July 2018 - cypherpunks-legacy

<nettime> Response to "Academe Is Complicit" essay
by Lincoln Cushing 06 Jul '18

06 Jul '18

Nettime colleagues: I was forwarded Timothy Burke's provocative piece through the Progressive Librarians Guild (I've been a member for over ten years). I'm replying with an adaptation of something I wrote following another essay examining Aaron Swartz's death. While Mr. Swartz's death was tragic, his persecution by the US Attorney General's office heavyhanded, and many of the information liberation positions he espoused noble, I was struck by the criticism in Burke's essay leveled at JSTOR. JSTOR has become a veritable punching bag of the "Free Culture Movement." Noted professor Larry Lessig takes a whack at them in his video lecture appropriately titled "What's wrong with JSTOR": <http://www.uomatters.com/2011/07/larry-lessig-on-whats-wrong-with-jst or.html> In it, he bushwhacks a scholar for explaining her empty office bookshelves by saying that "Everything I needed is on the Internet now." Lessig's meanspirited point was that from the academic's perspective - namely working at an institution with well-endowed electronic journal site licenses - she was both privileged and correct. Alas, for the rest of us poor slobs in the real world her statement isn't true. Evil content aggregators like JSTOR have gobbled up all the good stuff. But wait - Lessig's argument only works within the narrow definition of online access. I'm certainly no fan of JSTOR. I, like all of you, have stumbled across tasty citations to works on Google, only to be zapped with the unwelcome news that I'd have to pay to see it. But JSTOR does provide a service. Their arrangements are not exclusive. You want to go to your local university library and scan an article from 1975? Go ahead, the free JSTOR citation tells you exactly what to look for. Sure, the original research may well have been paid for by public funds, but that does not mean that somehow it should magically appear for free on the Web. There are real costs to doing this work, and unless The State is willing to do it (and I would argue they should), corporations will step in. Public domain does not mean free access, just the potential for it. I'm sure there are other aspects of JSTOR that are problematic (apparently their executives each made over $250,000 in 2009, but I'm not paying their salary). I am hopeful that examinations of the circumstances surrounding the Swartz tragedy can lead to discussing and developing a clearer analysis of the real problems facing our field. For example, I see the insidious expansion of photo aggregators like Corbis and Getty One being much more dangerous than JSTOR. Those folks are truly buying up our culture, and it scares me. Burke raises the complicity of academe in the privatization of knowledge. I ask - what have any of us actually done to make information available to the public? Much of my own work as an activist archivist involves digitization of analog content and sharing it with the world. I shoot posters, which is not easy, and I've built and paid for a custom studio for doing that. I've helped mount thousands of social justice poster images on the Web. But I don't post high-resolution images. I, and the institutions I work with, feel that those images deserve some protection from corporate appropriation without compensation. Thanks you, Creative Commons. By withholding free access to the ultimate goody, the 60 megabyte image file, am I a traitor to the "Free Culture Movement"? I certainly hope not. Yours for democratic knowledge, Lincoln Cushing www.docspopuii.org Documents for the Public # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mx.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: nettime(a)kein.org ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [liberationtech] Privacy, data protection questions
by Rich Kulawiec 06 Jul '18

06 Jul '18

On Mon, Mar 25, 2013 at 10:57:10AM -0700, Brian Conley wrote: > Mostly I'm taking issue with your nonconstructive demeanor. Clearly you have no idea how I write when I'm being "nonconstructive". ;-) Think equal proportions Kingsfield[1], Vader, Snape. Season to taste with HST and Mencken, serve at full boil. > I've not seen you take the Guardian Project to task for trying to > solve some of the same problems. I've not seen you take Tor project or > Whisper Systems to task. (a) There aren't enough hours in the day to provide extensive (security or other) critiques of everything that comes across here. And there are other people whose expertise in certain areas dwarfs mine, so until/unless I close the gap, I'll defer to them. Also I think I should occasionally STFU and listen. So I respond on-list when I feel that I have something useful to say, *usually* (but not always) when I think that has applicability beyond the particular topic-of-the-moment. Hence my comments in re Silent Circle, which are far more about the inherent insecurity of closed source software than about the specifics of Silent Circle itself -- most of which I didn't pay any attention to because I think they're irrelevant. And speaking of applicability beyond the topic-of-the-moment: (b) If you read my message carefully you'll notice that I did in fact explicitly point out that while I was using this particular project as an example, it's by no means the only one facing the exact same issue. "Building a secure smartphone app" is presently equivalent to "trying to put the roof on a house whose foundation is sinking into quicksand and whose main floor is on fire". So what "constructive" thing could I possibly say? The entire smartphone ecosystem is rotten to the core: the OS vendors care far more about advertising than privacy and security [2]. Well, and they care a lot about paying attorneys so that they can all sue each other. [3] The app markets are loaded with malware, spyware, adware, and crap. And more crap. Also: still more crap. Users will download and run any shiny thing they see, doubly so if it purports to enhance their "social experience" -- much to the delight of the scammers and spammers running those operations. Telcos are happy to turn user tracking/surveillance/etc. into profit centers. Governments want every scrap of data they can get from carriers and there's now an entire subindustry for software that extracts data from locked phones. D'ya think if I asked them very nicely and politely they'd all stop? *crickets* There is NOTHING "constructive" to be done here. It's not a fixable situation at the moment or for the forseeable future. The *only* thing to do, as far as I can tell, is to stop pretending it's otherwise and stop laboring under the delusion that smartphone apps have a chance in hell of being secure in mass deployment scenarios. (c) So to re-emphasize the more general point: no smartphone apps, UNLESS you can produce a viable, workable, scalable, defensible plan to keep the phones secure in the field. Otherwise your app, whatever it does, and however nifty it is, is probably going to be undercut from the moment it's installed...or very soon thereafter, as soon as one or two governments your users are annoying decide to deploy countermeasures. (I think it's fair to say that, to a first approximation, the tempo and scale of their response will be proportional to the adoption rate and annoyance level. Thus: the better your app and the more people that use it, the sooner you should expect the backlash.) And they don't *have* to crack your app if they 0wn the phones it runs on. (I sure wouldn't. Too much work. Very tedious. Better to just hijack the phone, install a keystroke logger et.al., and compromise *all* the apps.) (d) I don't think you [generic you] can come up with that plan (above) and execute it. I think you have no shot whatsoever. But if you want to take a crack at proving me wrong: be my guest. I will be very surprised but happy if you succeed. I may even buy you beers. Good beers. (e) I *know* this is real unhappy news. Sorry. I didn't write the cruddy smartphone software. I didn't write the malware. I didn't create the situation. I'm just pointing it out. And yes, I know it would be much nicer to just go on creating app after app and rolling them out and pretending this problem doesn't exist, but ermmm...I think far more unpleasant things than mere words on a screen will happen if lots of people start betting their freedom and/or their lives on the security of their smartphones/apps. (f) And on that point ("pretending"), let me share with you one of the most valuable pieces of guidance that I've ever read. I have it printed out and taped above where I'm working right now. I think for many of the projects and initiatives discussed here, it's terrific advice. So even if you think my analysis here isn't worth a load of fetid dingo's kidneys, well, at least there's this: "The first step is to measure whatever can be easily measured. That is okay as far as it goes. The second step is to disregard that which can't be measured or give it an arbitrary quantitative value. This is artificial and misleading. The third step is to presume that what can't be measured easily really isn't very important. This is blindness. The fourth step is to say that what can't be easily measured doesn't exist. This is suicide." --- social scientist Daniel Yankelovich describes the "McNamara Fallacy"; quoted by Jay Harris, former publisher of the San Jose Mercury News, in a speech explaining why he resigned his post. (g) So do you wanna spend your time trying to convince me to change my writing style (hint: success probability == low) OR would you like to focus on the substance of my remarks -- because *if* I'm right, then Bad Things are going to ensue as soon as various governments figure out that exploiting smartphones is a cheap, effective and scalable tactic for undermining communication among their opponents. Morever, they will be Bad Things that are (largely) independent of the cleverness of apps and their supporting infrastructure, i.e. they're not going to be fixable by the developers. Which means years of work and piles of money spent developing OverthrowYourDictator v1.2 will be rendered moot and, worse, people running it may well face unhappy fates. This may have already happened. ---rsk [1] I suspect some of you who are younger may not get the reference. Therefore, let me introduce you to Professor Kingsfield: https://www.youtube.com/watch?v=_wOUMd3bMRI [2] For example: http://www.forbes.com/sites/alexkonrad/2013/03/23/blackberry-real-time-mark… [3] Mike Masnick has a brilliant illustration of this: https://www.techdirt.com/blog/wireless/articles/20101007/22591311328/meet-t… -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys(a)stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: "Fed's RFIDiocy pwnd at DefCon"
by Jerry Leichter 06 Jul '18

06 Jul '18

On Sep 4, 2009, at 4:24 PM, Matt Crawford wrote: >>". . . federal agents at the conference got a scare on Friday when >>they were told they might have been caught in the sights of an RFID >>reader. >> >>The reader, connected to a web camera, sniffed data from RFID- >>enabled ID cards and other documents carried by attendees in >>pockets and backpacks as they passed a table where the equipment >>was stationed in full view...." > > >I told them so... > >http://csrc.nist.gov/groups/SNS/piv/documents/FIPS201-Public-Comments/Fermi… Remember: Before it's actually happened, any discussion is just reckless speculation, rumor-mongering, or worse. After it's actually happened, it's either (a) not a real issue; (b) a major new attack that could not have been foreseen but that will be dealt with immediately by top people. Top people. -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: "Fed's RFIDiocy pwnd at DefCon"
by Jerry Leichter 06 Jul '18

06 Jul '18

On Sep 4, 2009, at 4:24 PM, Matt Crawford wrote: >>". . . federal agents at the conference got a scare on Friday when >>they were told they might have been caught in the sights of an RFID >>reader. >> >>The reader, connected to a web camera, sniffed data from RFID- >>enabled ID cards and other documents carried by attendees in >>pockets and backpacks as they passed a table where the equipment >>was stationed in full view...." > > >I told them so... > >http://csrc.nist.gov/groups/SNS/piv/documents/FIPS201-Public-Comments/Fermi… Remember: Before it's actually happened, any discussion is just reckless speculation, rumor-mongering, or worse. After it's actually happened, it's either (a) not a real issue; (b) a major new attack that could not have been foreseen but that will be dealt with immediately by top people. Top people. -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRi-gram newsletter - Number 8.23, 1 December 2010
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 8.23, 1 December 2010 ============================================================ Contents ============================================================ 1. Internet blocking - key decisions to be made by 3 February 2011 2. Data protection authorities call for a strict EU-US privacy agreement 3. The Pirate Bay founders lost their appeal in the Swedish Appeals Court 4. ICO started applying fines for Data Protection Act breaches 5. Azeri bloggers released from prison 6. Ireland: reshaping the law for the digital economy 7. Lack of net neutrality and open standards threaten the web 8. ENDItorial: EC Internal Security Strategy - My dog is a cat 9. Recommended Action 10. Recommended Reading 11. Agenda 12. About ============================================================ 1. Internet blocking - key decisions to be made by 3 February 2011 ============================================================ The legislative process on Internet blocking is about to move from almost standstill to almost completed between now and the beginning of February. In the Council of Ministers, an informal agreement is planned for the Justice Council in December, while the MEP in charge in the Parliament will present her draft report on 10 January 2011 with an informal orientation vote just three weeks later. Every civil society organisation that wants to stop web blocking and the damage that this will do for child protection must focus all available resources on the Civil Liberties Committee of the European Parliament between now and early February. Afterwards, it will be too late. The risk of damage to child protection is abundantly clear from the Working Document prepared by the MEP in charge of the dossier, Roberta Angelilli (Italy). She says: "We have to bear in mind that our priority is to eliminate these images for public access as quick as possible." The priority is not to identify the children, not to investigate the criminals, but to avoid public access via blocking, which does not even serve the purpose of stopping deliberate access. Bizarrely, Ms Angelilli also suggests that "the providers would be promptly informed about their rights to appeal against the decision". This assumes that there would be no immediate investigation - having been accused of having a website containing images of gross violations of children, the suggestion is a polite notice to the alleged criminal that he may wish to complain. In the Parliament, MEPs remain divided but the argument that blocking is a "complementary" measure, to be implemented with other measures (such as deletion and prosecution), rather than instead of them, is successful with many parliamentarians. The argument is working, despite the fact that there is no evidence of this being the case in countries that already have blocking. In the Council, Germany and Romania are fighting hard for blocking to remain optional for Member States. However France and Italy (coincidentally, countries that also have blocking for gambling and intellectual property) are campaigning for obligatory blocking with what one negotiator described as "missionary fervour". Most countries are remaining silent on the issue, meaning that they are passively having blocking imposed on them by the larger countries. The only large country to remain silent is Poland, and this silence will be crucial for the success of mandatory blocking, if it is maintained. In the Council, the current negotiating text reads as follows: "2. Where the removal of webpages containing or disseminating child pornography is not possible within a reasonable time, Member States shall take the necessary measures, including through non-legislative measures, to ensure that the blocking of access to webpages containing or disseminating child pornography is possible towards the Internet users in their territory. The blocking of access shall be subject to adequate safeguards, in particular to ensure that the blocking, taking into account technical characteristics, is limited to what is necessary, that users are informed of the reasons for the blocking and that content providers, as far as possible, are informed of the possibility of challenging it." This text raises three interesting points. Firstly, blocking through non-legislative measures has already been described as illegal by the European Commission in the impact assessment it prepared to accompany the proposals. In that text, the Commission assessed extra-judicial blocking as follows: "More problematic may be the compliance with the requirement that the interference in this fundamental right must be "prescribed by law", which implies that a valid legal basis in domestic law must exist" (page 30) before coming to the conclusion that "such measures must indeed be subject to law, or they are illegal" (page 37). The illegality of this approach is quite clear from the European Convention on Human Rights, which states that "the exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary." The second interesting point refers to the last lines of the draft text. It suggests that a legal obligation is necessary for Member States to take the step of contacting the alleged criminals, accused of publishing pictures of children being abused on the Internet, and politely informing them that their page has been blocked and giving them the opportunity to complain, if they so wish. The final point is that Member States should do what they consider necessary, which means that, strictly speaking, this text places no obligations on anyone. Its only real purpose is to give Member States an excuse to introduce blocking, even via "self-regulatory" measures that are in breach of the European Convention on Human Rights and the Commission's own assessment of the legality of the measure. The civil society in Poland is pushing hard to demand that the government have the courage to take a position. EDRi-member the Panoptykon Foundation, along with representatives of the Kidprotect Foundation, the Modern Poland Foundation, the Foundation for Free and Open Source Software and the Interactive Advertising Bureau Poland appealed to the Prime Minister to ensure that Polish representation to the European Council takes a critical stance on the Child Exploitation Directive. In their appeal, the groups demanded proper action against the abuse, rather than the childish act of placing its hands before its eyes in the hope that the monsters would disappear. Illegal content must be removed and not hidden by the creation of a censorship infrastructure. Working document - Roberta Angelilli, Rapporteur - Proposal for a Directive of the European Parliament and of the Council on combating the sexual abuse, sexual exploitation of children and child pornography http://www.edri.org/files/angelilli_wd.pdf Proposal for a Directive of the European Parliament and of the Council on combating the sexual abuse, sexual exploitation of children and child pornography, repealing Framework Decision 2004/68/JHA http://www.europarl.europa.eu/meetdocs/2009_2014/documents/com/com_com%2820… "Impact assessment": Accompanying document to the Proposal for a Council Framework Decision on combating the sexual abuse, sexual exploitation of children and child pornography, repealing Framework Decision 2004/68/JHA http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52009SC0355:EN:… Commission official explains the Commission's research (7.09.2010) http://www.youtube.com/watch?v=EpFpoXIdRQc Cybercriminals thank Commissioner Malmstrvm http://www.cybercriminalsociety.eu/index.php We are writing to the Prime Minister: Do not to block the Internet! (only in Polish, 30.11.2010) http://www.panoptykon.org/content/piszemy-do-premiera-nie-dla-blokowania-in… Civil Society Appeal (only in Polish, 29.11.2010) http://panoptykon.org/sites/default/files/Panoptykon_List%20do%20premiera%2… Council draft negotiating text (26.11.2010) http://www.statewatch.org/news/2010/nov/eu-council-sexual-exploitation-1695… (contribution by Joe McNamee - EDRi) ============================================================ 2. Data protection authorities call for a strict EU-US privacy agreement ============================================================ As the European Commission prepares to conclude a deal with the US on the protection of personal data exchanged in police and criminal justice cooperation matters, the European privacy watchdogs call for a strict and clear privacy agreement. Article 29 Data Protection Working Party (WP) sent a letter on 18 November 2010 to the three European main institutions (Council, Commission and Parliament) expressing its concerns for not having been consulted on the development of the discussion within the Council and European Parliament over the draft negotiation mandate presented by the European Commission on 25 May 2010, voicing certain concerns and giving its recommendations. Referring to the agreement as "an umbrella agreement" that should cover all existing and future deals between the EU and the US and any other state as well as between EU member states, the WP emphasizes the fact that it should comply with the EU data protection framework including the Charter of Human Rights. WP recommends that the agreement be widely applicable for a "coherent and high level of data protection" and a clear purpose limitation be imposed. "This means the agreement should be applicable to all transfers of personal data to prevent, detect, investigate and prosecute serious transnational crime and terrorist acts. This purpose should be clearly defined by the agreement, preferably including a definition of 'law enforcement purposes'". In the WP's opinion, a national security exception for the transfer of data concerning "essential national security interests and specific intelligence activities in the field of national security" should not be considered. Furthermore, the WP urges the Commission to obtain the retroactive application of the future agreement to cover "all existing multilateral and bilateral agreements between the EU and/or its Member States and the US, unless the current level of data protection is higher than the level of protection offered by the EU-US general agreement." A maximum 3-year transition period could be acceptable. Having in view the privacy issues raised by the TFTP II Agreement (so called SWIFT) allowing the US to obtain access to information on international bank transfers, the WP stresses the need for data protection safeguards in the future agreement, including "full, effective and enforceable rights for all individuals, including both administrative and judicial redress, and limitations to bulk transfers." On 24 November, LIBE (Civil Liberties, Justice and Home Affairs) Committee of the European Parliament Chairman also sent a letter to the EU Council on the future EU-US agreement regarding the protection of personal data that are transferred and processed in the framework of police and judicial cooperation in criminal matters. The letter reiterates the support of the European Parliament for the data protection agreement draft mandate and reminds the urgent need of such an agreement between the EU and US that should cover personal data exchanges as well as an "early start to negotiations on enforceable data protection rights" in compliance with the EU Charter of Fundamental Rights and EU Data Protection Directive. LIBE held on 25 October 2010 a public hearing on Data Protection in a Transatlantic Perspective - Future EU-US data protection agreement in the framework of police and judicial cooperation in criminal matters - with MEP Sophia In't Veld as chairperson. While the US Ambassador to the EU assured that the US believed both parties had to "safeguard their citizens' security to the same degree to which they protect their liberties" and there was "no need to sacrifice privacy for security", he showed concern that the proposed mandate might "jeopardize the several hundred treaties, agreements, conventions, and arrangements underpinning every facet of Europe's and the United States' robust cooperation in justice and law enforcement" and believed that a retrospective application of the mandate would create "confusion among the law enforcement and legal authorities." One of the most important interventions was that of Mr Rotenberg's from EPIC (Electronic Privacy Information Center) who pointed out that in the US, personal data is often "used for inappropriate purposes, there is no transparency and rights are violated". In his opinion, the US data protection laws should be amended. The Privacy Act of 1974, which refers to the collection of personal data by the US federal agencies, does not include non-US citizens or non lawful permanent residents. Also the Patriot Act "has reduced the privacy standards for US and non-US citizens limiting at the same time the power of the courts' authority in the matter." Rotenberg considers that the data protection agreement could bring global benefits influencing other countries in adopting stronger privacy acts to protect the transfer of personal data. Dr. Patrick Breyer from the German Working Group on Data Retention was very firm in stating that the transfer of personal data to the US created the risk of a violation of human rights and that no agreement could eliminate that risk. However, an international agreement with the US could improve the present situation if applied "exclusively to the information sharing that is taking place under existing agreements, thus reducing the amount of information shared and providing for more safeguards". The negotiating mandate for the beginning of the talks between the European Commission and the US is expected to be adopted at the Justice and Home Affairs Council on 3 December 2010. Article 29 Data protection working party - Data protection authorities call for strict general privacy agreement with United States (19.11.2010) http://ec.europa.eu/justice/policies/privacy/news/docs/pr_19_11_10_en.pdf Article 29 Data protection working party Letter to Vice-President Viviane Reding Commissioner for Justice, Fundamental Rights and Citizenship European Commission on EU-US General Agreement (19.11.2010) http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/others/2010_11_19_… EP LIBE - Future EU-US data protection agreement in the framework of police and judicial cooperation in criminal matters (25/10/2010) http://www.statewatch.org/news/2010/nov/ep-report-on-eu-usa-data-transfer-h… Letter of the Committee of Civil Liberties, Justice and Home Affairs Chairman on the future EU-US agreement on the protection of personal data to Stefaan De Clerck of the EU Council (24.11.2010) http://www.statewatch.org/news/2010/nov/ep-libe-eu-usa-agreement-letter-to-… ============================================================ 3. The Pirate Bay founders lost their appeal in the Swedish Appeals Court ============================================================ Peter Sunde, Carl Lundstrvm and Fredrik Neij, who, in April 2009, were found guilty of copyright infringement through their file-sharing website, The Pirate Bay (TPB), have recently lost their appeal in Svea Court of Appeal. Although the court has decided to reduce their imprisonment sentence of one year to 8, 4 and 10 months respectively, it has however increased their individual fines from about 3,45 million Euro to about 5 million Euro each. A separate hearing will take place later for the forth TPB founder, Gottfrid Svartholm Warg who was ill and could not take part in the proceedings with the other three men. Rick Falkvinge, leader of the Swedish Pirate Party, considers the trial was politically-motivated and believes that: "The copyright laws have strayed so far from the public's perception of justice that copyright cannot survive without drastic reform. In such a reform, there is no place for today's copyright industry." La Quadrature du Net called the decision "both absurd and unfair. It illustrates how an obsolete copyright law and its indiscriminate application are harmful to society as a whole." Christian Engstrom, member of the European Parliament for the Pirate Party has told Deutsche Welle that the ruling only proved that the influence corporations have on the Swedish coursts is too large.. "The lawyers for the record companies are friends with the judges, both in the lower court and in the appeals court. They belong to the same societies for copyright, which is a lobby organization for copyright lawyers. This corruption unfortunately leads to the fact that you can't get a fair trial in copyright-related issues in Sweden today," he said. He also expressed his concern as to the damage this kind of ruling might do to the Internet. "It's potentially very damaging to the Internet as a whole that the providers of infrastructure can't know if they will be held liable for what other people do." Obviously, the music industry welcomed the ruling. "Today's judgement confirms the illegality of The Pirate Bay and the seriousness of the crimes of those involved." was the statement of the International Federation of the Phonographic Industry's CEO Fances Moore. The court had found that TPB "has facilitated illegal file sharing in a way that results in criminal liability for those who run the service." However, Pirate Bay facilitates the exchange of so-called Bit Torrent data but only provides the links to content that is already available online. "This decision amounts to condemning a library catalogue instead of the author of some infringing content or activity" underlined La Quadrature du Net. The defendants had claimed they could not be liable for the material exchanged via their site, because the copyrighted material was not stored on its servers and there was no actual exchange of files. But the prosecution argued that, through TPB, the four men encouraged the infringement of copyrights. Sunde said on Twitter that the case would now go to the Swedish Supreme Court. Pirate Bay verdict: Three operators lose appeal- Prison sentences reduced but fines jacked up (26.11.2010) http://www.theregister.co.uk/2010/11/26/pirate_bay_appeal_verdict/ Swedish court turns down Pirate Bay appeal (26.11.2010) http://www.dw-world.de/dw/article/0,,6271356,00.html The Pirate Bay Decision, or the Political Persecution of Sharing (29.11.2010) http://www.laquadrature.net/en/the-pirate-bay-decision-or-the-political-per… Pirate Bay appeal failure spawns more DoS attacks - Revenge of Anonymous (29.11.2010) http://www.theregister.co.uk/2010/11/29/pirate_bay_revenge_ddos/ EDRi-gram: The Pirate Bay founders considered guilty by the first Swedish court (22.04.2009) http://www.edri.org/edri-gram/number7.8/the-pirate-bay-court-decision ============================================================ 4. ICO started applying fines for Data Protection Act breaches ============================================================ After having received increased powers in April 2010, the UK Data protection authority (Information Commissioner Office - ICO) has recently used these powers to fine an organisation and a local authority for having breached the Data Protection Act. Hertfordshire County Council has been fined with about 120 000 Euro for the fact that its employees sent highly sensitive information by fax to the wrong recipients twice, once in June to a member of the public instead of a barrister and the second time, 13 days later, to the office of an unconnected barrister instead of the Watford County Court. "The Commissioner ruled that a monetary penalty of 100,000 pounds was appropriate, given that the Council's procedures failed to stop two serious breaches taking place where access to the data could have caused substantial damage and distress," was the ICO's statement. The Commissioner considered that the council did not take the necessary measures to reduce the risk of another incident, after the first one. Employment services company A4e was also fined with about 72 000 Euro for having given a laptop with the unencrypted personal information of 24 000 people to an employee to take home. The laptop was stolen from the employee's home and there was an unsuccessful attempt to access the information. The information included individuals' names, dates of birth, postcodes, employment status, income level, information about alleged criminal activity and whether an individual had been a victim of violence. ICO is also concerned about Google's collection of personal data with its Street View vehicles. Initially, ICO considered it was unlikely that Google had gathered too much information through its service but after it was revealed that the company had gathered entire emails, user names and passwords by mistake, ICO decided to make an audit of "Google's internal privacy structure, privacy training programs and its system of privacy reviews for new products." "It is a significant achievement to have an undertaking from a major multinational corporation like Google Inc. that extends to its global policies and not just its UK activities. We will be keeping a close watch on the progress Google makes and will follow up with an extensive audit," stated The Information Commissioner Christopher Graham. Others are sceptic regarding ICO's influence on Google. "The Information Commissioner is ineffective and is widely held in contempt," said Ross Anderson, a professor of computer science at Cambridge University who believes that the Information Commissioner is not feared by the companies he is supposed to regulate." Mr. Anderson places more hope in the German authorities which, in his opinion, " will have much more influence, and indeed Google now does its privacy research in Munich. (...) They know that if they can sell their privacy policies there, they will work everywhere else." ICO issues first ever data protection fines (24.11.2010) http://www.out-law.com//default.aspx?page=11569 Google allows ICO to check privacy practices (22.11.2010) http://www.out-law.com//default.aspx?page=11563 Google's agreement to delete British WiFi data does not impress experts (22.11.2010) http://www.dw-world.de/dw/article/0,,6256109,00.html EDRi-gram: Google admits it was gathering passwords and emails via StreetView (3.11.2010) http://www.edri.org/edrigram/number8.21/street-view-collects-emails ============================================================ 5. Azeri bloggers released from prison ============================================================ After a long and continuous pressure from several civil society groups and European international organisations such as the European Parliament, the Presidency of the European Union, the Parliamentary Assembly of the Council of Europe (PACE), the Organization for Security and Cooperation in Europe (OSCE), Human Rights Watch and Reporters Without Borders, the US President Barack Obama and Secretary of State Hilary Clinton, the two Azeri bloggers arrested in 2009 on false pretences of hooliganism, have been finally released from prison. A Baku court released Emin Milli on 18 November 2010, one day after his friend Adnan Hajizade's release. The court however did not release them on account of their innocence; it just suspended the rest of their sentence (14 months out of the entire 30 and 24 months sentence respectively). The decision was welcomed by Reporters Without Borders which, however, expressed its disappointment for the fact that the bloggers had not been cleared. "We nonetheless regret that his conviction has not been quashed as we have always insisted that he was arrested for exercising the right to free expression and was jailed on grotesque charges after a sham trial. The vigilance must not let up and the campaigning must continue in order to protect him from any kind of harassment or intimidation by the authorities and to obtain the release of Milli and Fatullayev," stated the organisation. After his release, Hajizade reaffirmed his innocence and said he would remain in Azerbaijan and continue his blogging. "I am not guilty and will demand full rehabilitation. Freedom is my right," he said. Adnan Hajizade and Emin Milli's lawyers have submitted their case to the European Court of Human Rights hoping to overturn their conviction and be declared innocent. On this occasion, pressure for all sides continues for the release of newspaper editor Eynulla Fatullayev who has been imprisoned since April 2007 for his political convictions, on false pretences as well. On 22 April 2010, the European Court of Human Rights ruled that the journalist had been illegally detained and asked for his immediate release. The Azeri supreme court partially complied with the European Court ruling by rejecting his conviction on charges of terrorism and inciting hatred. Yet, the court still retained the earlier conviction on charges of tax fraud and possession of heroin. Blogger Emin Milli freed in his turn (only in French, 19.11.2010) http://fr.rsf.org/azerbaidjan-le-blogueur-adnan-hadjizade-18-11-2010,38840.… Azerbaijan: 'Donkey bloggers' released (19.11.2010) http://advocacy.globalvoicesonline.org/2010/11/19/azerbaijan-donkey-blogger… Second blogger freed, one day after his colleague (19.11.2010) http://en.rsf.org/azerbaijan-blogger-released-on-parole-after-18-11-2010,38… Supreme court partially accepts European court ruling but refuses to free journalist (12.11.2010) http://en.rsf.org/azerbaidjan-in-latest-humiliation-newspaper-05-11-2010,38… EDRi-gram: Azeri bloggers appeal rejected by the Supreme Court (25.08.2010) http://www.edri.org/edrigram/number8.16/azeri-bloggers-appeal-rejected ============================================================ 6. Ireland: reshaping the law for the digital economy ============================================================ EDRi-member Digital Rights Ireland, Google and the Institute of International and European Affairs co-sponsored an event in Dublin on 19 November 2010 which presented suggestions for the reform of Irish law to promote digital innovation. Speakers were Niall O'Riordan (Google) who called for developing fair use at the Irish and European level, Kate O'Sullivan (UPC) who spoke on the topic of the difficulties faced by ISPs due to the music industry demands that they act as copyright police, Johnny Ryan (IIEA) who placed the growth of interactive media in a historical context, Nick Kelly (musician and author) who spoke about the challenges he has faced in selling music online since moving from a major label, and Darragh Doyle (Boards.ie) who discussed the problems online forums face under Irish law. Chairing the event was TJ McIntyre from Digital Rights Ireland who concluded with a presentation which called for reform of defamation law and for greater immunities to be given to intermediaries under the Irish law. Copyright and defamation law is repelling investors (26.11.2010) http://www.irishtimes.com/newspaper/finance/2010/1126/1224284166846.html Reshaping the Law for the Digital Economy - I (23.11.2010) http://www.cearta.ie/2010/11/reshaping-the-law-for-the-digital-economy-i/ Reshaping the Law for the Digital Economy - II - the liability of intermediaries (24.11.2010) http://www.cearta.ie/2010/11/reshaping-the-law-for-the-digital-economy-ii-t… (contribution by TJ McIntyre - EDRi-member Digital Rights Ireland) ============================================================ 7. Lack of net neutrality and open standards threaten the web ============================================================ "The Web is critical not merely to the digital revolution but to our continued prosperity-and even our liberty. Like democracy itself, it needs defending." This is the subtitle of a recent article of Tim Berners-Lee published in the Scientific American Magazine on 22 November 2010 where he focuses on the new threats of the current developments of the world wide web: lack of Internet neutrality, social networking, closed standards and attempts from governments to snoop on web communications. The articles titled "Long Live the Web: A Call for Continued Open Standards and Neutrality" gives the opportunity to the inventor of the WWW in 1990 to focus on the core design principles of the web and how they are endangered today by new policies from private and public actors on the Internet. Sir Tim Berners-Lee points to Internet neutrality as one of the core issues that needs to be preserved in order to allow the unhindered development of the WWW, based on its principles of universality and de-centralization. The author is clear in emphasizing why legislation is needed to protect these principles: "A neutral communications medium is the basis of a fair, competitive market economy, of democracy, and of science. Debate has risen again in the past year about whether government legislation is needed to protect net neutrality. It is. Although the Internet and Web generally thrive on lack of regulation, some basic values have to be legally preserved. " The father of the WWW also explains what the open standards are key to keep innovation at maximum in the Internet: "By 'open standards' I mean standards that can have any committed expert involved in the design, that have been widely reviewed as acceptable, that are available for free on the Web, and that are royalty-free (no need to pay) for developers and users. Open, royalty-free standards that are easy to use create the diverse richness of Web sites, from the big names such as Amazon, Craigslist and Wikipedia to obscure blogs written by adult hobbyists and to homegrown videos posted by teenagers." Sir Tim Berners-Lee also points to stupid EU legislation, such as the Hadopi law in France or the Digital Economy Bill in the UK to prove that the normative processalso needs to be under scrutiny to ensure the respect of human rights in the online environment as well: "In these cases, no due process of law protects people before they are disconnected or their sites are blocked. Given the many ways the Web is crucial to our lives and our work, disconnection is a form of deprivation of liberty. " Long Live the Web: A Call for Continued Open Standards and Neutrality (22.11.2010) http://www.scientificamerican.com/article.cfm?id=long-live-the-web Social networking is undermining the web, says web inventor (22.11.2010) http://www.out-law.com/default.aspx?page=11567 ============================================================ 8. ENDItorial: EC Internal Security Strategy - My dog is a cat ============================================================ The European Commission (EC) recently published its "Internal Security Strategy" - a wide-ranging security programme covering international crime networks, radicalisation, cybersecurity, border management and crisis/disaster management. One almost amusing element is how it included "piracy" (meaning unauthorised downloads) as a security issue. The logic is very reminiscent of the 1980s British comedy "Yes Prime Minister" where a senior civil servant explains to a colleague how to argue to stop power being put in the hands of citizens. "All cats have four legs, so does my dog. So my dog is a cat". Counterfeiting is sometimes carried out by criminal gangs, who are a security threat. Counterfeiting is an intellectual property infringement. "Piracy" is an intellectual property infringement, so "piracy" is a security threat. Meanwhile, some elements that are missing are also interesting. For example, the Strategy argues that "security should be integrated in relevant strategic partnerships" but, having accused major trading partners like the USA of failing to take action against online child abuse and international trade in abuse images, the strategy prioritises "trafficking in human beings, drugs trafficking and terrorism" for this action. Indeed, while the strategy covers, in the Commission's own words "seemingly petty crimes", the child abuse that was such a priority when tackling the symptoms via blocking, fails to get a single mention in the document. With regard to cybercrime, the Strategy suggests the creation of a "cybercrime centre" to build operational and technical capacity, working with national Computer Emergency Response Teams (CERTs) and the European Network and Information Security Agency (ENISA). The proposal to have a centralized hub for reporting of all forms of illegal material (useful for creating multiple blocking lists for Internet access providers), which was first made under the French Presidency of the EU, is made again. However, this still does not have adequate political support, so the Strategy says that this will be introduced "if appropriate". Even though no progress has been made on the Commission's proposals for an industry agreement for extra-judicial deletion of websites accused of child abuse, xenophobia or terrorism since the summer, the Strategy suggests that this will be achieved by 2011. The Commission has organised a meeting on 15 December 2010 with the industry to push its draft agreement, with a separate informal meeting the week before to discuss "outstanding issues". Communication: The EU Internal Security Strategy in Action: Five steps towards a more secure Europe (22.11.2010) http://www.statewatch.org/news/2010/nov/eu-com-internal-security-strategy-n… Draft Agreement on Notice and Takedown http://www.edri.org/files/Draft_Recommendations.pdf Joint EDRI/EuroISPA response to Commission proposal (9.07.2010) http://www.edri.org/files/090710_dialogue_NTD_illegal_content_EuroISPA-EDRI… Yes Minister http://www.youtube.com/watch?v=kpwSaiY_Ehk EDRI-gram: EDRi and EuroISPA attack EC's demands for notice and takedown (28.07.2010) http://www.edri.org/edrigram/number8.15/edri-euroispa-notice-takedown-comis… (contribution by Joe McNamee - EDRi) ============================================================ 9. Recommended Action ============================================================ Consultation on a future EU Culture programme Deadline: 15 December 2010 http://ec.europa.eu/culture/our-programmes-and-actions/doc2805_en.htm ============================================================ 10. Recommended Reading ============================================================ IViR: Moving Towards Balance - A study into duties of care on the Internet (2010) http://www.ivir.nl/publications/vaneijk/Moving_Towards_Balance.pdf OSCE FOM Preliminary report: Study of legal provisions and practices related to freedom of expression, the free flow of information and media pluralism on the Internet in the OSCE participating States. (26.11.2010) http://www.osce.org/documents/rfm/2010/11/47857_en.pdf EU Counter-Terrorism policy: EDPS calls for a systematic and consistent approach to avoid unnecessary restrictions to privacy (24.11.2010) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/… http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu… Antitrust: Commission probes allegations of antitrust violations by Google (30.11.2010) http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1624&format=H… The Kids Are Alright* - A survey of the privacy habits and preferences of teens and their parents on social networks http://safekids.com/documents/truste_survey.pdf ============================================================ 11. Agenda ============================================================ 3 December 2010, Brussels, Belgium Taking on the data retention directive http://www.dataretention2010.net/init.xhtml?event=31 15-16 December 2010, Brussels, Belgium. "Lift-off Towards Open Government" http://www.opengov2010.be/ 27-30 December 2010, Berlin, Germany 27th Chaos Communication Congress (27C3) http://events.ccc.de/congress/2010 25-28 January 2011, Brussels, Belgium The annual Conference Computers, Privacy & Data Protection CPDP 2011 European Data Protection: In Good Health? http://www.cpdpconferences.org/ 23-28 February 2011, Gosier, Guadeloupe, France ICDS 2011- 5th International Conference on Digital Society http://www.iaria.org/conferences2011/ICDS11.html 11-12 March 2011, Ankara, Turkey ICEGEG-2011- 3rd International Conference on E-Government and E-Governance http://www.icegeg.com/index.html 1 April 2011, Bielefeld, Germany Big Brother Awards Germany Nominations open until 31 Dec 2010 http://www.bigbrotherawards.de/index_html-en ============================================================ 12. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 27 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRi-gram newsletter - Number 8.23, 1 December 2010
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRi-gram biweekly newsletter about digital civil rights in Europe Number 8.23, 1 December 2010 ============================================================ Contents ============================================================ 1. Internet blocking - key decisions to be made by 3 February 2011 2. Data protection authorities call for a strict EU-US privacy agreement 3. The Pirate Bay founders lost their appeal in the Swedish Appeals Court 4. ICO started applying fines for Data Protection Act breaches 5. Azeri bloggers released from prison 6. Ireland: reshaping the law for the digital economy 7. Lack of net neutrality and open standards threaten the web 8. ENDItorial: EC Internal Security Strategy - My dog is a cat 9. Recommended Action 10. Recommended Reading 11. Agenda 12. About ============================================================ 1. Internet blocking - key decisions to be made by 3 February 2011 ============================================================ The legislative process on Internet blocking is about to move from almost standstill to almost completed between now and the beginning of February. In the Council of Ministers, an informal agreement is planned for the Justice Council in December, while the MEP in charge in the Parliament will present her draft report on 10 January 2011 with an informal orientation vote just three weeks later. Every civil society organisation that wants to stop web blocking and the damage that this will do for child protection must focus all available resources on the Civil Liberties Committee of the European Parliament between now and early February. Afterwards, it will be too late. The risk of damage to child protection is abundantly clear from the Working Document prepared by the MEP in charge of the dossier, Roberta Angelilli (Italy). She says: "We have to bear in mind that our priority is to eliminate these images for public access as quick as possible." The priority is not to identify the children, not to investigate the criminals, but to avoid public access via blocking, which does not even serve the purpose of stopping deliberate access. Bizarrely, Ms Angelilli also suggests that "the providers would be promptly informed about their rights to appeal against the decision". This assumes that there would be no immediate investigation - having been accused of having a website containing images of gross violations of children, the suggestion is a polite notice to the alleged criminal that he may wish to complain. In the Parliament, MEPs remain divided but the argument that blocking is a "complementary" measure, to be implemented with other measures (such as deletion and prosecution), rather than instead of them, is successful with many parliamentarians. The argument is working, despite the fact that there is no evidence of this being the case in countries that already have blocking. In the Council, Germany and Romania are fighting hard for blocking to remain optional for Member States. However France and Italy (coincidentally, countries that also have blocking for gambling and intellectual property) are campaigning for obligatory blocking with what one negotiator described as "missionary fervour". Most countries are remaining silent on the issue, meaning that they are passively having blocking imposed on them by the larger countries. The only large country to remain silent is Poland, and this silence will be crucial for the success of mandatory blocking, if it is maintained. In the Council, the current negotiating text reads as follows: "2. Where the removal of webpages containing or disseminating child pornography is not possible within a reasonable time, Member States shall take the necessary measures, including through non-legislative measures, to ensure that the blocking of access to webpages containing or disseminating child pornography is possible towards the Internet users in their territory. The blocking of access shall be subject to adequate safeguards, in particular to ensure that the blocking, taking into account technical characteristics, is limited to what is necessary, that users are informed of the reasons for the blocking and that content providers, as far as possible, are informed of the possibility of challenging it." This text raises three interesting points. Firstly, blocking through non-legislative measures has already been described as illegal by the European Commission in the impact assessment it prepared to accompany the proposals. In that text, the Commission assessed extra-judicial blocking as follows: "More problematic may be the compliance with the requirement that the interference in this fundamental right must be "prescribed by law", which implies that a valid legal basis in domestic law must exist" (page 30) before coming to the conclusion that "such measures must indeed be subject to law, or they are illegal" (page 37). The illegality of this approach is quite clear from the European Convention on Human Rights, which states that "the exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary." The second interesting point refers to the last lines of the draft text. It suggests that a legal obligation is necessary for Member States to take the step of contacting the alleged criminals, accused of publishing pictures of children being abused on the Internet, and politely informing them that their page has been blocked and giving them the opportunity to complain, if they so wish. The final point is that Member States should do what they consider necessary, which means that, strictly speaking, this text places no obligations on anyone. Its only real purpose is to give Member States an excuse to introduce blocking, even via "self-regulatory" measures that are in breach of the European Convention on Human Rights and the Commission's own assessment of the legality of the measure. The civil society in Poland is pushing hard to demand that the government have the courage to take a position. EDRi-member the Panoptykon Foundation, along with representatives of the Kidprotect Foundation, the Modern Poland Foundation, the Foundation for Free and Open Source Software and the Interactive Advertising Bureau Poland appealed to the Prime Minister to ensure that Polish representation to the European Council takes a critical stance on the Child Exploitation Directive. In their appeal, the groups demanded proper action against the abuse, rather than the childish act of placing its hands before its eyes in the hope that the monsters would disappear. Illegal content must be removed and not hidden by the creation of a censorship infrastructure. Working document - Roberta Angelilli, Rapporteur - Proposal for a Directive of the European Parliament and of the Council on combating the sexual abuse, sexual exploitation of children and child pornography http://www.edri.org/files/angelilli_wd.pdf Proposal for a Directive of the European Parliament and of the Council on combating the sexual abuse, sexual exploitation of children and child pornography, repealing Framework Decision 2004/68/JHA http://www.europarl.europa.eu/meetdocs/2009_2014/documents/com/com_com%2820… "Impact assessment": Accompanying document to the Proposal for a Council Framework Decision on combating the sexual abuse, sexual exploitation of children and child pornography, repealing Framework Decision 2004/68/JHA http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52009SC0355:EN:… Commission official explains the Commission's research (7.09.2010) http://www.youtube.com/watch?v=EpFpoXIdRQc Cybercriminals thank Commissioner Malmstrvm http://www.cybercriminalsociety.eu/index.php We are writing to the Prime Minister: Do not to block the Internet! (only in Polish, 30.11.2010) http://www.panoptykon.org/content/piszemy-do-premiera-nie-dla-blokowania-in… Civil Society Appeal (only in Polish, 29.11.2010) http://panoptykon.org/sites/default/files/Panoptykon_List%20do%20premiera%2… Council draft negotiating text (26.11.2010) http://www.statewatch.org/news/2010/nov/eu-council-sexual-exploitation-1695… (contribution by Joe McNamee - EDRi) ============================================================ 2. Data protection authorities call for a strict EU-US privacy agreement ============================================================ As the European Commission prepares to conclude a deal with the US on the protection of personal data exchanged in police and criminal justice cooperation matters, the European privacy watchdogs call for a strict and clear privacy agreement. Article 29 Data Protection Working Party (WP) sent a letter on 18 November 2010 to the three European main institutions (Council, Commission and Parliament) expressing its concerns for not having been consulted on the development of the discussion within the Council and European Parliament over the draft negotiation mandate presented by the European Commission on 25 May 2010, voicing certain concerns and giving its recommendations. Referring to the agreement as "an umbrella agreement" that should cover all existing and future deals between the EU and the US and any other state as well as between EU member states, the WP emphasizes the fact that it should comply with the EU data protection framework including the Charter of Human Rights. WP recommends that the agreement be widely applicable for a "coherent and high level of data protection" and a clear purpose limitation be imposed. "This means the agreement should be applicable to all transfers of personal data to prevent, detect, investigate and prosecute serious transnational crime and terrorist acts. This purpose should be clearly defined by the agreement, preferably including a definition of 'law enforcement purposes'". In the WP's opinion, a national security exception for the transfer of data concerning "essential national security interests and specific intelligence activities in the field of national security" should not be considered. Furthermore, the WP urges the Commission to obtain the retroactive application of the future agreement to cover "all existing multilateral and bilateral agreements between the EU and/or its Member States and the US, unless the current level of data protection is higher than the level of protection offered by the EU-US general agreement." A maximum 3-year transition period could be acceptable. Having in view the privacy issues raised by the TFTP II Agreement (so called SWIFT) allowing the US to obtain access to information on international bank transfers, the WP stresses the need for data protection safeguards in the future agreement, including "full, effective and enforceable rights for all individuals, including both administrative and judicial redress, and limitations to bulk transfers." On 24 November, LIBE (Civil Liberties, Justice and Home Affairs) Committee of the European Parliament Chairman also sent a letter to the EU Council on the future EU-US agreement regarding the protection of personal data that are transferred and processed in the framework of police and judicial cooperation in criminal matters. The letter reiterates the support of the European Parliament for the data protection agreement draft mandate and reminds the urgent need of such an agreement between the EU and US that should cover personal data exchanges as well as an "early start to negotiations on enforceable data protection rights" in compliance with the EU Charter of Fundamental Rights and EU Data Protection Directive. LIBE held on 25 October 2010 a public hearing on Data Protection in a Transatlantic Perspective - Future EU-US data protection agreement in the framework of police and judicial cooperation in criminal matters - with MEP Sophia In't Veld as chairperson. While the US Ambassador to the EU assured that the US believed both parties had to "safeguard their citizens' security to the same degree to which they protect their liberties" and there was "no need to sacrifice privacy for security", he showed concern that the proposed mandate might "jeopardize the several hundred treaties, agreements, conventions, and arrangements underpinning every facet of Europe's and the United States' robust cooperation in justice and law enforcement" and believed that a retrospective application of the mandate would create "confusion among the law enforcement and legal authorities." One of the most important interventions was that of Mr Rotenberg's from EPIC (Electronic Privacy Information Center) who pointed out that in the US, personal data is often "used for inappropriate purposes, there is no transparency and rights are violated". In his opinion, the US data protection laws should be amended. The Privacy Act of 1974, which refers to the collection of personal data by the US federal agencies, does not include non-US citizens or non lawful permanent residents. Also the Patriot Act "has reduced the privacy standards for US and non-US citizens limiting at the same time the power of the courts' authority in the matter." Rotenberg considers that the data protection agreement could bring global benefits influencing other countries in adopting stronger privacy acts to protect the transfer of personal data. Dr. Patrick Breyer from the German Working Group on Data Retention was very firm in stating that the transfer of personal data to the US created the risk of a violation of human rights and that no agreement could eliminate that risk. However, an international agreement with the US could improve the present situation if applied "exclusively to the information sharing that is taking place under existing agreements, thus reducing the amount of information shared and providing for more safeguards". The negotiating mandate for the beginning of the talks between the European Commission and the US is expected to be adopted at the Justice and Home Affairs Council on 3 December 2010. Article 29 Data protection working party - Data protection authorities call for strict general privacy agreement with United States (19.11.2010) http://ec.europa.eu/justice/policies/privacy/news/docs/pr_19_11_10_en.pdf Article 29 Data protection working party Letter to Vice-President Viviane Reding Commissioner for Justice, Fundamental Rights and Citizenship European Commission on EU-US General Agreement (19.11.2010) http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/others/2010_11_19_… EP LIBE - Future EU-US data protection agreement in the framework of police and judicial cooperation in criminal matters (25/10/2010) http://www.statewatch.org/news/2010/nov/ep-report-on-eu-usa-data-transfer-h… Letter of the Committee of Civil Liberties, Justice and Home Affairs Chairman on the future EU-US agreement on the protection of personal data to Stefaan De Clerck of the EU Council (24.11.2010) http://www.statewatch.org/news/2010/nov/ep-libe-eu-usa-agreement-letter-to-… ============================================================ 3. The Pirate Bay founders lost their appeal in the Swedish Appeals Court ============================================================ Peter Sunde, Carl Lundstrvm and Fredrik Neij, who, in April 2009, were found guilty of copyright infringement through their file-sharing website, The Pirate Bay (TPB), have recently lost their appeal in Svea Court of Appeal. Although the court has decided to reduce their imprisonment sentence of one year to 8, 4 and 10 months respectively, it has however increased their individual fines from about 3,45 million Euro to about 5 million Euro each. A separate hearing will take place later for the forth TPB founder, Gottfrid Svartholm Warg who was ill and could not take part in the proceedings with the other three men. Rick Falkvinge, leader of the Swedish Pirate Party, considers the trial was politically-motivated and believes that: "The copyright laws have strayed so far from the public's perception of justice that copyright cannot survive without drastic reform. In such a reform, there is no place for today's copyright industry." La Quadrature du Net called the decision "both absurd and unfair. It illustrates how an obsolete copyright law and its indiscriminate application are harmful to society as a whole." Christian Engstrom, member of the European Parliament for the Pirate Party has told Deutsche Welle that the ruling only proved that the influence corporations have on the Swedish coursts is too large.. "The lawyers for the record companies are friends with the judges, both in the lower court and in the appeals court. They belong to the same societies for copyright, which is a lobby organization for copyright lawyers. This corruption unfortunately leads to the fact that you can't get a fair trial in copyright-related issues in Sweden today," he said. He also expressed his concern as to the damage this kind of ruling might do to the Internet. "It's potentially very damaging to the Internet as a whole that the providers of infrastructure can't know if they will be held liable for what other people do." Obviously, the music industry welcomed the ruling. "Today's judgement confirms the illegality of The Pirate Bay and the seriousness of the crimes of those involved." was the statement of the International Federation of the Phonographic Industry's CEO Fances Moore. The court had found that TPB "has facilitated illegal file sharing in a way that results in criminal liability for those who run the service." However, Pirate Bay facilitates the exchange of so-called Bit Torrent data but only provides the links to content that is already available online. "This decision amounts to condemning a library catalogue instead of the author of some infringing content or activity" underlined La Quadrature du Net. The defendants had claimed they could not be liable for the material exchanged via their site, because the copyrighted material was not stored on its servers and there was no actual exchange of files. But the prosecution argued that, through TPB, the four men encouraged the infringement of copyrights. Sunde said on Twitter that the case would now go to the Swedish Supreme Court. Pirate Bay verdict: Three operators lose appeal- Prison sentences reduced but fines jacked up (26.11.2010) http://www.theregister.co.uk/2010/11/26/pirate_bay_appeal_verdict/ Swedish court turns down Pirate Bay appeal (26.11.2010) http://www.dw-world.de/dw/article/0,,6271356,00.html The Pirate Bay Decision, or the Political Persecution of Sharing (29.11.2010) http://www.laquadrature.net/en/the-pirate-bay-decision-or-the-political-per… Pirate Bay appeal failure spawns more DoS attacks - Revenge of Anonymous (29.11.2010) http://www.theregister.co.uk/2010/11/29/pirate_bay_revenge_ddos/ EDRi-gram: The Pirate Bay founders considered guilty by the first Swedish court (22.04.2009) http://www.edri.org/edri-gram/number7.8/the-pirate-bay-court-decision ============================================================ 4. ICO started applying fines for Data Protection Act breaches ============================================================ After having received increased powers in April 2010, the UK Data protection authority (Information Commissioner Office - ICO) has recently used these powers to fine an organisation and a local authority for having breached the Data Protection Act. Hertfordshire County Council has been fined with about 120 000 Euro for the fact that its employees sent highly sensitive information by fax to the wrong recipients twice, once in June to a member of the public instead of a barrister and the second time, 13 days later, to the office of an unconnected barrister instead of the Watford County Court. "The Commissioner ruled that a monetary penalty of 100,000 pounds was appropriate, given that the Council's procedures failed to stop two serious breaches taking place where access to the data could have caused substantial damage and distress," was the ICO's statement. The Commissioner considered that the council did not take the necessary measures to reduce the risk of another incident, after the first one. Employment services company A4e was also fined with about 72 000 Euro for having given a laptop with the unencrypted personal information of 24 000 people to an employee to take home. The laptop was stolen from the employee's home and there was an unsuccessful attempt to access the information. The information included individuals' names, dates of birth, postcodes, employment status, income level, information about alleged criminal activity and whether an individual had been a victim of violence. ICO is also concerned about Google's collection of personal data with its Street View vehicles. Initially, ICO considered it was unlikely that Google had gathered too much information through its service but after it was revealed that the company had gathered entire emails, user names and passwords by mistake, ICO decided to make an audit of "Google's internal privacy structure, privacy training programs and its system of privacy reviews for new products." "It is a significant achievement to have an undertaking from a major multinational corporation like Google Inc. that extends to its global policies and not just its UK activities. We will be keeping a close watch on the progress Google makes and will follow up with an extensive audit," stated The Information Commissioner Christopher Graham. Others are sceptic regarding ICO's influence on Google. "The Information Commissioner is ineffective and is widely held in contempt," said Ross Anderson, a professor of computer science at Cambridge University who believes that the Information Commissioner is not feared by the companies he is supposed to regulate." Mr. Anderson places more hope in the German authorities which, in his opinion, " will have much more influence, and indeed Google now does its privacy research in Munich. (...) They know that if they can sell their privacy policies there, they will work everywhere else." ICO issues first ever data protection fines (24.11.2010) http://www.out-law.com//default.aspx?page=11569 Google allows ICO to check privacy practices (22.11.2010) http://www.out-law.com//default.aspx?page=11563 Google's agreement to delete British WiFi data does not impress experts (22.11.2010) http://www.dw-world.de/dw/article/0,,6256109,00.html EDRi-gram: Google admits it was gathering passwords and emails via StreetView (3.11.2010) http://www.edri.org/edrigram/number8.21/street-view-collects-emails ============================================================ 5. Azeri bloggers released from prison ============================================================ After a long and continuous pressure from several civil society groups and European international organisations such as the European Parliament, the Presidency of the European Union, the Parliamentary Assembly of the Council of Europe (PACE), the Organization for Security and Cooperation in Europe (OSCE), Human Rights Watch and Reporters Without Borders, the US President Barack Obama and Secretary of State Hilary Clinton, the two Azeri bloggers arrested in 2009 on false pretences of hooliganism, have been finally released from prison. A Baku court released Emin Milli on 18 November 2010, one day after his friend Adnan Hajizade's release. The court however did not release them on account of their innocence; it just suspended the rest of their sentence (14 months out of the entire 30 and 24 months sentence respectively). The decision was welcomed by Reporters Without Borders which, however, expressed its disappointment for the fact that the bloggers had not been cleared. "We nonetheless regret that his conviction has not been quashed as we have always insisted that he was arrested for exercising the right to free expression and was jailed on grotesque charges after a sham trial. The vigilance must not let up and the campaigning must continue in order to protect him from any kind of harassment or intimidation by the authorities and to obtain the release of Milli and Fatullayev," stated the organisation. After his release, Hajizade reaffirmed his innocence and said he would remain in Azerbaijan and continue his blogging. "I am not guilty and will demand full rehabilitation. Freedom is my right," he said. Adnan Hajizade and Emin Milli's lawyers have submitted their case to the European Court of Human Rights hoping to overturn their conviction and be declared innocent. On this occasion, pressure for all sides continues for the release of newspaper editor Eynulla Fatullayev who has been imprisoned since April 2007 for his political convictions, on false pretences as well. On 22 April 2010, the European Court of Human Rights ruled that the journalist had been illegally detained and asked for his immediate release. The Azeri supreme court partially complied with the European Court ruling by rejecting his conviction on charges of terrorism and inciting hatred. Yet, the court still retained the earlier conviction on charges of tax fraud and possession of heroin. Blogger Emin Milli freed in his turn (only in French, 19.11.2010) http://fr.rsf.org/azerbaidjan-le-blogueur-adnan-hadjizade-18-11-2010,38840.… Azerbaijan: 'Donkey bloggers' released (19.11.2010) http://advocacy.globalvoicesonline.org/2010/11/19/azerbaijan-donkey-blogger… Second blogger freed, one day after his colleague (19.11.2010) http://en.rsf.org/azerbaijan-blogger-released-on-parole-after-18-11-2010,38… Supreme court partially accepts European court ruling but refuses to free journalist (12.11.2010) http://en.rsf.org/azerbaidjan-in-latest-humiliation-newspaper-05-11-2010,38… EDRi-gram: Azeri bloggers appeal rejected by the Supreme Court (25.08.2010) http://www.edri.org/edrigram/number8.16/azeri-bloggers-appeal-rejected ============================================================ 6. Ireland: reshaping the law for the digital economy ============================================================ EDRi-member Digital Rights Ireland, Google and the Institute of International and European Affairs co-sponsored an event in Dublin on 19 November 2010 which presented suggestions for the reform of Irish law to promote digital innovation. Speakers were Niall O'Riordan (Google) who called for developing fair use at the Irish and European level, Kate O'Sullivan (UPC) who spoke on the topic of the difficulties faced by ISPs due to the music industry demands that they act as copyright police, Johnny Ryan (IIEA) who placed the growth of interactive media in a historical context, Nick Kelly (musician and author) who spoke about the challenges he has faced in selling music online since moving from a major label, and Darragh Doyle (Boards.ie) who discussed the problems online forums face under Irish law. Chairing the event was TJ McIntyre from Digital Rights Ireland who concluded with a presentation which called for reform of defamation law and for greater immunities to be given to intermediaries under the Irish law. Copyright and defamation law is repelling investors (26.11.2010) http://www.irishtimes.com/newspaper/finance/2010/1126/1224284166846.html Reshaping the Law for the Digital Economy - I (23.11.2010) http://www.cearta.ie/2010/11/reshaping-the-law-for-the-digital-economy-i/ Reshaping the Law for the Digital Economy - II - the liability of intermediaries (24.11.2010) http://www.cearta.ie/2010/11/reshaping-the-law-for-the-digital-economy-ii-t… (contribution by TJ McIntyre - EDRi-member Digital Rights Ireland) ============================================================ 7. Lack of net neutrality and open standards threaten the web ============================================================ "The Web is critical not merely to the digital revolution but to our continued prosperity-and even our liberty. Like democracy itself, it needs defending." This is the subtitle of a recent article of Tim Berners-Lee published in the Scientific American Magazine on 22 November 2010 where he focuses on the new threats of the current developments of the world wide web: lack of Internet neutrality, social networking, closed standards and attempts from governments to snoop on web communications. The articles titled "Long Live the Web: A Call for Continued Open Standards and Neutrality" gives the opportunity to the inventor of the WWW in 1990 to focus on the core design principles of the web and how they are endangered today by new policies from private and public actors on the Internet. Sir Tim Berners-Lee points to Internet neutrality as one of the core issues that needs to be preserved in order to allow the unhindered development of the WWW, based on its principles of universality and de-centralization. The author is clear in emphasizing why legislation is needed to protect these principles: "A neutral communications medium is the basis of a fair, competitive market economy, of democracy, and of science. Debate has risen again in the past year about whether government legislation is needed to protect net neutrality. It is. Although the Internet and Web generally thrive on lack of regulation, some basic values have to be legally preserved. " The father of the WWW also explains what the open standards are key to keep innovation at maximum in the Internet: "By 'open standards' I mean standards that can have any committed expert involved in the design, that have been widely reviewed as acceptable, that are available for free on the Web, and that are royalty-free (no need to pay) for developers and users. Open, royalty-free standards that are easy to use create the diverse richness of Web sites, from the big names such as Amazon, Craigslist and Wikipedia to obscure blogs written by adult hobbyists and to homegrown videos posted by teenagers." Sir Tim Berners-Lee also points to stupid EU legislation, such as the Hadopi law in France or the Digital Economy Bill in the UK to prove that the normative processalso needs to be under scrutiny to ensure the respect of human rights in the online environment as well: "In these cases, no due process of law protects people before they are disconnected or their sites are blocked. Given the many ways the Web is crucial to our lives and our work, disconnection is a form of deprivation of liberty. " Long Live the Web: A Call for Continued Open Standards and Neutrality (22.11.2010) http://www.scientificamerican.com/article.cfm?id=long-live-the-web Social networking is undermining the web, says web inventor (22.11.2010) http://www.out-law.com/default.aspx?page=11567 ============================================================ 8. ENDItorial: EC Internal Security Strategy - My dog is a cat ============================================================ The European Commission (EC) recently published its "Internal Security Strategy" - a wide-ranging security programme covering international crime networks, radicalisation, cybersecurity, border management and crisis/disaster management. One almost amusing element is how it included "piracy" (meaning unauthorised downloads) as a security issue. The logic is very reminiscent of the 1980s British comedy "Yes Prime Minister" where a senior civil servant explains to a colleague how to argue to stop power being put in the hands of citizens. "All cats have four legs, so does my dog. So my dog is a cat". Counterfeiting is sometimes carried out by criminal gangs, who are a security threat. Counterfeiting is an intellectual property infringement. "Piracy" is an intellectual property infringement, so "piracy" is a security threat. Meanwhile, some elements that are missing are also interesting. For example, the Strategy argues that "security should be integrated in relevant strategic partnerships" but, having accused major trading partners like the USA of failing to take action against online child abuse and international trade in abuse images, the strategy prioritises "trafficking in human beings, drugs trafficking and terrorism" for this action. Indeed, while the strategy covers, in the Commission's own words "seemingly petty crimes", the child abuse that was such a priority when tackling the symptoms via blocking, fails to get a single mention in the document. With regard to cybercrime, the Strategy suggests the creation of a "cybercrime centre" to build operational and technical capacity, working with national Computer Emergency Response Teams (CERTs) and the European Network and Information Security Agency (ENISA). The proposal to have a centralized hub for reporting of all forms of illegal material (useful for creating multiple blocking lists for Internet access providers), which was first made under the French Presidency of the EU, is made again. However, this still does not have adequate political support, so the Strategy says that this will be introduced "if appropriate". Even though no progress has been made on the Commission's proposals for an industry agreement for extra-judicial deletion of websites accused of child abuse, xenophobia or terrorism since the summer, the Strategy suggests that this will be achieved by 2011. The Commission has organised a meeting on 15 December 2010 with the industry to push its draft agreement, with a separate informal meeting the week before to discuss "outstanding issues". Communication: The EU Internal Security Strategy in Action: Five steps towards a more secure Europe (22.11.2010) http://www.statewatch.org/news/2010/nov/eu-com-internal-security-strategy-n… Draft Agreement on Notice and Takedown http://www.edri.org/files/Draft_Recommendations.pdf Joint EDRI/EuroISPA response to Commission proposal (9.07.2010) http://www.edri.org/files/090710_dialogue_NTD_illegal_content_EuroISPA-EDRI… Yes Minister http://www.youtube.com/watch?v=kpwSaiY_Ehk EDRI-gram: EDRi and EuroISPA attack EC's demands for notice and takedown (28.07.2010) http://www.edri.org/edrigram/number8.15/edri-euroispa-notice-takedown-comis… (contribution by Joe McNamee - EDRi) ============================================================ 9. Recommended Action ============================================================ Consultation on a future EU Culture programme Deadline: 15 December 2010 http://ec.europa.eu/culture/our-programmes-and-actions/doc2805_en.htm ============================================================ 10. Recommended Reading ============================================================ IViR: Moving Towards Balance - A study into duties of care on the Internet (2010) http://www.ivir.nl/publications/vaneijk/Moving_Towards_Balance.pdf OSCE FOM Preliminary report: Study of legal provisions and practices related to freedom of expression, the free flow of information and media pluralism on the Internet in the OSCE participating States. (26.11.2010) http://www.osce.org/documents/rfm/2010/11/47857_en.pdf EU Counter-Terrorism policy: EDPS calls for a systematic and consistent approach to avoid unnecessary restrictions to privacy (24.11.2010) http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/… http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consu… Antitrust: Commission probes allegations of antitrust violations by Google (30.11.2010) http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1624&format=H… The Kids Are Alright* - A survey of the privacy habits and preferences of teens and their parents on social networks http://safekids.com/documents/truste_survey.pdf ============================================================ 11. Agenda ============================================================ 3 December 2010, Brussels, Belgium Taking on the data retention directive http://www.dataretention2010.net/init.xhtml?event=31 15-16 December 2010, Brussels, Belgium. "Lift-off Towards Open Government" http://www.opengov2010.be/ 27-30 December 2010, Berlin, Germany 27th Chaos Communication Congress (27C3) http://events.ccc.de/congress/2010 25-28 January 2011, Brussels, Belgium The annual Conference Computers, Privacy & Data Protection CPDP 2011 European Data Protection: In Good Health? http://www.cpdpconferences.org/ 23-28 February 2011, Gosier, Guadeloupe, France ICDS 2011- 5th International Conference on Digital Society http://www.iaria.org/conferences2011/ICDS11.html 11-12 March 2011, Ankara, Turkey ICEGEG-2011- 3rd International Conference on E-Government and E-Governance http://www.icegeg.com/index.html 1 April 2011, Bielefeld, Germany Big Brother Awards Germany Nominations open until 31 Dec 2010 http://www.bigbrotherawards.de/index_html-en ============================================================ 12. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 27 members based or with offices in 17 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edri/2.html - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

short-term predictions: 2014, 2017, 2022
by Kragen Javier Sitaker 06 Jul '18

06 Jul '18

The release of Meteor in April reminded me about an abandoned project of my own called Kogluktualuk, which was basically Meteor, but never implemented to any significant extent. It was kind of obvious that something like Meteor needed to exist. So I thought I would record some other predictions about things that haven't happened yet, to see if my foresight is really as good as it seems in hindsight. After all, it's easy to fool yourself into thinking about only your correct predictions, forgetting the stupid ones. So this is, like debugging, a sort of exercise in therapeutically feeling stupid. --- Two years from now, most iOS applications will be written in Cordova (formerly PhoneGap) or a successor, rather than in ObjC. This is both because JS is a much more productive language than ObjC and in order to target Android as well. Within 5 years, P2P protocols will resurge in importance. This is despite the massive move from desktop and laptop computers to handheld computers running iOS and Android and using cellphone networks. The driver will be better connectivity and crackdowns on user-generated content on centrally-operated network services like YouTube and Megaupload. When automated fabricationbthe scenario where you get your next bicycle by downloading bicycle blueprints over the network and sending them to a machine that then produces a bicycle for you without human interventionbhappens, it will not be by means of 3-D printers, which work by depositing layers of a small number of materials. Instead, it will take the form of automated assembly by robots of parts mostly made by other means, such as laser cutting, torch cutting, CNC machining, and planar printing processes. More and more communication between people will be mediated by computers. Within a few years, most of our lives will be recorded and permanently archived without our knowledge or consent. Android will continue to grow over the next three years at the expense of iOS. Apple will release at most one groundbreaking new product (like the Apple ][, Macintosh, Newton, HyperCard, NeXTStep, iMac, iPad, Lisa, iPhone, iTunes Music Store, and Macbook Air, in the next ten years. Nokia will collapse. Their Windows phones will be a failure. Solar energy will provide nearly as much marketed energy as coal by 2022. Oil production will not exceed its 2008 peak by more than 30% by 2022. Traditional oil production has peaked. Oil prices will exceed their 2008 peak at least once by 2017. US influence will wane; that is, it will be less significant in 2022 than today. China's laissez-faire copyright enforcement will become more widespread by 2017, despite US protests. Argentina will have another financial crisis by 2017, with a collapse of the peso, but not as severe as in 2001. Photovoltaic, rather than solar thermal, will still be the major form of marketed solar energy until 2022. In 2022, the rather stupid opinion that Chinese manufacturers are mere copycats will be much less widespread, held only by the occasional crank rather than, as today, garden-variety ignorant people. By 2022, Brazil will be a bigger startup hub than New York, England, Russia, Australia, or Japan, but not Silicon Valley or China. The murder rate in Argentina will be higher in 2013, 2014, and 2015 than in 2012. A generic GPU programming language will arise to replace CUDA and enable competition with NVIDIA by 2020. Photographic and audio recording evidence will be easy to fake so that human eyes can't tell the difference by 2017. Quantum computers will turn out to work, but building ones big enough to revolutionize anything will take longer than five more years. Most performance-critical code will scale up to at least 16 cores by 2017, despite doing it with explicit concurrency, such as threads and locks or message passing like Erlang and Golang, rather than implicit forms like transactional memory or APL-like array operations. Cash payment will still be common throughout the poor countries in 2022. As computerized communication, planning, and manufacturing take over the economy, companies will continue to shrink while depending on ever more custom software. The consequence is that programming will partly displace management as a core competency of running a business. China will largely shift to nuclear power generation for electricity by 2022. By 2017, desktop computers will be something like CRTs a couple of years back: used in special circumstances (gamers, say) and where money is tight, but not many places. Instead people will use laptops, phones, cloud applications, microservers, and rackmount servers. As I explained in "people, places, things. and ideas" in 1999, I see this development as profoundly prejudicial to software freedom, but it is, if anything, accelerating. Computer security will keep getting worse at least until 2017, with exponentially more software deployed on networks, almost all without the requisite knowledge to secure or audit it. This will drive OS-level sandboxing like PNaCl, but that will be only moderately effective, in large part because free operating systems will not be used much (although Linux is) so users will not be allowed to make their own computers secure, and absent that, software vendors don't have the right incentives. Self-driving cars will be a substantial minority of cars in rich countries by 2017. Assassinations will rise dramatically by 2017 as their cost falls dramatically, due to the lack of computer security, to the pervasive gathering and warehousing of previously private information, and to lower-cost killer robots. Spam and viruses will remain major problems at least until 2017. No language will replace C as the language of nearly all serious software by 2022. C lost that position around 1992, to a combination of C and C++, and since then there's been a diversity of languages in use. That will remain true. Not Scala, not JS, not Python or Ruby, will shut out the other languages like CRTs did. Mining mineral resources such as copper from existing landfills will employ tens of thousands of people by 2022, mostly illegally and in very hazardous conditions. Population growth will continue to slow until 2022. The US GDP in 2022 will not be more than 22% bigger than in 2011, measured in oil, kilowatt hours, or wheat, or probably measured in gold, at their average prices over the year. US GDP in 2011 is estimated at US$15.1 billion. Humans will not go beyond low Earth orbit, for example to geosynchronous orbit, to the moon, or to other planets, by 2022. -- To unsubscribe: http://lists.canonical.org/mailman/listinfo/kragen-tol ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

short-term predictions: 2014, 2017, 2022
by Kragen Javier Sitaker 06 Jul '18

06 Jul '18

The release of Meteor in April reminded me about an abandoned project of my own called Kogluktualuk, which was basically Meteor, but never implemented to any significant extent. It was kind of obvious that something like Meteor needed to exist. So I thought I would record some other predictions about things that haven't happened yet, to see if my foresight is really as good as it seems in hindsight. After all, it's easy to fool yourself into thinking about only your correct predictions, forgetting the stupid ones. So this is, like debugging, a sort of exercise in therapeutically feeling stupid. --- Two years from now, most iOS applications will be written in Cordova (formerly PhoneGap) or a successor, rather than in ObjC. This is both because JS is a much more productive language than ObjC and in order to target Android as well. Within 5 years, P2P protocols will resurge in importance. This is despite the massive move from desktop and laptop computers to handheld computers running iOS and Android and using cellphone networks. The driver will be better connectivity and crackdowns on user-generated content on centrally-operated network services like YouTube and Megaupload. When automated fabricationbthe scenario where you get your next bicycle by downloading bicycle blueprints over the network and sending them to a machine that then produces a bicycle for you without human interventionbhappens, it will not be by means of 3-D printers, which work by depositing layers of a small number of materials. Instead, it will take the form of automated assembly by robots of parts mostly made by other means, such as laser cutting, torch cutting, CNC machining, and planar printing processes. More and more communication between people will be mediated by computers. Within a few years, most of our lives will be recorded and permanently archived without our knowledge or consent. Android will continue to grow over the next three years at the expense of iOS. Apple will release at most one groundbreaking new product (like the Apple ][, Macintosh, Newton, HyperCard, NeXTStep, iMac, iPad, Lisa, iPhone, iTunes Music Store, and Macbook Air, in the next ten years. Nokia will collapse. Their Windows phones will be a failure. Solar energy will provide nearly as much marketed energy as coal by 2022. Oil production will not exceed its 2008 peak by more than 30% by 2022. Traditional oil production has peaked. Oil prices will exceed their 2008 peak at least once by 2017. US influence will wane; that is, it will be less significant in 2022 than today. China's laissez-faire copyright enforcement will become more widespread by 2017, despite US protests. Argentina will have another financial crisis by 2017, with a collapse of the peso, but not as severe as in 2001. Photovoltaic, rather than solar thermal, will still be the major form of marketed solar energy until 2022. In 2022, the rather stupid opinion that Chinese manufacturers are mere copycats will be much less widespread, held only by the occasional crank rather than, as today, garden-variety ignorant people. By 2022, Brazil will be a bigger startup hub than New York, England, Russia, Australia, or Japan, but not Silicon Valley or China. The murder rate in Argentina will be higher in 2013, 2014, and 2015 than in 2012. A generic GPU programming language will arise to replace CUDA and enable competition with NVIDIA by 2020. Photographic and audio recording evidence will be easy to fake so that human eyes can't tell the difference by 2017. Quantum computers will turn out to work, but building ones big enough to revolutionize anything will take longer than five more years. Most performance-critical code will scale up to at least 16 cores by 2017, despite doing it with explicit concurrency, such as threads and locks or message passing like Erlang and Golang, rather than implicit forms like transactional memory or APL-like array operations. Cash payment will still be common throughout the poor countries in 2022. As computerized communication, planning, and manufacturing take over the economy, companies will continue to shrink while depending on ever more custom software. The consequence is that programming will partly displace management as a core competency of running a business. China will largely shift to nuclear power generation for electricity by 2022. By 2017, desktop computers will be something like CRTs a couple of years back: used in special circumstances (gamers, say) and where money is tight, but not many places. Instead people will use laptops, phones, cloud applications, microservers, and rackmount servers. As I explained in "people, places, things. and ideas" in 1999, I see this development as profoundly prejudicial to software freedom, but it is, if anything, accelerating. Computer security will keep getting worse at least until 2017, with exponentially more software deployed on networks, almost all without the requisite knowledge to secure or audit it. This will drive OS-level sandboxing like PNaCl, but that will be only moderately effective, in large part because free operating systems will not be used much (although Linux is) so users will not be allowed to make their own computers secure, and absent that, software vendors don't have the right incentives. Self-driving cars will be a substantial minority of cars in rich countries by 2017. Assassinations will rise dramatically by 2017 as their cost falls dramatically, due to the lack of computer security, to the pervasive gathering and warehousing of previously private information, and to lower-cost killer robots. Spam and viruses will remain major problems at least until 2017. No language will replace C as the language of nearly all serious software by 2022. C lost that position around 1992, to a combination of C and C++, and since then there's been a diversity of languages in use. That will remain true. Not Scala, not JS, not Python or Ruby, will shut out the other languages like CRTs did. Mining mineral resources such as copper from existing landfills will employ tens of thousands of people by 2022, mostly illegally and in very hazardous conditions. Population growth will continue to slow until 2022. The US GDP in 2022 will not be more than 22% bigger than in 2011, measured in oil, kilowatt hours, or wheat, or probably measured in gold, at their average prices over the year. US GDP in 2011 is estimated at US$15.1 billion. Humans will not go beyond low Earth orbit, for example to geosynchronous orbit, to the moon, or to other planets, by 2022. -- To unsubscribe: http://lists.canonical.org/mailman/listinfo/kragen-tol ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

None
by Jim Salters 06 Jul '18

06 Jul '18

*** January/February Project Update *** Since our last update, we have launched two new projects (Business Continuity Compliance and Status Reporting, Image Quality and Usability Assurance Phase II), completed one project (Counter-Phishing Phase I), and have added two new projects to our pipeline (Better Mutual Authentication, Resiliency Maturity Model) in addition to Interoperable Verification of Check Security Features. [As a reminder, projects show up in this update only after it has a high probability of launching. We have a number of initiatives in earlier stages of development.] Our Standing Committees (SCOMs) and Special Interest Groups (SIGs) continue to provide a forum for discussion that results in networking, knowledge sharing, and action in the form of projects and workshops. If you are not yet active in one or more committees, please contact me or the committee's Managing Executive. SCOMs and SIGs are still open to non-members, however, projects are members-only. FSTC provides an action-oriented, collaborative forum for our members to address shared business opportunities and challenges through technology projects and knowledge-sharing. We view our projects as our core activity, and one of the key benefits of FSTC membership is eligibility to participate in these projects. In our efforts to keep our members and friends up-to-date on the latest developments in these active and developing initiatives, we provide our colleagues this periodic project update As always, please contact me or Zach Tumin, FSTC Executive Director, for more information. Or visit our website at http://fstc.org. Active Projects: 1. Counter-Phishing Phase I (completed Dec 2004) 2. e-Authentication: Business and Technology Proof-of-Concept (launched Oct 2004) 3. Business Continuity: Compliance and Status Reporting (launched Nov 2004) 4. Image Quality and Usability Assurance Phase II (launched Nov 2004) Projects in Formation (soliciting commitments): [coming soon] Projects in Development: 1. Interoperable Verification of Check Security Features 2. Resilience Maturity Model (RMM): Phase I 3. Better Mutual Authentication: Phase I ______________ ACTIVE PROJECTS: 1. Counter-Phishing Phase I (completed Dec 2004) http://fstc.org/projects/counter-phishing-phase-1/ FSTC has completed a first-phase initiative to address the problem of phishing and related threats in financial services, as it affects the relationship between customer and firm. In collaboration with other industry groups, the project team developed a suite of documents and tools that allowed institutions to understand the comprehensive nature of the problem, and understand the available solution options available to the industry. The project developed a detailed model of the problem, a cost/impact model, the solution space, and a survey of over 60 solution providers. In addition, the project developed a next-phase proposal draft for coordinated industry action to enable Better Mutual Authentication (described below). 12 financial institutions and over 15 technology companies participated in the initiative, and recently published the project's core findings and recommendations to the public. These documents are available from the FSTC web site (link above). A core group is currently developing a next-phase initiative in Better Mutual Authentication, which is described below, and other areas. This project originated from the Security SCOM: co-chaired by Mike McCormick of Wells Fargo, and Mike Versace of NEC. (http://fstc.org/advisory/security.cfm) ______________ 2. FSTC/GSA e-Authentication: Business and Technology Proof-of-Concept (launched Oct 2004, to complete in late March) http://fstc.org/projects/new.cfm#eauth This 5-month project is assessing the viability of the potential business opportunity that exists for financial institutions to leverage their online customer relationships and provide a federated identity-driven authentication service to government agencies, and to integrate these services into financial institutions' online applications. FSTC, jointly with the GSA's E-Authentication Initiative Project Management Office (EAI PMO), have launched a three-track project to ascertain the business model, legal framework, and technical viability of using institutions' identity credentials to permit consumers and businesses to access secure online government applications through federation. There are 7 financial institutions and 10 technology companies and other organizations participating in the project. An in-person meeting is currently scheduled for mid-March in Atlanta, hosted by Bank of America. The project should complete in late March. ______________ 3. Business Continuity: Compliance and Status Reporting (launched Dec 2004) http://fstc.org/projects/new.cfm#compliance The FSTC Business Continuity Standing Committee has launched an initiative to assist the financial industry in coming to a common understanding on the meaning of continuity regulation, prioritization of compliance related activities, and creating efficiencies in documenting regulatory compliance status. To establish a clear understanding of the regulatory environment, a list of continuity related guidance will be pulled together along with the name of the agency responsible. Each regulation will be reviewed and a clearly worded summary of the continuity requirements will be developed. Where possible the regulatory agencies will be contacted for clarification on specific points. Common themes and requirements will be documented and prioritized. The project will focus on providing straight forward interpretations of what is needed for an FI to comply with current regulations. This project is sponsored by the Business Continuity SCOM, co-chaired by Tom Hirsch of US Bank, and Damian Walch of IBM. Please contact FSTC Managing Executive Charles Wallen for more information (charles.wallen(a)fstc.org) (http://fstc.org/advisory/business_continuity/) ______________ 4. Image Quality and Usability Assurance: Phase II (launched Nov 2004) http://fstc.org/projects/new.cfm#iqa2 In Phase I, more than 20 companies, representing 2/3 of US check volume, most major vendors, and key industry associations, undertook a 90-day effort to assess the impact of poor quality check images, and defined 16 technical metrics and 4 usability levels that can be used to measure image quality and usability in a standard and interoperable way. The findings of the Phase I project team justified further development, to test these metrics in a real-world scenario, on millions of images, to determine the quantitative thresholds for the 16 metrics that will define a minimum baseline "standard" for acceptable quality images for the industry. The business objectives are to maximize efficiencies, cost savings, and ensure strong adoption of image exchange. The project will undertake a robust, "real-world" analysis and test to provide actionable specifications and direction to the industry to allow financial institutions, technology vendors, standards organizations, and other key partners to collectively implement baseline image quality and usability through industry collaboration under the FSTC umbrella. This project originates from the Check Truncation SIG (http://fstc.org/advisory/check-truncation.cfm) co-chaired by James Burroughs, Wells Fargo; Glen Ulrich, US Bank; and Ian Goodall, NCR. 7 financial institutions and 18 vendors and industry organizations are participating. ______________ PROJECTS IN DEVELOPMENT: 1. Interoperable Verification of Check Security Features (IV-CSF) As a follow-on to the recently completed Survivability of Check Security Features project (http://fstc.org/projects/csf/) this initiative will seek to develop the business and technology foundation to enable interoperable verification of check security features. As a growing number of banks offer their customers security features targeted at surviving the imaging process, interoperability becomes an important enabler. The objective of this initiative, through interoperability, is to mitigate fraud risk for all stakeholders (banks, customers, merchants, etc.) by shortening the time between a check being presented, and the check verification process, and to enable any receiver of a check to verify it as close to the point of presentment as possible. This project originates from the Check Truncation SIG (http://fstc.org/advisory/check-truncation.cfm) A whiteboard session was held January 26-27 in Tempe, AZ, hosted by Bank of America and co-hosted by JPMorgan Chase. A full draft proposal will be published to the Check Truncation SIG in the coming week to ten days, reflecting the refined objectives and deliverables that were developed in Tempe. Potential project launch is in the March/April timeframe. ______________ 2. Resilience Maturity Model (RMM): Phase I A group of FSTC member institutions and vendors met at the FSTC Technology Recovery Roundtable, hosted by US Bank on October 6th in St. Paul. At the meeting, the group defined a potential project that would develop metrics to evaluate an institution's resilience, much like the Carnegie Mellon CMM model in software development. Resilience in this context is an institution's overall business continuity, disaster recovery, and crisis management program. The business objective of the project would be to allow financial institutions to "rate" themselves and their key business partners against industry-vetted definitions and metrics, and justify investment (or not) where needed to achieve the desired level of resilience. The group met again in New York on January 13th, hosted by JPMorgan Chase, and further refined the concept with 7 of the top 10 institutions in the US represented. A proposal is currently being finalized, and will be published in the next 7-10 days to the general public. More than 8 firms have already committed to participate. If you are interested, please contact Charles Wallen, Business Continuity SCOM Managing Executive, at charles.wallen(a)fstc.org. ______________ 3. Better Mutual Authentication: Phase I As a next-phase concept coming out of the Counter-Phishing: Phase I project, the initiative will focus on establishing a blueprint for the financial industry to establish better mutual authentication between customers and financial institutions. The three components of better mutual authentication include: customer to institution, institution to customer, and email communications from the institution to customer. The objective is to create a framework that supports individual institutions' efforts, while defining a "blueprint" of requirements to ensuring a level of consistency in customer experience (if affected), leveraging customer education efforts, and establishing interoperability wherever possible and prudent. An in-person, large-institution-only meeting is currently being scheduled for mid-late-March to create the charter, objectives, and deliverables for such an initiative. More information will be available in the coming weeks under the auspices of the Security Standing Committee. ## ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://ls.fstc.org/subscriber> --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

1 0

None
by Jim Salters 06 Jul '18

06 Jul '18

*** January/February Project Update *** Since our last update, we have launched two new projects (Business Continuity Compliance and Status Reporting, Image Quality and Usability Assurance Phase II), completed one project (Counter-Phishing Phase I), and have added two new projects to our pipeline (Better Mutual Authentication, Resiliency Maturity Model) in addition to Interoperable Verification of Check Security Features. [As a reminder, projects show up in this update only after it has a high probability of launching. We have a number of initiatives in earlier stages of development.] Our Standing Committees (SCOMs) and Special Interest Groups (SIGs) continue to provide a forum for discussion that results in networking, knowledge sharing, and action in the form of projects and workshops. If you are not yet active in one or more committees, please contact me or the committee's Managing Executive. SCOMs and SIGs are still open to non-members, however, projects are members-only. FSTC provides an action-oriented, collaborative forum for our members to address shared business opportunities and challenges through technology projects and knowledge-sharing. We view our projects as our core activity, and one of the key benefits of FSTC membership is eligibility to participate in these projects. In our efforts to keep our members and friends up-to-date on the latest developments in these active and developing initiatives, we provide our colleagues this periodic project update As always, please contact me or Zach Tumin, FSTC Executive Director, for more information. Or visit our website at http://fstc.org. Active Projects: 1. Counter-Phishing Phase I (completed Dec 2004) 2. e-Authentication: Business and Technology Proof-of-Concept (launched Oct 2004) 3. Business Continuity: Compliance and Status Reporting (launched Nov 2004) 4. Image Quality and Usability Assurance Phase II (launched Nov 2004) Projects in Formation (soliciting commitments): [coming soon] Projects in Development: 1. Interoperable Verification of Check Security Features 2. Resilience Maturity Model (RMM): Phase I 3. Better Mutual Authentication: Phase I ______________ ACTIVE PROJECTS: 1. Counter-Phishing Phase I (completed Dec 2004) http://fstc.org/projects/counter-phishing-phase-1/ FSTC has completed a first-phase initiative to address the problem of phishing and related threats in financial services, as it affects the relationship between customer and firm. In collaboration with other industry groups, the project team developed a suite of documents and tools that allowed institutions to understand the comprehensive nature of the problem, and understand the available solution options available to the industry. The project developed a detailed model of the problem, a cost/impact model, the solution space, and a survey of over 60 solution providers. In addition, the project developed a next-phase proposal draft for coordinated industry action to enable Better Mutual Authentication (described below). 12 financial institutions and over 15 technology companies participated in the initiative, and recently published the project's core findings and recommendations to the public. These documents are available from the FSTC web site (link above). A core group is currently developing a next-phase initiative in Better Mutual Authentication, which is described below, and other areas. This project originated from the Security SCOM: co-chaired by Mike McCormick of Wells Fargo, and Mike Versace of NEC. (http://fstc.org/advisory/security.cfm) ______________ 2. FSTC/GSA e-Authentication: Business and Technology Proof-of-Concept (launched Oct 2004, to complete in late March) http://fstc.org/projects/new.cfm#eauth This 5-month project is assessing the viability of the potential business opportunity that exists for financial institutions to leverage their online customer relationships and provide a federated identity-driven authentication service to government agencies, and to integrate these services into financial institutions' online applications. FSTC, jointly with the GSA's E-Authentication Initiative Project Management Office (EAI PMO), have launched a three-track project to ascertain the business model, legal framework, and technical viability of using institutions' identity credentials to permit consumers and businesses to access secure online government applications through federation. There are 7 financial institutions and 10 technology companies and other organizations participating in the project. An in-person meeting is currently scheduled for mid-March in Atlanta, hosted by Bank of America. The project should complete in late March. ______________ 3. Business Continuity: Compliance and Status Reporting (launched Dec 2004) http://fstc.org/projects/new.cfm#compliance The FSTC Business Continuity Standing Committee has launched an initiative to assist the financial industry in coming to a common understanding on the meaning of continuity regulation, prioritization of compliance related activities, and creating efficiencies in documenting regulatory compliance status. To establish a clear understanding of the regulatory environment, a list of continuity related guidance will be pulled together along with the name of the agency responsible. Each regulation will be reviewed and a clearly worded summary of the continuity requirements will be developed. Where possible the regulatory agencies will be contacted for clarification on specific points. Common themes and requirements will be documented and prioritized. The project will focus on providing straight forward interpretations of what is needed for an FI to comply with current regulations. This project is sponsored by the Business Continuity SCOM, co-chaired by Tom Hirsch of US Bank, and Damian Walch of IBM. Please contact FSTC Managing Executive Charles Wallen for more information (charles.wallen(a)fstc.org) (http://fstc.org/advisory/business_continuity/) ______________ 4. Image Quality and Usability Assurance: Phase II (launched Nov 2004) http://fstc.org/projects/new.cfm#iqa2 In Phase I, more than 20 companies, representing 2/3 of US check volume, most major vendors, and key industry associations, undertook a 90-day effort to assess the impact of poor quality check images, and defined 16 technical metrics and 4 usability levels that can be used to measure image quality and usability in a standard and interoperable way. The findings of the Phase I project team justified further development, to test these metrics in a real-world scenario, on millions of images, to determine the quantitative thresholds for the 16 metrics that will define a minimum baseline "standard" for acceptable quality images for the industry. The business objectives are to maximize efficiencies, cost savings, and ensure strong adoption of image exchange. The project will undertake a robust, "real-world" analysis and test to provide actionable specifications and direction to the industry to allow financial institutions, technology vendors, standards organizations, and other key partners to collectively implement baseline image quality and usability through industry collaboration under the FSTC umbrella. This project originates from the Check Truncation SIG (http://fstc.org/advisory/check-truncation.cfm) co-chaired by James Burroughs, Wells Fargo; Glen Ulrich, US Bank; and Ian Goodall, NCR. 7 financial institutions and 18 vendors and industry organizations are participating. ______________ PROJECTS IN DEVELOPMENT: 1. Interoperable Verification of Check Security Features (IV-CSF) As a follow-on to the recently completed Survivability of Check Security Features project (http://fstc.org/projects/csf/) this initiative will seek to develop the business and technology foundation to enable interoperable verification of check security features. As a growing number of banks offer their customers security features targeted at surviving the imaging process, interoperability becomes an important enabler. The objective of this initiative, through interoperability, is to mitigate fraud risk for all stakeholders (banks, customers, merchants, etc.) by shortening the time between a check being presented, and the check verification process, and to enable any receiver of a check to verify it as close to the point of presentment as possible. This project originates from the Check Truncation SIG (http://fstc.org/advisory/check-truncation.cfm) A whiteboard session was held January 26-27 in Tempe, AZ, hosted by Bank of America and co-hosted by JPMorgan Chase. A full draft proposal will be published to the Check Truncation SIG in the coming week to ten days, reflecting the refined objectives and deliverables that were developed in Tempe. Potential project launch is in the March/April timeframe. ______________ 2. Resilience Maturity Model (RMM): Phase I A group of FSTC member institutions and vendors met at the FSTC Technology Recovery Roundtable, hosted by US Bank on October 6th in St. Paul. At the meeting, the group defined a potential project that would develop metrics to evaluate an institution's resilience, much like the Carnegie Mellon CMM model in software development. Resilience in this context is an institution's overall business continuity, disaster recovery, and crisis management program. The business objective of the project would be to allow financial institutions to "rate" themselves and their key business partners against industry-vetted definitions and metrics, and justify investment (or not) where needed to achieve the desired level of resilience. The group met again in New York on January 13th, hosted by JPMorgan Chase, and further refined the concept with 7 of the top 10 institutions in the US represented. A proposal is currently being finalized, and will be published in the next 7-10 days to the general public. More than 8 firms have already committed to participate. If you are interested, please contact Charles Wallen, Business Continuity SCOM Managing Executive, at charles.wallen(a)fstc.org. ______________ 3. Better Mutual Authentication: Phase I As a next-phase concept coming out of the Counter-Phishing: Phase I project, the initiative will focus on establishing a blueprint for the financial industry to establish better mutual authentication between customers and financial institutions. The three components of better mutual authentication include: customer to institution, institution to customer, and email communications from the institution to customer. The objective is to create a framework that supports individual institutions' efforts, while defining a "blueprint" of requirements to ensuring a level of consistency in customer experience (if affected), leveraging customer education efforts, and establishing interoperability wherever possible and prudent. An in-person, large-institution-only meeting is currently being scheduled for mid-late-March to create the charter, objectives, and deliverables for such an initiative. More information will be available in the coming weeks under the auspices of the Security Standing Committee. ## ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://ls.fstc.org/subscriber> --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

1 0