Saturday, July 15, 2006
IMPORTANT MESSAGE FROM ACTION ON RIGHTS FOR CHILDREN (ARCH)
In 2004 many people responded to ARCH’s appeal for funds to mount a legal challenge to Government regulations that would enable the establishment of a children’s database under s12 of the Children Act 2004. At that time, the Government intended to press ahead quickly with the implementation of the Children’s Index.
Since the Act was passed, we have worked extremely hard to prevent the establishment of the Children’s Index, and full regulations have not yet been brought forward. Pilot projects are now under way in 12 local authorities, and the Minister for Children has indicated that a public consultation will be held over the summer, prior to placing regulations before Parliament, probably in the autumn.
The Government has shifted from its original plans for the Children’s Index, in particular dropping the idea of ‘flags of concern’, and issuing guidance to local authorities that consent should normally be sought before information is shared about children unless they are at risk of harm, which is the existing position.
Although the potential threat that the Children’s Index, and the entire network of databases, poses to children and their families remains acute, the fact that it will now be up to each local authority to develop an information-sharing protocol creates an entirely different focus for our concern. Whether or not a legal challenge to the regulations governing the Index is successful - and that possibility has now decreased substantially - local authorities are likely to develop local indices; indeed, some have already begun doing so. We have therefore decided that we need to change our strategy to monitor the situation closely at local level in order to challenge potential data protection and human rights breaches as they arise.
Given that the Government’s original intention was to go ahead within months of the passage of the Children Act 2004, the time that we have gained to raise public understanding of the Index (and other database plans) has been invaluable, and we have now been offered a major opportunity in the form of a TV documentary and a series of linked media and political activities.
This opportunity will enable us to exert substantial pressure before any regulations are placed before Parliament, which is infinitely preferable to legal action taken after the event and is far more likely to influence local authority policy. We cannot give the precise details at the moment because that could jeopardise the entire project, but will do so as soon as possible. We hope that, in the meantime, our actions so far will reassure you of our judgment, integrity and commitment.
The opportunity available has considerable cost implications. We must apply all of our available funds to it, and raise more money. We believe that it is the strongest chance we have yet had of preventing introduction of the Index while simultaneously focussing public attention on local authorities, and it would be entirely wrong to let it pass.
If you have donated towards the legal fund and believe that court action is the only strategy that you could support, you may of course reclaim your donation. If you wish to do this, please write to us at the address below, giving your name and the amount that you have donated. We will then amend our records and refund your donation. Please send an SAE if you can because currently the bulk of our quite considerable expenses comes out of volunteers’ own pockets.
We would appreciate it if any claims were made as quickly as possible so that we can be sure that we have the funds that are essential if we are to continue campaigning on children’s databases.
If, on the other hand, you would like to support us during what will undoubtedly be a crucial and challenging period, we should be extremely grateful. Please send cheques to the address below, donate via our website: http://www.arch-ed.org/donate.htm or contact us at Archrights@arch-ed.org for our bank details.
We hope that those who have supported us believe that their confidence in us so far has been justified. We will continue to do our utmost against the Children’s Index, the growing challenge of children’s databases and the expansion of child surveillance.
62 Wallwood Road
LONDON E11 1AZ
Friday, July 14, 2006
"created a fully consolidated and hyperlinked version of the UK Patents Act and Rules. I have done this because I found it annoying and confusing the way the Act and Rules are highly intertwined but don't often actually refer to each other correctly. Also, the UK Patent Office has not chosen to go the way the EPO has with the European Patent Convention and make a properly linked version available online, but only a pdf consolidated version (useful though this is, what with all the recent changes).
Anyway, you or your colleagues may find it useful. It also may be useful for other IPKat readers, so if you want to publicise this I would be glad to distibute copies to anyone interested, and provide updates as time goes on. My hope is that it will turn into a more collaborative effort, and become even more useful".
Also via IPKat yesterday, UNESCO have issued a report (1.2M pdf) on WIPO's proposed broadcasting treaty which concludes:
"the Draft Treaty may undermine the balance between the economic interests of broadcasting and cablecasting organizations and freedom of expression values.
"A number of technologies are available that can be used to better connect the right people with the right information and at the same time these technologies can help enforce policy and enhance public trust.
In this report the Markle Task Force has highlighted technologies that will improve information sharing and enhance security, while facilitating greater accountability and higher levels of privacy protections...
For example, (on page 59) we call for the use of electronic directory services to enable organizations to locate relevant content in the enterprise; much in the same way one uses the card catalog at the library, as opposed to roaming the halls to find the book.
The Task Force has never called for the wholesale transfer of data between systems or agencies; rather, we have called for leaving the data with the original holder. The electronic directory services approach enables information to be discovered while avoiding large party-to-party data dumps.
This approach simply enables users to discover who has information specifically relevant to their case. Holders of the information can then grant access, based on policy, to each information request. This approach to discoverability delivers on the "need to share" goal by first answering the question "share what with who?"
Further (On page 63,) we encourage the use of data anonymization before transfer between systems wherever possible. While this reduces the risk of unintended disclosure of any transferred information being later stolen and repurposed, it also enhances overall privacy, as personally identifiable information is no longer being exchanged in a human readable form.
Notable, we prefer anonymization over encryption (when possible), the difference being encrypted data can be decrypted, whereas anonymized data can only be practically unlocked by requesting the human readable record from the original data holder. Again, information transfer is minimized.
(On page 70,) The Task Force also calls for the use of Immutable Audit Logs. This type of technology is intended to permanently record, in a tamper resistant manner, how users have used a system. Even corrupt database administrators cannot alter history.
Immutable logs can increase security, build trust among users, measure compliance with policies and guidelines, and improve transparency and the ability to conduct oversight by appropriate stakeholders.
We have repeatedly stressed in our reports that technologies and polices must be developed together. By designing systems and employing technologies with features that support and enforce policy, information sharing environment designers can help foster trust that automated systems and their users are conforming to governing laws, rules, and guidelines.
All this being said, the Task Force recognizes that technology, alone, cannot ensure that the information sharing environment is effective, secure or protective of privacy and civil liberties."
Brilliantly stated basic common sense which is sadly all too uncommon amongst policymakers when dealing with technology. C.P. Snow was right "some of the most important choices about a nation's physical health are made, or not made, by a handful of men in secret, and again in legal form, by men who normally are not able to comprehend the arguments in depth."
Now this is a great idea. MCM, a writer and producer and programmer and sometimes artist from Victoria, BC, Canada, has written a kids book about digital rights management, in response to the entertainment industry's efforts to educate kids about copyright. The book is called The Pig and the Box (1.6M pdf) and is available under a creative commons licence. MCM says:
"The Pig and the Box is about a pig who finds a magic box that can replicate anything you put into it. The pig becomes so protective of it, and so suspicious of anyone that wants to use it, that he makes people take their copied items home in special buckets that act as... well, they're basically DRM. It's like a fable, except the moral of the story is very modern in tone.
I made the book after hearing how the entertainment industry in Canada is keen on teaching young kids about how to "respect" copyright. That was a bit heavy-handed, I thought, and otherwise despicable. Preying on small kids, brainwashing them so they believe what you're doing is honourable and good... Feh. So I wrote this book partly as a response to that venture, to counter-act the confused ideals that young'ns are being exposed to these days. Also, I wanted to write potty humour."
"If approved by Congress, the deal would put the court, the Foreign Intelligence Surveillance Court, in the unusual position of deciding whether the wiretapping program is a legitimate use of the president’s power to fight terrorism...
The Bush administration had argued since the program’s disclosure last December that no Congressional or judicial oversight was needed because the surveillance fell within the president’s constitutional authority.
Some critics of the program saw the White House’s reversal on that issue as a significant concession. But Representative Heather A. Wilson, Republican of New Mexico, who leads the intelligence subcommittee that oversees the National Security Agency, said Thursday in an interview that she found the idea of the court ruling on the legality of the entire program “a little odd.”
“That to me is not what the FISA court is set up to do,” she said. “The judges approve warrants — they’re not there to rule on matters of constitutionality.”"
Update: Jack Balkin and Marty Lederman have some strong words about the deal. Balkin says it's a sham and Lederman calls it a monstrosity.
"Although the one-time judicial review provision is worrisome, it is by no means the most troubling thing about this bill. Specter's proposed legislation, if passed in its present form, would give President Bush everything he wants. And then some. At first glance, Specter's bill looks like a moderate and wise compromise that expands the President's authority to engage in electronic surveillance under a variety of Congressional and judicial oversight procedures. But read more closely, it actually turns out to be a virtual blank check to the Executive, because under section 801 of the bill the President can route around every single one of them. Thus, all of the elegant machinery of the bill's oversight provisions is, I regret to report, a complete and total sham. Once the President obtains the powers listed in section 801, the rest of the bill is pretty much irrelevant. He will be free of Congressional oversight forever."
Thursday, July 13, 2006
It was a disappointing end to the tournament, which is why I haven't commented on it until now. But since I've just been writing about the importance of perspective to decision making processes...
Update: I've taken down the video of Materazzi walking into the lampost, as the folks at the Register prefer that you view it on their site.
"The long tail, Anderson writes, reflects new technology that can “tap the distributed intelligence of millions of consumers to match people with the stuff that suits them best.”
Intelligence? That’s market orthodoxy with a techno-futurist spin. Everything we do as consumers is a "market choice", and therefore by definition intelligent and good. There’s another possibility, which is that the market can be as dumb as we humans who comprise it; and therefore technology that provides greater range for market selections also provides greater range for this dumbness as well.
That stupidity includes the capacity to destroy that which ultimately sustains us and which we ultimately hold most dear. The long tail sounds to me like just another version of the old tale, which is the effort to get people to define themselves as consumers, and to seek happiness in things they buy.
Hey, I’m glad I’m not stuck in Blockbuster’s mass drek. But I’m even gladder there’s a revival of public spaces and the like, so I can be around other people and not have to buy anything at all. That's the tail that's really new, and needs to be told."
Wednesday, July 12, 2006
Update: Police say Levy arrest integral to investigation
"All right. Well, let me start with this notion that there’s a lot of conversation about information sharing, and I think that that’s kind of like a second principle.
And I have kind of come up with what I’m calling the information-sharing paradox, and I think it’s—if you start with information sharing, we’re likely to fail. And the reason is that it’s not really practical to share everything with everybody. And if you can’t share everything with everybody, your next option is, can you ask everybody every question? And it turns out that’s not practical either.
So this information sharing paradox is, if you can’t share everything with everybody and you can’t ask everyone every question every day, how is someone going to find something? And that’s the information sharing paradox.
And I think that the solution is discovery. You have to know who to ask for what. So thinking about this in terms of the card catalog at the Library of Congress, the Reader’s Digest version is no one goes to the library and roams the hall to look for the book; you go to a card file and the card file tells you where to go. If someone were to be putting books in the halls or one of the aisles of the library and not put a card in the card file it would be nondiscoverable.
So a first principle is, holders of data should be publishing some subset of the data, subject, title, author, to card files, and card files are used for discovery, and then you know who to ask.
So the first principle is discovery.
And from a policy standpoint, the question then is, how do you get people to contribute data to the card file? What data are they putting in the card file? And when I think about that, I think about motivating data holders. If you have an owner of a system, their value to the enterprise is the degree to which their data is useable. But before it’s useable, it must be discoverable.
So if you quantified people’s contributions to the card file, if you had an aisle at the library, a system, and they contributed no cards to the card file, their enterprise value would be less.
So I’m speaking here to a metric about how one would quantify discoverability.
And it turns out as you create these things that the card file itself becomes the target. When you put a few billion things in there that point to the documents in the holdings and the assets across many different systems or silos, after awhile it starts to feel like the card file is the risk, the risk of unintended disclosure, the risk of that running away from you, having an insider run off with it.
So one of the things that I’ve been pursuing is the ability to anonymize the card file so that even if the database administrator who oversees this card file is corrupt, he or she can’t actually look through it and shop or scan for names or addresses. The data in it has been scrambled in a way that it’s—when I use the word anonymize, by the way—some of the recent news has indicated that a phone number by itself is anonymized; I would differ. My view of anonymize is that it—to me, anonymized data is data that is nonhuman-interpretable, and nonreversible. So therefore if there is a match, no single person can unlock it. They actually have to go back to the holder of it and request the record, which in an information-sharing model with public sector to private sector, that request would then come out as consent or a subpoena, NSL FISA.
So I thought I’d start there."
Just to repeat the crux of that, "if you can’t share everything with everybody and you can’t ask everyone every question every day, how is someone going to find something? And that’s the information sharing paradox.
And I think that the solution is discovery. You have to know who to ask for what."
No amount of hoping that the computer, after sucking up voluminous quantities of data about everyone, will magically find something, is going to save you, if you don't know what that something is and you don't know who or what to ask to find it. Thanks to William for the link.
"The UK's largest NHS trust has discovered endemic sharing of passwords and log-in identifications by staff, recording 70,000 cases of "inappropriate access" to systems, including medical records, in one month."
And that is just the 70000 that were detected. Essentially the security of private patient data is non-existent in the new £multi-billion NHS IT system. FIPR have been saying this for quite some time.
Tuesday, July 11, 2006
"Pentagon General Counsel Jim Haynes has ordered senior defense officials and military officers to apply Common Article 3 of the Geneva Conventions to all detainees held in US military custody. The DOD memo can be found here... a directive to DoD officials to comply with a holding of the U.S. Supreme Court."
"The Commission made an undercover move to get more "useful" answers following the 12 April closing date of its Patent Policy consultation. It sought out small firms across Europe who had used the patent system. It then provided these firms with new documentation and specialist assistance to help them write individual answers. None of the firms answering the online consultation got this help. But when the software firms in this new group came to the same conclusions as the FFII, the Commission concluded that these firms were "lacking knowledge about the patent system"."
"Fundamentalism is not simply an affliction of religious zealots. It takes over the minds of secular people, too, and often manifests itself in a religious-like zeal to defend property rights at the expense of all else. Because I keep encountering ever-more extreme examples of this pathology, I thought it would be useful to start a occasional blog post, the Annals of Private Property, that will document the lurid extremes now dictated by the theology and veneration of property rights.
Let me inaugurate this feature by citing the epic trademark battle that Wal-Mart is engaged in, over the ownership of… the “smiley face.” If ever there was a cultural icon that emerged from the commons, or at least acquired value through its social circulation via the commons, ol’ Smiley is it. It’s been around for decades as a shared icon of dubious taste. But now the economic leviathan, Wal-Mart, is claiming that it, and it alone, owns the smiley face image, as a trademark."
Monday, July 10, 2006
Update: The Salt Lake Tribune, appropriately, has the story Utah film sanitizers ordered to cut it. Thanks to Michael Geist for the link.
Update 2: Ed Felten as usual has a worthwhile commentary as does Tim Lee.
"I'm not so sure that the whole issue really is one of commercial avoidance... And quite frankly, we're just training a new generation of viewers to skip commercials because they can... People can understand in order to have convenience and on-demand (options), that you can't skip commercials."
Yes some of these folk do indeed live in a different world.
What's the matter with you? Don't you realise you're learning to skip the ads? Don't you understand that's NOT ALLOWED?
Ranks right up there with Jamie Kellner's 'skipping the ads is theft' comment in 2002.
"[Ad skips are] theft. Your contract with the network when you get the show is you're going to watch the spots. Otherwise you couldn't get the show on an ad-supported basis. Any time you skip a commercial or watch the button you're actually stealing the programming."
LTKA seem to think that fingerprinting is being introduced in 20 primary schools in the UK every week and that the systems exist in 3500 primary schools across the country. Whereas I find that hard to believe, it is a matter of concern that it should be happening at all.
To get at why this might be happening you need to look at the agendas of the people making the decisions.
The companies selling the systems will be well versed in the messages that schools like to hear - it will save time, be more convenient etc.
Overworked headteachers, teachers, librarians and administrators see the system a way of avoiding the time consuming process of dealing with kids losing library cards and 'the dog ate it' kinds of problems.
Kids don't have a say and in primary schools would be too young to understand the implications anyway.
It looks like parents are also being kept out of the loop, so don't have a say either.
So a lot of money is being spent on systems to release a little school staff time and the security and privacy implications for the children involved are not factored into the equation.
Sunday, July 09, 2006
"I conclude that we are setting ourselves up to fail. This is based on:
my conversations with stakeholders about:
the amount of rethinking going on about identity management (which at best will provide an agreed vision and some signposts by end July),
Peter Smith, Acting Commercial Director, IPS [Identity and Pasport Service], says:
"I wouldn't argue with a lot of this David; share your concerns about TNIR timescale certainly, and the 'wider scheme' implications where still issues about joining up I think across the HO. We should talk... but 2 points in our defence...!
1. It was a Mr Blair who wanted the 'early variant' card. Not my idea...
2. The procurements we will (we hope) launch in the next few months - not the TNIR but things like APSS and contact centre - are all necessary (essential) to sustain IPS business as usual, and we are designing the strategy so that they are all sensible and viable contracts in their own right EVEN IF the ID Card gets canned completely. So also less dependence on business case approval etc."
No doubt Mr Blair wil be furious and these men will get hauled over the coals and the government will go after the person who leaked the memos rather than address the substantive points raised. Yet both the meo writers and the leaker deserve a pat on the back for being realistic (Foord more than Smith) and the leaker for letting the us know there are folks at high level thinking reasonably about the scheme. Rational thinking, however, as I point out in my book, is all too often an insufficiently strong barrier to resist decisions which lead to catastophic failure.
Update: John Lettice in the Register has some thoughts.
"What do you get when you combine an ambitious IT scheme run by the government and a plan that threatens to ride roughshod over civil liberties? The answer is an unholy mess. As leaked e-mails today reveal, Tony Blair’s flagship identity card scheme is struggling and could even collapse in an embarrassing shambles. Two years before ID cards are set to be introduced for people renewing their passports, the chances of meeting that timetable look remote. The entire scheme may yet have to be shelved...
Should the government accept the verdict of its own experts that a politically driven programme with a “lack of clear benefits” might, and perhaps should, be “canned”? It would be another broken promise from Mr Blair, but he is used to those, as are voters. Why press on with a scheme that will cost billions with very little discernible benefit?
Frank Field, the former welfare reform minister, has sound ideas. It was his committee which first identified the scale of National Insurance fraud in Britain, with at least 20m more NI numbers in use than there are people in the country. He believes that the scale of fraud in the NHS is significant. Rather than scrapping the whole ID scheme, he argues, it should be launched gradually, first to foreigners coming to Britain to stay and then to young people getting their NI numbers for the first time. A programme like this should be within the government’s capabilities and would even allow the prime minister and his colleagues to save face."
They were doing so well until that final paragraph. They just don't get it do they? A fundamentally dodgy IT scheme will not work no matter how long you take to launch it. We're already leaving our future generations with an enormous mess on the political, social, economic and environmental fronts. It's worse than a bad joke to say the scheme is a mess so let's test it on our children instead. Now start talking about a carefully designed and constructed privacy enhancing, commerce and public services enabling identity architecture and you might start getting me interesed. The trouble with politicians and most of the media is that they don't understand the absolutely fundamental difference between that and the government's ridiculous proposals.