Friday, 31 July 2009

Copyright – no time limit in England – Procol Harum case

Copyright is a right in property and (per Lord Hope) in English law there’s no time limit on claims to copyright (though the position is less certain in Scotland).

So held in the case involving famous band Procol Harum where Matthew Fisher (now a programmer, interestingly), who was responsible for the famous organ solo in the band’s classic song A Whiter Shade of Pale, sued (many years after the event) for recognition that:

  • he was a co-author of that song,
  • he was a joint owner in its musical copyright (40% share), and
  • the licence to exploit the work was revoked in 2005.

All 3 declarations were agreed by the House of Lords, except that the last point might need changing to keep open an issue as to whether the original record company’s rights had been assigned to another party.

One key lesson (this is not legal advice, just general information, seek specific advice on your own situation etc): especially when using session musicians (a slightly different situation, I know), it looks like it would be a good idea to make sure that:

  • their rights are assignable (if they’re over 18, that would help!), and
  • all their rights are in fact expressly assigned by the session musicians, including copyright in any riffs etc they make up.

I’m not an IP lawyer or even music copyright lawyer (yet), but I’d certainly thought things through enough that when I made a recording of my own music a few years ago I got an assignment signed by the session musicians I’d used (who’d been paid a fee for their services).

I’ve just skimmed the judgment, I’ve not read the case thoroughly yet; I may update this blog post once I do.

Links:

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

What UK ID card will look like, & other info & links

It’s been covered by other sources already (BBC, ComputerWeekly) but for future ease of ref for me & anyone else reading this blog, here are the pics and some relevant links:

The biometric identity cards will store:

  • photograph
  • name
  • date of birth
  • signature
  • gender
  • place of birth
  • nationality, and
  • issue and expiry dates
  • “a secure electronic chip that will store your facial image and two fingerprint images” (secure? maybe not…).

Front:


Back:
Huh? That looks suspiciously like my driving licence. But with added biometrics, of course.

I'm curious about "This area is reserved for observations". What sort of observations, exactly, apart from noting if you’re a peer of the realm?:

  • "Don't trust this person, a known terrorist"?
  • "Seen in some drunken photos on Facebook 5 years ago"?

I don't mind carrying a plastic card around with me; what I’m concerned about are the RFID chip and its security, and also the security of the database and who will be able to get access to my linked-up personal data, given the government's abysmal record of protecting citizens' data and preventing data breaches or data losses.

See also:

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Mobile broadband pricing & services – global comparisons

Mobile Broadband: Pricing and Services is an OECD Digital Economy paper of 30 June 2009 by Yasuhiro Otsuka of OECD, France which I somehow missed before.

This paper (from the abstract):

“provides an overview of prices, speeds and data caps of mobile broadband services. 99 and 58 operators in OECD countries are providing USB modem based and handset based services respectively with WCDMA/ CDMA-2000 technologies, while 4 are providing mobile broadband access with WiMAX technologies. The data show that there is a wide range of subscriptions available but with considerable variation between and within countries. Differences are most pronounced in countries where mobile broadband is in its infancy. The number of new mobile terminals and USB modems on the market is stimulating much wider use of mobile broadband by consumers. Prices, as well as caps, need to be adjusted for the consumer market which is more price-sensitive.”

Otsuka, Y. (2009), "Mobile Broadband: Pricing and Services", OECD Digital Economy Papers, No. 161, OECD publishing, © OECD. doi:10.1787/222123470032

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Thursday, 30 July 2009

Grandson of “DRM for news”

Yet another update to my blog post on Associated Press’s trumpeted “DRM for news” (I believe in trying to keep related things in one place for ease of future ref).

Citizen Media Law Project have a good article on the saga, where the second half analyses the US legal issues and a number of relevant past cases e.g. “hot news”, including a couple involving AP itself.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

The impact of the crisis on ICTs and their role in the recovery – OECD report

The OECD have recently a report "The impact of the crisis on ICTs and their role in the recovery" (published 28 July 2009).

From their summary of the report:

“A sudden upturn in global sales of information and communications technology (ICT) goods in May and June suggests the ICT industry may have reached a turning point and be on the road to recovery..”

From the report itself:

[p.4] There are signs of recovery, with the rate of decline bottoming out and turning up in the most recent cyclical data (May/June 2009), with positive month-on-month growth for most countries, and inventories running down sharply… In general, despite a very difficult first quarter large firms in the ICT sector were stronger at the end of Q1 2009 than following the 2001 dot.com bust…

[p.5] Economic stimulus packages to address the economic crisis affect the ICT sector directly and indirectly. The immediate aim of these packages has been to restore the health of the banking sector and stimulate demand in the short-term; re-financing banks, injecting cash into the economy and protecting jobs. These measures may help counteract downward pressures on the ICT sector and sustain the diffusion of ICTs. Most governments also plan to foster growth through long-term investments which have potentially providing an anti-cyclical stimulus on the supply-side. In many cases these long-term plans are directly related to the ICT sector or ICT applications, including “smart” applications in urban systems, transport systems, electricity distribution, etc. The question is how current ICT policies should be maintained or rethought in the context of the economic crisis and what is the appropriate balance between continuity in proven ICT policies and change in the form of ad hoc crisis measures.”

The economic stimulus measures mentioned include extending broadband geographically and upgrading to fibre, and planned investments in green technology, as well as modernising existing infrastructure, services and institutions.

The following chart is from page 34 of the report (click on it for a bigger version):

See also the biennial OECD Information Technology Outlook.

(Excerpts above © OECD, 2009, from The impact of the crisis on ICTs and their role in the recovery. The report was prepared by an OECD Secretariat team consisting of Arthur Mickoleit, Christian Reimsbach Kounatze, Cristina Serra-Vallejo, Graham Vickery and Sacha Wunsch-Vincent, under the direction of Graham Vickery, OECD Secretariat, for the OECD’s Committee for Information, Computer and Communications Policy (ICCP Committee) and the Working Party on the Information Economy (WPIE) .)

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

House of Commons e-Petitions?

Computing reports that the government may consider e-petitions to the House of Commons:

“It is understood that the intention is for e-petitions that gather more than a set threshold of support online to be allocated that time slot on the Parliamentary agenda, effectively forcing MPs to debate the popular public issue of the day.”

Their news report was based on the government’s response via Barbara Keeley to  the House of Commons Procedure Committee’s First Special Report e-Petitions: Call for Government Action: Government Response to the Committee’s Second Report of Session 2008–09 (PDF version).

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Open Video Conference - video & journalism, art, politics etc -– videos available

Communia reports on New York University Law School’s first Open Video Conference, which covered “a wide number of topics, from the nitty-gritty world of metadata interoperability, democratization and journalism, interests of commercial players, to novel ways of production and the role the ‘pirates’ are playing…on software, politics, journalism, art, education, industry, business, technology, culture, communication, freedom, and democracy.”

From the Open Video Conference site:

“Web video holds tremendous potential, but limits on broadband, playback technology, and fair use threaten to undermine the ability of individuals to engage in dialogues in and around this new media ecosystem.

Open Video is a broad-based movement of video creators, technologists, academics, filmmakers, entrepreneurs, activists, remixers, and many others…

Open Video is the growing movement for transparency, interoperability, and further decentralization in online video…

…Open Video is about the legal and social norms surrounding online video.”

Videos of conference sessions are now available (feed for future uploads of videos) and there are also various reports of the conference.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Tory shadow minister criticises UK cybersecurity strategy

An article in ComputerWeekly by Crispin Blunt, shadow minister for home affairs and counter-terrorism “Government’s cyber security strategy is a lost opportunity”, criticises the government’s Cyber Security Strategy – the plans to set up a Cyber Security Operations Centre (CSOC) and The Office of Cyber Security (OCS) within the Cabinet Office seemingly without considering the coordination of existing departments / agencies having a cyber-security remit, and the “culture of information hoarding”:

“There is no consideration within the strategy of how we would respond to a cyber attack. No mention can be found of a framework for response or who would lead it. There is no discussion of issues such as back up communications networks for security and emergency personnel…

The Cyber Security Strategy for the United Kingdom is a master of the formulaic jargon we have come to associate with the Labour government, but this cannot hide the fact that is almost totally devoid of substance…

A Conservative government will set up a National Security Council to deliver a strategy for the UK. That strategy will flow from a comprehensive security and defence review. The lines of authority and responsibility will be clear.

One of the most urgent tasks is to deliver international cooperation between states on cyber issues.”

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Wednesday, 29 July 2009

Defamation on Twitter

Scary news from the BBC that Amanda Bonnen, a Chicago apartment block tenant, is being sued in the USA for defamation by Horizon Group Management because she tweeted in May 2009 that: "Who said sleeping in a mouldy apartment was bad for you? Horizon really thinks it's okay."

While Ms Bonnen had recently moved out, Horizon had never discussed the tweet with her or asked her to take it down.

Horizon, who’s seeking $50,000 (£30,900) in damages, claimed the tweet was "published throughout the world" and severely damaged its good name.

Ms Bonnen had just 20 followers on Twitter at the time (her Twitter account’s since been deleted).

Even in the UK, which is known for its claimant-friendly defamation laws and consequent “libel tourism”, the courts have held that message board / bulletin board / forum postings are more akin to slander than libel, and can be protected as “fair comment” as long as they don’t cross the line (Smith v ADVFN Plc & Ors [2008] EWHC 1797 (QB) (25 July 2008)) -  forum posts are more like “saloon bar moanings" (Sheffield Wednesday Football Club Ltd & Ors v Hargreaves [2007] EWHC 2375 (QB) (18 October 2007)).

It seems to me that this reasoning applies even more strongly to a tweet.

It will be interesting to see what the US court rules, if this goes to trial.

(For anyone who doesn’t know, Twitter is a micro-blogging site where people post short messages (“tweets”) of up to 140 characters. If you don’t “protect” your tweets, anyone can read them, although in practice unless you sign up and “follow” someone, or do a search or standing search, you’re unlikely to see their tweets. Most tweets aren’t protected.)

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Location data / geographic data – INSPIRE View services, Discovery services technical guidance

INSPIRE - Infrastructure for Spatial Information in Europe – is an EU Directive “to create a European Union (EU) spatial data infrastructure. This will enable the sharing of environmental spatial information among public sector organisations and better facilitate public access to spatial information across Europe.” I.e., inter-operability of spatial data (INSPIRE Directive and implementing legislation / rules.)

The INSPIRE View Service Technical Guidance (Version 2.0) has just been published. This explains how to implement INSPIRE View services based on the INSPIRE View Services Implementing Rule.

Technical Guidance Discovery Services, version 2 was published last week, and identifies the recommendations and implementation guidelines for Discovery Services to comply with the INSPIRE directive.

See the INSPIRE Network Services page for  the Draft Regulation on INSPIRE Discovery and View Services and more guidance and technical documents, including e.g.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Tuesday, 28 July 2009

Son of “DRM for news”

I’d previously blogged the Associated Press’s announcement about a new system they were going to use to “wrap” their content to track its usage.

And  yesterday I updated my blog post following a comment, in order to clarify that as far as I could see from what the AP had said, it wasn’t DRM in the sense that people normally understand it - which is why I had used quotation marks in the first place.

I’ve now further updated my blog post on Associated Press’s “DRM for news” to refer to an excellent article by Ars Technica which also can’t figure out how on earth hNews can be used to “wrap” and “protect” content in the all-encompassing way that the AP seem to be suggesting.

I.e., it can’t be: “one is struck by the thought that perhaps the AP has been snookered into believing that it's getting "DRM for news," when in reality it's simply using an open-source news metadata markup language with Creative Commons rights expression”!

The article also highlights contradictory statements by different AP officials as to their attitude towards people who copy even part of their content, and links to a wickedly funny graphic that makes fun of the AP scheme (warning: don’t click that link if you are anti swear words!)

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

BrightTalk review - free webcasts on security, identity, privacy & many more subjects

I’ve just come across BrightTALK’s free webcasts. A webcast, as they describe it, is “an interactive, online audio/visual presentation (live or recorded) with audio and a synchronized slide show.” Here, you just watch via your browser.

Information security, privacy, identity talks

There are numerous “channels” including one on “Information Security” which hosts lots of webcasts on issues of security, identity and privacy.

Here’s their feed of upcoming talks on Information Security including e.g.:

Interestingly there are talks by lawyers as well as people from the technology industry, e.g. Privacy, Network Security and the Law - mostly by US lawyers, although there's one UK one, Overview of Legal Issues Affecting Web 2.0 Privacy.

Topic channels are not restricted to technology. Other channels include Media and Marketing, and Environmental Law, even Forensic Science and Financial Services. (There’s some duplication of certain content across different channels.)

General review / overview

BrightTALK is clearly aimed squarely at the corporate market for professional education and training – to register you have to provide job title and level as well as some information about your organisation.

They use the freemium business model. It’s free to register with BrightTALK to view live webcasts (which can be played back after the event). But if you want to run a live interactive broadcast of more than 30 minutes once a month, you have to pay a monthly fee (premium, enterprise), which gets you subscriber information / metrics too, and the ability to email subscribers (Webcasters’ FAQs.)

This of course provides good marketing opportunities for businesses – there were 58 people who listened in on the webcast this morning on “The Future of IAM is FIAM” (federated identity and access management), which I cover in another post on the new UK federated trust scheme British Business Federation Authority (BBAF).

While I’ve not worked out BrightTALK’s quality vetting mechanism yet (for the starter channel at least, it seems anyone can just sign up for free and just start broadcasting), I imagine that charging to webcast at more than just a basic level will restrict the “heavy” webcasters to serious businesses.

And indeed, from the organisation names I’ve seen in the Information Security channel, many are well respected enterprises.

How user friendly is it?

Really very intuitive. You attend or replay webcast sessions on any web browser that supports Flash, i.e. all modern web browsers will work. Click Details for info on the session. (Test your system; Viewers’ FAQs.)

As mentioned earlier, the webcasts are basically videos of slideshows with audio narration, and voting. Yes, broadcasters can run live polls and audience votes are tallied and displayed immediately. (Use the Vote button show above to review the questions and votes, including when playing an archived webcast.)

Participants can also type questions in live ("Ask a Question") and share webcasts (by emailing a link etc), and there’s even a Twitter stream per webcast with hashtag pre-filled in, so you can live tweet it during the event.

Some issues

Broadcaster information

I’ve not been able to find a webcaster profile yet, e.g. if you want to find out more information about the person who gave a webcast, like contact details. Maybe someone can enlighten me as to where they’re hidden, if I’ve missed it? In the “The Future of IAM is FIAM” talk the speaker said he would give his email details (presumably during the talk), but again I couldn’t see or hear any.

If I’m right and there are no “webcaster profiles” (there certainly weren’t any linked from the webcasts I’ve watched so far), I think that is very bad.

If I was paying a few hundred quid a month for the privilege of marketing my business, I’d want there to be a very easy way for my potential customers to reach me. I.e. click through to my contact info from the webcast.

BrightTALK really ought to provide detailed contact pages for premium / enterprise users, clearly linked to from all webcasts of that user, pronto (listing all the webcasts that organisation or person has produced).

Also, some details from certain descriptions were cut off when as a viewer I clicked Details. Again, BrightTALK should provide more space for paying broadcasters to set out their information and bio.

Searching / finding channels

You can search all webcasts, but I’d really like to be able to just search or browse channels. There are quite a lot to just wade through page by page (174!) and they aren’t even in alphabetical or hierarchichal-by-topic-and-subtopic order, as far as I can see.

Upcoming webcasts

The feed link for a channel isn’t on the main channel page. I found the link I gave above by clicking the “Share” button for a webcast, which enables you to enable a link to it to someone else, Digg it etc.

To me, “Share” for a particular webcast video isn’t the obvious place to look for a feed for the whole channel.

There needs to be a clear feed link on the page for each channel with autodiscovery.

Slides

They should allow subscribers to download the slides during (or after) a webcast. Again I couldn’t find any links.

Overall

Overall, though I think it’s an excellent service, and I wouldn’t be surprised if they weren’t actually making money from this. The webcasters seem to be mainly American, but anyone can sign up – I expect there will be more from the UK and Europe in time.

I certainly plan to watch many of the BrightTALK webcasts soon, especially those relating to Information Security.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Identity credentials for employees - new UK federated trust scheme British Business Federation Authority (BBAF)

There are plans for an ID credentials scheme for workers in UK businesses, which, who knows, might even end up being used more broadly instead of a national ID card.

Yesterday ComputerWeekly reported on a new cross-industry identity scheme which aims to enable UK regulated industries (initially intended to be financial services, telecommunications, aerospace and defence, pharmaceuticals, energy and law) “to trust how each other identify and authenticate their employees”.

A new organisation has been set up called the British Business Federation Authority (the article says as a new company, but they don’t appear on a Companies House search I tried, nor do they seem to have any website yet).

The BBAF will coordinate the development of the necessary protocols for the acceptance of employee credentials (e.g. smart card or software certificate), “with different levels of assurance, in different locations, across different industries, and potentially across national borders.”

The scheme is intended to include “geographic awareness for location based services, data loss prevention and common federation components in enterprise architectures”.

Its governance model is to be based on existing best practice e.g. the Kantara Initiative, NIST and ISO, and it’s currently being steered by the cross-domain enabling group (XDEG) whose members include parliamentary-industry forum Eurim, the British Computer Society, the Institution of Engineering and Technology, and Oxford University and London School of Economics academics.

It’s interesting that Patrick Curry, director of Clarion Identity and spokesman for the scheme, told ComputerWeekly that this scheme, which might get going as early as January 2010, would operate independently of the proposed UK national ID card scheme.

Coincidentally (or maybe not) Patrick Curry also gave a 50 min webcast earlier today entitled “The Future of IAM is FIAM” (federated identity and access management), at the request of the BCS. It’s worth playing through (you have to register before you can play it back, it’s free to register), even though he seemed to assume all listeners were male! (“guys”…) (I have written a review of the BrightTALK webcasting service in a separate blog post.)

He clearly thinks that inter-operability and collaboration are essential, for which a federation model is needed, and that mechanisms for selective disclosure of private information are critical. I couldn't agree more.

He shows a slide of the proposed structure of BBAF at about 42 minutes in (slide no. 23 on the slider), shown below in low resolution purely for the purposes of illustrating this report on his talk and the news about the formation of the BBAF:

If you're already familiar with the field and just want to hear his summary and thoughts on the future, just watch from that point i.e. about 42 minutes in. (The earlier part is an overview of identity and access management generally, key drivers, issues and challenges for government, enterprise and citizens.)

Here’s something else he said which I found particularly interesting:

“…There is a requirement for appropriate anonymity and pseudo-anonymity and privacy, and those do need to be addressed. But market forces will prevail, I'm suggesting, led by industry to meet those employee requirements, but consumers will benefit from the back of that.

The crucial question is how far employee credentials could be used as the basis for trust in your citizen function. We haven't seen a lot of that yet but we expect that to happen, and governments will be issuing credentials more just to prove citizenship and ID, but not really much more function than that. Why? Because most of the entitlement activity will take place in the back end...

Some of the credential issuance procedures [for authentication and authorisation] will be more distributed. Why? Because you’re going to get a credential maybe at work that you're going to use in private life, or vice versa...”

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Financial markets trading

A detailed article in Ars Technica The Matrix, but with money: the world of high-speed trading explains "high-frequency trading" (HFT) and how most financial trading is high speed supercomputer trading against high speed supercomputer, including software algorithms (algos) & stat arbs, dark pools and hardware:

“…The ECNs [electronic communication networks, which have largely replaced trading floors] offer the advantages of speed, anonymity, error minimization, and audit trails. They've also "ported" many of the problems endemic to electronic networks—security vulnerabilities, the "garbage-in, garbage out" (GIGO) problem, and the problem of technology moving too fast for lawmakers, to name just three—from the Internet to the markets. But the problems with ECNs are a topic for another day. The real issue is that when the average retail investor gets an E*Trade account and tries to play the stock market, she typically has no idea that she's going up against the market equivalent of IBM's chess grandmaster-thumping supercomputer, Deep Blue…

Experts guess that between 60 and 75 percent of the NYSE's daily trading volume is just computers trading against one another using a variety of strategies…

…Rather, they focus on executing as many trades per second as possible and on turning a small profit (often pennies or fractions of a penny) on each trade…”

On the human elements of financial markets trading and the impact of psychology and people on financial markets, these may be of interest:

See also New Scientist article “Falling out of love with market myths” by Terence Kealey, who also highlights the flaws in economics theories on perfect markets, rational expectations and efficient markets – though this is mainly in a different context, that of arguing against government funding of research, which he says is based on a false view that there is a market failure in knowledge and science:

“While bankers were busy promoting models of market success, research-based enterprises were equally hard at work promoting their own false model of "market failure" to justify government subsidies for their endeavours…. [A 2003 OECD study showed] only privately funded R&D led to economic growth, and that publicly funded R&D did not. Worse, the public funding of R&D crowded out private funding, and thus slowed economic growth…. The idea of market failure in knowledge and science is therefore wrong - though it persists universally in research-based enterprises… But because the idea prevails, scientists lose out: as the OECD showed, government funding of research crowds out more money than it supplies, thus driving down research budgets, researchers' salaries and the self-worth of researchers.”

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Monday, 27 July 2009

RFID in EU healthcare : privacy concerns an obstacle

Healthcare / medicine is one area where RFID chips could be put to good, potentially life-saving, use (in contrast with identity cards) – as long as RFID use is implemented and managed properly, of course.

I’ve just come across an interesting April 2009 study by RAND Europe prepared for the European Commission’s DG INFSO (DG Information Society and Media’s H1 unit (ICT for health): Study on the requirements and options for Radio Frequency Identification (RFID) application in healthcare.

The study provides:

“an assessment of the main drivers, obstacles and uncertainties surrounding the deployment of RFID in healthcare in Europe. It identifies the most promising RFID applications in the healthcare delivery domain by reviewing the costs and benefits, as far as possible, and assessing enablers and obstacles to full deployment of RFID. Finally, the report provides an evaluation of the current market for RFID in healthcare in Europe and its future potential.

The analysis is based on a thorough review of academic and grey literature and available data sets, a Delphi survey of experts followed by semi-structured key informant interviews, and seven case studies of RFID applications across Europe and the US.”

This chart, figure 4 “Importance of uncertainties to successful implementation of RFID and easiness to overcome these potential obstacles” extracted from pg. 41 for news reporting purposes only, is particularly interesting:

On privacy, which the study classed as an “information security risk” issue:

“10. Negative perceptions among different categories of users still exist and need to be taken seriously. It requires a continuous,frank and open sharing of information about potential societal risks associated with the use of these tools, for example privacy breaches. The sharing of information, nevertheless, should involve all interested stakeholders and users of healthcare delivery organisations…[p.xxii]

…The main concerns expressed by citizens are related to the uncertain impact of RFID exploitation on privacy. The consultation resulted in a clear request for development of a combination of technical measures and a legal framework to prevent abuse…

Industry is interested in using RFID for innovative applications, but is holding
back because of uncertainties with regard to future demands in terms of privacy protection measures and standards [p.27]

… The Delphi identified the three most important uncertainties, or potential obstacles, for successful implementation in the future as issues concerning ‘reliability’, ‘data integrity’ and ‘privacy’ of RFID applications.[p.39]”

See 2.3.5 on page 43 for the main discussion on “Identifying and addressing privacy concerns”.

For other recent developments on technology and healthcare in the EU, see also Telemedicine for the benefit of patients, healthcare systems and society, COMMISSION STAFF WORKING PAPER SEC(2009)943 final, June 2009 (summary and more generally EU telemedicine and EU ehealth), and the Virtual Physiological Human project.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Change of this blog's web address

This blog is now located at http://blog.tech-and-law.com - see also my contact details in the right column.

The feed URL hasn't changed and the old tech-and-law.blogspot.com address will still work, but if linking to anything on this blog please use the new URL going forward.

Thank you.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Sunday, 26 July 2009

UK national identity cards - content

Nice if you’re a peer of the realm, knight or suchlike (as most of us are, of course):

In a letter, Lord West made it clear it would be possible to have the words "the Holder is the Right Honourable Robert Washington Shirley, Earl Ferrers" printed on the back of the card.

He said members of the House of Lords, their wives and families, and holders of knighthoods and baronetcies and their wives would all be able to have their proper titles included on ID cards.

From the BBC, via Robin Wilton of Racingsnake, who wonders rightly how we’ve got this far “without a completely clear idea of what human-readable data should appear on a UK national ID card?”

Recall from my blog post on the Economist’s article on chipped ID cards that when European agency ENISA sought information on specifications for eID cards from EU member states (for ENISA’s February 2009 position paper Privacy Features of European eID Card Specifications, which compares the privacy features offered by various European eID card specifications), that the UK was the only country which wouldn't (or couldn't?) show them even a draft.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Saturday, 25 July 2009

Newspapers, news & internet – important developments – “DRM for news” & tracking copying of news stories

There have been some very interesting developments on the future of news and the internet this week.

Newspapers are increasingly losing money hand over fist…

The Economist published a story “All the news that’s free to print”, on the increasing plight of newspapers and the difficulty of finding a workable money-making business model in the age of free: could charities be the answer?

In a similar vein, see also this report of Guardian editor Alan Rusbridger’s thoughts on the future of newspapers in a recent public discussion, and The Economist’s article on the death of local news.

So – is “DRM for news” the answer?

A couple of days later, the US-based global news agency Associated Press announced that they were going to “protect news content from unauthorized use online” by creating a “news registry” to control the digital use of their content.

The Associated Press is used as a source of news stories for many newspapers and TV stations, including outside the US (for a fee, of course).

What’s the AP “news registry”?

This registry will “tag and track” all AP content which appears online on the internet, storing info to uniquely identify each bit of content that goes out, together with its terms of use.

A “built-in beacon” will keep track for the AP of how their content is being used on the Web, so that the registry can supply detailed metrics on content use, payment services and even enforcement support.

The news registry will support various payment models, such as “pay walls”.

At first it’ll just cover AP text content, then in early 2010 their members’ content, and ultimately they’ll track photos / images and videos too.

How does it work? Using hNews

See this AP graphic (source):

(Non-technologically minded readers may skip to “What Next?”.)

The news registry will be based on hNews, a microformat for news which was produced by AP with the Media Standards Trust (see the MST press release about the launch of the hNews microformat).

The MST is a UK charity to promote high standards in news and journalism, and one of its projects, with the AP, was a way to make it easier to capture and find information on news stories by encouraging news providers to put out their news items online in a standardised way – i.e. in a consistent “news” format.

The result was a non-proprietary open source news microformat hNews, which will enable any producer of news content to supply summary information for each news story on:

“• what the story is about,
• where it was written,
• who wrote it,
• where it was published,
• the news principles it adheres to (if any), and
• any usage rights associated with it.”

hNews is currently being trialled by open source news site openDemocracy.net.

The key here is the last bullet point above. In the case of AP, hNews will be used to “wrap” news items with information relating to the story (“metadata”), including a “digital permissions framework” whereby whoever publishes the story can set out how they want the content to be used on the internet (and also includes usage monitoring information, of course).

[ADDED 27 July 2009 further to comments made.] It is true that the hNews metadata is not DRM in the strict sense. Unlike in the case of DRM for music audio files, a publisher can't physically prevent others from copying their content, or indeed from thereafter deleting the metadata tags before re-publishing the copied content. That is why I surrounded the references to DRM in quotation marks, to indicate I felt it was akin to DRM, but not DRM as such. (Of course, it can be said that even DRM for music can be got round, albeit a lot less easily than just by deleting the microformats markup from the copied text.)

But what I was trying to get at was the purpose of it all, the sense that the AP, in what they are doing and based on what they are saying to various newspapers, are clearly wanting to control tightly and limit the use of their content by other people. I used "DRM" with its negative connotations because the AP may be viewed equally negatively, at least where they intend to use their tracking abilities in order to prevent even fair use / fair dealing of the copyrighted content - see below. The hNews microformat is far more than just a copyright licence container, it is generally good news if you'll forgive the pun, but like any other tool it will be for the user to decide how they wish to use it.

[ADDED 28 JULY] Now see an excellent article by Ars Technica which also can’t figure out how on earth hNews can be used to “wrap” and “protect” content in the all-encompassing way that the AP seem to be suggesting.

I.e., it can’t be: “one is struck by the thought that perhaps the AP has been snookered into believing that it's getting "DRM for news," when in reality it's simply using an open-source news metadata markup language with Creative Commons rights expression”.

The article also highlights contradictory statements by different AP officials as to their attitude towards people who copy even part of their content, and links to a wickedly funny graphic that makes fun of the AP scheme (warning: don’t click that link if you are anti swear words!)

[ADDED 30 JULY] Citizen Media Law Project have a good article on the saga, where the second half analyses the US legal issues and a number of relevant past cases e.g. “hot news”, including a couple involving AP itself.

What next?

The AP move seems to continue the new trend that’s emerging for newspapers to want to wrap their arms tightly around their content and not let anyone else near it (or even know it’s there, unless the reader goes direct to the news site concerned – see my report of European news publishers “Hamburg Declaration”, where they basically don’t want Google or other search engines to index the contents of their sites).

Maybe, following the music industry, the AP are going to sue the copyright pants off anyone who they find has reproduced AP content on their own web sites or blogs. Or use the threat of it, anyway, to stop people doing that – bloggers might well be worried about including even an extract or snippet of an AP news report, in case they find themselves being taken to court.

It’s certainly interesting and perhaps telling that in their FAQs about the news registry the AP felt it necessary to include a specific question / answer entitled “Is this aimed at Google? At bloggers?”. The AP say “not”!

As I mentioned in my report on the Hamburg Declaration (which a friend misread as the HumBug Declaration, bah humbug indeed!), I don’t think that’s the right way to go, in fact it’s counterproductive – news publishers shouldn’t be trying to stop search engines from indexing their sites or bloggers from quoting them, as long as it’s fair use / fair dealing and there’s a link to the original source.

As with search engines, a blogger who includes a short extract from a news item with a link to the original will surely drive more people to the site concerned; that’s more people who will see the publisher’s ads, so why would they want to put a stop to that?

I’ve not seen an example of the AP usage rights restriction markup yet – I notice that the AP news release about their news registry itself hasn’t been marked up using the hNews format, there’s no hRights (for the usage rights info) tag even! I’d like to see exactly what restrictions the AP will impose – just blanket “copyright AP”, I imagine.

Now if the AP use their new tracking abilities only to stop those who copy the whole of a news story in its entirety and use it wholesale as is, especially without attribution (crediting it to the AP) or a link back to the original, I don’t think many people would have a problem with that.

But I’m equally certain that many will think it problematic if the AP try to block people from using any of their content absolutely and completely, because that would go against the “fair use” (US) or “fair dealing” (UK etc) exceptions which allow limited copying of other people’s content in the interests of striking a fair balance between the rights of copyright holders / creators and the informational / cultural rights of society.

Unfortunately, it seems from a NY Times interview that AP are intent on stopping even a headline and a link from being shown on search or other sites. (UPDATE: see also the Financial Times article on this.)

Interestingly, the NY Times article says:

"Executives at some news organizations have said they are reluctant to test the Internet boundaries of fair use, for fear that the courts would rule against them."

There have already been huge debates over the past few years about digital rights management being used in the context of music, for instance, and how “take down notices” have been used to remove Web content where arguably the snippet included was covered by “fair use”. Now, text content joins the fray with a vengeance.

I suspect it will take some time for a new fair balance to be worked out.

But meanwhile, news publishers clearly want to make sure that they make money.

It may be that to avoid information overload and dross, some people at least are going to want “filters” that they trust, or some way to rate the quality of the information offered, and may be willing to pay a flat rate subscription fee for that, going forward.

Or it may be that free news with advertising is the only way most users will accept – but advertising money is falling away fast, especially in these economic climes, which perhaps may be an extra trigger for the AP move.

Who knows how it will all end? Will we, as Mr Rusbridger said, “get to the point where for the first time since the Enlightenment we have to live without verifiable sources of news, and people won’t realise what they’ve lost until it’s gone”?

Interesting times, indeed.

More information

Note: I’ve included above the AP diagram about their news registry as they linked to the graphic in their press release and I’d assumed that was to enable people to use it for illustrative purposes when reporting on the press release. (Much as some web sites have an online “press kit” of graphics for the media to use in news stories about their products or services.)

If I’m wrong, and the AP wish me to delete it as it’s obviously their copyright, then I’ll do so – please contact me (see the right sidebar) in that event.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Friday, 24 July 2009

Intel fights EU fines on human rights grounds

Intel is appealing against a €1 billion fine for abuse of dominant position / anti-competitive practices, which the European Commission's Directorate General for Competition imposed on it in May 2009 after an anti-trust investigation.

Intel will argue that the European Union antitrust inquiry is administrative in nature, and such large fines shouldn’t be levied except by the criminal courts.

Apparently the European Court will rule on this appeal in 2010.

The human rights issue has been raised in this context before but never succeeded – see the Ars Technica article for examples.

For background see European Commission info of 13 May 2009 on the fine:

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Thursday, 23 July 2009

US national identity management system will allow anonymity, multiple personas

Information Week reports remarks by Thomas Donahue, director of cyber policy for Obama's National Security Staff, at an identity management conference in Washington (it didn’t say which).

It’s good news. As the Information Week report shows, Mr Donahue clearly understands there are complex and multi-faceted issues facing society in relation to digital identity management, and difficult technological challenges involved.

Some selected quotes:

“Donahue said a national strategy for identity management was critical because authentication and identity management remain gaps in the world of cybersecurity…

A national policy won't come without open discussion among government, industry, and the public…

Basic issues remain, including defining the roles of government and of private industry in creating a standard way to deal with digital identity, and a system architecture. Anyone who opted in to a government-led or -guided identity system would likely be able to use an authorization mode of their choice..

Privacy is a major concern for the Obama administration, Donahue stressed. Any system will have to allow for some level of anonymity, with room for a user to shed some anonymity in order to demonstrate trust with another person or a Web site in a digital relationship, Donahue said. Non-negotiable in any identity management plan would be a requirement of voluntary enrollment and discretionary use, he said. People would likely be able to create multiple identities for different roles, such as work and home…”

The big issue is of course how to strike a fair and appropriate balance between security on the one hand, and privacy / anonymity / individuals’ control of their own identity on the other, but it looks like the USA are thinking along the right lines.

The UK government would do well to follow suit. We can but hope.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

McKinnon – CPS review of evidence: Computer Misuse Act etc

As is well known, British man Gary McKinnon (who has Asperger’s Syndrome) is being extradited to the USA under the Extradition Act 2003 for hacking into US military computers (NASA, Pentagon) some years ago.

The Director of Public Prosecutions said there wasn’t enough evidence to prosecute him for offences under UK criminal law (so no public interest test needed to be considered).

Computer Weekly have published a copy of an internal UK Crown Prosecution Service document, Review Note 3 - 26 February 2009, which:

  1. outlines how Mr McKinnon broke into computers (using NT Info [I think it’s this one] and Remotely Anywhere)
  2. reviews the case against him and the position under UK law based on the the law as it was at 2001 / 2002, when the acts in question took place:
    1. Computer Misuse Act 1990 – s.1 unauthorised access and related s.2; s.3 unauthorised modification to computer
    2. s.12 Aviation & Maritime Security Act 1990
    3. Code for Crown Prosecutors (current version)
    4. Guidance for handling criminal cases with concurrent jurisdiction between the United Kingdom and the United States of America.

Public weight seems to be behind Mr McKinnon.

The extradition law has been challenged unsuccessfully by the Conservatives, and famous musicians have even recorded a song with him, Chicago – Change the World, to support him and Asperger / autism related charities (Dave Gilmour, Bob Geldof, Chrissie Hynde; song by Graham Nash, who gave permission for the re-recording, lyrics by Mr McKinnon’s mother Janis Sharp).

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Tuesday, 21 July 2009

Copyright in photo of painting? National Portrait Gallery & Wikimedia administrator

There’s been lots of reports on the kerfuffle involving the UK National Portrait Gallery and US Wikipedia user Derrick Coetzee, who obtained some 3000 high resolution photos of paintings from the NPG website and uploaded them to Wikipedia – e.g. see BBC, Guardian, Open Objects (which makes the point that other sites using the image from Wikipedia may not attribute it correctly to the NPG), Creative Commons, and Wikipedia itself.

The NPG had commissioned and paid for those photos, and said they had the copyright in the photos, which was breached by Mr Coetzee. They felt the free public availability of those high resolution photographs on web encyclopaedia Wikipedia would damage their income stream and their expensive project to digitise their collection.

The twist is that the photos were of public domain paintings - i.e. the copyright in those paintings had expired, so anyone would technically be free to reproduce the paintings. But the NPG don’t allow visitors to take photos of their art.

The copyright issue here relates to the photos commissioned by the NPG, not the paintings. The NPG also said that what Mr Coetzee did was in breach of contract and, separately, a violation of their database rights in those photos.

Another twist is that in the USA, there’s no copyright issue if you take a photo of public domain artwork because there’s no copyright in the “faithful reproduction” i.e. the photo doesn’t enjoy copyright - Bridgeman Art Library v. Corel Corp. And in the USA Mr Coetzee is receiving pro bono help from US EFF lawyer Fred von Lohmann.

However, the issues Mr Coetzee faces are under English, not US, law, and if sued he’d be sued in the UK. As far as I know, this kind of situation’s never come before a UK court. Yet.

English law issues

As I’m not a copyright lawyer, I don’t feel qualified to comment in any detail on any of this, but I can point to:

  • the case against Mr Coetzee, as put forward by NPG’s lawyers Farrer &Co in a letter to him, and published by him (I do wonder if there’s a copyright problem with his publication of Farrers’ letter, which is strictly their copyright, but if there is they’re clearly being circumspect about raising it!). See also the NPG page with their views and policies on copyright generally
  • other analysis and arguments on whether Mr Coetzee has a decent defence under English law under contract, copyright (can you have copyright in a photo of a public domain work?) and database right, in various blog posts linked to in this ORG blog post, suggesting it’s not necessarily an open and shut case.

Cultural / financial issues

Quite apart from the legal issues of course, there’s the fundamental issue for society of how you fund art and access to art (whether physical access through visits, or virtual access through digitisation and Web access to images).

Should art galleries and museums be able to raise money through licensing high resolution digital reproductions of their paintings / pictures etc; or should they permit free access to those digital images because public taxes (or whoever has financed the digitisation) have already paid for it? Does it depend partly on how the institution concerned is funded, and to what extent?

I don’t think there’s an easy answer to those questions, especially in these economically straitened times.

Wikimedia and the NPG are reportedly in talks. Their outcome is awaited with interest.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Internet - privacy, reputation, free speech: Solove talk

Another excellent video / MP3 podcast from the SCL / OII series - Daniel J. Solove, Professor of Law, George Washington University Law School, talking on 25 June 2009 about the dark side of the internet - the increasing tendency to divulge personal information online, the easy spread of damaging rumour and gossip, all of which can stay out there on the Net forever:

“In a world where anybody can publish her thoughts to a world-wide audience, how should we balance privacy and free speech? How should the law protect people when harmful gossip and rumors are spread about them on the Internet?”

See the video / MP3 podcast of his talk.

See also his book on the subject “The Future of Reputation: Gossip, Rumor, and Privacy on the Internet”.

Some other talks from SCL:

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Monday, 20 July 2009

Search engines’ English law defamation risk after Metropolitan International Schools Ltd v Designtechnica Corp

I’ve now read the case which I pointed out the other day - Metropolitan International Schools Ltd. (t/a Skillstrain and/or Train2game) v Designtechnica Corp (t/a Digital Trends) & Ors [2009] EWHC 1765 (QB) (16 July 2009).

Main point – search engines (except Mahalo), be happy!

The main takeaway: Metropolitan is good news for search engines which operate like Google, displaying search results in an automated way based on their algorithms, without human intervention. (So, not so good for the likes of human-powered search engines like Mahalo.)

Search engine providers like Google or Bing can now worry a lot less about the risk of being done for defamation in the UK just because their search results happen to include a snippet of defamatory material from a crawled website – at least, if (1) they have a quick(ish) take down policy, and (2) take steps to block the URLs concerned from UK visitors once they’ve been notified of the defamation.

This case involved a UK provider of distance learning courses who found libellous comments about it on a US reviews site. The UK provider sued not just the US site but also Google US and Google UK, on the basis that Google search results showed snippets from the US site – including the defamatory words.

But the hearing here was only on one narrow issue: should the judge cancel a previous Master’s order allowing the claimant to serve proceedings in the USA on Google US? (It’s necessary to serve proceedings – documents about the claim - against a defendant, before a court can rule on the case.)

Here, the judge (Eady J.) decided to set aside the order giving permission to serve on Google US abroad, on the basis that the claimant had no reasonable prospect of succeeding against Google US (and also, separately, because there had been misrepresentations to the Master by the claimant, which in themselves would have been enough reason to reach the same result).

Could Google US be sued for defamation in the UK?

Eady J. first addressed the issue of whether Google US could be sued in the UK in this case.

If the relevant words are read by anyone in the UK, they can be sued for in the UK. (Given that on the Web anything public can effectively be read anywhere, blocking filters aside, websites need to be aware that they run the risk of being sued anywhere in the world where their site content is illegal, and certainly may risk being sued for defamation in the UK. Whether other countries will enforce a UK libel judgment is another matter.)

However, Eady J. also noted that for claims of internet publication it’s the claimant who has to prove that the words complained about were actually read by someone in the UK, and noted that just because people have seen the criticisms of the claimant on the US forum it doesn’t mean they saw the snippet in Google US’s search results.

He also pointed out that this wasn’t a case of "libel tourism" as the claimant operated in the UK and the damage to its reputation would be in the UK.

So basically, if this case goes to trial (which very likely it will, if at all, only against the US site hosting the forum), the claimant will have to show that people in the UK read the defamatory words (not hard to do, based on previous English cases).

Was Google US liable as “publisher” of the defamation?

The appropriate question was, should a search engine like Google:

  1. be regarded as a mere facilitator in respect of the publication of the "snippet"?
  2. even after the date of notification (about the defamatory snippet)?

The central point was: should Google US be regarded as a publisher of the defamatory words, at all?

Under English common law, for a person to be fixed with responsibility for publishing defamatory words there needs to be present a mental element (Eady J. summarised his own judgment on the point in Bunt v Tilley). You have to mean to publish it, before you can be liable for the publication.

In deciding Google US was merely a facilitator, it was an important point for Eady J that a Google search is done automatically, without any human input from Google US personnel: the extract from the defamatory webpage that gets displayed in the search results depends on what the user searched for, which of course depends on the user’s entered search terms, and that can’t be controlled by the search engine in advance, so the search engine isn’t a “publisher” of those words - see this quote.

Was Google liable after the takedown notice, as "authorising” the defamation?

What about after Google US were told that the search results snippet was defamatory - could they be sued for libel by authorisation or acquiescence?

Here, acknowledging the difference between hosting providers and search engine providers, Eady J. accepted the (relative) powerlessness of Google US to control what’s thrown up by search results, and the practical difficulty of blocking certain words without disproportionately blocking too much other material.

It seems clear that, in deciding Google US weren’t responsible for publication between notification and take down, the judge felt the following were significant factors:

  1. Google’s lack of knowledge of the offending material before the take down notice, Google’s take down policy and its blocking of the affected URLs from access via google.co.uk after getting the notice, plus
  2. the hosting site’s ability to control the content on its own site and its indexing by search engines (in other words, it makes more sense for the claimant to go after the US site hosting the offending message board, rather than search engines).

Other points of interest

The key ruling was of course that Google US wasn’t responsible for the “publication” of the defamatory remarks through their display in search engine results snippets, so the claimant had no reasonable prospect of winning a lawsuit against Google US and the order allowing him to serve proceedings on Google US should be cancelled.

The rest of what Eady J. said was his “obiter” opinion, i.e. incidental to the main decision, so it won’t carry as much weight in future cases – especially as the issue before the court was on a procedural matter rather than a decision on liability.

However, given that there have been hardly any UK cases on these issues, it’s likely that UK judges in future cases will look to what he said and take it, if not as gospel, certainly quite seriously.

With that in mind, here are some other observations from his judgment:

What about the common law defence of innocent dissemination?

Not abolished by the Defamation Act 1996 but effectively superseded by it, in the judge’s opinion.

Either way, someone with knowledge of the defamation can’t take advantage of the defence, in his view.

(See the relevant quotes from the judgement.)

Or the Defamation Act 1996 section 1 defence?

Again, if someone knows about the defamation, eg. after a takedown notice drawing the issue to their attention, then Eady J. thinks they can’t use this defence.

Is a search engine protected as an “information society service” under the The Electronic Commerce (EC Directive) Regulations 2002?

The Electronic Commerce Directive on which these Regulations were based was designed to foster cross border services within the EU: in full, that’s Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce).

Search engines aren’t covered by the E-Commerce Directive explicitly, but in Eady J's view on balance they are, by intention, because even if not paid directly by the search engine user, they do provide their services for remuneration in the form of advertising as mentioned in recital 18 of the Directive. (In the case of EU Directives, the intention, as reflected in recitials, of course matters as much if not more than the actual words used - in contrast with the historically very literal English / US approach)

However, being covered by the Directive isn’t enough - in the UK, what matters is whether UK law has implemented the Directive in such a way as to cover them. (Or, if it hasn’t, whether a judge is prepared to ignore the UK implementation and go with the Directive anyway!)

Now in Eady J.’s opinion, under the Regulations a search engine isn’t expressly considered a “host”, unlike in some other EU states, so a search engine isn’t protected by the “host” defence under regulation 18 - not unless and until the UK Parliament passes laws to bring them explicitly under the “host” defence umbrella.

He also pointed out that the defences under the Regulations only help in relation to criminal liability or monetary damages in any event; you can’t rely on them if you’re sued for an injunction to make you do, or not do, something.

(It also seemed implicit from the judgment, although the judge didn’t really say much about it, that in his view search engines don’t qualify to benefit from the protection given to “mere conduits” under Regulation 17 or “caches” under Regulation 18 – see para 88 onwards.)

What about Google UK?

Now the hearing here didn’t involve Google UK at all (strictly a separate company from Google US).

Given that it seems Google UK have even less control than their mother ship over the search engine bit of Google, I imagine they’ll be applying to get the case against them dismissed too.

It’ll be interesting to see what transpires if the case against the US website goes to trial.

Disclaimer

This isn’t legal advice, just my own attempt at analysing and summarising the issues. I’m planning to learn technology law but I’m only starting; my background is finance, so I may miss things which those who’ve specialised in tech law for years take for granted (don't expect a brain surgeon to be able to operate brilliantly on your heart straightaway!).

This is of course only about the position under English law. YMMV.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Why RFID chips (passports / ID cards) are stupid: Economist

An interesting article in the Economist “Have chip, will travel - Why chips in passports and ID cards are a stupid idea” (via QuickLinks), takes the view that:

  1. there’s little speed improvement for e passports
  2. all the chip does is confirm what’s printed in the passport; it doesn’t prove the holder is the person he or she claims to be
  3. e passport chips are too easily hacked / cloned as security’s not what it should be - encryption keys are easy to guess, e-passport chip transmission range is too large, physical attacks are possible
  4. chipped identity cards are even more insecure – they broadcast unencrypted data 10 meters or more and can be locked or killed by a remote attacker.

See also EU agency ENISA’s excellent February 2009 position paper Privacy Features of European eID Card Specifications, which contains comparisons between privacy features offered by various European eID card specifications; expert analyses of risks risks to personal privacy resulting from the use of national electronic identity card schemes; and techniques available to address these risks.

The paper (which was discussed at the European e-Identity Management Conference 2009) also looks at how these available privacy enhancing technologies are implemented in existing and planned European eID card specifications, the European Citizen Card and ICAO electronic passport specifications.

It is perhaps telling that the UK was the only EU member state involved which refused to show ENISA its e-ID card specification, even in draft (which Germany did).

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Sunday, 19 July 2009

Access to justice in UK – nul points?

There’s another interesting speech about access to justice in the UK recently made by a judge, Master of the Rolls Lord Clarke of Stone-Cum-Ebony, in a lecture on 15 July 2009 for the Mary Ward Legal Advice Centre.

Summary

In summary, he was critical about the government’s refusal to adequately fund legal aid for civil and family (as opposed to criminal) cases.

This shortsighted penny-pinching threatens to undermine the UK justice system.

The entire UK justice system, family and civil as well as criminal, must be able to determine disputes fairly, impartially and at a cost litigants can afford.

Civil and family justice shouldn’t be seen just as optional extras, as “customer services” whose costs ought to be pared to the bone.

If people are denied effective legal remedies, they may lose confidence in the justice system and be tempted to resort to self-help – including perhaps violence - which would ultimately undermine the fabric of our society and our commitment to the rule of law.

Extracts

Some choice quotes (my emphasis added):

“…It is not sufficient therefore to announce our commitment, either implicitly or explicitly, to the rule of law. We must have the means by which that principle can be given proper effect. It calls for proper democratic institutions.

It calls for just laws promulgated by those institutions. It calls for a justice system which can give effect to those laws..

It seems to me that we may well now be (and have perhaps for some time been) in the process of undermining the efficacy of our justice system…

It is often said that civil justice, including family justice, is the poor relation to criminal justice. If there is any public money the vast majority goes to crime, a small amount then goes to family and a minute proportion goes to civil. This can clearly be seen from the government’s recent consultation on civil legal aid…”

Quoting another top judge, Sir Andrew Morritt, Chancellor of the High Court, who said:

“1. “Justice, like the Ritz, is open to all”. Whether this cynical aphorism is correctly attributed to Mathew LJ at the end of the C19th or to Horne Tooke at the beginning matters little when compared to the distressing fact that the bitter sarcasm behind the statement is even more obvious now than it was then. Notwithstanding many and varied efforts over the last hundred years or so on a number of different fronts the burden of costs is too great for most people to contemplate. It follows that those who are wronged may be denied any effective remedy and those who are sued without sufficient cause may be unable properly to defend themselves. Consequently the attraction of extra-judicial remedies increases.
2. This ought to engage the urgent attention of the government of any  democratic state. Sadly the only attention it has attracted from ours, at least so far, is the practical removal of civil legal aid and a policy of full cost recovery under which there have been substantial increases in court fees payable by all not already on benefit of some kind or other. Indeed in the Response to Consultation on Civil Court Fees published last week the Ministry of Justice observed, somewhat peevishly, that though not asked to do so 19 out of 52 responses commented unfavourably on that policy…”

- Lord Clarke pointed out that:

“..The fundamental point that Sir Andrew makes here is that it is grossly inaccurate, or put another way, an utter misconception, to perceive civil and family justice as some form of optional extra that should be given, at best, no more than a begrudging subsidy…

…What is profoundly wrong with statements such as Middleton’s, and that of the Ministry of Justice’s response to the critical responses to its own consultation on civil legal aid, is the idea inherent in them, that the civil and family justice systems are optional extras, which it is an unjustifiable and unnecessary burden for the general taxpayer to fund. Let me be clear I am not suggesting that the taxpayer should be expected to provide a blank cheque. But I am suggesting that the State should properly understand that properly funding the civil and family justice systems is as essential a part of a society committed to the rule of law and to open democratic ideals, as is properly funding the criminal justice system

…Neither the civil nor the family justice system exists simply to resolve private disputes. Neither of these facets of the justice system exist simply to deliver services to customers. On the contrary, they both exist to determine rights, which include rights and obligations as between the individual and the state. They do exactly what the criminal justice system does, when it determines guilt or innocence…

…Even in those classes of case which can properly be said to involve the determination of rights and obligations as between private individuals, there is a public aspect to those cases on a par with the public role of the criminal courts… There is a clear public interest in determining such disputes.

The first aspect of that public interest is that judicial determinations of such private claims can clarify and develop the law…

…The development and clarification of the law through judicial decisions… serves a clear public role; a role central to the proper implementation of the rule of law…

…if the family and civil justice systems were inadequate to the task of determining such disputes fairly, impartially and at a cost that litigants could afford, those litigants might lose such confidence in them that they would resort to self-help. Resort to self-help could take a benign form. It could, however, also take anything but a benign form. It could see the law not being applied by court decisions but through violence and the threat of violence. Down that path lies an increase in crime with the consequent use of the criminal justice system. What purpose, we could ask, would diverting civil and family disputes to the criminal justice system in this way possibly serve? To my mind it would only serve to undermine the fabric of our society and our commitment to the rule of law..”

See also other top judges’ speeches on:

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.