June 19, 2006 | Suw Charman Anderson

Linux User

A few months ago, I started writing a monthly column for Linux User. The first one, Whose Net is it, anyway? is now up online. I'm not sure how long it will be there, or if there will be an archive, so get it whilst it's hot. And, for your delectation, an excerpt:

Just imagine. The sum of all human knowledge available at your fingertips via a desktop machine. In 1985, that would have seemed like a dream. In 1945 when Vannevar Bush posited such a system - the Memex - in his essay As We May Think, it would have seemed like magic. Yet here we are. With Google and a razor sharp search term, you can now access a significant portion of all human knowledge. Indeed, some would say that the World Wide Web has exceeded Bush's original vision: it's not just a repository of information, it's a communications tool that millions of people rely upon every day.

[Read more] (2 comments)

June 15, 2006 | Suw Charman Anderson

ORG on the BBC

The Apple/iPod DRM story seems to be a hot one at the moment. I've just got back from the Apple Store, where I did an interview with BBC journalist Sumant Bhatia. The segment will be on World Business Report on BBC World tomorrow morning, which BBC1 and BBC News 24 air at 0530. After that, it will be repeated on BBC World all day, which you can only get if you're abroad. You should be able to watch it online, however. ORG has had quite a few requests to be on the news, but until now all of the stories they would have wanted us to comment on have been dropped at the last minute. Nice to finally have a story run, though. UPDATE: Hah! Looks like they bumped me for Bill Gates. Still, nice practice.

[Read more] (1 comments)

June 14, 2006 | Suw Charman Anderson

ORG in the FT

In the UK, the Open Rights Group, another consumer protection organisation, has been lobbying MPs to force companies to open up their DRM. “If I buy a car I expect any brand of petrol to work in it. Consumers are starting to see that they can do less with the music they buy,” says Suw Charman, executive director of the group. Crunch time for Apple’s music icon
Props to Cory for the 'do less with' line, which always seems to make the point beautifully.

[Read more] (2 comments)

June 13, 2006 | Suw Charman Anderson

Cryptography and fallacy

The Times has an emotive piece on the implementation of Part III of RIPA, the Regulation of Investigatory Powers Act, which demands that people hand over their cryptographic keys.

The internet has transformed life for billions, making the once time-consuming swift and the once complex straightforward. Unfortunately the beneficiaries include paedophiles who now have a frighteningly easy vehicle with which to peddle the most depraved and exploitative material that would turn the stomachs of those unfortunate enough to come across it. The advance of computer technology now makes it cheap to render such material inaccessible, even to experts in software code-cracking. This is a problem that directly affects the safety of Britain’s children.

Punishing silence - Comment - Times Online

I'm always suspicious of overly emotional pieces like this, because they're full of logical fallacies which are designed to undermine rational argument. The first I spotted is called 'argumentum ad metum', which is Latin for 'giving you the screaming heebie-jeebies' - you can see it in that last sentence about 'the safety of Britain's children'.

There's also a hefty dose of 'argumentum ad odium', which is all about appealing to your hatred of, in this case, people who do nasty things to children. Yes, paedophiles are depraved and exploitative, and yes child pornography would make your stomach turn. But the reason for including that sentence is not to provide you with information, but to whip up your hatred of paedophiles.

The question is not 'are paedophiles bad?', but 'should people be forced to hand over cryptographic keys, and punished when they do not?' By reframing the argument as if it is only about paedophiles, The Times evokes an emotional response that 'yes, paedophiles are bad, so yes, we should have legislation that forces them hand over their keys.'

They fail to consider that of the people using cryptographic keys, paedophiles are in the minority. This is a logical fallacy of it's own called 'secundum quid', which is when you make a hasty generalisation based on a small and unrepresentative sample. The paedophiles are presented as the general problem, and the author ignores all other types of people - such as business people - who use cryptographic keys.

As Ian Brown says, it seems that the Times has had a briefing from the Home Office, resulting in this rather slick paragraph:

Punishing silence is a dangerous concept and should be rejected in all but severe cases. But the consultation paper circulated by the Home Office sets out the hurdles, designed to protect the innocent, which prosecutors would have to jump. For a suspect to be charged and face a prison term of more than two years for failing to unlock computer files, he would have to be a convicted paedophile; his computer would have to contain indecent pictures of children; or there would have to be evidence that he had communicated the encrypted information to someone else. The court would have to be satisfied that the encrypted data was likely to contain illegal images of children. The battle against paedophiles, like that against money-launderers, has been made more complicated by the internet. It is reasonable that law enforcement acquires stronger powers to fight back.

Of course, it's not just paedophiles... it's obviously money-launderers, and before you know it, it will be anyone they fancy. That's what you call 'mission creep'.

(And there you might accuse me of committing the logical fallacy of 'the slippery slope', where you imply that one step in the wrong direction must, perforce, lead to disaster. But when you have a point of principle at stake, then examining the wider ramifications is not a slippery slope argument. The point of principle here is, Should people be forced to give up their cryptographic keys? and if you concede Yes, then any community of cryptography users is at risk and it's fair game to point that out.)

There are a bunch of other fallacies used in this piece, and I'm not even an expert fallacy spotter yet.

'Argumentum ad modum', a call for proportion: "It is reasonable that law enforcement acquires stronger powers to fight back."

'Shifting the burden of proof', which runs through the whole of the article, and says 'prove why we shouldn't demand cryptographic keys' or 'prove that these files aren't evil', rather than proving why we should or why they are.

'Petitio principii', which is basically where your conclusion is the same as your argument, in this case it's that 'police should have access to cryptographic keys because they need to access cryptographically concealed computer files'. This one is quite well dispersed, but it's there in the first paragraph: "Mr A was caught trying to procure a 10-year-old child for sex. Police found in his possession a number of computer files. They almost certainly contained illegal images and further damning evidence. They may also have contained clues. But officers were unable to read them because they were encrypted."

Finally, we have 'half-concealed qualification', a limited claim which is expressed in an inflammatory way so that you don't hear/see the disclaimer: "In recent years, police investigators have run up against encrypted data with increasing frequency. Even if they succeed in getting into protected files, they may be unable to comprehend the contents without a second key. This is more than frustrating when a suspect is in custody and the clock is ticking until he must be charged or released. A dangerous man could be allowed home." In this section, the 'increasing frequency', 'clock ticking' and 'dangerous man' undermine the 'may' which qualifies the existence of the putative second key.

For more on RIPA Part III (which sounds an awful lot like the last installment of a slasher film trilogy), take a look at Spy's blog on the Home Office Consultation, and for background see FIPR's RIPA Information Centre.

[Read more] (1 comments)

June 13, 2006 | Suw Charman Anderson

Denmark, Norway and Sweden put pressure on Apple's iTunes

STOCKHOLM (AFP) - Denmark, Norway and Sweden plan to force Apple Computers Inc to break the exclusive link between its iPod music players and online iTunes store.

The three Scandinavian countries have decided to take iTunes to their respective government mediators, or ombudsmen.

"iTunes' terms and conditions are illegal in all three countries," Swedish Consumer Agency spokeswoman Marianne Aabyhammar told AFP Friday.

Scandinavia pressures Apple's iTunes - Yahoo! News

(Just trying out Flock to see if I blog more news this way... if you see a sudden rash of news stories, that's why!)

[Read more] (1 comments)

June 05, 2006 | Suw Charman Anderson

Launch of the APIG report on DRM

Last year, the Open Rights Group submitted evidence to the All Party Internet Group's public inquiry into digital rights management (DRM) after carrying out it's own public consultation into questions raised by the call for evidence. In February this year, ORG gave oral evidence to the APIG inquiry, giving a concise statement regarding ORG's position and answering questions from Derek Wyatt MP, Ian Taylor MP and the Earl of Erroll.

This morning, at an event organised by the IPPR and hosted by the British Library, APIG launched their report. The 30 page report can be downloaded as a PDF from APIG's website. For those of you with a shorter attention span, here is the official report summary as provided by APIG's secretariat.

The inquiry's key recommendations: 1. A recommendation that the Office of Fair Trading (OFT) bring forward appropriate labelling regulations so that it will become crystal clear to consumers what they will and will not be able to do with digital content that they purchase.

Thinking behind the recommendation:

There was considerable consensus on the principle that consumers should be aware of what they are purchasing.

Not surprisingly, the consumers were in favour, but other respondents were as well. For example, EMI told us "consumers should be aware of the precise terms of the package of rights they have paid for by proper labelling or other explanation" and Intel said "consumer notice requirements in connection with content protection and DRM are not only appropriate, but will in fact help drive both the deployment of new business models and consumer acceptance of content protection and DRMs generally". In the long run, 'media literacy' will ensure that consumers understand what they are purchasing and what they might reasonably expect to be able to do with digital content. In the meantime, the evidence we received suggests that extensive labelling is essential.

2. A recommendation that the OFT labelling regulations we propose, should ensure that the risks are clearly spelled out, at the point of purchase, whenever consumers could lose access to digital content if systems are discontinued, or devices fail, or players are replaced by systems from a different manufacturer.

Thinking behind the recommendation:

One of the issues that we asked respondents to comment upon was that of Technical Protection Measure systems being discontinued. Although this will seldom cause a work to disappear altogether, it can have significant impact on individual consumers who find themselves with content that they can no longer enjoy. Even where the manufacturer stays in business, there is still an issue of being 'locked in' to particular technologies, even if other offerings are more attractive or less expensive. As an example, once someone has purchased a great deal of protected music for an iPod then if their next player is not manufactured by Apple then this music could become inaccessible to them. There are currently practical (albeit, not necessary lawful) ways of addressing this problem for iPods, but this may not be true for all formats.

3. A recommendation that OFCOM publish guidance to make it clear that companies distributing Technical Protection Measures systems in the UK would, if they have features such as those in Sony-BMG's MediaMax and XCP systems, run a significant risk of being prosecuted for criminal actions.

Thinking behind the recommendation:

Shortly before our inquiry was announced it was revealed that Sony-BMG had shipped millions of CDs in the United States with two extremely problematic copy-protection systems

[Read more] (4 comments)

June 05, 2006 | Louisiana

Tech-Savvy MPs Come Out Against DRM

The All Party Parliamentary Internet Group today launched the report of their inquiry into Digital Rights Management.

ORG is pleased to see the APIG making such a robust and sensible set of recommendations, many of which coincide with ORG's recommendations to the inquiry.

APIG points out tht DRM can have a range of damaging effects, impacting on free trade, distorting markets, discriminating against the disabled and against open source products.

We are particularly pleased to see that APIG has taken note of the Sony-BMG, MediaMax and XCP debacle, and will be asking OFCOM to ensure that companies understand that any Technical Protection Measures they employ must not damage users' computers. The virus-like software used by Sony-BMG would be illegal in the UK, and companies need to understand that they risk being prosecuted if they flout legislation designed to protect consumers from malicious software.

We are also pleased to see APIG recommend that academics be granted exemption from prosecution for research into anti-circumvention measures. It is essential for both consumer protection and for technological advancement that academics be able to examine in detail the anti-circumvention measures created by industry without fear of prosecution.

The recommendation that the British Library should chair a "UK Stakeholders Group" to advise the Department of Trade and Industry on IP and specifically DRM, is also warmly welcomed by ORG. For too long the DRM debate in the UK has been dominated by what the APIG term "the usual suspects" - major rights holders and the content distribution industries - who can afford to pay professional lobbyists to promote their views.

ORG feel that the recommendations could have gone further. The report addresses to specific exemptions to copyright: access for the visually impaired and the supply of material to deposit libraries. ORG sees no reason why the law should protect DRM technology that prevents all users from exercising their fair dealing rights such as limited copying for non-commercial research or private study, or copying for criticism or review. The UK should follow other European countries, such as Slovakia, that allow citizens to break DRM locks that block these rights.

ORG also feels that APIG have missed an opportunity to look more closely at interoperability and open standards for digital content and the hardware that content is played on. Currently, the report recommends that the Office of Fair Trading should use labelling to make the public aware whenever they are buying digital content that could be lost if 'systems are discontinued, or devices fail, or players are replaced by systems from a different manufacturer'. However, a more effective solution to this problem is to mandate interoperability between systems, so that, for example, iTunes Music Store music could be played on any MP3 player. At the very least APIG should have recommended that more research be done into this, as France is doing in its EUCD implementation.

Read coverage of the report - and what Open Rights Group has to say about it - on the BBC website.

[Read more] (2 comments)

May 23, 2006 | Suw Charman Anderson

Haranguing the crowds at Speakers Corner

We had the monthly London Copyfighter's Drunken Brunch and Talking Shop on Sunday, and despite the rain we had a good turn out. There are a few photos on Flickr, but it was a dismal day and my camera doesn't much like the rain. I think we actually had some of the most persistent heckling that I've seen so far at Speaker's Corner. There is, of course, always a risk of heckling, but there was one guy who was particularly peeved at our presence and who was very loud and annoying, and another guy with a plastic bag on his head who obviously felt that hats were too pass

[Read more] (6 comments)

: 3 Ways to Improve Democratic Participation in Scotland-->
  • May 31: ORG Aberdeen: Cryptonoise May 2018
  • ORG Glasgow: A discussion of the General Data Protection Regulation (GDPR)
  • ORG Aberdeen: March Cryptonoise event
  • ORG North East: Take control of your online life