call +44 20 7096 1079

Blog


September 24, 2012 | Jim Killock

CleanIT: bad policy making

Thanks to an EDRi leak, European proposals for widespread action against “terrorism” were revealed last week, with press coverage in the Telegraph and elsewhere.

The project – Clean IT – moved swiftly to deny that they had been a closed project, which is partly true. They also tried to reduce the significance of the document they had produced, saying it was “for discussion” (even though page one of the leaked document suggests the contents are ‘detailed recommendations’).

The plans include measures for upload filtering, corporate censorship, plus procedures for flagging dubious content.

The first of these – “upload filtering” – has significant commercial backing, according to EDRi, but would pose a huge privacy problem. Effectively, all content by all users would have to be machine-read as it was submitted to a service like Google Docs, in case it contained “terrorist” material.

The other discussions, focusing on terms and conditions, try to pass responsibility for free speech to companies, rather than courts. Civil society groups have been saying very strongly that this kind of approach is dangerous. Companies are cautious and of course want to avoid being held liable and responsible for their users' content. So using T&Cs is likely to lead to overly sensitive reactions about what content to take action against. Asking companies to use T&Cs is lazy – it allows government to see policies put in place without legislation or safeguards.

It is also something that civil society has been stressing should be avoided in submissions to the European Commission's consultation on 'notice and action' - a process this is seemingly not connected to. 

In the UK, some similar ideas are being considered under the Home Office’s Prevent Counter Terrorism strategy. This strategy has mooted the idea of blocking of “terrorist” websites on the government estate, and “encouraging” private ISPs to voluntarily block the same list.

However, what links these proposals is the absence of an understanding and definition of the problem - for example, clear evidence that terrorism really can be tackled effectively in these ways. The assumption appears to have been made in both cases that terrorist material is easy to define, is in some way “circulating” and is “recruiting” people to extreme and pro-violence views, and then helping shift these people into actively violent networks. 

Surely it is important to know whether recruitment is between people, in specific kinds of real life locations, targeting individuals with particular vulnerabilities or experiences; or whether it is in fact being conducted via certain websites?

This kind of absence of evidence and adoption of wide assumptions is all too prevalent in Internet policy. In the case of supposed terrorist content, it is particularly problematic as the understandable desire to do something about terrorism can swiftly become a reason to support any measure, no matter how unproven.

Quite a few other Internet policies fall into this category of laws, including the now-dying Hadopi, the troubled Digital Economy Act, and the Australian attempts to create a national adult content firewall. Others, like Data Retention, are under legal challenge. Yet others, like the Claire Perry and Daily Mail-inspired adult content filters proposed for the UK, look like angering the public and potentially harming their supposed objectives.

There is hope. EDRi have embarrassed the CleanIT group, and the EU for funding them. Moving straight to solutions without clearly establishing the problem to address; duplicating work the Commission is already doing, for example on notice and action; and failing to take into account due process and the legal obligations created by human rights law: the Clean IT project is seemingly wasting taxpayers’ money with incompetent and dangerous proposals for the private policing of online content.

This is another signal that politicians and policy makers need to gain some scepticism and rigour when thinking about Internet policy, instead of dealing with it on the basis of rhetoric and first guesses about public harms.

[Read more] (1 comments)


September 07, 2012 | Peter Bradwell

When content is noticed and taken down - have your say

Due to some problems with their website, the European Commission have extended the deadline for submissions to the 'notice and takedown' consultation. This is actually pretty good news for anyone who has yet to submit a response - you still have until Tuesday 11th September to have your say. The Commission are asking for responses to a questionnaire.

The consultation is basically about how illegal content is dealt with by online intermediaries (meaning things like social networks or search engines and so on). Central to this is 'notice and action' (N&A), where a hosting provider is notified about some apparently illegal content and then some action is taken to deal with it. As the EC's 'roadmap' (where they set out some of the key points on the issue) says, "N&A procedures are at the heart of debates on the freedom of speech, innovation, security and the dangers of the internet in particular for vulnerable groups."

A significant concern is that currently N&A procedures lack sufficient due process, leading to legal content being removed on the basis of mere allegations. Abuses of the process are also a significant concern, again leading to content being taken down when it shouldn't. N&A procedures are crucial to questions of freedom of expression online – with the removal of legal content chilling citizens’ right to receive and impart information.

After hearing concerns that the current system is fragmented and is pleasing nobody, the Commission said in January that these procedures "must therefore be made more efficient, within a framework which guarantees legal certainty, the proportionality of the rules governing businesses and respect for fundamental rights" (From the Communication on e-commerce and other online services (2012))

We'll be telling them that they need to pay attention to due process and make sure there are robust mechanisms for establishing the illegality of content, for challenging contestable claims and getting redress when things go wrong, and effective sanctions for those that abuse the process. We'll also highlight some of the recent examples where things have gone wrong, and the issues of mistaken blocking we raised in our mobile Internet censorship report. Fundamentally, this is about who or what decides when we should not be allowed to look at something online, and what happens when they get it wrong (mistakenly or otherwise)?

If this is something you are concerned about, please submit something to the consultation. The Commission are asking to responses via their questionnaire. The deadline is Tuesday 11th September. 

Some organisations have already submitted responses. EDRi have put up their submission and annex, and La Quadrature du Net have published theirs too. You can read some notes from JANET here (JANET is the network that connects the UK's research and education institutions). Saskia Walzel of Consumer Focus has posted about the consultation on ORGZine and at the LSE Media Policy Project blog.

 

[Read more]


September 05, 2012 | Jim Killock

Bruce Willis: one thing is true

The story that Bruce Willis was to sue Apple because he could not leave his MP3s in his will circulated round the UK press last weekend. His wife has since denied it.

However, one thing remains true. Your digital rights are pretty limited when it comes to leaving downloaded copyright material in your will.

This stands in contrast to physical goods, where you can of course resell or leave your books, DVDs and CDs in your will.

Only software downloads can legally be transferred or resold. A recent case in Europe made this clear when Oracle tried to stop UsedSoft from reselling their downloaded, licensed software. The court disagreed, and pointed to the EU Software Directive.

Many of the reports focused on terms and conditions of Apple’s store. On one level, this is true, copyright owners could agree to license their downloads like this. Perhaps this would be complicated, given the myriad levels of contracts and ownerships, but it is possible if consumer demand is there.

More fundamentally, a change in the law is needed. People will start noticing how unfair this is as they write their wills. As they learn that their digital assets, those they have bought, perhaps for thousands of pounds, are worthless on death, they will feel cheated.

Equally, there is little prospect that individuals who inherit hard drives are going to meticulously delete material which has been paid for. The law will turn people inheriting the physical assets into copyright infringers.

Europe missed a chance to resolve these problems in the Consumer Rights Directive in 2011, although some improvements to the digital market have been made.

But the problem isn’t going away. In many cases, where material is downloaded from a single account like iTunes, the excuses for denying transferability are extremely flimsy. Copyright needs to work for people who are investing in their collections, and the inheritability of your collection is a key missing right.

Someone needs to take on Apple and Amazon. And we don't need to wait for Hollywood stars to do it.

[Read more]


August 24, 2012 | Peter Bradwell

Privacy advocates write to Interception of Communications Commissioner

There appear to be mistakes in the report from the Interception of Communications Commissioner that lead him to underestimate how often communications data is mistakenly shared. We've written to the Commissioner to ask why.

Today ORG, Liberty, Privacy International, Big Brother Watch and Professor Ross Anderson of University of Cambridge will write to the Interception of Communications Commissioner to ask about apparent mistakes in his 2011 report into how effective the RIPA oversight regime is.

In his report the Commissioner tries to calculate the 'error percentage' in RIPA requests. Which is basically a way of trying to say how often mistakes are made by those with powers to request data under RIPA. The consequence of these sort of mistakes is information potentially being disclosed when it should not.

The figure has been used by the Home Office to demonstrate how few errors there are and how well RIPA works to guard against unauthorised use - for example the 2010 figure (which was 0.3%) is cited in their Privacy Impact Assessment for the Snooper's Charter (or to give it its official name the draft Communications Data Bill). In his 2011 report, the Commissioner states that the figure is 0.18%. 

However, we're pretty sure this is incorrect. The figure seems to have been worked out by dividing the number of errors he has discovered or had reported to him by the total number of RIPA requests. But the IoCC and his team don't look at every single request. They take a sample. And the sample size is not published.

As we say in our letter, that means the reported error figure of 0.18% is effectively useless. Assuming we're correct, it only identifies the error percentage rate for the total number of RIPA requests if the Commissioner is confident that there are zero further errors in the uninspected requests.

We have already asked for more information about this. The IoCC said they could not publish it. Further, the Prime Minister's Office have acknowledged they hold the relevant information but consider it exempt from the FOI Act for national security reasons, and are considering the public interest in disclosure.

A clear picture of the error percentage is important to help us judge whether the powers to collect and access communications data are working. At the moment, this problem is getting in the way of a proper consideration of the draft Communications Data Bill - which is proposing to extend the current oversight regime to a much broader set of data.

So it needs clearing up. You can read the full letter below.


Friday 24th August 

Dear Sir Paul,

We are writing to you about the number of errors you discovered through your team's inspections, and to express concerns about the conclusions you draw regarding the overall ‘error percentage’ in RIPA requests for communications data.

We welcome the increased breadth of information disclosed in your 2011 Annual Report. Transparency is an important part of any effective scrutiny regime, and at no time is this function more vital than when safeguarding against the unlawful access of private communications data.

Of the 494,078 requests for communications data in the reporting year 2011-2012, you state that “895 communications data errors were reported to my office by public authorities”. Later in the document, you disclose that 99 of those errors were identified by your own inspectors, and not reported by public authorities. Thus, 11% of all errors identified within the Report were only uncovered following your inspections, which examined a random sample of those 494,078 requests. This figure demonstrates the importance of independent scrutiny, and we laud your transparency in permitting its disclosure within the report.

We note, however, that you do not detail the size of the sample inspected, making further accurate independent analysis of this aspect of your report impossible. Based upon those 895 identified errors, you declare that the “overall error percentage rate” is 0.18%; a conclusion we assume to have been reached by the following calculation:

(895/494078) x 100 = 0.18%

Your inspectors have not examined each of the 494,078 requests but, rather, a subset of that total. Thus, with respect, your ‘error percentage rate’ cannot be correct: the calculation assumes that within the uninspected remainder there are no further errors.

A more accurate (although still imperfect) calculation would establish the “error percentage rate” of the random sample, and apply that percentage to the total number of requests. If we assume, for example, that 10,000 requests were scrutinised by your team, the 99 errors identified would equate to an “overall error percentage rate” five times greater than your conclusion within the report:

(99/10000) x 100 = 0.99%

On this assumption, there remain a further 4784 undiscovered errors within the pool of 494,078 requests.

A clear picture of the error percentage is critical for determining the necessity and proportionality of powers used to collect and access communications data. It facilitates a proper understanding of the likely 'collateral intrusion', and helps us to understand the likely frequency of false positives. 

We are concerned that a lack of clarity, or imprecision, in the analysis of error rates under the current RIPA regime may be inhibiting proper scrutiny of the draft Communications Data Bill. For example, the overall error percentage rate from 2010 (0.3%) is cited on page 11 of the Home Office's Privacy Impact Assessment for the draft Bill as evidence of how robust the current oversight regime is. As we explain above, we are unable to accept the accuracy of this figure.

Accordingly, we appeal to you to clarify how your calculations are made and what advice on statistics you have had, and to disclose the number of requests your team inspected.


Yours sincerely,

Professor Ross Anderson FRS FREng, University of Cambridge
Gus Hosein, Executive Director, Privacy International
Jim Killock, Executive Director, Open Rights Group
Nick Pickles, Director, Big Brother Watch
Rachel Robinson, Policy Officer, Liberty

[Read more] (1 comments)


August 07, 2012 | Peter Bradwell

Initial Obligations Code needs rewriting. Again.

ORG has written to the Minister Ed Vaizey MP explaining why we believe the Initial Obligations Code still isn't good enough.

Last week, the Minister for Culture, Communications and Creative Industries Ed Vaizey MP wrote to ORG, explaining how he understood the position of libraries and universities under the revised 'Initial Obligations Code'. (The Initial Obligations Code is the instrument that sets out in detail how the Digital Economy Act will work).

We replied today, asking for approval of the Code to be withheld and that DCMS instruct Ofcom to rewrite the Code once more. (The Code requires the approval of the Secretary of State Jeremy Hunt MP).

You may remember that in our submission to Ofcom's consultation, we asked them to have another go at writing the Code. That is because we think it still leaves cafes, hotels, libraries and other providers of wifi to the public with no clarity as to whether they will be considered 'subscribers' and be the subject of Copyright Infringement Reports. Despite the increasing importance of a widely available 'infrastructure' of publicly available wifi internet access, the Code does nothing to address the position of those providing that access. 

This is what we explained to the Minister in our reply today. We also set out how important wifi access has become to Internet users in the UK, and that it would be damaging for the Government to be taking steps that disincentivise the provision of wifi. 

You can read our letter below. The Minister's letter to us is available here (pdf). 

 

7th August 2012

 

Dear Mr Vaizey,

Thank you for your letter of 2nd August regarding the revised Initial Obligations Code, which included an explanation of your understanding of the position in which libraries and universities now find themselves under the Code.

We certainly recognise and welcome the work that Ofcom have put into the revised Code. However, we believe it still does not provide the requisite level of certainty for wifi providers, from libraries through to cafes and hotels, as to whether they will be considered 'subscribers' and as a result be the subject of CIRs. As a result the Code will likely act as a disincentive to the provision of public wifi and undermine a key plank of the UK's Internet infrastructure.

Given the likely low levels of infringement on such networks, this is a significant cost for little gain in terms of a reduction in levels of copyright infringement. We suggest that approval for the current Code is withheld pending a further revision that explicitly addresses the position of these wifi providers. In this letter we focus on this issue, suggest how this might be achieved, and explain why we think it is important to do so.

DCMS and Ofcom say that it is 'likely' that public intermediaries will be classified as non-qualifying ISPs rather than subscribers. We are far from certain this will be the case. Unfortunately, the appeals body does not have the power to issue such binding guidance.

We contrast this to the stance that Ofcom have taken with large wifi providers, who are explicitly excluded from the scope of the Code because “inclusion is likely to lead to them incurring substantial costs to achieve a minimal reduction in overall levels of online copyright infringements.” We note no such analysis been undertaken for other providers.

If the current explanation is a recognition that libraries and other wifi providers are in a problematic position then there is little reason to avoid properly clarifying the issue with certainty now.

This should be possible. Ofcom have claimed that they are prevented from exempting libraries and other wifi providers because this was not the intention of the government when the Act was passed. We do not agree that the will of the past government continues to have this effect.

It is within Ofcom's powers to deal with the central issue: ensuring that wifi providers, including for example libraries, cafes and hotels, will not be considered subscribers that can be subject to CIRs under the Code. Ofcom can create a class of entities which cannot be the subject of a CIR under section 124(A) of the Digital Economy Act. We suggest that they do so through a further revised Code. Failing this, DCMS should provide Ofcom with an instruction to this effect.

We consider this to be such a vital issue because public wifi availability has grown in significance for Internet users in the UK.

As we detailed in our submission to the consultation on the revised Code (which we have attached to this letter), Ofcom's own research demonstrates the importance of broadly available wifi infrastructure. The most recent Ofcom market report suggests that 81% of smartphone data traffic was carried over wifi in January 2012. Similarly, the Oxford Internet Institute's Internet Survey 2011 defines the 'next generation' Internet user as being 'someone who accesses the Internet from multiple locations and devices.' Many providers of wifi have repeatedly asked for clarity and suggested that without it they may withdraw wifi provision. The Act and Code effectively kills off open wifi and places disincentives to the continued proliferation of wifi spots in the UK.

Given how easily this could be resolved, we see no reason to avoid taking definitive action on this problem now. We suggest that approval is withheld for this version of the Code, and that Ofcom produce a further revised Code that properly addresses the substantive issues identified by so many over the past two years.


Yours sincerely, 

Jim Killock
Executive Director

[Read more]


August 06, 2012 | Peter Bradwell

Consulympics: opportunities to have your say on tech policies

There are loads of opportunities to have your say on technology policies over the next few weeks.

You may have noticed that there is currently an international sporting event going on in London. You probably have noticed. Olympic fever has monopolised most people's attention, hearts and their minds. And of course the title of this blog post is a slightly clumsy and obvious attempt to make various technology policies seem like they are as viscerally entertaining as beach volleyball, artistic gymnastics or the heptathlon. Which they probably aren't. To most people anyway.

But there are lots of really important consultations going on at the moment which will go some way to determining all sorts of policies, from the way public bodies anonymise data, through the government's position on 'parental controls' and internet filtering, to new powers for surveillance. There are at least six consultations, to be precise. It would be a shame if they crept under the radar.

As always, your voice can make a real difference. If you feel like these will affect you, that you are particularly interested in the issue, or have useful evidence, we'd strongly urge you to submit something. 

Here is a general overview of the consultations, with some relevant reading and links to the relevant documents - we'll post more on each of these closer to their deadlines. Here's what's happening, in order of the deadline for submissions (nearest first). So if you're bored of the Olympics, need a break from all the sport, or were never interested in the first place - these should keep you busy. 

1. Consultation on a draft anonymisation code of practice

2. Communications Data Bill Joint Committee consultation

3. Parental Internet controls consultation

4. 'Midata' consultation

  • Deadline: September 10th
  • What is it? MIDATA is an initiative that 'seeks to give people access to their personal data in an electronic re-usable format' - in other words, an effort by government to get businesses releasing more data to consumers about their use of that service. "The consultation seeks views and opinions on a proposal to create an order making power, which if utilised, would compel suppliers of services and goods to provide to their customers, upon request, historic transaction and consumption data in an open standard machine readable format."
  • Additional note: "We are also running a series of Open Forums over the consultation period at the BIS building, 1 Victoria Street, SW1H 0ET. The dates are as follows: Thursday 9th August, 3-5pm; Thursday 16th August, 3.30-5.30pm; Thursday 23rd August, 3-5pm. Please emailmidata@bis.gsi.gov.uk for more information."
  • Useful reading:

5. Digital Economy Act Sharing of Costs Order consultation

  • Deadline: September 18th
  • What is it? Ofcom "are consulting on the implementation of an order to be made by the Secretary of State - The Online Infringement of Copyright (Initial Obligations) (Sharing of Costs) Order (the "Costs Order"). This Costs Order will require Ofcom to set fees payable by Copyright Owners to ISPs and to Ofcom if they intend to take advantage of a notification scheme in relation to online infringements of their copyright." Issues include £20 appeals fee. 
  • Useful reading:

6. European Commission 'net neutrality' consultation

 

Update, 22nd August 2012:

7. European Commission 'notice and takedown' consultation

  • Deadline: 5th September
  • What is it? Essentially trying to establish the issues with how processes for taking down material from the Internet should work. It's called 'A clean and open Internet: Public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries', and the objectives to contribute to developing legal certainty, trust and therefore growth in (cross-border) online services, thus enhancing the functioning of the Digital Single Market; to contribute to combating illegality on the internet; and to ensure the transparency, effectiveness, proportionality and fundamental rights compliance of notice-and-action procedures.
  • Useful reading:

 

[Read more]


August 01, 2012 | Peter Bradwell

Creators and mergers in the music business

There are some big changes afoot in the music industry at the moment. Universal Music Group are trying to buy the recorded music part of EMI for $1.9 billion (see this and this for some coverage).

Opinions have been varied and robust (see the American Assn. of Independent Music statement, for example). The UK Government yesterday expressed a sort-of opinion on the matter, with Secretary of State Jeremy Hunt saying: "As far as the specific deal is concerned, that is a matter for the competition authorities and is being looked at in Europe". Critics have said that it could concentrate power in the music industry, shrinking opportunities for access to the market. According to the Wall Street Journal, Martin Mills, chief executive of independent music group Beggars Group, said the deal 'would give Universal an unfair advantage in signing artists and gaining access to distribution, retail and media'. 

We've been monitoring this because we're interested in how the new landscape could or should affect musicians and their relationship with the big players in the business. Whatever the outcome of the attempt by Universal Music Group to buy EMI, it seems important that regulators consider the likely impacts on citizens not just in their role as consumers, but also as creators and performers both now and in the future. Digital technology brings opportunities to all of us to participate in culture and in markets. Allowing the incumbent businesses simply to divide up the market between them in a new way doesn't seem like a great stimulation to innovation.

So we've noted with interest the Featured Artists Coalition suggestion that artists involved should be given the chance to buy back their rights from record labels on fair terms. Those artists would then be free to re-enter the market in new ways and with business models far better adapted to the digital world. FAC say:

"This is an historic opportunity to create a more sustainable music industry – a future music industry more meaningfully described as a collection of individual artist businesses rather than specific sectors like records, publishing and live."

Here's their open letter to the Financial Times from 19th July in full:

"Sir, The views of Patrick Zelnik (“A Universal EMI merger could rescue the music business”, Comment, July 17) were as welcome as they were needed. His analysis was incisive, but his solution stopped one step short of perfect.

Divestments in the wake of mergers should first offer copyrights, at market rates, to the artists who created them. To sell them to other corporations, whether large or small, is just a perpetuation of an old business model, which has seen the recorded music business halve in value over 10 years. During that time, the technological revolution has displaced the old music business players. We do not need to repeat the mistakes of the past.

It would be good to have music business people rather than financiers owning and running music companies again. It would be even better to have artists owning their work and entering into partner relationships with service-providing major and independent record companies with all the finance and expertise an artist needs to develop their own business.

Top management at Universal has already concurred with this view. The concept of “turning the taps on” so that music catalogues are much more readily available to users, and copyright ownership is not an impediment to new services, would help build the artist-centric new music business that will benefit creators, investors and consumers.

Ed O’Brien, Radiohead
Nick Mason, Pink Floyd
Sandie Shaw

Co-Chairs,
The Featured Artists’ Coalition"


It seems like this proposed acquisition gives regulators a unique opportunity to think in these terms - about the position of the creator in digital markets - as they consider ways to protect against over-concentration in music markets. ORG supports this suggestion from FAC, and urges regulators in the UK, Europe, and elsewhere, as a matter of principle to put artists and citizens at the centre of their response. 

[Read more]


July 27, 2012 | Peter Bradwell

Calls for Ofcom to try again with the Digital Economy Act 'Code'

Yesterday was deadline day for Ofcom's consultation on the revised 'Initial Obligations Code' - the instrument that sets out how the Digital Economy Act will work in practice. This is the second iteration of the Code, following an initial consultation back in 2010.

We have put up our submission in our reports section. Thank you if you responded to our call earlier in the week to respond or to submit your story to us.

Since the previous consultation, Ofcom and DCMS have had two years to fix the problems. So it's frustrating that such important problems remain.

In our submission, we note in particular that Ofcom and the government have failed to address to issue of wifi providers, leaving providers of wifi access from cafes, hotels and bars through to libraries and universities with no clarity about their liability. Despite the increasing importance of a widely available 'infrastructure' of publicly available internet access, the Code does nothing to address the position of those providing that access.

We're not a lone voice. Consumer Focus call in their submission for the Secretary of State to withhold approval of the Code in its current form 'because it does not provide legal certainty on reasonable steps or for WiFi providers, business and public bodies which provide internet access to consumers'.

Mike O’Connor, Chief Executive of Consumer Focus said "Ofcom’s draft code does not provide clarity to WiFi providers, businesses or public bodies over who is responsible for copyright infringement carried out through a shared connection. We are concerned that libraries and universities could find themselves incurring significant costs which may result in them deciding to limit internet access. Hotels, pubs and cafes also face legal uncertainty. There is no evidence that significant levels of infringement occur on WiFi networks or the networks of libraries, which provide access to the web for those on low incomes and the 20 per cent of households without internet connection" and that they are "calling on Ofcom produce a revised Code which will respect legitimate consumer rights and help businesses and public bodies to continue to provide internet access to consumers".

Libraries, universities and other research institutions recently called for Ofcom to address the position of wifi providers, arguing that as it stands, the Digital Economy Act risks 'forcing public libraries, schools, colleges and universities to limit access to the internet.' 

We'll post more submissions to the Code as we see them.

We'll also be writing to the Minister Ed Vaizey echoing the calls for him to ensure a definitive solution to the remaining concerns with the Code, and asking him not to approve the Code in its current form.

 

 

[Read more]


google plusdeliciousdiggfacebookgooglelinkedinstumbleupontwitteremail