January 08, 2008 | Becky Hogge

Pandora to shut off UK IP addresses from next week

Pandora, the US-based personalised internet radio service, has announced to its customers that it will be shutting down its service to all UK-based IP addresses as of next week. Back in July last year, Pandora blocked use of its service outside of the US because of what Tim Westergren, Pandora founder, described as "the lack of a viable license structure for Internet radio streaming in other countries". It kept UK IP addresses open, hoping to negotiate a viable license from UK collecting societies. Today, in an email to his UK-based customers, Westergren admitted defeat, and exited the European market with this caveat to the recording indiustry:

It continues to astound me and the rest of the team here that the industry is not working more constructively to support the growth of services that introduce listeners to new music and that are totally supportive of paying fair royalties to the creators of music. I don't often say such things, but the course being charted by the labels and publishers and their representative organizations is nothing short of disastrous for artists whom they purport to represent - and by that I mean both well known and indie artists. The only consequence of failing to support companies like Pandora that are attempting to build a sustainable radio business for the future will be the continued explosion of piracy, the continued constriction of opportunities for working musicians, and a worsening drought of new music for fans. As a former working musician myself, I find it very troubling.

Pandora's future is also uncertain in its homeland, the US, where it is fighting massive hikes in web radio royalty rates. has more details of their campaign stateside. - the UK's personalised internet radio service - has negotiated with individual record labels to ensure its service compensates artists fairly. Last year's sale of to media giant CBS for a reported £142m shows just what value might lie in personalised internet radio. Part of's business model is to gain commission from sales of music it has introduced to its listeners, supporting Westergen's assertion that services like Pandora and eventually only increase the revenue that flows to artists. But complex licensing schemes, and collecting societies unsure how to interpret the advances of innovative web radio companies, can get in the way.

Last week, the European Commission announced a new initiative which aims, in part, to create a legal framework to encourage creators and owners to make content available on line. But any new framework emerging from this initiative looks like it will be too late for Pandora.

[Read more] (4 comments)

January 08, 2008 | Becky Hogge

Consultation on proposed changes to copyright exceptions launched

I've just got back from the British Library, for the launch of a consultation into some of the changes to copyright law proposed by the Gowers Review of Intellectual Property. Those with long memories will recall that Andrew Gowers made several recommendations under the heading of "flexibility", with the intention of crafting the current law into one that was relevant to the way consumers, artists, librarians and educators expect to use content in the digital age. Only then, he maintained, would regular folk understand and respect the law.

The consultation launched today focuses on five of the recommendations, reproduced here:

Recommendation 2: Enable educational provisions to cover distance learning and interactive whiteboards by 2008 by amending sections 35 and 36 of the CDPA.

Recommendation 8: Introduce a limited private copying exception by 2008 for format shifting for works published after the date that the law comes into effect. There should be no accompanygin levies for consumers.

Recommendation 9: Allow private copying for research to cover all forms of content. This relates to copying, not distribution of media.

Recommendation 10a: Amend s.42 of the CDPA by 2008 to permit libraries to copy the master copy of all classes of work in permanent collection for archival purposes and to allow further copies to be made from the archived copy to mitigate against subsequent wear and tear. Recommendation 10b: Enable libraries to format shift archival copies by 2008 to ensure records do not become obsolete.

Recommendation 12: Create an exception to copyright for the purpose of caricature, parody and pastiche by 2008.

The first stage of the consultation is open until 8 April 2008. The Open Rights Group will be meeting with the UK IPO in the meantime, as well as submitting a formal response, to which we'd welcome your contributions on our interactive consultation tool.

At the launch event, the audience was dominated by groups representing artists and other rightsholders, although libraries and archives were also represented. Up on stage were Lord Triesman, minister at the Department for Innovation, Universities and Skills, Murray Weston of the British Universities Film & Video Council, Geoff Taylor of the British Phonographic Institute and Jill Johnstone of the National Consumer Council. British Library CEO Lynne Brindley kicked off proceedings with a speech that stressed the importance of balance between rightsholder interests and the public interest, and the need to make copyright both simple and also relevant to the digital age.

Those who welcomed the Gowers Review in 2006 might have been discouraged by Lord Triesman's insistence that it was "not the final word", and that exceptions for format shifting had to be narrowly defined; they should not, he stressed, permit legal circumvention of digital rights management (DRM) systems. However, the Minister was clear about the vital role evidence plays in policy-making around intellectual property and when questioned by the audience admitted that, while evidence of the economic damage caused by illicit filesharing is readily produced by industry, the economic value of "free" content has yet to be fully explored.

Murray Weston stressed how the archive of audio-visual material his organisation was responsible for maintaining had shed light on an aspect of human creativity which had previously been "the Cinderella of scholarship". Geoff Taylor predictably preached caution when creating new exceptions to the law and questioned Gowers' insistence that no levies be associated with the format-shifting exception. On the latter point, Jill Johnstone disagreed firmly: levies on recordable media were a blunt instrument that did not serve the consumer interest.

When questions were opened to the floor, the debate was momentarily hijacked by another Gowers recommendation altogether, number 39, which urges rightsholders and ISPs to come together to police illicit filesharing online. Lord Triesman re-emphasised the Government's view that this outcome was best achieved voluntarily, but hinted that, should no voluntary agreement emerge by late Summer, regulation to achieve such an outcome might be expected in November 2008.

Returning to the matter in hand, some members of the audience questioned the efficiency of such a laboured consultation when contract law so often trumped copyright law anyway, by compelling consumers to sign away their "fair use rights" before consuming digital content. And an author in the audience asked when he might expect to attend such an event and see creators on stage discussing rightsholder interests, and not representatives of the distribution industries.

Eager-eyed readers will notice the absence of Recommendations 11 and 13 from the consultation:

Recommendation 11: Propose that Directive 2001/29/EC be amended to allow for an exception for creative, transformative or derivative works, within the parameters of the Berne Three Step Test.

Recommendation 13: Propose a provision for orphan works to the European Commission, amending Directive 2001/29/EC.

It is unclear when such proposals will be made, or indeed who will be doing the proposing. Discouragingly, the UK Intellectual Property Office conclude on their website simply (and mistakenly) that the "Recommendation is to the European Commission". Still, hats off to the UK IPO for finally getting at least some of Gowers' most exciting recommendations on their way to implementation.

[Read more] (2 comments)

January 04, 2008 | Becky Hogge

Computer Misuse Act guidance published

Whilst ORG was on holiday, the Crown Prosecution Service published long-awaited guidance on section 3A of the Computer Misuse Act, which comes into force in April 2008 and outlaws making, supplying or obtaining "hacking tools". Back in 2006, when amendments to the Computer Misuse Act were discussed in Parliament, ORG echoed widely-reported concerns that the legislation was far too broad. The security community were especially alarmed that tools routinely used to test for vulnerabilities or to stress-test networks would be erroneously covered by the legislation.

The guidelines bring some good news for developers, in that the offence will not be triggered unless hacking tools are developed "primarily, deliberately and for the sole purpose of committing a Computer Misuse Act offence". However, the trigger for distribution offences - whether the tool is "available on a wide scale commercial basis and sold through legitimate channels" - should cause alarm amongst open source advocates.

ORG Advisory Council member Richard Clayton has provided excellent analysis of the guidance at Light Blue Touchpaper, and you can read up on the issue on the ORG wiki.

[Read more]

January 03, 2008 | Becky Hogge

MPs call for tougher data protection regime

The House of Commons Justice Committee has today released a report into the protection of public data. The report is a good summary of the state of play and, in particular, of developments since the Chancellor announced to Parliament in November last year that HMRC had lost confidential records affecting 25 million UK citizens.

The report recommends a data breach notification law, criminal penalties for data controllers who are responsible for reckless or repeated security breaches and greater powers and resources for the Information Commissioner's Office. Currently, the Information Commissioner receives roughly £10 million each year to conduct all of his data protection activities.

These recommendations echo those made by the House of Lords Science and Technology Committee in August 2007, recommendations that the Government rejected almost entirely. Perhaps the public outcry following the HMRC data security breach will help Government think again.

Today's report is explicit about the real risks associated with big databases containing personal data that are open to large numbers of licensed users, and mentions the children's database ContactPoint, as well as the planned National Identity Register. It also notes further risks associated with obligations to share data with EU member states:

"If data held by the Government is available for inspection outside the jurisdiction, then the importance of restricting the amount of data held, as well as proper policing of who had access to it, takes on even greater importance."

[Read more] (2 comments)

January 02, 2008 | Michael Holloway

Supporters Update - December 2007

Follow this link to read our December 2007 Supporters Update. Along with details of our recent media forays and major success for Canadian copyright activists, we ask that you contact your MP over the 'privacy timebomb' and that you get involved with consultations (on Freedom of Information and Data Sharing regulations).

[Read more]

December 21, 2007 | Becky Hogge

Gowers update

Over a year since Andrew Gowers made his recommendations for the reform of IP law, the UK Intellectual Property Office has finally announced a date for the first stage of a two-part consultation into modifications to the copyright rules so that private individuals, students and libraries can benefit from improved access to copyright material. A launch event will take place on 8 January at the British Library, and all interested parties are welcome to attend. Email copyrightconsultation [AT] with your name, job title and the company or organisation you represent if you want to be on the list.

In his email inviting ORG to attend, Lord Triesman, the minister for intellectual property, assured us that he is "eager that all interests should make the fullest use of the consultation." His speech to the Social Market Foundation last month [pdf] predicted much debate around Gowers' recommended format-shifting exception:

"[This] recommendation raises an interesting point: there are some people who believe that such a change to the law will provide the consumer with a ‘right’ to copy a DVD for example – but that is not the case. Any change in the law will merely provide an exception from infringement for certain limited acts, and will not override any terms and conditions which the consumer agrees to when he or she buys a DVD in the first place."

Meanwhile, the UK IPO has been quietly implementing Gowers Review recommendation numbers 46 and 47. Thanks to the IPKat for bringing ORG's attention to the fact that we had missed the deadline for putting forward a suitably open candidate to the new Strategic Advisory Board on Intellectual Property, a panel that will advise Government on IP issues. Since ORG is subscribed to a large number of UK IPO message lists, we were surprised not to be informed that recruitment was underway. So we've asked the UK IPO to consider a late application for SABIP from the Open Rights Group.

[Read more] (3 comments)

December 17, 2007 | Michael Holloway

Thanks for the party!


Thanks to all the guys and girls who brought their bonhommie and yuletide spirit down on Saturday for our xmas party. The strong turnout could be explained by our Copyfighters revival but then again maybe the promise of free drink and party bags brought the crowds in. Either way it was great to see so many ORG volunteers and supporters getting down and festive. Particular highlights for me were the 650 Santas who swept through the venue on a boozy rampage, my first-ever game of werewolf and singing happy birthday to Creative Commons.

CC cake

If you've uploaded photos of the night, please link them from the comments section below so we can all enjoy them. Also, please let us know if you want more Copyfighters in 2008. For the unitiated this informal, social event involves a trip to Speakers Corner for digital rights activists to vent on the day's most pressing issues. If there's sufficient support then we should bring it back.

Special thanks to Chris, Glyn, Sheila and Janita who helped pack the party bags. Most special thanks to Ian and Matthew from BBC Backstage who did much of the hosting and organisation.

[Read more]

December 14, 2007 | Becky Hogge

Write to your MP today: stop the Government's privacy timebomb

On Monday next week Kieron Poynter of PricewaterhouseCoopers will publish his report into the failures that led to HM Revenue and Customs (HMRC) losing 25 million confidential records about UK citizens claiming child benefit. The HMRC fiasco, and privacy debacles before and since, demonstrate a public sector culture of complete disregard for the privacy and security of individuals in the UK.

There will be a Ministerial statement about the Poynter Review in the House of Commons on Monday afternoon. If you haven't already, please write to your MP today and ask her or him to put your concerns to policy-makers during this session. This culture of disregard for personal privacy combined with the Government's continued belief in the aggregation and sharing of vast amounts of personal data across agencies is a privacy timebomb.

If you're unsure how to write an effective missive to your MP, then read the ORG wiki's handy guide. What follow are some key points and requests to put to your MP for you to choose from - click on the links for further ideas and resources.

You could also ask your MP to sign the Early Day Motion proposed by Annette Brooke MP which calls upon the Government to reconsider its decision to proceed with the children's database ContactPoint.

A culture of disregard

Discgate was not an isolated incident. Seven months before the DVDs went missing, HMRC had already established a practice of recording sensitive data onto DVDs, secured only with a password and dispatched via internal mail. Emails sent back and forth about this debacle, the largest ever data breach to hit the UK, cite cost as the reason given for not filtering personal details out of the data. But how much is your privacy worth to you?

This is not just about the HMRC. The ORG wiki's log of UK privacy debacles has been struggling to keep up with the public sector bodies who have been queuing up to admit data breaches since the HMRC announcement. The HMRC data breach may be the biggest but it was not the first and it will not be the last.

If you're MP is wondering why a junior employee was able to download the information to CDs in the first place, then they're in good company:

"I would question whether anybody should be allowed to download an entire database of this scale without going through the most rigorous pre-authorisation checks."

"It was a really shocking example of loss of security."

Information Commissioner Richard Thomas

"How you can have a system which allows you to copy a whole database onto a disk is of concern,"

"Clearly there are issues about when the data was accessed and by whom. They should have had access controls and authorisation levels to make it physically impossible to burn a disc off the database without the say-so of the chairman of HMRC. Why isn't the technology there to do that? It isn't rocket science."

Assistant Information Commissioner Jonathan Bamford

The Information Commissioner described the HMRC breach as "the worst the ICO has encountered" and said it called into question the security of the entire system of data sharing in government. He called for a review of the national identity register, a call which echoes a marked shift in public opinion on ID cards, and a recommendation for more debate about ID cards from thinktank Demos, who concluded a year-long study of data-sharing last week. The Government's data minister, Michael Wills MP, has said that plans for the national ID register need looking at again. Ask that your MP pressures the government to re-examine the flawed National Identity Register.

On 27 November, children's Minister Kevin Brennan announced an independent assessment of the security procedures surrounding ContactPoint, to be conducted by Deloitte. An Early Day Motion asking Government to go further, and consider recommendations to scrap the idea, is currently collecting signatures: please encourage your MP to sign.

The fairytale of biometrics

For people in technology, one of the most worrying developments since this crisis has been ministers' using it as an excuse to push for solutions based around biometrics, solutions that would actually increase the privacy risks we are exposed to. Six leading academics (including two Open Rights Group Advisory Council members) recently wrote to the Parliamentary Joint Committee on Human Rights to express their dismay at how biometrics are seen as a magic fix for improving security:

"These assertions are based on a fairy-tale view of the capabilities of the technology and in addition, only deal with one aspect of the problems that this type of data breach causes. ... Furthermore, biometric checks at the time of usage do not of themselves make any difference whatsoever to the possibility of the type of disaster that has just occurred at HMRC. This type of data leakage, which occurs regularly across Government, will continue to occur until there is a radical change in the culture both of system designer and system users. The safety, security and privacy of personal data has to become the primary requirement in the design, implementation, operation and auditing of systems of this kind."

Professor Ross Anderson, Security Engineering, University of Cambridge
Dr Richard Clayton, University of Cambridge Computer Laboratory
Dr Ian Brown, Oxford Internet Institute, University of Oxford
Dr Brian Gladman, Ministry of Defence and NATO (retired)
Professor Angela Sasse, Department of Computer Science, University College London
Professor Martyn Thomas, CBE FREng, Software Engineering, University of Oxford

These technologies are unproven and will not be ready for commercial deployment for another 15 years. Ask your MP to encourage the Government to listen to the facts on biometrics.

Brushing aside expert advice

Unfortunately, the skills and knowledge necessary for successfully procuring, managing and securing computer systems are not commonly possessed by Government Ministers or senior managers in the civil service. This might not be such a problem, were the Government to listen to the advice that has been readily offered by expert groups during the quest towards Transformational Government, and their warnings about giving thousands of people access to large, centralised databases. But then, why should it, when apparently it doesn't even listen to warnings from its own internal auditors?

"Again and again and again these warnings have been made in different contexts by expert groups and the Government has not been interested."

Professor Ross Anderson

We are living in an age where systems dealing with our identity must be designed from the bottom up not to leak information in spite of being breached. Perhaps I should say, "redesigned from the bottom up", because today’s systems rarely meet the bar. ... There is no need to store all of society’s dynamite in one place, and no need to run the risk of the collosal explosion that an error in procedure might produce.

Britain’s HMRC Identity Chernobyl - Kim Cameron (Microsoft's Chief Architect of Identity)

Ask your MP to encourage the Government to heed the warnings of these and other experts.

Together, we can stop the Government's privacy timebomb. If you haven't got time to write to your MP today, please write on the weekend. The more missives MPs receive on Monday morning, the more they will recognise the public mood on this issue, and the more likely they will be to raise their objections in Parliament on Monday afternoon.

[Read more] (1 comments)