Submit a link Features Reviews Podcasts Video Forums More ▾

Tim Berners-Lee calls for Web "Magna Carta" - does the "Web we want" have DRM in it?


The Web is 25 today, and its inventor, Tim Berners-Lee, has called for a "Magna Carta" for the Web, through which the people of the world will articulate how they want to curtail their governments' adversarial attacks on Internet freedom. Berners-Lee is particularly concerned with the Edward Snowden revelations about mass surveillance and systematic government sabotage of Internet security.

I'm delighted to see Berners-Lee tackling this. Everything we do today involves the Web and everything we do tomorrow will require it; getting Web policy right is the first step to getting everything else right.

I hope that this also signals a re-think of Berners-Lee's endorsement of the idea of standardizing "digital rights management" technology for Web browsers through the W3C. The majority of the Web's users live in a country in which it is illegal to report on vulnerabilities in DRM, because doing so might help to defeat the DRM's locks. The standardization of DRM in the deep structures of the Web means that our browsers will become reservoirs of long-lived, critical bugs that can be used to attack Web users -- just as Web users are massively expanding the activities that are mediated through their browsers.

If we are to have a Web that is fit for a free and fair world, it must be a Web where researchers are free to warn users about defects in their tools. We wouldn't countenance a rule that banned engineers from telling you if your house was structurally unsound. By standardizing DRM in browsers, the W3C is setting in place rules that will make it virtually impossible to know if your digital infrastructure is stable and secure.

Read the rest

Snowden at SXSW: immediate impressions


Yesterday at SXSW, Barton Gellman and I did a one-hour introductory Q&A before Edward Snowden's appearance. Right after Snowden and his colleagues from the ACLU wrapped up, I sat down and wrote up their event for The Guardian, who've just posted my impressions:

Read the rest

Modeling privacy rules on environmental regulations

Michael Froomkin writes, "My latest privacy paper, Regulating Mass Surveillance as Privacy Pollution: Learning from Environmental Impact Statements, has a new take on how to regulate mass surveillance in the US where the EU privacy model has not taken root, and where the 1st Amendment creates obstacles to stopping some data sharing."

Read the rest

Edward Snowden to speak at SXSW


The ACLU and SXSW will host a video chat with Edward Snowden on Monday, during the day's civil-liberties-focused program track. I'll be speaking immediately before Snowden, with Barton Gellman, and we will be staying for the Snowden event. Snowden will be interviewed by ACLU technologist Christopher Soghoian, and the event is moderated by the ACLU's Ben Wizner. I hope to see you there -- it's why I'm flying to Austin.

Read the rest

Mediagoblin seeks funds to finish free, open, privacy-respecting publishing platform

Daniel sez, "Mediagoblin is a free software media publishing platform that anyone can run. You can think of it as a decentralized alternative to Flickr, YouTube, SoundCloud, etc. Now the project is raising funds to finish their pump-io api, finish version 1.0 and add privacy features." Cory 2

Full NHS hospital records uploaded to Google servers, "infinitely worse" story to come

PA Consulting, a management consulting firm, obtained the entire English and Welsh hospital episode statistics database and uploaded it to Google's Bigquery service. The stats filled 27 DVDs and took "a couple of weeks" to transfer to Google's service, which is hosted in non-EU data centres. This is spectacularly illegal. The NHS dataset includes each patient's NHS number, post code, address, date of birth and gender, as well as all their inpatient, outpatient and emergency hospital records. Google's Bigquery service allows for full data-set sharing with one click.

The news of the breach comes after the collapse of a scheme under which the NHS would sell patient records to pharma companies, insurers and others (there was no easy way to opt out of the scheme, until members of the public created the independent Fax Your GP service).

According to researcher and epidemiologist Ben Goldacre, this story is just the beginning: there's an "infinitely worse" story that is coming shortly.

Read the rest

GCHQ spied on millions of Yahoo video chats, harvested sexual images of chatters, compared itself to "Tom Cruise in Minority Report"



A stunning new Snowden leak reveals that the UK spy agency GCHQ harvested images and text from millions of Yahoo video chats, including chats in which one or both of the participants was British or American. Between 3 and 11 percent of the chats they intercepted were sexual in nature, and revealing images of thousands of people were captured and displayed to spies. The programme, called OPTIC NERVE, focused on people whose usernames were similar to those of suspects, and ran from at least 2008 until at least 2010. The leak reveals that GCHQ intended to expand the programme to Xbox 360 Kinect cameras and "fairly normal webcam traffic." The programme was part of a facial recognition research effort that GCHQ compared to "Tom Cruise in Minority Report." While the documents do not detail efforts as widescale as those against Yahoo users, one presentation discusses with interest the potential and capabilities of the Xbox 360's Kinect camera, saying it generated "fairly normal webcam traffic" and was being evaluated as part of a wider program. Beyond webcams and consoles, GCHQ and the NSA looked at building more detailed and accurate facial recognition tools, such as iris recognition cameras – "think Tom Cruise in Minority Report", one presentation noted.

Read the rest

DiscoTech events: discover anti-surveillance technology


Sasha writes, "The MIT Civic Media Codesign Studio is organizing, hosting, participating in, and supporting several Countersurveillance DiscoTechs this weekend. A DiscoTech (Discovering Technology event) is a workshop/faire style event for people of all skill levels to learn about, explore, and play with a set of technologies. Countersurveillance DiscoTech Locations:"

Read the rest

Video from a dystopian future: how location data can be abused

The ACLU has produced a video based on its Meet Jack. Or, What The Government Could Do With All That Location Data slide presentation from 2013. It's a chilling and sometimes funny look at the way that location data can be used to compromise you in ways large and small. As Josh from the ACLU notes, "It's especially interesting after the news yesterday about the DHS plan for a national license plate location history database (which got scrapped after it was exposed)."

Meet Jack. Or, What The Government Could Do With That Location Data (Thanks, Josh!)

Fax Your GP: quick opt-out from insane NHS plan to sell your medical records


The UK National Health Service has initiated a plan to take the nation's private health records and sell them off to private companies in a process overseen by notorious multinational bumblewads ATOS. If you live in the UK England, your records -- mental health records, prescriptions, records of surgeries including abortions, and other sensitive personal information -- will be handed over to a wide-ranging group of companies all over the world.

Unless you opt out. And opting out isn't easy. There's no central place to opt out. Instead, you have to send a letter to your GP's surgery, which means you have to look up your GP's surgery's address, compose a legally sufficient letter, print it out, find an envelope and a stamp -- etc.

However! There's a better way. A group of volunteers whom I trust implicitly, including the astounding Stef Magdalinski (who made the Faxyourmp service that is the ancestor of Theyworkforyou) have created Fax Your GP, a dead-simple form that will look up your GP's fax number for you, create a form opt-out letter you can fill in in just a few easy steps, and then they'll fax that letter directly to your GP's surgery. I just opted out.

Read the rest

Senator Rand Paul sues US government over NSA spying

Rand Paul has launched a class-action suit against the US government over the NSA's warrantless bulk telephone metadata surveillance. Ars Technica has good analysis of the legal dimension of the suit: basically, Senator Paul isn't really advancing any new arguments, but the suit will put the pressure on the government. Techdirt has reports of outrage from other Republican congresscritters, especially noted shitweasel Rep Peter King (R-NY), who accuses Paul of aiding terrorists. Cory 48

Crowdfunding "Nothing to Hide," an anti-stealth game about surveillance

Elizabeth sez, "Nothing To Hide is an anti-stealth game, where you're forced to help in your own surveillance. It was released yesterday, in honor of The Day We Fight Back, and you can play the HTML5 demo right now. The game is dedicated to the public domain, with all the art and code on Github. ("Nothing To Hide has nothing to hide.") They've just launched a crowdfunding campaign to fully build this open source game. Ten percent of the funds raised will go to digital rights groups like the EFF, Demand Progress, and Freedom of the Press Foundation."

Read the rest

3 MAKE projects to help you fight for your online privacy

In keeping with the theme of "The Day We Fight Back," MAKE has three privacy-enhancement projects you can make: an Onion Pi Tor proxy so you can browse the web anonymously anywhere you go, a mobile, anonymous file-sharing device called the Piratebox, and a personal Internet kill switch (not the kind that freedom-hater Joe Leiberman wants to install, but one you can put in your house to keep freedom-haters from snooping on you).

Put one on the wired connection between your computer and router and use it to unambiguously isolate that computer from the internet whenever you want. Or put it between your router (wireless or otherwise) and your ISP hardware to control the connection for the entire house. Sure, you could just unplug the cable, but that’s hard on the connectors, and the switch is faster to use and neater-looking, to boot.

3 Projects to Help You Fight for Your Online Privacy

EFF's HTTPS Everywhere + Firefox = most secure mobile browser

Peter from the Electronic Frontier Foundation writes, "Over at EFF, we just released a version of our HTTPS Everywhere extension for Firefox for Android. HTTPS Everywhere upgrades your insecure web requests to HTTPS on many thousands of sites, and this means that Firefox on Android with HTTPS Everywhere is now by far the most secure browser against dragnet surveillance attacks like those performed by the NSA, GCHQ, and other intelligence agencies."

I installed it today.

Read the rest

UK set to sell sensitive NHS records to commercial companies with no meaningful privacy protections - UPDATED

The UK government's Health and Social Care Information Centre quietly announced plans to share all patient records held by the National Health Service with private companies, from insurers to pharmaceutical companies. The information sharing is on an opt-out basis, so if you don't want your "clinical records, mental health consultations, drug addiction rehabilitation details, dsexual health clinic attendance and abortion procedures" shared, along with your "GP records, HS numbers, post-codes, gender, date of birth," you need to contact your doctor and opt out of the process.

This is a complex issue. Large data-sets are the lifeblood of epidemiology and evidence-based care and policy, and the desire to extract useful health information from this data is a legitimate one.

However, it's clear that no one involved in the process gives a damn about privacy. These data-sets -- which will be sold on the open market to commercial operators -- are "anonymized" and "pseudonymized" through processes that don't work, have never worked, and are well-documented to be without any basis in reality.

And that's the thing that brings the whole enterprise out of the realm of legitimate scientific project and into the realm of corporatist hucksterism. Once the architects of this project announced that its privacy protections would be based on junk science, they lost any claim they had to operating in good faith.

Effectively, the managers of this programme have said, "We can't figure out how to protect the most private, potentially damaging facts of your life, so we're not going to try." It is pure cynicism, and it makes me furious. It brings the whole field of evidence-based medicine into disrepute. It is a scandal. And as it goes ahead, it will spectacularly destroy the lives of random people in the UK through the involuntary, totally foreseeable disclosure of health information, in ways that make the general public leery of any participation in this kind of inquiry.

If you set about to discredit the open data movement, you could do no better than this.


Update: As if that wasn't bad enough, Noemi adds, "The contract for handling and managing the care data has been given to ATOS. This is the same company whose disability benefit assessment has been found to be flawed and unacceptable in 40% of cases by the Audit Commission." Here's more.

Read the rest