Wednesday, December 31, 2008

New year, new database madness

"So now we arrive here, at the beginning of 2009, in database mayhem. Our electronic information is being gathered at ever increasing speed. It is being kept everywhere from Newcastle to Iowa. It is unregulated and it is unaccounted for. It is being taken from cars, left on train seats, lost in the post, stolen left, right and centre by internet hackers of every stripe, by women's magazines keen to make a point, by schoolboys. Twenty five million of us have had our details compromised so far. And the government's greed for our private information is still not being reined in…

"Whether it's the public or the private sector that handles this morally compromised, wholly unjustifiable, technically unsustainable data-gathering exercise hardly matters, despite the protestations of some sectors of the IT and communications industry. What really matters is that it is being done at all." —Christina Zaba

Former DPP attacks intercept plans

Former Director of Public Prosecutions Sir Ken Macdonald is a man after my own heart. Regarding government plans to build a massive database tracking everyone's communications, he tells today's Guardian:
"This database would be an unimaginable hell-house of personal private information. It would be a complete readout of every citizen's life in the most intimate and demeaning detail. No government of any colour is to be trusted with such a roadmap to our souls."

Monday, December 29, 2008

Public goods, or private favours?

Lawrence Lessig has recently announced his return to Harvard University as director of the Safra Center for Ethics, sadly removing himself from the running for chairman of the Obama administration Federal Communications Commission. A great shame, given his clarion call for FCC reform:
"America's economic future depends upon restarting an engine of innovation and technological growth. A first step is to remove the government from the mix as much as possible. This is the biggest problem with communication innovation around the world, as too many nations who should know better continue to preference legacy communication monopolies. It is a growing problem in our own country as well, as corporate America has come to believe that investments in influencing Washington pay more than investments in building a better mousetrap. That will only change when regulation is crafted as narrowly as possible. Only then can regulators serve the public good, instead of private protection. We need to kill a philosophy of regulation born with the 20th century, if we're to make possible a world of innovation in the 21st."

Despite their clear legislative mandate to leave well alone ("Please note that Ofcom does not regulate the internet"), the UK's communications regulator is increasingly stepping in to debates over net neutrality, P2P blocking and other contentious Internet policy issues. To avoid problems of regulatory capture and anti-consumer initiatives, perhaps they should listen more carefully to Prof. Lessig.

Generation Crime

"The failure of Prohibition taught social reformers something important about regulatory humility: Too often liberals and conservatives alike simply assume that a law will achieve what the law seeks to achieve. Too rarely do they work out just how. Humility teaches us to rein in the law where it is doing no good, if only to protect it where it does good or where it is necessary.

"Copyright law's extremism is not necessary. We can achieve the objectives of copyright law—compensating artists—without criminalizing a generation. We need to start doing that, now." —Lawrence Lessig

Saturday, December 27, 2008

Labour party: meet the Internet

You sometimes can only despair at the comments of ministers regarding the Internet. Today's head-in-hands moment comes from Culture Secretary Andy Burnham:

"Leaving your child for two hours completely unregulated on the internet is not something you can do. This isn’t about turning the clock back. The internet has been empowering and democratising in many ways but we haven’t yet got the stakes in the ground to help people navigate their way safely around … what can be a very, very complex and quite dangerous world… The change of administration is a big moment. We have got a real opportunity to make common cause. The more we seek international solutions to this stuff — the UK and the US working together — the more that an international norm will set an industry norm."

It is hard to know what is more alarming: Burnham's ignorance of the US constitution and the limits it places on governmental action; or of the US debates throughout the 1990s on regulating online speech in which the US courts came down decisively against Congressional and Presidential efforts to restrict "obscenity":
As the most participatory form of mass speech yet developed, the Internet deserves the highest protection from governmental intrusion—just as the strength of the Internet is chaos, so the strength of our liberty depends upon the chaos and cacophony of the unfettered speech the First Amendment protects.

Sorry to push my own work on this subject yet again; but why bother documenting the practical options open to governments if they make technology policy in the style of King Canute?

Thursday, December 25, 2008

The year of the database state

"I've always believed that the democratic state must be given power to act on behalf of us all but that is not the same as the state granting itself powers to know everything about us and to bully those who resist its invasive instincts. In 2004, the Courts and Tribunals Enforcement Act made it legal for the first time in 400 years for bailiffs to force entry into homes on a civil order and remove goods. Now we hear from the Justice Ministry that bailiffs may offer reasonable violence to force inside their own homes. That gives us an idea of how the government plans to enforce the £1,000 fines handed out to ID card refuseniks — ultimately by violence meted out by men who may be no better than nightclub bouncers." —Henry Porter

Tuesday, December 23, 2008

My Christmas message? There's probably no God

"It is embarrassing to be the only western democracy that has theocracy built into its legislature. The 26 bishops in the Lords interfere regularly: they are a threat on abortion, and their campaign sank the Joffe bill, giving the terminally ill the right to die in dignity. Of course they should not be there, when only 16% of people will grace the pews on Christmas Day, and Christian Research forecasts church attendance falling by 90%. But a dying faith clings hard to its inexplicable influence on public life." —Polly Toynbee

Monday, December 22, 2008

The vital war on religion

"Secularists in the west say to the apologists of the religions: your beliefs are your choice, so take your place in the queue. They also say: you've had it your own way for a very long time — and committed a lot of crimes in the process — and you still fancy yourself entitled, but you aren't. You don't smell too good at times, so don't try to tell me what I can read, see on TV, do in my private time, think or say. In fact, keep your sticky fingers off my life. Believe what you like but don't expect me to admire or excuse you because of it: rather the contrary, given the fairy-stories in question. And when you are a danger to the lives and liberties of others, which alas is too frequently the wont of your ilk, we will speak out against you as loudly, persistently, and uncompromisingly as we can." —A.C. Grayling

"In our judgment, the appeal succeeds. The council were not taking disciplinary action against Ms Ladele for holding her religious beliefs; they did so because she was refusing to carry out civil partnership ceremonies and this involved discrimination on grounds of sexual orientation. The council were entitled to take the view that they were not willing to connive in that practice by relieving Ms Ladele of these duties, notwithstanding that her refusal was the result of her strong and genuinely held Christian beliefs. The council were entitled to take the view that this would be inconsistent with their strong commitment to the principles of non-discrimination and would send the wrong message to staff and service users." Judgment in London Borough of Islington v Ladele [2008] UKEAT 0453_08_1912

Thursday, December 18, 2008

Yahoo! mocks Google Privacy Theatre

"Yes, Yahoo! is balancing as well. But the wounded web portal has gone significantly further than Google to protect its users from hacks, subpoenas, and, yes, national security letters. The rub is that Yahoo! handles about 20 per cent of US search traffic — and Google commands 70." —Cade Metz

Wednesday, December 17, 2008

Home Secretary doing best to attack our rights

Jacqui Smith
It is unsurprising to see that the home secretary's speech yesterday on "protecting rights" is full of evasions and half-truths. She switches from justifying surveillance powers to investigate terrorism and serious crime to discussing the needs of the TV Licensing Agency to catch "persistent offenders" (does Charles Moore know?) or for councils to evict "noisy neighbours." She waves shrouds about individual cases, when the evidence is that the bloating of our National DNA Database to a size far beyond anywhere else in the world has had little impact on crime. She continues the push towards the "modernisation" of interception, aka a £12bn centralised database containing details of everyone's communications and Internet activity.

Her rhetoric is unpleasant tabloid-baiting fantasy given the recent S and Marper decision of the European Court of Human Rights. Perhaps she has been taking lessons from the Secretary of State for Justice?

All this public waste is born of a macho bigness fixation

"Anyone inquiring after the £12bn NHS computer will know that this useless piece of equipment has nothing to do with efficiency or public benefit. It is merely the ultimate macho investment, a vast contract suitable for real men to play with, bespeaking big jobs for ex-officials and big freebies for ministers. The computer is to NHS bosses what ID cards are to the Home Office and aircraft carriers are to the MoD. They confer virility on ministers and managers alike, more so than equipping the poor bloody infantry on their respective frontlines. Gordon Brown at the weekend lauded the 'bravery' of dead marines in Afghanistan, ignoring the added bravery required because he's blown billions on jets, submarines and aircraft carriers rather than boring field armour." —Simon Jenkins

Tuesday, December 16, 2008

UK surveillance powers to be reviewed

I am delighted to see that the government is to review the use of surveillance powers by local councils. The Regulation of Investigatory Powers Act, passed in 2000 to combat terrorism and serious crime, has recently been used against dog fouling; the employment of paper boys without permits; families living outside school catchment areas; and the unlawful selling of potted plants.

Even better news is a Conservative party pledge to require approval from a magistrate before these powers are used. I do hope my book chapter on the regulation of communications surveillance had some influence on this (since we discussed it over the summer :)

Sunday, December 14, 2008

Global governance challenges

Oxford's James Martin 21st Century School has kindly asked me to contribute to their seminar series next term on Global Governance Challenges. My topic — Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Governance:

Decisions that will shape our information societies for decades are being made today — but not where you might expect. Rather than the White House or Silicon Valley, look to Fort Meade in Maryland and the World Intellectual Property Organization in Geneva for the source of policies that will have the biggest impact on global privacy, security and innovation. Which is to be master? Should — and could — citizens have a bigger say?

Hope to see some Blogzilla readers on 26 February at the Old India Institute!

A betrayal of democracy

"Michael Martin, the Speaker of the House of Commons, and his unlucky placewoman Jill Pay, the serjeant-at-arms, were prepared to let the police into the Commons. I don’t believe there was any conspiracy; both were just too ignorant to do their jobs properly and had too little real understanding of the point of parliamentary procedure.

"It may be snobbish, but it’s true. Neither is really qualified for the post by education or by experience. They both showed an unquestioning deference to the police. The rise of democracy was supposed to be the end of undue deference, yet here were the defenders of the people’s Commons touching their forelocks to the filth." —Minette Marrin

Friday, December 12, 2008

Cybercrime report bonanza

Lilian Edwards and I spent the summer months researching McAfee's annual Virtual Criminology Report. It was published earlier this week, with some nice media coverage. Cyberscams are multiplying; we made a number of recommendations for reversing this trend:
  1. Significantly more training and resourcing for cybercops, prosecutors and judges, alongside the mainstreaming of cyberevidence gathering and prosecution.
  2. Legal or co-regulatory incentives for Internet Service Providers to follow best practice in network design and operation — incentivising ISPs in turn to work both with other service providers and their customers to improve levels of security. ISPs should also be encouraged to work more closely with police as the gatekeepers of the Internet.
  3. Security breach disclosure requirements — we cannot expect a market in secure products and services to develop without the information needed to allow customers to quantify security levels. The new EU rules are a start but need widening beyond the telecoms sector and scrutinised to make sure they are not implemented in a token way, and to avoid customer ‘security fatigue.’
  4. In the US, there are stopgap measures on a state level for data breach notification. Dozens of states have passed different laws. A simple, straightforward data breach notification standard is needed to help companies respond uniformly and seamlessly, and to ensure citizens get the widest level of protection, regardless of which state they are from. In addition, enterprises that hold sensitive personal information should meet a common security standard so the possibility of a breach is reduced.
  5. Legal responsibility for both businesses and government agencies when customers suffer Internet-related security losses, except in cases of gross negligence by customers. Banks in particular must be given strong legal and commercial incentives to introduce more secure technology and better fraud detection systems, or they will inevitably cut margins on security as they struggle to ride out the credit crunch and economic downturn. Clear bank liability would reward banks that are taking security seriously, greatly reduce the problems customers have faced, and correspondingly increase online trust and convenience — vital for e-commerce and e-government to flourish in future.
  6. Continued consumer education through focused programmes. However, systems must be designed to make it difficult for users to make security mistakes — we cannot expect the average Internet user to become a security expert. Media literacy programmes for informed consumer choice are not enough to ensure users prioritise security over convenience or short term goals.
  7. Limited liability for software vendors when they are not following best security practice in their system design and operation. We cannot stop the flood of malware until operating systems and key applications, especially browsers and email clients, are significantly more secure.
  8. The use of government procurement power to demand significantly higher standards of security in software and services – incentivising security enhancements that will spill over to private users. Government information security agencies should follow the example of the US National Security Agency in working with software companies to significantly increase software security levels.

Thanks again to all of our colleagues that shared their ideas and comments with us for this research.

A number of interesting related studies have been published this year (thanks, Gohsuke!):

Securing Cyberspace for the 44th Presidency — the Center for Strategic and International Studies argues that President Obama should create a comprehensive national security strategy for cyberspace, echoing many of our own recommendations.

Financial Aspects of Network Security: Malware and Spam — the International Telecommunications Union develops a framework for assessing the financial impact of malware.

The OECD calls for a global partnership against malware, and a move from reactive responses to proactive threat reduction and mitigation.

The data sharing cockroaches

"A close look at the Coroners and Justice Bill, published with the Queen's Speech, will tell you that the government has been up to its old trick of using the cover of reform to push a surveillance agenda, in this case to 'remove barriers to effective data sharing to support improved public services and the fight against crime and terrorism' … Civil servants will be crawling through our personal information like an infestation of cockroaches that can never be exterminated." —Henry Porter

Will the young pick up the tab?

"Politicians find these questions of intergenerational conflict very difficult. They would prefer to evade them, especially when they involve large and politically active constituencies. That's why the government was slow to introduce even Adair Turner's relatively modest proposals; why it backed away from substantial reform of public sector pensions; and why it decided to make students pay for university, rather than impose a retrospective graduate tax on those who had already benefited. But we can't afford this kind of myopia. What's the right balance over our lifetime between working and dependence, and how should we balance the competing interests of generations at a time of chaos, cuts and profound change? We all have a profound interest in the answers." —Jenni Russell

Wednesday, December 10, 2008

Controlling the DNA database

"Technology can be a powerful force for human rights. Earth-observation satellites, for example, have provided evidence on conflicts and ethnic atrocities in areas where journalists are banned. And DNA fingerprinting has resulted in the freeing of wrongly convicted individuals, a role exemplified by the US Innocence Project in New York. The idea that the identity of a human can be revealed from samples of any cell in his or her body is a symbol of the fact that every person is unique. The declaration of human rights asks us to treasure and honour all these unique individuals with respect for their autonomy — not to simply look for better ways to barcode them." —Nature

"The point [the European Court of Human Rights] is making is that DNA carries information not just on yourself, but also on family relationships. So, it's an invasion of privacy and of family life. I totally agree. They also made the point that it stigmatizes branches of society. The innocent people are not a random cross-section of British society — they are strongly biased towards juveniles, towards ethnic minorities and so on." —Professor Sir Alec Jeffreys, inventor of DNA fingerprinting

Freedom is taking a battering under kneejerk New Labour

"In 1951 we were the first country to ratify the European Convention on Human Rights. British lawyers were leading authors of the convention. It was a natural expression of Britain's moral self-confidence in the postwar years, an assertion of the universal liberal values that had thwarted the threat of fascism and tyranny in Europe. Above all, it was a statement of the inalienable rights we all enjoy, to be free from unjustified state intrusion and abuse. A continent that had been drenched in the blood of militant collectivism had rediscovered the simple, liberal belief in the rights of individual citizens to a life unmolested by arbitrary government abuse." —Nick Clegg MP

The UDHR is 60!

"Instead of bemoaning the fact that the Universal Declaration of Human Rights era has not yet made enough of a difference, let us work to make it make more of a difference. The mistake is to be utopian rather than meliorist in one's ambitions for doing so. The utopian despairs if perfection proves unattainable, but the meliorist — he who seeks to make things better, incrementally, cumulatively, tirelessly — can take new hope from every success, however small: the political prisoner freed, the military junta replaced by democracy, the tyrant brought to book before a court. In the 60 years since the adoption of the UDHR these things have happened, and they have happened because of the new sentiment it introduced to the world: that is the beginning of something not just better, but good. Rome, as they say, was not built in a day."—A.C. Grayling

Monday, December 08, 2008

The Great Firewall of Britain

The censorship capability that BT and later other major ISPs have been building into the UK Internet has now hit the mainstream after the blocking of a Wikipedia page. Bizarrely, BT themselves seem not to be blocking the album cover at issue, leaving that to Virgin Media, Be Unlimited/O2/Telefonica, EasyNet/UK Online, PlusNet, Demon, and Opal.

There is much more information in a book chapter of mine that should be published any day now: Internet censorship — be careful what you ask for. You can also read about the opaque way in which the so-called Cleanfeed system came about in our report on self-regulation for the European Commission.

Before the government and these ISPs march us any further down this road, they might like to think about more effective mechanisms for removing child abuse images from the Internet, rather than strangling at birth the Internet's support for freedom of expression.

Saturday, December 06, 2008

The temptations of instant truth

"When publication was a clodhopping business and fact-gathering laborious, personal privacy was protected by a sort of de facto armour. We never had to confront an imagined world where anyone could find out anything about anyone and tell everyone within seconds.

"But today, not only have we the means to retrieve and transmit at breakneck speed the fruits of intrusions into privacy, but we're getting frighteningly clever at the intrusion too. Long-lens photography, easily trackable communications, instant mobile phone photography, the facility to record almost anything, anywhere, ease of storage of vast files of information… all this forces me to wonder whether in the past, when practical constraints clipped the wings of free speech, we could tell ourselves (in what we thought an argument of principle) that we recognised no limits to how far it should fly. We have not that luxury now." —Matthew Parris

Friday, December 05, 2008

What is privacy?

"Privacy is indeed a right. It is more: it is an essential. Private life, a margin of inviolability for our thoughts, feelings, intimacies, reflections, anxieties, our hopes and nascent plans, and our recoveries from the abrasions of life, are fundamentals of personal and psychological health. Even lovers must have their privacies from one another. It is a strange and shallow human existence that lives at every moment under the burning eye of the inquisitor – exactly what the church once wanted us to think was our predicament: existence before the never-closed eye of a jealous divinity, even when we are alone in the dark. It shows that the state, in wanting to attach so many electronic and bureaucratic monitors to its ordinary citizens, has given up on that other idea." —A.C. Grayling

Monday, December 01, 2008

Britain celebrates the UDHR

"How is Britain to mark the 60th anniversary of the Universal Declaration of Human Rights?

"With the continued development of £12bn plans to set up a vast data silo to store information on all phone calls, emails and internet connections? Another soviet style article from Jack Straw, which tells us how the inventory of freedoms has increased under Labour? Or the issue of ID cards to foreigners by a government that knows the public don't give a damn about the rights and privacy of foreigners?

"Somehow we always knew that Jacqui Smith would be at the centre of this important anniversary but you have to hand it to the government: nobody had predicted that human rights and freedom in Britain would be celebrated with the arrest and fingerprinting of an opposition MP by terror police, the search of his premises, hard drives and telephones, the taking of his DNA and the attempted intimidation of his wife, Alicia." —Henry Porter

The nanny state marches on

"The Government is caught between an instinctive paternalistic bossiness (smoking, binge-drinking, lack of exercise, ID cards and over-eating) and a laissez faire liberalism (24-hour drinking, flexible gaming laws, downgrading (then upgrading) cannabis and betting on Sundays). No wonder everyone is confused." —Philip Johnston

The limits of policing

It seems there is a silver lining to the shocking trampling of parliamentary democracy by the Metropolitan Police in their arrest of Damian Green MP and ransacking of his home and offices. Parliamentarians have finally discovered a limit to the authoritarian "nothing to hide" rhetoric of Blair and Brown. Blinking, they survey the several thousand new criminal offences they have created over the last decade; the vast new powers they have given the police; and the culture of fear Labour has stirred up as a blunt electoral wedge against the opposition. (As an aside, theories of cognitive development suggest that at around 11 years of age children should be able to imagine the consequences of events for others without direct personal experience.)

It will be interesting to see the details of this episode emerge over the next few days. How will the Speaker of the Commons explain the permission given to the police to enter Parliament? Did the police lie to the Serjeant at Arms? Were search warrants required? Did the Home Secretary authorise the interception of Damian Green's communications, in contravention of the Wilson doctrine?

As Jackie Ashley comments in today's Guardian: "all parties should take this opportunity to stand back and ask what kind of policing we want in this country. Yes, there is a terrorist threat which is both real and complex. Yes, it is right to look at police powers, as well as to support a larger and more sophisticated security service. But this does not mean we need to follow the US model, with local politics and local policing becoming synonymous, and the growth of an invasive, super-policing agency armed with extreme surveillance techniques, operating above the reach of mere MPs."