Tuesday, March 25, 2008

How Soon is Now?

.. as The Smiths once said.

I was reminded over the weekend about this post by sf writer Charlie Stross. It's a very interesting read on future gazing and why you're even less likely to predict accurately the near future than ever before. Stross argues that once it took 125 years for world wide acceptance of a technology - now it takes 16 or less. Such speed of change makes attempts by the always-catching-up law to regulate technology in any degree of specificity look ever more doomed. Another vote for Chris Reed's doctrine of creative inertia?

3 Strikes And You're Out talk from LSE conference

Ray Corrigan, one of the finest IT law bloggers on the block, has, incredibly helpfully, while I frolicked for the long Easter weekend, written up an account of my talk on the dubious legality of the posited "3 strikes and you're out" legislation which, if passed, would mandate disconnection of repeat filesharers in the UK from the Internet.

See http://b2fxxx.blogspot.com/2008/03/3-strikes-copyright.html (thanks Ray.)

There is also a third ground of possible illegality of any proposed "notice and disconnection" regime, , other than its transgression of due process and lack of propartionality with respect to human rights. I did not have time to get to this at the conference so Ray has not mentioned it - namely that in order to prevent an "it wasnae me" defense (as we say in Glasgow), legislation might also require the mandating of secured wi-fi for every user who maintains a wireless router. Without such a rule, every uploader could theoreticaly claim it was not them but a wi-fi piggy-backer who committed the "offence".

Currently, users are usually advised to make their wi-fi network secure, and most ISP T & Cs theoretically demand it, but many prominent security experts, notably including Bruce Schneier, deliberately keep their networks open (while maintaining high quality virus checking ware and firewalls for the security of their own data). they do son mainly on the grounds that the mobile Internet ought to be a public resource for those in transit or in public areas, like toilets or water fountains. Breach of a term imposing secure wi-fi only by an ISP may currently be a breach of contract which might conceivably lead the particular ISP in question to , legitimately, disconnect the user; but it would not, as "3 strikes" would, mean that user is then sent to Internet Coventry by every ISP in the country.

Cutting off the choice of providing public wi-fi to the user on pain of banishment from the Internet, raises obvious issues itself of infringement of freedom of expression and association. Avaiability of unsecured wi-fi in public areas, say, in parks or on streets or at emergencies, is also arguably , as Schneier and co believe, a public good. Given that, it should be asked whether a proper balance is being maintained if we legislate to ban an asset of general public interest, in order to protect the legitimate property interests of one narrow commercial sector. It also raises the question of whether a wi-fi operator might be a "mere conduit" under the E-Commerce Directive, Art 12, and if so whether, in effect, strict liability for other people's misdeeds can be imposed on such operators without infringing EC law.

This point is dealt with in my powerpoint which I believe will be soon up on the relevant website along with other slides from the day. Will add URL shortly.

I think the best point raised during the day which I had not really considered at all before, was how long a general ban or disconnection after notice would last. (I think this came from Michelle Childs, but I am not totally sure.) Does a foolish upload or two by a teenager in your house mean that dad and/or mum is banned from the Internet forever? Even when we talk of true criminal sanctions (and copyright is at root a civil matter), jail terms (bar "life means life" for murder) have to be of defined length. Do we want a world where ISPs are ordered by the content industry to patrol indefinite lifetime bans from the Internet? Would legislation include provisions for appeals after a certain time and has anyone thought through the due process ramifications? The more you think about it, the more damningly flawed the whole idea is.

In France, at least, the whole process is going to be under the supervision of an independent tribunal given directions by a judge. If we do end up going down this route in legislation, the French system should be the minimum starting point for transparency and due process. I hope instead however that the UK government and BERR will, after due consideration, decide this approach, with all its capacity for disproportionate human right infringement and errors in proof and process, is not a suitable way to police filesharing, when so many other routes exist.

Monday, March 17, 2008

Phorm an orderly queue

It might easily be said that the British just love creating problens with Phorms..

Here is the press release for the FIPR official letter to the ICO on the current Phorm controversy. It has my full support as a lucid and explanatory response to a pressingly potential worrying incursion into consumer privacy (disclaimer: I am member of FIPR advisory board.)

FIPR Press Release

For Immediate Release: Monday 17th March 2008

Open Letter to the IC on the legality of Phorm's advertising system
-------------------------------------------------------------------

The Foundation for Information Policy Research (FIPR) has today released
the text of an open letter to Richard Thomas, the Information
Commissioner (IC) on the legality of Phorm Inc's proposal to provide
targeted advertising by snooping on Internet users' web browsing.

The controversial Phorm system is to be deployed by three of Britain's
largest ISPs, BT, Talk Talk and Virgin Media. However, in FIPR's view
the system will be processing data illegally:

* It will involve the processing of sensitive personal data: political
opinions, sexual proclivities, religious views, and health -- but it
will not be operated by all of the ISPs on an "opt-in" basis, as is
required by European Data Protection Law.

* Despite the attempts at anonymisation within the system, some people
will remain identifiable because of the nature of their searches and
the sites they choose to visit.

* The system will inevitably be looking at the content of some
people's email, into chat rooms and at social networking activity.
Although well-known sites are said to be excluded, there are tens or
hundreds of thousands of other low volume or semi-private systems.

More significantly, the Phorm system will be "intercepting" traffic
within the meaning of s1 of the Regulation of Investigatory Powers Act
2000 (RIPA). In order for this to be lawful then permission is needed
from not only the person making the web request BUT ALSO from the
operator of the web site involved (and if it is a web-mail system, the
sender of the email as well).

FIPR believes that although in some cases this permission can be
assumed, in many other cases, it is explicitly NOT given -- making the
Phorm system illegal to operate in the UK:

* Many websites require registration, and only make their contents
available to specific people.

* Many websites or particular pages within a website are part of the
"unconnected web" -- their existence is only made known to a small
number of trusted people.

The full text of the open letter can be viewed at:

http://www.fipr.org/080317icoletter.html

QUOTES

Said Nicholas Bohm, General Counsel, FIPR:

"The need for both parties to consent to interception in order for
it to be lawful is an extremely basic principle within the
legislation, and it cannot be lightly ignored or treated as a
technicality. Even when the police are investigating as serious a
crime as kidnapping, for example, and need to listen in to
conversations between a family and the criminals, they must first
obtain an authorisation under the relevant Act of Parliament: the
consent of the family is not by itself sufficient to make their
monitoring lawful."

Said Richard Clayton, Treasurer, FIPR:

"The Phorm system is highly intrusive -- it's like the Post Office
opening all my letters to see what I'm interested in, merely so that
I can be sent a better class of junk mail. Not surprisingly, when
you look closely, this activity turns out to be illegal. We hope
that the Information Commissioner will take careful note of our
analysis when he expresses his opinion upon the scheme."

CONTACTS

Nicholas Bohm
General Counsel, FIPR
01279 870285
nbohm@ernest.net

Richard Clayton
Treasurer, FIPR
01223 763570
07887 794090

NOTES FOR EDITORS

1. The Foundation for Information Policy Research (http://www.fipr.org)
is an independent body that studies the interaction between
information technology and society. Its goal is to identify
technical developments with significant social impact, commission
and undertaken research into public policy alternatives, and promote
public understanding and dialogue between technologists and policy-
makers in the UK and Europe.

2. Phorm (http://www.phorm.com/) claims that their "proprietary,
patent-pending technology revolutionises both audience segmenting
techniques and online user data privacy" and has recently announced
that it has signed agreements with UK Internet service providers BT,
TalkTalk and Virgin Media to offer its new online advertising
platform Open Internet Exchange (OIX) and free consumer Internet
feature Webwise.

3. In a statement released on 3rd March the Information Commissioner's
Office (ICO) said:

"The Information Commissioner's Office has spoken with the
advertising technology company, Phorm, regarding its agreement
with some UK internet service providers. Phorm has informed us
about the product and how it works to provide targeted online
advertising content.

"At our request, Phorm has provided written information to us
about the way in which the company intends to meet privacy
standards. We are currently reviewing this information. We are
also in contact with the ISPs who are working with Phorm and we
are discussing this issue with them.

"We will be in a position to comment further in due course."

-

Reminder of March 19th filesharing conference

From Ian Brown:

Hi all - a reminder that this Wednesday afternoon we have a great
selection of speakers for our free OII/LSE event on music and copyright
(including from the ORG posse Becky Hogge, Richard Clayton, Lilian
Edwards and Wendy Grossman). Come along to find out what the government,
music industry, publishers and independent experts are thinking about
ideas like 3-strikes-and-you're-disconnected; scanning ISP traffic for
copyright works; and notice and takedown regimes.

Full programme at:
http://www.oii.ox.ac.uk/events/details.cfm?id=186

From Pangloss: apologies for radio silence. Giving 6 talks in a month while also teaching and trying to edit a book not best recipe for Constant Blogger :( I have lots to say, believe me..