Point 7: Can DRM systems can have unintended consequences on computer functionality? What are your experiences of DRM? What unintended consequences have you personally experienced?
The slightly strange thing about trying to write up the inaugural ORG event is that having spent my time arranging it, and being the person MCing it, my experience of it wasn't the same as that of the people who came and who made it such a success. I had my expectations of what I envisioned it all to be about, and those were blown out of the water pretty comprehensively, but in the best possible way. Jonathan Zittrain was a great speaker, his opening talk perfectly set the tone not just for the evening but for how we view ORG, as a voice to speak out against those who would erode our freedoms and liberties until there's nothing left. Then Lloyd Davis ran the open discussion bit which he started off by asking people what issues they were interested in. I'll admit here that I had expected people to say things like 'data retention' or 'e-voting' or 'privacy' or whatever, but they didn't. They said 'engaging with MPs', 'educating people', 'understanding what's happening in Europe', and stuff like that. I'd deliberately left the title of the event and the wording of the invitation a bit vague, but it surprised me that people were much more concerned about how we campaign than what we campaign about. Not that the topics we cover aren't of interest - they patently are - but most people seemed to be running on the assumption that we could figure that stuff out for ourselves. (And yes, we can, although it would have been interesting to find out which issues people were concerned most about.) Once people had clustered around the conversations they were interested in, my participation in the evening paused. I had meant to go round and find out what people were talking about, but I barely got to move two inches from my spot as various people came over to say hi, talk, offer ideas and help and advice. It was just great - the amount of goodwill extended towards us was fantastic, not to mention reassuring. I've always been keen that ORG be about collaboration and not some pissing contest to see who can get most attention. We had about 70 people turn up, which was just about perfect for that venue, although I'm sorry I didn't get to talk to more of you. Most people had a great time - one person mentioned that this sort of event was great because it was a rare opportunity to talk about these issues in an open forum. I happily took questions at the end, which is my job so it's nice to get a chance to do it! Of course, not everyone was happy. One young man asked "What do you do when you've finished sending out press releases?" to which I replied "Send out more press releases". But this raises a serious point and it's one we would all do well to remember. There is no endgame for ORG. There will never come a day when we say "Our work here is done. We can shut up shop and go home." There will never come a day when there are no digital rights abuses, no need to campaign, no stupid legislation to oppose. We never will finish sending out press releases. ORG is just beginning. It is a fledging organisation, trying to set up an infrastructure at the same time as campaigning on important issues that just can't wait. There's a lot we need to do. But our intention is to make ORG a lasting voice in digital rights - it will outlive me, it will outlive our current board, and eventually will pass into the hands of new activists. So, you might now be asking, what of the outcomes of the discussion? The brown paper stuck to the walls with index cards stuck to that? Where's all that information gone? Well, that's all on Lloyd's camera, and we're going to sort it out over the next week into something that makes sense, and will then put it up on a public wiki so that you can elaborate. We'll let you know when it's up. Finally, I want to thank InSync and 01Zero-One, particularly Tom Campbell, who not only provided us with the venue but also with the nibbles and drinks. Thanks also to Jonathan Zittrain and Lloyd Davis for giving up their time to come and help us get ORG off to a flying start. And thanks to everyone who turned up, and everyone who has pledged to support ORG financially. Without you guys, we'd just be an idea on the back of a napkin.
We are pretty close to full on the event, but if you either can't come and previous had said you could, or if you want to come, let us know before 4.00pm this afternoon. After that, I can't reply to emails and you should just try pitching up to the door. To say that this event has been a sell-out would be an understatement. Next time, I think we will need a bigger venue...
The Open Rights Group membership pledge has finally matured, just in time for our inaugural event tonight and, coincidentally, just as we are about to get our membership database online for you to join up! The pledge topped out with 1002 signatories, but if you haven't signed up already, this doesn't mean that you're too late - you can still sign the pledge and still get involved with supporting ORG. I'll post more info on exactly how to become a real, proper member as soon as I have it. Meantime, thanks to everyone who has pledged, and congratulations to everyone involved in promoting and supporting ORG in its first, fledgeling phase.
Today the LIBE Committee - that's the committee of MEPs who have been 'looking after' the data retention directive - voted on whether or not they liked the amendments that have been proposed in the backroom meetings which have been going on between the various interested parties in Brussels. Thirty three MEPs voted to accept the changes, eight voted against and five abstained. As the the LIBE Committee is responsible for guiding the legislation through the law making process, their amendments will define for a large part what the final directive will look like when it's placed before the European Parliament as a whole. This, you will recall, will only happen once, in mid-December. The current state of play is this:
Point four is a genuine concern. The arrest warrant list includes "piracy" which, if IPRED2 passes (which criminalises copyright infringement) could possibly include aiding/abetting/inciting to filesharing. The basic issues about privacy, proportionality and the contravention of the European Convention on Human Rights have not changed. The entire directive should be rejected, and once again I would urge you to email your MEP and ask them to vote against data retention.
When the UK Presidency suggested to the EU that telecoms service providers and ISPs should be forced to retain information about the telephone calls you make and the sites you visit, they stated that it was an essential "balance" struck between liberty and security: a grave compromise necessitated by the threat of terrorism and serious crime. We don't remember them mentioning "and might help the recording industry fish for file-sharing networks, DRM workarounds, and spurious patent infringers". The newly-formed Creative and Media Business Alliance (CMBA), made up of companies such as Sony BMG, Disney, EMI, IFPI, MPA and Universal Music International, this week expressed an interest in communications traffic data so that they can more easily prosecute "intellectual property infringements". Thanks to a combination of two fast-tracked EU directives, they may just get their wish: and allow a UK plan to limit civil liberties to turn into a privacy-invading free-for-all by the entertainment lobby. Data Retention to Fight Piracy? This week, the CMBA emailed all MEPs (Word doc), calling for the data retention legislation currently under discussion in Europe to be widened far beyond its original scope. The CMBA want data retention legislation to be an "effective instrument in the fight against piracy", and believes that "the conditions set out in the proposal are too restrictive and would create obstacles to law enforcement in a number of situations. Moreover, many amendments submitted, including to the Industry Committee, seek to further reduce the scope of the Commission proposal." You can read and cross-reference the amendments that the CBMA object to here, and here. These amendments are some of the few that try to rein in already bad legislation which may well violate the European Convention on Human Rights. For these companies, however, industry interests trump democracy, human rights and civil liberties. The CMBA demands:
1. The scope of the proposal should include all criminal offences The Directive, as proposed, is limited to "the prevention, investigation, detection and prosecution of serious criminal offences such as terrorism and organized crime" (Article 1.1). The position of the CMBA is that the scope of the proposal should be extended to all criminal offences. Limiting the proposal to "serious" offences would hamper the effectiveness of the Directive and the enforcement activities for other forms of criminal offences.Liberal Democrat MEP Bill Newton Dunn has already helped the industry out here, by requesting that the word 'serious' be removed from the legislation:
Original version: "...data is available for ... prevention, investigation, detection and prosecution of serious criminal offences, such as terrorism and organised crime." Dunn version: "... data is available for ... investigation, detection and prosecution of criminal offences."Remember that under current EU law, copyright criminals include not just large-scale commercial infringement operations, but thanks to the EUCD, also anyone who sells or "distributes ... as to affect prejudicially the copyright owner" circumvention devices or components. In other words, if you put the DeCSS code on a web page - six months of phone calls and sites visited may be used against you. Or if you reveal that putting tape on a CD will circumvent Sony rootkits. Furthermore, the CMBA demands:
3. The access and use of data for law enforcement purposes must not be limited. If the proposed directive is limited, in particular in its scope, it must be clear that it does not preclude the possibilities to obtain data for the enforcement of rights under EU or national legislation, in compliance with Data Protection rules. The possibility for law enforcement authorities to use data in other cases, to be determined by national law or other EU instruments, is essential, otherwise there will be no way to prosecute the infringements that are not covered by this proposal.Whether or not you agree with the need to retain traffic data for fighting terrorism and serious crime, there can be no benefit to national security from allowing the creative industries to use this information for prosecuting simple "infringement" cases. Copyright Criminals Now tie this in with IPRED2, another nasty bit of legislation which criminalises all "intellectual property" infringement on a commercial scale and "aiding and abetting such infringement", with very thin definitions of what "commercial scale" or "intellectual property" means. The two directives together become even more alarming. IPRED2 mandates that the police work with rightsholders to pursue suspected cases of IP infringement - including patent infringements - or merely vocal encouragement of infringement. And the Data Retention directive provides them with reams of data they can mine for evidence against these suspected infringers. At the latest IPRED2 hearing, that's exactly what the CBMA's parent organisation, the International Federation of the Phonographic Industry (IFPI), demanded. This opens up a very ugly can of worms where entire industries can get unparalleled powers of investigation, provided at the taxpayer's expense. Moreover, if the CMBA get their way, the number of data retention enquiries that the telcos and ISPs will have to process will be far higher than if restricted to terrorism and serious crime. This will put far more pressure on the telcos and ISPs who will not only have to bear the cost of storing the data, but also of providing access to the information to the authorities. So, why is this important right now, this minute? Both Data Retention and IPRED2 are being frogmarched through the European Parliament at an alarming speed. Votes are being held by three committees over the next few days on Data Retention, with secret meetings going on in the background between the Council, the Commission and the Parliament, with the aim of reaching a tacit agreement on what this legislation should look like. On 13 December 2005, the Parliament votes on the Data Retention directive. Usually, they get two stabs at it, with the Council having a say in between. This time, they get just one vote. This time, MEPs will have just a few days between being presented with the proposed legislation as drawn up in the secret meetings and being expected to come to an informed, considered decision on whether it should become law. Word has it that there are some MEPs who do not even realise that this is a single reading process - they are expecting the normal two reading process instead. Most MEPs have probably not been following the debate around Data Retention in detail, and giving them just a few days to absorb, understand, and analyse the proposals will ensure that, by the time they must cast their vote, they will through no fault of their own still not be in a position to make a reasoned decision. This is not democracy. What can you do? Email your MEP now. Tell him or her that you oppose Data Retention, and that you are concerned about the way it is being rushed through the European Parliament. Read this pamphlet (sent to all MEPs by EDRI) for talking points to discuss. Read up about IPRED2. With all the work going on with software patents and data retention, IPRED2 has not had the coverage it deserves. The FFII (the Foundation for a Free Information Infrastructure) has been doing a fine job tracking it, but it needs more exposure. Blog about your concerns and encourage your readers to contact their MEP and particularly the Green Party, who may yet play a vital role in protecting your civil liberties by tabling a rejection of the Data Retention proposal. The recording industry and the UK presidency are determined to get their way through stealth, not debate. We can't let the European Parliament sleep-walk their way into these statutes.