May we live in interesting times ……!

The next week (week beginning 27th April 2009) appears to have the makings of a rather interesting time. Perhaps the ancient Chinese proverb was indeed close to the truth.

Later this week we expect the Home Office to publish details of the Intercept Modernisation Programme and the Communications Data Bill. Readers will remember that the Bill was originally trailed in the Government’s Draft Legislative Programme published in summer 2008 but was quietly dropped from the Queen’s Speech later in the year for ‘ additional public consultation.’

Well, it seems that time for consultation is here and we now expect the Home Office to publish the consultation document and details of the Intercept Modernisation Programme (IMP). The Daily Telegraph today (Saturday 25th April) printed a front page story to indicate that the consultation will resurrect the ideas of a single centralised database to hold details of all telephone calls, emails, web access etc. The Telegraph reports (in print - it does not appear on their web site - why not?) that the Information Commissioner has reiterated his opposition to the database, indicating that he considers this to be a major intrusion into privacy.

The Government, of course, appear to be trotting out the same old story - we need to monitor web access, email etc. in order to track terrorists and serious organised crime. And, if recent performance is anything to go by, also those sending their children to school and those ‘allowing’ their dogs to foul the pavement.

There are fundamental issues of privacy and rights of the individual at stake here. The current authoritarian and nanny obsessed government simply cannot be allowed to rail-road this legislation through. Remember the sentient words of Benjamin Franlink in 1775, ‘Those who give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.’

What we need is a little real risk assessment and some real truths - not the one-sided ‘business case’ that we have seen with other consultations. This is a fundamental issue of rights and the ability of the Government to spy on its own citizens. Levels of control as are being suggested have only existed in the most heinous totalitarian regimes - we cannot sleep walk into allowing a British government to overturn centuries of hard won reforms for a short term gain. As Franklin suggests, the cost to the people is just too great.

Copyright in the news…….

Copyright is in the news - and for a variety of reasons. In Sweden, the founders of Pirate Bay have been found guilty of copyright infringement and have received a prison sentence, UK copyright law has been judged as ‘failing’ by a consumer group and the European Parliament is about to vote on the extension of copyright protection. It’s all happening!

OK, let’s look at the UK first. Copyright law was last updated in the Copyright and Design Patent Act 1988 - which replaced the Copyright Act 1956. Yes, it takes that long for changes to be made. Of course, there have been subsequent amendments to the 1988 Act, mainly as a result of legislation from Europe which now assumes competence in this area (is competence the right word to be used in a European context?). The UK Intellectual Property Office have a useful unofficial consolidated version of the CDPA here. The last major revision, the Copyright etc Act of 1988 predated the majority of home computing and electronic communications, web access, file sharing etc. Amendments have been made but the Consumer Focus group found that UK law was the worst in a survey of 16 countries - “UK copyright law is the oldest, but also the most out of date” said Ed Mayo of Consumer Focus.

The problem is that UK law does not provide any fair dealing exceptions that allow the type of actions commonly accepted by the majority of the population. Things like making copies of music that you ‘own’ on CD to play on a different system, PC or iPod etc. It is estimated that over 50% of the population do this and nearly 2/3 (over 60%) think that this is quite legal. There was a review of intellectual property in 2006/2007 published by Gowers - but there has not been a great deal of action in the areas that affect the public most directly. There have been changes in the background - changing the Patent Office to the Intellectual Property Office etc. - but, so far, it has not proved possible to introduce new legislation to permit the type of use accepted by the public. Perhaps it is that the rights industry view this as a major issue and see public action as a major loss of revenue - also that other groups such as ISPs etc. do not see it as part of their core business to introduce controls on their users. Stalemate really. We now await the publication of the final Digital Britain report to see where that points. Maybe it will help to answer some of the critiscisms levelled by Consumer Focus.

OK - so what about Pirate Bay. An interesting case. Pirate Bay itself does not host copyright materials, rather it seems to be a directory allowing users to find materials to download. In that respect it acts rather like other search engines on the web. Of course, it helps users to find materials that they can download and thereby infringe the copyright of the owners but is it itself infringing copyright. Maybe it might be held to be inciting infringement. Pirate Bay has rather set itself up, over some time it has invited actions from the rights owners - a sort of catch me if you can approach. With most of the rights owners in the US and the web site in Sweden there were likely to be problems but it does now look as if the rights owners have managed to persuade the Swedish authorities that the actions of the site are illegal. The original plea requested damages in the order of 100,000,000 SEK but this was reduced by the court to 30,000,000 SEK. That is still far more than the defendants are likely to be able to pay so it seems unlikely that the rights owners will get their damages. And, with the servers located outside Sweden it may be difficult for the court to enforce take down actions. So, what will the rights owners get - one might suggest that their approach could have been to raise awareness and to generate publicity about the illegality of the actions. Well, if that was the case they seem to have done that. Are the Pirate Bay crew down and out - somehow I guess that is not likely.

So, it is back to the European Parliament. The music industry has brought pressure for a review of the period of copyright - arguing that some musicians who produced work in their early years are now running the risk of seeing their work passing into the public domain whilst they are still alive. I suppose you could look at Cliff Richard with hit records in every decade since the 1950s. Some of the early works are now reaching the end of their copyright term. The European Parliament now has a proposal before it to extend copyright term in order to allow musicians to continue to benefit from their works. Interestingly, analysis suggests that it is not the musicians who will benefit from the change (26p per annum!) but the big 4 music publishers who stand to make millions.

Will it go through? The Council of Ministers has blocked the action and there is a European Parliamentary election at the beginning of June. Maybe this is not the time to rock the boat - we shall see what the outcome of the vote is. As the Ministers are not minded to approve, I suspect the extension of term will not go ahead.

As the Chinese say, ‘may we live in interesting times’.

DNA retention - Sir Alec speaks out

An interesting piece on BBC Radio 4 today - 15th April. Martha Kearney interviewed Professor Sir Alec Jefferies on the ‘World at One’ about the Home Office response to the recent S and Marper judgement in the European Court of Human Rights.

Now that judgement was unequivocal - in a judgement delivered unanimously (17-0) the judges of the ECHR held that the retention of the applicants fingerprints, cellular samples and DNA profiles was in violation of Article 8 of the European Convention on Human Rights (Article 8 deals with the right to privacy). The full judgement makes interesting reading and is recommended.

Now, Sir Alec Jefferies should know a thing or two. He developed the DNA fingerprint technique whilst working at the University of Leicester in the early 1980s. It is interesting that he is very concerned about the expansion of the UK DNA database and, in particular, its inclusion and retention of data relating to innocent persons (ie those not convicted of any crime). Today he condemned the Govt. for branding innocent people as criminals by not destroying their DNA profiles.

The Home Office recognise that the UK database is the largest of its kind in the world - to quote their own website: ‘The UK’s database is the largest of any country: 5.2% of the UK population is on the database compared with 0.5% in the USA. The database has expanded significantly over the last five years. By the end of 2005 over 3.4 million DNA profiles were held on the database – the profiles of the majority of the known active offender population.’.

The Home Office goes on to note that other police forces are keen to emulate the crime solving success of the database. OK, so the database can help to solve crime. But it contains the records of people unconnected with any crime and may serve to stigmatise those. Anecdotal evidence suggests that the database contains disproportionate records of certain groups within the population - it has been suggested that the database contains the DNA profiles of some 40% of the black youth population of the UK.

It was the retention of data relating to innocent persons and the disproprortionate nature of data in the database that attracted the dismay of the European judicial process. Today the Home Office told the BBC that it was their intention to bring forward an amendment to the Policing and Crime Bill to allow them to retain DNA and that the new regulations would be subject to full public consultation. An interesting response from the Home Office and somewhat at odds to the response to the ECHR judgement shown on their website, ‘The Government recognises the importance of the Judgment and will publish its response and timeline to the Court’s findings as soon as possible.’ Bringing forward regulations to allow the retention of DNA data hardly seems to recognise the important and significant comments made in the judgement, in fact, it flies in the face of the judgement and suggests that the Government intend to plough ahead and to ignore the advice of learned judges in Strasbourg.

The ECHR judgement indicated that retention was blanket and indiscriminate - and there are suggestions that there may be up to 800,000 records of people who have no criminal conviction. The BBC reported that the Govt. had suggested that it would be prepared to remove profiles from the database but would retain the original DNA samples - this matches up with the suggested changes to the Police and Crime Bill.

Removing the DNA profiles of innocent people is what the judgement indicates. Retaining the original DNA samples makes a mockery of the judgement - it is simply easy to re-profile the samples at a later date and to re-populate the database. Quite simply this is sticking two fingers up to the ECHR.

The Home Office and law enforcement agencies and officials must realise and must be made to realise that nothing short of complete removal and destruction of all records and samples relating to those not convicted or charged with any offence will do. The data relating to innocent persons must be removed from the database and there must not be work arounds or variations to allow DNA to be retained. Retaining DNA is an infringement of individual privacy and there must be no process to allow retention where there is no crime.

This is all about proportionality. The risk of crime and the demands of crime detection do not override the risks of damage to those concepts that we hold dear - the right of a democratic approach where a person is held to be innocent unless proven guilty beyond all reasonable doubt and where individual privacy is respected.

This Government steps out against the ECHR at its own peril. The population can and are seeing the results.

[Note: The Police and Criminal Evidence Act (PACE) and the PACE Code of Practice 'D' set out the manner of collection of fingerprints, DNA samples etc. It is important to note that fingerprints or DNA samples taken on a 'speculative' basis must be destroyed unless the subject has given permission for the data to be retained. Once permission is granted it cannot be revoked. It would be sensible to refuse permission for data to be retained.]

EU to open proceedings against the UK

The European Commission has announced its intention to open an infringement action against the UK Government after complaints from UK Internet users about infringments of their privacy through the use of targetted advertising.

The actions result from the testing of the Phorm process by BT earlier in the year. Problems arose when users complained that they were not aware of the trial or the use to which their web usage would be put. Behavioural advertising used data collected by analysis of web traffic patterns to select advertising and push this to the end user. Users complained that the analysis was an infringement of privacy.

“Technologies like internet behavioural advertising can be useful for businesses and consumers but they must be used in a way that complies with EU rules. These rules are there to protect the privacy of citizens and must be rigorously enforced by all Member States,” said EU Telecoms Commissioner Viviane Reding. “We have been following the Phorm case for some time and have concluded that there are problems in the way the UK has implemented parts of EU rules on the confidentiality of communications. I call on the UK authorities to change their national laws and ensure that national authorities are duly empowered and have proper sanctions at their disposal to enforce EU legislation on the confidentiality of communications. This should allow the UK to respond more vigorously to new challenges to ePrivacy and personal data protection such as those that have arisen in the Phorm case. It should also help reassure UK consumers about their privacy and data protection while surfing the internet.”

It is an offence to intentionally intercept communications in the UK. The key word there is ‘intentionally’. Of course, there are circumstances where interception can be lawful and these are controlled under the Regulation of Investigatory Powers Act and require warrants to be issued - unless it can be reasonably assumed that the subject had given consent. It is the giving of consent that is the issue in relation to behavioural advertising - users had complained that they were unaware of what was being done and that their ISP had failed to advise them of trials taking place.

The indication of the European Commission notice is that the Commission believes that the UK has not correctly implemented European Data Protection laws. That will mean some re-drafting is required - but, of course, we will have to await the outcome of the Commission proceedings before we see actions in the UK. It would seem likely that the role of the Information Commissioner would be extended to cover any required changes.

France steps back

A few days ago we reported that the French parliament had voted to adopt what was being called the ‘Hadopi’ law see here.

The vote in the Senate took place in a very sparsely populated house and introduced some ‘interesting’ clauses including the ‘Jonny Halliday’ clause that allowed for actions against file sharers to be held back if the recording artiste had moved elsewhere for tax evasion purposes.

Now it seems that a much more populated National Assembly has voted down the legislation which was championed by President Nicolas Sarkozy. The plan for ‘three strikes and you’re out’ has now fallen and cannot be introduced.

At least, it cannot immediately be introduced and must now be returned for further drafting before brought back to Parliament. The vote in the National Assembly saw some government members voting with the opposition - they were protesting about a clause that would have allowed ISPs to continue to charge users for their service even when they were suspended for copyright infringement.

So, it seems that it is back to square one (to use an old BBC expression!). Watch French space later in the year.

Data Retention is here

The Data Retention Directive has now completed its transposition into UK law and is in force - as of 6th April.

After passage through both Houses of Parliament the Regulations became law as Statutory Instrument 859 - made, it appears, on 2nd April and implemented on 6th April. Interesting then that the actual regulations were not published until 7th April, the day after implementation.

The Regulations can now be read here - along with the explanatory memorandum and impact assessment here.

OK, so the regulations are now in force. It is now up to the Secretary of State to provide ISPs with notification so that they know what they have to retain. If they do not receive any notification then they don’t have to retain. The regulations provide for the setting up of an implementation group - that is not likely to happen too soon so it may well be some time before the notices go out and retention actually starts.

Ah well - on we go, a bit of a mish mash again.

European states act to counter illegal downloads

Two members states within the European Union have now taken steps to try to curb the flow of illegally downloaded date - including peer to peer sharing of music, film, audio books, software etc. Whether or not the actions will be effective remains to be seen.

At the beginning of April, Sweden introduced new law based on the transposition of the Intellectual Property Rights Enforcement Directive (IPRED). The new law allows rights owners to apply to the civil courts in Sweden for an order to require ISPs to provide details of the users of identified IP addresses. The immediate effect was a substantial drop in Internet traffic as users cut back usage in the face of potential actions and identification. Before the new law came into effect, rights owners were forced to refer matters to the police who were somewhat reluctant to take actions. Now, the rights owners can go directly to the courts to force release of information identifying end users who may then face civil actions.

The likelihood is that usage will start to creep up again after a few weeks, perhaps as users work out how to use anonymous proxy services, shared wireless networks or other means to hide identity.

In the UK there has long been provision for a rights owner to go to the courts to obtain an order to require an ISP to release user data. If the ISP does release in response to an order then they are not breaking any obligations to data subjects under the Data Protection Act - but ‘The Crusher’ would always advise ISPs to ensure that their data protection statements are worded to allow them to release information to authorised parties - and, of course, to law enforcement, national security agencies and the like.

Practicallity suggests that action is only really likely to take place when an owner identifies a user with a number of files avalable for download. In Sweden, publishers took action on the first day of the new legislation to require release of details about a user with several thousand audio-book files available for download. The chances of actions being taken over individual file sharers remains pretty low - it just is not cost-effective!

Meanwhile, in France, members of the National Assembly have voted to adopt a ‘Three Strikes and You’re Out’ approach. The final vote seems to have taken place in an almost depleted assembly with very few members actually present. As it stands, a user identified as downloading illegal content will be issued with a note advising them to protect their circuit and to ensure correct usage. This is clearly intended to protect against the defence that ’someone else used my wireless connection’ - although it remains to be tested whether it is to be an offence to operate an unsecured wireless connection. If a further infringement is detected then a second letter will be sent to the registered address of the user. If there is then a further infringement within 12 months the ISP may be required to suspend or to cease service.

Of course, such actions will always cause problems. The Crusher is well aware that a number of business lines have been used by employees to download illegal content - are business to be deprived of their Internet connectivity because of the rogue actions of an employee? Maybe not as the French law provides for a ‘Haut Autorité’ which can review suspensions.

Very French is the addition of what seems to be referred to as the ‘Hallyday’ clause. Now, Johnny Hallyday is a French entertainer who lives in Switzerland for tax purposes (hear this Lewis Hamilton?). Hallyday is a popular singer with substantial revenues from sales in France - but very limited tax liability. The ‘Hallyday’ clause proposes that actions against downloads of materials issued by tax exiles should be treated differently from other artistes. That would be interesting in the UK!

But will the 3-strikes action be legal? With Europe looking towards introducing a universal service obligation for broadband service and with human rights legislation, it may well be that any action to suspend or terminate accounts is held to be in contravention of statutory provision. There really are no easy solutions.

The Crusher has some other reservations over the French law. It seems that notices are to be served on downloaders. How are these to be detected? Most notifications from rights owners are in relation to persons uploading. Uploaders are effectively advertising their files for others to download. It is the advertising that leads to detection. Most peer2peer systems automatically offer upload when a user downloads a file - that is part of the p2p concept. But, if a user elects to block uploads and only downloads then they are unlikely to be caught. Unless, of course, ISPs engage in traffic analysis and deep packet inspection to identify traffic types and services. But then, analysis at that level may also be held to be illegal!

Ireland too seems to be in the throes of actions. Rights owners there are looking for agreements with ISPs for a three strikes approach - and also seem to be wanting to look towards filtering. See discussion at Digital Rights Ireland.

Meanwhile, in the UK we await the publication of the final version of the Digital Britain report. Current approaches seem to be favouring the self-regulatory approach long adopted here - but will these actions elsewhere in Europe prompt rights owners to lobby hard for changes in the UK?

New rail service to the Isle of Purbeck

At last a more joyful event - after many years of hard work the first direct rail service left London for Swanage in the Isle of Purbeck today - 1st April. The last direct through train was in 1972 - since then the rail link was first ripped up and then, painstakingly relaid. The rail link was made back in 2002 when a Virgin Voyager paid a visit to Swanage - but 1st April 2009 was the date for the first through passenger working from the main line. An important event indeed.

DB Schenker Class 66 66152 heads the Purbeck Pioneer past Lymington Junction at Brockenhurst enroute to Swanage from London Victoria - 1st April 2009.

66152 arrives at Swanage with the Purbeck Pioneer

The initial service sold out so quickly a second train has been chartered for the 2nd April. Further main line link services will run with the first steam hauled services on 2nd and 4th May.
All being well, this will now be the start of regular passenger services to Swanage and, perhaps in a few years time, a regular timetabled service to the Jurassic Coast.

Trip to the Isle of Wight - don’t forget your passport

Yes, I know it is April 1st and the heading could well be taken as a joke.

Perhaps a rather sick joke as it appears that this could be the outcome if the Home Office include ferry travel to and from the Isle of Wight within domestic sea journeys for ant-terrorism purposes.

At the end of March the Home Office published its strategy for tackling the threat of terrorism which included:

“New police powers to collect advance passenger data on some domestic air and sea journeys and international freight movements are currently planned and subject to consultation.”

[p113, Pursue Prevent Protect Prepare - The United Kingdom’s Strategy for Countering International Terrorism - presented to Parliament by the Prime Minister and the Home Secretary]

There is indication of a review of the common travel area that currently allows travel between the Irish Republic, Channel Islands and the UK. When journalists asked questions about the implementation of ‘police powers to collect advance passenger data on some domestic air and sea journeys’ a Home Office spokesman indicated that this would include ferry travel to the Isle of Wight and to the Isle of Skye.

Now, I leave near Lymington with its new (and much larger) ferries to the Isle of Wight. Ferries leave every 30 minutes for a 30 minute crossing. Incidentally, thought to be the most expensive water crossing in the world!. The thought that passengers would have to provide details of name, address and date of birth before boarding is simply laughable. Not only are there the large car ferries that also carry foot passengers and passengers from the linking rail services (would passengers purchasing a through rail ticket to Yarmouth, in say Crewe, have to provide their details to the ticket office there before being issued with tickets?) there are also the smaller tourist services operating from Lymington Quay (Puffin Cruisers) - some of these provide landing on the Island. ID checks as you board the boat for a trip around the bay?

Imagine it - you arrive at the ferry for the crossing. You are asked to prove your ID - do you have a passport or photo-driving licence. Please join the UK/EU/EEA queue. Others - please join the non-EU queue and be prepared to wait. What do you mean you have not got your visa for return to the mainland?

It is not exactly as if the Isle of Wight has a direct ferry service to the Continent which might mean you could bypass normal immigration. It does not - services only run completely domestically, from the mainland to the island.

If it wasn’t in the Home Office document you would think it was an April Fool joke. Perhaps it still is - but one that some self-serving bureaucracy may see as a useful means of tracking travellers. And, of course, if that helps to prevent terrorism it must be a good thing. ROFL!