cypherpunks-legacy
Threads by month
- ----- 2024 -----
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 8.17, 8 September 2010
============================================================
Contents
============================================================
1. Deleting illegal sites is more efficient than blocking them
2. France: Imminent "Humanitarian Fingerprinting" of Roma with OSCAR
3. INDECT - privacy ethics in a secret project
4. Germany wants a new law to protect employees' privacy
5. State of play for ID cards in Europe
6. YouTube guilty of its users' copyright infringement says a German court
7. UK: Harassing innocent users for copyright infringement
8. ENDitorial: ACTA endgame - The devil is in the detail
9. Recommended Reading
10. Agenda
11. About
============================================================
1. Deleting illegal sites is more efficient than blocking them
============================================================
Eco, the Association of German Internet Economy, presented, in a press
conference in Berlin on 1 September 2010, the situation related to fighting
child pornography, reaching the conclusion that deleting was, in 98% of the
cases, more efficient than blocking illegal sites.
Thus, out of 197 child pornography sites reported at the Eco Internet
Complaint during the first half of 2010, 194 were offline in a week.
"The Websites that are hosted on the German servers were offline
regularly within one business day."
The main reason for this successful result is the establishment of "notice
and takedown" procedures and the increase of national reporting offices. The
hosting providers are more directly informed and they are more successful in
deleting sites than the police.
This report only comes to confirm what it has lately been constantly
repeated by ISPs, Internet users, associations and specialists that blocking
sites is an inefficient measure. Several associations such as EDRi or MOGiS
have argued in several occasions (as it was the case of the draft directive
proposed by European Commissioner Cecilia Malmstrvm to establish blocking at
the European level) that blocking is a useless and costly measure that can
be easily by-passed and which does not treat the problem, while causing
censureship issues.
Eco: Delete works up to 98% (only in German, 1.09.2010)
http://www.netzpolitik.org:80/2010/eco-loschen-funktioniert-zu-98/
Germany: Deleting instead of blocking is more efficient (only in French,
2.09.2010)
http://vasistas.wordpress.com:80/2010/09/02/allemagne-la-suppression-au-lie…
Delete, don't block (30.03.2010)
http://www.presseurop.eu/en/content/article/220161-delete-don-t-block
EDRi-gram: EDRi sends open letter to EU Commissioners to oppose Internet
blocking (10.03.2010)
http://www.edri.org/edrigram/number8.5/edri-open-letter-internet-blocking
============================================================
2. France: Imminent "Humanitarian Fingerprinting" of Roma with OSCAR
============================================================
The xenophobic anti-Roma campaign run by the French government
following President Sarkozy's discourse at the end of July has led to the
brutal dismantling of numerous Roma camps, and to the expulsion of 1 000
foreign Roma people from the country within the last month. How could this
happen, given that most if not all of them are either from Romania or
Bulgaria? As EU citizens since 1 January 2007, they should normally benefit
from freedom of movement in the Union. The reality is that Romanians and
Bulgarians are actually treated as 2nd class EU citizens in countries such
as France, where restrictions have been imposed on their right to stay, even
for a less than 3 month period. As a consequence, they can be expelled from
the country inter alia in case they "threaten the public order" or they
"constitute an unreasonable charge to the French social assistance system".
Sarkozy's government suddenly decided that Roma settlements are highly
threatening French public order. Courts disagree though, as recent annulment
of expulsion decisions in Lille have shown. However, such legal recourse can
seldom occur, when one only has 48 hours to file the case, not to mention
the immense practical difficulties for this population to exercise such
rights, even with the support of French NGOs.
This highly publicized campaign has shed the light on a French database
called OSCAR ( Tool for Repatriation Aid Statistics and Control - "Outil de
Statistiques et de Contrtle de l'Aide au Retour" in French), created by
decree in October 2009. OSCAR aims at collecting biometric data (digital
photograph and 10 fingerprints) of foreigners expelled from the country or
even leaving it voluntarily, with the benefit of a small grant. In the case
of EU citizens, the grant takes the form of a "humanitarian repatriation
help" of 300 Euro per person, with an additional 100 Euro for each
accompanying child. In such case, if the child is more than 12 years old,
his biometric data are also collected and stored in OSCAR. These data are
stored during 5 years.
It must be noted that, although this seems recent news to the general
public, to the European Commission and to the international press, the
French government decided to set up this "humanitarian repatriation help"
for EU citizens at the end of 2006, anticipating the "consequences" of
Romania and Bulgaria adhesion to the EU. This can be directly inferred from
an inter-ministerial administrative document of 7 December 2006 and from a
provision of the 2007 Immigration law authorizing the fingerprinting of the
"repatriation grant" recipients. As official data shows, before 1 January
2007, Romanian and Bulgarian citizens formed 25% of the total number of
expelled irregular migrants. After they became EU citizens, the number of
"humanitarian repatriation help" grew from less than 400 in 2005 and 2006 to
almost 3 000 in 2007, more than 10 000 in 2008 (81% of them granted to
Romanians and 9% to Bulgarians) and more than 12 000 in 2009 (83% granted to
Romanians and 7% to Bulgarians). As documented by many NGOs, the French
government has been forcing Roma people to sign on the "humanitarian
repatriation help", as this is the only really "legal" mean to expel them.
The novelty thus resides in the spectacular Roma-bashing political campaign.
Three French NGOs, among them EDRI member IRIS, have filed a complaint in
December 2009 before the Conseil d'Etat, to obtain the annulment of the
OSCAR database. Together with GISTI (an association defending the rights
of migrants) and LDH (French Human Rights League), IRIS claims that the
biometric nature of the data and the duration of its storage are arbitrary
and disproportionate, given the purpose of the database, which is simply the
management of the grant attribution in order to ensure that one cannot claim
it twice. It is also disproportionate given the amount of the grant, which
is minimal. The complaint also includes other legal arguments, such as the
storage of the foreigners' addresses in their own country, and the
possibility to interconnect OSCAR with AGDREF, the foreigners' register,
containing a lot more information for different purposes, though no
biometric data so far.
While only non biometric data were stored in OSCAR till now, since the
biometric fingerprints collecting system was not yet acquired and installed,
Eric Besson, French minister of Immigration, recently announced in the
framework of the current anti-Roma campaign, that biometrics will be in
place in OSCAR starting on 1 October. In an immediate reaction, GISTI,
IRIS and LDH have asked the Conseil d'Etat to process their complaint in
emergency.
The xenophobic anti-Roma campaign, which has been facing strong reactions
from very diverse sources in the country and abroad, needs to be urgently
stopped. The 3 NGOs also remind in their press release that the OSCAR
database concerns an even larger public, that is, all foreigners, EU
citizens or not, staying legally or illegally in France and likely to
receive any form of "repatriation help". As stated by a member of the
Parliament from the opposition in 2007, during the discussion of the latest
Immigration law providing for fingerprinting this population: "So, even back
to their country, foreigners would annoy us to the extent that we need to
file them!". At least, they annoy Sarkozy and its supporters.
EU questions legality of French Roma expulsions (01.09.2010)
http://euobserver.com/9/30720
NGOs press release: "Biometric filing of Roma: the Conseil d'Etat Annulment
of OSCAR file becomes urgent" (only in French,31.08.2010)
http://www.iris.sgdg.org/info-debat/comm-oscar0810.html
IRIS Dossier on OSCAR and related documents
http://www.iris.sgdg.org/actions/fichiers/
(Contribution by Meryem Marzouki, EDRI-member IRIS - France)
============================================================
3. INDECT - privacy ethics in a secret project
============================================================
A new document on ethical issues published by the INDECT European
research project on public surveillance has once more attracted the
scrutiny of the media. Previous allegations of secrecy were followed
by an attempt to strengthen the project's Ethics Board. The new
document however notes that addressing ethical concerns requires time
that cannot be spent on research. It therefore recommends to simply
stop disclosing any project deliverables that could negatively impact
"organisational reputation" and other sensitive topics.
The INDECT Project, funded with almost 11 million euros, aims to research on
"Intelligent information system supporting observation, searching and
detection for security of citizens in urban environment" but was
qualified by The Telegraph last year as the "'Orwellian' artificial
intelligence plan to monitor public for 'abnormal behaviour'".
Following the article, a lot of public pressure was put from media, civil
society and the European Parliament. MEPs addressed to the European
Commission 10 questions in the past year related to the project and its
privacy ethics.
One of the answers of the European Commission was: "In order to
further enhance the role of the project's Ethics Board, the Commission will
recommend to the project to add an additional independent expert. This
expert will have proven expertise in ethical and data protection issues",
but, so far, the Ethics board has been dominated by Police Officers and no
privacy experts.
The project published in August 2010 a first public document that has as
objective "to give an overview of activities relevant to ethical issues
undertaken within INDECT during the first year of project work."
One of the conclusions of the document shows in fact little consideration
for the public interest: "What is discouraging for persons working in INDECT
is that instead of making research a significant amount of the time is
consumed for explaining what the project is NOT about."
Moreover, as emphasized by Futurezone.orf.at, the document has also other
shortcomings in terms of secrecy, as most of the documents developed within
the project could remain away from the public eye:
"In addressing the issue of public disclosure, as presently deliverables do
not indicate any level of disclosure, it was agreed that:
- No issues that could impact negatively upon
o Law enforcement capability
o National Security
o Public Safety
o Organisational Reputation
should be published in the public domain
- Summary documents of such deliverables should not be published."
In fact, two of the documents that have been made publicly available on the
project website, have disappeared from there. But they have re-appeared on
other independant websites, as pointed by the Futurezone.orf.at
investigation.
Also, the initial video-presentation of the INDECT project, available on
YouTube and receiving a lot of negative comments, has now become just a
private video.
INDECT - Ethical Issues 2009 (17.08.2010)
http://www.indect-project.eu/files/deliverables/public/INDECT_Deliverable_D…
EU Monitoring: INDECT keeping a low profile (only in German, 3.09.2010)
http://futurezone.orf.at/stories/1659751/
INDECT: The missing papers (only in German, 8.09.2010)
http://futurezone.orf.at/stories/1660457/
MEPs questions on INDECT project (2009-2010)
http://bit.ly/ciy5Ot
INDECT Ethics Board Members
http://www.indect-project.eu/ethics-board-members
EDRi-gram: Third PrivacyOS: More Privacy, Increased awareness (5.11.2009)
http://www.edri.org/edrigram/number7.21/privacy-os-third-conference
============================================================
4. Germany wants a new law to protect employees' privacy
============================================================
Following several scandals during the last years related to the surveillance
of employees in several companies, the German government has recently tabled
a draft bill that would forbid employers to use hidden cameras or social
networking websites to spy on employees.
Interior Minister Thomas de Maiziere said the new law would be beneficial
for both parties. "It's a balanced compromise among the various interests
and will foster more trust in the workplace between employer and employees".
As many retailers in Germany have been using hidden cameras to catch
employees believed to steal, one of the proposed measures is that employers
can no longer use video surveillance on workers without their knowledge.
They will be allowed to use video cameras in public areas such as around the
cash register or the entrance to a supermarket to prevent shop-lifting but
video surveillance will be forbidden in private areas such as changing
rooms, break rooms and bathrooms.
The bill also regulates phone, email and Internet surveillance at the
workplace. The bill will forbid employers to gather private information of
candidate employees from networks such as Facebook and MySpace, but they
will still be able to get information by means of publicly accessible
sources on search engines and professional social networks, such as
LinkedIn.
An employer getting friends with a prospective employee or hacking his (her)
Facebook account to get personal information will be punished with a fine of
up to 300 000 euro, acts which will be however difficult to prove.
The bill is to be debated and approved by the German Parliament this Autumn
and if passed, Germany will become the first country to place restrictions
on the use of personal information found on social networking sites such as
Facebook.
France has also played with the idea of "the right to oblivion" but without
a final result. In UK, the law is not restrictive regarding searching of
personal data on the Internet for employers. "I know a lot of employers will
put an applicant's name into Google to see what comes up, and nothing in UK
law prevents that. In terms of how employers use the information they find,
they have to be conscious of a person's rights, particularly under the Data
Protection Act," said Kirsty Ayre, a partner in Pinsent Masons law firm.
An Employment Practices Code published by the UK Information Commissioner's
Office says that during a recruitment process, employers have to: "Explain
the nature of and sources from which information might be obtained about the
applicant in addition to the information supplied directly by the applicant"
and to "Ensure there is a clear statement on the application form or
surrounding documents, explaining what information will be sought and from
whom."
According to Ayre, employers should avoid using information obtained from
online sources in ways that might be discriminatory as an Internet search
may reveal characteristics that are protected by anti-discrimination laws
across the UK, such as a person's age, religion or sexual preferences.
Germany weighs bill to outlaw spying on employees (25.08.2010)
http://www.dw-world.de:80/dw/article/0,,5942077,00.html
Germany to ban employers from snooping on Facebook (27.08.2010)
http://euobserver.com/851/30685
German law bans Facebook research for hiring decisions (26.08.2010)
http://www.out-law.com//default.aspx?page=11336
The German Law (only in German, 24.08.2010)
http://www.bmi.bund.de/cae/servlet/contentblob/1286172/publicationFile/9529…
============================================================
5. State of play for ID cards in Europe
============================================================
A new analysis was made public by Statewatch based on the answers to a
questionnaire regarding the "state of play concerning electronic
identity cards" in the EU Member States and countries that are members of
the so-called "Mixed Committee" that is part of Schengen (Iceland,
Lichtenstein, Norway and Switzerland).
The 23 replies to the questionnaire show that:
- 17 countries make it mandatory for their citizens to have an ID card,
four do not;
- 13 countries issue traditional ID cards, eight issue cards containing
contact and/or RFID chips, two countries do not issue ID cards (Norway, UK).
Of the eight countries that issue electronic ID cards with the capacity to
store biometric data, six have chosen to do so (Belgium, Italy, Lithuania,
Portugal, Spain and Sweden). Lithuania, Portugal and Spain store
biometric data centrally, while Italy has a decentralised system.
After the biometrics is already introduced by the Council of the European
Union in Visas, resident third country nationals and the EU passports, now
the national ID cards are on the table, claiming their scope as travel
documents within the Schengen Area.
The questionnaire had no questions regarding privacy issues and only one
dealing indirectly with security issues (Did you detect any altered or
forged data storage device in any identity card?).
Statewatch concludes that "This is the start of a process of 'soft-law
making' over which the European and national parliaments have no say",
considering that the Council might adopt Conclusions of the national ID
cards, that the EU members states will use to take joint common actions.
Statewatch Briefing: ID Cards in the EU: Current state of play (09.2010)
http://www.statewatch.org/analyses/no-107-national-ID-cards-questionnaire.p…
EU Council - Questionnaire (26.03.2010)
http://www.statewatch.org/news/2010/jun/eu-council-ID-cards-5299-1-10.pdf
EU Council - Answers to Questionnaire
State of play concerning the electronic identity cards in the EU Member
States (31.05.2010)
http://www.statewatch.org/news/2010/jun/eu-council-ID-cards-9949-10.pdf
============================================================
6. YouTube guilty of its users' copyright infringement says a German court
============================================================
On 3 September 2010, the German Hamburg state court ruled that Google's
subsidiary YouTube had to pay damages for not having prevented and
blocked the upload by its users of several videos of Sarah Brightman's
performances, thus violating its copyright.
Although YouTube uses a standardized form to users regarding their right
to publish materials, the court did not find this enough and considered
YouTube as legally responsible for the content uploaded, especially as the
platform can be used anonymously, in the court's opinion.
YouTube uses Content ID, an anti-pirating technology to check out videos.
Now the page for adding videos includes now a warning that uploading
copyrighted content is not allowed unless the uploader is the right holder
or has previously received the right holders' agreement.
A prior verification of all the materials made available on the platform
would however create a huge problem for YouTube as, according to last year's
figures, 24h of video were uploaded every minute, which makes the measure
impossible from the financial as well as personnel point of view. Also, this
would be contrary to the EU E-commerce directive which specifically states
that such an online service has not a general obligation to "monitor the
information which they transmit or store, nor a general obligation actively
to seek facts or circumstances indicating illegal activity."
YouTube must not publish those videos anymore and has to provide information
to establish the amount of compensation for the uploading of the videos.
Google will appeal the decision.
In another case in Germany one week before, Google had a slight success
in its trial with the German collective societies, when the court declined
to issue a preliminary injunction against YouTube. But the court also
estimated that the collective societies may have the right to ask for taking
down of videos for which collective contributions haven't been paid, but
this needs to be proven during the trial, not in an interim injunction.
The court's decision is the result of a long battle between collective
society GEMA, the German Society for musical performing and mechanical
reproduction rights, and Google, who have been trying for over a year to
renegotiate a license expired in March 2009.
GEMA and other collective societies have failed so far to obtain in court
the injunction of YouTube but what they actually want is to get paid for
Internet broadcast of the videos. The negotiations have failed because there
is a discrepancy between the payment expectations of the two sides. GEMA is
used to the traditional method of royalty collection where a user pays at
every broadcast of a copyrighted material, while YouTube, generating its
revenues from advertising, does not charge users to watch videos.
German court rules against YouTube over copyright (4.09.2010)
http://www.google.com:80/hostednews/ap/article/ALeqM5iJ6jhspHQJ_JJyw3Ba0sWK…
German judge chides Google over YouTube freeloading (31.08.2010)
http://www.theregister.co.uk/2010/08/31/gema_youtube/
German battle over YouTube royalties wages on (27.08.2010)
http://www.dw-world.de/dw/article/0,,5951245,00.html
============================================================
7. UK: Harassing innocent users for copyright infringement
============================================================
ACS:Law having sent tens of thousands of cash demands to make supposed
copyright infringement lawsuits go away, has been referred to the Solicitors
Disciplinary Group for "bullying and excessive conduct".
The referral was the result of a coordinated work of wrongly accused people
and of consumers groups such as Which? and BeingThreatened.com. However,
Andrew Crossley, the principal of ACS:Law, goes regularly to court against
thousands of individuals he states are infringing his clients' copyrights,
although he presents no solid proof for his allegations. The law says that
in order to have infringed copyright, Internet subscribers must have either
shared files themselves or explicitly authorized someone else to do it.
ACS:Law cannot know who used a computer at a given time and wrongfully
suggest that the bill payer is the infringer or that he (she) has the
responsibility to say who did the alleged file-sharing. The company's
actions seriously affect a lot of wrongly accused people.
ACS:Law has been one of the most controversial law companies in the last
years. The company has kept busy the Solicitors Regulatory Authority (SRA),
a body regulating more than 110 000 solicitors in the UK, the regulatory
body of the Law Society of England and Wales, which is meant to keep an eye
on disreputable lawyers.
According to TorrentFreak, in September 2009, the complaints made to the SRA
about the conduct of ACS:Law constituted more than 16% of all complaints for
the whole month. Since 8 July 2010, the SRA has received an unprecedented
number of 418 official complaints against ACS:Law from members of the
public, a record in the IP sector.
In 2009, consumer group Which? filed a complaint against ACS:Law in which it
accused the law firm of bullying recipients by its threatening letters.
Finally, SRA has now referred Andrew Crossley to the Solicitors Disciplinary
Tribunal which adjudicates upon breaches of professional conduct and
is meant to protect the public by maintaining the reputation of the legal
profession. Its powers include the ability to fine, reprimand or even strike
off a lawyer, but the process will be long.
"We also echo the comments of Which? that the process appears very drawn out
and consumer unfriendly. We would also welcome clarification from the SRA as
to whether a temporary hold has been enforced on the continued practice of
ACS:Law in relation to filesharing cases or if they will be free to continue
their campaign unabated until the Solicitors Disciplinary Tribunal has
ruled," stated BeingThreatened.com's spokesman for TorrentFreak.
A team of lawyers is offering to coordinate a group action in order to
gather compensation for Crossley's harassed victims. "It can be incredibly
upsetting for people to receive such letters and they may well have a claim
for harassment against ACS Law so I am urging them to come forward," says
Michael Forrester of Ralli's Intellectual Property and Harassment Law team.
"Our aim is for the actions to cost claimants nothing," said Robert Illidge
from Ralli's. "It depends on who is involved, how many claims and how
the cases are presented. There are a number of ways of funding group action
litigation such as the 'no win, no fee' basis."
A success of the action may bring damage compensations for the participants
for their "financial loss and anxiety the letters and other correspondence
have caused. The law also allows individuals to obtain injunctions in
certain specific circumstances, which, if obtained would prevent the
harassment from continuing," added Illidge.
Wrongfully Accused Of File-Sharing? File For Harassment (31.08.2010)
http://torrentfreak.com:80/wrongfully-accused-of-file-sharing-file-for-hara…
File-Sharing Lawyers To Face Disciplinary Tribunal (23.08.2010)
http://torrentfreak.com/file-sharing-lawyers-to-face-disciplinary-tribunal-…
File sharing: are you breaking the law?
http://www.which.co.uk/campaigns/technology/file-sharing-are-you-breaking-t…
Being Threatened? - Portal
http://beingthreatened.yolasite.com/portal.php
The Speculative Invoicing Handbook (2009)
http://torrentfreak.com/static/The-Speculative-Invoicing-Handbook.pdf
============================================================
8. ENDitorial: ACTA endgame - The devil is in the detail
============================================================
The last week has seen a flurry of activity surrounding ACTA, with the leak
of the latest negotiating text, as well as the adoption of a Written
Declaration by the European Parliament.
Some parts of ACTA remain very problematic, such as the text related to
statutory damages. Also, the text on the liability of online intermediaries
and the extent to which they will be expected to police their clients is now
shorter, but less clear than ever before.
The current text reads as follows:
"Each Party shall endeavor to promote cooperative efforts within the
business community to effectively address [US: copyright and related
rights][EU/J: intellectual property rights] infringement while preserving
legitimate competition and consistent with each Party's law, preserving
principles relating to freedom of expression, fair process, and privacy,
[EU: among other [US: fundamental] principles]."
The first point to note is that this is ostensibly a trade agreement. As a
result, every party can claim a legitimate interest in ensuring the
implementation of trade-related provisions (such as "cooperation" between
ISPs and rightholders) and could, therefore, demand enforcement of this to
some degree. However, no party would have an interest in, or a legal means
of, ensuring the implementation of fundamental rights in other
jurisdictions. As a result, the obligations part of this text is enforceable
by parties, while the rights part is not, even though both seem equal in the
text.
Secondly, this approach, where ISPs are coerced into a policing role creates
an entirely unpredictable environment. Due to the ongoing vertical
integration, it is impossible to tell how "cooperation" or surveillance ISPs
will feel motivated and justified to undertake. Already we see the British
media provider/ISP Virgin planning to undertake deep packet inspection - a
"beta test" that will give heart to every totalitarian regime in the world -
on a test basis. If ISPs are blocking, filtering and carrying out
surveillance to protect Mick Jagger, what will the EU say to Iran when it
does the same thing to protect, as it would see it, the functioning of the
state? Furthermore, and these are in EU law already, but with the limited
privacy and human rights protection that the EU offers, the damages and
intermediary injunctions proposed in the current text will help encourage
ISPs to "volunteer" to collaborate with rightsholders.
This gives rise to a third issue - where does this leave the European
Union's legal obligations to promote and protect democracy and the rule of
law in its international relations. Can active support for privatisation of
law enforcement in third countries be considered compatible with the
obligation in the Treaty on European Union to cooperate in all fields of
international relations, in order to consolidate and support democracy and
the rule of law?
The European Parliament's Written Declaration is a huge step forward,
setting clear limits for the European Commission with regard to
harmonization, due process, coercion of ISPs to "voluntarily" undertake
blocking/filtering/three strikes, etc. Importantly, it also asks for "all
documents related to the ongoing negotiations publicly available" rather
than simply the most recent texts. Preparatory texts will be essential for
the Parliament and the public at large, to understand the real meaning of
the Agreement.
The weakening of some of the most egregious elements of ACTA's disregard for
the rights of citizens is very welcome - but the devil is still in the
detail. The fight goes on.
Virgin Media to trial piracy-detection software (17.01.2010)
http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article69…
Treaty on European Union
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:083:0013:00…
Written Declaration 12 on the lack of a transparent process for the
Anti-Counterfeiting Trade Agreement (ACTA) and potentially objectionable
content
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+WDECL+P…
Adoption of anti-ACTA declaration - "a big victory" (7.09.2010)
http://www.numerama.com/magazine/16698-adoption-de-la-declaration-anti-acta…
European Parliament vs. ACTA: Rejection is the only option (8.09.2010)
http://www.laquadrature.net/en/european-parliament-vs-acta-rejection-is-the…
(Contribution by Joe McNamee - EDRi)
============================================================
9. Recommended Reading
============================================================
Hadopi: rightholders want to convince Internet subscribers to accept DPI
filtering (only in French, 2.09.2010)
Since 2009 a series of interest groups have been discussing with the
Internal Market DG in the European Commissionon on how to fight the illegal
p2p usage. The internal documents presented by PcINpact show how these
lobbists are pushing for a new European copyright implementation and how
HADOPI will be used in France to test the Deep Packet Inspection with
voluntary users.
http://www.pcinpact.com/actu/news/59102-hadopi-bruxelles-filtrage-blocage-e…
http://www.pcinpact.com/actu/news/59106-hadopi-dpi-vedicis-scpp-filtrage.htm
UK: Understanding surveillance statistics by Tony Bunyan
http://www.statewatch.org/news/2010/aug/05uk-understanding-surveillance-sta…
Consumer Watchdog - "Don't Be Evil?" video - Final Version.
http://www.youtube.com/watch?v=Ouof1OzhL8k
Electronic Communication Industry: Joint Statement on the EU- South Korea
FTA (09.2010)
http://www.euroispa.org/files/joint_industry_statement_on_eu_korea_fta.pdf
The Relationship Between IP, Technology Transfer, and Development
(30.08.2010)
http://www.ip-watch.org/weblog/2010/08/30/the-relationship-between-ip-techn…
============================================================
10. Agenda
============================================================
11 September 2010, Europe
International action day "Freedom not Fear - Stop the Surveillance Mania!"
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2010
13-17 September 2010, Crete, Greece
Privacy and Security in the Future Internet
3rd Network and Information Security (NIS'10) Summer School
http://www.nis-summer-school.eu
14-16 September 2010, Vilnius, Lithuania
Internet Governance Forum 2010
http://igf2010.lt/
20-21 September 2010, Helsinki Finland
Finnish Internet Forum
http://internetforum.fi
8-9 October 2010, Berlin, Germany
The 3rd Free Culture Research Conference
http://wikis.fu-berlin.de/display/fcrc/Home
25-26 October 2010, Jerusalem, Israel
OECD Conference on "Privacy, Technology and Global Data Flows", celebrating
the 30th anniversary of the OECD Guidelines on the Protection of Privacy and
Transborder Flows of Personal Data
http://www.oecd.org/sti/privacyanniversary
27-29 October 2010, Jerusalem, Israel
The 32nd Annual International Conference of Data Protection and Privacy
Commissioners
http://www.privacyconference2010.org/
28-31 October 2010, Barcelona, Spain
oXcars and Free Culture Forum 2010, the biggest free culture event of all
time
http://exgae.net/oxcars10
http://fcforum.net/10
3-5 November 2010, Barcelona, Spain
The Fifth International Conference on Legal, Security and Privacy Issues in
IT Law. Call for papers deadline: 10 September 2010
http://www.lspi.net/
5-7 November 2010, Cologne, Germany
Transparency, Work, Surveillance
Joint Annual Meeting of FIfF and DVD
http://fiff.de/veranstaltungen/fiff-jahrestagungen/JT2010/jt2010_uebersicht
17 November 2010, Gent, Belgium
Big Brother Awards 2010 Belgium
http://www.winuwprivacy.be/kandidaten
============================================================
11. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 27 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
============================================================
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Number 8.17, 8 September 2010
============================================================
Contents
============================================================
1. Deleting illegal sites is more efficient than blocking them
2. France: Imminent "Humanitarian Fingerprinting" of Roma with OSCAR
3. INDECT - privacy ethics in a secret project
4. Germany wants a new law to protect employees' privacy
5. State of play for ID cards in Europe
6. YouTube guilty of its users' copyright infringement says a German court
7. UK: Harassing innocent users for copyright infringement
8. ENDitorial: ACTA endgame - The devil is in the detail
9. Recommended Reading
10. Agenda
11. About
============================================================
1. Deleting illegal sites is more efficient than blocking them
============================================================
Eco, the Association of German Internet Economy, presented, in a press
conference in Berlin on 1 September 2010, the situation related to fighting
child pornography, reaching the conclusion that deleting was, in 98% of the
cases, more efficient than blocking illegal sites.
Thus, out of 197 child pornography sites reported at the Eco Internet
Complaint during the first half of 2010, 194 were offline in a week.
"The Websites that are hosted on the German servers were offline
regularly within one business day."
The main reason for this successful result is the establishment of "notice
and takedown" procedures and the increase of national reporting offices. The
hosting providers are more directly informed and they are more successful in
deleting sites than the police.
This report only comes to confirm what it has lately been constantly
repeated by ISPs, Internet users, associations and specialists that blocking
sites is an inefficient measure. Several associations such as EDRi or MOGiS
have argued in several occasions (as it was the case of the draft directive
proposed by European Commissioner Cecilia Malmstrvm to establish blocking at
the European level) that blocking is a useless and costly measure that can
be easily by-passed and which does not treat the problem, while causing
censureship issues.
Eco: Delete works up to 98% (only in German, 1.09.2010)
http://www.netzpolitik.org:80/2010/eco-loschen-funktioniert-zu-98/
Germany: Deleting instead of blocking is more efficient (only in French,
2.09.2010)
http://vasistas.wordpress.com:80/2010/09/02/allemagne-la-suppression-au-lie…
Delete, don't block (30.03.2010)
http://www.presseurop.eu/en/content/article/220161-delete-don-t-block
EDRi-gram: EDRi sends open letter to EU Commissioners to oppose Internet
blocking (10.03.2010)
http://www.edri.org/edrigram/number8.5/edri-open-letter-internet-blocking
============================================================
2. France: Imminent "Humanitarian Fingerprinting" of Roma with OSCAR
============================================================
The xenophobic anti-Roma campaign run by the French government
following President Sarkozy's discourse at the end of July has led to the
brutal dismantling of numerous Roma camps, and to the expulsion of 1 000
foreign Roma people from the country within the last month. How could this
happen, given that most if not all of them are either from Romania or
Bulgaria? As EU citizens since 1 January 2007, they should normally benefit
from freedom of movement in the Union. The reality is that Romanians and
Bulgarians are actually treated as 2nd class EU citizens in countries such
as France, where restrictions have been imposed on their right to stay, even
for a less than 3 month period. As a consequence, they can be expelled from
the country inter alia in case they "threaten the public order" or they
"constitute an unreasonable charge to the French social assistance system".
Sarkozy's government suddenly decided that Roma settlements are highly
threatening French public order. Courts disagree though, as recent annulment
of expulsion decisions in Lille have shown. However, such legal recourse can
seldom occur, when one only has 48 hours to file the case, not to mention
the immense practical difficulties for this population to exercise such
rights, even with the support of French NGOs.
This highly publicized campaign has shed the light on a French database
called OSCAR ( Tool for Repatriation Aid Statistics and Control - "Outil de
Statistiques et de Contrtle de l'Aide au Retour" in French), created by
decree in October 2009. OSCAR aims at collecting biometric data (digital
photograph and 10 fingerprints) of foreigners expelled from the country or
even leaving it voluntarily, with the benefit of a small grant. In the case
of EU citizens, the grant takes the form of a "humanitarian repatriation
help" of 300 Euro per person, with an additional 100 Euro for each
accompanying child. In such case, if the child is more than 12 years old,
his biometric data are also collected and stored in OSCAR. These data are
stored during 5 years.
It must be noted that, although this seems recent news to the general
public, to the European Commission and to the international press, the
French government decided to set up this "humanitarian repatriation help"
for EU citizens at the end of 2006, anticipating the "consequences" of
Romania and Bulgaria adhesion to the EU. This can be directly inferred from
an inter-ministerial administrative document of 7 December 2006 and from a
provision of the 2007 Immigration law authorizing the fingerprinting of the
"repatriation grant" recipients. As official data shows, before 1 January
2007, Romanian and Bulgarian citizens formed 25% of the total number of
expelled irregular migrants. After they became EU citizens, the number of
"humanitarian repatriation help" grew from less than 400 in 2005 and 2006 to
almost 3 000 in 2007, more than 10 000 in 2008 (81% of them granted to
Romanians and 9% to Bulgarians) and more than 12 000 in 2009 (83% granted to
Romanians and 7% to Bulgarians). As documented by many NGOs, the French
government has been forcing Roma people to sign on the "humanitarian
repatriation help", as this is the only really "legal" mean to expel them.
The novelty thus resides in the spectacular Roma-bashing political campaign.
Three French NGOs, among them EDRI member IRIS, have filed a complaint in
December 2009 before the Conseil d'Etat, to obtain the annulment of the
OSCAR database. Together with GISTI (an association defending the rights
of migrants) and LDH (French Human Rights League), IRIS claims that the
biometric nature of the data and the duration of its storage are arbitrary
and disproportionate, given the purpose of the database, which is simply the
management of the grant attribution in order to ensure that one cannot claim
it twice. It is also disproportionate given the amount of the grant, which
is minimal. The complaint also includes other legal arguments, such as the
storage of the foreigners' addresses in their own country, and the
possibility to interconnect OSCAR with AGDREF, the foreigners' register,
containing a lot more information for different purposes, though no
biometric data so far.
While only non biometric data were stored in OSCAR till now, since the
biometric fingerprints collecting system was not yet acquired and installed,
Eric Besson, French minister of Immigration, recently announced in the
framework of the current anti-Roma campaign, that biometrics will be in
place in OSCAR starting on 1 October. In an immediate reaction, GISTI,
IRIS and LDH have asked the Conseil d'Etat to process their complaint in
emergency.
The xenophobic anti-Roma campaign, which has been facing strong reactions
from very diverse sources in the country and abroad, needs to be urgently
stopped. The 3 NGOs also remind in their press release that the OSCAR
database concerns an even larger public, that is, all foreigners, EU
citizens or not, staying legally or illegally in France and likely to
receive any form of "repatriation help". As stated by a member of the
Parliament from the opposition in 2007, during the discussion of the latest
Immigration law providing for fingerprinting this population: "So, even back
to their country, foreigners would annoy us to the extent that we need to
file them!". At least, they annoy Sarkozy and its supporters.
EU questions legality of French Roma expulsions (01.09.2010)
http://euobserver.com/9/30720
NGOs press release: "Biometric filing of Roma: the Conseil d'Etat Annulment
of OSCAR file becomes urgent" (only in French,31.08.2010)
http://www.iris.sgdg.org/info-debat/comm-oscar0810.html
IRIS Dossier on OSCAR and related documents
http://www.iris.sgdg.org/actions/fichiers/
(Contribution by Meryem Marzouki, EDRI-member IRIS - France)
============================================================
3. INDECT - privacy ethics in a secret project
============================================================
A new document on ethical issues published by the INDECT European
research project on public surveillance has once more attracted the
scrutiny of the media. Previous allegations of secrecy were followed
by an attempt to strengthen the project's Ethics Board. The new
document however notes that addressing ethical concerns requires time
that cannot be spent on research. It therefore recommends to simply
stop disclosing any project deliverables that could negatively impact
"organisational reputation" and other sensitive topics.
The INDECT Project, funded with almost 11 million euros, aims to research on
"Intelligent information system supporting observation, searching and
detection for security of citizens in urban environment" but was
qualified by The Telegraph last year as the "'Orwellian' artificial
intelligence plan to monitor public for 'abnormal behaviour'".
Following the article, a lot of public pressure was put from media, civil
society and the European Parliament. MEPs addressed to the European
Commission 10 questions in the past year related to the project and its
privacy ethics.
One of the answers of the European Commission was: "In order to
further enhance the role of the project's Ethics Board, the Commission will
recommend to the project to add an additional independent expert. This
expert will have proven expertise in ethical and data protection issues",
but, so far, the Ethics board has been dominated by Police Officers and no
privacy experts.
The project published in August 2010 a first public document that has as
objective "to give an overview of activities relevant to ethical issues
undertaken within INDECT during the first year of project work."
One of the conclusions of the document shows in fact little consideration
for the public interest: "What is discouraging for persons working in INDECT
is that instead of making research a significant amount of the time is
consumed for explaining what the project is NOT about."
Moreover, as emphasized by Futurezone.orf.at, the document has also other
shortcomings in terms of secrecy, as most of the documents developed within
the project could remain away from the public eye:
"In addressing the issue of public disclosure, as presently deliverables do
not indicate any level of disclosure, it was agreed that:
- No issues that could impact negatively upon
o Law enforcement capability
o National Security
o Public Safety
o Organisational Reputation
should be published in the public domain
- Summary documents of such deliverables should not be published."
In fact, two of the documents that have been made publicly available on the
project website, have disappeared from there. But they have re-appeared on
other independant websites, as pointed by the Futurezone.orf.at
investigation.
Also, the initial video-presentation of the INDECT project, available on
YouTube and receiving a lot of negative comments, has now become just a
private video.
INDECT - Ethical Issues 2009 (17.08.2010)
http://www.indect-project.eu/files/deliverables/public/INDECT_Deliverable_D…
EU Monitoring: INDECT keeping a low profile (only in German, 3.09.2010)
http://futurezone.orf.at/stories/1659751/
INDECT: The missing papers (only in German, 8.09.2010)
http://futurezone.orf.at/stories/1660457/
MEPs questions on INDECT project (2009-2010)
http://bit.ly/ciy5Ot
INDECT Ethics Board Members
http://www.indect-project.eu/ethics-board-members
EDRi-gram: Third PrivacyOS: More Privacy, Increased awareness (5.11.2009)
http://www.edri.org/edrigram/number7.21/privacy-os-third-conference
============================================================
4. Germany wants a new law to protect employees' privacy
============================================================
Following several scandals during the last years related to the surveillance
of employees in several companies, the German government has recently tabled
a draft bill that would forbid employers to use hidden cameras or social
networking websites to spy on employees.
Interior Minister Thomas de Maiziere said the new law would be beneficial
for both parties. "It's a balanced compromise among the various interests
and will foster more trust in the workplace between employer and employees".
As many retailers in Germany have been using hidden cameras to catch
employees believed to steal, one of the proposed measures is that employers
can no longer use video surveillance on workers without their knowledge.
They will be allowed to use video cameras in public areas such as around the
cash register or the entrance to a supermarket to prevent shop-lifting but
video surveillance will be forbidden in private areas such as changing
rooms, break rooms and bathrooms.
The bill also regulates phone, email and Internet surveillance at the
workplace. The bill will forbid employers to gather private information of
candidate employees from networks such as Facebook and MySpace, but they
will still be able to get information by means of publicly accessible
sources on search engines and professional social networks, such as
LinkedIn.
An employer getting friends with a prospective employee or hacking his (her)
Facebook account to get personal information will be punished with a fine of
up to 300 000 euro, acts which will be however difficult to prove.
The bill is to be debated and approved by the German Parliament this Autumn
and if passed, Germany will become the first country to place restrictions
on the use of personal information found on social networking sites such as
Facebook.
France has also played with the idea of "the right to oblivion" but without
a final result. In UK, the law is not restrictive regarding searching of
personal data on the Internet for employers. "I know a lot of employers will
put an applicant's name into Google to see what comes up, and nothing in UK
law prevents that. In terms of how employers use the information they find,
they have to be conscious of a person's rights, particularly under the Data
Protection Act," said Kirsty Ayre, a partner in Pinsent Masons law firm.
An Employment Practices Code published by the UK Information Commissioner's
Office says that during a recruitment process, employers have to: "Explain
the nature of and sources from which information might be obtained about the
applicant in addition to the information supplied directly by the applicant"
and to "Ensure there is a clear statement on the application form or
surrounding documents, explaining what information will be sought and from
whom."
According to Ayre, employers should avoid using information obtained from
online sources in ways that might be discriminatory as an Internet search
may reveal characteristics that are protected by anti-discrimination laws
across the UK, such as a person's age, religion or sexual preferences.
Germany weighs bill to outlaw spying on employees (25.08.2010)
http://www.dw-world.de:80/dw/article/0,,5942077,00.html
Germany to ban employers from snooping on Facebook (27.08.2010)
http://euobserver.com/851/30685
German law bans Facebook research for hiring decisions (26.08.2010)
http://www.out-law.com//default.aspx?page=11336
The German Law (only in German, 24.08.2010)
http://www.bmi.bund.de/cae/servlet/contentblob/1286172/publicationFile/9529…
============================================================
5. State of play for ID cards in Europe
============================================================
A new analysis was made public by Statewatch based on the answers to a
questionnaire regarding the "state of play concerning electronic
identity cards" in the EU Member States and countries that are members of
the so-called "Mixed Committee" that is part of Schengen (Iceland,
Lichtenstein, Norway and Switzerland).
The 23 replies to the questionnaire show that:
- 17 countries make it mandatory for their citizens to have an ID card,
four do not;
- 13 countries issue traditional ID cards, eight issue cards containing
contact and/or RFID chips, two countries do not issue ID cards (Norway, UK).
Of the eight countries that issue electronic ID cards with the capacity to
store biometric data, six have chosen to do so (Belgium, Italy, Lithuania,
Portugal, Spain and Sweden). Lithuania, Portugal and Spain store
biometric data centrally, while Italy has a decentralised system.
After the biometrics is already introduced by the Council of the European
Union in Visas, resident third country nationals and the EU passports, now
the national ID cards are on the table, claiming their scope as travel
documents within the Schengen Area.
The questionnaire had no questions regarding privacy issues and only one
dealing indirectly with security issues (Did you detect any altered or
forged data storage device in any identity card?).
Statewatch concludes that "This is the start of a process of 'soft-law
making' over which the European and national parliaments have no say",
considering that the Council might adopt Conclusions of the national ID
cards, that the EU members states will use to take joint common actions.
Statewatch Briefing: ID Cards in the EU: Current state of play (09.2010)
http://www.statewatch.org/analyses/no-107-national-ID-cards-questionnaire.p…
EU Council - Questionnaire (26.03.2010)
http://www.statewatch.org/news/2010/jun/eu-council-ID-cards-5299-1-10.pdf
EU Council - Answers to Questionnaire
State of play concerning the electronic identity cards in the EU Member
States (31.05.2010)
http://www.statewatch.org/news/2010/jun/eu-council-ID-cards-9949-10.pdf
============================================================
6. YouTube guilty of its users' copyright infringement says a German court
============================================================
On 3 September 2010, the German Hamburg state court ruled that Google's
subsidiary YouTube had to pay damages for not having prevented and
blocked the upload by its users of several videos of Sarah Brightman's
performances, thus violating its copyright.
Although YouTube uses a standardized form to users regarding their right
to publish materials, the court did not find this enough and considered
YouTube as legally responsible for the content uploaded, especially as the
platform can be used anonymously, in the court's opinion.
YouTube uses Content ID, an anti-pirating technology to check out videos.
Now the page for adding videos includes now a warning that uploading
copyrighted content is not allowed unless the uploader is the right holder
or has previously received the right holders' agreement.
A prior verification of all the materials made available on the platform
would however create a huge problem for YouTube as, according to last year's
figures, 24h of video were uploaded every minute, which makes the measure
impossible from the financial as well as personnel point of view. Also, this
would be contrary to the EU E-commerce directive which specifically states
that such an online service has not a general obligation to "monitor the
information which they transmit or store, nor a general obligation actively
to seek facts or circumstances indicating illegal activity."
YouTube must not publish those videos anymore and has to provide information
to establish the amount of compensation for the uploading of the videos.
Google will appeal the decision.
In another case in Germany one week before, Google had a slight success
in its trial with the German collective societies, when the court declined
to issue a preliminary injunction against YouTube. But the court also
estimated that the collective societies may have the right to ask for taking
down of videos for which collective contributions haven't been paid, but
this needs to be proven during the trial, not in an interim injunction.
The court's decision is the result of a long battle between collective
society GEMA, the German Society for musical performing and mechanical
reproduction rights, and Google, who have been trying for over a year to
renegotiate a license expired in March 2009.
GEMA and other collective societies have failed so far to obtain in court
the injunction of YouTube but what they actually want is to get paid for
Internet broadcast of the videos. The negotiations have failed because there
is a discrepancy between the payment expectations of the two sides. GEMA is
used to the traditional method of royalty collection where a user pays at
every broadcast of a copyrighted material, while YouTube, generating its
revenues from advertising, does not charge users to watch videos.
German court rules against YouTube over copyright (4.09.2010)
http://www.google.com:80/hostednews/ap/article/ALeqM5iJ6jhspHQJ_JJyw3Ba0sWK…
German judge chides Google over YouTube freeloading (31.08.2010)
http://www.theregister.co.uk/2010/08/31/gema_youtube/
German battle over YouTube royalties wages on (27.08.2010)
http://www.dw-world.de/dw/article/0,,5951245,00.html
============================================================
7. UK: Harassing innocent users for copyright infringement
============================================================
ACS:Law having sent tens of thousands of cash demands to make supposed
copyright infringement lawsuits go away, has been referred to the Solicitors
Disciplinary Group for "bullying and excessive conduct".
The referral was the result of a coordinated work of wrongly accused people
and of consumers groups such as Which? and BeingThreatened.com. However,
Andrew Crossley, the principal of ACS:Law, goes regularly to court against
thousands of individuals he states are infringing his clients' copyrights,
although he presents no solid proof for his allegations. The law says that
in order to have infringed copyright, Internet subscribers must have either
shared files themselves or explicitly authorized someone else to do it.
ACS:Law cannot know who used a computer at a given time and wrongfully
suggest that the bill payer is the infringer or that he (she) has the
responsibility to say who did the alleged file-sharing. The company's
actions seriously affect a lot of wrongly accused people.
ACS:Law has been one of the most controversial law companies in the last
years. The company has kept busy the Solicitors Regulatory Authority (SRA),
a body regulating more than 110 000 solicitors in the UK, the regulatory
body of the Law Society of England and Wales, which is meant to keep an eye
on disreputable lawyers.
According to TorrentFreak, in September 2009, the complaints made to the SRA
about the conduct of ACS:Law constituted more than 16% of all complaints for
the whole month. Since 8 July 2010, the SRA has received an unprecedented
number of 418 official complaints against ACS:Law from members of the
public, a record in the IP sector.
In 2009, consumer group Which? filed a complaint against ACS:Law in which it
accused the law firm of bullying recipients by its threatening letters.
Finally, SRA has now referred Andrew Crossley to the Solicitors Disciplinary
Tribunal which adjudicates upon breaches of professional conduct and
is meant to protect the public by maintaining the reputation of the legal
profession. Its powers include the ability to fine, reprimand or even strike
off a lawyer, but the process will be long.
"We also echo the comments of Which? that the process appears very drawn out
and consumer unfriendly. We would also welcome clarification from the SRA as
to whether a temporary hold has been enforced on the continued practice of
ACS:Law in relation to filesharing cases or if they will be free to continue
their campaign unabated until the Solicitors Disciplinary Tribunal has
ruled," stated BeingThreatened.com's spokesman for TorrentFreak.
A team of lawyers is offering to coordinate a group action in order to
gather compensation for Crossley's harassed victims. "It can be incredibly
upsetting for people to receive such letters and they may well have a claim
for harassment against ACS Law so I am urging them to come forward," says
Michael Forrester of Ralli's Intellectual Property and Harassment Law team.
"Our aim is for the actions to cost claimants nothing," said Robert Illidge
from Ralli's. "It depends on who is involved, how many claims and how
the cases are presented. There are a number of ways of funding group action
litigation such as the 'no win, no fee' basis."
A success of the action may bring damage compensations for the participants
for their "financial loss and anxiety the letters and other correspondence
have caused. The law also allows individuals to obtain injunctions in
certain specific circumstances, which, if obtained would prevent the
harassment from continuing," added Illidge.
Wrongfully Accused Of File-Sharing? File For Harassment (31.08.2010)
http://torrentfreak.com:80/wrongfully-accused-of-file-sharing-file-for-hara…
File-Sharing Lawyers To Face Disciplinary Tribunal (23.08.2010)
http://torrentfreak.com/file-sharing-lawyers-to-face-disciplinary-tribunal-…
File sharing: are you breaking the law?
http://www.which.co.uk/campaigns/technology/file-sharing-are-you-breaking-t…
Being Threatened? - Portal
http://beingthreatened.yolasite.com/portal.php
The Speculative Invoicing Handbook (2009)
http://torrentfreak.com/static/The-Speculative-Invoicing-Handbook.pdf
============================================================
8. ENDitorial: ACTA endgame - The devil is in the detail
============================================================
The last week has seen a flurry of activity surrounding ACTA, with the leak
of the latest negotiating text, as well as the adoption of a Written
Declaration by the European Parliament.
Some parts of ACTA remain very problematic, such as the text related to
statutory damages. Also, the text on the liability of online intermediaries
and the extent to which they will be expected to police their clients is now
shorter, but less clear than ever before.
The current text reads as follows:
"Each Party shall endeavor to promote cooperative efforts within the
business community to effectively address [US: copyright and related
rights][EU/J: intellectual property rights] infringement while preserving
legitimate competition and consistent with each Party's law, preserving
principles relating to freedom of expression, fair process, and privacy,
[EU: among other [US: fundamental] principles]."
The first point to note is that this is ostensibly a trade agreement. As a
result, every party can claim a legitimate interest in ensuring the
implementation of trade-related provisions (such as "cooperation" between
ISPs and rightholders) and could, therefore, demand enforcement of this to
some degree. However, no party would have an interest in, or a legal means
of, ensuring the implementation of fundamental rights in other
jurisdictions. As a result, the obligations part of this text is enforceable
by parties, while the rights part is not, even though both seem equal in the
text.
Secondly, this approach, where ISPs are coerced into a policing role creates
an entirely unpredictable environment. Due to the ongoing vertical
integration, it is impossible to tell how "cooperation" or surveillance ISPs
will feel motivated and justified to undertake. Already we see the British
media provider/ISP Virgin planning to undertake deep packet inspection - a
"beta test" that will give heart to every totalitarian regime in the world -
on a test basis. If ISPs are blocking, filtering and carrying out
surveillance to protect Mick Jagger, what will the EU say to Iran when it
does the same thing to protect, as it would see it, the functioning of the
state? Furthermore, and these are in EU law already, but with the limited
privacy and human rights protection that the EU offers, the damages and
intermediary injunctions proposed in the current text will help encourage
ISPs to "volunteer" to collaborate with rightsholders.
This gives rise to a third issue - where does this leave the European
Union's legal obligations to promote and protect democracy and the rule of
law in its international relations. Can active support for privatisation of
law enforcement in third countries be considered compatible with the
obligation in the Treaty on European Union to cooperate in all fields of
international relations, in order to consolidate and support democracy and
the rule of law?
The European Parliament's Written Declaration is a huge step forward,
setting clear limits for the European Commission with regard to
harmonization, due process, coercion of ISPs to "voluntarily" undertake
blocking/filtering/three strikes, etc. Importantly, it also asks for "all
documents related to the ongoing negotiations publicly available" rather
than simply the most recent texts. Preparatory texts will be essential for
the Parliament and the public at large, to understand the real meaning of
the Agreement.
The weakening of some of the most egregious elements of ACTA's disregard for
the rights of citizens is very welcome - but the devil is still in the
detail. The fight goes on.
Virgin Media to trial piracy-detection software (17.01.2010)
http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article69…
Treaty on European Union
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:083:0013:00…
Written Declaration 12 on the lack of a transparent process for the
Anti-Counterfeiting Trade Agreement (ACTA) and potentially objectionable
content
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+WDECL+P…
Adoption of anti-ACTA declaration - "a big victory" (7.09.2010)
http://www.numerama.com/magazine/16698-adoption-de-la-declaration-anti-acta…
European Parliament vs. ACTA: Rejection is the only option (8.09.2010)
http://www.laquadrature.net/en/european-parliament-vs-acta-rejection-is-the…
(Contribution by Joe McNamee - EDRi)
============================================================
9. Recommended Reading
============================================================
Hadopi: rightholders want to convince Internet subscribers to accept DPI
filtering (only in French, 2.09.2010)
Since 2009 a series of interest groups have been discussing with the
Internal Market DG in the European Commissionon on how to fight the illegal
p2p usage. The internal documents presented by PcINpact show how these
lobbists are pushing for a new European copyright implementation and how
HADOPI will be used in France to test the Deep Packet Inspection with
voluntary users.
http://www.pcinpact.com/actu/news/59102-hadopi-bruxelles-filtrage-blocage-e…
http://www.pcinpact.com/actu/news/59106-hadopi-dpi-vedicis-scpp-filtrage.htm
UK: Understanding surveillance statistics by Tony Bunyan
http://www.statewatch.org/news/2010/aug/05uk-understanding-surveillance-sta…
Consumer Watchdog - "Don't Be Evil?" video - Final Version.
http://www.youtube.com/watch?v=Ouof1OzhL8k
Electronic Communication Industry: Joint Statement on the EU- South Korea
FTA (09.2010)
http://www.euroispa.org/files/joint_industry_statement_on_eu_korea_fta.pdf
The Relationship Between IP, Technology Transfer, and Development
(30.08.2010)
http://www.ip-watch.org/weblog/2010/08/30/the-relationship-between-ip-techn…
============================================================
10. Agenda
============================================================
11 September 2010, Europe
International action day "Freedom not Fear - Stop the Surveillance Mania!"
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2010
13-17 September 2010, Crete, Greece
Privacy and Security in the Future Internet
3rd Network and Information Security (NIS'10) Summer School
http://www.nis-summer-school.eu
14-16 September 2010, Vilnius, Lithuania
Internet Governance Forum 2010
http://igf2010.lt/
20-21 September 2010, Helsinki Finland
Finnish Internet Forum
http://internetforum.fi
8-9 October 2010, Berlin, Germany
The 3rd Free Culture Research Conference
http://wikis.fu-berlin.de/display/fcrc/Home
25-26 October 2010, Jerusalem, Israel
OECD Conference on "Privacy, Technology and Global Data Flows", celebrating
the 30th anniversary of the OECD Guidelines on the Protection of Privacy and
Transborder Flows of Personal Data
http://www.oecd.org/sti/privacyanniversary
27-29 October 2010, Jerusalem, Israel
The 32nd Annual International Conference of Data Protection and Privacy
Commissioners
http://www.privacyconference2010.org/
28-31 October 2010, Barcelona, Spain
oXcars and Free Culture Forum 2010, the biggest free culture event of all
time
http://exgae.net/oxcars10
http://fcforum.net/10
3-5 November 2010, Barcelona, Spain
The Fifth International Conference on Legal, Security and Privacy Issues in
IT Law. Call for papers deadline: 10 September 2010
http://www.lspi.net/
5-7 November 2010, Cologne, Germany
Transparency, Work, Surveillance
Joint Annual Meeting of FIfF and DVD
http://fiff.de/veranstaltungen/fiff-jahrestagungen/JT2010/jt2010_uebersicht
17 November 2010, Gent, Belgium
Big Brother Awards 2010 Belgium
http://www.winuwprivacy.be/kandidaten
============================================================
11. About
============================================================
EDRI-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRI has 27 members based or with offices in 17 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge and
awareness through the EDRI-grams.
All contributions, suggestions for content, corrections or agenda-tips are
most welcome. Errors are corrected as soon as possible and visibly on the
EDRI website.
Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/
Newsletter editor: Bogdan Manolea <edrigram(a)edri.org>
Information about EDRI and its members:
http://www.edri.org/
European Digital Rights needs your help in upholding digital rights in the
EU. If you wish to help us promote digital rights, please consider making a
private donation.
http://www.edri.org/about/sponsoring
- EDRI-gram subscription information
subscribe by e-mail
To: edri-news-request(a)edri.org
Subject: subscribe
You will receive an automated e-mail asking to confirm your request.
unsubscribe by e-mail
To: edri-news-request(a)edri.org
Subject: unsubscribe
- EDRI-gram in Macedonian
EDRI-gram is also available partly in Macedonian, with delay. Translations
are provided by Metamorphosis
http://www.metamorphosis.org.mk/edri/2.html
- EDRI-gram in German
EDRI-gram is also available in German, with delay. Translations are provided
Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for
Internet Users
http://www.unwatched.org/
- Newsletter archive
Back issues are available at:
http://www.edri.org/edrigram
- Help
Please ask <edrigram(a)edri.org> if you have any problems with subscribing or
unsubscribing.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
_ _ _____ _ __ <*the* weekly high-tech sarcastic update for the uk>
| \ | |_ _| |/ / _ __ __2003-11-14_ o join! sign up at
| \| | | | | ' / | '_ \ / _ \ \ /\ / / o http://lists.ntk.net/
| |\ | | | | . \ | | | | (_) \ v v / o website (+ archive) lives at:
|_| \_| |_| |_|\_\|_| |_|\___/ \_/\_/ o http://www.ntk.net/
"Using 'k3wl' instead of 'cool' and making sure the 'a' is
always replaced by '4' may seem insignificant habits any
teenager living in an SMS world might do. But by talking the
talk and virtually walking the walk, IS/Recon has gained the
trust of nearly 100 different [hacker] groups..."
http://news.bbc.co.uk/2/hi/technology/3246375.stm
...and literally gigabytes of 0-day warez and serialz!
>> HARD NEWS <<
shuffling in the pews
Think you had a bad week? Well, you did. You just didn't
hear about it. First up: after extraordinary scenes in the
House of Lords on Wednesday, the government managed to push
through its five standing orders of the apocalypse - to let
a smorgasbord of local authorities monitor email and phone
traffic, plus proposals to force ISPs to retain traffic
data. All the proposals have been watered down a little
since they were first aired. But it's all still pretty bad,
as was indicated by the Tories' desperate attempt to
introduce a "fatal amendment". Fatal amendments - which
basically add "This house believes the following law should
be taken outside and shot:" - are the Nuke-From-Orbit of the
Lords' arsenal. They haven't been successfully used in the
House for thirty years. Taken aback by this approach, the
government went on the offensive, threatening to use
similiar tactics on future Tory administrations. It all got
a bit nastily party-political from there on in. When the
mist cleared, the Lib-Dems had caved on data retention, the
Tories went off muttering about doing some angry squeaking
in the Commons, and we got a fistful of bad law. Worse: you
didn't know any of it was happening until it was far too late.
http://qwer.org/idcards.html
- (from Hansard) LORD RICHARD: You're doing *what*?
http://www.stand.org.uk/
- "not just bad, but maybe illegal too"
The ID cards roadshow that Blunkett launched this week had a
little more warning: and perhaps their longer timetable (due
in 2013) will allow them to be stopped. Especially if the
government keep on getting over-excited about the biometric
bits. The reason we need new cards is because of this
exciting new technology, goes the current spin. Exciting new
technology, such as retinal scans, which haven't been proven
to work with large populations, and are *just* like
passwords, only you can't change them when they're
compromised, and with a long history of false negatives.
Particularly impressive is Fiona McTaggart's current pitch.
An ex-chairwoman for Liberty and now a Minister in the
government, she attributes her entire volte-face on ID cards
down to the marvels of biometric magic. "If I'm honest, one
unstated reason why I have opposed ID cards is my fear that
this is another thing for me to lose", she gushes, before
explaining that, because she can't lose her eyes or
fingerprints, these new ID cards must be okay. We have to
say: if the government's so excited about new tech, why did
the ID card consultation still mistake thousands of
responses from the STAND relay as being automated responses
from "an organised opposition campaign"?
http://www.official-documents.co.uk/document/cm60/6020/6020.pdf
- paragraph 11. That's your democratic contribution right there
http://www.guardian.co.uk/comment/story/0,3604,1083804,00.html
- "another thing to lose". As if we're not losing enough here
http://www.sideshow.idps.co.uk/smay03.htm#23at1537
- why Liberty isn't
http://www.ntk.net/2003/11/14/dohpiracy.gif
- EU targeting "large scale privacy outfits" too
>> ANTI-NEWS <<
berating the obvious
Arnie's response to sexual harassment claims - "Bring on der
dancing girls!": http://www.ntk.net/2003/11/14/dohrevue.gif
... kids today, eh?: http://www.ntk.net/2003/11/14/dohlit.gif
... that "Army macho" culture goes a little further than you
thought: http://www.ntk.net/2003/11/14/dohbum.gif (actually
one of those expressions that means something different in the
US): http://www.google.com/search?q=%22going+to+be+bummed%22
... meanwhile, "Inclarity" telco offers global net "foaming":
http://www.inclarity.co.uk/Prices/Calling_Card_Instructions.htm#vo
... old thrill revisited - return of Widdecombe of the Week:
http://www.moneydemon.co.uk/result/keyword/UTTERLY+useless ...
banner ads: http://www.ntk.net/2003/11/14/dohsquat.gif staying
nice and morbid: http://www.ntk.net/2003/11/14/dohdrown.gif
... "War On Terror" apparently having the exact opposite of
intended effect: http://www.ntk.net/2003/11/14/dohscare.gif ,
http://www.ntk.net/2003/11/14/dohterror.gif ...
>> EVENT QUEUE <<
goto's considered non-harmful
Assuming you're not busy helping Tim Ireland create a site
where you can SMS pictures of your arse to George Bush (or
should that be the other way round?), hopefully you haven't
already missed too much of the DMZ MEDIA ARTS FESTIVAL (11am-
6pm, today and Saturday 2003-11-14 & 15, Limehouse Town Hall,
London E14, free) featuring a wide range of usual suspects
such as MUTE MAGAZINE, CONSUME.NET and no doubt a couple of
wireless psychogeographic film-making co-operatives based in
Hoxton and Eastern Europe. And if you're looking for a few
quirky Xmas gift ideas, maybe Thomson & Craighead will bring
along some of their Google tea-towels, "Teach Birds 2 Sing"
ringtone CDs, or Walkmans fitted with endless play cassettes
of genuine mobile phone conversations from the mid 1990s.
http://www.bloggerheads.com/
- vs http://www.stopwar.org.uk/ (not literally!)
http://www.ntk.net/2003/11/14/dohbush.gif
- for that, you could buy everyone in the UK an ID card
http://dmz.spc.org/talks.html
- not making this up: http://www.dot-store.com/system/
http://www.uklanparty.com/
- tomorrow: all-day (free?) LAN party in Luton pub
http://www.gamesmeet.net/
- advance warning of another bunker bash at the end of Jan
>> TRACKING <<
sufficiently advanced technology : the gathering
Good Ideas To Steal From MacOS X Applications, No. 443:
VOODOOPAD is another app that wins by flipping the
runs-on-server/runs-on-desktop bit. It's a local Wiki
masquerading as a free-form database. You type, and
WikiInterCapped words are automatically turned into links to
fresh pages. Images and links can be dropped into the text;
unicode is supported. And in case you still crave the wilds
of the Web, it can also act as a responsive frontend for
wikis that support author Gus Mueller's simple XMLRPC wiki
API. Oh, and you can dump all your thoughts to HTML - or an
iPod, should you be so freaky.
http://flyingmeat.com/voodoopad.html
- $20! You pay $20!
http://www.macdevcenter.com/pub/a/mac/developer/2003/09/05/innovators.html
- it won an award and yet still does not suck
>> MEMEPOOL <<
contains a source of http://snackspot.org/
now *we* want some of that Britney "has a level 14 Cleric"
Googlejuice: http://www.six-something.org/projectbritney.php
... ftp://www.japan.steinberg.net/ tagged - you're it... you
know you've "arrived" when: http://lordrich.newmail.ru/ican/
(and is the original hosted under www.bbc.co.uk/dna/ because
it's "mostly harmless"?)... don't want to know what they're up
to here: http://www.ntk.net/2003/11/14/dohgrif.gif ... "These
BOFH stickers on my monitor? Well, they each signify one of my
'support kills'": http://www.ntk.net/2003/09/12/dohbofh.gif
... caution - one of these pics is not safe for work like the
others: http://www.altavista.com/image/results?q=potatoes
... (comparatively) new thrill - amusingly (in)appropriate
GOOGLE TEXT ADS: http://www.ntk.net/2003/11/14/dohshuck.gif
... http://www.google.com/search?q=bluejacking - "Did you mean
'barebacking'?" (now *that* would surprise a stranger)...
>> GEEK MEDIA <<
get out less
TV>> it's not clear whether it's the collision detection, the
level design, or the terrible cheerleader non-choreography
that really lets down CGI would-be "Robot Wars" FIGHTBOX (7pm,
Fri, BBC2)... what if Robin Ince and resident Friday Thing
Photoshop-wiz Charlie Skelton were the "real" victims of
extended "Gotcha Oscar" format THE PILOT SHOW? (11.15pm, Fri,
C4)... and implausible-odyssey fan Ray Mears apologises for
the Monster-Manual-meets-road-movie structure of THE BIG READ:
THE LORD OF THE RINGS (9.15pm, Sat, BBC2)... at least it's
Miranda Sawyer - and not, say, Jonathan King - explaining SEX
BEFORE 16: WHY THE LAW IS FAILING (9pm, Sun, C4)... part of an
"Adult at 14" season that also includes *another* "The Real
Lord Of The Flies" reality show 14 ALONE (9pm, Tue, C4), plus
web filth roundup KIDS ON PORN (10.40pm, Tue, C4)... though
note that it's a pesky 17 year-old who shoots his parents then
claims THE MATRIX DEFENCE (10.40pm, Wed, C4) - presumably that
the act was entirely justified if we live in a VR illusion:
http://www.interiorcastle.net/chapel/morality_and_matrix.htm
... yes, you can laugh at the weirdoes in CHILD PRODIGIES
(9.30pm, Wed, BBC2) - but really you're chuckling at yourself
...speaking of which, Joel "rathergood.com" Veitch's cult
Flash animations "are intercut with memorable music videos" in
RATHER GOOD VIDEOS (1.50am, Wed, C4)... then HORIZON (9pm,
Thu, BBC2) shouldn't have too many problems poking holes in
the statistical coincidences that make up "The Bible Code":
http://politics.guardian.co.uk/print/0,3858,4561031-107865,00.html ...
FILM>> lots of staggered-release schedules right now, which
means you've got more chance of previewing Will "Old School"
Ferrell in what the posters imply is a film called ELF JAMES
CAAN ( http://www.capalert.com/capreports/elf.htm : Christmas
without Jesus; repeated display of provocative women's
underwear, once in an implication of perversion)... compared
to Robert Downey Jr/ Katie Holmes intertextual musical itcher
THE SINGING DETECTIVE (imdb: based-on-tv-series/ remake)...
the closest thing to a national release is Jackie Chan/ Lee
Evans CGI-heavy "Indiana Jones"-lite actioner THE MEDALLION
( http://www.screenit.com/movies/2003/the_medallion.html :
[Chan] and [Claire "Press Gang" Forlani] do some brief
passionate kissing; comedic and misinterpretation-based
homosexual innuendo)... otherwise at least you get a choice
of older women living it up in LA arthouse romp LAUREL CANYON
( http://www.cndb.com/movie.html?title=Laurel+Canyon+%282003%29 :
Kate [Beckinsale] has more exposure in this movie then
anything she has done in 4-5 years)... or London comedy THE
MOTHER ( http://www.cndb.com/movie.html?title=Mother%2C+The :
Born 1935 Anne ["Dinnerladies"] Reid, in the title role, has
two sex scenes with a young carpenter in which she's naked,
but largely concealed by fancy editing)...
>> SMALL PRINT <<
Need to Know is a useful and interesting UK digest of things that
happened last week or might happen next week. You can read it
on Friday afternoon or print it out then take it home if you have
nothing better to do. It is compiled by NTK from stuff they get sent.
Registered at the Post Office as
"ntk.*net* Richard - if you don't mind"
http://news.google.com/news?q=ntk.org
NEED TO KNOW
THEY STOLE OUR REVOLUTION. NOW WE'RE STEALING IT BACK.
Archive - http://www.ntk.net/
Unsubscribe or subscribe at http://lists.ntk.net/
NTK now is supported by UNFORTU.NET, and by you: http://www.ntkmart.com/
(K) 2003 Special Projects.
Copying is fine, but include URL: http://www.ntk.net/
Full license at: http://creativecommons.org/licenses/by/1.0
Tips, news and gossip to tips(a)spesh.com
All communication is for publication, unless you beg.
Remember: Your work email may be monitored if sending sensitive
material.
Sending >500KB attachments is forbidden by the Geneva Convention.
Your country may be at risk if you fail to comply.
----- End forwarded message -----
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 0.97c removed an attachment of type application/pgp-signature]
1
0
06 Jul '18
On Thu, Dec 11, 2003 at 07:07:01PM -0800, Karsten M. Self wrote:
> on Thu, Dec 11, 2003 at 04:49:11PM -0800, Jason Spence
(jspence(a)lightconsulting.com) wrote:
> > On Thu, Dec 11, 2003 at 01:23:33PM -0600, D. Joe Anderson wrote:
> > >
> > > w00t! Here's a good start to the the back-up plan if
> > > TCPA/Longhorn/Palladium/"Fritz-chips"* get out of hand.
> >
> > You know, the black hat community is drooling over the possibility of
> > a secure execution environment that would allow applications to run in
> > a secure area which cannot be attached to via debuggers and such.
>
> Any more background on that? Excellent sig material, BTW ;-)
TCPA and friends have a few core objectives driven by different
parties in the standards bodies:
- Provide secure audio playback with license management,
self-destructing licenses, etc
- Uniquely identify hardware instances for software license
management and software activation type schemes
- Provide a trusted "hypervisor" or "ring -1" environment from which
authorized code can spy on the operating system and make sure it's
not running any reverse engineering tools or known cracks before
the authorized code can install itself or download privileged data
like strictly licensed content or restricted documents, etc
- Really fast PKI crypto on a dedicated processor for ipsec type
stuff
- Protected cert store in hardware that is somehow immune or
resistent to tampering (I don't completely understand how this
can't be attacked by patching the nexus on the hard disk; I'm
learning more about it)
<scenario class="evil">
I write a worm. It's a nasty little bugger. It pokes around your
machine and your network for anything that looks like a credit card
number. It's allowed to install itself in the protected memory area
because it's ostensibly a popup blocker or spam blocker or something
and I got it certified by NGSCB or whoever'll be in charge of handing
out signatures.
It joins a p2p network of other worms which can't be spied upon
because the crypto keys are located in curtained memory and since your
debugger doesn't have access to curtained memory, you can't get a copy
of them. You can't get a copy of the destination addresses that your
credit card numbers are being sent to either, because those are also
located in curtained memory. Oh yeah, and it'll fire up your modem
and wardial for fax machines and randomly fax the credit card numbers
around too, just because I like to be a pain in the ass.
So one of these nodes is not like the others, and I'm sitting on it
collecting credit card numbers all day long. Anyone who tries to
break my scheme is going to get their ass thrown in jail by everyone
with an interest in keeping the scheme secure, like software vendors
who want to lock you in to their file formats, governments out to
censor you, the media industries, etc. So I scam a million dollars
through credit card fraud and fencing stolen goods and retire in Cabo.
</scenario>
But those are just the black hats. What if the governments didn't
like you saying naughty things about them? Or generic megacorp wants
to take your little business out just because? Or what if the
megacorps start fighting over file formats and interoperability using
this stuff? Here's a bunch of even more fun scenarios:
http://www.againsttcpa.com/tcpa-faq-en.html
And here's the MS document outlining their strategy:
http://www.microsoft.com/resources/ngscb/documents/NGSCB_Security_Model.doc
Locke, the Vikings, and a bunch of others throughout history have had
a lot to say about individual responsibility and assigning rights to
the state, because they were worried about tyrants doing Bad Things to
them. So Jefferson and those other guys wrote things like freedom of
speech and certain other rights right into the constitution and bill
of rights. So we trust the federal government to enforce those rights
because otherwise we'll yank the officials which make it up right out
of office during the next election. Or at least that's the way it's
supposed to be... but the people are becoming increasingly apathetic
about it. Voter turnout continues to decline, and so that last ditch
safety mechanism won't be very effective if someone decides to take
control of the trusted component we know as the federal government and
use things like TCPA and friends to literally take over the world.
I understand the vendors' point of view that sometimes you just can't
trust the users, but this is the wrong way to implement protection
against them. The people who implement this stuff should be unbiased
towards either the software vendors or the people, and that's just not
the case here. The people who are implementing these ideas are the
software vendors and the media companies, and they're pretty upset
about pirates and music thieves. If I were them, I'd exact some kind
of retribution or competitive advantage out of this thing I'm
designing to make up for all the pirated software and stolen music and
annoying competitors I've had to put up with in the past.
--
- Jason Last known location: 2.5 miles northwest of MOUNTAIN VIEW, CA
Take everything in stride. Trample anyone who gets in your way.
_______________________________________________
linux-elitists
http://zgp.org/mailman/listinfo/linux-elitists
----- End forwarded message -----
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 0.97c removed an attachment of type application/pgp-signature]
1
0
On Wed, Sep 23, 2009 at 10:01:07AM -0400, Brian Mearns wrote:
>
> So, if I understand this correctly, a correlation attack works (on a
> very basic level) by noticing that Alice sent a message to Bob (a
> known Tor node) at time X, and Dave (another known Tor node) sent a
> message to Wally (a web server) at time X+e, where e is about how long
> we would expect it to take for the onion to be routed. Is that more or
> less the idea?
Yes. But packet counting can also play a role. Cf,
"Passive Attack Analysis for Connection-Based Anonymity Systems"
at http://freehaven.net/anonbib/index.html#SS03
>
> It seems like determining e (time to route the packet) with any degree
> of precision would be pretty difficult, so is this really a big
> problem? (or is that still being debated?)
It's not. Cf. my "Locating Hidden Servers"
http://freehaven.net/anonbib/index.html#hs-attack06
wherein we had zero false positives on any timing attacks conducted
in finding hidden services, which generally was very quick.
(That such attacks existed were known for years. That they were not
just possible but so fast and effective using merely a single
node in the network was the reason that guard nodes were introduced
into the Tor network.)
And building on that see, "Low-Resource Routing Attacks Against Tor"
http://freehaven.net/anonbib/index.html#bauer:wpes2007
where timing attacks with epsilon false positives
were based simply on circuit setup and were shown on general
Tor circuits, not just for hidden services.
> On the other hand, if an attacker could monitor a good number of
> nodes, wouldn't it be fairly easy to determine each three-node
> circuit segment (like Alice, to Bob, to Charlie) and trace the whole
> thing end-to-end? It seems like this could be defeated with a more
> intelligent type of "chaff", where the receiving relay generates N
> random dummy onions (with an appreciable circuit length) for each
> onion it receives, and then sends all N+1 into the network in a
> random order.
>
There's been a lot of research on this. I think Nick pointed at
some. Cf. the anonbib.
Research against timing attacks continues. (I'm doing some myself.)
But so far, any "chaff" strategy in the literature is both too
expensive and not at all effective against active attacks on
general low-latency systems for wide use, such as Tor.
HTH,
Paul
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
On Wed, Sep 23, 2009 at 10:01:07AM -0400, Brian Mearns wrote:
>
> So, if I understand this correctly, a correlation attack works (on a
> very basic level) by noticing that Alice sent a message to Bob (a
> known Tor node) at time X, and Dave (another known Tor node) sent a
> message to Wally (a web server) at time X+e, where e is about how long
> we would expect it to take for the onion to be routed. Is that more or
> less the idea?
Yes. But packet counting can also play a role. Cf,
"Passive Attack Analysis for Connection-Based Anonymity Systems"
at http://freehaven.net/anonbib/index.html#SS03
>
> It seems like determining e (time to route the packet) with any degree
> of precision would be pretty difficult, so is this really a big
> problem? (or is that still being debated?)
It's not. Cf. my "Locating Hidden Servers"
http://freehaven.net/anonbib/index.html#hs-attack06
wherein we had zero false positives on any timing attacks conducted
in finding hidden services, which generally was very quick.
(That such attacks existed were known for years. That they were not
just possible but so fast and effective using merely a single
node in the network was the reason that guard nodes were introduced
into the Tor network.)
And building on that see, "Low-Resource Routing Attacks Against Tor"
http://freehaven.net/anonbib/index.html#bauer:wpes2007
where timing attacks with epsilon false positives
were based simply on circuit setup and were shown on general
Tor circuits, not just for hidden services.
> On the other hand, if an attacker could monitor a good number of
> nodes, wouldn't it be fairly easy to determine each three-node
> circuit segment (like Alice, to Bob, to Charlie) and trace the whole
> thing end-to-end? It seems like this could be defeated with a more
> intelligent type of "chaff", where the receiving relay generates N
> random dummy onions (with an appreciable circuit length) for each
> onion it receives, and then sends all N+1 into the network in a
> random order.
>
There's been a lot of research on this. I think Nick pointed at
some. Cf. the anonbib.
Research against timing attacks continues. (I'm doing some myself.)
But so far, any "chaff" strategy in the literature is both too
expensive and not at all effective against active attacks on
general low-latency systems for wide use, such as Tor.
HTH,
Paul
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
06 Jul '18
http://www.huffingtonpost.com/naomi-wolf/interpol-the-worlds-datin_b_793033…
Dear Interpol:
As a longtime feminist activist, I have been overjoyed to discover
your new commitment to engaging in global manhunts to arrest and
prosecute men who behave like narcissistic jerks to women they are
dating.
I see that Julian Assange is accused of having consensual sex with two
women, in one case using a condom that broke. I understand, from the
alleged victims' complaints to the miedia[1] , that Assange is also
accused of texting and tweeting in the taxi on the way to one of the
women's apartments while on a date, and, disgustingly enough, 'reading
stories about himself online' in the cab.
Both alleged victims are also upset that he began dating a second
woman while still being in a relationship with the first. (Of
course, as a feminist, I am also pleased that the alleged victims
are using feminist-inspired rhetoric and law to assuage what appears
to be personal injured feelings. That's what our brave suffragette
foremothers intended!).
Thank you again, Interpol. I know you will now prioritize the global
manhunt for 1.3 million guys I have heard similar complaints about
personally in the US alone -- there is an entire fraternity at the
University of Texas you need to arrest immediately. I also have
firsthand information that John Smith in Providence, Rhode Island,
went to a stag party -- with strippers! -- that his girlfriend wanted
him to skip, and that Mark Levinson in Corvallis, Oregon, did not
notice that his girlfriend got a really cute new haircut -- even
though it was THREE INCHES SHORTER.
Yours gratefully,
Naomi Wolf
[1]
http://www.dailymail.co.uk/news/article-1336291/Wikileaks-Julian-Assanges-2…
# distributed via <nettime>: no commercial use without permission
# <nettime> is a moderated mailing list for net criticism,
# collaborative text filtering and cultural politics of the nets
# more info: http://mail.kein.org/mailman/listinfo/nettime-l
# archive: http://www.nettime.org contact: nettime(a)kein.org
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
06 Jul '18
http://www.huffingtonpost.com/naomi-wolf/interpol-the-worlds-datin_b_793033…
Dear Interpol:
As a longtime feminist activist, I have been overjoyed to discover
your new commitment to engaging in global manhunts to arrest and
prosecute men who behave like narcissistic jerks to women they are
dating.
I see that Julian Assange is accused of having consensual sex with two
women, in one case using a condom that broke. I understand, from the
alleged victims' complaints to the miedia[1] , that Assange is also
accused of texting and tweeting in the taxi on the way to one of the
women's apartments while on a date, and, disgustingly enough, 'reading
stories about himself online' in the cab.
Both alleged victims are also upset that he began dating a second
woman while still being in a relationship with the first. (Of
course, as a feminist, I am also pleased that the alleged victims
are using feminist-inspired rhetoric and law to assuage what appears
to be personal injured feelings. That's what our brave suffragette
foremothers intended!).
Thank you again, Interpol. I know you will now prioritize the global
manhunt for 1.3 million guys I have heard similar complaints about
personally in the US alone -- there is an entire fraternity at the
University of Texas you need to arrest immediately. I also have
firsthand information that John Smith in Providence, Rhode Island,
went to a stag party -- with strippers! -- that his girlfriend wanted
him to skip, and that Mark Levinson in Corvallis, Oregon, did not
notice that his girlfriend got a really cute new haircut -- even
though it was THREE INCHES SHORTER.
Yours gratefully,
Naomi Wolf
[1]
http://www.dailymail.co.uk/news/article-1336291/Wikileaks-Julian-Assanges-2…
# distributed via <nettime>: no commercial use without permission
# <nettime> is a moderated mailing list for net criticism,
# collaborative text filtering and cultural politics of the nets
# more info: http://mail.kein.org/mailman/listinfo/nettime-l
# archive: http://www.nettime.org contact: nettime(a)kein.org
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
_ _ _____ _ __ <*the* weekly high-tech sarcastic update for the uk>
| \ | |_ _| |/ / _ __ __2003-11-14_ o join! sign up at
| \| | | | | ' / | '_ \ / _ \ \ /\ / / o http://lists.ntk.net/
| |\ | | | | . \ | | | | (_) \ v v / o website (+ archive) lives at:
|_| \_| |_| |_|\_\|_| |_|\___/ \_/\_/ o http://www.ntk.net/
"Using 'k3wl' instead of 'cool' and making sure the 'a' is
always replaced by '4' may seem insignificant habits any
teenager living in an SMS world might do. But by talking the
talk and virtually walking the walk, IS/Recon has gained the
trust of nearly 100 different [hacker] groups..."
http://news.bbc.co.uk/2/hi/technology/3246375.stm
...and literally gigabytes of 0-day warez and serialz!
>> HARD NEWS <<
shuffling in the pews
Think you had a bad week? Well, you did. You just didn't
hear about it. First up: after extraordinary scenes in the
House of Lords on Wednesday, the government managed to push
through its five standing orders of the apocalypse - to let
a smorgasbord of local authorities monitor email and phone
traffic, plus proposals to force ISPs to retain traffic
data. All the proposals have been watered down a little
since they were first aired. But it's all still pretty bad,
as was indicated by the Tories' desperate attempt to
introduce a "fatal amendment". Fatal amendments - which
basically add "This house believes the following law should
be taken outside and shot:" - are the Nuke-From-Orbit of the
Lords' arsenal. They haven't been successfully used in the
House for thirty years. Taken aback by this approach, the
government went on the offensive, threatening to use
similiar tactics on future Tory administrations. It all got
a bit nastily party-political from there on in. When the
mist cleared, the Lib-Dems had caved on data retention, the
Tories went off muttering about doing some angry squeaking
in the Commons, and we got a fistful of bad law. Worse: you
didn't know any of it was happening until it was far too late.
http://qwer.org/idcards.html
- (from Hansard) LORD RICHARD: You're doing *what*?
http://www.stand.org.uk/
- "not just bad, but maybe illegal too"
The ID cards roadshow that Blunkett launched this week had a
little more warning: and perhaps their longer timetable (due
in 2013) will allow them to be stopped. Especially if the
government keep on getting over-excited about the biometric
bits. The reason we need new cards is because of this
exciting new technology, goes the current spin. Exciting new
technology, such as retinal scans, which haven't been proven
to work with large populations, and are *just* like
passwords, only you can't change them when they're
compromised, and with a long history of false negatives.
Particularly impressive is Fiona McTaggart's current pitch.
An ex-chairwoman for Liberty and now a Minister in the
government, she attributes her entire volte-face on ID cards
down to the marvels of biometric magic. "If I'm honest, one
unstated reason why I have opposed ID cards is my fear that
this is another thing for me to lose", she gushes, before
explaining that, because she can't lose her eyes or
fingerprints, these new ID cards must be okay. We have to
say: if the government's so excited about new tech, why did
the ID card consultation still mistake thousands of
responses from the STAND relay as being automated responses
from "an organised opposition campaign"?
http://www.official-documents.co.uk/document/cm60/6020/6020.pdf
- paragraph 11. That's your democratic contribution right there
http://www.guardian.co.uk/comment/story/0,3604,1083804,00.html
- "another thing to lose". As if we're not losing enough here
http://www.sideshow.idps.co.uk/smay03.htm#23at1537
- why Liberty isn't
http://www.ntk.net/2003/11/14/dohpiracy.gif
- EU targeting "large scale privacy outfits" too
>> ANTI-NEWS <<
berating the obvious
Arnie's response to sexual harassment claims - "Bring on der
dancing girls!": http://www.ntk.net/2003/11/14/dohrevue.gif
... kids today, eh?: http://www.ntk.net/2003/11/14/dohlit.gif
... that "Army macho" culture goes a little further than you
thought: http://www.ntk.net/2003/11/14/dohbum.gif (actually
one of those expressions that means something different in the
US): http://www.google.com/search?q=%22going+to+be+bummed%22
... meanwhile, "Inclarity" telco offers global net "foaming":
http://www.inclarity.co.uk/Prices/Calling_Card_Instructions.htm#vo
... old thrill revisited - return of Widdecombe of the Week:
http://www.moneydemon.co.uk/result/keyword/UTTERLY+useless ...
banner ads: http://www.ntk.net/2003/11/14/dohsquat.gif staying
nice and morbid: http://www.ntk.net/2003/11/14/dohdrown.gif
... "War On Terror" apparently having the exact opposite of
intended effect: http://www.ntk.net/2003/11/14/dohscare.gif ,
http://www.ntk.net/2003/11/14/dohterror.gif ...
>> EVENT QUEUE <<
goto's considered non-harmful
Assuming you're not busy helping Tim Ireland create a site
where you can SMS pictures of your arse to George Bush (or
should that be the other way round?), hopefully you haven't
already missed too much of the DMZ MEDIA ARTS FESTIVAL (11am-
6pm, today and Saturday 2003-11-14 & 15, Limehouse Town Hall,
London E14, free) featuring a wide range of usual suspects
such as MUTE MAGAZINE, CONSUME.NET and no doubt a couple of
wireless psychogeographic film-making co-operatives based in
Hoxton and Eastern Europe. And if you're looking for a few
quirky Xmas gift ideas, maybe Thomson & Craighead will bring
along some of their Google tea-towels, "Teach Birds 2 Sing"
ringtone CDs, or Walkmans fitted with endless play cassettes
of genuine mobile phone conversations from the mid 1990s.
http://www.bloggerheads.com/
- vs http://www.stopwar.org.uk/ (not literally!)
http://www.ntk.net/2003/11/14/dohbush.gif
- for that, you could buy everyone in the UK an ID card
http://dmz.spc.org/talks.html
- not making this up: http://www.dot-store.com/system/
http://www.uklanparty.com/
- tomorrow: all-day (free?) LAN party in Luton pub
http://www.gamesmeet.net/
- advance warning of another bunker bash at the end of Jan
>> TRACKING <<
sufficiently advanced technology : the gathering
Good Ideas To Steal From MacOS X Applications, No. 443:
VOODOOPAD is another app that wins by flipping the
runs-on-server/runs-on-desktop bit. It's a local Wiki
masquerading as a free-form database. You type, and
WikiInterCapped words are automatically turned into links to
fresh pages. Images and links can be dropped into the text;
unicode is supported. And in case you still crave the wilds
of the Web, it can also act as a responsive frontend for
wikis that support author Gus Mueller's simple XMLRPC wiki
API. Oh, and you can dump all your thoughts to HTML - or an
iPod, should you be so freaky.
http://flyingmeat.com/voodoopad.html
- $20! You pay $20!
http://www.macdevcenter.com/pub/a/mac/developer/2003/09/05/innovators.html
- it won an award and yet still does not suck
>> MEMEPOOL <<
contains a source of http://snackspot.org/
now *we* want some of that Britney "has a level 14 Cleric"
Googlejuice: http://www.six-something.org/projectbritney.php
... ftp://www.japan.steinberg.net/ tagged - you're it... you
know you've "arrived" when: http://lordrich.newmail.ru/ican/
(and is the original hosted under www.bbc.co.uk/dna/ because
it's "mostly harmless"?)... don't want to know what they're up
to here: http://www.ntk.net/2003/11/14/dohgrif.gif ... "These
BOFH stickers on my monitor? Well, they each signify one of my
'support kills'": http://www.ntk.net/2003/09/12/dohbofh.gif
... caution - one of these pics is not safe for work like the
others: http://www.altavista.com/image/results?q=potatoes
... (comparatively) new thrill - amusingly (in)appropriate
GOOGLE TEXT ADS: http://www.ntk.net/2003/11/14/dohshuck.gif
... http://www.google.com/search?q=bluejacking - "Did you mean
'barebacking'?" (now *that* would surprise a stranger)...
>> GEEK MEDIA <<
get out less
TV>> it's not clear whether it's the collision detection, the
level design, or the terrible cheerleader non-choreography
that really lets down CGI would-be "Robot Wars" FIGHTBOX (7pm,
Fri, BBC2)... what if Robin Ince and resident Friday Thing
Photoshop-wiz Charlie Skelton were the "real" victims of
extended "Gotcha Oscar" format THE PILOT SHOW? (11.15pm, Fri,
C4)... and implausible-odyssey fan Ray Mears apologises for
the Monster-Manual-meets-road-movie structure of THE BIG READ:
THE LORD OF THE RINGS (9.15pm, Sat, BBC2)... at least it's
Miranda Sawyer - and not, say, Jonathan King - explaining SEX
BEFORE 16: WHY THE LAW IS FAILING (9pm, Sun, C4)... part of an
"Adult at 14" season that also includes *another* "The Real
Lord Of The Flies" reality show 14 ALONE (9pm, Tue, C4), plus
web filth roundup KIDS ON PORN (10.40pm, Tue, C4)... though
note that it's a pesky 17 year-old who shoots his parents then
claims THE MATRIX DEFENCE (10.40pm, Wed, C4) - presumably that
the act was entirely justified if we live in a VR illusion:
http://www.interiorcastle.net/chapel/morality_and_matrix.htm
... yes, you can laugh at the weirdoes in CHILD PRODIGIES
(9.30pm, Wed, BBC2) - but really you're chuckling at yourself
...speaking of which, Joel "rathergood.com" Veitch's cult
Flash animations "are intercut with memorable music videos" in
RATHER GOOD VIDEOS (1.50am, Wed, C4)... then HORIZON (9pm,
Thu, BBC2) shouldn't have too many problems poking holes in
the statistical coincidences that make up "The Bible Code":
http://politics.guardian.co.uk/print/0,3858,4561031-107865,00.html ...
FILM>> lots of staggered-release schedules right now, which
means you've got more chance of previewing Will "Old School"
Ferrell in what the posters imply is a film called ELF JAMES
CAAN ( http://www.capalert.com/capreports/elf.htm : Christmas
without Jesus; repeated display of provocative women's
underwear, once in an implication of perversion)... compared
to Robert Downey Jr/ Katie Holmes intertextual musical itcher
THE SINGING DETECTIVE (imdb: based-on-tv-series/ remake)...
the closest thing to a national release is Jackie Chan/ Lee
Evans CGI-heavy "Indiana Jones"-lite actioner THE MEDALLION
( http://www.screenit.com/movies/2003/the_medallion.html :
[Chan] and [Claire "Press Gang" Forlani] do some brief
passionate kissing; comedic and misinterpretation-based
homosexual innuendo)... otherwise at least you get a choice
of older women living it up in LA arthouse romp LAUREL CANYON
( http://www.cndb.com/movie.html?title=Laurel+Canyon+%282003%29 :
Kate [Beckinsale] has more exposure in this movie then
anything she has done in 4-5 years)... or London comedy THE
MOTHER ( http://www.cndb.com/movie.html?title=Mother%2C+The :
Born 1935 Anne ["Dinnerladies"] Reid, in the title role, has
two sex scenes with a young carpenter in which she's naked,
but largely concealed by fancy editing)...
>> SMALL PRINT <<
Need to Know is a useful and interesting UK digest of things that
happened last week or might happen next week. You can read it
on Friday afternoon or print it out then take it home if you have
nothing better to do. It is compiled by NTK from stuff they get sent.
Registered at the Post Office as
"ntk.*net* Richard - if you don't mind"
http://news.google.com/news?q=ntk.org
NEED TO KNOW
THEY STOLE OUR REVOLUTION. NOW WE'RE STEALING IT BACK.
Archive - http://www.ntk.net/
Unsubscribe or subscribe at http://lists.ntk.net/
NTK now is supported by UNFORTU.NET, and by you: http://www.ntkmart.com/
(K) 2003 Special Projects.
Copying is fine, but include URL: http://www.ntk.net/
Full license at: http://creativecommons.org/licenses/by/1.0
Tips, news and gossip to tips(a)spesh.com
All communication is for publication, unless you beg.
Remember: Your work email may be monitored if sending sensitive
material.
Sending >500KB attachments is forbidden by the Geneva Convention.
Your country may be at risk if you fail to comply.
----- End forwarded message -----
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 0.97c removed an attachment of type application/pgp-signature]
1
0
06 Jul '18
On Thu, Dec 11, 2003 at 07:07:01PM -0800, Karsten M. Self wrote:
> on Thu, Dec 11, 2003 at 04:49:11PM -0800, Jason Spence
(jspence(a)lightconsulting.com) wrote:
> > On Thu, Dec 11, 2003 at 01:23:33PM -0600, D. Joe Anderson wrote:
> > >
> > > w00t! Here's a good start to the the back-up plan if
> > > TCPA/Longhorn/Palladium/"Fritz-chips"* get out of hand.
> >
> > You know, the black hat community is drooling over the possibility of
> > a secure execution environment that would allow applications to run in
> > a secure area which cannot be attached to via debuggers and such.
>
> Any more background on that? Excellent sig material, BTW ;-)
TCPA and friends have a few core objectives driven by different
parties in the standards bodies:
- Provide secure audio playback with license management,
self-destructing licenses, etc
- Uniquely identify hardware instances for software license
management and software activation type schemes
- Provide a trusted "hypervisor" or "ring -1" environment from which
authorized code can spy on the operating system and make sure it's
not running any reverse engineering tools or known cracks before
the authorized code can install itself or download privileged data
like strictly licensed content or restricted documents, etc
- Really fast PKI crypto on a dedicated processor for ipsec type
stuff
- Protected cert store in hardware that is somehow immune or
resistent to tampering (I don't completely understand how this
can't be attacked by patching the nexus on the hard disk; I'm
learning more about it)
<scenario class="evil">
I write a worm. It's a nasty little bugger. It pokes around your
machine and your network for anything that looks like a credit card
number. It's allowed to install itself in the protected memory area
because it's ostensibly a popup blocker or spam blocker or something
and I got it certified by NGSCB or whoever'll be in charge of handing
out signatures.
It joins a p2p network of other worms which can't be spied upon
because the crypto keys are located in curtained memory and since your
debugger doesn't have access to curtained memory, you can't get a copy
of them. You can't get a copy of the destination addresses that your
credit card numbers are being sent to either, because those are also
located in curtained memory. Oh yeah, and it'll fire up your modem
and wardial for fax machines and randomly fax the credit card numbers
around too, just because I like to be a pain in the ass.
So one of these nodes is not like the others, and I'm sitting on it
collecting credit card numbers all day long. Anyone who tries to
break my scheme is going to get their ass thrown in jail by everyone
with an interest in keeping the scheme secure, like software vendors
who want to lock you in to their file formats, governments out to
censor you, the media industries, etc. So I scam a million dollars
through credit card fraud and fencing stolen goods and retire in Cabo.
</scenario>
But those are just the black hats. What if the governments didn't
like you saying naughty things about them? Or generic megacorp wants
to take your little business out just because? Or what if the
megacorps start fighting over file formats and interoperability using
this stuff? Here's a bunch of even more fun scenarios:
http://www.againsttcpa.com/tcpa-faq-en.html
And here's the MS document outlining their strategy:
http://www.microsoft.com/resources/ngscb/documents/NGSCB_Security_Model.doc
Locke, the Vikings, and a bunch of others throughout history have had
a lot to say about individual responsibility and assigning rights to
the state, because they were worried about tyrants doing Bad Things to
them. So Jefferson and those other guys wrote things like freedom of
speech and certain other rights right into the constitution and bill
of rights. So we trust the federal government to enforce those rights
because otherwise we'll yank the officials which make it up right out
of office during the next election. Or at least that's the way it's
supposed to be... but the people are becoming increasingly apathetic
about it. Voter turnout continues to decline, and so that last ditch
safety mechanism won't be very effective if someone decides to take
control of the trusted component we know as the federal government and
use things like TCPA and friends to literally take over the world.
I understand the vendors' point of view that sometimes you just can't
trust the users, but this is the wrong way to implement protection
against them. The people who implement this stuff should be unbiased
towards either the software vendors or the people, and that's just not
the case here. The people who are implementing these ideas are the
software vendors and the media companies, and they're pretty upset
about pirates and music thieves. If I were them, I'd exact some kind
of retribution or competitive advantage out of this thing I'm
designing to make up for all the pirated software and stolen music and
annoying competitors I've had to put up with in the past.
--
- Jason Last known location: 2.5 miles northwest of MOUNTAIN VIEW, CA
Take everything in stride. Trample anyone who gets in your way.
_______________________________________________
linux-elitists
http://zgp.org/mailman/listinfo/linux-elitists
----- End forwarded message -----
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 0.97c removed an attachment of type application/pgp-signature]
1
0