22 October 2017

UK and US Citizens: Please Request Your Personal Data Held By Cambridge Analytica

By now, many people have probably heard about the company Cambridge Analytica.  By its own admission, it played a major role in the success of Donald Trump.  There are also numerous indications that it was involved in the Brexit campaign.

Because Cambridge Analytica is intimately bound up with the London-based company SCL it is possible to make a subject access request in order to find out what information is held about you.  This applies to both UK and US citizens. 

I therefore urge as many people as possible to ask for that data - it only takes a few minutes, and can be done with a simple letter.  Obtaining this information will help us understand what exactly has been happening. Here's what I have sent; please feel free to use and/or modify it:

SCL Group Ltd
c/o Pkf Littlejohn 2nd Floor,
1 Westferry Circus,
Canary Wharf,
London,
United Kingdom, E14 4HD

22.10.17

Dear Sir,

Subject Access Request

I have read numerous reports in the press that you and/or your subsidiaries in the UK or elsewhere hold data on UK/US voters, which may include information about me.

In accordance with the UK Data Protection Act, I am writing to ask you to supply me with a copy of  the information you hold about me, please.

If there is a fee or you require more information in order to fulfil my request, please let me know.

Thank you for your help.

Yours faithfully,

Glyn Moody

You may also wish to make a contribution to this crowdsourced initiative to dig even deeper.  I've given, FWIW.

The stakes here are incredibly high: it is really no exaggeration to say that our democracy and freedom are at play.  I therefore hope you can spare a few minutes to help shed some light on what has happened here.

31 May 2017

Urgent: Please Write to MEPs to Stop Awful Copyright Proposals


Bad things could happen in the European Parliament next Thursday, when an important committee of MEPs votes on proposals for updating copyright for the digital age:

Today it was revealed that MEP Pascal Arimont from the European People’s Party (EPP) is trying to sabotage the Parliamentary process, going behind the negotiators of the political groups and pushing a text that would make the Commission’s original bad proposal look tame in comparison.

As that post from the Pirate Party MEP, Julia Reda, explains, there is an attempt to make two aspects of the copyright proposals even worse, using procedural tricks. The main threat is the imposition of blanket upload filters, with Internet sites essentially obliged to act as copyright police for everything. 

The other is to introduce a new ancillary copyright for publishers that would mean that they could demand licensing fees for using even tiny snippets from their articles for 50 years after they were published. Both of these would destroy the Internet as we know it.

I therefore urge you to write to all your nation's MEPs on the Internal Market and Consumer Protection (IMCO) Committee. You can find their names and nationalities here with links to pages that have ways of contacting them. Here's what I've sent:

This is just a quick email to ask you not to support Pascal Arimont's proposed amendments to the copyright directive. Leaving aside the general issue that they would undermine the authority and role of the IMCO committee, they would cause huge harm to the Internet in Europe and to EU startups in that field.

The amendments to Article 13 are, despite claims to the contrary, incompatible with recent CJEU rulings, and go against the E-commerce directive that has served the EU so well over the years. The proposals would be costly to impossible to implement, and would see startups flee the EU for more hospitable investment environments.

Similarly, the amendments to Article 11 make a bad idea even worse by extending the duration of ancilllary copyright, and narrowing the exceptions. The experience in both Germany and Spain has demonstrated beyond doubt that publishers will be harmed by such a move, especially smaller ones. The proposed amendments will make the damage to both them and to the Internet itself even more serious.

I therefore urge you to reject all of Pascal Arimont's proposed amendments, and to support Catherine Stihler’s compromise amendments on the copyright file.

18 May 2017

Tell the UK Government: No Backdoors in Crypto

The UK government seems to be pressing ahead with its idiotic plans to backdoor crypto. There is a (secret) consultation on the subject that closes tomorrow - write to investigatorypowers@homeoffice.gsi.gov.uk.  Here's what I've just sent:

I am writing in connection with UK government proposals to force tech companies and Internet providers to create government backdoors to encrypted communications.

Speaking as a journalist who has been writing about every aspect of computer technology for 35 years, and about the Internet for 20 years (https://en.wikipedia.org/wiki/Glyn_Moody), I cannot emphasise too strongly that this would be a very unwise and dangerous move.

There is no such thing as a safe backdoor that is only available to the authorities.  If a weakness is created in a program or service, it can be found be third parties.  That is hard, but not impossible, especially for well-funded state actors.

Even more likely is that details of backdoors will be leaked.  The recent experience of the WannaCry ransomware attack, which is based on an NSA exploit that was leaked earlier, show how devastating this kind of subversion can be.

There is another powerful reason not to force companies operating in the UK to weaken their security.  First, US companies may simply water down protections for UK users, while protecting those in the rest of the world.  Obviously that would leave UK users particularly vulnerable to attack, and make them prime targets.

Secondly, if British companies are forced to provide backdoors in their products, then no government or company elsewhere in the world will use UK software, since there will always be a risk that it contains intentional security flaws.  This is the surest way to sabotage the UK software industry, and to ensure that computer startups are located anywhere but in the UK.

As well as being harmful, moves to weaken the security of encrypted products are also unnecessary.  As recent events have confirmed, terrorists rarely use encryption, and when they do, they make mistakes that allow the security services to access communications.  Indeed, there are many ways to obtain access and information even when encryption is used, as a recent paper explained (https://www.schneier.com/blog/archives/2017/03/new_paper_on_en.html).

To summarise, the many and mighty harms caused by weakening encryption vastly outweigh any illusory benefits.  The UK government would be ill-advised to take this route.

29 March 2017

The Copyright Industry's So-Called "Value Gap" Is Actually an Innovation Gap

The is a crucial year for the Internet in Europe, because 2017 will see key decisions made about the shape of copyright law in the EU. That matters, because copyright is in many ways the antithesis of the Net, based as it is on enforcing a monopoly on digital content, whereas the Net derives its power from sharing as widely as possible. The stronger copyright becomes, the more the Internet is constrained and thus impoverished.

There are three key areas in the proposed revision to the EU's Copyright Directive where the Internet and its users are under threat from attempts to strengthen copyright. First, there is the panorama exception, which allows people to take pictures in the street without needing to worry about whether buildings or public objects are subject to copyright. Despite this being little more than common sense – imagine having to check the legal status of everything in view before taking a photo – copyright maximalists are fighting to stop a panorama exception being added to EU law.

The second point of contention concerns the link tax, also known as the snippets or Google tax. The last of these explains the motivation: publishers want Google to pay for linking to their articles using snippets of text. Despite the obvious folly of charging for the ability to send traffic to your site, the copyright world's sense of entitlement is such that two countries have already introduced a link tax, with uniformly disastrous results.

When Spain brought in a law that required search engines to pay publishers for the use of snippets, Google decided to close down its Google News service in the country, which led to online publishers losing 10% to 15% of their traffic.

Similarly, in Germany, which also introduced a link tax, publishers ending up giving Google a free licence to their material, so great was the law's negative impact on their business when Google stopped linking to their publications.

The snippet tax is so manifestly stupid that it is unlikely to appear in the final version of the revised Copyright Directive. But the third area of concern stands a much better chance because of the clever way that the publishing world is dressing it up as being about a so-called "value gap." It's a very vague concept – see this new video that explores what it is - but it boils down to publishers being resentful because digital newcomers came up with innovative business models based around legal access to online music, and they didn't.

An interesting speech on the topic by the International Federation of the Phonographic Industry's CEO in 2016 laments the fact that the "value" of the global music industry has recently declined 36% over 15 years. That's not really surprising: during this period the recording industry did everything in its power to throttle or stall new ways of providing access to music on the Internet.

What the so-called "value gap" is really about here is the long-standing innovation gap among recording companies, and their refusal to adapt to a changing world. Imagine if they had embraced the P2P music sharing service Napster in 2000 instead of suing it into the ground. Imagine if they had set up sharing and streaming servers themselves a decade and a half ago; imagine how much money they would have made from subscriptions and advertising, and how much their value would have grown, not fallen.

If this evident innovation gap only harmed the copyright companies themselves, it would not be a problem, so much as just deserts. But they are now lobbying to get the laws around the world changed in important ways purely in order to prop up their old business models in an attempt to compensate for this failure to embrace the Internet. In the EU, they are using the fallacious "value gap" concept to call for mandatory upload filters for all major sharing sites – effectively large-scale surveillance and censorship.

Given that one of the most important consequences of the Copyright Directive could be the curtailing of basic human rights in the EU, it is disappointing that a seminar run by the Alliance of Liberals and Democrats for Europe (ALDE) group in the European Parliament – supposedly made up of liberals in favour of such democratic freedoms – skews the debate so completely in favour of the copyright industry. Judging by the programme, there is not a single representative of the public speaking at the event – which is pointedly entitled "Copyright reform: Sharing of the value in the digital environment" - pretty much guaranteeing a biased and unhelpful discussion.

That failure by ALDE even to acknowledge that EU citizens have anything useful to contribute, or any right to speak here, does not bode well for the ultimate outcome of the Copyright Directive negotiations later this year. ALDE needs to start caring about and listening to the millions of citizens who voted for its MEPs. At the moment it seems to have uncritically swallowed the backward-looking copyright industry's framing of the problem as a non-existent "value gap", when the deeper problem is its continuing innovation gap. As a result, this year could see key aspects of the Internet's operation, to say nothing of privacy and freedom of speech, gravely damaged because of yet another expansion of copyright's reach and power.

11 February 2017

Please Write to Your MEPs About Next Week's Critical - and Final - CETA Vote

Next Wednesday, the European Parliament will have its final vote on the Comprehensive Economic and Trade Agreement, or CETA. If you were hoping to influence your UK MP on this, it's too late: last week, the government sneaked through a vote on CETA without anyone noticing.  It passed, of course, but given the absence of real democracy - or an opposition party - in the UK, that's no surprise.

But there is still a chance to stop it in the European Parliament by writing to your MEP, and asking them to vote against ratification next week.  You can contact your MEP using the wonderful free service WriteToThem.  Here's what I've sent to mine:

I am writing to you to ask you to vote against CETA ratification next week, because it has minimal benefits, and a great many risks that have not been estimated, but are likely to be large.

Despite vague claims to the contrary, CETA offers almost no benefits for the EU.  According to the joint study commissioned by the EU and Canada  (http://trade.ec.europa.eu/doclib/docs/2008/october/tradoc_141032.pdf): "The annual real income gain by the year 2014, compared to the baseline scenario, would be approximately €11.6 billion for the EU (representing 0.08% of EU GDP)".

The study's title is "Assessing the costs and benefits of a closer EU-Canada economic partnership", but it offers no formal estimate of the costs associated with CETA.  This is an extraordinary deficiency: even the smallest business would carefully weigh up the costs and the benefits before agreeing a deal.  And yet the European Parliament is being asked to ratify CETA without being told the true costs.

These are likely to be high in many areas.  For example, the "new" Investment Court System (ICS) will open up the EU to being sued by thousands of US companies that have subsidiaries in Canada.  For most member states, this will be the first time that US companies are able to use investor-state dispute settlement (ISDS) tribunals to claim millions – or even billions – of euros over laws and regulations which they claim harms their investments.  ISDS claims alone could wipe out the tiny €11.6 billion GDP gain that CETA is predicted to produce according to the official study.

Despite the fact that ICS is supposed to address the avowed problems with the current ISDS system, it actually fails to do this because it still gives companies a means to put pressure on governments to rescind laws, even if it cannot force them to do so.  Faced with potentially huge fines – one ISDS award was for $50 billion (http://www.shearman.com/en/services/practices/international-arbitration/yukos-arbitral-award) – governments are very likely to choose to withdraw regulations rather than pay out such vast sums.

It is also worth bearing in mind that a 2014 EU consultation on ISDS drew an unprecedented 145,000 negative responses calling for the system to be dropped from trade agreements (http://trade.ec.europa.eu/doclib/press/index.cfm?id=1234&title=Report-presented-today-Consultation-on-investment-protection-in-EU-US-trade-talks).  Making a few cosmetic changes and re-branding ISDS as ICS rides roughshod over the public's views on this important matter.  Moreover, there is no reason to include ISDS/ICS at all.  Canada's legal system is one of the fairest in the world, and so providing companies with additional privileges not available to governments or the public is simply unjustified.

There are further, more subtle problems with CETA.  For example, the regulatory chapter stipulates that parties have to ensure "that licensing and qualification procedures are as simple as possible and do not unduly complicate or delay the supply of a service or the pursuit of any other economic activity" (Article 12.3).  It is easy to foresee companies challenging requirements for public input, environmental assessments and archaeological studies as not being "as simple as possible".  Rather than face costly legal challenges, local authorities are likely to drop these important aspects of regulatory approval, resulting in a general lowering of standards as "economic activity" is placed above all other considerations.

More generally, CETA does not protect the environment as is sometimes claimed.  CETA’s environmental provisions cannot be enforced through trade sanctions or financial penalties if they are violated.  Something that cannot be enforced may possess symbolic – or marketing – value, but is of little practical use when it comes to protecting the environment.  This is another way in which CETA's true costs are being masked by exaggerated claims about its benefits.

Taken together with the fact that even the official econometric study was able to find only vanishingly small economic benefits, these many hidden problems and their unquantified costs underline why CETA is a bad deal for the environment, a bad deal for the public and a bad deal for the EU.  Even if its supporters claim otherwise, without any justification, I urge you and your colleagues in the European Parliament to vote against its ratification.

11 January 2017

Please Write to MEPs on the ENVI Committee About CETA *Today*

There's an important vote by MEPs on the ENVI committee tomorrow about CETA, the trade deal between the EU and Canada. Background on why CETA is so bad for the environment is available, as is a list of all MEPs on the ENVI committee.  If one of them is your MEP, please write to them *today* - the vote is tomorrow.  Here's what I've just sent to mine:

I am writing to you in connection with the ENVI vote on CETA tomorrow.  I would like to urge you to support the draft opinion of the ENVI committee, given by rapporteur, Bart Staes.

As a journalist, I have been writing about CETA since 2012 (https://www.techdirt.com/articles/20120709/07420719630/actas-back-european-commission-trying-to-sneak-worst-parts-using-canada-eu-trade-agreement-as-trojan-horse.shtml), and have followed its long and complicated history closely.  I noted in 2015 that CETA has already harmed the EU's environmental policies (http://arstechnica.co.uk/tech-policy/2015/05/eu-dropped-plans-for-safer-pesticides-because-of-ttip-and-pressure-from-us/):

"One of Canada's key negotiating aims was to promote the use of its tar sands in Europe. In 2012, the EU's Fuel Quality Directive (FQD) proposed that tar sands should be given a 20 percent higher carbon value than conventional oil. This reflected the greater pollution caused by its production and was designed to steer companies away from using this particular form of fuel in the EU. However, a few weeks after CETA was concluded, the final version of the FQD had been watered down and lacked the earlier requirement that companies needed to account for the higher emissions from tar sands, effectively neutering it—exactly as Canada had demanded."

Environmental policies will be under attack thanks to the little-known requirement in CETA that parties have to ensure "that licensing and qualification procedures are as simple as possible and do not unduly complicate or delay the supply of a service or the pursuit of any other economic activity."  It is easy to foresee company lawyers arguing that environmental requirements go beyond "as simple as possible", and that they "complicate or delay" the supply of a service.

However, the greatest threat to the EU's environment comes from the investor-state dispute settlement mechanism, now re-branded as the Investment Court System.  Despite the change of name, and some minor tweaking of the process, the problem remains the same: foreign investors are given unique powers, not available to domestic investors, that place them above national and European law.

That's problematic enough in itself, but even more troubling is the fact that the area where ISDS/ICS has been used most is against environmental legislation.  Also worth remembering is that CETA allows non-Canadian companies that have operations in Canada to take advantage of this supranational right: that will enable thousands of US companies that have subsidiaries in Canada to sue the EU.

Finally, it's worth noting that the EU's official economic modelling of CETA finds tiny benefits: €11.6 billion, representing 0.08 percent of EU GDP (http://trade.ec.europa.eu/doclib/docs/2008/october/tradoc_141032.pdf.)  That gain could easily be swamped by a flood of ISDS/ICS suits demanding "compensation" for stringent environmental regulations.

Because of these threats, and the vanishingly small benefit that CETA is expected to bring, I urge you to support the ENVI rapporteur's draft opinion, and to encourage your colleagues to do the same.

04 January 2017

Spare Slots for Regular Freelance Work Soon Available


I may soon have spare slots in my freelance writing schedule for regular work, or for larger, longer-term projects. Here are the main areas that I've been covering, some for more than two decades. Any commissioning editors interested in talking about them or related subjects, please contact me at glyn.moody@gmail.com (PGP available).

Digital Rights, Surveillance, Encryption, Privacy, Freedom of Speech

During the last two years, I have written hundreds of articles about these crucial areas, for Ars Technica UK and Techdirt. Given the challenges facing society this year, they are likely to be an important area for 2017.

China

Another major focus for me this year will be China. I follow the world of Chinese IT closely, and have written numerous articles on the topic for Techdirt and Ars Technica. Since I can read sources in the original, I am able to spot trends early and to report faithfully on what are arguably some of the most important developments happening in the digital world today.

Free Software/Open Source

I started covering this topic in 1995, wrote the first mainstream article on Linux, for Wired in 1997 and the first (and still only) detailed history of the subject, Rebel Code, in 2001, where I interviewed the top 50 hackers at length. I have also written about the open source coders and companies that have risen to prominence in the last decade and a half, principally in my Open Enterprise column for Computerworld UK, which ran from 2008 to 2015.

Open Access, Open Data, Open Science, Open Government, Open Everything

As the ideas underlying openness, sharing and online collaboration have spread, so has my coverage of them. I recently wrote one of  the most detailed histories of Open Access, for Ars Technica.

Copyright, Patents, Trademarks, Trade Secrets

The greatest threat to openness is its converse: intellectual monopolies. This fact has led me to write many articles about copyright, patents and trade secrets. These have been mainly for Techdirt, where I have published over 1,400 posts, and also include an in-depth feature on the future of copyright for Ars Technica.

Trade Agreements - TTIP, CETA, TISA, TPP

Another major focus of my writing has been so-called "trade agreements" like TTIP, CETA, TPP and TISA. "So-called", because they go far beyond traditional discussions of tariffs, and have major implications for many areas normally subject to democratic decision making. In addition to 51 TTIP Updates that I originally wrote for Computerworld UK, I have covered this area extensively for Techdirt and Ars Technica UK, including a major feature on TTIP for the latter.

Europe

As a glance at some of my 244,000 (sic) posts to Twitter, identi.ca, Diaspora, and Google+ will indicate, I read news sources in a number of languages (Italian, German, French, Spanish, Russian, Portuguese, Dutch, Greek, Swedish in descending order of capability.) This means I can offer a fully European perspective on any of the topics above - something that may be of interest to publications wishing to provide global coverage that goes beyond purely anglophone reporting. The 30,000 or so followers that I have across these social networks also means that I can push out links to my articles, something that I do as a matter of course to boost their impact and readership.