Wednesday, April 30, 2008

Involving citizens in assessing dilemmas of privacy and security

Since 2006 I've been involved with PRISE, an extremely interesting European project, which has been developing ethical guidelines for the European Commission's 7th Framework funding for new security research. In particular, PRISE has been developing baseline privacy requirements that should be considered by all new projects in this programme. This is a key way to shape the architectures of future technologies in the security field, rather than waiting to try to regulate the negative privacy consequences of such technologies after the fact.

Earlier this week in Vienna PRISE presented their conclusions at a conference, Towards Privacy Enhancing Security Technologies. They kindly asked me to give a keynote on "Involving citizens in assessing dilemmas of privacy and security" — and you can now read my slides.

Messages of cowardice and stupidity

"The moral and practical case for controlling a market that has defied suppression for a third of a century is overwhelming. Drugs such as cannabis, cocaine and heroin must somehow be distributed within the ambit of legal and medical regulation, as they were to an extent before 1971 and are slowly being elsewhere. Finding a means of doing this, given the scale of the illicit market, is a mighty challenge; but only cowardice places it beyond the capacity of Britain's politicians. All they can do is bleat out their pathetic 'messages'. Next week's will be one of abject surrender." —Simon Jenkins

Thursday, April 24, 2008

Options for and Effectiveness of Internet Self- and Co-Regulation

Last year I worked with a team of legal and policy colleagues to produce a report for the European Commission with the following objective:

"To support policy design and impact assessments by assessing the efficiency, effectiveness and sustainability of existing co- and self-regulatory regimes in the field of information society services and other digital content and applications. The study should identify the conditions in which co- or self-regulation (initiated or mediated by the EC) could best enable innovation in Europe while upholding safety, security and fundamental rights."


We undertook 21 case studies, including (in my case) the Internet Engineering Task Force and the London Action Plan on spam. The Commission has just published our final report.

Politics and privacy @ EIPSI

Speaking at EIPSI launch
Earlier this week I had the great honour to be asked to speak at the launch of TU/e's new security institute, EIPSI, alongside some of my favourite security researchers (such as Bruce Schneier and Whit Diffie). The event went very well thanks to all the efforts of the organisers, and attracted over 300 attendees.

You can see the slides from my presentation on Politics and Privacy Engineering, and hopefully video will be available soon.

Wednesday, April 23, 2008

Privacy Engineering

Over the last year I've been working with colleagues from government and industry on an introductory guide to engineering privacy-protective systems. You can now read the results of our efforts in the Cybersecurity Knowledge Transfer Network's Privacy Engineering Whitepaper:

A stronger legal and regulatory environment, high profile privacy failures, and increasing public concerns build the case for enterprises to take privacy seriously. For those new to the subject, this paper describes the harms that privacy failures can lead to, and the reasons why privacy issues must be addressed. Harm may happen to individuals, to organisations, or to society as a whole, and enterprises should address the effects on all of these when contemplating new information systems. Leadership is essential if concern for privacy is to be embedded throughout an organisation’s culture, processes and systems.

For those attempting to design privacy in to their systems, this paper provides guidance on the issues that must be addressed. The range of issues is broad, and we can only scratch the surface here. More work is needed to develop the detail, and we hope this paper will inspire that development. But the breadth and complexity of the issues also emphasises the need to develop skills and ethics within a profession of privacy practitioners.

Finally, this paper offers three clear conclusions about the nature of privacy issues, who is responsible, and how the threat of breaches can be vastly reduced by taking swift and appropriate measures.

Thursday, April 17, 2008

The New Perverted Reverse Value Theory of Copyright

William Patry"It is the decline in album sales that the industry’s own Value Recognition Strategy acknowledges is responsible the principal decline in the industry’s income, not file sharing and certainly not format shifting.

"What this means to me is not that consumers have captured value that belongs to the industry, but rather that consumers have long been deprived of the value of their money, and are finally beginning to get something close to the true value of the product being sold. It is that market reality that scares the you-know-what out of the MBG, and that forced it to turn to a consultant to come up with a theory to sell to government policy makers as an example of the sky is falling from yet another effort to blame consumers for the industry’s own shortcomings. The proposed solution by MBG is an attempt to obtain a government-mandated subsidy by consumers of an industry that is finally being forced to give consumers what they want. There is no value for policy makers in mandating such an undeserved subsidy. And, as a policy matter, the theory on which it is based, namely that every unauthorized use by consumers is the misappropriation of value properly owned by copyright owners, has no limit; it applies to book reviews, news stories, quotations, parodies, the first sale doctrine, and a limitless term of protection (note the connection between the value theory and the concurrent effort at term extension for sound recordings in the UK and Europe). Even Blackstone’s view of property as the sole, despotic dominion of the owner never reached this far." —Prof. William Patry, senior copyright counsel to Google and formerly copyright counsel to the U.S. House of Representatives Committee on the Judiciary (via ORG)

Wednesday, April 16, 2008

Universities and the Internet

"When you graduate from Harvard, you want to be able to tell people that you've done time at Harvard, not that you were socialized over the Internet in an ever-expanding digital learning culture. Where's the cachet? Where's the posh Harvard accent? Where's the varsity sweater? And where is your valuable network of fellow classmates?" —Bruce Sterling

Monday, April 14, 2008

Net Neutrality is a load of bollocks

Neil BerkettGlad to hear that Virgin Media's new CEO Neil Berkett is clear where he stands on the heated net neutrality debate (via ORG), telling the Royal Television Society magazine about plans to put BBC iPlayer traffic in a "bus lane" and that "this net neutrality thing is a load of bollocks."

UK regulator OFCOM has already told us they will be leaving the market to decide this issue. Chairman Lord Currie (in post until next August) said in 2006:

"It's as well it hasn't come over here, as it's a somewhat confused debate… [I] think it's a thoroughly bad idea not to charge for quality of service.

"I do see competition law as the answer to many of the issues."

It seems that iPlayer will be carrying more than just BBC programming in the near future.

Friday, April 11, 2008

Here's to the mob

"The mob is a much underrated political phenomenon. In London last weekend it reduced the Olympic torch parade to a Keystone Cops farrago. Then in Paris it extinguished the flame altogether, and in San Francisco it forced the proceedings to vanish into an early grave…

"The mob helped kill the poll tax, felled the Berlin Wall and brought Yeltsin to power in Russia. It toppled dictators in Serbia and Ukraine, and may yet do so in Kenya and Zimbabwe. A crowd running amok in the streets of a capital somehow outguns opinion polls and election victories in the minds of rulers. When those in palaces of power peer round their curtains and see the howling throng, their knees go weak and some primitive instinct communicates defeat." —Simon Jenkins

Rule of law must prevail over foreign threats

Lord Justice Moses
Lord Justice Moses has delivered a resounding judgment on the Serious Fraud Office's abandonment of their investigation into BAE Systems after threats from the Kingdom of Saudi Arabia:

"[T]he Government, contends that the Director was entitled to surrender to the threat. The law is powerless to resist the specific and, as it turns out, successful attempt by a foreign government to pervert the course of justice in the United Kingdom, by causing the investigation to be halted. The court must, so it is argued, accept that whilst the threats and their consequences are 'a matter of regret', they are a 'part of life'.

"So bleak a picture of the impotence of the law invites at least dismay, if not outrage."

As the wheels of justice continue to turn I expect to see several more such judgments in UK and European courts on the actions of Tony Blair's government. The Regulation of Investigatory Powers Act, for example, needs some urgent judicial scrutiny — just today, we see it being used by Poole borough council to spy on a family's movements and home life for three weeks to determine whether they lived in a specific school's catchment area.

Thursday, April 10, 2008

Blair, the constitutional sorceror's apprentice

"Blair was always a reluctant constitutional reformer. He acted as he did because he had to, not because he wanted to. He had to because the Thatcherite counter-revolutionaries had imposed intolerable strain on the structures they had inherited. The British state had been in disarray long before Thatcher crossed the threshold of No 10; the passionate elan with which she set about untaming capitalism unleashed a torrent of impatient individualism that threatened to sweep the house away. But because his heart was not in it, Blair's attempt to repair the damage did not succeed. Asymmetric devolution backfired. It did not satisfy the Scots or Welsh. Albeit very slowly and gradually, it merely led the English to rediscover their own nationality in the way the non-English peoples of the United Kingdom had started to do 30 years earlier. The Human Rights Act backfired, too. Because ministers would not accept the logic of their own statute, and persisted in forcing through legislation that violated the human rights they said they wanted to protect, it hastened the drain of legitimacy which it had been designed to halt.

"This bleak landscape is Brown's inheritance. I hope he realises how bleak it is, but, to put it at its mildest, the omens are mixed." —David Marquand

In ur tubes, Phorming ur adverts

There has been a great deal of online debate over the last month about Phorm and their technology to personalise adverts delivered to Internauts based on previous browsing behaviour. Some very large ISPs have signed up to trial the system, including BT, Virgin Media and TalkTalk.

The intercepting and profiling of browsing sessions by ISPs obviously has huge privacy implications — which Phorm has tried to address by designing in some privacy safeguards, and commissioning a Privacy Impact Assessment from 80/20 Thinking (founded by my colleague Simon Davies). NGOs including the Open Rights Group and FIPR remain concerned about Phorm's privacy implications and particularly its legality under the Data Protection Act and the Regulation of Investigatory Powers Act.

80/20 and Phorm have therefore organised a free Town Hall meeting next Tuesday in London where anyone interested can hear more about the technology and put questions to Simon Davies, Kent Ertugrul (Phorm's CEO), Marc Burgess (Phorm's VP Tech) and Dr Richard Clayton (FIPR). I've agreed to chair the event, which I hope will further unravel some of the knotty questions raised by these types of systems.

Saturday, April 05, 2008

Friday, April 04, 2008

Tories go open source

David CameronInteresting to hear from David Cameron MP (via ORG) that the Conservative party will be pushing for the use of open source methods in future IT procurements, putting an end to the IT mega-projects that have so often failed under the current government. He told a NESTA meeting:

"Never again could there be projects like Labour's hubristic NHS supercomputer…

"We want to see how open source methods can help overcome the massive problems in government IT programmes.

"The basic reason for these problems is Labour's addiction to the mainframe model — large, centralised systems for the management of information.

"From the NHS computer to the new Child Support Agency, they rely on 'closed' IT systems that reduce competitive pressures and lead to higher risks and higher costs.

"We will follow private sector best practice which is to introduce 'open standards' that enables IT contracts to be split up into modular components.

"We will create a level playing field for open source software in IT procurement and open up the procurement system to small and innovative companies."

Fascinating to see the Conservatives fitting these Internet issues into their current small-state, "post-bureaucratic age" campaigning agenda.

Wednesday, April 02, 2008

The legal torture team

"Mohammed al-Qahtani is among the first six detainees scheduled to go on trial for complicity in the 9/11 attacks; the Bush administration has announced that it will seek the death penalty. Last month, President Bush vetoed a bill that would have outlawed the use by the C.I.A. of the techniques set out in the Haynes Memo and used on al-Qahtani. Whatever he may have done, Mohammed al-Qahtani was entitled to the protections afforded by international law, including Geneva and the torture convention. His interrogation violated those conventions. There can be no doubt that he was treated cruelly and degraded, that the standards of Common Article 3 were violated, and that his treatment amounts to a war crime. If he suffered the degree of severe mental distress prohibited by the torture convention, then his treatment crosses the line into outright torture. These acts resulted from a policy decision made right at the top, not simply from ground-level requests in Guantánamo, and they were supported by legal advice from the president’s own circle." —Prof. Phillippe Sands

Tough? Brown looks more like an image-obsessed wimp

"Brown appears to hope that, if the Commons denies him more power, he will benefit from having meant to be tough while his enemies are the weak ones. To the credit of British politics, this is unlikely to work. Not the opposition, not the judiciary, not the police, not the press, not the opinion polls, not even normally somnolent Labour MPs, like seeing Britain portrayed in this way. They are ashamed at their country becoming the most watched, bugged, monitored and now interned free nation in Europe." —Simon Jenkins