Will the EU Ever Stand up for Its Citizens?

This spinelessness is just sickening in the extreme:

The United States and the European Union are nearing completion of an agreement allowing law enforcement and security agencies to obtain private information — like credit card transactions, travel histories and Internet browsing habits — about people on the other side of the Atlantic Ocean.

The potential agreement, as outlined in an internal report obtained by The New York Times, would represent a diplomatic breakthrough for American counterterrorism officials, who have clashed with the European Union over demands for personal data. Europe generally has more stringent laws restricting how governments and businesses can collect and transfer such information.

- Laws which are apparently being chucked away purely because America wants to disregard them. This is what happens when European governments mouth fatuities about the so-called "war on terror": they then get hoist by their own rhetorical petard.

What's amazing is that probably 90% of Europeans would be against giving this kind of data to the US if they were ever offered any way to choose. Which they won't be, of course: that's democracy?

Walking Three Tightropes

On Open Enterprise blog.

A Privacy Disaster Waiting to Happen

I was already teetering on the brink of opting out of the NHS patient database; this just pushed me over:

A new national database of confidential patient records is being opened to access by NHS staff who need no professional qualifications - despite official assurances that records will only be accessed by specialists who are providing care or treatment.

A document obtained by Computer Weekly under the Freedom of Information Act also provides evidence that NHS Connecting for Health - which runs part of the £12.4bn National Programme for IT [NPfIT] - has quietly decided to weaken assurances given to patients about the confidentiality of records.

Doctors are angry because they say that patients were given an assurance that non-clinical staff would be unable to access the national summary care record database which is being trialled at NHS trusts in various parts of England.

Just How Healthy Will Google Health Be?

Ah, yes, Google Health:

Due to the sensitive and personal nature of the data that will be stored in Google Health, we need to conduct our health service with the same privacy, security, and integrity users have come to expect in all our services. Google Health will protect the privacy of your health information by giving you complete control over your data. We won't sell or share your data without your explicit permission. Our privacy policy and practices have been developed in thoughtful collaboration with experts from the Google Health Advisory Council.

All highly laudable.

So what happens when somebody turns up on Google's doorstep with a warrant, demanding information about an individual? Presumably, it will fight. And what happens when somebody *doesn't* turn up on Google's doorstep with a warrant, but just wants a quiet chat about the records of someone who is - because the US government says they are, but can't reveal the details because it's a state secret - a terrible wicked evil terrorist, and anyway has a funny-sounding name? Will it fight for them, too?

Privacy Trumps Copyright in EU?

This could be big:

Today the German Constitutional Court decided that the state may not engage in surreptitious surveillance of information technology systems. The case, a constitutional complaint against a law permitting such surveillance by intelligence services, was decided on the basis of a new human right in the confidentiality and integrity of information technology systems.

...

The decision may have a dramatic impact in relation to the constitutionality of protected rights management information systems deemed to protect copyright. Where a supplier of copyright works manipulates data stored on a customers computer, or where personal data are being collected in order to allow the right holder to trace the use of works supplied online, it appears that if the customer can invoke the new right there is little left to argue for right holders that such means are necessary to protect copyright.

Now let's watch this ripple through the European Union until it reaches that nice Mr Brown and his plans to get heavy with ISPs over alleged copyright infringements on their networks....

Schneier on the False Dichotomy

Once more, Brucie tells it as it is:

Security and privacy are not opposite ends of a seesaw; you don't have to accept less of one to get more of the other. Think of a door lock, a burglar alarm and a tall fence. Think of guns, anti-counterfeiting measures on currency and that dumb liquid ban at airports. Security affects privacy only when it's based on identity, and there are limitations to that sort of approach.

When are they going to make this man President of the USA?

An Intellectual Approach to File Sharing

I've always assumed the Swedish Pirate Party were a bunch of anarchists who wanted to cock a snook at authority by disrupting one of its precious intellectual monopolies, and have some fun along the way.

I was wrong.

It turns out that there is some pretty deep thinking behind what they are doing, as evidence by this fascinating interview with Rick Falkvinge, founder and the leader of the party:

What was remarkable was that this was the point where the enemy - forces that want to lock down culture and knowledge at the cost of total surveillance - realized they were under a serious attack, and mounted every piece of defense they could muster. For the first time, we saw everything they could bring to the battle.

And it was... nothing. Not even a fizzle. All they can say is "thief, we have our rights, we want our rights, nothing must change, we want more money, thief, thief, thief". And shove some poor artists in front of them to deliver the message. Whereas we are talking about scarcity vs. abundance, monopolies, the nature of property, 500-year historical perspectives on culture and knowledge, incentive structures, economic theory, disruptive technologies, etc. The difference in intellectual levels between the sides is astounding.

So now we know what the enemy has, and that they have absolutely nothing in terms of intellectual capital to bring to the battle. They do, however, have their bedside connections with the current establishment. That's the major threat to us at this point.

Intellectual capital? Hm....

And then he goes on to make this important point:

The people who have been led to believe that file sharing can be stopped with minimal intrusion are basically smoking crack.

Early on in the debate, we dropped the economic arguments altogether and focused entirely on civil liberties and the right to privacy. This has proven to be a winning strategy, with my keynote "Copyright Regime vs. Civil Liberties" being praised as groundbreaking.

The economic arguments are strong, but debatable. There are as many reports as there are interests in copyright, and every report arrives at a new conclusion. If you just shout and throw reports over the volleyball net at the other team, it becomes a matter of credibility of the reports. When you switch to arguing civil liberties, you dropkick that entire discussion.

Obviously I need to pay more attention to these people.

Data Non-Ownership

There has been a bit of a kerfuffle over Robert Scoble's run-in with Facebook. In this clear-headed analysis, Ed Felten points out that the problem is everyone tries to frame it in terms of who owns the personal data on Facebook:

Once we give up the idea that the fact of Robert Scoble’s friendship with (say) Lee Aase, or the fact that that friendship has been memorialized on Facebook, has to be somebody’s exclusive property, we can see things more clearly. Scoble and Aase both have an interest in the facts of their Facebook-friendship and their real friendship (if any). Facebook has an interest in how its computer systems are used, but Scoble and Aase also have an interest in being able to access Facebook’s systems. Even you and I have an interest here, though probably not so strong as the others, in knowing whether Scoble and Aase are Facebook-friends.

How can all of these interests best be balanced in principle? What rights do Scoble, Aase, and Facebook have under existing law? What should public policy says about data access? All of these are difficult questions whose answers we should debate. Declaring these facts to be property doesn’t resolve the debate — all it does is rule out solutions that might turn out to be the best.

This is going to become an even bigger issue in the future - which makes sensible thinking about it all-the-more necessary and valuable.

Coming Through Loud and Clear?

if everything you hear is always recorded, if your phone can be active with no external indication, if your main lines of communication can be tapped or hacked, the potential for Big Brother abuse grows exponentially. privacy concerns loom, piracy is facilitated, and safety issues escalate (hopefully, by the time earpods replace cell phones, cars will be driving themselves!) new forms of public and private behaviour will develop; work and personal relationships will evolve based on previously nonexistent modes of communication; new digital divides (those that can iHear vs those that can't) will deepen.

Imagine if this stuff is only closed source: let's get some open source hackers working on it fast. (Via O'Reilly Radar.)

Google Profile Keeps a Low Profile

Google Profile is with us, just about:

A Google Profile is simply how you represent yourself on Google products — it lets you tell others a bit more about who you are and what you're all about. You control what goes into your Google Profile, sharing as much (or as little) as you'd like.

And here's the sting in the tail:

Use multiple Google products? Soon your Google Profile will link up with these as well.

In other words, despite its ultra low-profile launch, Google Profile will be the nexus of everything you do on Google.

Eeek.

SWIFTly Out of the Frying Pan...

...it seems:

The supervisory board of SWIFT has approved the plans for the restructuring of the systems architecture of the financial messaging network the outlines of which had been known for some time. The core of the realignment is the creation of a global data processing center in Switzerland.

And into the fire:

To this will be added a command-and-control center in Hong Kong.

So now it will be the Chinese eavesdropping on our financial transactions, not the Americans. Oh well, at least it reflects the world's coming New Order....

The Story of Our Lives

TechCrunch notes the rise of a new class of services:

part blogging, part genealogy and part something unique. They are focused on the very long term - getting and then keeping customers for decades, and encouraging friends and especially family members to join, too. Once they’re hooked, they’ve spent so much time building content that they are very unlikely to ever leave.

Nicely viral, obviously, but what really interests me is the potential of making all of this information freely available across the Net, rather than just locking it in silos (as I imagine much will be). Imagine an intelligent spider, searching, sifting and correlating the information: it would allow a tapestry of life to be spun across the entire planet (or at least those parts using such sites). Tricky privacy issues, of course....

Google Health...

...is coming. And you thought the privacy issues of using Google were bad now. (Via John Battelle.)

Why "Nothing to Hide" Has Nothing to Do With It

Openness, privacy and surveillance are locked in an eternal, complex dance. One of the commonest ploys of the surveillance mob is to invoke the "if you have nothing to hide, you have nothing to fear" idea. Here's a detailed, if slightly legalistic, picking apart of that trope - noting, rightly, that the question itself is skewed. (Via Slashdot.)

Privacy Through Openness

Hm, a novel approach:

So it dawned on him: If being candid about his flights could clear his name, why not be open about everything? "I've discovered that the best way to protect your privacy is to give it away," he says, grinning as he sips his venti Black Eye. Elahi relishes upending the received wisdom about surveillance. The government monitors your movements, but it gets things wrong. You can monitor yourself much more accurately. Plus, no ambitious agent is going to score a big intelligence triumph by snooping into your movements when there's a Web page broadcasting the Big Mac you ate four minutes ago in Boise, Idaho. "It's economics," he says. "I flood the market."

Identifying ID Card Flaws

As costs for the hare-brained UK ID Card continue to spiral out of control, the LSE has put together a timely submission to the House of Commons Home Affairs Committee inquiry into “A surveillance society?” that picks apart the current scheme's weaknesses.

Google Web History: Fantastically...What?

This looks really cool:

Web History: All the web sites you visit, at your fingertips.

* View your web activity.
* Search the full text of pages you've visited.
* Get personalized search results and more.

But frankly, I'm far too frightened to install it. The idea of not just giving all this data to Google (based in the US, remember, with that nice Mr. Bush in charge), but authorising it to track my every move online....Nein Danke. (Via Vecosys.)

Where in the World Are You?

Talking of Google's growing power:

Once again ... the average person has NO idea they are now going to have even more records kept of every place they have marked or annotated, and when they did it. Google continues to gather even more information about you ... who you are ... what you do ... where you do.

(Via weaverluke.)

Searching for an Answer

It was the arrival of the first-generation search engines like Yahoo and Lycos in the mid-1990s that turned a collection of disparate online data into a usable source of information. Today, Google's pivotal role in online activity is even more pronounced.

So it's no surprise that people are working on search engines for Second Life - the thinking being that once you can find anything there, it will be even more useful as a tool. But in virtual worlds, it's not so simple:

Second Life isn't the same as the World Wide Web (at least in how its users perceive it), and probably shouldn't be treated the same way as web pages, routinely scanned by search-engine bots. I'm pretty sure that Linden Lab would prefer to that Second Life be as permeable and open as the WWW, but it's got to take a definitive step in this direction. Currently, there is no true public data in Second Life: Linden Lab owns the data comprising the world, including user avatars and objects. On the other hand, the company's Terms of Service indicate that invasions of privacy are prohibited (section 4.1). I don't understand how user-privacy even exists in a world owned by one private entity. Any shift in resident privacy-expectations Second Life is ultimately up to Linden Lab, which hasn't seemed to have decided whether Second Life is a country or an internet--whether it is a government presiding over population of residents, or a service-provider to hundreds of thousands of users.

The problem is that most people put stuff on the Web because they want others to find it: there is a conscious act of exposing stuff there. In Second Life, people (naively) assume that it's "like" real life, in the sense that virtual objects are private unless explicitly exposed. Alas, no: anything in Second Life is just data, and as such susceptible to being farmed by search bots. As the post above points out, people must now decide now much privacy needs to be built into the system. Where the dividing line should be drawn between private and public in the virtual world is not at all obvious.

It's (Open) Party Time!

For anyone in Swinging London 2.0 next Wednesday, the place to be is the Open Rights Group party:

It will be a night of public domain and openly licensed music, remixed visuals and free culture goodie bags, with an uber-geek raffle which includes the opportunity to be written in to Cory Doctorow's next book, or receive a signed keyboard from our patron Neil Gaiman. Danny O'Brien, who founded the ORG pledge, will be speaking.

And if you were wondering,

The Open Rights Group is a new and fast-growing NGO focused on raising awareness of issues such as privacy, identity, data protection, access to knowledge and copyright reform.

All things that are likely to be dear to readers of these pages.