Friday, 27 March 2009

Of geeks and men

Matron just returned from a few days in Athens where she attended the inaugural WebSci'09 conference. For the blissfully ignorant, web science is the latest project of WWW Godfather Tim Berners-Lee and the newly made up Dame Prof. Wendy Hall (yes, this really is the correct title, there's nothing like a dame, as we all know). A few years ago, they got together to create the Web Science Research Initiative (WSRI - apparently pronounced Woozri according to Dame Wendy) with a view to bring several research areas together to form a new academic discipline.

Matron was warned before she travelled that she would meet some hardcore geeks there. Real geeks that is, not like the ones she normally meets who are actually interested in things like law and policy and society and stuff. And indeed, the place was packed to the rafters with creatures who quite clearly may not be able to survive in bright sunlight. But very interesting it was too.

Now, Matron is not sure herself if "a new new discipline was born" in Athens as Dame Wendy apparently claimed during her closing address (Matron could be wrong about the attribution of that statement as by then she was already back in her hotel room, all conferenced out). But the interdisciplinary opportunities are certainly worth pursuing.

What was almost touching, though, was the way in which the hardcore geeks were going about discovering as "new" a number of subjects (privacy for a start) that have been discussed by social scientists, Internet lawyers et al. for more than a decade. Apparently, "web science" is all about the way in which the existence of the web affects society as a whole, as individuals live more and more of their life online. Matron wants to be neither patronising nor scathing, but it seems to her that that particular wheel may already have been invented. Or at the very least been designed in some detail. Nonetheless, the more the merrier. And as the general consensus among tech lawyers and social scientists seems to be that we need computer scientist to think about the issues close to our hearts ab initio, that is when they first inventi new technologies rather than as an afterthought (see, for example, in the area of privacy-enhancing technologies), any cross-fertilisation between disciplines has to be a good thing. So here's to the success of the project - plus Athens certainly was a very nice place to wet the babies head.

Sunday, 15 March 2009

Geeks of the world, rejoice!

On a much more cheerful note, Matron was very happy to see that the announcement for this year's GikII conference finally went up this week. For the uninitiated, GikII is a conference on the intersections between law, technology and popular culture. It is now in it's forth year and very rightly so, as it is - in the oft quoted words of a regular attendee - "like a normal conference, just without the boring papers".

It has become so popular in the legal geek community that it will also be transported to the Southern Hemisphere this summer: SoGikII will take place ("in a beach hut in Sydney" according to some of its organisers) on 9 June. What's not to love about that prospect? Matron, who has not been able to find the small pot of gold at the end of the rainbow that it would take to fly her to Oz and back is very, very jealous of those who will attend. But then the fact that Northern GikII will take place in trendy Amsterdam this year (17/18 September) is some compensation.

So, in the words of GikII co-founder panGloss, get your geek on and respond to the Call for Papers for either Holland or Australia. The only rule is that "you must not be boring", because, Toto, this ain't Kansas!

The hour draweth nigh...

Matron just looked at the calendar and noticed that today is the day when all EU member states must have fully implemented the Data Retention Directive into domestic law - "fully" in this context meaning transposition for internet data as well as for telephony data.

The UK has not yet made that deadline although transposition is probably imminent following the recent publication of the government's response to the relevant consultation (see Matron's previous post on the issue). The good news is that other countries are also still dragging their feet, many of them having waited for the recent ECJ decision in relation to the Ireland challenge (again, see Matron's previous rant on the decision) before deciding whether they should implement the Directive at all, given it's dubious human right credentials.

What with all the excitement, Matron isn't quite sure whether to be pleased or disappointed at a piece of news she picked up at a conference in Salzburg last month, namely that the Austrian government, so far a stern resister of data retention, has now invited the Ludwig Bolzmann Institute for Human Rights in Vienna under the leadership of Prof. Hannes Tretter to draft the Austrian law concerning the implementation of the directive. Now, Matron has had the good fortune to participate in a seminar hosted by Prof Tretter last year, and he did not seem to her to be the kind of chap who would take the human rights issues arising from these measures lightly. On the other hand, the fact that the Austrian government does now seriously consider transposition seems a bit of a drawback for civil rights campaigners.

In a press release (in German), the Institute confirms that it is itself doubtful about the compatibility of the directive with human rights and that it expects further legal actions to be brought in the future, both before the ECJ and the ECtHR. However, in view of the fact that these actions could take years to be resolved and that the member states' obligation to implement the directive continues to exist in the meantime, the Institute is restricted to pursuing a course of damage limitation while, at the same time, considering the potential consequences, both in domestic and EU law, of transposing a legal measure that may violate human rights.

So there may be a smidgen of light at the end of the tunnel, but it remains a very long tunnel!

Friday, 13 March 2009

Should some pigs be more equal than others?

The Guardian, among others, reports today that the BBC programme makers might have been breaching the Computer Misuse Act 1990 when they bought themselves a botnet on the internet as part of a programme showing how easy it is for criminals to use those botnets for sending spam or carrying out distributed denial of service attacks.

Well, duh! Of course it is. As Struan Robertson, editor of out-law.com and legal director at solicitors Pinsent Masons explains, never mind the newly revised section 3 offence of "unauthorised access with intent to impair" (which is apparently what security firm Sophos wants to charge the BBC with). Using computers that form part of a botnet to send e-mails or website access requests without the owners' knowledge or consent is likely to fulfill the criteria of a plain-vanilla section 1 offence of unauthorised access. Section 1 requires no mens rea in excess of the knowledge that the access is unauthorised, knowledge which - presumably - the BBC hacks will have had.

But wait a minute, the BBC did it to do good, not bad. Apparently,

"...following its demonstration, it warned users that their PCs had been compromised, and it had closed down the botnet.

If the users pay attention and secure their PCs, they should be better off than if the BBC had not become involved."

That's alright then, case closed, all is well. Robertson again:

"The maximum penalty for this offence is two years' imprisonment. But it is very unlikely that any prosecution will follow because the BBC's actions probably caused no harm. On the contrary, it probably did prompt many people to improve their security."

Hmm, that's all well and good and Matron is the last person to deny that there should maybe be room in the world for a bit of "benevolent" or "ethical" hacking. However, historically, the courts have taken a dim view of such arguments, most notably in the US, where Robert Lyttle, a member of hacker group The Deceptive Duo was jailed for four months in 2005 after he was convicted of hacking a number of US government websites , allegedly with the intention of highlighting security failures. OK, the fact that his partner-in-crime, Benjamin Stark, was also convicted of online credit card fraud makes pleas that they acted in the interest of online security, patriotism and world peace sound a wee bit hollow.

But the fact remains that hackers the world over have been been on notice for years, most notably since the adoption of the Cybercrime Convention, that the intention with with they gain unauthorised access to someone else's computer is neither here nor there. Which means, presumably, that the integrity of the computer system itself is seen as the protected good here and not a woolly notion of some abstract good or evil that will be achieved by hacking the system (a point, incidentally, which was made beautifully in a completely different context by the German Constitutional Court last year, when it created the new basic right of "security and confidentiality of information technology systems").

So, should we really have one law for the BBC and one for the rest of us? Matron wonders...

Wednesday, 11 March 2009

Hail the forces of light!

It is always a pleasure to agree with Tim Berners-Lee and the forces of light...

Google calling - again!

And while we're on the subject of Google, the BBC reported today that Google has become the latest provider to serve up behaviour-based advertising. Under its Adsense program, Google will serve ads based on the content of the sites users view. It will associate their browsers with certain "interest categories" based on behavioural data collected through a cookie it places in users' browsers. Cookies will be placed in the browsers of all Google and You Tube users from today unless the user opts-out. Advertisers will be able to start serving ads using the new system from April.

The move follows the publication of guidelines on behavioural advertising by the Internet Advertising Bureau which are supposed to ensure that such advertising does not breach individuals' right to privacy (see last week's report by Out-Law). Google as well as Microsoft Advertising, Yahoo! SARL and Phorm have all committed to following them. However, the guidelines have already been criticised by the good people at the Open Rights Group for the opt-out approach and the cookie technology.

"Any ‘opt out’ would be stored by a cookie. So each time a user deletes their cookies, or changes browser or machine, they have to opt out. This makes opting out a repeated procedure, such that which would make all but the most stubborn user simply give their consent. This is not how consent should work, and a system that ‘pesters’ users into opting in is in our view an illegitimate attempt to substitute acquiescence for consent, whereas nothing but consent is acceptable."

There have been lots of discussions about whether most users would prefer targeted advertising to the current "random" kind. The prospect of making - as Lilian Edwards called it at last year's GikIII conference - "every ad a wanted ad" seems tempting, but at what cost? Matron is fairly relaxed about being served with relevant advertising when using the internet. But she baulks at the mass of data that Google will collect in the process, the other purposes for which that data may be used and the people who might want to use it. If the data security breaches of the last two years have taught us anything, it is that the only way to prevent the abuse of large databases is to prevent those databases from being established in the first place.

On that note, this is how you opt-out of the Google Adsense cookie.

Can you see me now?

Matron, having long suspected that in less than ten years' time all children of this great country will be micro chipped, has pondered on more than one occasion what her own youth would have looked like if her dad had known at all times where she was (bleak is the answer to that, very bleak).

But as we all know, there will now be no need for invasive surgery due to the versatility of the GPS enabled mobile phone which is, of course, the ideal tracking device. And while we are blissfully becoming more and more dependent on the darn things, services have sprung up all over the country that allow others to track our whereabouts by triangulating our coordinates. As far as children are concerned, this has to be an almost fail safe method as no one over the age of 8 will want to be seen dead without a shiny high spec mobile device. So far, so 1984.

But at least, until now, a large number of people (including even some pesky parents) have not actually been all that aware of the tracking properties of their toys so that their potential for surveillance has not really been fully explored.

Enter the dragon, in the shape of Google Latitude, the latest offering of they who must not be evil. The service allows users to register their mobile phone number with Google, which will then track their location as they go about their daily business. Now while this may be a good things if one wants to be found after being buried by an avalanche, Matron thinks that the use Google envisages is decidedly a little creepy. Because Google wants you to use this as a social networking tool so that, as with other social networking applications, users can determine who will be able to follow their movements. Google's examples for people you may want to give that level of access to your life include the loving husband who can use it to see if his wife has left work yet (so that he knows when to start cooking dinner - very PC, if Matron may say so) and your friends who may want to check if you're in the neighbourhood at the moment, so that they can meet you for a beer.

Apart from the obvious privacy issues, Matron can't help thinking that this could make for a lot of very embarrassing incidents. It may just be her, but there are many situations where Matron does not really want to be found. Like last weekend, when she and her partner pretended to have a prior engagement to get out of having to attend a hen do. It was bad - and embarrassing enough that we then ran into the bride-to-be in a local shopping centre on the very night, but imagine that the bride could sit there and determine the location of everyone who had denied her invitation. With Google Latitude, the end of the little white lie could very well be nigh, with dire consequences for human interaction.

Of course, it could be argued, that you can always limit other people's access to the tracking function when you don't want to be found. But gosh, another thing to think about before leaving the house, when Matron is already at an age where she needs to check three times if she turned the gas off? Also, never mind that this could be a stalkers dream, there is such a thing as social pressure. If this takes off, not only will your "friends" bully you into allowing them access - so will your mother. Or, later in life, possibly your boss.

This scenario was not lost on a group of MPs who, according to The Register signed an Early Day Motion on Monday expressing their concern about the new service. Of course, early day motions being what they are, nothing will come of this. So, would it be presumptuous for Matron to suggest that this may be one the Information Commissioner should take a closer look at?

Tuesday, 10 March 2009

Just because we can - must we ?

After a fairly unproductive day (the reasons for which will become clear presently) Matron feels another rant of a technophobic nature coming on. The trigger is Twitter, apparently the latest craze in online communication sweeping the globe.

Now, Matron has so far resisted tweeting, largely - as her friends will confirm - because she is physically incapable of saying anything in 140 characters. But today her boss attended the FT Digital Media Conference (which was Twitter streamed, apparently) and suggested that the same should be done during an upcoming event that Matron co-organises.

Twittering an event - Matron has learned - means that the conference delegates post live tweets even as they listen to what the speakers have to say. Highly sophisticated and immensely useful for non-attendees, for sure, but Matron, who is a frequent speaker at conferences herself and already fights homicidal urges when she has to talk to a line-up of laptops while their owners are checking their e-mails, can't help thinking that we are loosing some valuable social skills in the process. Like the ability to show someone a minimum amount of professional courtesy.

But in order to be able to comment on an informed basis, Matron duly succumbed and today opened a Twitter account. Not to tweet, never fear, but see what it's all about by following the tweets of the ubiquitous Stephen Fry, famous technophile-in-chief, who probably did more to promote the service than even the site's owners.

Now, Matron is a great fan of Mr Fry, who is and always has been the thinking woman's crumpet. She likes his books, his films and TV series (including - much to her partner's chagrin -the fabulous QI), his readings of the Harry Potter books, which help her go to sleep every night, and his long rambling blessays (blog-essays) about nothing much in particular. So, by all accounts there could be worse impositions than reading his Twitter timeline. And fairly amusing it was too. It turns out that Stephen Fry is currently in New York after having spend a few weeks in Mexico to film. Just over an hour ago he has taken receipt of his new Kindle e-book reader, about which he is very excited and no doubt he will treat his followers to a detailed description and review of his latest gadget before the day is out.

Because he is Stephen Fry, he now has more than half a million of them (followers, that is, not e-book readers, although Matron won't vouch for the latter, given his level of geekness), all of whom presumably join Matron in her admiration of the man and like the fact that he shares so much about his daily life with them. He even regularly responds to their tweets making this a two-way conversation of a kind that ordinary humans do not often get the chance to have with a bona-fide celebrity.

But let us consider two points: first, in the case of lesser mortals (i.e. almost all people who are not Stephen Fry or Barack Obama), what is the point of much of the mindless drivel some people put on there? Matron can see the allure for your average extrovert of announcing to the world that they spent their Sunday afternoon putting up shelves, but who, in the name of Merlin, wants to read about it?

Secondly, and much as it pains her to admit it, it can't be much fun to actually BE AROUND Stephen Fry in the flesh when he is in one of his Twittering moods. Matron imagines it a bit like having lunch with the high octane city banker (a dying species, of course, but hey) who - instead of talking to his lunch date - constantly makes mobile phone calls to other people. "That's what the OFF button is there for, mate!"

Of course, like blogging, Twitter can be enourmously useful for distributing information around the globe in next to no time at all. It is well known that the plane crash landing in the Hudson River was first reported on Twitter. Citizen journalism at its best which, as was said at the FT Digital Media Conference apparently, it could render news organisations wholly redundant.

It can also be a force for good, again personified by Mr Fry, who blacked out his Twitter picture in support of the New Zealand Internet Blackout organised in protest against the notice and disconnection laws for the purpose of enforcing copyright infringments recently adopted by the New Zealand government.

So, Matron does not so much object to the technology and the way it is used per se, but to the effect it has on the life of the average twittering individual. In particular, she objects to the time-wasting properties of this and most other "killer apps". In the two hours she spent virtually following Mr. Fry across two continents, what else could she have done? Write that overdue learned article for a start. Or go out for a walk in that rare-as-hens-teeth English sunshine. Or call the friends that she vowed she would definitely call this week, or else. But she hasn't. Instead she was glued to the screen for yet a few hours more (and, of course, it is not lost on her that she has now wasted another hour or so with this rant) without really achieving all that much. Apart from teenagers, students and silver surfers, who has that sort of time?

During Matron's misspent youth, in the pre-modern, feminist world of the 1980s, the - only half-joking - answer to the question "Why do men pee standing up?" would be "Because they can!"

But just because we can - must we?

To good to be true?

A, so far unconfirmed, rumour is doing the rounds that the Ministry of Justice is about to drop the data-sharing provisions contained in the Coroners and Justice Bill.

The Register and the Telegraph both quote "a spokesman" for Jack Straw and even the ICO's website links to an article on the Yahoo news page. With so much coverage it's bound to be true, but Matron is with Simon Davies of Privacy International on this one. The leopard may be temporarily licking its wounds but it is unlikely to change its spots. So it will probably only be a matter of time until the data-sharing provisions reappear in a different form - possibly slightly more intelligently drafted.

But as Dumbledore remarks to Harry Potter when the latter voices his frustration over the fact that he may have only delayed, rather than prevented, Lord Voldemort's return to power:

"It will merely take someone else who is prepared to fight what seems a loosing battle next time - and if he is delayed again, and again, why, he may never return to power."

And on that note Matron recommends the excellent dissection of the Bill prepared by the worthy folks at PI as a little light bedtime reading in preparation for the next battle. Right on, right on!