Safe Harbour Agreement on Data Sharing with Uncle Sam ruled unlawful

Causing trouble – Court of Justice of the European Union

The long awaited ruling about whether the Safe Harbour agreement allowing free transfer of data concerning European citizens to the USA is valid under European Law has  just been published. And it’s a doozie.

Basically a Safe Harbour agreement (note the use of the indefinite article here) means that you won’t be sent down the river for doing something that might otherwise be illegal. The specific Safe Harbour agreement in this case (2000/520/EC) says it’s okay for European data controllers to send whatever they like to the American’s because Uncle Sam is a good friend. This would otherwise be a no-no because you’d be giving up control over information that would otherwise be protected by European privacy laws.

This situation is currently being misrepresented in the popular press as being about Facebook (social media being their favourite subject after themselves); it’s not. It’s about all data. The case was brought by Austrian civil rights campaigner, Max Schrems in the Irish courts to test the legality of Facebook doing just this, as a high-profile example. A lot of American companies like to base their data centres in Dublin because, up until now, the Irish courts have been quite relaxed about what goes in compared with certain other European governments. (And lets not forget the tax breaks, and that Dublin is a nice place to be).

Hanging over this is the shadow of Edward Snowden (yet again), raising public awareness and anxiety over government access to PII. The fact that this PII is already in the hands of the likes of Facebook, Amazon, Microsoft, Google and Twitter with the full knowledge of the subjects doesn’t seem to matter – it’s the principle of the thing!

Anyway, the ruling basically says that the initial ruling is incompatible with European Law, and we can’t trust the Yankees to look after it without further safeguards. Where this leaves American companies with European data centres remains to be seen.

Obama to end cyber-attacks

American president Barack Obama is so hacked off with cyber-attacks on US companies (and other interests) that he’s taken a step sure to send the perpetrators running for cover. In an executive order on the 1st of April, he created a new sanctions authority to have a go at anyone attacking the USA. In the statement announcing it he is quoted as saying “Cyber threats pose one of the most serious economic and national security challenges to the United States, and my administration is pursuing a comprehensive strategy to confront them”, describing it as a “national emergency”

Basically it gives the US Treasury Department to freeze the assets of any hackers suspected of attacking the US, in much the same way as it brings peace to places the Middle East and Ukraine. The criminals behind these attacks are no doubt quaking in their sneakers.

The decision to blame North Korea for the Sony attack told the world that the administration was getting tough, never mind the facts. And the Chinese, of course, deny state-sponsored naughtiness on an apparently daily basis.

The problem is, of course, that it’s somewhat difficult to actually figure out who’s behind an attack. Working out where an attack comes from is possible, and it’s usually from some hijacked computers used to obfuscate the origin. China and various other countries have a higher installed base of pirated software, which often comes with a built-in botnet, so of course attacks come from these places.

Initial opinion in the USA is divided between the law-makers, politicians and the non-technical cyber-security industry heralding it as the beginning of the end for international espionage gangs, and those of us who know now it works wondering if this is an April Fool.

One point I find intriguing, however, is whether this will have an effect on patent disputes. Apparently they’re worried about, and plan to apply these powers to, intellectual property theft. It seems to me that if some technology turned up in a competitor’s product and the American company went crying to the authorities they could have sanctions imposed on the foreign company, without any reasonable way of proving that any theft had taken place – or even who had it first. It could get messy.

 

 

Google shoots own foot in war on child abuse images

If you believe the Daily Mail and the BBC, Google and Microsoft have buckled under pressure from the Government to block images of child abuse on the Internet. What they’ve actually done is block around 100,000 search terms that are used by peodphiles looking for material, whether such search terms could be used to locate other content or not. Great.

Actually, this is rubbish. Google (about which I know more) has not even been indexing such sites, so search terms won’t have found any that it knew about anyway. I’m sure the other search engines have similar programmes in place. This is a public relations exercise, with a piece by Eric Schmidt in the Mail today. It’s a desperate PR stunt that will back-fire on Google.

Eric Schmidt of Google, seeming desperate (from Wikipedia)
Eric Schmidt of Google, seeming desperate

The fact is that household names like Google don’t have a case to answer here. They’re not ISPs, they’re not providing hosting space for illegal material and they’re not actually responsible for it in any way. The only thing they can do is spend their money researching such sites, dropping them from there indices and alerting the relevant authorities to their research. This they already do. So when the likes of Mr Cameron criticize them, as an easy target, the correct response is “Don’t be silly, it’s not us, and it’s the job of your Police to catch the criminals whether they’re using the Internet or not”. What Google has done with this move is give legitimacy to the original false accusation.

As anyone concerned with cybercrime will tell you, the major criminal activity takes place in areas outside the World Wide Web – areas not indexed by Google or any legitimate company. It travels around the Internet, encrypted and anonymous; and the peodophiles seem to be able to find it anyway. All this move will achieve is pushing the final remnants underground, where they’ll be much harder to track.

Looking at the comments that have appeared on the Daily Mail site since it was published is depressing. They’re mostly from people who have been taken in by this line (originally spun by the Daily Mail, after all), and they clearly don’t understand the technical issues behind any of this. I can’t say I blame them, however, as the majority of the population has little or no understanding of what the Internet is or how it works. They simply see a web browser, normally with Google as a home-page, and conflate the Internet with Google. The Prime Ministers advisors are either just as simple-minded, or are cynically exploiting the situation.

 

Horseburgers

A large minority of the UK population isn’t going to be at all surprised to hear horse DNA has been found in processed meat products – they’re already vegetarian/vegan or at a minimum, they choose organic meat products. The remainder either don’t know, or don’t want know. Either way, with the information on how animals are farmed widely available, I haven’t got a lot of sympathy with their current predicament.

But if you’re going to eat processed meat products, what’s so bad about horse? I’ve just been listening to an American campaigner on the radio warning that people go around the US buying old nags at auction and shipping them to Europe for food – horses that were probably pets (or from his soap-box, a race horse) and treated with drugs you wouldn’t give a farm animal such as phenylbutazone. He was particularly keen on mentioning this. Look it up – it’s an anti-inflammatory drug also given to people with arthritis and similar problems. It has side effects, including some rare but serious ones. Okay, so you wouldn’t want to dose anyone without good reason, but to get a dose from eating horse meat you’d have to literally eat the whole horse. And that would be one dose. I’m sure he was really motivated by the “horses are pets and we shouldn’t eat pets” attitude, but the BBC didn’t question his motivation at all.

So am I saying it’s okay to eat horses with phenylbutazone in their system? Well I wouldn’t eat it, but I wouldn’t eat any farmed meat, which is chocked full of legally introduced medication and kept, killed and processed in decidedly worrying conditions. Horses with shots of bute are no different to me. Think about it – if you don’t even know what species the meat is, you certainly can’t say much about where it came from. Actually finding a bit of horse in a beefburger sample changes nothing – it’s always been dodgy.

One thing you can probably say for certain is that New Labour and news media will be whipping up a bit of hysteria about this. They did it with the BSE crisis in the 1990s – remember that? Thousands will die due to eating disease contaminated meat? Of course it didn’t happen. They did it again when in power, in an over-reaction to Foot and Mouth, presumably to prevent the Conservative opposition playing the same trick on them. This is going to run and run (it’s bound to turn up everywhere following the inevitable further tests that are doubtless being considered right now).

If what’s in your meat worries you, become vegan (dairy products and eggs aren’t clean either). Otherwise, be aware that the meat processing business is pretty grim with this kind of thing going on behind the scenes all the time – and live with it. Can we have some real news now?

Claire Perry’s porn prohibition set to make politicians look foolish

The government is going to protect us from pornography on the Internet. Our children will at last be safe from depravity and corruption. Hurray! Claire Perry MP (Conservative) has accused Internet service providers of being complicit in exposing children to pornography and wants something done about it. Specifically she wants ISPs to filter the filth, unless a subscriber specifically wants to receive it. David Cameron has now jumped on her bandwagon, clearly without first checking to see which way it’s heading or whether the wheels are properly attached.

This isn’t going to be popular with the consumers and producers of Internet-delivered pornography, but that’s their problem. What worries me are the technical issues, and the consequences of trying to implement any form of censorship.

Let me make this clear: IT WON’T WORK. There is no technical solution available that can prevent porn from being transmitted over the Internet, and there never will be. It’s simply not possible for a computerised filter to tell the difference between porn and everything else, and it will become much harder if you give people a reason to avoid detection. About the best you can do is block known porn websites, and if the site promoters cooperate (i.e. keep them on fixed addresses) then you’re going to get a reasonable level of protection. And porn publishers, at present, are likely to cooperate. They’ve no interest minors viewing their wares, because minors don’t have the credit cards to pay for it. And besides, it’s a multi-million pound industry which includes many serious people with children of their own and similar concerns to the rest of us.

However, as soon as you start blocking these sites at ISP level, porn publishers will have to change tactics, as they’ll want to evade such draconian filtering. Legitimate producers will suffer; the vacuum will be filled by others underground, joining the leagues of the cyber-criminals, operating from agile addresses on servers operating outside jurisdictions that care. Claire Perry’s bright idea won’t work. It’s not better than nothing; it’s worse.

The porn operators would disguise their sites to avoid the filter, and in order that customers might find them, spam everyone using every means possible as they did in the late 1990’s. Right now you need to go looking to find it – a simple Google search away. If Perry gets her way it’ll be delivered to everyone’s Inbox, Facebook page, Skype and every other instant messaging technology you can think of, It’ll be encrypted and impossible to filter. It’ll be indiscriminate; kids will receive it too. If such a law was enforced, all encrypted content would have to be blocked as there is no way of telling what it is. This means farewell to, Skype, secure connections to your bank, private email, working from home on a VPN… Okay, it’s not realistic as well as being unenforceable.

The Internet dealt with issues similar to this twenty years ago, before the politicians were involved, but if the technicalities aren’t for you (as they aren’t for Perry and Cameron), there are plenty of other parallels. Society’s attempts to ban bad things that some people still want always seem to make things worse. I need hardly mention prostitution, drugs and alcohol, but I will. Making drugs illegal when so many people want to use them has simply improved the margins for the suppliers. Where there’s money to be made, people will find ways to smuggle drugs; and if the whole business is illegal then it’s certainly going to be completely unregulated. And it’s not a lack of resources and commitment. If we can’t stop people supplying drugs to inmates of a high security prisons we stand no chance of banning drugs anywhere else.

Similarly, it’s folly to attempt to ban pornography transmission on the Internet. There is no way to do this technically, and any attempt that simply makes it more difficult will give the criminals a huge advantage over the legitimate publishers, making regulation impossible.

The government is allowing crazy headlines out about this consultation and what they’re going to do. No doubt they’ll be consulting with child psychologists, women’s rights campaigns, children’s charities and a few suits from big business ISPs. Why don’t they consult the right people first – computer scientists. Ask the most important question:  “Is it possible?” Committees can spend as much time as they like navel-gazing on the moral and policy issues, but that’s not going to change anything if it can’t be implemented. It’s just going to make them look stupid.

 

Government’s red-herring email law

The government (UK) launched a red herring at the Internet today, and the news media has lapped it up. “We’re brining in a new law to allow security services to monitor email and other Internet traffic.” This is actually referring to the fact of the communication; not its content.

The TV news has subsequently been filled with earnest spokespersons from civil liberties groups decrying the worst Big Bother laws since New Labour got the boot – anything to get their silly mugs in front of a camera. Great news drama – the Conservatives moving over to the dark side.

Wake up people! What they’re proposing is just not possible. Blair already tried it in a fanfare of announcements and publicity, but anyone who knows anything about how email and the Internet function can tell you that it’s not even technically possible on so many levels.

1) Email does not necessarily use an ISP’s mail server or web mail service. Home users probably do; any company or organisation will most likely use their own. If anyone wanted to avoid snooping, they would too.

2) Users of commercial mail services are anonymous if they want to be. With a few minutes effort it’s possible to hide your IP address, or use an untraceable random one, and there’s no other trail leading back to an individual. The international criminals being targeted will know the tricks, for sure.

3) The security services already have the powers to do this, and do use them.

4) If the ISP is outside the UK, then what?

When the Blair government announced something similar I had to write to the government department concerned asking for the details. I heard about it from the general news. Apparently I, as an ISP, needed to keep records for a year – but records of what, exactly? They didn’t contact me to warn me it was happening; they can’t as there is no register of ISPs. There’s no definition of what counts as an ISP either. And needless to say, the government department concerned didn’t write back with the details.

So why is the current government making this announcement about an announcement now? Could they be wanting to change the news agenda? As usual they can rely on the media types to completely miss the fact it’s nonsense. Eventually the BBC got Andrew Mars on to comment, but I suspect his interview snippet was severely edited to suit their agenda.

George Osborne – be very afraid

This Tuesday George Osborne gave speech at Imperial College London  explaining how the Conservatives are going to spearhead the green revolution with a recycling reward scheme. It’s complete madness, although Telegraph columnists seem to like it – or more likely aren’t clued up enough to see the problem.

Apparently he’ll cut carbon emissions by 10% within a year. Great! But how? He doesn’t say, but I’m sure we’ll all be interested to learn in good time. However, the incredible recycling plans that followed don’t exactly encourage me to believe he’s got any good ideas.

“Carrots work better than sticks. Instead of punishing people, as Labour do with bin taxes, the Conservatives want to encourage families by paying them to recycle.

This isn’t an idle promise – we’re actually making it happen on the ground in Conservative areas. Now we want to make it happen everywhere.”

Apparently they’re going to reward recycling households with vouchers to spend at, wait for it, Tesco and Marks and Spencer! One of the best ways I can think of to cut down non-recyclable domestic refuse is to close down M+S, who were easily the worst offenders when it came to stupid packaging (see blogs passim).

But it gets worse. Apparently they’re going to make this work with some new miraculous technology. Dustcarts will be fitted with a gizmo that scans the contents of the recycling bin, works out the address the items came from and allocates “recycling points” to your account in a special database. Methinks he’s been watching too much Star Trek. Why don’t politicians ever bother talking to engineers before opening their mouths and spouting such fantastic nonsense?

Incidentally, if you’re not an engineer, fair enough – but take it from me that this will never work as described.

However, whether it works or not, they’re spectacularly missing the point. Recycling isn’t the answer. They should be looking at ways for reducing waste in the first place, and there’s precious little evidence of that. In fact this encourages even more waste by rewarding people to manage to fill their recycling bin with £130. It’s potty! Anyone taking the incentive seriously might, for example, switch to disposable plates and cutlery just to ensure their bin is always topped up.

So who’s responsible for this nonsense? Well apparently the Conservatives now have Tesco, BT and B+Q (part of Kingfisher) on board as advisers on environmental issues. Need I say more?

Meanwhile Labour Health Secretary Andy Burnham launched a report saying we should cut down on livestock rearing and meat consumption to save greenhouse gasses and improve people’s health. Now Labour has the skids under them they’re talking sense, although I doubt they’d be so candid if they thought they’d actually ever have to sell the idea to the farming industry or those hooked on eating cheap meat.

Bailing out the devil

So the government’s big idea to save us from recession is to prop up the motor industry by giving everyone a £2000 discount on new cars, assuming you trade in an old one. Brilliant! This subsidy will keep the price of cars down while needlessly scrapping perfectly good vehicles that could have given many more years of service.

To make this lunacy palatable the usual emotive terms such as ‘gas guzzler’ and ‘old banger’ have been wheeled out again to try and hide the environmental nonsense of it all from the emotional, and anyone else not bothered to look more deeply into the matter.

And this is aside from the loans and government bail-outs taking place in England, Europe and the USA.

Wake up! We have too many cars because of an over-healthy motor industry able to pile them high and sell them cheap. If you want to reduce the number of cars then contracting the motor industry is the only way to do it. And right now it can be done ‘naturally’, without the need to legislate or tax.

Abandoning any veneer of environmental awareness the politicians will justify this subsidy by pointing to the jobs that would be lost. This is pure emotional blackmail as well as nonsense. If you have surplus workers and piles of cash available there are plenty of other more useful projects available. How about building facilities for sustainable transport with the same resources?

The reason, presumably, is that sustainable transport means just that. Once the infrastructure is in place it lasts, and you’ll end up with a load of workers with no more work unless you can think of further projects. Sustainable energy or agriculture, perhaps? Unfortunately we are stuck with politicians that can only see as far as the next election, and they have vested interests to placate in the mean time. But one thing we can learn from this – when the chips are down they don’t care a jot about the environment, carbon emissions or sustainability.