Glyn Moody’s Techdirt Profile


About Glyn MoodyTechdirt Insider

Posted on Techdirt - 24 March 2017 @ 7:39pm

Encryption Workarounds Paper Shows Why 'Going Dark' Is Not A Problem, And In Fact Is As Old As Humanity Itself

from the you-don't-know-what-I-know dept

It was October 2014 when FBI Director James Comey made his famous claim that things were "going dark" in the world of law enforcement because of the increasing use of encryption. Since then, Techdirt has had dozens of posts on the topic, many of them reporting on further dire warnings that the very fabric of civilization was under threat thanks to what was claimed to be a frightening new ability to keep things secret. Many others pointed out that the resulting calls for backdoors to encryption systems were a stunningly foolish idea that only people unable to understand the underlying technology could make.

One Techdirt post on the topic mentioned a great paper with the title "Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications," which ran through all the problems with the backdoor idea. It was written by many of the top experts in this field, including Bruce Schneier. He's just published another paper, co-authored with Orin Kerr, who is a professor at George Washington University Law School, which looks at the other side of things -- how to circumvent encryption:

The widespread use of encryption has triggered a new step in many criminal investigations: the encryption workaround. We define an encryption workaround as any lawful government effort to reveal an unencrypted version of a target's data that has been concealed by encryption. This essay provides an overview of encryption workaround.

The various possibilities are largely self-explanatory:

We classify six kinds of workarounds: find the key, guess the key, compel the key, exploit a flaw in the encryption software, access plaintext while the device is in use, and locate another plaintext copy. For each approach, we consider the practical, technological, and legal hurdles raised by its use.

What's interesting is not so much what the workarounds are, as is the fact that there are a number of them, and that they can all work in the right circumstances. This gives the lie to the idea that we are entering a terrible new era where things are "going dark," and it is simply impossible to obtain important information. But as the authors point out:

there is no magic way for the government to get around encryption. The nature of the problem is one of probabilities rather than certainty. Different approaches will work more or less often in different kinds of cases.

Schneier and Kerr go on to draw an analogy:

When the police have a suspect and want a confession, the law gives the police a set of tools they may use in an effort to persuade the suspect to confess. None of the interrogation methods work every time. In some cases, no matter what the government does, suspects will confess. In other cases, no matter what the government does, suspects will assert their rights and refuse to speak. The government must work with the inherently probabilistic nature of obtaining confessions. Similarly, the government must work with the inherently probabilistic nature of encryption workarounds.

That analogy reveals something profound: that the supposedly new problem of "going dark" -- of not being able to find out information -- has existed as long as humans have been around. After all, there is no way -- yet, at least -- of accessing information held in a person's mind unless some kind of interrogation technique is used to extract it. And as the analogy shows us, that is exactly like needing to find some encryption workaround when information is held on a digital device. It may be possible, or it may not; but the only difference between the problems faced by those demanding answers thousands of years ago and today is that some of the required information may be held external to the mind in an encrypted digital form. Asking for guaranteed backdoors to that digital data is as unreasonable as demanding a foolproof method to extract information from any person's mind. We accept that it may not be possible to do the latter, so why not accept the former may not be feasible either?

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

11 Comments | Leave a Comment..

Posted on Techdirt - 22 March 2017 @ 3:16am

JEFTA: The Latest Massive 'Trade' Deal You've Never Heard Of, Negotiated Behind Closed Doors, With Zero Public Scrutiny

from the when-will-they-ever-learn? dept

As Techdirt has reported, the election of Donald Trump has turned the world of US trade deals upside-down. The US officially pulled out of TPP, although some still hope it might come back in some form. TAFTA/TTIP seems to be on ice, but Trump's choice for US trade representative has just said he is open to resuming negotiations, so it's not clear what might happen there (or with TISA). Against that confusing backdrop, the European Union has been quick to emphasize that it is in favor of trade deals, and is keen to sign as many as possible, presumably hoping to fill the economic and political vacuum left by the US.

One of the negotiations that has been going on in the background is for a major trade agreement between the EU and Japan. It began back in March 2013, but has garnered little attention, as people focused on the more imminent threats of TPP, TTIP, CETA and TISA. That's just changed, thanks in part to a joint statement signed by dozens of civil societies in both the EU and Japan, who write:

the European Union and the Japanese government have been negotiating a deep and comprehensive trade agreement which would cover a third of the world's GDP. The 18th round of negotiations took place in Tokyo in December 2016, and whilst the negotiations might come to a close soon, on the EU side, the mandate given to the negotiators is still not public, and on the Japanese side, secrecy is total.

Neither most parliamentarians in EU member states and in Japan, nor European and Japanese civil society organisations and trade unions know the content of the discussions. Nor have they seen draft chapters or been consulted. We condemn this opacity.

The other factor that has suddenly put the spotlight on JEFTA -- the Japan-EU Free Trade Agreement -- is the first leak of some of the negotiating documents, to the Austrian site Attac. Unfortunately, we don't have the actual pages yet, only a summary (original in German). That broadly confirms the information contained in one of the few detailed documents on the EU's official JEFTA site, the 314-page Trade Sustainability Impact Assessment (pdf) prepared for the European Commission in 2016, and largely overlooked.

Although that document is a study, and therefore speculative, it does contain some important information. For example, like most other EU agreements, JEFTA will include a corporate sovereignty chapter, also known as investor-state dispute settlement (ISDS). As Techdirt has described, the EU is trying to establish a new, possibly global court that would hear all such cases, called the Investment Court System. It still only exists on paper, but that didn't stop it being part of the CETA deal. The JEFTA Trade Sustainability Impact Assessment has this to say on the matter:

Whether or not the final outcome is based on the Commission's new Investment Court System (ICS), Japanese business tend to comply with the regulations of the host countries rather engage in investor-state disputes. There is only one known case of Japanese (indirect) involvement in an ISDS case, via a Dutch subsidiary operating in Czech Republic.

That is, Japanese companies prefer to use the national court systems of the countries they have invested in when there is some kind of legal dispute. This is precisely how things should work. And yet the EU is pushing for the inclusion of a completely parallel legal system, only available to investors, that would allow domestic courts to be by-passed and overruled. Here's why it's so keen on the idea:

exclusion of ISDS from the EU-Japan negotiations would be contrary to the emerging norm in comprehensive trade and investment agreements. Japan does not see the inclusion of ISDS as a difficulty.

The inclusion of ISDS is not part of an "emerging norm", but purely a matter of EU policy -- dogma, even: the European Commission wants to make it a part of all trade deals, and so aims to include it in JEFTA, even though Japanese companies are perfectly happy to use national courts. The Sustainability report admits that including an investment chapter will have little effect:

Investment flows (in both directions) are likely to be driven by an improved business environment and better profit margins -- which the investment chapter alone has only a moderate impact on. The economics effects are symmetrical, but moderate.

Even though Japanese companies might not use ISDS, there's a big downside to including it. Following CETA, it is likely that JEFTA will allow investors from other countries -- for example, multinational corporations with significant subsidiaries in Japan -- to use the chapter to make claims against the EU. Including corporate sovereignty unnecessarily, just to set a precedent, could come back to haunt the European Commission in the future if major awards are made as a result. The Sustainability report also touches on the issue of copyright, pointing out:

Another central issue in the EU-Japan FTA negotiations is the lack of protection for the use of sound recordings for public performance in Japan.

The EU will doubtless try to force Japan to rectify that omission. Similarly, the basic term of copyright protection varies between the EU and Japan: 70 years for the former, 50 years for the latter. Again, the European Commission will want to turn the copyright ratchet to extend Japan's term to match the EU's. Finally, it's worth noting that the EU's official study contains an estimate of the benefits that could flow from JEFTA:

The long-term GDP increase for the EU is estimated to +0.76% and +0.29% for Japan under a symmetrical scenario.

It's important to emphasize that this is "long-term": what this means is that the GDP could be higher by the percentages quoted after ten or more years. The average extra GDP growth per year is therefore an even smaller 0.08% and 0.03% for the EU and Japan respectively. That is, like TTIP and TPP, the predicted benefits that will accrue from JEFTA are likely to be very small, while the risks and possible losses in terms of ISDS fines, say, have been ignored completely.

But the worst aspect of JEFTA is not that it's probably not worth the effort, but that the EU and Japan have done everything they can to prevent both the public and even politicians from finding out what a bad deal is being negotiated in their name. After the humiliating defeat of the Anti-Counterfeiting Trade Agreement (ACTA), and the more recent failures of TPP and TTIP, you would have thought that the governments involved would have realized that this kind of secret dealmaking just isn't acceptable any more, but apparently, they haven't. Fortunately, JEFTA is finally out in the open, which means it can begin to be subjected to long-overdue scrutiny and democratic input. What we need now is for the EU to release negotiating texts as it did for TTIP.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

17 Comments | Leave a Comment..

Posted on Techdirt - 21 March 2017 @ 9:22pm

Unpaywall: The Browser Add-on That Finds (Legal) Free Copies Of Academic Papers You See As You Browse The Web

from the another-way-to-liberate-knowledge dept

Techdirt has just written about ResearchGate, which claims to offer access to 100 million academic papers. However, as we wrote, there's an issue about whether a significant proportion of those articles are in fact unauthorized copies, for example uploaded by the authors but in contravention of the agreement they signed with publishers. The same legal issues plague the well-known Sci-Hub site, which may deter some from using it. But as further evidence of how the demand for access to millions of academic papers still locked away is driving technical innovation, there's a new option, called Unpaywall, which is available as a pre-release add-on for Chrome (Firefox is promised later), and is free. It aims to provide access to every paper that's freely available to read in an authorized version. Here's how it works:

Millions of researchers are currently uploading their own fulltext PDFs to preprint servers and institutional repositories worldwide, making them free for anyone to read. But there was no easy way to find them as we browsed. So we made one! Eventually, we hope tools like Unpaywall will nurture the transition to fully open access scholarly publishing, by closing the gap between readers and freely-available fulltext.

We gather content from thousands of open-access repositories worldwide. To help us, we rely on some fantastic open data services, especially PubMed Central, the DOAJ, Crossref (particulary their license info), DataCite, and BASE. After we put all this data together, we in turn make it open for reuse via the oaDOI API: a free, fast, and very scalable way to leverage our data and infrastructure to support your own projects.

Once the add-on has been installed, it is easy to use. When you come across an academic paper of interest as you browse the Web, you go to its home page, usually on a publisher's site. A small icon on the right-hand side of the browser indicates whether the full text is freely available somewhere in an authorized version. If it is, you just click on the icon, and it appears in your browser. The team behind Unpaywall claims that its system manages to find free authorized versions of articles for about half the requests made to it. Unpaywall does the right things when it comes to privacy -- it doesn't ask for, track or store any personal information -- and it's also open source, so you can inspect its code and adapt it for your own projects.

In that and other respects, Unpaywall is like the Open Access Button, which has been around since 2013. The Open Access Button offers some other important features. For example, if the service is unable to locate a freely-available, authorized, full-text version of an article, it will contact the author on your behalf, and ask for a copy (obviously, you need to provide your email address for this):

We're tired of requests for research, especially data, going unanswered. Instead we're designing a transparent and effective request system to help make more research accessible. If we are unable to get you access, you can create a request quickly with the Open Access Button. We'll contact the author on your behalf and others can support your request. By holding researchers accountable for sharing their research articles and data, and providing them pathways to share their research, we will make more research legally and freely available.

You can also access the underlying data, when it exists, and request it if it has not been released. That's an increasingly important aspect, since it allows researchers to verify results and to build on existing work.

Projects like Unpaywall and the Open Access Button are good examples of continuing efforts to liberate all the knowledge contained in academic research papers, much of which is still locked away behind paywalls charging outrageously expensive fees. Until everything is released as open access, they will remain valuable and necessary tools.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

5 Comments | Leave a Comment..

Posted on Techdirt - 17 March 2017 @ 4:46pm

China Clamps Down On Another Serious Threat To The Middle Kingdom: Western Animal Cartoon Books For Children

from the who's-afraid-of-peppa-pig? dept

Here's the latest instalment in the long-running Techdirt series "just when you thought there was nothing left to control, China comes up with something else it wants to throttle", as reported by the South China Morning Post:

An order from Beijing will drastically cut the number of foreign picture books for children published in mainland China this year, four publishing sources told the South China Morning Post.

The order opens a new front in a broad campaign to reduce the influence of foreign ideas and enhance ideological control, applying restrictions to animal cartoons and fairy tales written for toddlers and older children that have few political implications. Chinese universities were previously ordered to limit the use of Western textbooks and promote communist dogma.

According to the article, China's state publishing administration has imposed a quota system on domestic publishers, limiting the number of foreign picture books that can be published in any one year. Apparently, the aim is two-fold: to promote children's books created by domestic authors and illustrators; and to stop innocent young Chinese minds being seduced by the subtle charms of Western propaganda in the form of cartoon stories about animals.

But it's not just children that the Chinese authorities want to shield from harmful ideas. Quartz has a related story about a more general clampdown on Western publications that has been imposed on vendors using the leading online shopping site Taobao, part of the Chinese Internet giant Alibaba:

Taobao has ordered all vendors to stop selling foreign media starting today -- even if authorities have approved the media for circulation in China. The online shopping platform, owned by Alibaba, has been one of the few places to browse overseas publications free from censors, largely because the site's business model allows individual vendors to do business directly with customers. It's also helped that the daigou, or overseas agents, can evade import duties by carrying or shipping goods into China.

As the Quartz article notes, the new rule cites an obscure 1991 law; its unexpected invocation now seems related to a general clampdown around the highly-sensitive two-week National People's Congress, currently under way in Beijing. Perhaps Western cartoon animals have fallen victim to the same paranoia.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

7 Comments | Leave a Comment..

Posted on Techdirt - 17 March 2017 @ 2:58pm

How Drones Help Transparency Activists To See Things The Hungarian Government Wants To Hide

from the not-just-about-dealing-out-death dept

It's remarkable how quickly drones have become a familiar part of the modern world. Like most tools, they can be used for good and evil, but it tends to be the latter that is highlighted when it comes to drones. In the last few days, it was widely reported that President Trump has given the CIA power to launch drone strikes against suspected terrorists, in addition to being able to use the technology to locate them. Dealing death from the skies may be the most dramatic application of drones, but there are plenty of other, more benign, uses, even if they receive less attention. For example, activists in Hungary have been deploying them in a variety of innovative ways in order to bolster transparency and openness in a country where these are increasingly under threat. That's because the country's prime minister, Viktor Orbán, is a self-confessed believer in the "illiberal state," which Wikipedia describes as follows:

a governing system in which, although elections take place, citizens are cut off from knowledge about the activities of those who exercise real power because of the lack of civil liberties. It is not an "open society".

The Hungarian organization wants to reconnect citizens with that knowledge about those in power:

Established in 2011, -- "atlatszo" means transparent in Hungarian – produces investigative reports, accepts information from whistleblowers, files freedom of information requests, and commences freedom of information lawsuits in cases where its requests are refused. operates a Tor-based anonymous whistleblowing platform (Magyarleaks), a freedom of information request generator for the general public (Kimittud), a crowdsourced bribe tracker to report everyday corruption anonymously (Fizettem), and an independent blogging platform for other NGOs and independent media. uses a wide range of modern technologies in its work, and that also includes drones. Here's a post on Open Society Foundations from a few months back explaining why eyes in the sky are a powerful tool for taking a look at things governments would rather keep to themselves:

Through drone footage, we've revealed the hidden assets of government politicians and pro-government oligarchs, including castles acquired by companies tied to the son-in-law of Hungary's prime minister. Such concrete signs of personal enrichment -- which, in many cases, can only be filmed from the air -- give citizens a clear picture of the corruption and inequality that is all around them.

At the same time, drones are useful for throwing into relief the power of civil society. In 2014, we captured aerial footage of the protests against the government's internet tax.

Recording protests from the air is important because it allows more accurate estimates of crowd sizes to be made, which are also harder to challenge given the detailed footage that goes well beyond what is possible to gather on the ground. There's a video showing this and other aspects of's work, mostly in Hungarian, but with English subtitles, that gives a good idea of the huge potential for using drones in this domain -- and of the pushback activists are already receiving from the deeply unhappy authorities as a result. As drones become ever-cheaper and ever-more powerful, that tension seems likely to increase.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

19 Comments | Leave a Comment..

Posted on Techdirt - 16 March 2017 @ 4:32pm

Bill Gates And Other Major Investors Put $52.6 Million Into Site Sharing Unauthorized Copies Of Academic Papers

from the so-how-is-that-different-from-sci-hub? dept

As we've noted, the main reason the Sci-Hub site is so popular with academics is not because it is free -- researchers generally have free access to papers anyway -- but because it is so easy to use. Among other things, it provides a centralized store of a huge number of papers -- 58 million at the time of writing -- that can be downloaded with a single click. But an interesting post on the Green Tea and Velociraptors blog points out Sci-Hub's holdings are beaten by the total number of papers available on the ResearchGate site, which has 12 million members:

The platform boasts that 2.5 million published outputs are uploaded by its users every month, equivalent to around the total number of published scholarly research articles each year. The site claims to have around 100 million published articles, which is very impressive seeing as only around 20-25 million have ever been published Open Access [OA].

The same post points out that many of those 100 million articles seem to be unauthorized copies:

Based on a random sample of English language articles drawn from ResearchGate, the study [published last month] showed that 201 (51.3%) out of 392 non-OA articles infringed the copyright and were non-compliant with publishers' policy. While this sample size was small, there is no reason to think that the same cannot be said if we scale up to consider the entire corpus of articles shared on RG. This means that around half, or approximately 50 million, research papers on RG are most likely illegally hosted.

If that analysis is correct, it would seem that ResearchGate holds roughly as many unauthorized copies of academic papers as Sci-Hub. Despite that fact, ResearchGate has just revealed that back in November 2015, it received investments totalling $52.6 million from some rather starry names, including that famous hater of pirates, Bill Gates:

Wellcome Trust, Goldman Sachs Investment Partners, and Four Rivers Group with participation from Ashton Kutcher, Groupe Arnault, Xavier Niel, and existing investors Bill Gates, Tenaya Capital, Benchmark, and Founders Fund.

ResearchGate says it is the responsibility of the uploader to make sure that they have the necessary rights to post material to the site:

As we do not have any information about rights you may hold, or any license terms or other restrictions which might apply to such content, we necessarily rely on you to understand your rights and act accordingly. For this reason, we request that you fully investigate and confirm that you have sufficient rights to post particular content to ResearchGate before you post such content. As a general matter, if you are an author publishing in a journal, you may be allowed to publish certain versions of your article, but not others, and privately share certain content with others. However, many journals restrict publication of final versions and impose limitations on private sharing.

As that notes, authors are typically only allowed to post certain versions of their papers -- usually early ones. But most researchers don't bother with that detail, and simply upload the final version to ResearchGate, which is probably why the recent analysis mentioned by the Tea and Velociraptors blog found so many unauthorized copies. Along with laziness, or ignorance of the niceties here, another factor driving this phenomenon may be that academics are aware that much of their work has been paid for by the public, and therefore feel the definitive results should be disseminated as widely as possible.

Still, the contrast between ResearchGate, which has received major investments from some rather big names, and Sci-Hub, which is currently being pursued in the courts by Elsevier, is stark, given that their respective holdings turn out to be so similar. It's another indication that the academic publishing system is broken, and that copyright is an irrelevance as far as millions of researchers are concerned.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

19 Comments | Leave a Comment..

Posted on Techdirt - 15 March 2017 @ 1:24pm

UK Court Grants First Live Blocking Order To Stop New Infringing Streams As Soon As They Start

from the whose-side-are-the-ISPs-on-these-days? dept

As we noted last week, one of the main copyright battlegrounds in the UK concerns the use of Kodi boxes -- low-cost devices running the open source Kodi multimedia player, usually augmented with plug-ins that provide access to unauthorized content. One of the popular uses of such Kodi boxes is to watch live streams of sporting events. TorrentFreak reports on an important new court order obtained by the UK's Football Association Premier League (FAPL) to prevent people from viewing live streams of soccer games free of charge. The problem for the FAPL is that the addresses of the servers streaming matches are often only known once the games begin. To meet that challenge, the court has granted a new kind of injunction: one that allows live blocking. Here's how it will work:

servers can only be selected [for blocking] by FAPL if it "reasonably believes" they have the "sole or predominant purpose of enabling or facilitating access to infringing streams of Premier League match footage." Secondly, the FAPL must not know or have reason to believe "that the server is being used for any other substantial purpose."

In other words, the servers must be dedicated to live streaming rather than doing it incidentally alongside other, possibly more legitimate, activities.

This caution is needed because this injunction will be carried out live, as soon as matches begin to hit the Internet. FAPL and its anti-piracy contractor will monitor the Internet, grab IP addresses, and ask the ISPs to block them in real-time. No court will be involved in that process, it will be carried out at the discretion of the FAPL and the ISPs.

Giving the FAPL the power to ask for any IP address to be blocked as it sees fit, and without a court order, is bad enough, but the TorrentFreak post points out some other extremely troubling features of this latest decision. It explains how the FAPL hired an "anti-piracy" company to monitor unauthorized streams. It seems that leading UK ISPs helped by providing data about download patterns:

"A very substantial volume of traffic from BT, Sky and Virgin, who are the three largest UK ISPs, has been recorded from these [infringing servers] during Premier League match times," the injunction reads.

"The extent of these spikes in traffic, the closeness of their correlation with each scheduled match, and the absolute volume in terms of raw bandwidth consumed, are only consistent with large numbers of consumers obtaining Premier League content from these servers."

This information is also "only consistent" with those three ISPs actively helping the investigation of streaming servers. As TorrentFreak points out:

Overall, this injunction provides a clear indication of what can happen when ISPs stop being "mere conduits" of information and start becoming distributors of entertainment content. In the case of Sky and BT, who pay billions for content, it would be perhaps naive to think that they would've behaved in any other way.

Indeed, this case has all the hallmarks of companies agreeing to take action together and then going through the formalities of an injunction application to get the necessary rubber stamp and avoid criticism.

If confirmed, that's a terrible development. It would mean that the ISPs with investments in material that customers view over their connections no longer see themselves as neutral "mere conduits," but now are on the side of the copyright industry.

The legal blog IPKat points out another important aspect of this latest case. It seems to be the first time that the awful GS Media ruling by the Court of Justice of the European Union -- that a link posted "for profit" can be considered direct infringement -- has been applied in the UK. The judge in this live streaming case wrote:

Generally speaking, the operators of the Target Servers are not merely linking to freely available sources of Premier League footage. Even if in some cases they do, the evidence indicates that they do so for profit, frequently in the form of advertising revenue, and thus are presumed to have the requisite knowledge for the communication to be to a new public.

Expect to see more of these live blocking orders in the UK as the copyright industry there continues to wage its war on the popular Kodi boxes. The question is, will courts in other EU countries start to use them too?

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

20 Comments | Leave a Comment..

Posted on Techdirt - 14 March 2017 @ 5:18pm

Is This The Future Of Online Publishing? Leading Chinese Social Networks Add Paid-For Content

from the worth-a-try dept

One of the topics that generates strong feelings in the online world is adblocking. Many users love it, but many publishers hate it. That's a big problem, because advertising has turned into the main way of funding what appears on the Internet. As adblockers become more common, so the advertising revenue available to pay for creating articles, images, sound and video diminishes. Some want to ban adblockers, but that's hardly a solution: forcing visitors to your site to view ads they hate is not a good way to foster a long-term business relationship. Improving ads seems a better approach, but that's easier said than done, and may come too late now that so many people have installed adblockers.

The other obvious solution is to charge people to view online material. There's been a certain reluctance to try that approach, partly because of the misleading slogan "information wants to be free", and partly because historically it hasn't worked in general. But it seems that major online players in China are now starting to roll out the paid-for model, perhaps in part because adblockers are widely used there, as in the West. Here's what the biggest online service, WeChat, with a billion accounts created, and at least 700 million active users, is trying, as reported by technode:

WeChat, Tencent Holdings Ltd.'s social networking and chat app, will roll out paid services for the content offered by official accounts, an authority at the Chinese internet giant told Yicai Global.

WeChat invited selected official accounts to trial its paid content function, which is not open to general users for the time being.

As their name suggests, WeChat's "official" accounts are a step up from personal ones. They can be be verified for a fee, and allow services to be offered. A few years ago, there were 8 million such accounts; the number today is likely to be higher. The same technode article reports on research carried out by WeChat's parent company Tencent:

A survey of more than 1,700 netizens conducted by a Tencent research unit found 55 percent of respondents had paid for professional knowledge or advice, including paid content and documents in the past year. Over 50 percent of Chinese netizens have paid or are willing to pay for contents, compared with only 30 percent two years ago, an iResearch report found.

Another established Chinese company that hopes it can get its users to pay for online material is Douban, an upmarket social network focusing on the arts, with around 200 million users. China Film Insider has news about Douban Time, a new paid-for service:

Douban Time will feature curated texts, images and sound from experts and writers in different fields. Catering to its audience, Douban Time’s first offering is a 102-episode poetry review program which will invite poets and critics to give lessons in poetry appreciation.

Although 102 episodes on poetry appreciation might sound like something of a specialized offering, it is probably well-suited to Douban's sophisticated user base. And perhaps it will turn out that the solution to finding alternative business models for online publishing is precisely this kind of niche approach, rather than the current advertising system based on volume, that is now struggling badly.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

11 Comments | Leave a Comment..

Posted on Techdirt - 13 March 2017 @ 3:20am

Photocopying Textbooks Is Fair Use In India: Western Publishers Withdraw Copyright Suit Against Delhi University

from the let's-celebrate-a-rare-win-for-the-public dept

Back in September last year, Mike wrote about the remarkable court ruling in India that copyright is not inevitable, divine or a natural right. As we have been reporting since 2013, the case in question was brought by three big Western publishers against Delhi University and a photocopy shop over "course packs" -- bound collections of photocopied extracts from books and journals that are sold more cheaply than the sources. Although the High Court of Delhi ruled that photocopying textbooks in this way is fair use, that was not necessarily the end of the story: the publishers might have appealed to India's Supreme Court. But as the Spicy IP site reports, they didn't:

In a stunning development, OUP, CUP and Taylor & Francis just withdrew their copyright law suit filed against Delhi University (and its photocopier, Rameshwari) 5 years ago! They indicated this to the Delhi high court in a short and succinct filing made this morning.

This withdrawal brings to an end one of the most hotly contested IP battles ever, pitting as it did multinational publishers against academics and students.

The Spicy IP post has a useful short timeline of the case, as well as a link to the site's extremely detailed coverage of all the twists and turns of the saga, which is now finally -- and definitively -- over. Importantly, the case was:

one that ultimately tested the bounds of copyright law in India. And clarified that while educational photocopying is permissible, there are limits to this as well. And that any copying must comport closely with the intended purpose ("in the course of instruction"). In that sense, publishers have made some gains in at least ensuring that a complete free for all regime is not what is intended by the law. But a circumspect one, where the copying has to fall within the bounds of the educational exception.

Overall, this is a huge victory for educational access and public interest in India. And very welcome in a world that was witnessing a rather one sided ratcheting up of IP norms, at the cost of all else!

That's an important point. So often it seems that copyright only ever gets longer and stronger, with the public always on the losing side. The latest news from India shows that very occasionally, it's the public that wins.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

19 Comments | Leave a Comment..

Posted on Techdirt - 10 March 2017 @ 7:39pm

How To Improve Online Comments: Test Whether People Have Read The Article Before Allowing Them To Respond

from the probably-asking-too-much dept

For a while now, Techdirt has been writing about the decision by some sites to stop allowing readers to make comments on articles. We've pointed out that's pretty regrettable, especially when it's couched in insulting terms of "valuing conversations" or building "better relationships." Dropping comments is a lazy response to a real and challenging problem: how to encourage readers to engage in meaningful ways.

As well as a natural tendency for people to write hurtful or insultings things that they probably wouldn't say to each other face-to-face, there's another problem: the rise of Internet troll factories whose entire purpose is to flood sites with propaganda in the form of comments that espouse a particular viewpoint. As we noted recently, Google is looking to use machine learning technology to help identify and then deal with toxic comments:

a publisher could flag comments for its own moderators to review and decide whether to include them in a conversation. Or a publisher could provide tools to help their community understand the impact of what they are writing -- by, for example, letting the commenter see the potential toxicity of their comment as they write it. Publishers could even just allow readers to sort comments by toxicity themselves, making it easier to find great discussions hidden under toxic ones.

As Google itself admits, the issue is "about more than just improving comments. We hope we can help improve conversations online." A rather clever way to do that has been devised by NRKbeta, the technology site of the Norwegian government-owned radio and television public broadcasting company, NRK. Here's the basic idea (via Google Translate):

a small [on-screen] module is presented to you as a reader with three questions from the article that you must answer in order to be able to contribute to the discussion.

Actually reading the article before you comment on it -- pretty revolutionary, no? NRKbeta realizes that it's not a perfect solution:

We know of course that it is possible to "cheat" with these questions by searching the text above [the on-screen module], and that using this approach it cannot be guaranteed that everyone actually read the article, but we still think it's worth the experiment.

It's hard not to agree, because it tries to tackle one of the root causes of comments that add nothing to the conversation -- a failure to read what the article said -- by making it a pre-requisite before you can add your own thoughts. It also has the virtue of being extensible in various ways. For example, there could be more than three questions in the pop-up box, and your comment's place and prominence in the conversation could be determined by how many you get right. This might allow the thoughts of more engaged readers to bubble naturally to the top of the conversation. The fact that the code for the feature has been released as free software makes experimentation even easier. NRKbeta's idea certainly seems a better approach than simply giving up and removing comments altogether.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

193 Comments | Leave a Comment..

Posted on Techdirt - 10 March 2017 @ 11:50am

EU Parliament Report Recommends Throwing Out Something Even Worse Than The Link Tax: Upload Filtering

from the save-the-meme dept

Techdirt has just written about how a report from the European Parliament's "rapporteur" -- basically, the subject lead -- on planned reforms to EU copyright law recommends dumping one of the most stupid ideas in the draft proposals, a link or "snippets" tax. Although that's good news, it shouldn't come as a huge surprise. After all, the idea has already been tried in Germany and Spain, and failed dismally both times. The damage that a link tax would cause to the smooth functioning of the Web is so obvious that the only people refusing to acknowledge that fact are the publishers who have been demanding this new "right" as part of their copyright maximalism. But alongside the ridiculous snippets tax, there's another extremely dangerous idea that the European Commission has slipped into its copyright reform. Article 13 of the published draft (pdf) reads as follows:

Information society service providers that store and provide to the public access to large amounts of works or other subject-matter uploaded by their users shall, in cooperation with rightholders, take measures to ensure the functioning of agreements concluded with rightholders for the use of their works or other subject-matter or to prevent the availability on their services of works or other subject-matter identified by rightholders through the cooperation with the service providers. Those measures, such as the use of effective content recognition technologies, shall be appropriate and proportionate.

That is, those running online sites where users upload large quantities of material would be obliged to filter all those files to check for copyright material by using some unspecified, possibly magical, "content recognition technologies" that can tell when something is illegal or not. The problems with this are many and deep, as a post on the EDRi site explains:

the proposal of the Commission would require private companies to police the internet, in direct contradiction to two separate European Court rulings. The proposal would eliminate our freedoms to remix, to parody and others, in explicit breach of the EU's obligations contained in the Charter of Fundamental Rights of the EU.

The good news is that Therese Comodini Cachia, the rapporteur who wants to drop the link tax, also has some sensible suggestions for how to fix this "censorship machine":

In the leaked proposed amendments [to the new EU copyright law], Ms Comodini has deleted key aspects of the section of the draft Directive and amended the proposal in a way which would minimise the worst aspects of the censorship machine. Moreover, she has correctly restated the liability rules which exist in current EU legislation (the e-Commerce Directive). She advocates for the licensing agreements that were the ostensible goal of the European Commission in the first place.

However, it would be premature to celebrate this outbreak of good sense. Although it seems quite likely that the European Parliament will agree with the recommendations of its rapporteur here, the European Commission and national governments of the member states may disagree, and still try to keep Article 13 in its current form because of pressure from lobbyists. Ultimately, that would lead to EU negotiations behind closed doors and compromises that could see upload filtering retained with some modifications and perhaps token safeguards.

Fortunately, there is still some time to mobilize public opinion here. Although upload filtering seems an obscure, rather technical issue, it threatens some very fundamental Internet freedoms like remixing and creating parodies. As part of an effort to reach a broader audience, the Dutch Bits of Freedom digital rights group has put together a simple site called "Save the Meme," which encourages EU citizens to contact their MEPs to make sure as many as possible vote against Article 13, sending a strong signal to the European Commission and national governments that it has to go -- just like the link tax.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

24 Comments | Leave a Comment..

Posted on Techdirt - 10 March 2017 @ 3:33am

Civil Liberties Groups Point Out More Reasons Why The 'Privacy Shield' Framework For Transatlantic Data Flows Is At Risk

from the much-more-serious-than-it-looks dept

Earlier this year, we wrote about growing concerns that President Trump's executive order stripping those who are not US citizens of certain rights under the Privacy Act could have major consequences for transatlantic data flows. Now two leading civil liberties groups -- the American Civil Liberties Union (ACLU) and Human Rights Watch (HRW) -- have sent a joint letter to the EU's Commissioner for Justice, Consumers and Gender Equality, and other leading members of the European Commission and Parliament, urging the EU to re-examine the Privacy Shield agreement, which regulates transatlantic data flows, as well as the US-EU umbrella agreement, a data protection framework for EU-US law enforcement cooperation. The joint letter calls on European politicians to take into account what the ACLU and HRW delicately term "changed circumstances" -- essentially, the arrival of Donald Trump and his new agenda.

The first worry concerns the Executive Order that excluded foreigners from privacy protections. The joint letter goes into more detail about why other laws, for example, the Judicial Redress Act, are not an adequate replacement for those protections. The ACLU and HRW also raise another issue: the lack of a functioning Privacy and Civil Liberties Oversight Board (PCLOB). That matters, because the Court of Justice of the European Union (CJEU) said oversight was needed to ensure that EU data receives appropriate privacy and other fundamental rights protections when it is exported to other countries. The joint letter explains why effective US oversight and redress mechanisms are absent:

The Privacy and Civil Liberties Oversight Board, while fulfilling a valuable public reporting role, is limited in its oversight function and was not designed to provide redress concerning US surveillance practices. Thus, the PCLOB has never provided remedies for rights violations or functioned as a sufficient mechanism to protect personal data. In recent months, the situation has worsened: the PCLOB currently lacks a quorum, which strips its ability to issue public reports and recommendations, make basic staffing decisions, assist the Ombudsman created by the Privacy Shield framework, and conduct other routine business as part of its oversight responsibilities. The current administration and Senate have yet to act to fill the vacancies on the PCLOB.

Some might dismiss the letter as troublemakers stirring things up over nothing. But the Privacy Shield framework is crucial if data flows across the Atlantic are to continue as at present. Without it, or some replacement, US companies will find it much harder to move personal data out of the EU. If they do so without adequate legal safeguards, oversight and redress mechanisms in the US, they are likely to be fined by data protection officials across Europe, who are always happy to make high-profile examples of erring companies in order to encourage everyone else to comply with EU law.

Protecting the privacy of Europeans and filling vacant seats on the Privacy and Civil Liberties Oversight Board are probably not priorities for the Trump administration as it settles in and grapples with multiple issues. But the European Commission has to take demands to revisit and possibly suspend Privacy Shield seriously. If the EU decides to drop the framework, as it has just threatened to do if there is a "significant change" in the US approach to EU privacy, then the consequences for US companies are likely to be so serious that even an over-stretched Trump administration will need to start paying attention.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

21 Comments | Leave a Comment..

Posted on Techdirt - 9 March 2017 @ 3:22am

UK Local Government Confirms Surprising EU Position That Viewing Pirated Streams Probably Isn't Illegal

from the but-a-key-court-ruling-may-change-that-soon dept

A couple of years ago, the MPAA was freaking out about a piece of free software called Popcorn Time. Even though it was hugely popular as a result of its ease of use -- and access to large numbers of infringing copies of films -- it had a serious weakness. Since Popcorn Time was basically a BitTorrent client with an integrated media player, it was often possible to track down people who were using it. That fact, and the increasingly heavy-handed legal action taken against some sites that only had a vague connection with the Popcorn Time software, led to people moving on to more discreet alternatives that are based on direct streaming. One of the most popular today is Kodi, which describes itself as a "software media center for playing videos, music, pictures, games, and more." Like Popcorn time, it is also open source, but it does not include a BitTorrent client. Instead, as its website says:

you should provide your own content from a local or remote storage location, DVD, Blu-Ray or any other media carrier that you own. Additionally Kodi allows you to install third-party plugins that may provide access to content that is freely available on the official content provider website. The watching or listening of illegal or pirated content which would otherwise need to be paid for is not endorsed or approved by Team Kodi.

That distinction between the main code and third-party plugins has meant that it is generally accepted that Kodi itself is perfectly legal. The problem arises when third-party plugins are added that allow users to stream pirated content, typically through what are called "fully-loaded" boxes, which are sold very cheaply -- one benefit of using open source. There are two issues here: is it legal to sell these "fully-loaded" boxes, and is it legal to use them?

The UK authorities clearly think that selling these boxes is illegal: recently, five people were arrested for doing so. On the second question -- is it legal to use these boxes? -- an interesting article published in The Derby Telegraph quotes a spokesperson for the UK local government department known as Trading Standards as saying:

Accessing premium paid-for content without a subscription is considered by the industry as unlawful access, although streaming something online, rather than downloading a file, is likely to be exempt from copyright laws.

That might seem a surprising position for an enforcement department to take, but support for it comes from an unusual quarter, as TorrentFreak noted in an article last year:

the European Commission doesn’t believe that consumers who watch pirate streams are infringing. From the user’s perspective they equate streaming to watching, which is legitimate.

The European Commission gave its view during the hearing of an important case currently before Europe's highest court involving the Dutch anti-piracy group BREIN, which wrote in its summary of the hearing:

The case concerns the sale of a mediaplayer on which the trader has loaded add-ons that link to evidently illegal websites that link to content. For a user such a player is 'plug & play'. This king of pre-programmed player usually are offered with slogans like 'never pay again for the newest films and series' and 'completely legal, downloading from illegal sources is prohibited but streaming is allowed'. In summary the pre-judicial questions concern whether the seller of such a mediaplayer infringes copyright and whether streaming from an illegal source is legitimate use.

The judgment from the Court of Justice of the European Union is expected soon, and will lay down whether the sale and use of "fully-loaded" boxes is legal across the EU. Meanwhile, in the UK, a consultation has just been launched on the subject, whose title -- "Illicit IPTV Streaming Devices" (pdf) -- suggests the government there has already made up its mind on the matter.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

19 Comments | Leave a Comment..

Posted on Techdirt - 8 March 2017 @ 1:04pm

Important Ruling On Perennially-Problematic Creative Commons Non-Commercial License

from the NC-stands-for-'not-clear' dept

Techdirt has been warning about the problems with the Creative Commons Non-Commercial License (CC NC) for many, many years. Last September, Mike wrote about an important case involving the CC NC license, brought by Great Minds, an educational non-profit organization, against FedEx, the shipping giant. Copy shops owned by FedEx photocopied some of Great Minds' works on behalf of school districts. The material had been released by Great Minds under a CC BY-NC-SA 4.0 license -- that is, the Attribution-NonCommercial-ShareAlike license. The issue was whether a company like Fedex could make copies on behalf of a non-commercial organization, of material released under a license that stipulated non-commercial use. Happily, the judge in the case has ruled that it can (pdf):

At issue on this motion to dismiss is whether the allegations that FedEx has copied the Materials at the behest of one or more school districts and charged the school districts for that copying at a rate more than FedEx's cost states a claim for violation of GM's copyright. There is no claim that the undisclosed school districts are using the Materials for other than a "non-Commercial purpose" or that FedEx has copied the Materials for any other entities or for its own purposes. As so framed, FedEx's copying of the Materials is permitted by unambiguous terms of the License and the motion to dismiss is granted.

That's a sensible result: FedEx was simply an intermediary making copies on behalf of a non-profit organization, even if FedEx extracted normal profits in the course of doing so. But it's also important, because if the judge had found against FedEx, the wider consequences for the CC-NC license would have been disastrous. A few were spelled out in the August 2016 letter from Creative Commons Corporation's lawyers (pdf) seeking permission to file an amicus brief:

a CC BY-NC-SA 4.0 license would be of decidedly limited value if the licensor could invariably sue any for-profit intermediary engaged by the end user in the course of carrying out the ultimately permitted use. And the results would be absurd. Under the plaintiff's interpretation, school districts could not engage a parcel service to send copies of the licensed works to schools; could not use an internet service provider to host the works online for use in the classroom; or, more unworkable still, could not even email a digital file through a commercial network for receipt by students and educators

Although everything turned out fine in this case, it's worth noting that the problem was caused -- yet again -- by the ambiguous nature of the CC-NC license. Moreover, we are quite likely to see yet more court cases as a result of the lack of clarity around the definition of non-commercial use. It's hard not to feel that this particular Creative Commons license is more trouble than it's worth.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Read More | 36 Comments | Leave a Comment..

Posted on Techdirt - 8 March 2017 @ 3:15am

Body Cameras Used By UK Local Government To Catch People Dropping Litter And Walking Dogs

from the illegal-pigeon-feeders-beware dept

We've just written about the use of body cameras in UK schools. One reason these trials are taking place is probably because the technology is now relatively cheap, which lowers previous barriers to deploying it. So it should perhaps come as no surprise to learn from a new report from Big Brother Watch that body cameras are also widely used by UK local government departments (pdf). Here are some of the figures Big Brother Watch gathered using Freedom of Information requests to over 400 UK councils:

54% of all local [government] authorities across the UK are equipping members of staff or contractors with body worn cameras at a cost of £1,791,960.81 [about $2.2 million].

66% of local authorities are failing to completing Privacy Impact Assessments (PIAs) before deploying the technology and

21% of councils are holding non-evidential footage for longer than 31 days; the time limit adhered to by police forces.

The report has details about how many body cameras each local authority has -- one in London has 202 -- how much has been spent, and with which suppliers. It also offers some information about the kind of uses to which the cameras are being put:

the decision by some councils to equip staff with the cameras in order to film people dropping litter, walking dogs, parking or to monitor people's recycling, in order to use the "evidence" to issue a fine, we would argue is a disproportionate use of an intrusive surveillance capability and a potential breach of the privacy of law abiding citizens.

Many local government officials would doubtless disagree. After all, we know that UK councils are using highly-intrusive surveillance powers supposedly needed to fight terrorism in order to spy on excessively barking dogs and illegal pigeon feeding. It's a natural, if worrying, extension of that approach to start using body cameras for similarly trivial purposes.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

36 Comments | Leave a Comment..

Posted on Techdirt - 3 March 2017 @ 3:13am

India Opening Up World's Largest Biometric Database For Commercial Applications, Despite Inadequate Privacy Protection

from the India-Stack-attack dept

Techdirt has been following India's construction of the world's largest biometric database, called Aadhaar, since July 2015. Concerns include the fact that what was billed as a voluntary system has been morphing into a compulsory one, and evidence that Aadhaar simply can't cope with real-life biometrics. Undeterred, the Indian government wants to expand the system even further by opening it up for use by companies, as the Wall Street Journal reports:

The Indian government has gathered digital-identification records, including fingerprint impressions and eye scans, of nearly all of its 1.2 billion citizens. Now a government-backed initiative known as "India Stack" aims to standardize ways to exchange the data digitally to facilitate the transfer of signatures and official documents that citizens need to get jobs, make financial transactions or access government services.

By allowing developers to incorporate use of government identification records in their commercial websites and apps, the initiative envisions Indians -- with mobile phones in hand -- using iris and fingerprint scans to sign up for insurance, invest in mutual funds, receive health-care subsidies and verify their identity for school examinations.

In itself, there's nothing wrong with this approach. Indeed, it has many benefits, notably making it easier for people to deal with India's bureaucracy, and helping to fight corruption. But those advantages could be compromised if privacy is neglected. And here the Indian government is sending all the wrong signals:

Prime Minister Narendra Modi's government has delayed a new bill that would bring India's privacy laws more in line with those of major European nations. Meanwhile, the government has questioned a constitutional right to privacy in pleadings before the Indian Supreme Court.

Without adequate privacy protection, the system seems ripe for abuse, both by unscrupulous companies targeting hapless consumers, and by state organizations, which might use it as a powerful surveillance tool. If the Indian government wants to become a world leader in using biometric-based digital identity for its citizens, as the Wall Street Journal article suggests, it should make crafting effective privacy protection laws a priority.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

6 Comments | Leave a Comment..

Posted on Techdirt - 1 March 2017 @ 10:43am

Tim Berners-Lee Endorses DRM In HTML5, Offers Depressingly Weak Defense Of His Decision

from the welcome-to-the-locked-down-web dept

For the last four years, the Web has had to live with a festering wound: the threat of DRM being added to the HTML 5 standard in the form of Encrypted Media Extensions (EME). Here on Techdirt, we've written numerous posts explaining why this is a really stupid idea, as have many, many other people. Despite the clear evidence that EME will be harmful to just about everyone -- except the copyright companies, of course -- the inventor of the Web, and director of the W3C (World Wide Web Consortium), Sir Tim Berners-Lee, has just given his blessing to the idea:

The question which has been debated around the net is whether W3C should endorse the Encrypted Media Extensions (EME) standard which allows a web page to include encrypted content, by connecting an existing underlying Digital Rights Management (DRM) system in the underlying platform. Some people have protested "no", but in fact I decided the actual logical answer is "yes". As many people have been so fervent in their demonstrations, I feel I owe it to them to explain the logic.

He does so in a long, rather rambling post that signally fails to convince. Its main argument is defeatism: DRM exists, the DMCA exists, copyright exists, so we'll just have to go along with them:

could W3C make a stand and just because DRM is a bad thing for users, could just refuse to work on DRM and push back wherever they could on it? Well, that would again not have any effect, because the W3C is not a court or an enforcement agency. W3C is a place for people to talk, and forge consensus over great new technology for the web. Yes, there is an argument made that in any case, W3C should just stand up against DRM, but we, like Canute, understand our power is limited.

But there's a world of difference between recognizing that DRM exists, and giving it W3C's endorsement. Refusing to incorporate DRM in HTML5 would send a strong signal that it has no place in an open Internet, which would help other efforts to get rid of it completely. That's a realistic aim, for reasons that Berners-Lee himself mentions:

we have seen [the music] industry move consciously from a DRM-based model to an unencrypted model, where often the buyer's email address may be put in a watermark, but there is no DRM.

In other words, an industry that hitherto claimed that DRM was indispensable, has now moved to another approach that does not require it. The video industry could do exactly the same, and refusing to include EME in HTML5 would be a great way of encouraging them to do so. Instead, by making DRM an official part of the Web, Berners-Lee has almost guaranteed that companies will stick with it.

Aside from a fatalistic acceptance of DRM's inevitability, Berners-Lee's main argument seems to be that EME allows the user's privacy to be protected better than other approaches. That's a noble aim, but his reasoning doesn't stand up to scrutiny. He says:

If [video companies] put it on the web using EME, they will get to record that the user unlocked the movie. The browser though, in the EME system, can limit the amount of access the DRM code has, and can prevent it "phoning home" with more details. (The web page may also monitor and report on the user, but that can be detected and monitored as that code is not part of the "DRM blob")

In fact there are various ways that a Web page can identify and track a user. And if the content is being streamed, the company will inevitably know exactly what is being watched when, so Berners-Lee's argument that EME is better than a closed-source app, which could be used to profile a user, is not true. Moreover, harping on about the disadvantages of closed-source systems is disingenuous, since the DRM modules used with EME are all closed source.

Also deeply disappointing is Berners-Lee's failure to recognize the seriousness of the threat that EME represents to security researchers. The problem is that once DRM enters the equation, the DMCA comes into play, with heavy penalties for those who dare to reveal flaws, as the EFF explained two years ago. The EFF came up with a simple solution that would at least have limited the damage the DMCA inflicts here:

a binding promise that W3C members would have to sign as a condition of continuing the DRM work at the W3C, and once they do, they not be able to use the DMCA or laws like it to threaten security researchers.

Berners-Lee's support for this idea is feeble:

There is currently (2017-02) a related effort at W3C to encourage companies to set up "bug bounty" programs to the extent that at least they guarantee immunity from prosecution to security researchers who find and report bugs in their systems. While W3C can encourage this, it can only provide guidelines, and cannot change the law. I encourage those who think this is important to help find a common set of best practice guidelines which companies will agree to.

One of the biggest problems with the defense of his position is that Berners-Lee acknowledges only in passing one of the most serious threats that DRM in HTML5 represents to the open Web. Talking about concerns that DRM for videos could spread to text, he writes:

For books, yes this could be a problem, because there have been a large number of closed non-web devices which people are used to, and for which the publishers are used to using DRM. For many the physical devices have been replaced by apps, including DRM, on general purpose devices like closed phones or open computers. We can hope that the industry, in moving to a web model, will also give up DRM, but it isn't clear.

So he admits that EME may well be used for locking down e-book texts online. But there is no difference between an e-book text and a Web page, so Berners-Lee is tacitly admitting that DRM could be applied to basic Web pages. An EFF post spelt out what that would mean in practice:

A Web where you cannot cut and paste text; where your browser can't "Save As..." an image; where the "allowed" uses of saved files are monitored beyond the browser; where JavaScript is sealed away in opaque tombs; and maybe even where we can no longer effectively "View Source" on some sites, is a very different Web from the one we have today.

It's also totally different from the Web that Berners-Lee invented in 1989, and then generously gave away for the world to enjoy and develop. It's truly sad to see him acquiescing in a move that could destroy the very thing that made the Web such a wonderfully rich and universal medium -- its openness.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

85 Comments | Leave a Comment..

Posted on Techdirt - 27 February 2017 @ 4:18pm

Top Russian Net Official Says Children Under 10 Shouldn't Go Online -- At All

from the changing-perceptions-of-reality dept

As Techdirt readers know only too well, doing things "for the children" is a perfect excuse to pass all kinds of ridiculous laws that would otherwise be thrown out without a thought. For example, back in 2013, we wrote about attempts to pass legislation in Russia that would ban swearing on the Internet. It was framed as an amendment to an existing law called "On the Protection of Children" that introduced a blacklist designed to block access to information on drugs, suicide and child pornography. Now the head of Roskomnadzor, the body that oversees website-blocking in Russia, has a bold proposal for protecting children from all the Internet's possible harms. It takes the "for the children" logic to its logical conclusion, as TorrentFreak explains:

In a Q&A session with, Alexander Zharov spoke on a number of issues, including online safety, especially for children. Naturally, kids need to be protected but the Rozcomnadzor chief has some quite radical ideas when it comes to them using the Internet.

"I believe that a child under 10-years-old should not go online. To use [the Internet] actively they need to start even later than that," Zharov said.

He went on to say:

"Some parents are proud of the fact that their three-year-old kid can deftly control a tablet and use it to watch cartoons. It is nothing good, in my opinion. A small child will begin to consider the virtual world part of the real world, and it changes their perception of reality."

This is presumably just Zharov's personal opinion, not a foreshadowing of official policy -- it's hard to believe the view that children under 10 years old should stay off the Net would ever be enshrined in a law. Then again, given some of the things that Russian officials have been suggesting, such as disconnecting Russia from the global Internet, you never know. And once people start invoking "for the children," common sense tends to go straight out of the window.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

37 Comments | Leave a Comment..

Posted on Techdirt - 27 February 2017 @ 10:44am

Inside Another Internet Troll Factory: This Time In Sweden, But With Russian Connections

from the it's-all-about-size dept

Well before fake news became a thing, Karl was reporting on the fascinating details that have emerged about Russia's Internet troll factories that relentlessly pump out fake posts on an extraordinary scale. More recently, the Russian Defense Minister Sergei Shoigu revealed that the country's military has created a force specifically tasked with waging information warfare. We may know about Russia's domestic activities in this area, but what about online propaganda teams active in other countries? One data point towards answering that question is provided by an article on a site called the Disinformation Review, which describes itself as follows:

the latest cases of news articles carrying key examples of how pro-Kremlin disinformation finds its way in international media, as well as news and analysis on the topic. The review focuses on key messages carried in international media which have been identified as providing a partial, distorted or false view or interpretation and/or spreading key pro-Kremlin messaging.

It does not necessarily imply however that the outlet concerned is linked to the Kremlin or pro-Kremlin, or that it has intentionally sought to disinform. The Review is a compilation of cases from the East StratCom Task Force's wide network of contributors and therefore cannot be considered an official EU position.

That is, the Disinformation Review draws on information provided by the EU-funded East StratCom Task Force, and is part of the EU's response to what it sees as growing Russian propaganda directed against the European Union and its member states. A recent post on the site delves into another troll factory, but this time in Sweden. It reports on an article originally published by the Swedish daily Eskilstuna Kuriren:

we read that Swedish trolls primarily target journalists; that they develop and use scripts for their telephone conversations; and that the trolls are paid 1,000 SEK (110 EUR [about $110]) when their recorded telephone conversations obtains enough 'likes' in social media. We read that the trolls work with manuals that instruct them to edit the recordings to make them as "entertaining" as possible. We also read that the people behind the troll factory belong to Swedish racist and extreme right wing organisations.

But it's not only extreme right-wing viewpoints that the Swedish Internet troll factory supports:

The agenda of the political movement affiliated with the trolls is, according to the investigation, "xenophobia and Islamophobia", combined with promotion of commentators who "support Russia after the occupation of the Crimea and the Russian-backed civil war in Ukraine".

Despite that intriguing fact, the Swedish newspaper report was unable to establish who was funding the propaganda efforts. However, it does provide some interesting information about what makes a successful Internet troll factory:

Eskilstuna Kuriren ends their piece by asking that question to Jack Werner, co-founder of the popular Swedish fact-checker Viralgranskaren. According to Werner, the organisation is possibly limited in size, but a central part of its strategy is to make itself look very big: "The aim of propaganda is to respond to light so as to make the shadow it casts is as large as possible. If you really want to give the impression that your side is the largest, most dedicated and most passionate, it requires more work, for example, you will need to spend days and nights writing comments in the internet."

The article quotes figures from an earlier investigation into right-wing propaganda sites, which found that just 183 individual writers accounted for 366,291 comments out of a total of half a million, which works out as 2,000 comments per person on average. Perhaps that high volume could be turned against the Internet troll factories.

Since it is very hard for people to write so many comments so quickly without using similar phrases, sites might check new posts against old ones to eliminate those that are likely to be from a few writers churning them out to order. The technology already exists, and is widely used to spot academic plagiarism, for example. Cloud computing platforms would allow this approach to be applied routinely at a reasonable cost, and there would be scope for new third-party services to flag up re-used content across multiple sites. Google's parent company, Alphabet, is already working on software in this area. Maybe the time has come to apply a little more intelligence and computational firepower to tackling the growing threat that intentionally misleading and inflammatory posts by Internet trolls represent not just to online discourse, but far beyond.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

9 Comments | Leave a Comment..

Posted on Techdirt - 27 February 2017 @ 3:25am

China Orders Every Vehicle In Region Troubled By Ethnic Unrest To Be Fitted With Satnav Tracker

from the spy-in-the-sky dept

Techdirt stories on China tend to paint a fairly grim picture of relentless surveillance and censorship, and serve as a warning of what could happen in the West if government powers there are not constrained. But if you want to see how a real dystopian world operates, you need to look at what is happening in the north-western part of China's huge domain. Xinjiang was originally a turkic-speaking land, but the indigenous Uyghur population is increasingly swamped by Chinese-speaking immigrants, which has caused growing unrest. Violent attacks on the Chinese population in the region have led to a harsh crackdown on the Uyghurs, provoking yet more resentment, and yet more attacks.

Last November, we noted that the Chinese authorities in Xinjiang were describing censorship circumvention tools as "terrorist software." Now the Guardian reports on an ambitious attempt by the Chinese government to bring in a new kind of surveillance for Xinjiang:

Security officials in China's violence-stricken north-west have ordered residents to install GPS tracking devices in their vehicles so authorities are able to keep permanent tabs on their movements.

The compulsory measure, which came into force this week and could eventually affect hundreds of thousands of vehicles, is being rolled out in the Bayingolin Mongol Autonomous Prefecture of Xinjiang, a sprawling region that borders Central Asia and sees regular eruptions of deadly violence.

The rollout is already underway -- those who refuse to install the trackers will not be allowed to refuel their vehicles:

Between 20 February and 30 June all private, secondhand and government vehicles as well as heavy vehicles such as bulldozers and lorries will have to comply with the order by installing the China-made Beidou satellite navigation system.

Beidou is the homegrown version of the US Global Positioning System, completely under the control of the Chinese government. According to Wikipedia, the Beidou system has two levels of accuracy:

The free civilian service has a 10-meter location-tracking accuracy, synchronizes clocks with an accuracy of 10 nanoseconds, and measures speeds to within 0.2 m/s. The restricted military service has a location accuracy of 10 centimetres, can be used for communication, and will supply information about the system status to the user.

Being able to track any car in the Bayingolin Mongol Autonomous Prefecture of Xinjiang to a few inches should be enough even for the paranoid Chinese authorities. The fear has to be that, if successful, this latest form of extreme surveillance may spread to other regions in China, assuming Beidou could cope with such large-scale tracking.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

43 Comments | Leave a Comment..

More posts from Glyn Moody >>