Glyn Moody’s Techdirt Profile

glynmoody

About Glyn MoodyTechdirt Insider




Posted on Techdirt - 24 February 2017 @ 3:28am

In Latest Twist To The Global Trade Deal Saga, EU Now Looking To Fill The Gap Left By US In Exiting TPP

from the so-is-Europe-a-Pacific-rim-country-now? dept

Remember the good old days, when trade deals were so boring nobody even cared they were happening? That started to change with the Anti-Counterfeiting Trade Agreement, (ACTA), where the copyright industries rather foolishly tried to slip in some proposals that would have had big impacts on the online world. As Techdirt reported at the time, that led to an unprecedented awareness of, and resistance to, ACTA that ultimately caused its defeat in the European Parliament.

After that, things were never the same again in the world of trade deals, because digital activists were now on the lookout for the bad stuff hidden in the stultifyingly dull language. They soon found it in TPP, which people realized was basically "Son of ACTA," but worse. Then came TAFTA/TTIP, which publicly dropped its ACTA-like elements in a desperate attempt to stave off criticisms and mass protests. That didn't work, of course; TTIP soon ground to a halt, and remains in limbo. Even though TPP was eventually concluded after years of delays, it was derailed by the election of Donald Trump as US President, who promptly withdrew from the deal. But if you thought things had finally quieted down for a while -- TISA too has dropped off the radar recently -- think again. There's a new twist in the global trade deal saga, as the Handelsblatt newspaper reports:

The European Union is positioning itself to fill any vacuum left behind by the United States as the Trump administration spurns trade deals in Asia and Latin America.

E.U. Trade Commissioner Cecilia Malmström said Brussels has been in close contact with several Asia-Pacific countries since the White House decided to withdraw from the Trans-Pacific Partnership.

"We have seen that many of the TPP countries are now approaching us and saying 'we still want to do deals,' " Ms. Malmström told Handelsblatt. "We are engaged with basically all of them, either negotiating or have a deal or preparing negotiations."

Yes, those wily Europeans are trying to take advantage of the US's apparent withdrawal from multilateral trade negotiations to stitch up deals with the other Pacific rim countries that have just been left at the TPP altar. An agreement with the EU, whether individually or as a bloc, could be a good option for the ex-TPP nations. It would allow each of them to move forward with a trade deal after expending so much political capital on the failed TPP, and it would show that being jilted by the US is not the end of the world. For the EU, it would signal that it can take the initiative and become the flag-bearer for free trade at a time when Trump seems to be embracing protectionism, and turning his back on Europe.

It's early days yet, and if the previous five years have taught us anything, it is that nothing is certain in the world of trade deals. It's still possible that the Trump administration will perform a U-turn and embrace TPP, perhaps with some token changes to justify the move. But of one thing we can be sure: we're not going back anytime soon to the days when trade deals were boring.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

10 Comments | Leave a Comment..

Posted on Techdirt - 23 February 2017 @ 10:51pm

Netherlands Looks To Join The Super-Snooper Club With New Mass Surveillance Law

from the but-it-ain't-over-until-the-CJEU-rules dept

As Techdirt has noted, the UK's Investigatory Powers Act, better known as the Snooper's Charter, has been dubbed "the most extreme surveillance law ever passed in a democracy." It may be the worst, but it's not an isolated case. Governments around the world are bringing in laws that grant them powers to spy on innocent citizens using "bulk collection" of information -- mass surveillance, in other words. As the Dutch site Bits of Freedom reports, the latest country to join the super-snooper club is the Netherlands, where the lower house has just passed the bill for the new Intelligence and Security Services Act:

The controversial new law will allow intelligence services to systematically conduct mass surveillance of the internet. The current legal framework allows security agencies to collect data in a targeted fashion. The new law will significantly broaden the agencies' powers to include bulk data collection. This development clears the way for the interception of the communication of innocent citizens.

Another worrying trend is for spies around the world to pass on information they have gathered to intelligence services in other countries. The Dutch law is particularly bad in this respect, for the following reason:

Under the passed bill, Dutch security agencies may also share collected data without having analyzed it first. But when we hand over data to foreign governments without performing some form of data analysis prior to the exchange, we run the risk of not knowing what potentially sensitive information falls into foreign hands, and the consequences that might have for citizens.

The Bits of Freedom post also notes that much in the proposed law has yet to be defined, which is hardly a happy state of affairs. That includes limitations on the powers and how oversight will be carried out. However, more positively, among the revisions made to the bill when it was put out for public consultation in 2015 are some important improvements. Here's what happens next:

It's now the Senate's turn to review the bill. A bill that, in all likelihood, will not meet the minimum safeguards dictated by European law. If the parliamentary groups in the upper house abide by those in the lower house, the bill will be cleared with a comfortable majority.

The mention of the safeguards of European law is significant. As we reported in December, the Court of Justice of the European Union (CJEU) confirmed that general and indiscriminate data retention is illegal in the EU. Assuming the Dutch law is passed as expected, a legal challenge at the CJEU could follow, and would seem to stand a good chance of getting the law struck down in its present form.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

13 Comments | Leave a Comment..

Posted on Techdirt - 23 February 2017 @ 3:42am

China's Latest Target For Online Crackdown: Live-Streaming Foreigners

from the I-saw-what-you-did-there dept

As we've noted before, China's grip on the domestic Internet seems so complete that it's hard to think how the authorities there might tighten control yet further. But the Chinese government is nothing if not resourceful, and has managed to come up with a new group to target, as this report on the Sixth Tone site explains:

Multiple foreign users have received suspension notices from major live-streaming apps, including Blued, China's most popular gay social networking app, and Yizhibo, which is backed by microblog platform Weibo.

This seems to be as a result of the new regulations governing the Internet in China, brought in at the end of last year. Among the measures there is one that requires online broadcasts to be "beneficial to the promotion of socialist core values", while another stipulates that platforms should not allow hosts from outside mainland China to create channels without first asking permission from the country's Ministry of Culture. That's where the difficulty arises:

According to an employee of one of the biggest streaming companies, who requested anonymity because he was not authorized to speak on the record, the problem with the new regulations is that there are no details on how to apply. Live-broadcasting platforms have dealt with the uncertainty in a variety of ways. At the employee's company, old users are allowed to continue broadcasting, but new foreign users cannot sign up for the time being.

However, other services have decided to play it safe by taking all non-Chinese users offline until the new rules have been clarified. A Yizhibo employee told Sixth Tone that a key issue was a requirement for real-name verification -- something that Techdirt has discussed before. Apparently, it's not a straightforward process when it comes to foreigners.

The crackdown on live-streaming services is not the only recent move by the authorities that targets foreigners. Last week, China made another announcement, much more far-reaching in its effect than the live-streaming ban:

China is to begin taking fingerprints of all foreign visitors as it steps up security on its borders, the Ministry of Public Security said on Thursday.

Perhaps the Chinese government feels that it has the domestic population sufficiently under control now that it can move on to tightening up the rules for foreign visitors.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 21 February 2017 @ 10:44pm

UK Schools Experiment With Police-Style Body Cameras To Tackle 'Low-level Background Disorder'

from the bringing-taser-technology-to-a-classroom-near-you dept

Techdirt has written dozens of stories about US police forces deploying body cameras, with all sorts of interesting consequences. Their use for school police means that body cameras are also turning up in US schools, but the next logical step of putting body cameras on the actual teachers has been taken not in the US, but in the UK, as the Guardian reports:

Teachers in two UK schools are trialling using body cameras in class because they are "fed up with low-level background disorder", a criminal justice academic has revealed.

The former Home Office researcher said the three-month pilot scheme, started within the last month, securely stores footage on a cloud platform like ones used by police forces.

Although only two UK schools are currently involved, a survey carried out by the Times Educational Supplement revealed that a third of the teachers who were asked said they would be willing to try wearing a body camera; two thirds said they would feel safer wearing it; and a tenth even thought it would eventually become compulsory for all UK teachers to use them. Another article in the Guardian responding to this news pointed out the many pitfalls of taking this approach, and noted:

as teachers we want children to be accountable for their behaviour. But increasing the spread of surveillance in schools isn't going to help us do that. Classrooms will be transformed from spaces cultivating inquiry, in all its forms, to centres wary of the threat of being caught out by an all-seeing eye. Ellis [the criminal justice academic who revealed the existence of the UK trial] is at pains to point out that the cameras will not be on all the time; only "where there is a perceived threat to a member of staff or pupils" will they be used. Quite how this will be decided, and how their use will not gradually become routine, is not clear.

One constraint on the routine use of body cameras by all teachers is the sheer quantity of footage that would be produced, and the near-impossibility of reviewing it all. However, that may not be a limiting factor for long if a move by Taser International, which controls around three-quarters of the body camera business in the US, bears fruit:

Taser International, the military hardware company that essentially owns the police body-worn camera market, believes the solution lies in artificial intelligence. It has acquired a startup called Dextro to build an AI research lab focused on developing tools that make it easier for police to search and analyze the massive video libraries hosted by Taser.

Once it gets easier and cheaper for the police to search through their vast video libraries, it will also become easier and cheaper for others to do the same. At that point, it might not be just schools that start deploying body cameras, but everyone interacting with the public in some way. What could possibly go wrong?

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

31 Comments | Leave a Comment..

Posted on Techdirt - 17 February 2017 @ 3:39am

Italy Proposes Astonishingly Sensible Rules To Regulate Government Hacking Using Trojans

from the benvenuto-al-registro-dei-captatori dept

As Techdirt has just reported, even though encryption is becoming more widespread, it's not still not much of a problem for law enforcement agencies, despite some claims to the contrary. However, governments around the world are certainly not sitting back waiting for it to become an issue before acting. Many have already put in place legal frameworks that allow them to obtain information even when encryption is used, predominantly by hacking into a suspect's computer or mobile phone. In the US, this has been achieved with controversial changes to Rule 41; in the UK, the Snooper's Charter gives the government there almost unlimited powers to conduct what it coyly calls "equipment interference."

One of the main tools for carrying out surveillance in this way is the trojan -- code that is placed surreptitiously on a suspect's system to allow it to be monitored and controlled by the authorities in real time over the Internet. There are clearly huge risks and problems with this approach, something that a legislative proposal from the Civic and Innovators parliamentary group in Italy tries to address, as explained by Fabio Pietrosanti and Stefano Aterno on Boing Boing. The draft law is the result of nearly two years' work by a group of experts from many fields:

a former speaker of the Parliament, civil rights activists, law enforcement officers, computer forensics researchers, prosecutors, law professors, IT security experts, anti-mafia and anti-terrorism departments and politicians.

Perhaps that breadth explains why the ideas are really pretty good, for once. The underlying principle is that a government trojan is only allowed to operate in ways that have been explicitly authorized by an Italian judge's signed warrant. For example:

A Telephone Wiretapping Warrant is required to listen a Whatsapp call.

A Remote Search and Seizure Warrant is required to acquire files on remote devices.

An Internet Wiretapping Warrant is required to record web browsing sessions.

The same kind of warrant that would be required for planting a physical audio surveillance bug is required to listen to the surrounding environment with the device’s microphone.

Those kinds of legal safeguards are welcome, but they are not enough on their own. Also needed are stringent technical controls that will limit the harm and risk of introducing government malware onto a system. The working group has addressed this too with a series of innovative requirements for trojan surveillance programs:

a. The source code must be deposited to a specific authority and it must be verifiable with a reproducible build process (like the Tor Project and Debian Linux are doing)

b. Every operation carried on by the trojan or through its use must be duly documented and logged in a tamper proof and verifiable way, using cryptographic time-stamping and digital signing, so that its results can be fairly contested by the defendant during the inter partes hearing [that is, with everyone involved present].

c. The trojan, once installed, shall not lower the security level of the device where it has been activated

d. Once the investigation has finished, the trojan must be uninstalled or, otherwise, detailed instruction on how to self-remove it must be provided.

e. Trojan production and uses must be traceable by establishing a National Trojan Registry with the fingerprint of each version of the software being produced and deployed.

f. The trojans must be certified, with a yearly renewal of the certification, to ensure compliance with the law and technical regulation issued by the ministry.

It's a remarkable list of technical and operational requirements that are surely unique in their attempt to minimize the key dangers of implanting clandestine surveillance software. Of course, it would be better if the use of government malware were avoided completely, and other methods were adopted. But realistically, the police and intelligence agencies around the world will be pushing hard for legislation to allow them to infect people's computers and mobiles in this way, not least if encryption does become more of a problem.

Given that trojans will be used, whether we like it or not, far better to constrain them as much as possible through well-thought out rules such as those drawn up by the Italian parliamentary group. Let's hope their proposals are adopted without significant amendments by the Italian parliament so that they can be used as a template for similar laws in other jurisdictions.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

15 Comments | Leave a Comment..

Posted on Techdirt - 15 February 2017 @ 5:44pm

Canada-EU Trade Deal Ratified By European Union; Now Needs Approval By All Member States' National Parliaments

from the comes-complete-with-$1-per-person-annual-saving dept

As Techdirt reported last November, while TPP and TAFTA/TTIP appear to be dead, the trade deal between Canada and the European Union (CETA) has been slowly working its way through the system. Today, the European Parliament approved the deal, which means that the European Union has completed the formal ratification process. However, for certain aspects of the agreement, notably the corporate sovereignty chapter, further approval is now needed by the national parliaments of all the EU's member states -- which means another 30+ votes that must all go in CETA's favor. That's by no means certain, as resistance has been mounting in a few countries. One of them is Belgium, where the Walloon region won important additional rights that may still be invoked.

As we wrote last year, CETA's economic effects are likely to be tiny -- the official estimate is just 0.08% extra GDP in total for the EU -- or even negative. The very limited economic impact is confirmed in the official press release from the European Commission, where the only quantified benefit singled out is the following:

CETA creates new opportunities for EU companies. It will save EU businesses over €500 million a year currently paid in tariffs on goods that are exported to Canada. Almost 99% of these savings start from day one.

To put that saving in context, it's worth remembering that the EU population is roughly 500 million, so the only financial benefit that the European Commission mentions works out at around $1 per person per year. Since the European Commission would doubtless have trumpeted bigger benefits if there had been any, It's fairly safe to assume that this is pretty much all it could find. As for the highly-controversial matter of corporate sovereignty, aka investor-state dispute settlement, here's what the press release says:

The current form of investor-state dispute settlement (ISDS) that exists in many bilateral trade agreements negotiated by EU governments has been replaced with a new and improved Investment Court System. The new mechanism will be transparent and not based on ad hoc tribunals.

What it doesn't mention is that the "new and improved" system hasn't been fully worked out yet, and so any claimed advantages are purely theoretical at this stage. In a rather desperate attempt to justify a trade deal that has so few benefits, the Commission adds the following:

There is clear proof that free trade agreements spur European growth and jobs. As an example, EU exports to South Korea have increased by more than 55% since the EU-Korea trade deal entered into force in 2011. Exports of certain agricultural products increased by 70%, and EU car sales in South Korea tripled over this five-year period.

What the European Commission fails to say is that the EU trade deal with South Korea does not have any form of ISDS. If it offers "clear proof" of anything it is that successful trade deals have no need of a corporate sovereignty chapter, whether the old-style ISDS, or the "new and improved" lipstick-on-a-pig Investment Court System found in CETA.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

11 Comments | Leave a Comment..

Posted on Techdirt - 15 February 2017 @ 11:58am

Apple Wants To Stop You Fixing Your iPhone And iPad: Source Says It Will Testify Against 'Right To Repair' Legislation

from the wrong-side-of-history dept

Techdirt has been covering the fight for a "Right to Repair" for a long time -- Mike first wrote about it in 2009. Even though the idea seems a no-brainer -- you bought it, why shouldn't you be able to repair it? -- progress has been extremely slow, as successive Techdirt articles have chronicled. One of the most important developments is a number of "Right to Repair" bills that are being considered by various state legislatures. These typically require electronics manufacturers to make service manuals available to the public, and to sell repair parts. The hope is that if even one or two of these are passed, manufacturers will find it simpler to comply nationally. However, an article on Motherboard suggests that the "Right to Repair" movement has a rather surprising enemy. Here's what an unnamed source told the publication:

an Apple representative, staffer, or lobbyist will testify against the bill at a hearing in Lincoln on March 9. AT&T will also argue against the bill, the source said. The source told me that at least one of the companies plans to say that consumers who repair their own phones could cause lithium batteries to catch fire.

It's all about safety, you see, and definitely not about trying to push the public to buy new models when the old ones break. The Motherboard story suggesting Apple will try to derail the "Right to Repair" bill in Nebraska is plausible, because the company did exactly the same in two states last year, as the Huffington Post reported. It seems those were not isolated incidents, but part of a long-running official Apple policy against the "Right to Repair" idea.

For a company that likes to portray itself as serving its users better than its rivals, this is shabby behavior. It not only forces people to spend money unnecessarily, it is harmful for the environment. Discarding old models is likely to lead to more toxic landfill, even though Apple says that it tries to recycle as much as possible. It's sad to see an otherwise innovative player lining up with the dinosaurs on the wrong side of history for this issue.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

60 Comments | Leave a Comment..

Posted on Techdirt - 15 February 2017 @ 3:28am

Scottish Sheriff Awards Couple Compensation For 'Distress' Caused By Neighbor's Use Of CCTV

from the effort-to-oppress dept

We've written plenty about CCTV here on Techdirt, and its creeping normalization around the world, but particularly in the UK. So it's good to read a story on the legal news site outlaw.com about a rather unusual ruling from a Scottish court pushing back against the use of an intrusive CCTV system. It concerns a dispute in Edinburgh between the individuals Nahid Akram and Debbie and Tony Woolley. The latter couple live above a guest house run by Akram. For various reasons, both parties decided to install CCTV systems, but with rather different scope:

While the Woolley's equipment "records images of their own external property only", Akram installed "video and audio recording equipment" which allowed her, and her husband, to monitor comings and goings at the Woolley's property and to listen in to conversations in their private garden, according to the ruling. The equipment used by Akram was capable of storing five days' worth of data at any one time.

The [Scottish court's] Sheriff described "the regime of surveillance" that the Woolleys were subjected to as "extravagant, unjustified and highly visible" and as "an effort to oppress". He said that the Woolleys and their family had "suffered considerable distress" since Akram's equipment had been installed in about October 2013 and that it is "difficult to conceive" a more intrusive case of surveillance.

Until recently, suffering "distress" from CCTV would not have been enough in order to receive damages: there needed to be an actual financial loss. But an important 2015 case in the UK involving Google ruled that:

the claimants can claim for distress without having to prove pecuniary loss. This greatly increases the scope for compensation claims in the future given an invasion of privacy will rarely be accompanied by actual monetary loss.

Aside from the award of over $21,000 to the Woolleys, the Sheriff's judgment is also noteworthy for how he spelled out the distress they suffered:

"They have all been severely restricted in the use and enjoyment of their own home," Sheriff Ross said. "They voluntarily restrict their external movements. They restrict their conversations, both inside and outside their home, as they are aware that they are being recorded and do not know the extent of the coverage."

Although he is talking about surveillance in the physical world, his concerns have obvious parallels in the online world, which is under growing government surveillance, not least in the UK. Already, some people are starting to restrict their digital movements and their conversations as they are "aware that they are being recorded and do not know the extent of the coverage." The question is: why should such "distressing" surveillance be punished in the real world, but permitted in the digital one?

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

30 Comments | Leave a Comment..

Posted on Techdirt - 14 February 2017 @ 3:25am

After Passing Worst Surveillance Law In A Democracy, UK Now Proposes Worst Anti-Whistleblowing Law

from the oh,-didn't-you-notice-you-had-been-consulted? dept

Last November, the UK government finally passed the Snooper's Charter, officially known as the Investigatory Powers Act. That was largely because everyone in the UK was too busy arguing over the Brexit mess to notice that Theresa May had finally achieved her goal, and pushed through what the Open Rights Group called "the most extreme surveillance law ever passed in a democracy." Now that May has provided the police with the ability to rummage through a year's worth of every Brit's browsing history without a warrant, and given permission for the intelligence agencies to break into any computer and demand backdoors to be installed for any software or online service used in the UK, it seems she has a new target: whistleblowers. The Guardian reports on big changes the authorities want to make to the laws protecting government secrets, doubtless with an eye to dissuading any future Snowden/Guardian-type partnerships in the UK:

The [UK] government's legal advisers have been accused of launching a "full-frontal attack" on whistleblowers over proposals to radically increase prison sentences for revealing state secrets and prosecute journalists.

...

Draft recommendations from the legal advisers say the maximum prison sentence for leakers should be raised, potentially from two to 14 years, and the definition of espionage should be expanded to include obtaining sensitive information, as well as passing it on.

Although its good news that several old Official Secrets Acts are to be updated for the digital age, a Guardian editorial notes that the new approach would be broader and harsher than existing laws:

Reporters, as well as the whistleblowers whose stories they tell, would be under threat of sentences of up to 14 years, regardless of the public interest and even if there were no likelihood of damage.

Following the firestorm that greeted the announcement of this criminalization of core journalistic activities, and the absence of any public interest defense, May's spokesperson rushed out a comment:

I've seen the way this has been reported and it is fundamentally wrong. It is not, never has been and never will be the policy of the government to restrict the freedom of investigative journalism or public whistleblowing.

However, that response does not deny that journalists would indeed run the risk of 14 years in prison for handling documents leaked by whistleblowers. Instead, it seems, we are supposed to accept that the UK government will do the "right thing" here, and not actually use the new powers against investigative journalism. Leaving aside the fact that just a couple of months ago it passed the Snooper's Charter despite warnings about its excessive measures, there's another very good reason not to trust the UK government here. The Law Commission, the official body which produced the proposals, says on its Web site the following about how it drew up its plans:

In making its proposals the Law Commission met extensively with and sought the views of government departments, lawyers, human rights NGOs and the media.

The Guardian contacted some of those the Law Commission claims to have met, and they spoke of the very limited nature of the discussions:

[The human rights organization] Liberty said that while a meeting was held, it was "not on the understanding that this was a consultation".

Cathy James, the chief executive of Public Concern at Work, was also surprised to see her the whistleblowing charity listed as being involved.

She said: "I didn’t actually know we were listed in the document as we have been working our way through it so it is a big surprise to me. I believe my colleague met with them initially but we were not consulted in the normal sense of the word consultation. That is not what happened."

And the Guardian itself, also allegedly one of those whose views were sought, wrote that it had held only one preliminary meeting with the government's legal advisers, and that it was not consulted before being listed in the report.

Had it been just one organization making these comments, you could put it down to a misunderstanding. But for several people to report independently that they had only the briefest of meetings with the Law Commission, and that they did not regard those in any way as "consultations", suggests a conscious and shabby attempt to sneak out extreme proposals while pretending that they were the result of broad-based and in-depth discussions.

It is hard not to see this as yet another law that the UK government is determined to push through regardless of what anyone thinks, just as it did with the Snooper's Charter. Let's hope that this time the public and politicians aren't too distracted by the Brexit omnishambles to fight and defeat these changes that threaten not just whistleblowers and investigative journalism, but potentially British democracy itself.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

15 Comments | Leave a Comment..

Posted on Techdirt - 10 February 2017 @ 3:26am

UK Train Operators Plan To Charge Passengers Using Their Biometrics

from the all-aboard-for-the-surveillance-state dept

Despite repeated warnings from security experts about their problems, biometrics are gaining in popularity for all kinds of applications, many of them inappropriate. Here's another group that is so enamored of the technology it seems it hasn't thought things through:

Rail passengers could be charged for journeys by fingerprint or iris scans, according to the industry's plan for coping with growing demand.

Biometric technology would enable fares to be automatically charged, the Rail Delivery Group (RDG) said.

As the Guardian article explains, the RDG is the main organization representing the UK railway industry. It sees the move to biometrics as a continuation of current experiments:

[RDG] claimed such a system could follow on from the use of smartphones' Bluetooth signals to open station barriers, which will be trialled on Chiltern Railways' route between London Marylebone and Oxford Parkway over the coming months.

At least Bluetooth signals have the virtue of operating quite quickly, and from a certain distance. It's hard to see how fingerprints or iris scans will be so slick in practice. As we've noted before, there are serious problems with getting fingerprint scans for the general public to work on a large scale, and those difficulties are likely to be exacerbated when people are in a hurry to catch a train.

Iris scans typically require the subject to stand on a certain spot and to keep still while their eye is checked. As anyone who has been through some airports around the world knows, iris scans often take several attempts to recognize someone, and may fail altogether, which requires a manual check elsewhere. In the context of a busy station, this seems a recipe for disaster.

But there's a possible solution to these problems. Instead of using the rather unreliable fingerprints or iris scans, why not move on to facial recognition? Unlike the other forms of biometrics, facial recognition systems seem to be getting better all the time. It can't be long before the rail operators suggest that deploying this technology in stations would be a great way to allow people to pay without needing to buy physical tickets or even stop as they head off for their train.

But that would effectively create a huge surveillance database of everyone moving through the rail system -- including those who prefer to travel using anonymous means like cash. And once that database existed, it would only be a matter of time before the authorities point out that it would be ridiculous not to use this valuable information in order to capture bad people who might harm society. As it happens, it was revealed last week that the UK government is already using that argument to access confidential records held on a national health database in order to track down "immigration offenders."

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

19 Comments | Leave a Comment..

Posted on Techdirt - 9 February 2017 @ 11:55am

UK Search Engines Will Sign Up To A 'Voluntary' Code On Piracy -- Or Face The Consequences

from the and-who-cares-what-you-think? dept

As Techdirt readers know, the copyright industry has almost no means to tackle infringement, or to demand that pirated materials are removed from Internet sites. At least, that's the impression you would get as a result of the constant whining you hear from the entertainment companies that they are doomed and terribly neglected by the lawmakers. Indeed, not content with the copyright ratchet that constantly makes copyright laws longer, stronger and broader, the film, music and publishing industries are always pushing for "voluntary" agreements with the Internet industry that don't require anything so tiresome as actual laws to be passed... or pesky things like "due process."

One example of this approach is the "six strikes" scheme in the US. As Techdirt noted recently, the approach was a complete failure, and has just been dropped. Unfortunately, the idea lives on around the world -- the EFF has an entire section on its site about what it calls "shadow regulation," and it has just published a global review of copyright enforcement agreements. Particularly troubling are the EU's proposals for a new copyright directive, which would require:

large user-generated content platforms to reach agreements with copyright holders to adopt automated technologies that would scan content that users upload, and either block that content or pay royalties for it.

As the EFF notes, the reason why these would be "voluntary" deals is pretty clear:

The Commission is likely taking that approach because that it knows that it can't directly require Internet platforms to scan content that users upload -- an existing law, Article 14 of the Directive 2000/31 on electronic commerce (E-commerce Directive), expressly prohibits any such requirement.

That is, it would be impossible to make this a legal requirement, because it is forbidden by another key EU directive, but "voluntary" agreements can skirt that law, which is another reason they are so insidious. The EU's revised copyright directive is still at an early stage of discussion, so there is some hope that this harmful proposal can be fought and removed. Sadly, that's not the case in the UK, where it seems that search engines have had their arms twisted to sign up to another "voluntary" agreement, with the threat of new laws being brought in if they don't. As a post on TorrentFreak explains:

Google and other search companies are close to striking a voluntary agreement with entertainment companies to tackle the appearance of infringing content links in search results. Following roundtable discussions chaired by the UK's Intellectual Property Office, all parties have agreed that the code should take effect by June 1, 2017.

TorrentFreak quotes a revealing comment made by the UK government minister that has been leading the talks, Baroness Buscombe:

"The search engines involved in this work have been very co-operative, making changes to their algorithms and processes, but also working bilaterally with creative industry representatives to explore the options for new interventions, and how existing processes might be streamlined," she said.

The fact that the talks were "bilateral," involving only entertainment companies and search engines, exposes one of the worst features of these so-called "voluntary" agreements: that there is no open debate of the kind that would be standard when actual legislation was involved, nor any opportunity for ordinary people to contribute. Instead, closed-door discussions produce deals that may be satisfactory for the copyright industry, and bearable for the Internet companies, but which are uniformly bad for the general public, whose views are simply not considered relevant.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

9 Comments | Leave a Comment..

Posted on Techdirt - 9 February 2017 @ 3:36am

Landmark Court Decision Means Canada Has Now Joined The 'Right To Be Forgotten Globally' Club

from the long-reach-of-the-moosen dept

Techdirt has written plenty about the controversial "right to be forgotten" -- strictly speaking, a right to be de-listed from search engine results in general, and from Google in particular. Although most people associate this with the European Union, which pioneered the approach, the idea has now spread to other countries, including South Korea, China and Japan. In an interesting article in The Globe and Mail, Michael Geist suggests that Canada has now joined the club:

the Federal Court of Canada issued a landmark ruling that paves the way for a Canadian version of the right to be forgotten that would allow courts to issue orders with the removal of Google search results on a global basis very much in mind.

The details of the case are rather unusual. They involve a website in Romania that obtained and posted Canadian judicial and tribunal decisions. These were all public documents, but they were not previously indexed by Google, which meant their contents were effectively hidden. The Romanian site allowed its copies to be indexed by Google, which made the decisions and the Canadian citizens involved visible for the first time -- something the people affected were not happy about. They complained to the Privacy Commissioner of Canada, who ruled that the Romanian site violated Canadian privacy law. The case then moved to Canada's federal court, which ruled that it had jurisdiction over the website in Romania, since it had strong connections with Canada through its holdings. It then went on to make a declaratory order:

The court noted that the declaration could be used to submit a request to Google seeking the removal of the offending links from its search database. While acknowledging that there was no guarantee that Google would act, it was persuaded by the Privacy Commissioner that "this may be the most practical and effective way of mitigating the harm caused to individuals since the respondent is located in Romania with no known assets."

As Geist notes, whether or not it was the federal court's intention, it seems to have created the Canadian equivalent of a right to be de-listed from search results:

While more onerous than a direct request to Google, the court's approach suggests there is now a road map for the global removal of search results of content that may be factually correct, but which also implicates the privacy rights of individuals.

One indirect effect of this ruling will be to strengthen the idea that there is some kind of "right to be forgotten globally," which will itself probably encourage people in other countries to bring privacy cases that seek to spread it yet further.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

29 Comments | Leave a Comment..

Posted on Techdirt - 8 February 2017 @ 3:23am

Anti-Whistleblower Provision Buried In Germany's New Data Retention Law Challenged In The Courts

from the shh!-it's-a-secret dept

Back in 2015, we noted that there was a global move to strengthen laws governing trade secrets. Enhanced protection was something that was included in the mercifully dead TPP agreement, and may well crop up again in the bilateral trade deals that the US administration says it now wants to pursue in TPP's stead. One of the many problems with enhanced trade secret protection is that it can make whistleblowing more risky, since companies might try to claim that their right to preserve embarrassing secrets outweighs any public interest in revealing their dubious activities.

That was such a concern when the EU passed a new law protecting trade secrets last year that a group in the European Parliament drafted their own proposal for codifying whistleblower protection in the EU in order to highlight the issue. As well as this general concern about the status of whistleblowing in the EU, there are more immediate problems at the national level in Germany, as this post on the EDRi site explains:

Bundled with the controversial new German Data Retention Framework, which was signed into law in December 2015, the German parliament also passed a largely unnoticed addition to the Criminal Code that outlaws handling "stolen" data (so-called "Datenhehlerei"). In addition to the criminal liability, journalists are also no longer protected against search and seizure.

Prohibiting the trade in stolen data may make sense for stolen credit card information or login credentials. The new law, however, is so broadly worded that it also encompasses information "leaked" by whistleblowers, which is an obvious threat to the freedom of the press that systematically relies on such information. For example, under the new law, the documents leaked by Edward Snowden arguably can no longer be legally used on German soil.

While it may be doubtful whether any journalists or experts will actually be prosecuted, the law's greatest threat is its chilling effect: sources and experts will have to think twice whether to forward leaked data or help sift through them.

Fortunately, a German NGO has taken on the task of challenging this new threat to whistleblowers. The GFF (Gesellschaft für Freiheitsrechte/Society for Civil Rights) says its mission is to establish "a sustainable structure for successful strategic litigation in the area of human and civil rights in Germany and Europe." The EDRi blog post reports:

In December 2016, GFF and its partners brought a challenge against this law before the German Federal Constitutional Court in Karlsruhe, on the grounds that it is incompatible with the freedom of the press and with the principle of clarity of criminal provisions.

It's great that there is someone willing to stand up for whistleblowers, and regrettable that it's necessary. What's really needed is an EU-wide solution. Last month, the European Commission announced that it would use an impact assessment to begin exploring the possibility of bringing in new laws to protect whistleblowers. Unfortunately, that is likely to be a long, drawn-out process, and there's no guarantee that the final result will provide the protection that public-spirited whistleblowers deserve.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

3 Comments | Leave a Comment..

Posted on Techdirt - 3 February 2017 @ 3:36am

Denmark Says Tech Giants Affect It More Than Entire Countries, Decides To Appoint Official 'Digital Ambassador' To Them

from the if-you-can't-beat-them,-establish-diplomatic-relations-with-them dept

As you may have noticed, here on Techdirt we write quite a lot about companies like Apple, Google and Facebook. That's partly because they are very rich and very powerful, and therefore tend to be driving many of the key developments in the tech field. Some think they are too powerful. Here, for example, is Robert Reich, writing for The New York Times, in a 2015 piece entitled "Big Tech Has Become Way Too Powerful":

While in 2001, the top 10 websites accounted for 31 percent of all page views in America, by 2010 the top 10 accounted for 75 percent. Google and Facebook are now the first stops for many Americans seeking news -- while Internet traffic to much of the nation's newspapers, network television and other news gathering agencies has fallen well below 50 percent of all traffic. Meanwhile, Amazon is now the first stop for almost a third of all American consumers seeking to buy anything. Talk about power.

As Reich points out, the European Union seems to agree, and is investigating Amazon, Apple and Google for various alleged abuses of that growing power. More recently, the European Commission signalled that it was not happy about aspects of Facebook's takeover of WhatsApp. But not everyone thinks fighting tech giants is the solution. Here, for example, is what Denmark's Foreign Minister Anders Samuelsen has announced, as reported by The Local:

Saying that tech giants like Google and Apple now have more influence than many countries, Denmark will become the first nation in the world to appoint a so-called digital ambassador.

Samuelsen said that through the ambassadorship, which has not yet been filled, Denmark will work toward better relationships with the American tech firms that have amassed fortunes much larger than some of the countries with which Denmark practises traditional diplomacy.

There's a certain logic there, but it does set a worrying precedent. If there's an official digital ambassador, why not have an energy ambassador for the giant oil and gas companies, and a drug ambassador for Big Pharma? And won't that kind of political apparatus provide yet more ways for already influential companies to bend and shape government policy in a country -- tipping the balance against ordinary people even further?

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

21 Comments | Leave a Comment..

Posted on Techdirt - 1 February 2017 @ 3:37am

China's Response To Study Confirms It Uses 'Strategic Distraction' To Prevent Collective Action. Sound Familiar?

from the oh,-look,-a-squirrel dept

Last May, Techdirt wrote about a draft version of a study of how China deploys its vast "50 Cent Party" propagandists -- named for the amount of money they are supposedly paid for every post -- to control discourse online. The final version of the paper, entitled "How the Chinese Government Fabricates Social Media Posts for Strategic Distraction, not Engaged Argument," has now appeared, and it includes a fascinating appendix:

We describe here a rare tacit confirmation of the existence of the 50c party, as well as an apparent admission to the accuracy of our leaked archive and the veracity of our empirical results, all unexpectedly offered by the Chinese government in response to our work.

As the Appendix explains, the draft version of the paper received a huge amount of international attention when it was released last year. Most significantly, Global Times, a newspaper published by the People's Daily, the Chinese Communist Party (CCP)'s primary mouthpiece, wrote an editorial on the study. Although this isn't an official statement from the Chinese authorities, the Appendix points out that it is reasonable to interpret it as a close approximation to their views. Along the way, it provides some invaluable insights into the online world in China. For example, by comparing public comments on the editorial with those found elsewhere on Chinese social media, the researchers were able to judge how the Chinese people viewed the use of "strategic distraction" to control online discussions:

Our estimates indicate that 82% of the comments on the paper's website which expressed an opinion supported China's system of public opinion guidance (with 15% critical). Yet, among the likely broader audience found on Weibo [China's home-grown version of Twitter], only 30% were supportive (with 63% critical)

That contradicts a central claim of the editorial, which is that "Chinese society is generally in agreement regarding the necessity of ‘public opinion guidance'." The researchers also note that indirectly the editorial confirms four important claims they made in their original paper.

First, although the Global Times has English and Chinese editions, with many articles published in both languages, the editorial about our paper was published only in Chinese. That is, even though it objected to how the story was covered in the international press, the CCP was primarily addressing its own people. This seems to be a regular strategy of the regime and is consistent with our interpretation of their main perceived threats being their own people rather than Western powers.

Moreover, not only did the editorial not deny that the 50 Cent Army operated on a massive scale -- probably impossible, since Chinese citizens know full well it exists -- it took no issue with any of the conclusions drawn by the researchers. As the latter wrote:

We (inadvertently) asked the Chinese government whether they agreed with our results, and they effectively concurred. Although social scientists often conduct interviews of individual public officials, we are grateful for the unusual, if not unprecedented, chance to pose questions to an organ of the Chinese government and have it respond, for all practical purposes, as a government, or at least in a way that represents it.

However, arguably the most important point is the following:

In the editorial, the government also acknowledges that the purpose of public opinion guidance is to constrain or stop the spread of “hot button issues” that go viral on-line or "grassroots social issues" that have collective action potential. This also confirms a central point of our work.

When Techdirt first wrote about this work last year, it was undoubtedly interesting, and added to our knowledge of how governments flood the Internet with false information. But in the wake of the events of the last few days, during which the White House has disseminated what it calls "alternative facts," and "collective action" has emerged as a key political response, it has acquired a heightened relevance.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

37 Comments | Leave a Comment..

Posted on Techdirt - 31 January 2017 @ 3:30pm

Here's What Happened When The Dutch Secret Service Tried To Recruit A Tor Admin

from the true-or-false? dept

Law enforcement keeps bumping into Tor, as Techdirt has reported many times over the years. So it's understandable that the authorities are always looking for ways to subvert and circumvent the extra protection that Tor can offer its users when used properly. For obvious reasons, we don't often get to hear exactly how they are doing that, but a fascinating post on the Dutch site Buro Jansen & Janssen purports to give some details of what happened when the country's secret service tried to recruit a Tor admin. First, a caveat. The site says:

We received this story from a person who wants to remain anonymous. We conducted an investigation to the existence of this person and confirmed their existence.

However, that still raises the question of whether the site itself is reliable. It describes itself as follows:

A land-rights collective which has been publishing for 30 years on the expansion of repressive legislation, public-private partnerships, authorities, governmental actions and other state affairs.

Some might argue that means it has an axe to grind against the authorities and secret services, making its report less credible. That said, the site seems to contain a wide variety of solid information, and the post itself is plausible enough. It recounts how the Dutch secret service in the form of an older man and younger woman contacted the unnamed Tor admin:

They approached me and identified themselves with a badge of the Ministry of Internal Affairs and said they were working for the AIVD (Dutch secret service). They asked me to hear them out. I was in a state of shock and thought I had committed a crime but they immediately started to talk about on my studies. They made it clear they've read my thesis on IT security and showered me with compliments before they were firing a round of job offers at me.

Here's what they offered and what they wanted:

They asked me if I was interested in traveling for a couple of years and for example work in Germany at a technology company while visiting the Chaos Computer Club's hacker spaces to see what's going on and report back to them. All my expenditures would be covered.

...

They also mentioned that occasionally there are hacker parties in Italy, Austria, Spain, and other countries, and they said I could see that as paid holidays. They were very honest about the fact that they were looking for foreign talent but mostly interested in keeping tabs on Dutch IT-professionals and hackers abroad. They emphasized on monitoring Dutch people abroad at least 3 times.

That's pretty conventional stuff. But you obviously don't try to recruit a Tor admin unless you are also interested in keeping an eye on Tor itself:

The old man who showered me with compliments suddenly said: "look, we know about your Tor-exit nodes, if you run them with us you will be able to make a living out of it, but if you don't and something illegal happens, we can't help you if the police visits your home and seizes your equipment."

That threat was accompanied with a further warning not to speak to anybody about the conversation that had just taken place. Let's hope that nothing has happened, or will happen, to the person involved for disobeying that instruction. Assuming, of course, that the post is genuine -- something that Techdirt readers will doubtless have their own views about.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

23 Comments | Leave a Comment..

Posted on Techdirt - 31 January 2017 @ 3:30am

After Voting To 'Escape' EU Sovereignty, Post-Brexit UK Will Become Subject To Corporate Sovereignty On A Massive Scale

from the out-of-the-frying-pan,-into-the-fire dept

One of the slogans used by those in favor of the UK leaving the European Union -- aka Brexit -- was that it would allow Brits to "take back control." In particular, it was claimed, Brexit would stop the European Union and its top court from "imposing" their decisions that took precedence over national laws. It was an appealing slogan for many -- a bit like "Make America great again" -- but as with other appealing slogans, with time it proved rather hollow. In the wake of the UK referendum in favor of Brexit, the British government is faced with the task of coming up with large numbers of trade deals that will somehow compensate for the almost-certain loss of preferential access to the EU. Naturally, the most important of these "new" trade deals is with the US. Unfortunately, the British negotiating position is fatally undermined by the fact that the UK is desperate for a deal, whereas the US doesn't need it at all. Inevitably, then, the US will get to dictate its terms, and UK government will be forced to accept them, however bad they are, because it has no alternative. So much for "taking back control."

Rather belatedly, people are beginning to wake up to what that is likely to mean in practice. Here, for example, is an analysis on BuzzFeed of a key problem with the UK government's plan to sign lots of new trade deals to plug the gap left by exiting the EU:

Trade experts have warned that signing such deals without the EU judicial system will almost inevitably mean signing up to systems known as "ISDS" (Investor State Dispute Settlement) -- secretive, binding arbitration systems that can force countries to overturn their laws when it hurts corporate interests. These formed the core of international opposition to trade deals such as TTIP (between the EU and US) and CETA (between the EU and Canada).

It might be argued that ISDS -- corporate sovereignty -- isn't a new issue for the UK. The country already has many trade deals that include corporate sovereignty chapters:

UK corporations have been some of the most active users of ISDS to enforce their rights overseas, analysis of the 700 or so known disputes shows. Sixty-four of the 700 were made by UK companies against overseas governments, while only one ISDS dispute has ever been filed against the UK -- and didn’t go anywhere.

The UK has been able to use ISDS as an offensive weapon without being hit by many claims itself because most of its existing trade deals are with countries that have relatively small economies. They have few companies or individuals who are in a position to make major investments in the UK, which means few are able to use corporate sovereignty clauses against the UK. The UK, by contrast, has plenty of rich investors who can and do take advantage of secret ISDS tribunals.

That situation will change dramatically if and when the UK signs a trade deal with the US -- the British government has made clear that doing so will be a priority post-Brexit. The US has huge investments in the UK, and these are likely to be covered retrospectively by ISDS in any trade deal. That was the intention in TAFTA/TTIP, which now seems likely to suffer the same fate as TPP. After all, why wouldn't Trump demand this strong protection for investments made by US companies -- and by himself?

As the BuzzFeed article points out, requiring a corporate sovereignty chapter in a US-UK trade deal would lead to a rather ironic situation. The Brexit vote, which many insisted would allow the UK to throw off the yoke of supposedly "anti-democratic" supranational EU judgments, is almost certain to see a post-Brexit UK subject to large numbers of supranational ISDS judgments that are even less democratic.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

47 Comments | Leave a Comment..

Posted on Techdirt - 30 January 2017 @ 1:56pm

Amidst Increased Government Surveillance, Chinese Internet Users Finally Gain Important Online Privacy Protections

from the not-all-bad-news,-all-the-time dept

Techdirt stories about China have been relentlessly grim in recent years, offering a depressing vision of an online world under ever-greater surveillance, with correspondingly more systems for censoring every digital thought. But it's important not to get too apocalyptic, and to remember that life goes on. Just like their counterparts in the West, people in China are using the Internet for more and more of their daily lives. Arguably a greater problem than government surveillance for most people is the lack of privacy protections under Chinese law, which has led to highly-personal online information routinely being gathered and sold by third parties.

In this context, the Caixin site has details of what it calls a "landmark privacy case" that may help to rein in some of that widespread abuse. The original complaint was brought by Weibo, China's version of Twitter, against an erstwhile partner, Maimai, which offers an enterprise chat app of the same name.

An intellectual property court in Beijing has just made one of China's first precedent-setting rulings on the issue by upholding a lower court’s ruling against Maimai. The original case was brought nearly two years ago by Weibo, which said its millions of users had their publicly available personal data improperly mined by Maimai.

Even more important than the ruling against Maimai are the guidelines laid down by the court that will apply more generally to the handling of personal data on the Chinese Net:

the court issued an article on its official microblog on Wednesday laying out guidance for similar cases involving user privacy when data is publicly available on sites like Weibo. That guidance gave six instances of what constitutes "improper" use of such data, including the potential to harm a user's welfare and disturbing order on the internet.

Those policies were part of the court's broader opinion that third parties who gather such publicly available user information from services like Weibo should not violate individual privacy without making a concerted effort to get authorization from both platform operators and actual users.

This latest development is an important reminder that alongside other, more worrying trends, the online world in China is also seeing real progress. That offers hope that one day the heightened Internet surveillance being carried out could be rolled back too -- both in China and in the West, where it has also increased dramatically in recent years, let us not forget.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

9 Comments | Leave a Comment..

Posted on Techdirt - 30 January 2017 @ 3:43am

Already Under Attack In Top EU Court, Privacy Shield Framework For Transatlantic Data Flows Further Undermined By Trump

from the you're-not-really-helping-things,-Donald dept

A year ago, Techdirt wrote about the melodramatically-named "Privacy Shield." Under EU data protection laws, the transfer of EU citizens' personal data is only legal if the destination country meets certain basic conditions for data protection. Signing up to Privacy Shield is designed to allow US companies to meet that requirement. The earlier framework, called "Safe Harbor," was thrown out by the EU's highest court, the Court of Justice of the European Union (CJEU), largely because of NSA spying on data flows. Privacy Shield was hurriedly cobbled together because, without it, the vast flows of data across the Atlantic that occur all the time would be much harder to square with EU laws.

However, since the NSA has not stopped spying on data flows, some in the EU feel that Privacy Shield offers as little protection for personal data as Safe Harbor. This led the Irish civil liberties group Digital Rights Ireland (DRI) last October to ask the EU's General Court -- one of the more obscure courts of the CJEU -- to annul the Privacy Shield framework, arguing that it too lacks adequate privacy protections. Although there are still some procedural matters to be settled first, largely to do with whether DRI has standing to bring this legal action, the case is considered a serious enough challenge to the Privacy Shield framework that the US government is getting involved directly:

The US government has applied to be an intervening party in a challenge by Irish privacy campaign group Digital Rights Ireland against the Privacy Shield transatlantic data transfer pact.

As the article from the Irish Times explains, the US is not alone: also keen to see the framework upheld are the British, Dutch, and French governments, as well as Microsoft and the Business Software Alliance, all of whom have applied separately to join the action. DRI's basic argument is the following:

In questioning Privacy Shield's adequacy, it says its provisions are not actually fixed in US law. The privacy group will also argue that the agreement neither adequately addresses the court's specific objections to Safe Harbour, nor protects citizens' rights provided for under the EU Charter of Fundamental Rights and by the general principles of EU law.

The DRI's case may have just received a boost from an unusual quarter. As Techdirt reported, the President of the United States has signed an executive order that strips those who are not US citizens of certain rights under the Privacy Act. A spokeswoman for the European Commission told TechCrunch that Privacy Shield "does not rely on the protections under the US Privacy Act." But Jan Philipp Albrecht, a Member of the European Parliament, and the leading expert on data protection regulation there, is not so sure that the framework will escape unscathed. He wrote in a tweet that:

If this is true [about the stripping of privacy protections] @EU_Commission has to immediately suspend #PrivacyShield & sanction the US for breaking EU-US umbrella agreement.

The "EU-US umbrella agreement" refers to another recently-agreed deal that puts in place a comprehensive high-level data protection framework for EU-US law enforcement cooperation. The long thread that follows Albrecht's tweet explores to what extent the Privacy Shield framework is likely to be impacted by the new executive order. There's no clear consensus yet on that. But one thing is for sure: the general thrust of Trump's order probably indicates a broader shift in policy that makes it more likely that the CJEU will strike down Privacy Shield just as it struck down Safe Harbor.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

21 Comments | Leave a Comment..

Posted on Techdirt - 27 January 2017 @ 3:23am

The Gates Foundation Emerges As A Leader In The Fight For Full Open Access And Open Data

from the great,-so-how-about-open-source-too? dept

As Techdirt readers know, the battle to provide open access to the world's research has been going on for many years now. Despite the clear benefits of sharing information freely, the top academic publishers are still resisting, which probably has something to do with the 35% profit margins they currently enjoy. There have been various attempts to force their hand, notably through boycotts, but these have been disappointingly ineffective so far. Funding organizations have helped by requiring that any work they fund should be published as some kind of open access, but often they have been rather timid in their demands and enforcement. Against that background, the following is noteworthy:

One of the world's most influential global health charities says that the research it funds cannot currently be published in several leading journals, because the journals do not comply with its open-access policy.

Scientists who do research funded by the Bill & Melinda Gates Foundation are not -- for the moment -- allowed to publish papers about that work in journals that include Nature, Science, the New England Journal of Medicine (NEJM) and the Proceedings of the National Academy of Sciences (PNAS).

That comes from a news story published in Nature, one of the leading titles that falls foul of the new rules. These were first announced in November 2014, when Nature called them the "world's strongest policy on open access research." After a two-year grace period, the new rules have come fully into force, no exceptions allowed. There are five so-called "elements" to the new policy, including the following:

Publication Will Be On "Open Access" Terms. All publications shall be published under the Creative Commons Attribution 4.0 Generic License (CC BY 4.0) or an equivalent license. This will permit all users of the publication to copy and redistribute the material in any medium or format and transform and build upon the material, including for any purpose (including commercial) without further permission or fees being required.

As that points out, the CC-BY license allows anyone to use material with attribution, including for commercial purposes. This is something academic publishers are very unwilling to allow, since it means that rivals can reprint the content immediately, and without payment.

Publications Will Be Accessible and Open Immediately. All publications shall be available immediately upon their publication, without any embargo period. An embargo period is the period during which the publisher will require a subscription or the payment of a fee to gain access to the publication.

This is also an unusually strong demand. In the past, major funders have meekly allowed an extended period of exclusivity to publishers in the form of an embargo before research is available under open access terms. The new requirement by the Gates Foundation is therefore a bold move, and again something that publishers have always fought hard against.

Data Underlying Published Research Results Will Be Accessible and Open Immediately. The foundation will require that data underlying the published research results be immediately accessible and open.

A separate requirement for open data recognizes that the underlying results are just as important as the main findings, and that they should be available under an open license for other researchers to use freely.

The Nature story says that the new rules will only affect a few hundred research papers, since 92% of the 2,000-2,500 papers published each year with funding from the Gates Foundation are in journals that already comply with the stringent open access policy. However, the ones that currently don't meet them are big names in the world of scientific publishing, which sets up an interesting battle of wills. It's one that Peter Suber, a key figure in the open access movement, thinks that the Gates Foundation is likely to win:

"I predict that the Gates Foundation won't compromise. The journals ought to compromise, and in due time, I predict that they will," says Peter Suber, director of the Harvard Open Access Project and the Harvard Office for Scholarly Communication in Cambridge, Massachusetts.

Suber recalls that in 2008, many journals were unwilling to accommodate a US National Institutes of Health (NIH) policy, which, at the time, mandated that papers be made freely available no later than 12 months after publication. "Essentially, the NIH forced publishers to choose between accommodating the new policy and refusing to publish the large volume of high-quality research by NIH-funded authors," he says. In the end, publishers accommodated the policy, Suber notes. He expects that the Gates policy will draw the same concessions from publishers.

If Suber is right -- and he usually is on these matters -- this will represent a serious defeat for the old-style, dog-in-the-manger publishers, who have hitherto regarded themselves as indispensable and thus able to dictate terms to the open access movement and their funders. It might encourage other organizations to impose similar terms, and to usher in finally the long-awaited open access revolution.

The Gates Foundation is therefore to be congratulated on making this stand for both open access and open data. However, there is a certain irony here that an organization fighting so hard for openness should be funded by a man whose huge fortune is based on selling software that is resolutely closed source.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

25 Comments | Leave a Comment..

More posts from Glyn Moody >>