02 September 2011

Liberty, Equality, Fraternity, Monopoly

Just when you think that Sarkozy can't get any worse, he does:

Le ministère des affaires étrangères a fait savoir que la France ne souhaite pas signer de déclaration de l'ONU favorable à la défense des droits de l'Homme sur Internet tant qu'il n'y aura pas de consensus sur le fait que la liberté d'expression et de communication ne prime pas sur les autres droits, en particulier la propriété intellectuelle.
[Google Translate: The Foreign Ministry said that France does not wish to sign a UN declaration favorable to the defense of human rights on the Internet until there is no consensus on the fact that freedom expression and communication does not take precedence over other rights, including intellectual property.]

And in case you were wondering what that might mean, here it is spelled out:
Car le gouvernement a beau jeu de rappeler que "la liberté, le respect de la vie privée et de la propriété intellectuelle" sont tous des droits fondamentaux de même niveau, et que "la France estime qu'il ne doit pas y avoir de hiérarchie entre ces droits".
[Google Translate: Because the government has an easy to remember that "freedom, respect for privacy and intellectual property" rights are all at the same level, and that "France considers that it should not be a hierarchy between these rights. "]

 That is, Sarkozy believes that the right to an intellectual monopoly - the right to *exclude* people from knowledge - is absolutely equal to the fundamental right to freedom.

This is a sad come-down for a nation whose modern origins were based on the idea of freedom in contradistinction to the privilege and oppression of the Ancien Régime it replaced. It also runs completely counter to France's interests.

After all, it is no secret that French language and culture are in steep decline from their former positions of global leadership.  Indeed, France spends considerable amounts of money promoting "Francophonie" in an attempt to halt the slide.

The worst thing the French government can do would be to make it *harder* to access French culture in the form of literature, music, films, etc through increasingly punitive enforcement of outdated copyright laws.  Instead, it should be encouraging all the relevant industries to make their wares available as widely as possible - if necessary through subsidies.

And yet Sarkozy seems to regard supporting his fat-cat chums in the copyright industries as more important than truly helping the broader culture French culture, or even - heaven forfend - supporting universal ideals like freedom.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

01 September 2011

Open Data: Help "Make it Real"

As I indicated yesterday, I have serious doubts about the UK government's policy on copyright. But while that has been something of a disappointment to me - I naively hoped for better - its work on open data, by contrast, has exceeded my expectations.

It has already made a number of important moves in this area, and with a major new consultation - bearing the rather splendid title “Making Open Data Real” - it looks like it intends to move further toward openness in this area. Not only that, but is actually asking for our views on many aspects. This is quite unlike its approach for copyright enforcement, where it is trying to push through all kinds of stupidities and hope that no one notices, so I suppose we should be grateful for small mercies.

On Open Enterprise blog.

Cents of Entitlement

The "copyright levy" - typically a charge levied on blank recording media such as audio tapes, CDs and DVDs - is a total anachronism. If it ever had a justification - and I don't believe it did - it was that once upon a time the only content that existed came from "professionals"; if you were making a copy of a song or a video, it was, almost by definition, made by somebody else, and so, the argument went, you "ought" to be paying for something for it, since it might be an "unauthorised" copy.

Of course, the big flaw in this approach was that by demanding (and often obtaining) such a levy, the copyright industries lost their right to complain about those "unauthorised" copies. After all, they were being paid for them, just not through the traditional outlets.

But of course, greedy little things that they are, the copyright companies wanted their proverbial cake and to eat it; and so it has arrived at the ridiculous situation that in many countries they get the levy and still have the cheek to push for ever-more punitive action against that "unauthorised" sharing.

Today, of course, even that supposed logic about paying for unauthorised copies through a levy on recorded media doesn't really hold. We have entered an era of democratised creation, where most people in the West, and many elsewhere, have started taking photos and making videos. This means that an increasingly large proportion of the digital files stored on those blank media are probably yours, and have nothing to do with "professionals". So at the very least that copyright levy, where it exists, should be progressively reduced to reflect that new situation.

But that's not what's happening. Indeed, some not only expect to receive those old levies as a right, but want more:

The copyright industry never seems to have had enough. Starting today in Sweden, they demand a private tax for external hard drives and USB memory sticks.

The tax they demand is about 9 euros for an external hard drive, or 10 eurocents per gigabyte for USB memory sticks. They have previously demanded a tax for cassette tapes, which was how this private taxation right started, and gradually expanded it to blank CDs and DVDs, as well as media players with built-in hard drives. Yes, that includes the latest game consoles — Swedish kids pay about 15% tax to the copyright industry on a Playstation 3.


This is entitlement at its most blatant, and it's time to put a stop to it. Assuming that doesn't happen (after all, if the copyright industries lose this source of income, how will theypay for all the fat cats' salaries?), the quid pro quo should obviously be for those industries not only to drop their calls for punitive copyright enforcement, but to accept, publicly, that these levies actually give the public a right to make copies and to share them.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

31 August 2011

Politicians Start Getting Digital Copyright Right

As readers of this blog probably recall, the passage of the Digital Economy Act was one of the most disgraceful episodes in the history of the last government, pushed through as it was with minimal debate, and largely at the behest of industry lobbyists.

If the present coalition had wanted to prove that it was making a clean break with the past, one way would have been to repeal the Digital Economy Act and to start again, taking things calmly and with input from all interested parties. Sadly, that has not happened, and disturbing evidence is emerging that, on the contrary, the current government is just as bad as the last lot, as James Firth's blog post reveals:

On Open Enterprise blog.

Welcome to Moody's Microblog Daily Digest

I joined Twitter on 1st January 2010 as an experiment. I wanted to see whether this trendy thing had any real merit, or was simply the latest fad that would come and go. I was was soon disabused of my prejudices about it being just for posting about what you had eaten for breakfast. Indeed, I discovered that the presence or absence of such culinary info was a very quick way of deciding whether someone should be unfollowed or not.

I was particularly impressed at the many different ways that people used Twitter. For some, it was truly an online diary, recording what they did, often in exhaustive (and exhausting) detail. For others, it was a way of passing on news far faster than traditional outlets. And for some it was evidently a real microblog – a way of publishing extremely short piece of information with optional comments.

This turned out to be the way that I felt Twitter was most useful, and my own use soon conformed to this model. I realised that it solved a problem with blogging that I had been wrestling with for a while. I frequently came across stories that warranted passing on, but which looked decidedly thin when posted to one of my blogs. What I wanted was a quick way of saying: “hey, take a look at this – it's good/bad/stupid/funny/horrible” without needing to come up with anything more detailed in terms of analysis. What I wanted, it turned out, was Twitter.

As my followers there (and later on identi.ca and Google+) will know, I soon lost control completely, and started posting dozens of microblog posts a day. Indeed, I have had several people unfollow me because they say I post too many interesting links, which stops them working....

But for all that I feel my microblogs work well on their own terms, there is one huge problem. I have apparently posted some 43,000 of them in the last 20 months (really? How posts fly by when you're having fun...). Quite a few of them have useful information that I like to refer to. But it is a truth universally acknowledged that Twitter's search function is pretty useless. Even though I have supplemented this with bit.ly, which has its own search feature, it frequently happens that I can't find that super important link I posted a few months ago.

This is not just frustrating, it is becoming a serious problem. It means that the not inconsiderable effort that I put into choosing my links and commenting on them is effectively going down the digital drain.

So, in an attempt to preserve at least some of the more interesting posts, I have set up a new blog called, with stunning originality, “Moody's Microblog Daily Digest.” As its name suggests, each day this will provide a digest of those microblog posts that I think are worth keeping. These will be posted in an entirely minimal format, simply a paste of the microblog content – don't look for any prettiness here.

This will, I hope, have two advantages.

First, it will allow Google's not inconsiderable search engine capabilities to index stuff on the new site. That means any post should be retrievable by me and anyone who feels the need. Secondly, it offers an alternative way to deal with the Moody flood: not only will it be a pared-down list of microblog posts, but it will be one-per-day (I aim to update it during the day, and then close it at the end, although I'm not sure if that will mean multiple appearances in RSS readers...) This might help those who find that you can have too much of a good thing....

Obviously, I'll be reviewing how things go, and would appreciate any comments along the way as this latest experiment progresses.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

17 August 2011

What Does Motoroogle Mean?

I am really quite relieved Google is trying to acquire Motorola Mobility. Not because I think it will solve all the problems of Android - it's far too early to say anything like it; but simply because, at last, Google has done something that might begin to address them.

On Open Enterprise blog.

15 August 2011

Rotten to the Core

Back in April, when Apple sued Samsung in the US, I noted that Apple's claims seemed pretty over the top - basically claiming that any rectangular tablet computer with rounded corners and a border was a copy of the iPad.

Well, things seemed to have escalated since then, with the battle being brought to Europe:

On Open Enterprise blog.

14 August 2011

Patents: Just Do the Maths

As I've noted, there is an sudden efflorescence of writing about the ills of the patent system. Obviously, on one level, that's great, but it's also becoming a little, er, boring. It means there are no contrary ideas to engage with, and that's dangerous for the health of the discussion, I think.

So I was really delighted to come across this post:

In the past few months, this rhetoric has grown to a furious roar, as the patent system seems to be affecting more and more of the technology industry in a negative way: small mobile app developers have been targeted with spurious lawsuits from companies that make nothing, major players like Apple, HTC, and Samsung are locked in patent-related litigation, and a pair of multibillion-dollar patent auctions has sparked an unprecedented war of words between Microsoft and Google. The most passionate critics loudly argue that whatever benefits our current patent system might offer have now been exceeded by its costs; that resources that should otherwise go to the development of new ideas are instead being misspent on the overzealous protection of the old.

This line of thinking has been so forcefully and insistently repeated that it has become almost axiomatic, an intellectual and rhetorical cheat that is rarely (if ever) questioned. But it’s also wrong — painfully wrong, in ways that sabotage any real attempt at reform. Being loud and angry is a great way to get attention, but it’s a terrible way to actually get anything done — especially since most of the emphatic chest-pounding sounds like a slightly dumber version of an argument we’ve been having in this country since Thomas Jefferson was appointed the first head of the Patent Office.

Splendid stuff - totally wrong, but splendid.

The article really makes two big claims. I'll address the second of them first, since it's more specific, and then look at the more general argument used.

If “the patent system is broken” is a lazy rhetorical cheat, then “software patents shouldn’t be allowed” is the most completely vacuous intellectual cop-out possible. The problem isn’t software patents — the problem is that software patents don’t actually exist.

What we keep calling “software patents” are just regular old patents; there is no special section of Title 35 that specifically delineates between hardware and software, or software and machinery, or software and anything else you might dream up. I don’t know when it became fashionable to pretend software patents were some funky and terrible new phenomenon, but it hasn’t always been this way: Y Combinator co-founder Paul Graham’s 2006 essay “Are Software Patents Evil?” remains one of the best holistic analyses of the software patent issue I’ve ever read, and it opens with “if you’re against software patents, you’re against patents in general.”

Well, yes, being against patents in general is certainly my position, but I don't think the author was looking for that kind of response. Instead, I'll explore his specific argument why software patents are just like any other kind:

But look a little closer and it’s easy to see that the boundaries between “just math” and “patentable invention” are pretty fuzzy. Every invention is “just math” when it comes right down to it — traditional mechanical inventions are really just the physical embodiments of specific algorithms. Consider the TurboTap long-necked draft beer nozzle, which was developed by a University of Wisconsin student named Matthew Younkle and granted US patent #7,040,359 — it pours beer faster and with less foam because of its long shape and internal structure. (I’ve conducted extensive… testing.) Isn’t that just a clever application of fluid dynamics? Where do you draw the line between the math that enables the invention and the invention itself? These aren’t easy questions, and we’re just talking about a beer tap. Things get even fuzzier when it comes to software, which doesn’t have a physical component to comfort our sense of justice. It really is just a bunch of math.

Now, speaking as a mathematician, I certainly concur with the view that everything is "just maths" in a certain deep sense: that is, we believe that we can, *in theory*, use maths to describe anything that exists. But in practice, some bits are trickier than others.

For example, take that TurboTap. As the author rightly notes, this is a "clever application of fluid dynamics" - except that it isn't. Fluid dynamics is one of those inconvenient bits of maths that we can't generally solve: the equations are just too complicated. Maybe one day some clever mathematician will come along with a clever method that will allow us to solve this stuff exactly, but I'm not holding my breath.

So what does this mean for the TurboTap? It means we can't design it using maths, because the instabilities of turbulent flow - which is pretty much all real-life flow - can't be calculated exactly. So the only way to design a TurboTap is to make lots of them, and find out which works best. In other words, you really have to *invent* the thing, because it's not discoverable from maths alone.

The same is not true of software. Although there are deep issues of checking whether programs work, the logic of a computer program is cast-iron: there are no fuzzy bits due to turbulence. If you simply apply the laws of logic and maths, you know exactly what will come out at the other end. So you are not inventing, you are discovering: those structures were always implicit in - and limited by - the rules of logic and maths, unlike the TurboTap that required human intervention to make it come into existence through practical exploration of Nature's unmapped possibilities.

This fundamental distinction between software patents and the other kinds is reflected in all the problems that are cited with the former: the fact that they are patents on knowledge, and the fact that you often can't invent around such patents, because that's like trying to invent around logic.

Most commentary has concentrated on the claims about software patents, but there is another that I think needs rebutting, since at its heart lies a profound misapprehension about patents today.

Here's the key paragraph:

Now, you can argue about the length of the patent grant, and about what specific inventions should be granted patent protection — these are all important and ongoing arguments. But the fundamental basis of the patent system is full disclosure from the inventor in exchange for an explicitly limited term of protection, and any effort to identify problems and reform the system has to respect the value both sides derive from that exchange.

That's certainly true, but the question that needs to be asked is whether the benefit obtained from patents through such disclosure is now being outweighed by the cost to companies and society of the litigation over patents that the growing patent thickets are giving rise to.

As I've argued elsewhere, the key issue here is that the patent system was created in the 15th century, when inventors and inventions were scarce; disclosure was extremely valuable for the reasons the article rightly emphasises. Today we live in a world of inventive abundance: there is simply no shortage of inventors or inventions. So we no longer need to pay the price of granting intellectual monopolies to people. People will still invent and make money from their inventions even if they are not protected by patents. Because the fewer patents there are, the more valuable each becomes, which encourages more people to invent until equilibrium is attained.

Ironically, the article I've been exploring provides a good example of why the patent system is grinding to a halt, and why it is simply not sustainable.

In his discussion of disclosure, the author points to Apple:

all those Apple multitouch patents are more than just attempts to prevent competitors from using a specific technology — they’re also detailed instructions for building that exact same technology in the future. Here’s a part of US patent #7,812,828, which Apple’s particularly fond of asserting in lawsuits: it lays out a system for tracking multiple finger and hand inputs on a multitouch surface and correctly filtering them.

(Amusingly, the two equations that follow, presumably quoted to impress us with their mind-bending complexity and originality, turn out to be a formula of speed - distance divided by time - and basic Pythagoras. Both are important, but of course trivial from a mathematical viewpoint....)

The patent in question is for "Ellipse fitting for multi-touch surfaces". As is customary, it begins by listing all the other patents that it cites. By my rough count, there are over 250 such citations of relevant technology. Judging by the dates they were granted, most of them still seem to be in force.

Now, some of them belong to Apple, but most of them do not, as far as I can tell. Since they are cited, they presumably have some relevance to the current invention, at least in terms of forming the intellectual background against which it was devised. I wonder how many Apple has needed to licensed because of that. After all, if it cites them, presumably at least some potentially represent important inventions that Apple is building on directly. Moreover, the ability for patent holders to block others from using its invention in further inventions means that there only needs to be *one* patent that its owner refuses to licence, and Apple has a problem.

I don't know about the particular details here - it might be that the citations are sufficiently distant from Apple's patent that they are not an issue. But 250 citations is a big number, and the bigger this number gets in patent applications, the more likely that at least one of them will demand royalties or block the new patent. Indeed, we are already seeing just such problems in the area of smartphones, where the patent thickets are already hampering innovation, and raising prices for customers as a result.

It's this downside of patent abundance that is the problem today. But as I've suggested, patent abundance is also the solution, because it means we don't need to provide an incentive to invent stuff any more.

The main problem with the post discussed here is that it doesn't step back to look at the bigger picture. Although it rightly discusses the original rationale of patents, it fails to relate that to the very different circumstances surrounding inventing today. When you do that, you find that abolition really is just a question of doing the maths.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

13 August 2011

Shutting Down... the West

The pundits have only just begun to offer their weighty thoughts on the subject, but already one of the key threads to emerge in discussions around the riots in England and Wales has been technology - specifically, social networks.

On Open Enterprise blog.

12 August 2011

Solving Microsoft's Hard Problem

Microsoft has a problem to solve. On the one hand, open source is not going away – its distributed, modular and iterative approach clearly has many advantages compared to traditional top-down development techniques when it comes to writing and maintaining complex code. On the other hand, Microsoft has spent over a decade propagating variegated FUD against it (although it's true that it has adopted a more accommodating stance in recent years, what with the release of odd bits of code under open source licences, and various attempts to snuggle up to some open source projects).

Still, Microsoft's basic stance remains the same: free software is OK for certain, limited situations, but for serious, enterprise-y stuff you need honest-to-goodness closed source. Given that, how can it begin to tap into the power of open source for its major projects without seeming to admit it got it all wrong, and that open source is actually a better approach?

On The H Open.

11 August 2011

Plutocrats and the New Soviet Union

One of the joys of reading blogs is that you get to follow writers who are focussed on one particular area, and who, as a result of that almost monastic concentration, are able to produce insights of sudden insight unavailable to otherwise skilled wordsmiths who write more generalist pieces.

Here's one such gem that caught me by surprise as I finally came across it in my overburdened RSS reader:

an extreme concentration of wealth at the center of our market economy has led to a form of central planning. The concentration of wealth is now in so few hands and is so extreme in degree, that the combined liquid financial power of all of those not in this small group is inconsequential to determining the direction of the economy. As a result, we now have the equivalent of centralized planning in global marketplaces. A few thousand extremely wealthy people making decisions on the allocation of our collective wealth. The result was inevitable: gross misallocation across all facets of the private economy.

...

The result of central planning in the US has finally hit the wall. The list of problems is endless. The misallocations range from the dangerous $600 trillion derivatives market to the destruction of the US middle class (by exporting jobs and the substitution of income with debt).

Oh, yes; of course.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Why Does Computacenter Fear Openness?

One of the key recent shifts in government policy has been a move towards openness. But this is not from some deeply-held belief that “it's good to share”; it is simply a recognition of the fact that the public has a right to know how its money is being spent. It also flows from the fact that when people are aware that their decisions will be scrutinised, and that they may have to justify their assumptions and logic, they tend to think a little harder and more deeply about what action to take.

On Open Enterprise blog.

09 August 2011

When in Romania...

Last year, one of the key themes of this blog was the battle over version 2 of the European Interoperability Framework, and its definition of open standards. As I noted in December, that battle was essentially lost, thanks to the following sentence:

On Open Enterprise blog.

In Praise of the World Wide Web, Openness and Sharing

As you may have gathered, the World Wide Web celebrated its 20th birthday recently, since it was publicly announced for the first time on 6 August 1991. I came to it relatively late, at the beginning of 1994, but it has nonetheless been a privilege to watch it grow from relatively humble beginnings as a tool for researchers, to its present central role in modern society.

On Open Enterprise blog.

07 August 2011

Patent Absurdity Becomes Absurdly Patent

Something wonderful has happened over the last few weeks: more people have woken up to the threat that patents represent to innovation.

I'd like to think that it was my call to abolish patents completely that started this, but it's more likely to have been the NPR feature that got people aware of this.

As well as NPR's own follow up, Forbes joined in with a call for software patents to be invalidated, and we even saw The Economist belatedly waking up to the reality of this intellectual monopoly.

And still they're coming. Here's Mark Cuban putting his oar in [update: and here's his solution - abolish software and process patents], while Dave Winer concluded a piece with the memorable line:

These guys [referring to Nathan Myhvold et al.] are so perfectly evil and on such a huge scale, it's as if they were out of a DC Comic.

Finally, we even had Dilbert on the subject.

So, now that everyone with a brain agrees there's a problem with patents, how about really trying to solve it?

Follow me @glynmoody on Twitter and identi.ca, or on Google+

05 August 2011

Is Format Shifting a Big Giveaway?

Yesterday I wrote about the BPI's reaction to the UK Government's response to the Hargreaves Report. Not surprisingly, the Musicians' Union (MU) also has a view here, specifically about proposals to allow format shifting:

In response to today’s government announcement of a consultation on a new exception to UK copyright law which would legalise the act of making a private copy of a CD, the MU has called for a fair compensation scheme to be introduced.

So why might that be? The MU has an interesting analogy:

“The device manufacturers readily pay for patents and the like on each device sold and yet the act of copying onto these devices the very content that the consumer is most concerned with – music, is not currently generating any income for the creative individuals who compose and perform and entertain the public.”

It's fascinating to see one intellectual monopoly being used to justify another. But what this overlooks is that manufacturers do not "readily" pay for patents: they are forced to do so by the government - which, of course, is precisely what the MU wants for its "fair compensation scheme".

Except that it's not fair. The MU says the music-playing device "is not currently generating any income for the creative individuals who compose and perform and entertain the public": why on earth should it? The musicians had nothing whatsoever to do with that device; they didn't design it and they didn't make it. It might never play any music, but be used for playing back recordings made in the home or outdoors, for example.

And if it does play back format-shifted music, the point is that by definition it will come from another a medium like a CD that the customers have already paid for - that's why it's called "format shifting". That means that the musicians will also have already been paid. So why should they be paid again for doing precisely nothing?

The MU's statement here is a real giveaway in the sense that it reveals the abiding and ingrained sense of entitlement that pervades all the creative industries. They are not content to be paid once like most people, but want to be paid again and again.

That is also evident in the concluding paragraph:

The Union has been robust in its opposition to this proposal and UK Music has adopted the MU position and is making the case for fair compensation to be made in return for the introduction of an exception. As part of this UK Music is examining the economic tool of ‘choice modelling’ to determine the value that the ability of being able to store music adds to devices such as the iPhone in order to present a robust argument to Government.


Again, even assuming that such a value exists, there is no reason that musicians should receive any more payments for it. That value has already been factored into the price of the music when it was bought, in whatever form, and into the compensation paid to the musicians who made it - that's how markets work.

Arguing the contrary makes as much sense as arguing that the existence of devices like music players and smartphones increases the value of the music played on them, because people are willing to pay more to have this useful extra capability. By the MU's logic, musicians should therefore pay a levy to device manufacturers for this added value the latter create for artists.

Of course that's absurd - as absurd as the MU's proposals that musicians should be paid again for the fact that you might actually play digital music on a digital device. The point is that all these kinds of "value" are already factored into the prices we pay.

Trying to argue that musicians deserves a cut of some of this nominal value is yet another example of the fantasy-based economics the creative industries regularly apply to the digital world. Maybe it's time they "shifted" away....

Follow me @glynmoody on Twitter and identi.ca, or on Google+

04 August 2011

One Thing We Know about the Shady Rats

The news about "Operation Shady Rat" has naturally provoked much interest (as it was intended to....) After all, who could not fail to be impressed by claims like this?


I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact. In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.

Ouch.

You can read the rest of the McAfee post for more details - but not for an answer to the key question: who is doing this? You don't have to be a genius to work out that it's probably one of two large, countries situated in Asia, and personally I'd guess it's the one with lots of people in it, FWIW.

But that's not really what interests me here. Instead, I'd like to focus on this final part of the post:

Although Shady RAT’s scope and duration may shock those who have not been as intimately involved in the investigations into these targeted espionage operations as we have been, I would like to caution you that what I have described here has been one specific operation conducted by a single actor/group. We know of many other successful targeted intrusions (not counting cybercrime-related ones) that we are called in to investigate almost weekly, which impact other companies and industries. This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing.

It's a nice ending to a fascinating piece, but in one respect it's almost certainly not true.

That's because, like just about every similar piece describing massive intrustions of this kind, the McAfee doesn't actually say anything about the platforms that were affected, simply noting:

The compromises themselves were standard procedure for these types of targeted intrusions: a spear-phishing email containing an exploit is sent to an individual with the right level of access at the company, and the exploit when opened on an unpatched system will trigger a download of the implant malware. That malware will execute and initiate a backdoor communication channel to the Command & Control web server and interpret the instructions encoded in the hidden comments embedded in the webpage code. This will be quickly followed by live intruders jumping on to the infected machine and proceeding to quickly escalate privileges and move laterally within the organization to establish new persistent footholds via additional compromised machines running implant malware, as well as targeting for quick exfiltration the key data they came for.

But somebody in the comments asked the obvious question: "Were the initial intrusions all on Microsoft OS machines? Also, was a particular browser targeted?" To which the answer came:

All the malware we’ve seen was Windows-based. There were a variety of vulnerabilities used

Think about that. This massive breach of security, and loss of possibly highly-sensitive information, was all down to two things: the abiding thoughtlessness of people opening attachments, and a range of flaws in Microsoft's software.

So the statement that "the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing" is not true; another class would be those wise enough not to allow any of their personnel to use Microsoft products. We may not know definitively who the Shady Rats are, but we certainly know what they *really* love.

Follow me @glynmoody on Twitter and identi.ca, or on Google+

Hey, BPI, Meet the New Rule: Show Evidence

After the UK Government unveiled its pretty reasonable response to the Hargreaves Report (analysed by me yesterday), the lobbying begins:

Leading trade bodies for the film and music industries have warned the government that it must move quickly to implement an effective system to crack down on pirate websites, after Vince Cable announced that plans to block illegal file-sharing websites have been scrapped.

Geoff Taylor, chief executive of music industry body the BPI, said the government must urgently broker a deal between internet companies and rights holders to implement a fast-track procedure to crackdown on piracy or "a failure to do so will see some of this country's world-leading industries irreparably damaged on this government's watch".

"Every day blatantly illegal foreign sites flout our laws, rip off consumers and musicians and wreak huge damage on our creative sector," he said. "Government must now act urgently to put in place effective means to protect consumers, creators and UK jobs from the impact of illegal foreign sites".

Geoff, I think you missed this bit in the Government's response:

the Government will in future give limited weight in IP policy-making to evidence that is not sufficiently open and transparent in its approach and methodology, and we will make it clear where we are taking this view. IPO will set out guidance in Autumn 2011 on what constitutes open and transparent evidence, in line with professional practice.

So, you say "illegal foreign sites...damage our creative sector": let's see your evidence, including full data and details of its methodology. So far, I've not found a single, independent report that shows this - indeed, the Hargreaves team specifically lamented the lack of this kind of objective research into the effects of file sharing in their report.

You see, the interesting thing is that there is an increasing number of studies - some anecdotal, some more rigorous - that show exactly the opposite: that piracy actually drives more sales (I include links to a few of them in my submission to the Hargreaves enquiry.)

So before you start calling for piracy to be curbed, it might be a good idea to sort out the evidence you will be submitting in support of that: rhetoric on its own is no longer enough. After all, if you find the studies I cite are confirmed by others conducted elsewhere, perhaps on a larger scale, you should actually be calling for *more* piracy, not less....

Follow me @glynmoody on Twitter and identi.ca, or on Google+

03 August 2011

Reviewing the UK Government Response to the Hargreaves Review

I've written a number of columns about the Hargreaves Review, and its generally sensible ideas. But, ultimately, those proposals mean nothing if they are not accepted by the UK government and implemented. That makes today's official response particularly important.

On Open Enterprise blog.

02 August 2011

Time to Adopt the Brazilian Model of Public Software?

A couple of weeks ago, the innocuously-named “Public Administration Committee” of the House of Commons published a rather more surprisingly-named report entitled “Government and IT- "A Recipe For Rip-Offs": Time For A New Approach”. That's pretty much all you need to know - it basically says most of the things many of us have been moaning about in the field of UK IT procurement for years, but with rather more authority.

On Open Enterprise blog.

01 August 2011

Why the UK Cover-up of ISP Spying Proposal?

The documents obtained by FoI requests that I referred to in an earlier post today have proved richer than we expected:

Previously confidential documents detailing Universal Music’s meetings with the former UK government over the Digital Economy Act are revealing a whole lot more than the pair intended. Blacked-out sections now uncovered show that Universal believed that ISPs could spy on their users and hand over information to rightsholders in order for them to sue.

Here's the relevant paragraph that was blacked out in the supplied PDF:

LG: Universal have entered into an arrangement with the Internet Service Provider (ISP) Virgin to target legitimate broadband users with a £10 "all you can eat" offer. There is a commercial risk with this strategy, which could be like "putting a Coca Cola pipe in your house which would then supply the whole street". In return for a fixed fee revenue share Virgin have agreed to anti-piracy measures, including pop-up warnings on screens. As ISPs can monitor the amount of power used by specific users and the sites connected to, it is possible for ISPs to pass on any details to owners of particular rights, who could then get take legal action.

"LG" is Lucian Grainge (CEO, Universal Music Group International).

Now, the idea that he wanted ISPs to spy on users as a matter of course (using Deep Packet Inspection, presumably) is extraordinary, and I'm sure we'll be seeing some interesting legal analyses of that. But I want to consider another question here. By what right did the UK Government try to censor that embarrassing admission?

The FoI covering letter lists various possibilities for such censorship:

Please note that some material has been considered against the following exemptions:

Section 35 (1a) Formulation of government policy
Section 35 (1b) Ministerial communications
Section 40 Personal information
Section 43 Commercial interests

I presume that it was under the last of these that the material was redacted. Looking more closely at the conditions, as explained in the letter:

Section 43 sets out that information is exempted from the right to know if:

The information is a trade secret, or
Release of the information is likely to prejudice the commercial interest of any person (A person may be an individual, a company, the public authority itself, or any other legal entity

Moreover:

This is a qualified exemption. A public authority can only refuse to provide the information if it believes that the public interest in withholding disclosure, outweighs the public interest in disclosing it.

The public interest in knowing about plans to spy on its Internet connection certainly outweighs the public interest in not disclosing (which is zero).

So is this just another case of the UK Government taking the side of the recording industries again, and to hell with the public and their rights, including the right to know what is happening in meetings with their government?

Follow me @glynmoody on Twitter and identi.ca, or on Google+

Something Rotten in the State of...Brazil?

For many years, Brazil has been a shining beacon of how to do it right when it came to openness and sharing. For example, in the field of open source:


Em 2005, entretanto, o Governo Federal licenciou a solução de inventário de hardware e software CACIC (Configurador Automático e Coletor de Informações Computacionais), desenvolvida pela Dataprev, sob a segunda versão da licença GPL em português. Em pouco tempo, uma extensa comunidade de usuários, desenvolvedores e prestadores de serviço formou-se em torno da solução, o que assentou as bases para a definição do conceito de Software Público e para a sua materialização com o Portal do Software Público Brasileiro (SPB). Seis anos depois, a publicação da Instrução Normativa no 01, em 17/01/2011, dispõe sobre os procedimentos para o desenvolvimento, a disponibilização e o uso do SPB. Hoje, mais de 50 soluções já foram disponibilizadas no Portal, há mais de 100 mil usuários cadastrados nele, bem como uma grande quantidade de empresas cadastradas como prestadores de serviços para essas soluções – para algumas delas, são quase 200, espalhadas por todo o território nacional!

[Google Translate: In 2005, however, the Federal Government has licensed the solution for hardware inventory and software CACIC (Auto Configurator and Collector Information Computer), developed by Dataprev under the second version of the GPL in Portuguese. Soon, a large community of users, developers and service providers formed around the solution, which became the basis for the definition of Public Software and its realization with the Public Software Portal (SPB ). Six years later, the publication of the Instruction No 01, on 17/01/2011, sets forth the procedures for the development, provision and use of the SPB. Today, more than 50 solutions have been available in the portal, there are over 100,000 registered users in it, as well as a large number of companies registered as service providers for these solutions - some of them are about 200, scattered throughout the nationwide!]

Brazil was also very forward-thinking when it came to CC-licensed content:

Creative Commons has become a popular word and a media phenomenon in Brazil. The project was not only extremely well received, but enthusiastically embraced by a huge community of artists, starting with Minister Gilberto Gil. And artists are not the only users. Side by side with them, stands the civil society represented by all sorts of NGO´s. And even more surprisingly, the government itself has adopted several initiatives using the Creative Commons model. The website of the Ministry of Culture is entirely CC licensed. Two other important examples include the Ministry of Education creating a portal named “publicdomain.gov” inspired by and using the CC licenses. Also, the largest supporter of the arts in Brazil, the oil company Petrobras, included in its yearly call for proposals a clause recommending works supported by Petrobras to be licensed under a Creative Commons license.

All that happened under the presidency of "Lula". Alas, it's becoming clear that his successor has rather different ideas.

First we had this:

The Brazilian Ministry of Culture has removed the logo of the Creative Commons license from its website. Since Gilberto Gil was ahead of the Ministry (2003-2008), all the content of the website has been licensed in Creative Commons.

The removal has been interpreted by the Brazilian civil society as a sign of the Minister's inflexibility. The removal came right after the publicization of an open letter, asking for the continuation of the policies that were adopted or were under discussion during the government of Lula. Minister Ana de Hollanda has criticized the proposal for copyright reform, which would, among of things, introduce important exceptions and limitations in Brazilian law.

And now this:

Cadeia para quem compartilhar sua rede de banda larga de internet wi-fi com os vizinhos, compartilhar músicas pelo bluetooth do aparelho celular ou usar softwares para desbloquear mídias de DVDs e assisti-las no computador. É isso o que pode acontecer caso seja aprovado na Câmara o Projeto de Lei 84/99 (conhecido como PL Azeredo) que tramita em caráter de urgência e pode ser votado a partir da terça-feira.

...

O PL é bastante polêmico ao limitar a disseminação de informações na rede. A proposta trata de crimes cibernéticos e criminaliza práticas comuns de internautas como digitalizar e guardar suas músicas num MP3 player ou computador – mesmo que o consumidor tenha passado para computador as músicas de um CD que comprou.

“Além disso, seria considerado criminoso o consumidor que compartilhasse com seus vizinhos seu acesso à internet através de redes Wi-Fi ou que utilizasse plenamente serviços de voz sobre IP na rede, como o Skype”, diz Varella.

[Google Translate: Jail for those who share your network's broadband wi-fi with neighbors, share music by bluetooth from mobile phone or use software to unlock media from DVDs and watch them on your computer. That's what can happen if the House approved the bill 84/99 (known as Azeredo PL) which is being processed on an urgent basis and may be voted from Tuesday.

...

The bill is controversial enough to limit the dissemination of information on the network. The proposal deals with cyber crime and criminalizes ordinary Internet users to scan and store your music on an MP3 player or computer - even if the consumer has gone to computer music from a CD you bought.

"In addition, the consumer would be considered criminal to share with your neighbors access the Internet via Wi-Fi or make full use of voice over IP network, such as Skype," says Varella.]

Although this kind of stuff is becoming standard for copyright maximalists to demand from governments around the world, it's particularly sad to see Brazil regress in this way. It emphasises that freedom can never be taken for granted, and must be fought for continuously.

Follow me @glynmoody on Twitter and identi.ca, or on Google+

It's Good to Share

The passing of the Digital Economy Act remains one of the worst blots on the British political system in recent years. As anyone who had the misfortune to witness the final hours of the previous government, the way in which the act was pushed through Parliament by a handful of (mostly) indifferent politicians (with a few honourable exceptions - step forward, Tom Watson...) was a real slap in the face of the British public - and democracy.

We've always known that Peter Mandelson was the driving force behind the legislation, but we now have some of the appalling details of how and why it happened thanks to excellent work by Phil Bradley using the WhatDotheyKnow.com website to submit Freedom of Information requests on the subject. Basically, the whole public consultation being conducted at the time was a cynical sham, since Mandelson had already made up his mind, and wanted to move on to disconnection of alleged filesharers immediately.

Since there are now two excellent analyses of the documents released, one on TorrentFreak, and one on Mark's Musings", I won't repeat the exercise here - I'll just urge you to visit those sites and experience the full arrogant high-handedness of the Dark Lord.

However, I'd like to mention two positive aspects of this sorry tale.

First, the importance of sharing information gleaned through FoI requests. The ability to find out what really happened is great, but not much use unless people can see it and build on it. The WhatDotheyKnow site allows just that.

Secondly, it's great to see yet another fine post from Mark Goodge, who writes the blog "Mark's Musings. I've only just come across this, and I'm impressed by the depth of analysis he offers on a range of subjects that are dear to my heart - for example, this fine discussion of the Meltwater judgment.

Not that I can always fully agree with his viewpoint. For example, as a follow-up to the Mandelson post mentioned above, he has written one called "A balanced approach to copyright", with a list of "things that have to be accepted". Mostly good stuff, but inevitably the following sticks in my craw:

Intellectual property rights do have a solid justification for their existence. It’s their implementation which is the issue.

Well, no - more details to follow later this week.

Still, it's great to have Mark as another voice exploring these key issues for the digital world with such intelligence. It's good to share...*roughly* the same general viewpoint.

Follow me @glynmoody on Twitter and identi.ca, or on Google+

30 July 2011

Revolutions

On the first LP I ever owned was Tchaikovsky's Serenade, Ravel's Bolero and Smetana's "Bartered Bride" Overture. It was soon joined by many more vinyl discs, but the problem of storing these 12" leviathans soon became a limiting factor. Things grew rapidly worse when I discovered the wonderful if even bulkier Vox Boxes, with their irresistible promise of "complete X", where X might be Bach flute sonatas or Mozart piano variations.

Fortunately, as the floor of my flat was in serious danger of ceding under the weight of hundreds of boxes and LPs, the CD came along. For reasons that escape me, my first CD was Virgil Thomson's "The Plow that broke the Plains", but this was soon joined by hundreds and then thousands of others.

Once again storage - and organisation - became a crucial issue, and once again, I was saved by technology, this time in the shape of the MP3 file. I bought one of the earliest MP3 players, the Diamond RIO PMP300. This came with a massive 32Mbytes of RAM, allowing up to an hour of listening (albeit at lower quality).

It was an important moment not just for me, but also for the industry, as Wikipedia explains:

On October 8, 1998, the American recording industry group, the Recording Industry Association of America, filed an application for a Temporary Restraining Order to prevent the sale of the Rio player in the Central District Court of California, claiming the player violated the 1992 Audio Home Recording Act.

Judge Andrea Collins issued the temporary order on October 16, but required the RIAA to post a $500,000 bond that would be used to compensate Diamond for damages incurred in the delay if Diamond eventually prevailed in court. Diamond then announced that it would temporarily delay shipment of the Rio.

On October 26, Judge Collins denied the RIAA's application. After the lawsuit ended, Diamond sold 200,000 players.

This was one of the earliest attempts by the RIAA to derail the future of music, and luckily on this occasion it lost.

Of course, once music became digital, Moore's Law ensured that things kept on scaling. Silicon storage capacities went up, and prices went down, until today I have dozens of Gbytes of MP3 files of music stored on various media.

And yet I rarely listen to them, because streaming in the shape of Spotify came along a couple of years ago. Although I understand the issues about not owning the music you listen to, I'm lucky enough to have vast amounts of the music that is most important to me available in multiple backup formats - LPs, CDs and MP3s. If Spotify disappears tomorrow - say, as a result of being destroyed by a patent troll - I can just go back to listening to these. In addition, I feel increasingly guilty about owning anything in a depleted world drowning in stuff, so streaming seems like a good idea anyway.

It's of course regrettable that Spotify isn't open source, but it has certainly taken my experience of listening to music to a new level. The ability to leave the complete works of Mozart, say, running in the background for days, or to hear the same movement of a Beethoven symphony played by 35 different orchestras has never been so easy; both change how you regard well-loved pieces because they provide new contexts that allow you to listen to them more deeply.

Moreover, Spotify gives me the unprecedented capability of listening to something - now matter how obscure (well, almost) - the moment I come across even the merest reference to it. It really is like having practically all music instantly on tap, anywhere there is an Internet connection.

As such, it's a foretaste of how things will soon be for all digital artefacts, when every text, image, sound and video ever created will be just as instantly and effortlessly available. The only thing standing between us and that amazing, mind-expanding world of digital abundance is an 18th-century law that replaced earlier censorship with a framework for the "encouragement of learning" in an age of analogue scarcity. Once anachronistic copyright has been abolished, my journey from LPs through CDs and MP3s will be complete, and the ultimate knowledge revolution can begin.

Follow me @glynmoody on Twitter or identi.ca, Google+

Mozilla's Next Firefox Moment?

Last year, there was a lot of handwringing about Firefox's continuing loss of market share. This was only by relatively small amounts, but people wondered whether Firefox had peaked and was in trouble.

On The H Open.