Links

Ben Laurie blathering

6 Nov 2010

Radical Copyright Thinking … at the European Commission!

Filed under: Civil Liberties,Digital Rights,Open Data — Ben @ 12:27

I criticise policy makers a lot. So it’s really nice when they say something sensible – or even inspirational. The summary does not do this speech justice. It’s quite short, I suggest you read it.

“We must ensure that copyright serves as a building block, not a stumbling block – we need action to promote a legal digital Single Market in Europe” European Commission Vice President for the Digital Agenda Neelie Kroes said today at the prestigious Forum D’Avignon, on the subject of how digital technology represents an opportunity rather than a threat to culture. Kroes underlined the need to modernise the copyright system so that it helps rather than hinders artists within the EU’s Single Market. “My goal, in promoting cultural diversity and content adapted to the digital age, is for European creativity to be even stronger”, Kroes said. “Today our fragmented copyright system is ill-adapted to the real essence of art, which has no frontiers. Instead that system has ended up giving a more prominent role to intermediaries than to artists. It irritates the public, who often cannot access what artists want to offer and leaves a vacuum which is served by illegal content, depriving artists of their well-deserved remuneration. It may suit some vested interests to avoid a debate, or to frame the debate in moralistic terms that merely demonise millions of citizens. But that is not a sustainable approach. Time alone will not solve the problems that have emerged.

23 Jul 2008

Getting At Public Data

Filed under: Civil Liberties,Digital Rights — Ben @ 14:46

The government has quietly launched two quite fascinating initiatives. I have no idea why there wasn’t more fanfare. I was even at OpenTech, where one was announced, and I didn’t know!

Firstly, Show Us A Better Way

Ever been frustrated that you can’t find out something that ought to be easy to find? Ever been baffled by league tables or ‘performance indicators’? Do you think that better use of public information could improve health, education, justice or society at large?

The UK Government wants to hear your ideas for new products that could improve the way public information is communicated.

And 20 grand for the best ideas, too.

Secondly, The Public Sector Unlocking Service (Beta). I love that they put “Beta” in there. Tell them about crown copyright data some bureaucrat is hoarding, and they’ll read them the riot act. Awesome.

10 Jul 2008

ACTA, The Pirate Bay and BTNS

Doc Searls just pointed me at a couple of articles. The first is about ACTA.

ACTA, first unveiled after being leaked to the public via Wikileaks, has sometimes been lauded by its supporters as “The Pirate Bay-killer,” due to its measures to criminalize the facilitation of copyright infringement on the internet – text arguably written specifically to beat pirate BitTorrent trackers. The accord will place add internet copyright enforcement to international law and force national ISPs to respond to international information requests, and subjects iPods and other electronic devices to ex parte searches at international borders.

Obviously this is yet another thing we must resist. The Pirate Bay’s answer to this

IPETEE would first test whether the remote machine is supporting the crypto technology; once that’s confirmed it would then exchange encryption keys with the machine before transmitting your actual request and sending the video file your way. All data would automatically be unscrambled once it reaches your machine, so there would be no need for your media player or download manager to support any new encryption technologies. And if the remote machine didn’t know how to handle encryption, the whole transfer would fall back to an unencrypted connection.

is a great idea, but … its already been done by the IETF BTNS (Better-Than-Nothing Security) Working Group.

The WG has the following specific goals:

a) Develop an informational framework document to describe the motivation and goals for having security protocols that support anonymous keying of security associations in general, and IPsec and IKE in particular

Hmmm. I guess I should figure out how I switch this on. Anyone?

3 Jul 2008

ORG Report on E-counting

Filed under: Civil Liberties,Crypto,Digital Rights,Security — Ben @ 13:47

It seems like a long time since I spent a very long afternoon (and evening) observing the electronic count of the London Elections. Yesterday, the Open Rights Group released its report on the count. The verdict?

there is insufficient evidence available to allow independent observers to state reliably whether the results declared in the May 2008 elections for the Mayor of London and the London Assembly are an accurate representation of voters’ intentions.

There was lots of nice machinery and pretty screens to watch, but in my view three more things were needed to ensure confidence in the vote.

  • A display that showed (a random selection of) ballots and the corresponding vote recorded automatically.
  • No machines connected to the network that could not be observed.
  • A commitment to the vote (I mean this in the cryptographic sense) after which a manual recount of randomly selected ballot boxes.

The last point is technically tricky to do properly, but I think it could be achieved. For example, take the hash of each ballot box’s count, then form a Merkle tree from those. Publish the root of the tree as the commitment, then after the manual recount, show that the hashes of the (electronic) counts for those boxes (which you would have to reveal anyway to verify the recount) are consistent with the tree.

31 Mar 2008

More Bullshit from Phorm

Filed under: Anonymity/Privacy,Digital Rights,Security — Ben @ 14:54

Phorm continue to sob that us whining privacy advocates are misrepresenting their system

Phorm’s chairman and chief executive, Kent Ertugrul, said yesterday the firm was the victim of misinformation. “What is so strange about this is that if you were to put on a board what we do and what has been written about us and map the two, you would find there is very little correlation,” he said.

I’d be more than happy to compare what I’ve said to what their system actually does, only … when the Open Rights Group nominated me to be briefed by Phorm (in my capacity as both a director of ORG and a subject matter expert) they declined, on the basis that I work for a competitor, despite my assurance that I would not be acting for Google in any way, as is always the case when I do stuff for ORG. But, hey, trust is a one-way street, apparently, if you are Phorm – as one of the surveilled, I must trust them, but that’s no reason they should trust me, is it?

Strangely they were quite happy to brief two of my colleagues in detail, without any NDA – and my colleagues are planning to produce a full, public report of that briefing. With a bit of luck, they’ll have addressed all my concerns, but who knows? I wasn’t there to assist in that process.

Interestingly, they go on to say

“What we would like to do is issue a challenge to the privacy community to select some of their most technically savvy representatives and form an inspection committee. We would be delighted, on a recurring basis, to give those people the ability to spot inspect what it is we do.”

which rather emphasizes one of the core problems with their system: it requires everyone to trust that all this data they have gathered without consent is actually handled as they claim it is handled.

I do hope Phorm will be paying the going rate for this valuable service – but probably I won’t find out because I expect that, despite my obvious qualifications, I will be excluded from such a group. It wouldn’t do to have anyone too expert looking at their system, after all.

31 Dec 2007

Australian Doublespeak

Filed under: Civil Liberties,Digital Rights — Ben @ 15:39

Isn’t it amazing that politicians have so little respect for their electorate that they are quite willing to say things like this?

Telecommunications Minister Stephen Conroy says new measures are being put in place to provide greater protection to children from online pornography and violent websites.

“Labor makes no apologies to those that argue that any regulation of the internet is like going down the Chinese road,” he said.

“If people equate freedom of speech with watching child pornography, then the Rudd-Labor Government is going to disagree.”

I’m sure there’s no need to explain yet again why the Australian idea that they can filter the ‘net is doomed. But what does need some explaining, in my view, is why Conroy thinks he can get away with equating “protecting children from online pornography” and “watching child pornography”? Why have journalists become so passive that they will happily quote such nonsense without any inclination to do some actual analysis of the “news” they so mindlessly quote. It’s no wonder traditional media are in fear of the blogosphere.

19 Nov 2007

Happy Birthday: ORG Is Two!

Filed under: Digital Rights — Ben @ 12:22

It seems only yesterday that I sat with a group of starry-eyed activists and had the first board meeting of the nascent Open Rights Group. But I am reliably informed it was two whole years ago. In that time we’ve defied dead musicians, monitored elections and beaten up Auntie. Read all about it.

And once you have, GIVE US YOUR MONEY. ORG relies on the support of people like you – and not nearly enough of you are putting your hands in your pockets. We’re not asking for much, but without it, we can’t go on fighting your fight.

9 Nov 2007

Groklaw Interviews Becky Hogge on the BBC

Filed under: Digital Rights,Open Source — Ben @ 16:02

I’ve only recently started reading Groklaw, but it is fast becoming one of my favourite blogs. Today they have an interview with Becky Hogge, Executive Director of the Open Rights Group, on the BBC’s iPlayer and rights strategies.

She rightly distances herself from the folderol over BBC’s relationship with Microsoft and focusses on the bigger issues

Q: OK. Now, it was widely reported that the BBC signed a letter of intent with Microsoft which covered the iPlayer, DRM, and other cooperation. Have you seen the document? Is the document available? Do you know what it says?

Becky Hogge: I don’t know what it says, I haven’t seen it, and I don’t know if it’s available. Like I say, the Open Rights Group, we’re trying to move away from this Microsoft issue and look further into the future for the BBC. The BBC has got itself into a really sticky situation with iPlayer and with DRM, and I think it must be feeling bad at this point. What the Open Rights Group are trying to say here is that yes, these problems are real, a lot of our supporter base are using Linux operating systems and even though they’re paying their license fee, they’re unable to access iPlayer services. But we’d like to find solutions for the BBC, rather than more problems. And our big solution is that it needs to start reexamining the rights models. For the sake of public broadcast.

30 Oct 2007

BBC on the iPlayer

Filed under: Anonymity/Privacy,Digital Rights,Open Source — Ben @ 13:56

An interesting podcast with Ashley Highfield, Director Future Media & Technology.

We’re not doing enough [about open source] and it is something I want to turn up the heat on

Well, that’s a good start, but he then goes on to say

The problem at the moment, there is no open source DRM. It’s almost a contradiction in terms, if you have DRM how can you have it open source? Because open source people will be able to find out how it works and get round it.

Oh, dear. Because, of course, no-one will work out how the Microsoft DRM works, just like they haven’t worked out all the other DRMs out there. Not.

In any case, this entirely misses the point: there is no DRM on the broadcast signal, nor was there on old-fashioned video tapes. Why are downloads different? Why is it not sufficient to rely on the law, as has always happened in the past? Why not assume that your users are mostly honest rather than treat them like criminals?

Clearly there’s a vast amount of money to be made by selling “DRM” solutions to gullible old media companies. It is sad that the BBC, who don’t even have to protect their profits, do not have the collective brains to see through this scam.

Perhaps there is light at the end of the tunnel?

Where do we go from here? … The solution then is to say either we look at a future beyond DRM or we’re going to find it very hard to put our content onto open source solutions.

But he is just teasing – they don’t actually look at this future, so I guess their choice is to not put their content onto open source solutions!

On eating your bandwidth

We do make people aware of it

so that’s alright then. He goes on to say

We’ve also got to … work better with the ISPs to ensure that they don’t throttle … iPlayer type content

I think he needs to add Parliament to his list of people to work better with, after the recent lunacy from Lord Triesman
.

They go on to try to justify the use of DRM in terms of maintaining contact with their audience and their responsibility for the quality of the broadcasts – others could, it seems, put out crappy versions of their free stuff. But hold on, why would anyone download the crappy version when you could have the good version for free from the BBC? Not explained, I suppose it must be obvious.

But it’ll all be alright in the future broadcasting panopticon, when omniscient and omnipotent Auntie can rule, godlike, over all use of “their” content.

Once we get to that stage, where the content, wherever it goes, can have all the rules associated with how it should behave, and once its able to tell us who’s viewing it, where they’re viewing it … then it doesn’t really matter where the content goes

Oh goody! So if I lie back and allow total privacy rape, then kind, generous Auntie will consider relaxing DRM.

10 Jul 2007

Technical Safeguards: 1 Parenting: 0

Filed under: Digital Rights,Rants — Ben @ 11:23

As we all know, removing access to all undesirable content on the Internet without also removing access to some perfectly innocent (or even crucially helpful) content is impossible. And that’s even before you start worrying about what is meant by “undesirable” and who should decide.

None of this deters our fearless representatives in government, as this exchange shows:

Brian Iddon (Bolton South East, Labour) | Hansard source

May I draw my right hon. Friend’s attention to a substantial piece of work that Zentek Forensics in my constituency carried out? It showed that it is ever so easy to google one’s way around the firewalls that prevent children from accessing some very undesirable material. That is happening in schools, libraries and children’s bedrooms in the evenings at home. Will my right hon. Friend look at the providers of commercial filters and try to get them to strengthen their firewalls?

Photo of Jacqui Smith Jacqui Smith (Home Secretary) | Hansard source

I am happy to look at anything we can do to protect children from some of the dangers of the internet. I recognise, of course, that the internet plays an important role in the lives of children and young people—at their schools, in their social lives and in their ability to research. However, it is clearly unacceptable if we cannot put the technical safeguards in place. We have been considering how we can, for example, kitemark some of the products that are involved in filtering and monitoring software. Perhaps, as part of that activity, the company to which my hon. Friend referred could make some progress. However, we take the issue extremely seriously.

Ah, yes, it is “clearly unacceptable” to give children unfettered access to the ‘net. Heaven forfend that parents should actually have to educate them, provide them with any kind of moral compass or, indeed, indulge in parenting. A kitemark will solve all our problems.

20 Jun 2007

I Can Haz Votez?

Filed under: Civil Liberties,Digital Rights — Ben @ 10:47

The Open Rights Group released its report on e-counting and e-voting in the recent elections. Executive summary: it didn’t work very well.

Incidentally, ORG is looking for board members, as some of the incumbents (e.g. me) are moving over to the Advisory Board. The deadline is June 22nd.

28 Mar 2007

Dilemmas of Privacy and Surveillance

The Royal Academy of Engineering has published an almost sensible paper on privacy and surveillance. They get off to a good start

There is a challenge to engineers to design products and services which can be enjoyed whilst
their users’ privacy is protected. Just as security features have been incorporated into car design, privacy protecting
features should be incorporated into the design of products and services that rely on divulging personal information.

but then wander off into cuckooland

sensitive personal information stored electronically could potentially be protected from theft or misuse by using digital
rights management technology.

Obviously this is even more loony than trying to protect music with DRM. Another example

Another issue is whether people would wish others to have privacy in this arena – for example, the concern might arise
that anonymous digital cash was used by money launderers or terrorists seeking to hide their identity. Thus this
technology represents another dilemma – should anonymous payment be allowed for those who wish to protect their
privacy, or should it be strictly limited so that it is not available to criminals?

Riiight – because we have these infallible methods for figuring out who is a criminal.

Also, as usual, no mention whatever of zero-knowledge or selective disclosure proofs. But even so, better than most of the policy papers out there. Perhaps next time they might consider consulting engineers with relevant knowledge?

(via ORG)

1 Mar 2007

Government Consultation on Information Assurance

The government is running a consultation on its e–Government framework for Information Assurance. The thing I find most disappointing about it is the complete inability to see beyond identification as a means of access control. I believe it was at PET 2005 that someone claimed that an analysis of citizens’ interactions with government in Australia showed that in over 90% of cases there was no need for the individual to be identified – all that was needed was a proof of entitilement. This can be achieved quite easily even using the kind of conventional cryptography the framework advocates, though this will still allow a citizen’s interactions to be linked with each other – which we all know is not desirable. Even better to use zero knowledge or selective disclosure proofs, as discussed ad nauseam in this blog. Yet, despite this, there is not a single mention of any access control method other than complete identification.
If you do nothing else, I encourage you to make this point in any submission you make.

6 Feb 2007

The Tories Hate ID Cards

They don’t work, they cost an arm and a leg, and they create a surveillance state. In short.

5 Jan 2007

WikiLeaks

Filed under: Civil Liberties,Digital Rights — Ben @ 7:10

I suspect WikiLeaks is going to be all over the web tomorrow, if it isn’t already.

WikiLeaks is developing an uncensorable version of WikiPedia for untraceable mass document leaking and analysis … We aim for maximum political impact; this means our interface is identical to Wikipedia and usable by non-technical people. We have received over 1.1 million documents so far.

Google it!

Of course, the naysayers say it might be used for evil, and so it shouldn’t exist. The naysayers need to think about the terribly negative social impact of other tools that might be used for evil, like the pencil.

4 Jan 2007

The Shape Of Things To Come

Filed under: Civil Liberties,Digital Rights,Security — Ben @ 15:42

Business Week has an article about the consequences of “medical identity theft”

When Weaver was hospitalized a year later for a hysterectomy, she realized the amputee’s medical info was now mixed in with her own after a nurse reviewed her chart and said, “I see you have diabetes.” (She doesn’t.) With medical data expected to begin flowing more freely among health-care providers, Weaver now frets that if she is ever rushed to a hospital, she could receive improper care—a transfusion with the wrong type of blood, for instance, or a medicine to which she’s allergic. “I now live in fear that if something ever happened to me, I could get the wrong kind of medical treatment,” she says.

So, one of the things NHS Spine enthusiasts keep trying to sell us is how access to all this information will benefit us. Unless its someone else’s information, that is, in which case it might kill us instead. Until the Spine gives me a way to control the information it holds, I won’t be able to trust it.

3 Jan 2007

EU Video Madness II

Filed under: Civil Liberties,Digital Rights — Ben @ 18:18

I wrote recently about the EU claiming Linux video was illegal. When I wrote that, I also asked them why they thought that. Apparently it was a statement made in error, so they have revised the FAQ.

On which platforms can I view the live streaming media service of the Council of the European Union?
The live streaming media service of the Council of the European Union can be viewed on Microsoft Windows and Macintosh platforms.

OK, so now its not illegal, what possible reason could they have for not supporting free software? I’ve asked.

2 Jan 2007

Soley on Data Spine Opt-out

Filed under: Civil Liberties,Digital Rights,Rants — Ben @ 15:35

My ex-MP, Clive Soley, has a blog. In it, he displays his usual grasp of the important issues

Fine Dan. You opt out of the NHS system as is your proper right but don’t blame me if in an emergency you don’t get the right treatment quickly enough because they have to ask permission to get your record when your unconscious!

Anyone who has looked into this even a little bit knows perfectly well that A&E aren’t interested in your medical history, apart from any that’s drastic enough to make you carry a warning about your person. For which, of course, a central database is totally not required. Incidentally, I wrote to my GP asking her to opt me and my immediate family, which she did without any fuss (see “Big Brother Knows Best“).
In the same post, amazingly

DNA. Any state system of collecting information is always a balance between the usefulness of the information to the individual (see above) and to society and those aspects have to be set against any dangers to overall freedom. As I have already said collection of DNA seems to me to be fairly easily justified.

The advantages are :

1. A very useful way of avoiding some of the wrongful convictions we have seen in the past:

2. A strong deterrent for crimes of extreme violence especially rape and murder:

3. A way of increasing the speed at which an offender can be caught – think how many murders and rape cases in the past could have been cleared up quickly before further offences could be committed.

Funnily enough, there’s no corresponding list of disadvantages.

It reminds me of the one time I interacted with him as my MP. I wrote to him about trespass, which was, at the time, to be criminalised. His response? “Law-abiding citizens have nothing to fear”. Apart, that is, from the ones that were law-abiding yesterday and are criminals today. He also went on to respond to a number of points I had not raised, presumably because I was being fobbed off with a form letter for a campaign that was running at the time.

29 Dec 2006

House of Cards

Filed under: Digital Rights,Open Source,Security — Ben @ 12:29

My friend Peter Gutmann has written a rather splendid paper drily entitled “A Cost Analysis of Windows Vista Content Protection“. What its really about is the increasingly baroque contortions Microsoft and others are having to indulge in to support the fantasy that DRM is actually possible.

The documentation is peppered with sentences like:

“It is recommended that a graphics manufacturer go beyond the strict letter of the specification and provide additional content-protection features, because this demonstrates their strong intent to protect premium content”.

This is an exceedingly strange way to write technical specifications, but is dictated by the fact that what the spec is trying to achieve is fundamentally impossible.

The bad news, though, is the despite its impossibility, hardware manufacturers are going to have to jump through expensive hoops, which we, the consumers, will be paying for. It will be impossible to avoid these extra costs, too, since uncertified hardware just won’t work. And all this so Microsoft can continue to feed the media industry’s fantasy that they can somehow prevent “illegal copying. Peter optimistically thinks this is going to kill Microsoft. Possibly so, but I predict death throes that drag on for years, if not decades.

15 Dec 2006

Democracy Inaction

Filed under: Digital Rights,Rants — Ben @ 11:46

Two weeks ago, I wrote to my MP, Andrew Slaughter, using the most excellent WriteToThem. Today, WriteToThem asks me to confirm whether he has responded, which he has not, putting me amongst the majority of his constituents. According to TheyWorkForYou (hah! I wish!) he only condescends to reply to 35-44% within 2-3 weeks. TheyWorkForYou has other interesting statistics – interesting if you want to understand what a complete waste of space your MP is, that is. For example, he has never voted against his party (this statistic originates from yet another great site, The Public Whip).

Anyway, the point of this post is not so much to moan about my MP but to point out that if you (unlike my MP) want to get more involved in democracy in the UK there are some fantastic sites out there to help you. And guess what? Not a single one is run by the government, and they are all free.

Next Page »

Powered by WordPress