions taken against them? And could a foreign investor bring an ISDS claim based on an action not taken against one of its competitors?
As he says, not only might large companies use ISDS to contest anti-trust actions against themselves, they might also use it to put pressure on governments to bring anti-trust actions against their competitors. This emphasizes not only how ISDS could take governments into completely uncharted waters for anti-trust actions, but also that there are even more ways in which corporate sovereignty could undermine a nation's ability to set and implement policy. That's another good reason to remove it from trade agreements before it causes this kind of serious damage to the fabric of democracy.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

15 Comments | Leave a Comment..

Posted on Techdirt - 19 March 2015 @ 1:04am

France Says Corporate Sovereignty Must Come Out Of CETA, Or Be Replaced By Something Completely Different

from the that's-awkward dept

There are so many massive trade deals on the go at the moment that it is easy to lose track. In the US, TPP is at the forefront of many people's thoughts; in Europe, it is TAFTA/TTIP. TISA is just starting to appear on the radar, while CETA, the trade agreement between the EU and Canada, is dropping off it. That's because there is a general belief that CETA is "done" -- even if the text needs "legal scrubbing", the assumption is that no more changes can be made. Evidently, somebody forgot to tell the French government, which is calling for the corporate sovereignty chapter to be dropped according to this article in Le Devoir (original in French, found via @StuJT):

Although he is generally in favor of this agreement [CETA], the [French] Secretary of State [for External Commerce] considers that before ratifying the treaty it will be necessary either to withdraw current sections on ISDS or rewrite them entirely. Moreover, the opinion of [the French Secretary of State] Matthias Fekl represents not only the official position of France, but also a consensus shared by Germany and the European social democrats. In the daily Le Monde, he said on Wednesday that the only options remaining on the table were "the withdrawal, pure and simple, of ISDS or coming up with something new." There is therefore no question of the Secretary of State signing the Canada-EU treaty without "inventing something new, that is no longer [investor-state] arbitration, but a new way to settle disputes, by integrating public courts in the procedure."
That position will be a massive spoke in the wheel for the ratification of CETA, since there is no indication Canada would be willing to remove or renegotiate the corporate sovereignty provisions there. It's also interesting that Germany is mentioned in this context: its position on ISDS has been rather inconstant -- as has France's, for that matter -- and the latest news would seem to indicate that things are still up in the air for that country too.

The declaration of the French Secretary of State undermines a speech made very recently by the European Commissioner responsible for trade and TTIP, Cecila Malmström, at a meeting with the International Trade Committee of the European Parliament. Here's the context she gave:

the vast majority of the individual responses [to the Commission's consultation on corporate sovereignty last year] rejected either TTIP in its entirety or ISDS more specifically. But the responses from interest groups representing groups of people were more mixed.

Let me be clear on how we interpret those results. The consultation was not a referendum even if the responses showed huge scepticism and concerns about the system.

What the consultation did do is allow us to understand the main concerns about the system and give us ideas for how to address them.
In other words, we are going to ignore what 145,000 people said, and retain the anti-democratic corporate sovereignty structure intact. Malmström then goes on to give some specious reasons why ISDS must be kept in TAFTA/TTIP, albeit in a modified form -- and yet strangely omits to mention a far simpler solution, which is for companies that are worried about their foreign investments to take out insurance -- for example, from the World Bank's Multilateral Investment Guarantee Agency.

She then tries to suggest that CETA's ISDS chapter can act as a template for TTIP -- even though a detailed analysis from the Canadian Centre for Policy Alternatives indicates that the new corporate sovereignty provisions it contains are still deeply flawed (pdf). But if France really does stick to its view that ISDS must be removed from CETA, or replaced by a completely different mechanism, the argument that CETA's corporate sovereignty approach shows the way forward for including ISDS in TAFTA/TTIP collapses. Expect the European Commission to ignore this inconvenient fact, and to press on regardless.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

11 Comments | Leave a Comment..

Posted on Techdirt - 18 March 2015 @ 1:12am

Important Judgment From Top EU Court Confirms Copyright Levies Are An Unworkable Mess

from the time-to-put-it-out-of-its-misery dept

Europe's use of the copyright levy system, effectively a tax on blank media that is supposed to compensate copyright holders for an alleged "loss" from copies made for personal use, has produced a whole string of messy situations -- for example, in the Netherlands, Portugal, Spain and the UK. These have come about as governments have tried reconcile an antiquated system originally designed for cassette tapes with modern digital technologies. The EU's highest court, the Court of Justice of the European Union (CJEU), has just handed down an important judgment in this area. The IP Kat blog explains the background:

Finland-based Nokia sold mobile phones to business customers in Denmark, who resold them to both individuals and business customers.

Whilst all Nokia phones have an internal memory (i.e. the storage device is non-detachable), certain models have an additional memory card (i.e. which is detachable).

On these detachable memory cards, users could store data (e.g. contact details, photographs) as well as files containing audiovisual works (e.g. music, films which may have been downloaded from the web or from DVDs, CDs, MP3 players etc).

In this regard, these memory cards are "multifunctional media" with the capacity to be used for private copying (in relation to the audiovisual files), as well as for uses unrelated to private copying (e.g. storing personal data).

Nokia disputed its liability to pay a private copying levy to the Danish collecting society, Copydan Båndkopi, in relation to the detachable memory cards that were imported into Denmark for use in its mobile phones between 2004 and 2009.
That gives an idea of just how complicated the issues raised by copyright levies have become. The IP Kat blog goes on to analyze the CJEU's reply to six questions that were referred to it by a court in Denmark, seeking clarification. The answers are as complicated as the issues, so you may prefer this alternative summary from Hogan Lovells's Global Media and Communications Watch blog:
The CJEU takes the view that, in principle, it is irrelevant whether a medium is unifunctional or multifunctional. Copyright levies may be imposed, if at least one function allows for private copying, even if this function is of ancillary nature. However, the primary function of the carrier is to be taken into account whilst assessing what might be a fair compensation. Member States may further distinguish between storage media which is detachable (like in Nokia's case) and media which is non-detachably integrated in a device. However, the differentiation must be reasonably justified.
Actually, it's not as simple as that, because there's another issue that needs to be addressed:
A particular problem exists where storage media is sold to business customers without a clear picture of whether those are sold on to private individuals only or also to business customers. The latter do not fall under the private copying exemption and hence the compensation requirement does not apply (see: CJEU, Case Ref.: C-467/08). Manufacturers and importers may also be required to pay copyright levies. However, this is only justified if practical difficulties ask for such regulation. Those may arise from, for instance, the impossibility of or at least practical severity associated with identifying the final users of the relevant medium. Further, adequate exemption schemes must be in place allowing manufacturers and importers to prove that Article 5(2)(b) of Directive 2001/29 and thereby the private copying exception does not apply to their sales.
Even that is not the end of it: the blog post goes on to discuss some of the other detailed issues raised by the CJEU's ruling. However, it is relatively simple to summarize the entire judgment in a single sentence: that the EU's copyright levies are a complex, unworkable mess, and should be abolished completely across the whole of Europe, as has already happened in some of the more sensible EU Member States.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

12 Comments | Leave a Comment..

Posted on Techdirt - 17 March 2015 @ 6:15am

France To Require Internet Companies To Detect 'Suspicious' Behavior Automatically, And To Decrypt Communications On Demand

from the going-from-bad-to-worse dept

Techdirt has been charting for a while France's descent from a bastion of enlightenment values to a country that seems willing to give up any freedom in the illusory hope of gaining some security. According to a story in Le Figaro, even worse is to come in the shape of a new law (original in French, found via @gchampeau):

[the proposed law] wants to force intermediaries to "detect, using automatic processing, suspicious flows of connection data". Internet service providers as well as platforms like Google, Facebook, Apple and Twitter would themselves have to identify suspicious behavior, according to instructions they have received, and pass the results to investigators. The text does not specify, but this could mean frequent connections to monitored pages.
As well as being extremely vague, none of this "automatic detection" will require a warrant, which means that the scope for abuse and errors will be huge. And then there's this:
The Intelligence bill also addresses the obligations placed on operators and platforms "concerning the decryption of data." More than ever, France is keen to have the [encryption] keys necessary to read intercepted conversations, even if they are protected.
As we've noted before, there is a global push to demonize encryption by presenting it as a "dark place" where bad people can safely hide. What's particularly worrying is that the measures proposed by France are easy to circumvent using client-side encryption. The fear has to be that once the French government realizes that fact, it will then seek to control or ban this form too.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

33 Comments | Leave a Comment..

Posted on Techdirt - 17 March 2015 @ 1:14am

Bulgaria's Constitutional Court Rules Bulk Data Retention Unconstitutional; EU Says No New Snooping Directive Coming

from the surprising-but-welcome-victory dept

Just last week we reported that a Dutch court had set aside the country's national data retention law; now Bulgarian judges have done the same:

Bulgaria's Constitutional Court ruled on March 12 to declare provisions in the Electronic Communications Act mandating the bulk collection of telecommunications data as unconstitutional.
The challenge to the national law came soon after the Court of Justice of the European Union (CJEU) had ruled that the European data retention directive was "invalid". The assumption has always been that the European Commission would put together a revised version of the directive to deal with the court's objections, but in a surprise move, the EU Commissioner responsible announced that no new snooping law would be proposed:
"On the data retention directive, the European Commission does not plan to present a new legislative initiative," Dimitris Avramopoulos told a news conference in Brussels.
It's worth emphasizing that this does not mean bulk data retention is dead in the EU. As an earlier Techdirt post explained, the EU's Member States can still bring in national laws requiring data retention, but those can be challenged in the courts in the light of the CJEU decision, as is already happening. In practice, this means that there is likely to be a wide range of requirements for data retention across Europe, ranging from the most extreme in the UK, for example, to those countries that accept that such mass surveillance is not just intrusive but also ineffectual.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

10 Comments | Leave a Comment..

Posted on Techdirt - 16 March 2015 @ 1:40pm

Hertz Puts Video Cameras Inside Its Rental Cars, Has 'No Current Plans' To Use Them

from the no,-really,-it's-not-switched-on-yet dept

Last week we wrote about the hypothetical situation of CCTV cameras being installed in every home. It turns out that this particular dystopia is closer than we thought: an article by Kashmir Hill on the Fusion site passes on the news that Hertz is putting cameras inside its rental cars as part of its "NeverLost" navigational system:

Hertz has offered the NeverLost navigational device for years, but it only added the built-in camera feature (which includes audio and video) to its latest version of the device -- NeverLost 6 -- in mid-2014. "Approximately a quarter of our vehicles across the country have a NeverLost unit and slightly more than half of those vehicles have the NeverLost 6 model installed,” Hertz spokesperson Evelin Imperatrice said by email. In other words, one in 8 Hertz cars has a camera inside -- but Imperatrice says that, for now, they are inactive. "We do not have adequate bandwidth capabilities to the car to support streaming video at this time," she said.
So why did it install them?
"Hertz added the camera as a feature of the NeverLost 6 in the event it was decided, in the future, to activate live agent connectivity to customers by video. In that plan the customer would have needed to turn on the camera by pushing a button (while stationary)," Imperatrice explained. "The camera feature has not been launched, cannot be operated and we have no current plans to do so."
But of course, Hertz would hardly go to the trouble and expense of fitting its cars with this feature unless, at some future point, it did plan to use them. Morever, that future use might go well beyond "live agent connectivity", as Hill rightly points out:
you could imagine camera mission creep, such as Hertz using it to capture video of what a trouble renter is up to in the vehicle, or to see who is really driving the car, or to snoop on a singing -- or snuggling -- driver.
According to the Fusion article, Hertz doesn't seem to be telling anyone about the camera, on the grounds that the company doesn't plan to use it, and so there's nothing for customers to know. But if and when it does announce its presence, there will be precisely the problem Techdirt mentioned last week: that people in front of it would naturally be worried they were being spied upon -- even if assured to the contrary -- and would start constraining their speech and behavior.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

55 Comments | Leave a Comment..

Posted on Techdirt - 16 March 2015 @ 12:34pm

Greece Wants To Use Amateur Snoopers Wired For Sound And Video To Catch Business Tax Dodgers

from the not-so-virtual dept

Greece has been much in the news recently over concerns that it would not be able to obtain an extension of international loans made to it previously, with serious knock-on effects for both itself and other EU countries. As part of a deal that was reached, the Greek Finance Minister, Yanis Varoufakis -- formerly Economist-in-Residence at Valve Corporation -- was required to explain how Greece will reform its economy and find more money to pay back its debts. One way to do that is to try to recover some of the tens of billions of euros that Greek citizens owe their government in unpaid taxes (pdf). That's a pretty obvious thing to do, perhaps, but the way Varoufakis hopes to cut tax dodging by businesses isn't so conventional, as the Guardian explains:

[Varoufakis ] proposed recruiting large numbers of "non-professional inspectors" on short-term casual contracts of no longer than two months who would be paid by the hour. They would be "wired for sound and video", trained to pose as "customers" and "will be hard to detect by offending tax dodgers."
The idea here seems to be to obtain evidence that businesses are failing to give customers proper receipts, which would then allow shops and companies to avoid paying tax on those sales.
The data the amateur snoopers gathered would be used by the authorities "immediately to issue penalties and sanctions."

Varoufakis said the launch of the amateur snoopers would act as a deterrent, "engendering a new tax compliance culture" in Greece.
Well, it might do that, which will be good for the Greek economy, but it will probably also engender a deep distrust by businesses of all new customers and tourists, especially if they look at all shifty. It might even lead to heated, possibly violent, confrontations between business people and those suspected of being "amateur snoopers." That, in its turn, is probably not going to help social cohesion or international solidarity at a time when Greek society is under huge strains because of its economic problems. Still, you have to feel a certain sympathy for Varoufakis, who needs to come up with new ways to pull back some of the vast sums owed to the Greek government by tax dodgers. He must be longing for the good old days when the only economic problems he had to worry about were digital ones in virtual worlds.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

11 Comments | Leave a Comment..

Posted on Techdirt - 16 March 2015 @ 5:52am

Spain About To Bring In Software Patents -- Just As US Starts Moving Away From Them

from the not-learning-from-the-past dept

Last year, Techdirt noted how the Supreme Court's decision in Alice v. CLS Bank seemed to be having a positive effect on limiting the patentability of software. Against that background, it's regrettable that Spain appears to be moving in the other direction with its new Patent Act (original in Spanish), which is being brought in without any public debate, it seems. The key section of the proposed law is Article 4, which spells out patentability. It specifically says (Section 4c) that "computer programs" are excluded from patentability -- but then goes on to add (Section 5) that it is only software "as such" that is excluded. This is the same formulation that is used in Article 52 of the European Patent Convention (EPC), which dates back to 1973, when the application of digital technology was very different:

(1) European patents shall be granted for any inventions which are susceptible of industrial application, which are new and which involve an inventive step.

(2) The following in particular shall not be regarded as inventions within the meaning of paragraph 1:

(a) discoveries, scientific theories and mathematical methods;

(b) aesthetic creations;

(c) schemes, rules and methods for performing mental acts, playing games or doing business, and programs for computers;

(d) presentations of information.

(3) The provisions of paragraph 2 shall exclude patentability of the subject-matter or activities referred to in that provision only to the extent to which a European patent application or European patent relates to such subject-matter or activities as such.
That "as such" clause in the EPC opened up a huge loophole for companies to seek patents on software in Europe, even though "programs for computers" are explicitly excluded. The same is likely to happen in Spain.

The new patent system is not yet law. Writing on Twitter, JM Gonzalez-Barahona explains:
It is still not approved by the Parliament, but the Government (proposer) has majority there (@Ppopular)
So, potentially there is hope for people in Spain to write to their MPs, to urge them not to repeat yesterday's mistakes by exposing Spain to unnecessary litigation that will stifle the country's local software industry, but that seems a rather slim hope.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

12 Comments | Leave a Comment..

Posted on Techdirt - 16 March 2015 @ 3:49am

EU Releases Its Regulatory Approach For Drones; US Puts Out 'Request For Comments' On Commercial And Private Use

from the don't-get-left-behind dept

As Techdirt has reported, the FAA is being strangely unhelpful when it comes to authorizing commercial drone use. In that article, Mike warned that this might lead to other countries moving ahead in this fast-developing area, and he was right: the EU body for air safety, the European Aviation Safety Agency (EASA), has now presented its regulatory approach for drones. It is based on three categories of operations and their associated regulatory regime: open, specific and certified (pdf):

The Open operation category of drones, should not require an authorisation by an Aviation Authority for the flight but stay within defined boundaries for the operation (e.g. distance from aerodromes, from people, etc). The "specific" operation category will require a risk assessment that will lead to an Operations Authorisation with specific limitations adapted to the operation. The "certified" operations will be required for operations with a higher associated risk or might be requested on a voluntary basis by organisations providing services such as remote piloting or equipment such as "detect and avoid".
As the EASA paper quoted above points out, in addition to safety, privacy and data protection are other important areas that need to be addressed. The new EU framework envisages this being dealt with by legislation at a national, rather than European, level. The paper has some suggestions for how this might be done:
The risk regarding privacy (data protection) could be mitigated through the operators self-registration in a web based application maintained by the local authorities. Another solution would be to install chips/Sim cards in drones. Such a web based application or chip/Sim cards could also contribute mitigating the security risk.
The paper also has some interesting thoughts on imminent challenges:
While today flying a single drone in non-segregated airspace with cooperative aircraft can be done with appropriate coordination and special procedures, operation of several of them possibly with non-cooperative aircraft will be much more complicated and will require additional measures. The concept of operations will need to be further developed to address the issues related to operations of fleet of drones in the non-segregated airspace. These operations of fleet of drones will pose new challenges not yet explored with manned aircraft operations.
Meanwhile, in the US, the National Telecommunications and Information Administration has put out a "Request for Comments on Privacy, Transparency, and Accountability Regarding Commercial and Private Use of Unmanned Aircraft Systems," with a closing date of April 20, 2015. Let's hope it doesn't take too long to move from words to action.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

9 Comments | Leave a Comment..

Posted on Techdirt - 13 March 2015 @ 1:20am

Report Says UK Citizens Must Give Up Right To Privacy Because 'Terrorism', Reveals Huge Secret Government Databases

from the may-include-significant-quantities-of-personal-information dept

As Techdirt has noted previously, the UK body nominally responsible for overseeing the intelligence services, the Intelligence and Security Committee of Parliament (ISC), does little more than rubber-stamp what has taken place. The new ISC report "Privacy and Security: A modern and transparent legal framework" (pdf) is more of the same. Here is its own summary of the findings:

The UK's intelligence and security Agencies do not seek to circumvent the law.

However, the legal framework is unnecessarily complicated and -- crucially -- lacks transparency.

Our key recommendation therefore is that all the current legislation governing the intrusive capabilities of the security and intelligence Agencies be replaced by a new, single Act of Parliament.
And that's it: basically, the ISC is saying that all that is needed is a bit of a legal tidying-up. In terms of more detailed recommendations, the report suggests that the abuse of interception powers should be made a criminal offense -- currently it isn't -- and that a new category of metadata called "Communications Data Plus", which includes things like Web addresses, needs slightly greater protection than "traditional" telephone metadata.

The heart of the report's failure can be found in its discussion of bulk surveillance:

Our Inquiry has shown that the Agencies do not have the legal authority, the resources, the technical capability, or the desire to intercept every communication of British citizens, or of the internet as a whole: GCHQ are not reading the emails of everyone in the UK.
But of course, nobody said GCHQ was doing that. The problem is that it is ingesting disproportionate quantities of the Internet's traffic passing into and out of the UK, and then analyzing it -- in other words, engaging in indiscriminate mass surveillance. The report pretends to address that issue, writing:
GCHQ's bulk interception systems operate on a very small percentage of the bearers that make up the internet.
A "bearer" refers to one of the main connections to the Internet -- typically fiber-optic cables capable of carrying many gigabits of information per second. The issue is not how many such bearers GCHQ taps, but which ones. One of Snowden's earliest and most important leaked documents suggests that spying on even a "very small percentage" of the bearers gives GCHQ almost total oversight of everyone's Internet activities. Moreover, the following does not help:
We are satisfied that they apply levels of filtering and selection such that only a certain amount of the material on those bearers is collected. Further targeted searches ensure that only those items believed to be of the highest intelligence value are ever presented for analysts to examine: therefore only a tiny fraction of those collected are ever seen by human eyes.
Targeted searches can be re-directed at any moment, giving GCHQ's "human eyes" access to anything they want. It is that potential for anything that is done online in the UK to be snooped upon that is problematic.

To see why, consider a parallel universe where CCTV cameras were installed in every room in every building in the country, but all on the understanding that only a "tiny fraction" of the videos collected would ever be seen by human eyes. Since there is no way of knowing whether the footage from the CCTVs currently recording you will be looked at, you may well constrain your activities in case they are. That same logic applies to gathering most UK Internet activity -- the only reason we don't see the chilling effects yet is that most people are unaware of what is happening.

Perhaps the UK public takes at face value assurances that only "external communications" are collected and analyzed. But the ISC report confirms for the first time that UK citizens using leading Internet services like Gmail or Facebook do indeed count as "external", and are therefore fair game:

This appeared to indicate that all internet communications would be treated as 'external' communications under RIPA -- apart from an increasingly tiny proportion that are between people in the UK, using devices or services based only in the UK, and which only travel across network infrastructure in the UK.
The ISC report tries to justify this bulk collection of everyone's data on the grounds that targeted surveillance is not enough:
It is essential that the Agencies can 'discover' unknown threats. This is not just about identifying individuals who are responsible for threats, it is about finding those threats in the first place. Targeted techniques only work on 'known' threats: bulk techniques (which themselves involve a degree of filtering and targeting) are essential if the Agencies are to discover those threats.
Leaving aside the point that it is quite possible to discover unknown threats by working from existing intelligence -- in other words, using tried-and-tested techniques that have been successfully applied countless times in the past -- this ignores a key issue: that bulk collection is disproportionate given the threat it is supposed to address. This was a view expressed by one of the report's expert witnesses, Isabella Sankey, from the UK civil rights organization, Liberty. As she put it:
Some things might happen that could have been prevented if you took all of the most oppressive, restrictive and privacy-infringing measures. That is the price you pay to live in a free society.
The ISC did not agree:
While we recognise privacy concerns about bulk interception, we do not subscribe to the point of view that it is acceptable to let some terrorist attacks happen in order to uphold the individual right to privacy -- nor do we believe that the vast majority of the British public would.
But once you take that position, you justify all kinds of intrusive surveillance -- including installing CCTV cameras in every room in every building. After all, it is quite possible that doing so would stop a terrorist attack at some point, and so by the ISC's logic it is quite acceptable to require this massive intrusion into people's private lives. As for its claim that "the vast majority of the British public" would not view it as acceptable to allow some attacks to happen as the price of living in a free society, the ISC offers no proof of this, but evidently assumes that people in the UK have been reduced to such a quivering, fearful mass by the UK government's constant warnings about "terror" that they will happily hand over their freedom in the vain hope this will buy them safety.

Although depressing, it's hardly news that the UK government now considers pervasive surveillance to be justified and palatable, even. But the ISC report does contain one big surprise:

The Agencies use Bulk Personal Datasets -- large databases containing personal information about a wide range of people -- to identify individuals in the course of investigations, to establish links, and as a means of verifying information obtained through other sources. These datasets are an increasingly important investigative tool for the Agencies.
The report says that some of these databases contain "millions of records", and that they may be linked together. Even the generally accommodating ISC is worried:
Until the publication of this Report, the capability was not publicly acknowledged, and there had been no public or Parliamentary consideration of the related privacy considerations and safeguards.

The legislation does not set out any restrictions on the acquisition, storage, retention, sharing and destruction of Bulk Personal Datasets, and no legal penalties exist for misuse of this information.

Access to the datasets -- which may include significant quantities of personal information about British citizens -- is authorised internally within the Agencies without Ministerial approval.
Huge, secret databases, with access authorized internally, that can be used without restrictions, and for which there are no legal penalties if misused: this is clearly a recipe for disaster. Had it not been for Snowden's leaks, we would never have heard about this, since the ISC would not have been under any pressure to produce the current report. Even though it amounts to little more than a whitewash for the UK's intelligence agencies, it does reveal shocking new information that was not just unknown, but unsuspected.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Read More | 36 Comments | Leave a Comment..

More posts from Glyn Moody >>