Saturday, 31 October 2009

Digital libraries, museums: digitization, public domain & copyright, etc

The 6th Communia Workshop on "Memory Institutions and Public Domain" took place on 1 and 2 October 2009 in Barcelona, Spain, and the slides and, in many cases, full transcripts or even videos of the presentations, are now available.

"Memory institutions", I confess I hadn't heard the term before, include "libraries, museums, archives, cultural heritage institutions like monuments and places, botanical gardens, zoological gardens and all kinds of "collecting institutions"."

I particularly like the fact that there are short policy recommendations as well as abstracts of the presentations.

There's a report summarising the workshop, e.g. the keynote (my emphasis):

"by Dr. Ben White (British Library), emphasizing that we are at a crucial time: norms are currently being set by different uses, governments, and technologies, and libraries have to find a way around such differences in their on-going digitalisation efforts. It is important to get digital preservation right at economic, technical and legal levels, otherwise we will not be able to build and preserve our digital public domain. For instance, an analysys [sic] of over 100 contracts revealed that most of them systematically undermine preservation right of libraries. It is imperative to follow the lead of countries such as Ireland and Belgium: contract law cannot undermine exceptions to exclusive rights. Indeed, the British Library is currently in discussion with Wikimedia commons following the lead of the Bundesarchiv: they plan to use "social contracts" rather than a contractual framework such as a Creative Commons license. Above economic copyright, there are other issues to to be beared [sic] in mind, such as moral rights, religious sensitivities and other concerns of libraries that want people to know that certain material comes from such libraries."

The workshop included a very interesting and varied selection of speeches e.g.:

Well worth a look for anyone interested in digitisation, copyright and culture & cultural heritage.

UPDATE: See now a separate post on EU - digitisation of books including links.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Access to justice: Neuberger speech

Lord Neuberger, Master of the Rolls, in his speech on access to justice at the Law Society & Bar Council opening of the Legal Year Seminar on 30 Sept 2009 (my emphasis, and links added):

1. We must all take care to ensure that we do not imperceptibly, unconsciously, and unintentionally drift towards a position where our justice systems fail to meet the minimum acceptable standards to satisfy the rule of law in a modern democratic society. We do not want to find ourselves in the position where we have to acknowledge, as a melancholy truth, that we do not have proper access to justice;

2. There is therefore a heavy duty on all members of society to ensure that such a situation does not arise, and where it does arise, to remedy the situation. Despite the current economic problems, we are a developed and rich country, the money involved would not be enormous, while the benefits to society as a whole would, it could well be said, are enormous;

3. There is also, and in particular, a heavy duty on the legal profession: lawyers are perfectly entitled to seek to make money, but, unlike most other people, even other professionals, they also have a duty to the public;

4. Any reforms must be founded on the principles I have mentioned, but they must also be practical, in the sense of being realistic and carefully thought out and costed; they must also be evidence-based, as anyone who listened to Hazel Genn’s excellent Hamlyn lectures on civil justice will appreciate;

5. The Jackson report can be expected to provide many constructive ideas for change, which I am sure will also provide a good basis for positive developments in this very important and imperfectly resourced area.

Hear, hear. Especially the point made that any reforms should be evidence based. Would that all reforms in the UK were. Or indeed, any.

Note that Hamlyn Lectures from 1949 to 2004 are available free online, but unfortunately lectures from 2005 onwards, including Dame Hazel Genn's on Judging civil justice, are not - they must be purchased from Cambridge University Press. But there is a Word summary online of Dame Hazel Genn's Hamlyn lecture on Judging Civil Justice.

For anyone interested, here are links to:

The Jackson report is due out at the end of 2009, and copies should be available in Jan 2010.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Wednesday, 28 October 2009

Defamation and the internet: the multiple publication rule - Ministry of Justice consultation

I had somehow completely missed this very timely MoJ consultation before, so am posting this for anyone else who did too.

Newspaper web archives and the like are of course going to be pushing for a single publication rule - and it is rather ridiculous that every time a reader accesses an allegedly defamatory archived webpage there's potentially a new libel claim.

"This consultation seeks views on the 'multiple publication rule' under which each publication of defamatory material can form the basis of a new defamation claim, and its effects in relation to online archives. The paper considers the arguments for and against the rule and the alternatives of a single publication rule."

The consultation closes on 16 December 2009.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Monday, 26 October 2009

Data breaches & security: Reding's speech

Viviane Reding, European Commissioner responsible for Information
Society and Media, at the 23 October 2009 EDPS-ENISA Seminar 'Responding to Data Breaches', made a speech on Securing personal data and fighting data breaches.

Some extracts:

"… if citizens have an underlying fear that their data may be lost or stolen
they will not participate fully in the digital economy.

The Telecoms Reform has put the issue of mandatory notification of personal data breaches firmly on the European policy agenda. The reformed telecoms package, now awaiting final agreement, will establish rules concerning the prevention, management and reporting of data breaches in the electronic communications sector. As you are aware, the Commission will go a step further to extend the debate to generally applicable breach notification requirements and work on possible legislative solutions. This will be done in close consultation with the European Data Protection Supervisor and other stakeholders…

I find it very reassuring that today's event is organised jointly by representatives of data protection and of Network and Information Security. This cooperation underlines the fact that privacy and information security are not in conflict with each other: Without information security, protection of privacy and personal data is not possible. Indeed, we must see challenges to personal data security in the broader context of the resilience of information and communication infrastructures. A key principle of EU data protection law is that those who process personal data have to take the necessary security measures to counter the risks to this data.

With the telecoms reform, we are now strengthening and clarifying these rules: when a security breach happens, the operator will have to inform the authorities and those citizens who may face harm as a result of the loss of their personal data. Furthermore, network operators must notify the competent national regulatory authority of a breach of security or loss of integrity that had a significant impact on the operation of networks or services.

In short: Transparency and information will be the key new principles for
dealing with breaches of data security

Those who profit from the information revolution must respond to the public policy responsibilities that come with it. It will of course not be possible to prevent all breaches. But operators must be prepared to minimise the risks by ensuring that management of incidents is planned and organized beforehand..

My vision is that security and data protection in the Information Society must be based on a comprehensive risk assessment and on management approaches, which take into account all hazards and threats, whether they come from cyber-attacks, from natural disruptions, or any other source

… social networking. It has, on the one hand, a strong potential for new forms of communication; but on the other hand it brings privacy concerns for internet users who put personal information online. We have seen this in Germany recently where sensitive data was illegally collected from one of the biggest German social networks, Schueler VZ. This clearly demonstrates that obligations to ensure protection against data breaches cannot be limited to electronic communications networks alone – but may need to be addressed in new EU rules which cover online services as well. The European Parliament is certainly right with calling on the Commission to study different legislative options to address this issue.

Our role is to understand what the public policy challenges are; identify the proper mechanisms to tackle them; and set the framework conditions - where necessary through sector-specific legislation.

The Commission has committed itself to reviewing Europe's general rules on
protecting personal information, in the light of rapid technological development. At the same time, we will have to find agreement with our partners in other parts of the world, as the information society is becoming more and more global.

In 2010, the Commission intends to launch – as part of the ambitious European Digital Agenda advocated by President Barroso in his recent policy guidelines - a major initiative to modernise and strengthen network and information security policy in the EU. At the same time, I believe we should look at the emerging challenges for privacy and trust in the broad information society, with a particular emphasis on some of the outstanding issues which were raised during the discussions on the revision of the ePrivacy Directive, such as targeted advertising, convergence, the use of IP addresses and on-line identifiers…"

On the European Digital Agenda, see also:

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Sunday, 25 October 2009

Internet content blocking doesn't work and threatens democracy - study

A study "Internet Blocking: Balancing Cybercrime Responses in Democratic Societies" (PDF, 222 pgs) has found (see press release 16 October 2009) that measures which try to block internet content are ineffective:

"Many technical ways exist to get around blocking technologies. More importantly, the blocking measures are intrusive and often abuse fundamental freedoms. These systems either over-block or under-block content and do not prevent the serious offender from gaining access.

“Attempts to block offensive content all too often backfire,” Callanan says. “Technically, it is difficult. Legally, it is problematic. Above all, it represents a real threat to the free transfer of information and conflicts with basic democratic principles.”

The study, by consultants Aconite Internet Solutions, was funded by the Open Society Institute (Wikipedia entry). The individual authors, from several EU countries, are experts in computer science and computer / cybercrime law: Cormac Callanan (Ireland), Marco Gercke (Germany), Estelle De Marco (France) and Hein Dries-Ziekenheiner (Netherlands).

The press release also includes some interesting quotes on the report:

“It is remarkable that this kind of research was not published by the Commission before it launched its proposal for EU-wide blocking of websites. Protection of children is a matter of the utmost importance, but this does not mean that the Commission can propose measures that may well be entirely ineffectual but which will have long-term consequences for the right of freedom of communication in Europe."
Graham Watson MEP, former President of the Civil Liberties Committee of the European Parliament

"This study helps to reveal the technological issues and political context regarding the growing debate on cybercrime and internet blocking."
Birgit Sippel MEP, member of the Civil Liberties Committee of the European Parliament

This study is particularly timely given increasing efforts to block or censor access to internet websites and other content, or to cut off Net access from citizens who have allegedly accessed illegal content - efforts instituted by governments not just in supposedly repressive regimes but also governments of nations which profess to be democracies, such as the EU -

UK ISP Talktalk recently demonstrated the pointlessness of the UK plans (see further the TalkTalk press release) - and they've even set up a campaign site about it, Don't Disconnect Us.

A recent public survey by YouGov for the Open Rights Group has shown that 70% of those surveyed "said someone suspected of illegal downloading should have a right to a trial in court before restrictions on internet use were imposed" - see Guardian news report.

An attempt (amendment 138) to amend the proposed EU telecoms reform package to ensure that EU citizens' access to the internet can't be cut off without a "prior ruling by a judicial authority" has recently failed, too, so that "internet users suspected of infringing copyright laws could see their connections suspended or face other administrative measures without the need for a court ruling" (EurActiv) - see also the BBC report, and the rather more colourful report by the Swedish Pirate Party's MEP. Will the telecoms reform package go through at all in time?

As a study for the European Commission indicates the economic growth potential inherent in the activities and user-generated content of citizen journalists, bloggers and social networkers, and as 75% of 16 to 24 year olds in the UK feel they can't live without the internet (perhaps a slight exaggeration? but it underlines the importance of the Net to people), there are other serious issues that need to be considered and weighed in the balance before passing laws to allow the disconnection of citizens without trial on mere accusations of illegal downloading.

Perhaps the time and taxpayers' money would be better spent on fighting spam and protecting online privacy instead, as per the European Commission's recent comments following a report for them "Study on activities undertaken to address threats that undermine confidence in the Information Society, such as spam, spyware and malicious software SMART 2008/ 0013".

(Via the excellent QuickLinks.)

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Google's Eric Schmidt & others - recession, US immigration policy etc

See the interesting report of Stanford University's 2009 Roundtable "The Road Back: From Economic Meltdown to Renewal" moderated by Charlie Rose.

Participants included not just the chairman  and chief executive officer of Google but also governor of the Bank of Mexico Guillermo Ortiz, Stanford economics professor Caroline Hoxby, Obama presidential advisor and chairman of TransUnion Penny Pritzker, the dean of Stanford's business school Garth Saloner, and Stanford University's president John Hennessy

Video:

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Tuesday, 20 October 2009

Measuring Identity Theft - ANSI's IDSP report published

The American National Standards Institute's Identity Theft Prevention and Identity Management Standards Panel (IDSP) have just released a workshop report "Measuring Identity Theft" (195 pages long , free to download - if you fill in a form giving a bunch of personal details such as mother's maiden name! I say nothing further on that…).

As they put it, the report (my emphasis):

"addresses various facets of how research companies measure identity theft. The report finds that disparities exist in the way that key terms are defined in statute versus in practice—terms such as identity theft, identity fraud, and data breach. This potentially causes confusion in the marketplace and creates impediments to fixing the underlying problems. The publication also reviews research studies and methodologies for studying identity theft and makes best practice recommendations for how research companies should measure and report on the issues."

And highlights include:

  • "A comparison of how key identity theft and fraud terms are defined in [American] statute and in research surveys with a discussion of why they are sometimes different.
  • A catalogue of 166 research studies on identity theft and data breach trends, identity theft protection services and information security solutions, with notes on contradictory research findings, gaps in existing research, and observations on what makes a study useful.
  • A recommendation that identity crime research that is publicized or intended to shape public policy should include a lexicon of significant terms and a methodology statement, with specific elements of the methodology statement defined."

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society - review

"Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society", a book edited by Ian Kerr, Valerie Steeves and Carole Lucock, came out earlier this year, in March 2009, but doesn't seem to have received as much attention as I feel it deserves, so I am blogging about it.

The book is available for free download under a Creative Commons licence, as well as for purchase in hard copy: Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society.

It's an interesting multi-disciplinary review of issues in, as it says on the tin, anonymity, privacy and identity on the internet, in ubiquitous computing, given the use of RFID, data mining, biometrics, etc. There are chapters on economics, sociology, philosophy and feminism as well as law and computing - and even song lyrics!

Another positive feature is that it is multi-jurisdictional. The editors are in Canada so the main focus is on Canadian aspects (and in my view Canada is more advanced and enlightened than most when it comes to privacy issues), but there is also coverage from the perspectives of the United States and UK as well as other countries.

Especially interesting to me were Chapter 1 Soft Surveillance, Hard Consent: The Law and Psychology of Engineering Consent by Ian Kerr, Jennifer Barrigar, Jacquelyn Burkell, and Katie Black and Chapter 4 A Heuristics Approach to Understanding Privacy-Protecting Behaviors in Digital Social Environments by Robert Carey and Jacquelyn Burkell.

Human psychology is clearly vital to understanding how people act, how they deal with issues that impact on their privacy e.g. the well known privacy paradox, and these chapters in particular triggered some Eureka moments in me.

For instance, is your consent to the collection and use of your private data truly "free and informed" if its giving (and subsequent lack of withdrawal) has been engineered or manipulated through a cunning knowledge of human psychology - cognitive dissonance, prospect theory, discounted subjective utility etc? Should this sort of engineering be regulated?

The final part contains analyses of anonymity under the laws of, separately, the United States, Canada, UK, Netherlands and Italy.

A fascinating read, and well worth a skim at least. Again: the download link.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Sunday, 18 October 2009

Web 2.0, e-Participation in politics, & Obama's campaign

Web 2.0 in the Process of eParticipation: the Case of Organizing for America and the Obama Administration (NCDG Working Paper No. 09-001) is an interesting October 2009 paper for the National Center for Digital Government, by University of Massachusetts researchers Aysu Kes-Erkul and R. Erdem Erkul.

The “Organizing for America” (OFA) website (really, www.barackobama.com) played a major role in Barack Obama's 2008 presidential campaign, with its unprecedented use of social media and other Web 2.0 tools to engage with the public, both supporters and voters.

The authors analyse this site from the perspective of e-participation - which as they put it "is a concept that include all the processes of public involvement via information and communication technologies".

Their conclusions:

"When we evaluate the findings of this study in terms of e-participation, we see that www.barackobama.com was a very significant initiative in engaging citizens in the political process. In addition, the popularity and amount of user-created content show the positive reaction by the general public and their willingness to get involved. However, as mentioned before, the analysis of the outcomes of this initiative in terms of e-participation requires a deeper research."

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Friday, 16 October 2009

Google's Drummond & internet free speech

Last week I mentioned a recent Policy Exchange event where Google's Chief Legal Officer David Drummond was going to talk about freedom of expression on the internet.

I couldn't go but I managed to find a couple of reports of what was discussed, from:

Both reported him as saying that censorship is a trade barrier and that governments or blocs like the US or EU should require freedom of expression as part of their trade agreements with other countries.

The approach of using trade agreements to achieve broader ends is not new - e.g. effectively requiring countries who want to be party to the trade agreement to beef up the intellectual property rights protection in their jurisdictions, as happened with the WTO Uruguay Round and the TRIPS agreement.

Interestingly also, in the US complaint against China (dispute DS362) under TRIPS, the Panel said in their 2009 report (at 7.50) that the denial under Chinese laws of copyright protection to certain works whose publication and/or dissemination was prohibited in China because of their content (i.e., because they were censored), was inconsistent with China's obligations under the Berne Convention on copyright as incorporated by TRIPS (7.139 of the report).

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Monday, 12 October 2009

Identity fraud up: National Identity Fraud Prevention week report

A report prepared by CIFAS for UK National Identity Fraud Prevention Week, which started today, includes statistics and tips etc on ID fraud (aka identity theft) and account takeover fraud.

See the report entitled The Anonymous Attacker -  A special report on Identity Fraud and Account Takeover, and write ups e.g. by ComputerWeekly and the BBC (which led on firms binning rather than shredding customers' sensitive personal data).

Key findings (as summarised in the CIFAS press release) include:

  • "Over 59,000 victims of impersonation have been recorded in the first 9 months of 2009 - an alarming 36% increase from the same period in 2008
  • The overall number of identity frauds has increased by 33% in the first 9 months of 2009 from 2008
  • Account takeovers have risen by 23% in 2009 when compared with the same period in 2008 - and by a staggering 238% in the last 24 months
  • More than 1 in 2 account takeovers have targeted victims' plastic card (i.e. credit card) accounts
  • Mobile phone account takeovers have already more than doubled in 2009, from 2008 levels
  • The South East London (SE) and Birmingham (B) postcode areas are the fraud hotspots for both identity fraud and account takeover - while, more surprisingly, Guildford (GU) and Reading (RG) both appear in the top ten fraud hotspots for both types of fraud."

The ID Fraud Prevention website has guides on ID fraud prevention, but interestingly you have give them your name, company and email address in order to access the guides - even when you're interested in protection for yourself as an individual so that the name of the company you work for should be irrelevant. Unless I'm missing something?

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Profiling - draft Recommendation on the Protection of Individuals with regard to Automatic Processing of Personal Data in the Framework of Profiling

Draft Recommendation

On 2 October 2009, the Council of Europe's Consultative Committee of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS no. 108) published an 11-pg draft Recommendation on the Protection of Individuals with regard to Automatic Processing of Personal Data in the Framework of Profiling (T-PD-BUR 02 rev 4), following their 25th meeting in September 2009.

I've not had the chance to check it properly against the previous draft (see below), but the definition of "profiling" is certainly different from that in the original draft of 5 March 2009, and in my view should also include "characteristics" as well as "personal preferences, behaviours and attitudes".

For anyone not familiar with the Convention, to quote the Council of Europe's own description (and see also info on the signatories and national implementations):

"In order to secure for every individual, whatever his/her nationality or residence, respect for his/her rights and fundamental freedoms, and in particular his/her right to privacy, with regard to automatic processing of personal data relating to him/her, the Council of Europe elaborated the “Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data” which was opened for signature on 28 January 1981. To this day, it still remains the only binding international legal instrument with a worldwide scope of application in this field, open to any country, including countries which are not members of the Council of Europe."

(Via SCL - which points out the human rights rather than data protection perspective of this draft Recommendation on profiling, and contains details of who to email if anyone has comments on the draft - the consultation deadline is 31 October 2009).

Other useful background

Draft Recommendation of 5 March 2009 (02 rev - I couldn't find 02 rev 3).

Application of Convention 108 to the profiling mechanism - some ideas for the future work of the consultative committee (T-PD), report of 11 January 2008

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Friday, 9 October 2009

Google CLO to discuss internet freedom of expression

On Monday 12 October 2009, David Drummond, Chief Legal Officer and Senior Vice President for Corporate Development at Google, is going to be discussing freedom of expression and communication on the internet at a Policy Exchange event in London:

"Principally, David will be discussing:

  • What happens when reportage comes not from a select few professional sources, but from a multitude of decentralized observers feeding their social networks?
  • We see a dramatic increase in transparency—and, through the proliferation of sources, in credibility. This “reported reality” informed coverage of the recent demonstrations in Iran.
  • In Thomas Jefferson’s vision, citizens who are free to communicate and deliberate make reasonable decisions, and thereby increase wealth and welfare throughout society. The Internet has the potential to make this free and public discourse possible with a speed and reach that Jefferson could not have imagined.

He will also be taking questions from the floor."

I'd love to go but won't be able to, and I suspect it's too late to sign up for Monday anyway - but if anyone reading this is interested in going, try emailing them - and do let me know how it goes.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.

Tuesday, 6 October 2009

UK Supreme Court - and no broken links, unlike government departments!

So the UK Supreme Court officially went into action yesterday, replacing the House of Lords' Appellate Committee and the Judicial Committee of the Privy Council.

One good thing at least is that they've not broken the links to the judgments of the old House of Lords; the archive has been kept under the same URL as before.

Totally different from the name changes we had to endure with the Department of Trade & Industry to the Department of Business, Enterprise and Regulatory Reform and now the Department for Business, Innovation and Skills (combining with the Department for Innovation, Universities and Skills) - notice this law librarian's lament on the DTI to BERR change, and of course they still keep breaking our links and bookmarks over and over again.

See also on DBIS the report by the BBC and on the "rebranding" of the Department for Communities and Local Government to "Communities and Local Government" (CLG) the Daily Mail. All funded out of taxpayers' pockets, not the marketing people or politicians whose whims these idiotic name changes are.

Maybe they think if we can't remember what a department is called because they keep changing their names, citizens won't try to contact government departments or figure out what sort of job they're doing. But if they're going to do it, why not spend just a bit more money implementing forwarding? Why do they have to break our links as well?

If you think I'm cross about all this, you'd be right.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.