Is not just hackers, its leaking as well

I have suggested in two blog articles, that the should the UK’s security services build their proposed internet surveillance system, that it will be accessed illegally by the well resourced and technically savvy, and legally by those that can afford the lawyers, mainly big business or the sensitive libel litigators. There is well proven precedent that laws designed for a narrow purpose will bleed into broader areas.

We already have example of the Norwich Pharmacal case, where HMRC were subpoenaed to release records to a party in a civil case. This has bled from intellectual property to other cases. It should be noted that giving HMRC the facts they require is mandatory. It’s this bleeding of law from its original purpose to others that often makes the worse law.

The inland revenue refused point blank to take on the Child Support Agency’s collection duties and also fought tooth and nail to keep its data private from the CSA. They felt that many men would tell the truth to them, but seek to avoid co-operating with the CSA; inter-agency co-operation would in their eyes make their duties more difficult; they’d loose co-operation of many of taxpayers.

The decennial Census is mandatory. The privacy guarantee is that neither individual returns nor micro-sets that allow the identification of individuals will be published, yet this was run by Lockheed Martin, an organisation subject to Patriot Act supervision?

The establishment of the Criminal Records Bureau (CRB) has also created another luge, from the specific to the general. It was created to ensure that staff in schools criminal records were known. It is now used for parent volunteers and it is becoming common place for large employers to ask for a criminal records check before offering work. The CRB won’t release their data to organisations with no child protection roles without the permission of data subject, so guess what the options are if you want or need the job.

(That’d be quite a good caveat, no non law enforcement organisations can access the snoopers database without permission of the data subjects, but we need to change RIPA, since very large number of organisations can issue.)

This is all an interesting contrast as private (i.e. legally confidential) data is made available to the interested, but public data is being privatised.

Actually the Tories seem conflicted, their manifesto promises and early actions suggest they’d like to live with and act on the view that public data should be made available to allow the crowd-sourcing of innovation using the data, such as TFL and the train locations, enabling the private sector to create jobs and income on the back of a public sunk investment. They were persuaded that the public or the taxpayer as they like to see it had already paid for the data. However, the cutting of the Universities funding system weakens the public claim on the research output of these institutions; enabling the enclosure of this research by the academic publishers.

Alec Muffett has performed a sterling service in a bunch of articles at Crypticide, including reviewing the evidence presented to Parliament to pointing out that at the time, the Home Office consider Facebook and Twitter to be UK ISPs and seem to plan to require them to retain message data, not message header data for 12 months.

As a penultimate point, someone called Derek, writes and explains how the technology works. His article is quite simple and so a good point to start; he explores the ease of adoption of encryption technology, which is quite useful, but this is why the Home Office asked questions in their consultation as to how and if encryption technology should be restricted.

My final comment is that the recent hacking of Twitter and the NYT is further proof that the growing amount of literature that “brute force” attacks on password systems are getting cheaper and cheaper is right; at least if you are a state actor. To keep a site secure, you have to do everything right, to hack it, they need to have forgotten or been cheap once. …

Sea Lawyering

A couple of years ago, Simon Phipps, introduced me to the idea that any system contains its own counter system, which he describes as a game. In an article I am writing, I summarise this as,

any rule set, inspires its own games

Simon explores this in his Webmink Articles,  The Sentinel Principle and more effectively in The Open by Rule Benchmark.

He also explores the feasibility of realistically building “fair use” interpreters in an article on his Computer World blog, Fair Use Robots? Science Fiction!

In this last article he talks about “Quantifying Discretion”. The difficulty in building systems to undertake this work is based on the fact that at the edge of consideration, its exceptionally difficult, and that it may be that these decisions are not best amenable to a Wisdom of Crowds or the application of machine intelligence. They are best taken by trained and experienced and independent individuals, or Judges as we might call them, although we have usually chosen to ensure that a jury of peers is involved in our courts.

  …

Code is not Property: Official!

Wired reports that, three days ago,  the US 2nd Circuit Court of Appeal has declared that code is not property and cannot therefore be stolen; there is no intent to deprive the owner of the object’s use. They also ruled that the perpetrator, there is no doubt that the code was removed from Goldman Sachs network, could not be prosecuted under the US Economic Espionage Act since the code in question was not used in commerce. I don’t actually know what the code did, but we can be sure that it was used in commerce, or it was a regulatory compliance program. If it didn’t have one of these two purposes, Goldman Sachs wouldn’t be doing it, and wouldn’t have wanted to keep it secret.

Does this mean that only traded software can be the object of the espionage act? If so I am not sure this is where we want to be.

Part of Goldman Sachs’ problem is that they wanted to keep the code secret and there are many reasons to want to do so. However patent and copyright protection require the intellectual property owner to publish their ideas, or the expression of their ideas. Another part of the problem is that people wanted to see Aleynikov go to prison and breach of employee confidentiality wasn’t sufficient to get him there.

As techdirt.com reports in their article,

Still, the overall ruling here is good, though it could have been more complete.

I wonder if there will be further appeals, but it’s an important stake in the ground. Copyright infringement is not theft.

This was also covered at engadget.com. …

I wanna be in the ICE, by the Serious Organised Crimes Agency

The UK’s Serious Organised Crime Agency, part of the UK’s small national police force and a Home Office QUANGO, undertook a US Government style raid on the web site of rnbxclusive.com, which was reported by Techdirt in an article called “UK Now Seizing Music Blogs (With American Domains) Over Copy Right Claims”. The most startling part of this, for Brits, is the amazing splash screen factoids that greeted visitors to the site, which among other things states that the people behind the site have been arrested under suspicion of fraud, they know who you are (or more accurately, who your ISP is), the penalties for conspiracy to commit fraud and the quote below. The most startling part of this for Yanks and their law enforcement officers is that a foreign law enforcement agency can take down a .com i.e. a US site.

Glyn Moody in a an article called “Serious Organised Crime Agency Takes Down Music Site”, after talking to SOCA states that SOCA are pursuing enquiries to prove, to the point of arrest, that some, their notice said most, of the sound tracks previously available had been obtained pre-release by hacking. This is a crime under UK law and the copyright owners and licensees deserve the protection of the law, as the accused deserve a fair trial.

Arstechnia also comments in an article, entitled “Police: download a file, go to jail for 10 years and pay an “unlimited fine”. They clearly examine the notice and deconstruct the lies and disinformation. The notice includes statements about theft and the economic impact of the downloaders actions. i.e.

“As a result of illegal downloads young, emerging artists may have had their careers damaged. If you have illegally downloaded music from this site, you will have damaged the future of the music industry.”

It’s a disgrace that a law enforcement agency is publishing the BPI’s propaganda. The interests of a copyright licensors and the interests of artists are not synonymous!

Why are the police using our taxes to fund such bullshit? Why use British taxes to fund a free advert pointing at an american registered web site for so-called legal music? How much would that cost on google?

Innocent until proven guilty means that even the most egregious, industrial scale pirates are innocent until proven guilty.

Others have made the point that this notice may well prejudice any trial. I am also informed that the scary spyware doesn’t work with Mac or Chrome. Also IP addresses are private data under UK and European law, the use of the program code that displays the IP address requires a number of compliance actions. Perhaps I’ll check if SOCA registered this use of private data under the Data Protection Act. …