Monday, August 31, 2009

All in the public interest?

"The 1998 Data Protection Act would allow access to some confidential databases if the journalist were acting in the public interest. However, the public interest is not obvious in the work summaries that [private investigator Steve] Whittamore listed on his weekly pay claims: 'Bonking headmaster, Lonely heart, Dirty vicar, Street stars split, Miss World bonks sailor, Dodgy landlord, Judge affair, Royal maid, Witchdoctor, Footballer, TV love child, Junkie flunkie, Orgy boss, BBC gardening blunder, Hurley and Grant, EastEnders star…'" —Nick Davies

Saturday, August 29, 2009

The Murdochs and the media

In this long, self-serving rant from Rupert Murdoch's son and anointed heir at News International, there is some sense struggling to get out:
Rather than concentrating on areas where the market is not delivering, the BBC seeks to compete head-on for audiences with commercial providers to dampen opposition to a compulsory licence fee. The corporation is incapable of distinguishing between what is good for it, and what is good for the country.

Yet bizarrely, James Murdoch spends the rest of the article attacking the one part of the BBC's output — its news and current affairs programming — where the strongest case can be made for limited state intervention. A carefully circumscribed and robustly impartial BBC news channel would certainly do more for the UK's democracy and soft power than a toxic Fox News UK.

Perhaps the government can do a deal with the Messrs Murdoch: a BBC without the soap operas, movies and sports that are amply provided by the market, and a less interventionist Ofcom, in exchange for much more robust enforcement of competition law and a limit of one national media outlet per beneficial owner. That would have the side benefit of saving us the nauseating spectacle of the leaders of both main parties flying around the world to pay obeisance to Murdoch Snr.

Thursday, August 27, 2009

Facebook to fix application privacy problem

It's always good to see problems you've highlighted in your research fixed, even if it does take several years:
Facebook has agreed to retrofit its application platform in a way that will prevent any application from accessing information until it obtains express consent for each category of personal information it wishes to access. Under this new permissions model, users adding an application will be advised that the application wants access to specific categories of information. The user will be able to control which categories of information an application is permitted to access. There will also be a link to a statement by the developer to explain how it will use the data.

This change will require significant technological changes. Developers using the platform will also need to adapt their applications and Facebook expects the entire process to take one year to implement.

Now the privacy commissioners are taking action, perhaps their competition law counterparts can take a look at our more recent work!

Summer bliss

For only the second time in five years…

Wednesday, August 26, 2009

Take 3 strikes into the shower?

"The creative industries are noisy and well organised, but they are minnows compared with our networking and computing industries. Government’s role is to strike a balance between the needs of rights holders on the one hand and society’s need for fast, efficient and lightly regulated networking on the other. That’s difficult to do and it will take time to work out, which is why Lord Carter set aside three years for the job. It’s not something that should be rushed on the basis of a dinner conversation in Corfu." —Prof John Naughton

Friday, August 21, 2009

Encryption ain't easy

Encrypting data is an elementary mechanism to protect it from unauthorised access. It would have trivially prevented the UK's biggest data breach to date, and many others, and is now mandated across UK government systems. But why do some software companies continue to make it so *&^$&^% awkward? Apple, I'm looking at you…

FileVault, which encrypts your home directory under Mac OS, has caused me real difficulties on my MacBook, where it has corrupted my files on several occasions (once even requiring a complete reinstall). Now that I've got Apple's Time Capsule remote backup system, it will only backup FileVault partitions when you logout (usually just as I want to switch off the power). It also breaks Time Machine's selective restore function. Why is it so badly designed? It's hardly surprising that many users just give up and leave data vulnerable to thievery.

PS It also breaks Sophos Anti-Virus, but that is probably more Sophos's fault.

Wednesday, August 12, 2009

Fixing the DNA database

The Home Office consultation on the future of the UK's National DNA Database has just closed. You may recall that the indefinite retention of DNA from all those arrested was found last December by the European Court of Human Rights to be a "disproportionate interference" with privacy that "cannot be regarded as necessary in a democratic society." I wrote a consultation response with some FIPR colleagues that suggested that:
On the key issue — retention of profiles from unconvicted individuals — the proposals are an entirely inadequate response to the judgement. By retaining profiles of unconvicted individuals for 6 or 12 years, they would leave England, Wales and Northern Ireland greatly out of step with the vast majority of other Council of Europe members. The Court noted approvingly that Scotland retains profiles only of those suspected of violent or sexual offences, for a period of 3-5 years, and that "the strong consensus existing among the Contracting States in this respect is of considerable importance and narrows the margin of appreciation left to the respondent State." The proposals would continue to treat innocent individuals as suspects by retaining their DNA profile for much longer than those, for example, who voluntarily provide samples to rule themselves out of enquiries.

We have suggested that the Home Office should therefore plan a further consultation around primary legislation that more carefully considers the impact of retaining profiles of innocent individuals on both crime and human rights. It seems there is little alternative given that a legal opinion for the Equality and Human Rights Commission found that the existing plans would still be in breach of the Convention.

Sunday, August 09, 2009

Tories and Google Health

More on the Conservative plans for medical records:
Individuals would share their notes with private hospitals and patient support groups, under the plans which would also involve the scrapping of the centralised database system currently being introduced in the health service, which has been dogged by problems and delays.

Under the Conservative scheme, patients would be able to annotate their official records, alerting family doctors and hospitals to side-effects they had suffered as a result of taking medication, or medical symptoms which had gone undetected.

The Tories will consult on more radical measures such as whether patients should be given the right to "edit" their own records, deleting information with which they disagreed. In such instances, NHS doctors might still be given access to the unedited version, it suggests.

The Tories need to be careful that they don't simply replace an inefficient, blundering, expensive public monopoly NHS database with a much more efficient private monopoly system that could be even more dangerous for patient privacy.

Saturday, August 01, 2009

The development of the surveillance state

Adam Serwer has some interesting background on the development of the US surveillance state:
The roots of excesses in law enforcement and incarceration … have almost the same impetus as those that created our modern surveillance state: fear of the other. Nixon's 1968 campaign was implicitly premised in large part on his ability to protect the silent majority from black criminality and radicalism, just like Bush's imperial presidency was meant to protect us from scary Muslim terrorists. It's only now, that fully 1 in 31 Americans is in prison, on probation or parole, that the public is beginning to recognize the problem, because the police state has gone beyond its mandate to protect "us" from "them." It's now locking "us" up too. The surveillance state will likewise only be met with sufficient skepticism once people realize it can be turned on "us" as well as "them."

The new Information Commissioner, Christopher Graham, makes a related point in his response to the Home Office's "Intercept Modernisation Programme" consultation: that Internet surveillance should be targeted at individuals already suspected of illegal activities, not blanketed across the entire population:
The consultation does not appear to have fully investigated other options that may exist between the two extremes of a single, centralised Government database of all communications data and doing nothing. The ICO response presents several other options that need to be properly considered and open to public debate and comment. Full consideration of all available solutions is essential to ensuring that the final decision as to which option is selected fully considers the proportionality and necessity of that solution against other possible solutions.

Of course, there should be ex ante judicial scrutiny of allegations of suspicion rather than the UK's feeble political warrantry regime.