" /> net.wars: July 2014 Archives

« June 2014 | Main

July 25, 2014

Patch Friday

Updated 7/25/2014 to add the link to ORG's blog and explain the inclusion of Neil Harman.

This is a week of catch-ups: Ofcom reported on the workings of family filters. DCMS told Out-Law that it's no longer planning to disconnect users who ignore four warnings of copyright infringement under the Digital Economy Act. In a follow-up to April's ECJ judgment, Google was invited to a meeting with data protection regulators to discuss how the company is handling right-to-be-forgotten requests. The EFF discusses the UN's just-released report on mass surveillance and human rights. The MPs Tom Watson (Labour, West Bromwich East) and David Davis (Conservative, Haltemprice and Howden) are teaming up with Liberty to mount a High Court challenge to the DRIP Act. Researchers have uncovered yet another way to track us across the Web. The long-serving Times tennis writer Neil Harman has admitted to plagiarism and relinquished his post as head of the International Tennis Writers Association. And an interesting but flawed play at the Almeida Theater (and touring various US cities) studies culture and collaborative story-telling.

Ofcom reports very low take-up for the government's "family-friendly filters", the program to ensure that all Internet subscribers make an "unavoidable choice" whether to have filters turned on. Lacking access to details of the many imponderables in why a particular household will make such a decision, the report tells us only this much: most household don't want the controls. The even bigger imponderable is whether the UK government will now accept that its filtering policy is unpopular or whether it will take this as its cue to make the filters harder to escape. The Open Rights Group's analysis captures some of the issues.

A number of media outlets have gotten wildly excited over the DCMS news, but although we have to welcome the news that Internet users won't be cut off, it doesn't really change anything else. As the file-sharing news site TorrentFreak spells out, nothing else has changed: copyright infringement is still illegal, and users can still be taken to court by ravening rights holders. The change is certainly welcome, but it's small. It's definitely not a cue to go wild.

As EFF's analysis says, the UN report is astonishingly clear-minded on the disproportionality of mass collection of traffic data and need for transparency and an understanding that human rights apply to foreigners as well as a country's own citizens. The big next step is getting countries that think they're above all this to accept that they're not.

Many reports have focused on the "unstoppable" aspect of canvas fingerprinting, which turns text into an HTML 5 image that every browser will render slightly differently - enough so to be unique (or nearly so). Among the sites found to be using this technique, says BoingBoing, is the White House site, despite the clear conflict with its privacy policy. EFF helpfully has an explanation of how the thing works as well as the advice that its own PrivacyBadger or NoScript to block the canvas fingerprinting JavaScript from running.

As for Neil Harman, the spectacular irony is that ITWA, which he co-founded and jointly headed, has successfully campaigned to keep audio, video, and transcripts of player press conferences offline until the on-site pros can use them. So Harman is both a rampant plagiarist *and* a protectionist - and an embarrassment to his profession.

To Mr Burns...

The New York Times loved it, but the British critics were mixed. The play begins in the near future, when an undefined apocalypse involving illness and fires has abruptly wrecked the US, perhaps the never-discussed rest of the world, too. Around a campfire at night, a small group of survivors (whose near-invisible faces really could have used dawn to come along after the first few minutes) are trying to keep their sanity by collaboratively struggling to reconstruct the entirety of an episode of The Simpsons.

Never having quite gotten on board with the show myself, I was unfamiliar with the episode in question, Cape Feare. It was a good choice, since even without their efforts the episode itself is a layered experience of popular culture: it recapitulates, references, and parodies multiple prior movies and leavens it all with some Gilbert and Sullivan. So far, so good. My favorite moment of the first act is when the group abruptly downs their excited recollections to

The second act moves ahead seven years, to when the characters have moved on to more elaborate recreations and are competing with other reenactment groups. There's a brief, intriguing discussion about buying lines: there are fraudsters out there. By the third act, set 75 years hence, the episode has become a near-religious ritual, with complex costuming and singing (and fairy lights powered by a frantic cyclist running a generator). The critics' distaste is understandable: every act needs trimming, and even after reading the script the characters lack individuality. My favorite moment was in the first act, where a newcomer and the established group take turns reading out lists of the people whose fates they want to know. The parallel between this collaborative effort to create a canonical list of survivors and the effort to recall Cape Feare is the one truly emotional moment in the piece. There are lots of other quibbles about plausibility - no musical instruments or their players survived? no group tried instead to reconstruct physics textbooks? - but the exploration of the way popular culture accretes into an analogue of geological strata contributes a new take on the meaning of the public domain.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.


July 18, 2014

Breaking away

On Monday night, I asked ORG Edinburgh this:

If the same small number of large organizations own the primary means by which we communicate with each other and monitoring continues to be pervasive, will it matter how Scotland votes in the September referendum?

One of the attendees took this to mean that I was predicting the end of the nation-state, like John Perry Barlow.

In fact, my intent was narrower, about reclaiming the Internet from the many powers that want to control it. For example, see Telegeography's 2014 map of undersea cables, whose placement is dictated by physics and geography. The map makes it obvious where to place wiretaps - or backhoes. Neither geography nor physics will change after independence; nor will the data collection habits of everyone from Facebook and Twitter to the UK and US governments. The recently struck down EU Data Retention Directive (2006) was never a focus for Scottish protest.

Really, I was just curious about the September 18 referendum on Scottish independence and hoped to provoke some discussion about it. In Edinburgh, at least, it seems hard to get anyone much excited: the yes campaign is vague, the no campaign is negative, and it's much easier to find widespread anger about the bedroom tax.

Yet by September 18 those two things may be inextricably linked by the divergence in Scottish and English political leanings that began in the Thatcher era. I lived in Scotland for a year or two back then, and the general sense was that Scotland was being governed by a hostile foreign government. Thatcher broke the unions to widespread loathing, and policies like the bedroom tax bring back the worst memories of the conservatives during that period.

But is Scotland really miserable enough to risk breaking a union that's lasted since 1707? There are no tanks in Parliament Square, no armed forces camped along Glasgow's Sauchiehall Street, no persecuted religious adherents, and the freedom of speech and association is about the same as in the rest of the UK. The economic realities are unclear; the Scottish government's white paper, Scotland's Future (PDF), is vague but optimistic. In terms of national security policy, while I'm sure the Scots resent being surveilled by the English, it's not clear how much they object to being surveilled by other Scots. I heard some complaints, for example, that Scotland's transport concessions are dispensed via an entitlement card (the original name for the 2006 UK national ID card) that makes it easy to track the vulnerable should the government ever wish to do so - a class issue as well as a privacy one.

What I never thought about until a few months ago was what England would be like without Scotland. Will we see checkpoints at the border to stop health tourists fleeing the 2012 Health and Social Care Act changes to the English NHS - and prevent families seeking free higher-level education for their teens from emigrating?

The UK government's anti-independence messages have been embarrassing, threatening that Scotland would lose access to the BBC, be refused membership in the EU, and have less clout on the world stage than it does as part of Britain. (The possibly more likely converse is avoided: Britain, shorn of Scotland, might lose a little strength itself.) Among the myriad analysis papers, the most relevant is the one on security, which suggests that Scotland would lose access to international information-sharing and expertise. Elsewhere, St Andrews University researcher Eric Stoddart's risk analysis suggests that lacking both resources and economies of scale, an independent Scotland might be forced to adopt more automation, resulting in more but less effective surveillance.

England may want to keep Scotland, but elsewhere the talk is isolationist: the government's disdain for the EU. Its pesky convention on human rights, which, the departing veteran moderate Kenneth Clarke reminded everyone, was drafted by British lawyers.

Alan Travis painted a particularly cheery picture in the Guardian:

...such a policy will give the Conservatives an excuse to bang on about the alleged "evils of Strasbourg" between now and election day. As far as they are concerned those evils involve foreign rapists who can't be deported and terror suspects who can't sent home, which means they will be able to bang a populist drum on crime and immigration while blaming foreign European judges - all in one hit.

In New Statesman, Anoosh Chakelian argues that breaking away would not ease extraditions and that Britain's human rights are the same as those in the EU convention\. However, privacy-related EU judgments tell a different story. The European Court on Human Rights ruled against the UK's practice of holding DNA samples taken from the innocent in Marper; and the anti-democratic passage of the DRIP bill stomps on the April 8 European Court of Justice judgment that invalidated the EU Data Retention Directive. The UK has also steadily opposed elements of the data protect reform package.

If you were Scottish, is this the country you'd want to stay with? "This is a decision for centuries," someone said to me on Monday. Independence might be better for Scotland; it will certainly be worse for England - but not for the reasons the government is giving.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.


July 11, 2014

A DRIP in time...

Previously on UK Government... the passage of the Digital Economy Act in the wash-up before Parliament disbanded for the election taught everyone that you can rush through terrible legislation if you pick the right moment....

...On April 8, the European Court of Justice ruled that the EU's Data Retention Directive was a disproportionate intrusion on fundamental human rights, simultaneously invalidating the national legislation that transposed it in all the member states. A few of those member states actually stopped - such as Austria. The UK government said...not much.

Until yesterday, when it suddenly announced emergency legislation in the form of the Data Retention and Investigatory Powers bill - DRIP for short. (Presumably some wag through it was cute to refer right there in the title to watching our privacy drip away.)

The stated purpose is to "restore" the powers the judgment removed - only, David Cameron said in making the official announcement , "in a more proportionate way". The "emergency" is presumably that no one wants to risk that ISPs and other communications service providers might start deleting the data they already hold or refuse to collect more of it. And Parliament's about to disband for summer vacation. So, the argument goes, we must amend the law in haste, and it's all right, we won't be repenting at leisure because there's a sunset clause so the thing will expire in 2016 and we'll have plenty of time to debate it properly then.

As opposed to any time in the last two months, when they could have had more than a few days when everyone is distracted to scrutinize what by now is a very complex piece of legislation with many interlocking parts. The MP David Davis (Conservative, Haltemprice and Howden) said it was "a predictable emergency"; fellow MP Tom Watson (Labour, West Bromwich East) called it "a stitch-up".

An honest approach to this situation might look like this:

- The ECJ decision has invalidated the data retention laws passed to implement the EU Data Retention Directive in the UK.

- Here is what they said was wrong with the directive.

- Here is new legislation that addresses precisely those issues, along with an analysis explaining why and how it fixes the legal problems.

- Here is time for the public to submit responses and comments, plus time for MPs to scrutinize the legislation and ensure it does what it says on the tin.

They didn't do any of that. So what we're left with is a load of questions. How does this emergency legislation address the legal problems raised by the ECJ? How does it relate to the rules laid out in the Regulation of Investigatory Powers Act and the Anti-Terrorism, Crime, and Security Act? And what extras are lurking behind the mad rush to legislation?

If the government has nothing to hide, it has nothing to fear from . One would think.

As David Allen Green points out (registration required), a legislation process that ought to take a year is being squashed into seven (working) days. Green then sets out to investigate the question of what extras the government is trying to get through under the "emergency" tagline (as he notes, the government was warned as long ago as 2006, when the directive was passed, that portions of it seemed incompatible with the EU charter's fundamental human rights). Green, who is a lawyer (which I am not) calls the bill's amendments to RIPA "significant": the UK government wants to extend its interception rules to non-UK based services; it extends the RIPA definition of "telecommunications service"; and argues that this should be new legislation in its own right and is nothing like the "clarification" the government is saying it is.

If you want more scathing, at Privacy Surgeon Simon Davies calls this the "Uganda Road" and argues that the point of the extra-territoriality powers is to legalize GCHQ spying on overseas targets. Instead of being a breakthrough, he writes, "As far as the UK is concerned, [the ECJ] ruling merely provided free advice on how to make a mass surveillance infrastructure legally sustainable."

Remember, it's only a couple of weeks since Home Secretary Theresa May told us there is no surveillance infrastructure. This is the logical result: let's create one, in a hurry, before anyone looks too close.

We especially can't rely on the 2016 sunset clause to make things all right. Because, as Michael Hanlon says with respect to airport security in The Spectator, it's never in a politician's interest to weaken security rules. The 2016 sunset clause is, to mangle Bruce Schneier''s favorite phrase, politics theater. Come 2016, what we'll be hearing is that we don't dare let this legislation lapse because we would be taking away powers the security services and law enforcement really need. By then, as Time magazine has noted, our homes will be keeping tabs on us, and think how helpful *that* data could be, intelligencewise? It would be much better to force a halt now - or, failing that, to keep the legislation to its emergency knitting and jettison anything that doesn't specifically address the situation created by the judgment.

The Open Rights Group has suggestions for what to write to your MP.


Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.


July 4, 2014

Errata

This has been quite a week for privacy stories. The phone hacking trial finally concluded, imprisoning former News International editor and Downing Street spinmeister Andy Coulson and acquitting Rebekah Brooks. Although: a little of the shine may have been taken off the acquittal by the various comments about the incompetence of an editor who knew so little about what was going on in her newsroom. Tom Watson, MP (Labour, West Bromwich East,), one of the key reasons the trial took place at all, said it best when he commented that Brooks wasn't the editor I thought she was. Newer were Google's first fumblings at implementing the European Court of Justice decision in Google v. Spain and Facebook's incursion into oh-look-we've-got-a-billion-lab-rats.

To take Google first, it was predictable that the first attempts to implement the court's decision would be contentious and there would be errors. And so it's proved: stories are proliferating about news stories being removed from the index after complaints. It would be wise to be careful about rushing to judgment. The media have seized upon complaints; in the Guardian James Ball urges them to fight back and vastly overstates the removal of articles from Google's index as the "memory hole". Get a grip: the articles are still accessible at the original publisher's site. What's different is that they do not appear in response to searches on a particular person's name.

Everyone is assuming that the name in question must be that of the most famous/rich/powerful person n the article, but in at least some cases - such as Robert Peston's column, Merill's Mess - the person requesting removal was in fact an ordinary member of the public wishing for his own appearance in the comments to be banished. The original story is exactly the kind of public interest the court had in mind in trying to balance privacy and freedom of expression - both fundamental rights. Facts are a fine thing.

I think it's logical that Google, trying to make its first decisions about the 70,000 requests it says it's received since the judgment, might make errors. That doesn't obviate the need either for Google to implement a judicial decision it vehemently opposed or for all of us to find a suitable balance between these rights. The biggest danger is really that civil society will be split down the middle between privacy and freedom of expression, rendering both sides ineffectual.

But, oh, Facebook! For a week in early 2012 the service manipulated 700,000 users' newsfeeds to find out whether the positive or negative items they saw affected their emotions as displayed in their own status updates. We know this because the authors, who include Facebook data scientist Adam Kramer, published the results: a small "emotional contagion" effect in both positive and negative cases. Facebook's interest in emotional contagious makes business sense: they wanted to know whether seeing a lot of unhappiness would make people less inclined to visit Facebook (as if the interface weren't sufficient. Facebook has argued that the terms of service gave it permission; unfortunately, as Forbes reports, that clause was added only *after* the data had already been collected.

Two of the most interesting comments on the resulting controversy come from Ed Felten. In his posting on one he argues that the study violates users' privacy by creating knowledge about them that they themselves did not have. In the other he calls the contrasting responses to the news a culture clash between common standards for academic and corporate research. Felten believes -rightly, I think - that we will see many more similar clashes, partly because so much academic research is now funded by corporations seeking answers in their particular areas of interest. This is a fine example of Eli Pariser's filter bubble, in which you can never be sure how what you see on the Internet has been manipulated.

This is what the memory hole really looks like.

As for Facebook's handling of the incident...thanks to the detailed education afforded to me by the brilliant SorryWatch, Sheryl Sandberg's apology on behalf of Facebook is easy to parse.

From PR Week:

She said: "This was part of ongoing research companies do to test different products, and that was what it was; it was poorly communicated. And for that communication we apologise. We never meant to upset you."

If we assume that Sandberg was speaking in the normal fashion and using "you" to mean the people to whom she was directly speaking at the time, then the people she was apologizing to were the small businesses in New Delhi. And what she was apologizing to them for was not Facebook's using them personally, nor the rest of its billion-odd friends, as research subjects. No, she was apologizing for the way the news came out. This way logically lies continuing to perform and commission such research - but not allowing it to be published, as opposed to what I imagine most Facebook users want, which is not to be manipulated for prospective profit. I have no idea if the small businesses of New Delhi were upset by the journal publication or reassured by the apology

Note also the use of "companies", as in, "All the kids do this. Why are you picking on me?"

It is to ARGH.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.