Wednesday, 16 November 2016

Mark Zuckerberg Is in Denial - New York Times

Mark Zuckerberg Is in Denial - The New York Times: "Only Facebook has the data that can exactly reveal how fake news, hoaxes and misinformation spread, how much there is of it, who creates and who reads it, and how much influence it may have. Unfortunately, Facebook exercises complete control over access to this data by independent researchers.

It’s as if tobacco companies controlled access to all medical and hospital records.

 These are not easy problems to solve, but there is a lot Facebook could do. When the company decided it wanted to reduce spam, it established a policy that limited its spread. If Facebook had the same kind of zeal about fake news, it could minimize its spread, too.

If anything, Facebook has been moving in the wrong direction.

It recently fired its (already too few) editors responsible for weeding out fake news from its trending topics section. Unsurprisingly, the section was then flooded with even more spurious articles." 'via Blog this'

Thursday, 16 June 2016

Monday, 13 June 2016

Evaluating the privacy properties of telephone metadata

Evaluating the privacy properties of telephone metadata: "Evaluating the privacy properties of telephone metadata
Jonathan Mayera,b,1, Patrick Mutchlera, and John C. Mitchella
Author Affiliations

Edited by Cynthia Dwork, Microsoft Research Silicon Valley, Mountain View, CA, and approved March 1, 2016 (received for review April 27, 2015): Transactional information is remarkably revelatory

Proc. Natl. Acad. Sci. USA 2016 113 (20) 5467-5469'via Blog this'

After Snowden, there is clear evidence of a paradigmatic shift in journalist-source relations

After Snowden, there is clear evidence of a paradigmatic shift in journalist-source relations | Comments from media industry experts: "No oversight agency revealed the MI5-MI6 rift over rendition. The Parliament’s Intelligence and Security Committee (ISC) is the main intelligence oversight body, yet in its report from February 2013, immediately before Snowden, there was no mention of GCHQ exponential move to collect data in bulk.

 It was Snowden’s leaks that revealed GCHQ has the potential for mass surveillance. Oversight bodies are reactive and, as the leading US intelligence academic Loch K Johnson observed, over time, they tend to go native with their charges." 'via Blog this'

Tuesday, 24 May 2016

Case C-582/14, Breyer – seeing the logs from the trees in privacy law: EU Law Radar

Case C-582/14, Breyer – seeing the logs from the trees in privacy law | EU Law Radar: "The Advocate General’s Opinion is not yet available in English but my unofficial translation of his conclusion reads:

1. Pursuant to Article 2(a) of the Directive, a dynamic IP address with which a user has gained access to a website from a supplier of electronic media services constitutes personal data when an internet service provider has the supplementary details which, together with the dynamic IP address, make it possible to identify the user.

2. Article 7(f) of the Directive must therefore be interpreted to mean that the aim of guaranteeing the proper working of the electronic media service can in principle be considered to be a legitimate interest that justifies the processing of the aforementioned personal data providing that that interest prevails over the interest or the fundamental rights of the person concerned. A national provision which does not allow that legitimate interest to be taken into account is incompatible with that Article." 'via Blog this'

Tuesday, 17 May 2016

How the U.S. Could Regulate Facebook - Zittrain

How the U.S. Could Regulate Facebook - The Atlantic: "Congress could also insist that certain standards had to be upheld during curation. In the early 1990s, Congress began requiring cable companies to offer a broadcast station (like the local ABC or NBC affiliate) if the signal from that station’s antenna reached a cable subscriber’s home. The courts eventually upheld this “must carry” provision because it was “content neutral”—it regulated speech without abridging the meaning or political view.

 But Zittrain said there may be an even more promising way to keep Facebook from acting against its users’ interest. In an unpublished paper that he is writing with Jack Balkin, a Constitutional law professor at Yale Law School, Zittrain recommends that certain massive repositories of user data—like Apple, Facebook, and Google—be offered a chance to declare themselves “information fiduciaries.” An information fiduciary would owe certain protections to its users, closing the “disconnect between the level of trust we place in [online services] and the level of trust in fact owed to us,” according to the paper.

The key to this idea? Facebook might opt into this regulation itself." 'via Blog this'

Friday, 13 May 2016

Facebook Needs to Grow Up

Facebook Needs to Grow Up: "Unsurprisingly, Facebook has been unwilling to increase its transparency as it increases its power. It’s not obligated to, but it would be nice for a company with the reach and ubiquity of a public institution to have a clear sense of purpose beyond sheer growth, and an explanation of how its products serve that purpose." 'via Blog this'

Wednesday, 11 May 2016

FRAND is no friend: How to make EU tech standards compatible with open source

FRAND is no friend: How to make EU tech standards compatible with open source | Ars Technica UK: "Given this fact that FRAND is simply not compatible with open source, how did it come to pass that the European Commission should put FRAND licensing at the very heart of its new ICT standardisation strategy?

 After my article about the apparent decision by the European Commission to shut open source out in this way, I managed to talk to someone senior who had been involved in the process. It took me about half an hour to get across why exactly FRAND licensing was incompatible with open source, but in the end the person I was talking to recognised that there was in fact a serious problem.

 I've also heard through other channels that people within the Commission were rather taken aback by my analysis, since they too were not aware of the huge problem the new Digital Single Market policy would represent for free software. They were under the impression that the references to supporting open source elsewhere in that policy was enough.

This overlooks the fundamental role that licensing plays in open source, and na├»vely assumes that things can somehow be tweaked to allow FRAND compatibility. But as I've described, that's simply not the case." 'via Blog this'

Swedish Radio website blocked in Russia - Radio Sweden

Swedish Radio website blocked in Russia - Radio Sweden | Sveriges Radio: "Russia has interpreted Radio Sweden's article as having been propaganda promoting suicide, forbidden under Russian law, and in a letter to Sveriges Radio's listener services, Russia's Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications,

ROSKOMNADZOR, wrote threatening to block access to Swedish Radio's website unless the article was removed. It wasn't.

Thomas Rotermund, the head of security at Swedish Radio, told Radio Sweden's Russian department that it does not appear as though the site has been widely blocked in Russia. " 'via Blog this'

Tuesday, 10 May 2016

Adblocking: advertising 'accounts for half of data used to read articles'

Adblocking: advertising 'accounts for half of data used to read articles' | Media | The Guardian: "The small-scale study looked at six unnamed “popular publishers”, both with and without an adblocker, and found that anywhere between 18% and 79% of the data downloaded was from ads.

In addition, anywhere between 6% and 68% of the downloaded data was from JavaScript, which is used to deliver more interactive elements of both editorial and advertising on pages." 'via Blog this'

Sunday, 8 May 2016

OffData: a prosumer law agency to govern big data in the public interest

I will discuss the regulation of big data. Big data has the ability to transform the regulation of the economy and the governance of society. Collection as well as processing of such data can include sensitive personal data, with as little as two matching items enabling de-anonymisation. Bulk automated data collection also infringes European laws on data protection. If regulation of big data collection and processing lags severely behind business processes, so also competition law faces existential crises dealing with big data curators. Search engines and social media platforms, amongst others, have such a huge trawl of data that they are able to “pick winners” among sectoral competitors in for instance retail and transportation, in what is becoming known as "surveillance capitalism". Governments also increasingly rely on these big data brokers to support services, compromising regulatory independence. What is needed is a more holistic regulatory framework to help govern big data in the public interest and permit users to take back individual and collective control of their data: a prosumer law agency ‘OffData’.
{See earliest Giddens, A. (1995). Surveillance and the capitalist state. In A contemporary critique of historical materialism, 2nd Edn. Houndmills, Basingstoke: Macmillan}

Tuesday, 26 April 2016

Other web browsers are available: The EC case against Google

Other web browsers are available: The EC case against Google | Competition Policy blog: "The investigation by DG Competition may want to distinguish between tying that excludes rivals from the market and tying that allows a customer to install an alternative app but where customer psychology may prevent him or her from doing so. On the surface this case appears to be the latter.

The EC may also need to consider two possible twists that make the Google case different from the earlier Microsoft case.

First, Google is likely to be dominant in both the tying and the tied market. According to the European Commission’s factsheet that accompanies the Statement of Objections, Google’s share of the search market in most Member States is 90% or more.

Microsoft, by contrast, was dominant in the tying, upstream, market but not in the tied, downstream market. Indeed, normally we would expect a vertically integrated firm that is dominant upstream to leverage that dominance into a downstream market where it isn’t dominant to foreclose competition and gain a dominant position.

If Google were found to be dominant at both levels would this make any difference to the case?" 'via Blog this'

Tuesday, 19 April 2016

Mac's musings:How risky is your IoT?

Mac's musings: "Privacy risks

Privacy risks are present everywhere where we have sensing technologies in IoT. It will often be possible to correlate the sensing with an individual’s activities.
You can expect to see this data used in unexpected ways – the court case involving FitBit data is a sign of a trend where IoT data can be used as evidence of a person’s innocence or guilt.

Mitigations could include strong encryption, ephemeral data or only maintaining statistical and aggregated data in the longer term.

Many IoT devices also have the ability to actuate and affect the physical world – so what could possibly go wrong? Human safety checks are absent when moving to automation in IoT. We will need to design with safety in mind as everyday domestic objects become known killers – whether automatic door openers or even something as mundane as a venetian blind.

Picking up the theme of care for the elderly in their homes, again from a previous blog, we also start to see the need for resilience in our IoT designs. A particularly dangerous episode for many elderly people is a power outage – from the heating stopping, to lack of lighting, leading to increased risk of falls or other accidents.

Resilient IoT design

A resilient IoT design would include several hours of protected power supply for the sensors and router; backup communications using 3G as the ADSL or cable modem may not be available to access the internet (fixed line telecoms operators are required to have the phone service available during a power outage, not the broadband); and the ability to act independently of internet servers to raise alarms, so that operations are maintained when there are network and server failures or DDOS attacks on the infrastructure.

To build an IoT we trust we must first learn to handle the risks. Importantly, while showing damages in privacy cases has proven hard, the rise in citizens injured by devices will rapidly lead to product liability cases." 'via Blog this'

Monday, 18 April 2016

Prof. Patrick Dunleavy - The Republic of Blogs (5)

After a long period of monopolising academic discourse, European universities went into decline as classical scholasticism, which was primarily inward and backward looking, gave way to the ideas of Enlightenment. Intellectual development moved outside the walled gardens of academia, because enlightenment thinkers shifted their various discourses into the realm of correspondence, creating a Republic of Letters. Prof. Dunleavy argues that we are currently experiencing a similar shift towards a Republic of Blogs that enlarges communication, debate and evidence beyond the halls of universities. Academic research is changing, academic publishing is moving towards a new paradigm of advancing ideas outside the confines of the traditional academic publishing model. Orthodox journals will soon be understood as tombstones: end of debate certificates. In particular:

Micro-blogging is not only replacing traditional news media, but becoming a tool for finding and disseminating ideas and research (active research surveillance) Well edited blogs are becoming core communication tools and vehicles for HE debate; while the less traditional format encourages a writing style that invites debate from academics and lay persons alike, thus cutting across ranks, locations and academic status. Working papers and online journals are now key, immediately accessible evidence and theory/methods development sources.More details available here:

Digital Single market plans published - EC interoperability agenda for 2017 onwards

DSM package of 18 April, contains 4 Communications (Standardisation, Cloud, IoT and eGovernment Action Plan). All these will setup the agenda for months to come.
On Standards it will specifically refer to the new Priority ICT standardisation Plan to which we have contributed and introduce an EU catalogue for Standards. There will also be a link to the revision of the European Interoperability Framework (EIF) which has just gone out for consultation. 
On Cloud, the focus is on the creation of a European Science Cloud, on high investments to create exascale infrastructures and also on the free flow of data initiative (FFDI). The FFDI inception report should be published any day now and the impact assessment together with the legislative proposal should be published end of November. 
The copyright reform is ongoing, with the legislative proposal now expected in October 2016 (previsouly June 2016). For now, another public consultation has been launched, covering the anciallary copyright and freedom of panorama (deadline 15 June).

On cybersecurity, we have replied to the public consultation which closed in March and have also sent a letter to the relevant EC representatives (both docs are in our Library). For now, that the GDPR and NIS were agreed, the discussion is all around blockchain and virtual currencies, with the EP being in the process of adopting an own initiative report (led by ECON committee) with their key points on the topic. A public consultation on the ePrivacy Directive is about to open every day now. ENISA is now focusing on the transposition of the NIS Directive providing guidelines to Member States. On GDPR, several means to assess its impact have been put in place at national level.

Wednesday, 13 April 2016

EU Internet Forum against terrorist content and hate speech online

EU Internet Forum against terrorist content and hate speech online: Document pool - EDRi: "What is the EU Internet Forum?

According to the European Commission, the IT-Forum’s mission is to “counter terrorist content and hate speech online”. It brings together almost exclusively US Internet companies (such as Microsoft, Facebook, Twitter, Google and, government officials and law enforcement agencies.

 While it is certainly important to address and prosecute illegal online activity, it is worrying that the EU Commission proposes yet again an initiative to encourage Internet companies to take “voluntary” actions in response to a very diverse range of possibly illegal or unwanted online activity.

As shown through numerous examples in the UK or France, such voluntary measures often come with collateral damage and have a negative impact on the freedom of expression." 'via Blog this'

Tuesday, 5 April 2016

ICANN analyzed by Karl Auerbach (then-Board Member)

ICANN Interview - Karl Auerbach Board Member: "As for Verisign - wow, ICANN and NTIA have been like Santa Claus and the Easter Bunny to Verisign. It was utterly outrageous how ICANN let its outside attorney give all of those gifts to Verisign in at least three distinct contracts. As I said on the phone, Verisign's negotiating team is so good at negotiating the pants off of ICANN and NTIA that we ought to send 'em to the Middle East to work out a peace settlement. It is amazing how ICANN and NTIA transformed Verisign's job to maintain .com, .net, and .org into permanent ownership. It's as if the US National Park service were to give the entire Grand Canyon to the company that was hired to run the hotel.

 It is outrageous that the users of the internet are being required to give up their privacy because a few trademark owners are too cheap to use the legal system. And those "law enforcement" folks at the FTC and elsewhere are trying to do an end-run around the 4th amendment by getting ICANN to violate people's privacy rather than them doing their jobs and getting a subpoena.

 Indeed whois is Megan's Law in reverse. Unlike Megan's law that publishes information about predators to the potential victims, the whois publishes the potential victims to the predators. I have my own TLD, .ewe, that is a business that will never be because ICANN, as a combination in restraint of trade, won't let me into the only viable marketplace to try my idea and risk my money. In .ewe I would use public key based certificates to represent domain name ownership. Because those could be traded without my knowledge there is no way that .ewe could present a Whois. Folks who want to complain about a web provider or spammer ought to use the IP address information, not the DNS whois. The IP information is far more likely to be accurate and lead to a real person who can lay hands on the accused computer." 'via Blog this'

Wednesday, 30 March 2016

Minister Ed Vaizey oral evidence - The Digital Economy - 22 Mar 2016

Oral evidence - The Digital Economy - 22 Mar 2016: "I am not going to say that I want Apple or Google broken up.

What I would say is that I do think—funnily enough, what I said to the Commissioner—that it is perfectly valid for the Commission to be looking at platforms regulation as part of the digital single market. There is an issue, and my personal starting point is, how do we protect the consumer? How do we ensure that I as an Apple customer can move, should I decide to become a Samsung customer?

I want regulation in place that makes it as easy possible for me to move my data from one of those companies to another. I want it to be as easy as possible to leave Facebook to join whatever emerging social media company may be going. If I have spent five years on Facebook accumulating photos and posts, I want to move to a system—I am not saying this will happen overnight—where you can change your social media or technology provider as easily as you might in theory change your telephone provider."'via Blog this'

Friday, 11 March 2016

For better or for worse? The Commission and its ‘better regulation’ agenda

For better or for worse? The Commission and its ‘better regulation’ agenda | Consumer Corner: [BEUC] "But are we supposed to be reassured? The deal was negotiated without any involvement of the data protection authorities, let alone public interest organisations, and the Commission was under pressure from many, including US, business interests, not to interfere with data flowing across the Atlantic. The Commission has already held meetings with business representatives to inform them of the details of the new agreement, but the actual texts are still not available publically.

Even more worrying is that this Privacy Shield does not solve the underlying problem: the EU and US have fundamentally different and therefore incompatible approaches to personal data protection.

The Commission is showing some worrying signs.

In trying to appease voices critical of its policies, it is giving up on some of its core responsibilities. What the Commission calls ‘better’ regulation should not come at any cost. And certainly not at the expense of fundamental rights or of consumer protection." 'via Blog this'

Thursday, 3 March 2016

Facebook hit by German competition probe -

Facebook hit by German competition probe - "The Bundeskartellamt said that Facebook collected large amounts of personal user data from various sources. “To access the social network, users must first agree to the company's collection and use of their data by accepting the terms of service,” it said. However, it “is difficult for users to understand and assess the scope of the agreement accepted by them”.
It said there was “considerable doubt” as to whether such a procedure was admissible under national data protection laws. “If there is a connection between such an infringement and market dominance, this could also constitute an abusive practice under competition law.” 

Facebook said: “We are confident that we comply with the law and we look forward to working with the Federal Cartel Office to answer their questions.” 

Tech industry sources said Facebook had been blindsided by the German move.
The Bundeskartellamt said it was launching the proceeding in close contact with data protection officers, consumer protection associations as well as the European Commission and the competition authorities of other EU member states. It will target the company’s Irish subsidiary and its German operation." 'via Blog this'

Tuesday, 1 March 2016

Apple’s “Code = Speech” Mistake

Apple’s “Code = Speech” Mistake:

"The right question to ask is whether the government’s regulation of a particular kind of code (just like regulations of spending, or speaking, or writing) threatens the values of free expression. Some regulations of code will undoubtedly implicate the First Amendment. Regulations of the expressive outputs of code, like the content of websites or video games, have already been recognized by the Supreme Court as justifying full First Amendment treatment.

It’s also important to recognize that as we do more and more things with code, there will be more ways that the government can threaten dissent, art, self-government, and the pursuit of knowledge." 'via Blog this'

Is the City worth it? Financial regulation by John Kay

Is the City worth it? | Prospect Magazine: "The resentment of earnings in finance is stoked by a well-founded combination of doubts about its utility, and a recognition that the global financial crisis revealed that many people in the finance sector were not, even within their own frame of reference, very good at their jobs.

 All inequality is to some degree socially corrosive, but inequality which seems unconnected to deserts is particularly corrosive. The most disturbing downside of the global success of the City of London is the corrupting effect on society at large of a depreciation of ordinary morality and human values. The ethical standards associated with parts of the finance sector have been deplorable." 'via Blog this'