Posts Tagged ‘Online privacy’
Kroes confirmed in post
The European Commission has confirmed the rumours of the shift of Neelie Kroes, the Dutch People’s Party for Freedom and Democracy politician, from the Competition policy directorate to a new Digital Agenda brief. Kroes will also become a Vice-President of the Commission (as will Viviane Reding, her predecessor).
The post is designed to provide a greater focus on digital issues from the ‘information society’ brief of the previous role. Much of the online comment about Kroes’s switch is directed towards the apparent downgrading that this is held to represent, pretty much in line with the lowest common denominator-type arguments that accompanied the appointments earlier in November of Herman van Rompuy and Baroness Ashton, but it’s sure that she will bring a tenacity and single-mindedness to the role. Consequently, she may well be a very good advocate for, dare I say, Digital Europe – although whether we need advocacy or practical action at this point to effect a Digital Europe is a moot point. As we’ve seen in the UK, digitalisation is a huge subject touching areas which are the responsibility of several different departments and bringing all that together into a coherent agenda perhaps demands more the skill of a consensus builder than one whose reputation comes with added steel.
Ms Kroes’s appointment – as with each of the members of the Commission – is subject to the approval of the European Parliament at individual hearings due to take place in January.
EU telecoms reform package approved by Parliament
The European Parliament has approved, by a strong majority across all party groupings, the conciliation procedure agreement reached earlier this month. The reforms will enter into force next month and, following transposition by individual member states, become law across the EU by June 2011.
The principles covered by the package of directives are many but are most recently summarised in the Commission’s press release welcoming Parliament’s vote (where there is also a specific link to the 12 most important of the reforms in the package).
UNI, which works on behalf of 20m workers in the industry worldwide, worked hard and with no little success to gain a union voice and perspective concerning the main provisions of the package and their impact on workers’ rights. It has also welcomed the vote regarding the importance of investment in high-speed broadband services as a major factor in economic growth and employment, not least in a time of recession – as indeed does Connect. Nevertheless, now that the package is in place and regulatory certainty a little more established thereby, it is imperative that European countries and telecoms companies do indeed move swiftly so that its potential benefits as regards investment and jobs can be realised.
Copyright theft: do crackdowns help?
Today’s The Guardian reports from Sweden that music sales have gone up 18% in the first nine months of this year, which record labels are citing as evidence of the potential for similar crackdowns elsewhere given April’s introduction of anti-piracy laws in the country and a court ruling against the operators of the Pirate Bay website.
Of course, it may be nothing of the sort: successes in one country aren’t necessarily replicable elsewhere (even if there is also evidence to the same effect from South Korea); the introduction of the new laws in April, three months into the year, may well have had only a limited impact on music sales for the first nine months. Besides, following seven years of losses, improved turnover over nine months of the eighth is clearly an insufficient foundation for confidence that the corner has been turned.
At the same time, Viviane Reding, EU Commissioner for the information society and media, has greeted Spain’s attempt to cut off internet access of illegal downloaders with with strong words and threats of potential action from the Commission [registration required; limited viewing time] (not least since this goes against the intention of the fragile compromise, put together between the Council and the Parliament and due to be voted shortly [edit on 25 November: it was overwhelmingly approved by Parliament], to have a judicial procedure in place – so Reding may simply be being politically careful). At the same time, Reding is reported to have commented that ‘repression will not alone solve the problem’. So, do crackdowns work?
Well, the simple answer is – as I’ve said already – that it’s far too early to tell from the Swedish experience. Nevertheless, the first half of Reding’s quote cited here (‘We need to find more modern ways to protect intellectual property and artistic creation’) is being done in Sweden with the creation of new innovative services for which people are apparently prepared to pay while The Guardian article also quotes Ludvig Werner, Chair of the Swedish industry record labels association:
It’s like speeding, put up cameras and people will start to ease off the gas pedal. Even if it doesn’t change the attitudes, they find legal alternatives because they don’t want to get caught.
Not an analogy to push too far, perhaps. But, a combination of carrot and stick – new opportunities combined with the threat of action for transgressors – may well carry some weight. People don’t just need alternatives; they need to be convinced of the benefits of using them and of the need to do so. These pages have previously argued that there is merit in the threat of action against illegal file sharing, provided it doesn’t infringe online privacy, as well as for a proper campaign on the problems that it causes to copyright holders (and, indeed, an event along these lines is taking place today with the aim of convincing parliamentarians of the need for action). What the Swedish (and the South Korean) experience does seem to demonstrate quite well therefore is that both carrot and stick are likely to be necessary in changing behaviours on illegal filesharing.
Agreement reached on EU telecoms package
Representatives of the European Parliament and the Council of Ministers have reached agreement on the EU’s telecoms package in a conciliation procedure. This procedure resulted from the impasse that proceeded in May from Parliament’s insistence on including a clause (Amendment 138) requiring a judicial procedure before users’ net access could be cut off.
The impasse on this one issue had threatened the whole package, a combination of five Directives and a Regulation which seeks to strengthen competition and consumer rights, facilitate high-speed internet broadband connections to all Europeans and establish a European body of telecoms regulators (BEREC) to complete the single market for telecoms networks and services. (A list of the dozen most prominent reforms can be found in the Commission’s press release.) Parliament recognised that agreement was necessary so as not to jeopardise the package and is reported by the Swedish Presidency to have agreed not to press its view too hard. Consequently, a compromise has been reached which seeks to take the spirit of Amendment 138 of the need to enshrine an approach which protects net users’ rights by providing fair and impartial procedural and judicial safeguards which embody the user’s right to be heard, taking place with ‘due respect for the principle of presumption of innocence and the right to privacy’ (see Parliament’s press release and its own FAQs).
The package is subject to confirmatory votes both by Parliament, in a final reading in full session, and the Council (by majority vote) which are both expected to take place before the end of November. The text can only be approved or rejected – no further amendments are possible. Establishment of BEREC is expected next spring while the Directives (unlike the Regulation) will need to be tranposed into the 27 national legislatures before they can come into force at national level, a process which is expected to have been completed by May 2011.
Agreement on the package is timely. It is important not least given the rapidity of technological evolution and the role of infrastructure investment in sustaining European economies out of recession, to which regulatory predictability is expected to add positively to the conditions surrounding the consideration of investment in high speed broadband and thus to job security and growth. Connect General Secretary Adrian Askew, as President of UNI Europa Telecom, earlier this year specifically endorsed the need to secure the package, and UNI has worked very hard to secure workers’ rights, not least in terms of the package openly seeing workers as stakeholders in any question of regulatory separation. [Edit 16 November to add link to UNI website welcoming the compromise.]
It’s also clear that, after two years of negotiation on this package, and as with the European treaties more generally, appetite for ‘another go’ should this package have fallen would be extraordinarily low.
DPI and net neutrality
An interesting aspect to the net neutrality debate in the US, about which I blogged a couple of days ago, is how internet service providers know which traffic to prioritise so as to manage the load on the internet at peak times.
The naive assumption might be that they monitor particular servers, or use of particular sites, and then throttle that traffic back – and some might well do it this way. At least Comcast amongst US ISPs, however, uses Deep Packet Inspection [registration required; limited viewing time], which brings a whole new aspect to net neutrality: that of online privacy. Deep Packet Inspection, in the definition of online privacy campaigners, is akin to post officers opening your Royal Mail envelopes and examining the contents before handing you your post. To extend that analogy, DPI allied to traffic management measures is akin to your first delivery post being opened, the postal delivery officer saying to you ‘Oh, I see you’ve got some pretty big files in there – you can’t have it now but I’ll bring it back when I come back with second delivery’ [or tomorrow, for those who don’t get second post].
So, Comcast knows whose traffic to throttle back not because it has a general approach to the management of traffic to and from particular sites but because it knows you, as an individual, are downloading a file from the computer of someone on the other side of the world who you’ve never met – and it knows that because it has examined your communications in detail (and then sidelined it in terms of priority).
The above link talks in general about companies offering DPI services not having actively marketed their offerings in the US since Comcast was cited for its traffic management last August – but having concentrated on Europe and the Middle East. Should the net neutrality debate cross to Europe – as some have suggested it might – this is an aspect that campaigners will have to be aware of – and not only then, if DPI companies are already actively marketing in Europe.
This tying up of DPI and online privacy with net neutrality casts a dangerous aspect to the debate. Traffic management measures (to paraphrase what I argued earlier) are probably a necessary evil, currently – but not at the price of online privacy. If ISPs must manage traffic to ensure that too-thin pipes don’t fall over under the weight of our net usage, how they do that must not compromise the privacy of your online communications.
Twittering your details away?
A posting in the Wall Street Journal‘s Digits blog last week identified one of the problems inherent with social networking sites: people give all sorts of sensitive details about themselves without thinking about it.
Like their social security numbers: a major tool in identity theft.
Not openly, of course, but – at least in the US; the position in the UK is less certain – social security numbers tend to follow patterns based around birthdates and hometowns.
A survey published by Alessandro Acquisti, Professor of Information Technology and Public Policy at Carnegie Mellon University, and researcher Ralph Gross in Proceedings, the academic journal of the National Academy of Sciences in the US indicated that the authors were able correctly to guess the first five of the nine digits of an individual’s social security number 40% of the time just by knowing that individual’s birthdate and hometown. From there, the researchers were able to identify the full social security number 8.5% of the time in fewer than 1,000 attempts – a relatively low score (except to Charlie Eppes, perhaps) but whose significance is amplified by recent moves to protect identity by reducing the use of the first five digits of the Social Security number on certain public documents, in favour of the last four as identifiers. When the first five can be guessed so easily, this is clearly a wrong move since disclosure of the final four allows the construction of the full number very quickly.
So, if you’re a user of a social networking site, be careful what you let out about yourself: assume that someone is indeed looking over your shoulder as you type in those details…
Phorm hit by second withdrawal
Phorm, the controversial online advertising technology which tracks user movements across the web, has been hit for the second time this week by the withdrawal of another ISP from its incipient ‘Webwise’ service.
BT announced on Monday that it ‘had no immediate plans’ to deploy Webwise; and now Talk Talk, the second of three ISPs with which Phorm had an agreement to launch Webwise in the UK, has pulled out of its agreement. Virgin Media, the third ISP involved, has commented (registration required; limited viewing time) that it hasn’t ruled out deploying the technology but would communicate ‘openly and transparently’ with customers before taking any decision.
Together, the three ISPs are the largest in the UK, controlling about three-quarters of the market. Phorm was putting a brave face on the situation, saying that ‘the decision of BT, with which it has conducted three trials of Webwise, was not connected with issues of privacy but with the company’s changing priorities (BT said that it had ‘other stuff to focus on’, though private reasons may also have added to the weight of the decision) and that its agreement with Talk Talk had not, unlike BT, extended to any form of trial. Nevertheless, the loss of two of the three leading ISPs, and two of the three with which it had agreements, clearly hits Phorm’s activities in the UK very hard. It also said that it would concentrate on ‘faster moving overseas opportunities’ apparently particularly in South Korea.
Phorm works by tracking page downloads of ISP customers who have signed up to the service and, via keywords drawn from each page, matches those surfing patterns to an anonymous user profile. Users matching that profile then receive targeted internet advertising on web pages which matches their interests as identified by their surfing patterns. The service is controversial because Phorm has never successfully managed to deflect the criticism that it contravenes internet privacy by knowing where users go to on the web – which may evidently be sensitive. BT’s first trial of Webwise, under which online surfing data was passed to Phorm from a selection of BT customers without their knowledge, is the motive force behind a European Commission investigation of the efficacy of the UK’s online privacy laws, although subsequent trials were carried out with user consent. Other targeted advertising technology is being developed but this is based on advertisers developing commercial relationships with ‘partner’ websites rather than assessing users’ general surfing via their ISP.
Phorm has attracted a storm of online groups opposed to its activities and that of deep packet inspection more generally, including such central figures as Sir Tim Berners-Lee, recently appointed UK government adviser on opening up access to government data, among them.
The Commission wants UK internet privacy laws to reflect the EU approach based on obtaining ‘clear consent from the user that his or her private data is being used;’ currently, UK law only covers ‘intentional’ interceptions and requires there only to be ‘reasonable grounds for believing’ that consent to the interception of data has been given. [Edit Monday 13 July: As Chris Williams of The Register cogently concludes in his insightful piece on the affair, this likely future clarification of the legal position for any Phorm lookalike entering the fray is perhaps the really positive thing to come out of this whole business.]
Welcome to this blog of my observations on pay, pensions, regulation and competition policy, and the labour movement. Hope that you find something interesting to read - let me know if so!
Connected Research 