Glyn Moody’s Techdirt Profile

glynmoody

About Glyn MoodyTechdirt Insider




Posted on Techdirt - 27 April 2015 @ 3:48am

Senior Police Officer Suggests Companies Allowing People To Use Strong Crypto Are 'Friendly To Terrorists'

from the just-stop-whining dept

Last November, we ran through the list of senior law enforcement officers on both sides of the Atlantic who all came out with suspiciously similar whines about how strong crypto was turning the internet into a "dark and ungoverned" place. Judging by this story in Reuters, others want to join the choir:

Some technology and communication firms are helping militants avoid detection by developing systems that are "friendly to terrorists", Britain's top anti-terrorism police officer said on Tuesday.
That remark comes from Assistant Commissioner Mark Rowley, who is the UK's National Policing Lead for Counter-Terrorism, replacing Cressida Dick. Here's the problem according to Rowley:
"Some of the acceleration of technology, whether it's communications or other spheres, can be set up in different ways," Rowley told a conference in London.

"It can be set up in a way which is friendly to terrorists and helps them ... and creates challenges for law enforcement and intelligence agencies. Or it can be set up in a way which doesn't do that."
"Set up in a way which is friendly to terrorists and helps them" obviously means using strong crypto; "set up in a way which doesn't do that" therefore means with compromised crypto. Like his colleagues, Rowley too blames the current mistrust between the intelligence agencies and computer companies on Edward Snowden:
"Snowden has created an environment where some technology companies are less comfortable working with law reinforcement and intelligence agencies and the bad guys are better informed," Rowley told Reuters after his speech.
Well, no, actually. That "environment" has been created by the NSA and GCHQ working together to break into the main online services, and undermine key aspects of digital technology, with no thought for the collateral damage that ruining internet security might cause for the world. Rowley is also quoted as saying:
"We all love the benefit of the internet and all the rest of it, but we need [technology companies'] support in making sure that they're doing everything possible to stop their technology being exploited by terrorists. I'm saying that needs to be front and centre of their thinking and for some it is and some it isn't."
The technology is not being "exploited" by terrorists, it's being used by them, just as they use telephones or microwaves or washing machines. That's what those devices are there for. The idea that trying to make broken internet technologies should be "front and center" of technology companies' thinking bespeaks a complete contempt for their users.

This constant refrain about how awful strong crypto is, and how we must break it, is simply the intelligence services implicitly admitting that they find the idea of doing their job in a free society, where people are able to keep some messages private, too hard, so they would be really grateful if technology companies could just fall in line and make life easier by destroying privacy for everyone.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

65 Comments | Leave a Comment..

Posted on Techdirt - 24 April 2015 @ 9:14am

Japanese Court Orders Google To Remove Customer Reviews From Its Maps Service -- Globally

from the long-arm-of-the-law dept

The following story from Japan, reported by Techcrunch, might seem to be an everyday internet tale of privacy and freedom of speech interacting badly:

The Chiba District Court today issued a preliminary injunction forcing the U.S. internet company to remove two anonymous reviews for an undisclosed medical clinic in the country. While they document negative customer experiences at the clinic, neither review violates the policies that Google has in place for user generated content within the Maps service.
Nothing special there, you might think, but there's a sting in the tail:
The court ruled that Google not only removes the content in Japan, but across the entire globe too.
That's troubling, because it's yet another case of a local court asserting its right to affect what happens across the entire internet -- the best-known example being the EU's claim that its privacy regulations have to apply globally if they are to be effective. It's worrying to see a similar ruling from Japan, albeit only in a preliminary injunction, and one that Google is appealing against, because it risks normalizing that view, with serious consequences for the online world. Far from being a domain subject to no rules, as politicians love to claim, the internet would begin to turn into the one place that has to obey every country's laws.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

38 Comments | Leave a Comment..

Posted on Techdirt - 23 April 2015 @ 1:03am

Corporate Sovereignty Trumps National Laws; Here's How The US Thinks It Can Get Around That

from the ain't-gonna-work dept

For a while now, Techdirt has been writing about the extraordinary corporate sovereignty chapters in trade agreements that grant foreign companies far-reaching powers to sue a government simply for issuing regulations that impact their investments. Recently, there has been a textbook example of how the investor-state dispute settlement (ISDS) tribunals that adjudicate corporate sovereignty cases are literally a law unto themselves. A post on The Hill explains the background:

A company sought to develop a mining and marine terminal project in Canada, but it had to obtain approval from provincial and federal authorities. As part of that process, the company had to submit an environmental impact study (EIS) addressing the project’s potential impacts on the natural and human environment.
A panel of experts was appointed to review that study, and to issue a recommendation on whether the project should go ahead. The experts recommended against approval, partly on the basis that it would have been inconsistent with "core community values." As a result, the federal and provincial officials rejected the project. The company involved, Bilcon, appealed against that decision, but did so invoking NAFTA's corporate sovereignty provisions. The ISDS tribunal ruled that:
The advisory panel's consideration of "core community values" went beyond the panel’s duty to consider impacts on the "human environment" taking into account the local "economy, life style, social traditions, or quality of life." The arbitrators then proclaimed that the government's decision to reject Bilcon's proposed project based on the experts' recommendation was a violation of the NAFTA.
As The Hill article points out, that shouldn't have happened:
The parties to the NAFTA -- the United States, Canada and Mexico -- have all repeatedly clarified that ISDS is not meant to be a court of appeals sitting in judgment of domestic administrative or judicial decisions.
Nonetheless, the ISDS tribunal's lawyers ignored the clear intent of NAFTA's corporate sovereignty provisions, and issued their judgment dismissing local decisions following national laws. Because of the astonishing way that ISDS works, Canada can't even appeal. However, as the article in The Hill points out, the situation would have been even worse had the ISDS tribunal argued correctly:
It shows that ISDS stymies crucial evolution in domestic law. Under the tribunal's reasoning, a breach of international law arises when government officials interpret vague concepts such as the "human environment" or "socio-economic" impacts using principles or terms not expressly found in earlier decisions. Yet, particularly in common-law jurisdictions such as the US's, law develops in large part through new interpretations, adapting to changing circumstances and times. If this evolving process were indeed a breach of international law, the US should expect to face significant liability to foreign companies, especially as ISDS is included in new treaties with capital-exporting countries.
In fact, there is a first hint that the US government is well aware of these huge problems with corporate sovereignty provisions, and that it is already preparing for the day when it loses a major ISDS case. That hasn't happened so far in part because relatively few foreign companies covered by existing trade agreements with corporate sovereignty provisions have major investments in the US that would allow them to make claims. However, that will change dramatically if an ISDS chapter is included in the TTIP/TAFTA deal currently being negotiated. According to Public Citizen's calculations (pdf):
More than 3,400 parent corporations in EU nations own more than 24,200 subsidiaries in the United States, any one of which could provide the basis for an investor-state claim if TAFTA were to be enacted with ISDS.
That might explain a very interesting aspect of the Fast Track Bill released recently, as Sean M. Flynn, Associate Director, Program on Information Justice, and Intellectual Property Professorial Lecturer in Residence, American University Washington College of Law, explains:
The Trade Promotion Authority (TPA) bill that was released last week contains a fascinating Section 8 on "Sovereignty." The section appears intended to make all trade agreements with the U.S. not binding to the extent that they contradict any provision of U.S. law, current or future. If valid, the section would go a long way to calming fears in this country that new trade agreements, like the old ones, could be used by corporations or other countries to force the U.S. to alter domestic regulations.
However, Flynn then goes on to argue Section 8 actually has no effect in protecting US law, and that:
If Congress changes our law to be in violation of a treaty commitment, the only way to avoid liability for that change is to re-negotiate the applicable treaties to remove the confining language at issue.
That threat of being sued in international courts for non-compliance with treaties is precisely how corporations have used international agreements to force the signatories to strengthen protection for copyright and patents thanks to measures they themselves lobbied for, and to block any moves to change the law in favor of the public.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

34 Comments | Leave a Comment..

Posted on Techdirt - 22 April 2015 @ 1:02am

Welcome To The New League Of Leakers -- Courtesy Of Edward Snowden

from the courage-is-contagious dept

Whistleblowers are hardly a new phenomenon -- Wikipedia lists dozens of the more famous ones, going back to the 18th century. There have also been important government whistleblowers before -- people like Daniel Ellsberg, William Binney, Thomas Drake and John Kiriakou. Chelsea Manning's leak was on a huge scale, and garnered enormous media attention. And yet there is no doubt that it is Edward Snowden who has really changed the whistleblowing world most dramatically.

Because of what he leaked, and the way he leaked it -- the fact that he has evaded arrest, and is still free, even if living a somewhat circumscribed existence in Russia -- Snowden has ignited debates at multiple levels. As well as the obvious ones about surveillance, privacy, power and democracy, there's another one around whistleblowing itself, which has already had important knock-on effects. Evidence of that comes in an interesting post by Bruce Schneier, where he tots up the likely number of leakers that have recently started to provide information about the US intelligence community. Alongside Manning and Snowden, he thinks there are probably five more:

Leaker #3: The person who leaked secret documents to Jake Appelbaum, Laura Poitras and others in Germany: the Angela Merkel surveillance story, the TAO catalog, the X-KEYSCORE rules.

...

Leaker #4: "A source in the intelligence community," according to the Intercept, who leaked information about the Terrorist Screening Database, the "second leaker" from the movie Citizen Four

...

Leaker #5: Someone who is leaking CIA documents.

...

Leaker #6: The person who leaked secret information about WTO spying to The Intercept and the New Zealand Herald

...

Leaker #7: The person who just leaked secret information about the U.S. drone program to The Intercept and Speigel.
Schneier's post gives links for all those stories, as well as his reasons for thinking they are likely to be separate people (although he notes numbers 3 and 7 might be the same person.) As he concludes:
Way back in June 2013, Glenn Greenwald said that "courage is contagious." He seems to be correct.
It's almost as if people taking extremely high risks to leak important information about dubious activities by the US intelligence community has become normal. That's really pretty remarkable, and show just how big Snowden's impact has been.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

15 Comments | Leave a Comment..

Posted on Techdirt - 21 April 2015 @ 1:11am

Hosting Companies Threaten To Leave France Over (Yet Another) Surveillance Law. But Where Could They Go?

from the black-box dept

Back in December, we reported on how France sneakily enacted a controversial surveillance law on Christmas Eve, obviously hoping nobody would notice. Now the French government is quite brazenly saying last year's law didn't go far enough, and that it must bring in yet another surveillance law that is even more intrusive, and do it quickly with only minimal scrutiny. Here are just some of the problems with the new bill according to Human Rights Watch:

Serious flaws include expansive powers for the prime minister to authorize surveillance for purposes far beyond those recognized in international human rights law; lack of meaningful judicial oversight; requirements for private service providers to monitor and analyze user data and report suspicious patterns; prolonged retention periods for some captured data; and little public transparency.
That requirement for ISPs to install "black boxes" for algorithmic surveillance of "suspicious patterns" is particularly troubling:
The bill's requirement for service providers to install secret, unspecified, state-provided means of analyzing suspicious patterns -- for example, visits to websites advocating terrorism, or contacts with persons under investigation -- could potentially be applied to a virtually unlimited set of indicators, Human Rights Watch said.
Once these black boxes are in place, it can only be a matter of time before the copyright industry starts pushing to use them to detect copyright infringement. After all, it will doubtless point out, since the equipment will already be there, it wouldn't impose any further costs on service providers to carry out such scans. Who could possible object? Leading French Internet companies certainly do. As ZDNet reports, some are threatening to leave the country if the law is passed in its present form when it comes to the final vote on 5 May:
Seven companies, including web hosting and technology companies OVH, IDS, and Gandi have said in a letter to the French prime minister Manuel Valls that they will be pushed into de facto "exile" if the French government goes ahead with the "real-time capture of data" by its intelligence agencies.

The companies argued that being required by the law to install "black boxes" on their networks will "destroy a major segment of the economy," and if passed it will force them to "move our infrastructure, investments, and employees where our customers will want to work with us."
The companies say that between 30 to 40% of their turnover comes from customers outside France, attracted by the current framework's strong protection for online privacy (original in French.) It's a great gesture, but the question is: could the companies carry out their threat? After all, given the rush to introduce far-reaching surveillance laws in many other European countries, it's not clear where exactly those companies could go. Even Switzerland, that old standby, has its surveillance programs, and the risk is that it, too, will bring in measures like those of its neighbors.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

25 Comments | Leave a Comment..

Posted on Techdirt - 17 April 2015 @ 1:11am

Whistleblowers Urge UN To Strengthen Protection For Those Revealing Abuses

from the echoes-of-Snowden dept

Aside from the extraordinary information that he revealed about massive yet unsuspected surveillance programs, Edward Snowden has produced several other collateral benefits through his actions in 2013. For example, recently we learned that the DEA's phone tracking program was cancelled as a direct result of the revelations and the ensuing uproar. Other leakers have started to come forward, apparently inspired by his actions. And as the press has pored over Snowden's actions, it has become clear that support for government whistleblowers is woefully inadequate -- indeed, that they are regarded by the Obama administration pretty much as traitors.

More generally, the debate around Snowden has highlighted the important part that whistleblowers play in sustaining the rule of law and defending democracy. Now a group of whistleblowers has written a letter calling on the United Nations to recognize that role (pdf), and to improve protections within the organization (via Intellectual Property Watch):

As our experience shows, retaliation against whistleblowers affects the entire UN system and goes largely unchecked at all levels, including in the Executive suites. Some UN whistleblowers have been fired or demoted; others have been subject to more subtle forms of abuse like non-renewal of contracts or sudden transfer to duty stations on the other side of the globe; many face plain, simple harassment and intimidation.
The problems they have to deal with are very similar to those encountered by Snowden when he sought to use official channels to raise his concerns:
UN whistleblowers are forced to go through lengthy, and often expensive, internal appeal processes in which the burden of proof, as a practical matter, rests on the whistleblower to demonstrate retaliation (the usual standard in national systems requires the employer to justify their actions were not retaliatory).
As a result, they often end up taking the same route that he did:
Put simply, the UN system of justice fails whistleblowers, and most of us have been forced to leave the UN to save our livelihoods, our health and our reputations.
The letter's signatories go on to call for the UN to review whistleblower protection at the organization, and they make concrete suggestions on improving the lot of those revealing abuses, including recognizing that:
Whistleblower rights are human rights, which must be promoted and protected within the UN, as well as in affiliated specialized agencies and international organisations with immunity from national laws.
And extending whistleblower protections to:
UN peacekeepers, police officers, contractors, victims and any other person who provides information about misconduct that could undermine the organisation’s mission. The key to receiving protection should be the content of the information disclosed, not the identity of the person disclosing it.
Like much of the letter, that last point is applicable generally. It underlines the fact that a completely new framework for whistleblowers is required at every level, both nationally and internationally. The letter to the UN is part of an important move towards making that happen, in what could prove to be a key aspect of Snowden's long-term legacy.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

9 Comments | Leave a Comment..

Posted on Techdirt - 16 April 2015 @ 1:09am

Crowdsourcing The Human Telescope

from the great-spherical-insect-eye dept

One of the most interesting realizations in recent years is that done right, massive, open collaborations are not just an efficient way of working, but they scale in a way that can take us to entirely new levels. A good example -- and perhaps the first project to exploit this fact -- is Linux, which grew from a small bunch of hackers working together across the internet on some bedroom code into a global, distributed project that now dominates every sector of computing bar one (the desktop -- so far.)

The open source methodology has inspired all kinds of cognate projects in different fields, including that of citizen science, which pools the efforts of large numbers of people working with simple tools to produce important results that can be published in academic journals. The best-known example of this is Galaxy Zoo, which asks members of the public to help classify some of the millions of images taken as part of the Sloan Digital Sky Survey, many of them unseen by any human previously.

Adrian Bowyer, the man behind RepRap, an open-source project to construct a 3D printer that is capable of self-replicating -- that is, printing all of its parts -- has written a fascinating blog post about another application of citizen science. It involves hundreds of people taking a picture of the same patch of night-sky with their smartphones, and then uploading the digital image to the website of a BBC program, which coordinated the whole project. As Bowyer explains:

Each individual picture was just a black rectangle -- not enough starlight had gone through the lens to make an image that could be seen. But some had gone through, and registered in the camera's pixels as a slightly less-dark patch of black.
On its own, then, each image showed so little that it was impossible to make out anything. But this is what happens when you combine hundreds of them:
A computer first matched them up by making sure that the centres of the prominent stars were all in the same place, and then added up the slightly-less-black bits to make the picture. Of course the pixels in all the cameras were not in the same place relative to the stars, which means that each camera pixel could be split into thousands of final-image pixels, which gives the fabulous resolution
The resulting composite image (available as a 40 Mbyte tif file) looks like it was taken using a high-power telescope, and is a wonderful demonstration of how combining a large number of apparently insignificant contributions can create something unexpectedly impressive. Here's just part of the image:
Typically, Bowyer wants to take this striking example of open, distributed collaboration even further:
The human race is a species on which the stars never set. So let's make the Human Telescope. Set up a website to which anyone anywhere in the world can upload any sky images that they have taken with any digital camera, phone or telescope. The images will have a timestamp and a GPS location, and will be continually stacked by a computer in the background to give an exquisitely detailed evolving picture of the whole vault of the heavens.

The world would become a great spherical insect eye looking at every star, galaxy, planet and nebula all the time. We would be automatically finding comets, supernovae and near-Earth asteroids. We would never miss an astronomical trick.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

5 Comments | Leave a Comment..

Posted on Techdirt - 15 April 2015 @ 1:13am

UK Government Refuses To Reveal Job Title Or Salary Of Top Law Enforcement Officer Because Terrorism

from the oh,-come-on dept

As Techdirt has reported previously, the UK government is so reflexively secretive that it even refuses to confirm or deny information that it has previously confirmed. The Intercept reports on another absurd case of completely trivial requests for information being turned down because "terrorism". It's refusing to reveal either the job title or salary of Cressida Dick, a top government official in some apparently mysterious role:

The British government is refusing to disclose the job title and taxpayer-funded salary of one of the most senior law enforcement officials in the United Kingdom, claiming the details have to be kept a secret for security reasons.

Cressida Dick (pictured above) was formerly one of the highest ranking officers at London’s Metropolitan Police, the largest police force in the U.K., where she headed the Specialist Operations unit and oversaw a controversial criminal investigation into journalists who reported on Edward Snowden’s leaked documents.

In December, Dick announced she was leaving the London police to take up a top job with the government’s Foreign Office. But her new role is being shrouded in intense secrecy.
It's just about theoretically possible that the job title could reveal operational details of the role in question -- something along the lines of "Head of Department Trying To Use Man-In-Middle Attacks To Spy On Google Users in the Middle East" -- but only if that job title were extremely ill-chosen. Moreover, the British civil service has centuries of experience in coming up with grand-sounding but totally meaningless job titles, so it's hard to believe that for the first time in its glorious history it was really stumped, and had to resort to literalism. Refusing to release details of the salary attached to the position is even more ridiculous -- unless, of course, UK officials are required to use their secret stipend's digits as a password to access government systems.

All that the UK government achieves by refusing to release this information is that it comes across as risible and petty, ridiculously focused on controlling unimportant details, instead of concentrating on what really matters. Things like respecting the public's desire to know how its taxes are being spent, rather than dismissing it as if it were an impertinent question from a tedious child.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

22 Comments | Leave a Comment..

Posted on Techdirt - 14 April 2015 @ 1:15am

Another Reason To Deploy Encryption Widely: Spiking China's 'Great Cannon' Attack

from the reasons-to-be-crypto dept

A couple of weeks ago, Mike provided an in-depth analysis of China's new tactic in its longstanding efforts to restrict access by its population to material that challenges the official narrative. This powerful DDoS attack has now been dubbed "China's Great Cannon" by researchers in a fascinating analysis published by The Citizen Lab. As Mike pointed out, one reason why this new approach has been developed is that it is not possible to block individual URLs when HTTPS traffic is involved. Thus, ironically, the increased use of encryption -- which is meant to protect users online -- led to the development of a powerful new digital weapon that potentially makes them not just victims, but even part of the attack. However, encryption is also a remedy, as The Citizen Lab researchers write:

Our findings in China add another documented case to at least two other known instances of governments tampering with unencrypted Internet traffic to control information or launch attacks -- the other two being the use of QUANTUM by the US NSA and UK’s GCHQ. In addition, product literature from two companies, FinFisher and Hacking Team, indicate that they sell similar "attack from the Internet" tools to governments around the world. These latest findings emphasize the urgency of replacing legacy web protocols, like HTTP, with their cryptographically strong versions, like HTTPS.
However, the remedy is only partial. Writing on his blog, Brian Krebs quotes Bill Marczak, one of the lead authors of the Great Cannon report, as saying:
Relying on an always-on encryption strategy is not a foolproof counter to this attack, because plug-ins like https-everywhere will still serve regular unencrypted content when Web sites refuse to or don't offer the same content over an encrypted connection. What's more, many Web sites draw content from a variety of sources online, meaning that the Great Cannon attack could succeed merely by drawing on resources provided by online ad networks that serve ads on a variety of Web sites from a dizzying array of sources. "Some of the scripts being injected in this attack are from online ad networks," Marczak said. “But certainly this kind of attack suggests a far more aggressive use of https where available."
This confirms that encryption is no panacea, but is certainly worth deploying. The fact that it can make China's Great Cannon attacks harder, if not impossible, should also give pause to government officials around the world as they try to demonize encryption and call for it to be weakened or even banned.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

18 Comments | Leave a Comment..

Posted on Techdirt - 13 April 2015 @ 3:56am

Latest Russian Censorship Move: Banning Internet Memes Using Photos Of Celebrities

from the just-putin-it-out-there dept

For a while now, Techdirt has been tracking the continuing efforts of the Russian government to rein in the Internet, at the cost of squeezing much of the life out of it. As an article on Global Voices reports, this has now reached ridiculous levels:

Russian censors have determined that one of the most popular forms of Internet meme is illegal. According to Roskomnadzor, the Kremlin's media watchdog, it's now against the law to use celebrities' photographs in a meme, "when the image has nothing to do with the celebrity's personality."
Roskomnadzor's statement is the result of a decision by a court in Moscow, which decided that a particular photo meme violated the privacy of Russian singer Valeri Syutkin -- the Global Voices post has the fascinating details. Although no new law is involved, Roskomnadzor's power is such that it is able to make these kinds of rule changes -- and enforce them. Along with a ban on the use of celebrities' photographs in what are termed "image macros," the new ruling also forbids the creation of parody accounts or sites (original in Russian.) The key problem with the image macro part is the following:
Roskomnadzor's vague new policy threatens to do more than crack down on potentially defamatory juxtaposition, however. By saying it is illegal to add celebrities' images to memes that "have nothing to do with the celebrity's personality," the Kremlin could be opening the door to banning a whole genre of absurdist online humor.
Even if the policy is not rigorously enforced, it could have a chilling effect on the Russian online space, already under pressure because of previous censorship moves. And that's probably precisely what the authorities are seeking to achieve here. After all, when it comes to Russian celebrities' photographs with witty captions, what name springs to mind?

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

19 Comments | Leave a Comment..

Posted on Techdirt - 9 April 2015 @ 1:07am

EU Politicians Say: Don't Undermine Data Protection Rules With TAFTA/TTIP -- And Stop The Mass Surveillance

from the you-have-been-warned dept

The mosaic of interlocking political, economic and civil society groups at multiple levels -- local, national, regional and continental -- makes decision-making within the European Union extremely complex. That means the European Parliament's decision whether or not to ratify TAFTA/TTIP at the end of the negotiations is subject to a vast array of contrasting forces and opinions, which can lead to the outcome of that final vote shifting dramatically in a very short space of time, as the ACTA saga demonstrated so clearly.

The European Parliament's committees play a key role in determining policy, and one of the most important -- for civil liberties -- has just formally adopted an "opinion" on TAFTA/TTIP that will feed into the final position of European politicians. It re-iterates many of the points the committee made last year, and places great emphasis on protecting the personal data of Europeans:

The European Commission should incorporate in the Transatlantic Trade and Investment Partnership (TTIP), as a key priority, an unambiguous horizontal self-standing provision that "fully exempts the existing and future EU legal framework on the protection of personal data from the agreement", says the Civil Liberties Committee in its TTIP opinion adopted on Tuesday.
That "horizontal provision" basically means across the entire agreement, and not just in certain chapters. To achieve that, the Civil Liberties MEPs call on the Commission:
to incorporate, as a key priority, "a comprehensive and unambiguous horizontal self-standing provision based on Article XIV of the GATS [general exceptions] that fully exempts the existing and future EU legal framework on the protection of personal data from the agreement, without any condition that it must be consistent with other parts of the TTIP".
Article XIV of the General Agreement on Trade in Services (GATS) says:
Subject to the requirement that such measures are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination between countries where like conditions prevail, or a disguised restriction on trade in services, nothing in this Agreement shall be construed to prevent the adoption or enforcement by any Member of measures:

...

(c) necessary to secure compliance with laws or regulations which are not inconsistent with the provisions of this Agreement including those relating to:

...

(ii) the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts;
The Committee points out that this threat to data protection is present not only in TTIP, but also in TISA, as Techdirt has discussed before:
Ongoing negotiations on international trade agreements, such as TTIP and the Trade in Services Agreement (TiSA), also touch upon international data flows, while excluding privacy and data protection entirely, which will be discussed in parallel track within the framework of the US-EU Safe Harbor and the data protection "umbrella agreement".
Safe Harbor, as we've noted, is major point of contention between the US and EU. Another, of course, is the mass surveillance revealed by Edward Snowden, and the Civil Liberties Committee is not shy about mentioning that, too:
The negotiators should keep in mind that that the consent of the European Parliament to the final TTIP agreement "could be endangered as long as the blanket mass surveillance activities are not completely abandoned and an adequate solution is found for the data privacy rights of EU citizens, including administrative and judicial redress", MEPs say
This is only one committee, albeit a key one. But at the very least it gives an indication of some of the serious issues that will be raised if and when it comes to a vote on ratifying TAFTA/TTIP -- and of the difficulty of gaining enough support among MEPs to do so.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

2 Comments | Leave a Comment..

Posted on Techdirt - 8 April 2015 @ 1:08am

Is It Acceptable For Academics To Pay For Privatized, Expedited Peer Review?

from the bumps-along-the-way dept

Academic publishing is going through a turbulent time, not least because of the rise of open access, which disrupts the traditional model in key ways. But in one respect, open access is just like the old-style academic publishing it is replacing: it generally employs peer review to decide whether papers should be accepted, although there are some moves to open up peer review too. As this story from Science makes clear, commercial publishers are innovating here as well, although not always in ways that academics like:

An editor of Scientific Reports, one of Nature Publishing Group's (NPG's) open-access journals, has resigned in a very public protest of NPG's recent decision to allow authors to pay money to expedite peer review of their submitted papers.
According to the Science article, there are now several companies making millions of dollars from this kind of privatized, expedited peer review. Here's more about Research Square, the one employed by NPG:
"We have about 100 employees with Ph.D.s,” says Research Square’s CEO, Shashi Mudunuri. That small army of editors recruits scientists around the world as reviewers, guiding the papers through the review process. The reviewers get paid $100 for each completed review. The review process itself is also streamlined, using an online "scorecard" instead of the traditional approach of comments, questions, and suggestions.
Authors pay $750 to NPG, and are guaranteed a review within three weeks or they get their money back. Research Square seems to be flourishing:
So far, Mudunuri says, the company has about 1400 active reviewers who have scored 920 papers. The company pulled in $20 million in revenue last year.
Still, the question has to be whether this leads to key benefits of the peer review process being lost. After all, the system is not just about accepting or rejecting papers. The NPG editor who resigned, Professor Mark Maslin, is quoted as saying:
"Deep consideration and a well thought out review is much more important than its speed. I have had brilliant reviews which have considerably improved my papers and I really appreciated all the time taken."
The other issue is that the expedited, paid-for route is discriminatory:
"My objections are that it sets up a two-tiered system and instead of the best science being published in a timely fashion it will further shift the balance to well-funded labs and groups," Mark Maslin, a biogeographer at University College London, tells ScienceInsider. "Academic Publishing is going through a revolution and we should expect some bumps along the way. This was just one that I felt I could not accept."
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

25 Comments | Leave a Comment..

Posted on Techdirt - 7 April 2015 @ 1:13am

Should People Be Told Key Results Of Genetic Tests They Never Took?

from the ethical-dilemmas dept

The population of Iceland is unusual in a number of ways. Icelanders are descendants from a relatively small group of early settlers that remained isolated for hundreds of years. They have unmatched genealogical records that allow the family tree of many Icelanders to be traced back a thousand years, and thus for familial interrelationships on the island to be established with unprecedented completeness. Put those together, and you have a population that offers unique advantages for studying human genetics. That fact led to the founding of the Icelandic company Decode, which was set up in the hope that it would be possible to use Iceland's population to pinpoint genes associated with medical conditions, and then come up with new ways of diagnosing, treating and preventing them.

That didn't work out, and in 2012, Decode was bought by Amgen. But technology has advanced hugely since Decode's founding in 1996. The cost of sequencing the human genome has fallen dramatically, allowing the DNA of thousands of people to be compared -- something prohibitively expensive 20 years ago. The New York Times reports on research by Decode that has resulted in the sequencing of the genomes of 2,636 Icelanders, the largest collection ever analyzed in a single human population. Because of the completeness of Iceland's genealogical records, Decode's scientists were able to do something rather remarkable: work out the full genomes of another 100,000 Icelanders, a third of the entire country, without collecting any of their DNA.

With a technique called imputation, the researchers say they are able to ascertain the full genomes of people they have not even examined. Dr. Stefansson said that means that his firm could generate a report for genetic disease on every person in Iceland.
Once those "imputed" genomes have been constructed using computers, they can be interrogated in novel ways:
With the push of a button, for instance, the firm can identify every person with the well-known BRCA2 mutation, which dramatically raises the risk of breast and ovarian cancer -- even if they have not submitted to genetic testing themselves.

Currently, that information is withheld from Icelanders, but Dr. Stefansson hopes that the government will change its policy. “It’s a crime not to approach these people,” he said.
That raises an interesting ethical question. Should people who have never had their genome sequenced be told the results of this kind of computer-based analysis? Although the Icelandic case might seem unique, it is only a matter of time before sequencing costs fall so far that millions, rather than thousands of individuals can be sequenced within a population. And the more genomes that are available, the more imputed genomes that can be calculated, making the ethical dilemmas faced in Iceland something that people in other countries will soon have to confront too.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

29 Comments | Leave a Comment..

Posted on Techdirt - 3 April 2015 @ 9:49am

Australian Politicians Create An Exemption From Data Retention Laws For Themselves... Or Not, Because We Got Fooled

from the not-thinking-it-through dept

Update: Or not. Turns out this was an April Fool's joke that Glyn missed. So, congrats, Crikey, on fooling our most careful writer...

Now that the completely disproportionate data retention law has been rushed through the Australian Parliament, politicians are suddenly realizing that their metadata will be collected too. And so, as was perhaps inevitable, they have asked for an exemption, as reported here by Crikey:

An in-camera meeting of the high-powered Joint Committee on Intelligence and Security last week agreed to task the Department of Defence's signals intelligence arm, the Australian Signals Directorate, and the new Australian Cyber Security Centre with ensuring politicians' metadata is not captured by the government's new data retention regime while they are at work in [the Australian capital] Canberra.
The argument was that:
given Parliament House is supposed to be the centre of Australian democracy, they shouldn't be, you know, tracked while at work there
Well, many people would argue that they shouldn't be tracked either, but obviously politicians are special. It seems that there were two options for achieving this carve-out. One required officials personally identifying and deleting the metadata of politicians, staffers and senior public servants -- a manual process aptly dubbed "handwashing". The other, cheaper, approach -- the one chosen -- was simply to remove metadata from all communications generated within Australia's Parliament House.

Problem solved -- except that some 680,000 visitors enter the building annually, and while they are there, their metadata will not be collected either. Ironically, then, the new exemption for politicians from a scheme allegedly to help the fight against terrorism and crime will turn Parliament House into the perfect location for plotting precisely those things in relative safety.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

12 Comments | Leave a Comment..

Posted on Techdirt - 3 April 2015 @ 1:00am

Immovable North Korean Authoritarianism Meets Irresistible Moore's Law: Which Wins?

from the I-know-who-I'm-backing dept

North Korea has become a by-word for oppressive tyranny and technological backwardness. But Reuters reports on an interesting development that may begin to chip away at both:

A $50 portable media player is providing many North Koreans a window to the outside world despite the government's efforts to keep its people isolated -- a symbol of change in one of the world's most repressed societies.

By some estimates, up to half of all urban North Korean households have an easily concealed "notel", a small portable media player used to watch DVDs or content stored on USB sticks that can be easily smuggled into the country and passed hand to hand.

People are exchanging South Korean soaps, pop music, Hollywood films and news programs, all of which are expressly prohibited by the Pyongyang regime, according to North Korean defectors, activists and recent visitors to the isolated country.
The Reuters story reports that the device has become so popular that the North Korean government felt obliged to legalize the "notel" -- but with the requirement that they had to be registered. These versions must be fixed to official state television and radio channels, but the smuggled models are more versatile:
The low-voltage notel differs from the portable DVD players of the late 1990s in that they have USB and SD card ports, and a built-in TV and radio tuner. They can also be charged with a car battery -- an essential piece of household equipment in electricity-scarce North Korea.
The dual media capability means a North Korean DVD can be inserted while watching smuggled, forbidden content from South Korea on a USB stick, which can be quickly removed if the authorities turn up to conduct a check on a household.

A key factor driving the uptake of these new devices is Moore's Law. This has pushed down the price of the components used in the notel box to the point where even North Koreans, with their rising, but still very limited disposable incomes, can afford them. It has increased the capacities of USBs and SD cards such that several film-length videos can be stored on devices that are very easy to hide at short notice. That means it only requires one copy of a South Korean film -- or other, even more subversive material -- to enter North Korea, and it can be copied and passed around on a scale that makes stopping it almost impossible for the authorities. It will be fascinating to watch the social and political ramifications of this silent struggle between tyranny and technology.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

11 Comments | Leave a Comment..

Posted on Techdirt - 2 April 2015 @ 1:12am

European Commission Discovers The Hard Way That Corporate Sovereignty Provisions And EU Laws Are Incompatible

from the we-did-warn-you dept

The US government and European Commission insist that the inclusion of a corporate sovereignty chapter in the TAFTA/TTIP treaty will not in any way diminish the ability of nations to pass laws as they wish. A fascinating case involving an investment in Romania shows why that's just not true. It concerns a state aid scheme instituted by Romania to attract investments in the country, which offered tax breaks or refunds of customs duties on raw materials. The scheme was supposed to remain in place for 10 years. But as part of Romania's accession to the EU, it was required to cancel this scheme, which was regarded by the European Commission as providing unfair state aid. So, obediently, Romania abolished the scheme in 2005, some years earlier than it had promised.

That didn't go down too well with investors. Two of them were able to use the investor-state dispute settlement (ISDS) clauses of a bilateral treaty between Sweden and Romania to sue the latter. Here's what happened next, as described in the European Commission's press release:

An arbitral award of December 2013 found that by revoking an investment incentive scheme in 2005, four years prior to its scheduled expiry in 2009, Romania had infringed a bilateral investment treaty between Romania and Sweden. The arbitral tribunal ordered Romania to compensate the claimants, two investors with Swedish citizenship, for not having benefitted in full from the scheme.
Just part of the price of joining the European Union, you might think. But the European Commission is unhappy that compensation has been paid:
By paying the compensation awarded to the claimants, Romania actually grants them advantages equivalent to those provided for by the abolished aid scheme. The Commission has therefore concluded that this compensation amounts to incompatible state aid and has to be paid back by the beneficiaries.
That is, both the original state aid and the subsequent compensation for not providing that aid for the full term of the agreement are regarded as forbidden under EU law. So the European Commission is ordering Romania somehow to pull back from the Swedish investors the compensation awarded by the ISDS tribunal. Leaving aside the difficulty of doing so, even if Romania manages that, it will then be in breach of the corporate sovereignty tribunal ruling, which could leave it open to further legal action, and further awards against it. On the other hand, if it doesn't rescind the compensation, it will be fined by the European Commission.

This provides a perfect demonstration of how corporate sovereignty provisions in treaties take away the ability of national governments to act freely. Moreover, in this particular case, whatever Romania chooses to do, its people will suffer financially.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

25 Comments | Leave a Comment..

Posted on Techdirt - 1 April 2015 @ 1:37pm

Unpatentable Vegetables Are Now Patentable In Europe

from the as-such dept

As Techdirt has reported, in the US, software patents are getting harder to obtain as the US Patent Office applies the important Alice v. CLS Bank ruling from the Supreme Court. In Europe, "programs for computers" are explicitly excluded from patentability according to Article 52 of the European Patent Convention -- but "only to the extent to which a European patent application or European patent relates to such subject-matter or activities as such." That cunningly opaque distinction between "programs for computers" and "programs for computers as such" has allowed thousands of patents for the former to be granted, even though they differ very little from the latter.

That trick worked so well, it seems that the European Patent Office (EPO) has decided to apply it to another area: plants. Once more, the European Patent Convention states quite clearly:

European patents shall not be granted in respect of:

...

plant or animal varieties or essentially biological processes for the production of plants or animals; this provision does not apply to microbiological processes or the products thereof.
Despite that, we have the following news reported by Intellectual Property Watch:
The highest court of the European Patent Office has declared that plants or seeds obtained through conventional breeding methods are patentable.

...

The Board of Appeal found that the exclusion of essentially biological processes for the production of plants does not extent to a patent claim for a product that is directly obtained from or defined by such a breeding process, the EPO said.
That's pretty close to the "as such" trick. Of course, it's not so surprising that a specialist patent court at the EPO should hand down a judgment in favor of granting more patents, just as has occurred in the US. What's troubling is that if and when the completely independent Unified Patent Court system is introduced in Europe, there will be no way to rein in the patent courts as has finally started to happen in the US.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 1 April 2015 @ 1:12am

Following Canada's Bad Example, Now UK Wants To Muzzle Scientists And Their Inconvenient Truths

from the non-appliance-of-science dept

Techdirt has been following for a while Canada's moves to stop scientists from speaking out about areas where the facts of the situation don't sit well with the Canadian government's dogma-based policies. Sadly, it looks like the UK is taking the same route. It concerns a new code for the country's civil servants, which will also apply to thousands of publicly-funded scientists. As the Guardian reports:

Under the new code, scientists and engineers employed at government expense must get ministerial approval before they can talk to the media about any of their research, whether it involves GM crops, flu vaccines, the impact of pesticides on bees, or the famously obscure Higgs boson.
The fear -- quite naturally -- is that ministers could take days before replying to requests, by which time news outlets will probably have lost interest. As a result of this change, science organizations have sent a letter to the UK government, expressing their "deep concern" about the code. A well-known British neurobiologist, Sir Colin Blakemore, told the Guardian:
"The real losers here are the public and the government. The public lose access to what they consider to be an important source of scientific evidence, and the government loses the trust of the public," Blakemore said.
Not only that, by following Canada's example, the British government also makes it more likely that other countries will do the same, which will weaken science's ability to participate in policy discussions around the world -- just when we need to hear its voice most.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

36 Comments | Leave a Comment..

Posted on Techdirt - 31 March 2015 @ 1:06am

Few Australian Businesses Use Or Know About Trade Agreements: So Why Make Big Concessions To Sign Up To TPP?

from the serious-question dept

Techdirt recently looked at the important leak of the investment chapter from the TPP trade agreement, noting how bad it was, particularly as far as the corporate sovereignty provisions are concerned. One obvious question this raises is: will the supposed benefits of TPP outweigh these kind of serious problems? Obviously, we won't be able to make even a provisional assessment until we have the full and final text, but what we can do is look at whether past trade agreements have been worth it. Measuring that objectively is not easy, but one way of gauging their value is to look at the extent to which businesses -- the intended beneficiaries of trade agreements -- actually use them. There's not much data to go on here, but this report in the Sydney Morning Herald is pretty unequivocal:

The annual Australian Chamber of Commerce and Industry trade survey shows the least understood free trade agreement is the Korea-Australia FTA, followed by the Australia-Chile FTA. The most understood agreements are the ASEAN-Australia-New Zealand FTA (understood by 18 per cent of those surveyed) and the Australia-United States one (understood by 17 per cent). The results have dropped by about 7 percentage points since the 2014 survey, suggesting fewer Australian businesses understand the agreements than previously.
Note that this survey comes from a trade organization, and so is unlikely to be biased against such agreements. Actual usage by Australian businesses was equally unimpressive:
Only 13 per cent of small businesses found Australia's FTA with New Zealand "really useful". Almost 23 per cent of big businesses found it useful. About 15 per cent of small businesses found the free trade agreement with the US useful and 22 per cent of big businesses did.
Of course, this is only one survey, and in one country. But you'd think that all governments contemplating signing up to global trade agreements like TPP and TAFTA/TTIP would have done plenty of this kind research before committing themselves. The fact that they haven't might almost lead a cynic to suspect that they were prepared to sign up whether or not it was a good thing for their nation, just so they could claim a political "win".

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 27 March 2015 @ 2:39pm

UN Appoints Special Expert To Report On Online Privacy; Surprisingly, US And UK Don't Object

from the wonders-will-never-cease dept

The world of online privacy was changed forever by Edward Snowden's revelations of massive, global spying by the US, UK and others. And the repercussions of his actions continue to make themselves felt. Two countries particularly affected by the surveillance conducted against them, Germany and Brazil, have led efforts to appoint a new rapporteur (special expert) for privacy at the United Nations Human Rights Council, and with surprising success. Despite fears that the US or UK might try to block the move, or neuter the role, they both accepted the following resolution, which was adopted by consensus, without a vote:

The Council invites the Special Rapporteur to include in the first report considerations on the right to privacy in the digital age; calls upon all States to cooperate fully with and assist the Special Rapporteur in the performance of the mandate, including by providing all necessary information requested by him or her, to respond promptly to his or her urgent appeals and other communications, to consider favourably the mandate holder’s requests to visit their countries and to consider implementing the recommendations made by the mandate holder in his or her reports.
It will be interesting to see what happens when the Rapporteur comes calling on the NSA and GCHQ asking for more details of their surveillance operations. The resolution affirmed a general right to privacy:
according to which no one shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, and the right to the protection of the law against such interference...; recognizes the global and open nature of the Internet and the rapid advancement in information and communications technology as a driving force in accelerating progress towards development in its various forms; and affirms that the same rights that people have offline must also be protected online, including the right to privacy.
The Rapporteur will have no real powers to demand information or enforce recommendations. But at the very least, the creation of this new role will help to increase international awareness of the importance of privacy in the digital world, and of the scale of the threats ranged against it.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

12 Comments | Leave a Comment..

More posts from Glyn Moody >>