kNOw Future Inc.

law, technology and cinema, washed down with wine

The FCC and the Tectonics of Commercial Surveillance

It’s been a dreadful week if you care about privacy online in the US. Last October the FCC passed broadband consumer privacy rules that constrained ISPs from commercialising users’ browsing data. These rules required that users opt-in to such usage rather than having to opt-out. Companies intent on profiting user data hate opt-in requirements as they know that many will not agree to these uses. Conversely many people who value privacy do not opt-out because they are unaware the option exists, don’t know how to avail of it, or the choice may be presented to them in terms which are confusing – in such cases uses tend to stick to the default setting.

Ajit Pai, the new head of the FCC, made clear his opposition to both the privacy and net neutrality rules when he was one of two Republican minority appointees on the last Commission. Reversal of the privacy rules was lobbied for intensely by the Cable providers (NCTA), wireless companies (CTIA) and the Telecom sector (US Telecom). They were supported by almost the entire advertising sector, notably the Interactive Advertising Bureau (IAB). The sole exception is the Digital Advertising Alliance who have been conspicuous by their silence. DAA represents online advertising behemoths such as Google and Facebook and their interests are somewhat at odds with those of the infrastructure owners.

Sensitive or Insensitive?
Until last October browsing records were in the main classified as insensitive information. Sensitive information is characterized as that relating to financial and health data and information relating to children. This is the Federal Trade Commission’s classification, and is what allows Adtech to collect information about users without their consent. In 2015, as part of the net neutrality process, Broadband provision was re-categorized from information to telecommunications service. This may sound trivial but it meant ISPs became classed as ‘common carriers’ and placed  under the jurisdiction of the FCC. The FCC then determined that browsing history as a whole is sensitive data, requiring companies to get opt-in to be allowed to use it.

Competition between Privacy Invaders

The cable, wireless and telecom companies hate this because they want to get into the personal data fueled advertising business, and their position sitting over the pipe of user data gives them an unparalleled to observe. Google and Facebook meanwhile track users over as much of the web as they can, on their own widely popular properties, and using third party cookies and social media buttons (like!, G+) to track users on other sites who are connect to their infrastructure for advertising or marketing purposes. Effectively this means that they can surveil most users over the lion’s share of their online activity (see the research from Engelhardt & Naranyan). These two colossi currently dominate internet advertising and are obviously keen to suppress the emergence of new competitors. But they also want to protect against the risk of their own data collection being redefined as involving sensitive information – the problem could spread from the FCC to their overseers (ha!) at the FTC. that’s why Google opposed this redefinition and lobbied against it.

Secondly, the DAA have their own self-regulatory privacy framework. This describes the interface of three classes of actors with user privacy: first parties (sites that you visit intentionally); third parties (domains that you interact with unknowingly because they provide services to the first); service providers, who are ISPs. In their schema service providers must get user consent for the use of data for reasons other than performance tuning. This explains why the DAA actively opposed the new privacy rules in the run-up to their introduction but is quiet now. It also explains the slurs being thrown at privacy advocates that they are acting as stooges for Google.

Policy Gobbledygook

With this background let’s parse the Orwellian gobbledygook issued by industry lobbyists after their victory:

“We appreciate today’s Senate action to repeal unwarranted FCC rules that deny consumers consistent privacy protection online and violate competitive neutrality (#1). … Our industry remains committed to offering services that protect the privacy and security of the personal information of our customers (#2). We support this step towards reversing the FCC’s misguided approach and look forward to restoring a consistent approach to online privacy protection that consumers want and deserve (#3).”

#1 = These rules put us at a competitive disadvantage to Google/Facebook, they can intrude, we can’t – it wasn’t fair!

#2 = We’ll decide what information of your is personal and what is not (it’s all entertainment data, right?!). You can trust us.

#3 = Now that users have no privacy protections from either the biggest publishers or the infrastructure providers, the playing field field is finally level! Yes, we could have lobbied to have Google and Facebook subjected to the same constraints and evened things up that way, but nah, silly idea.

The big winners are companies like Verizon who bought AOL to move their business towards online advertising and is in the process of taking over what’s left of Yahoo. They’ve bought themselves an advertising infrastructure with lots of data of their own and can now exploit the data trail of their own customers. AT&T are also in celebratory mood and have been gushing about the Trump administration more generally. Back in 2013 they operated a program called ‘internet preferences’ which instituted additional charges for users who opted out of having their usage data exploited to expose them to behavioural advertising. Have achieved their goal of overturning the regulations, Telecoms are claiming they won’t sell users’ browser history. But selling data is not the model of Google or Facebook either – once sold the  competitive advantage the data provides is lost. Instead they control access to its exploitation on long-term exploitation: they administer the data, marketers pay them directly or indirectly to take advantage of it.

As the gatekeeper to the network the ISP can see and read the URLs of all the pages you visit. If the site connection is via HTTPs then only the domain you are visiting is exposed – a minor mitigation but another good reason to use HTTPs Everywhere.

There are two technical responses to this situation both of which are unsatisfactory.

Tor: if you use Tor to access the web then your traffic is encrypted and routed via a series of other servers before being reaching the destination website. Thus the traffic is concealed from the ISP but at the cost of performance – all that circumnavigation to get your request to its final destination slows down the process. If it sounds too technical for you, think again: the Tor browser requires zero configuration overhead.

VPN: if you use a virtual private network then all your web traffic is routed securely through another server, so the ISP can only observe you connecting to that resource. That’s great but VPNs are paid services, typically between $30 and $100 a year. If you use a VPN for this purpose you hope that they are more trustworthy than the ISP, but the VPN world is fragmented among small providers and has no consistent audit standard.

March 31, 2017 Posted by | / | Leave a comment

End2End: Privacy Theatre or Promise Deferred?

Back in October I recalled how the Google had announced in June 2014 that it was going to develop and ship a plugin for Chrome, E2EMail, which would give Gmail users the chance to use end to end encryption. This effort was announced in the aftermath of the Snowden disclosures when surveillance was a major public issue and many Google engineers were still smarting from the discovery that a NSA project called ‘Muscular‘ was slurping Google data as it traveled between their systems – and joking about it.


Google announced a number of security changes in response to the revelations almost all focused on the internal processes at the company, E2EMail however was something that users themselves would be able to choose to use. With an estimated billion users Gmail is the biggest provider of free email and well integrated encryption functionality could offer users real privacy and security gains. Of course there are plenty of alternatives, from running  GPG/PGP locally on your email client to clients like Mailpile which have encryption built in, but Google has brand power as well as unquestioned engineering talent and with that comes a certain ability to influence user behaviour.

But two and a half years later there is still no plugin. Last week a post on the blog of google’s security team announced that E2EMail was ‘leaving the nest’ and would now be opened up to a community of developers around the project’s Github page. Observers are wondering if this is Google’s way of walking away from any responsibility for it. Wired published an article worth reading which also details some of the challenges involved in the development of such a tool. Google’s deployment of encryption on other users tools such as their messaging apps has been half-hearted – so far they have only implemented the Signal protocol on Allo and it is not enabled by default. This is in contrast to WhatsApp for example, which ships with encryption on by default; most users are loathe to reconfigure their software which is why default settings are so critical.

February 28, 2017 Posted by | / | Leave a comment

A 2016 Almanac

Following the San Bernardino massacre of December 2015, the FBI seek to force Apple to assist in unlocking the data on the culprit’s phone, sparking a debate pitching national security against privacy.

Major news sites hit by malvertising payload which delivers ransomware to users computers. Security, as well as privacy concerns, data consumption and weariness at excessive and intrusive advertising drive the further growth of adblocking.


On March 28th the Department of Justice dropped its case against Apple after the FBI announced that they had found a means to unlock the phone and access the data on it

The EU formally adopts General Data Protection Regulation, which will come into effect in May 2018.


Dave Carroll documented the absurd gymnastics required from parents by Facebook should they want to opt their kids out of ads.


Whatsapp announces the integration of encryption functionality for calls and text, implementing the protocol developed by Open Whisper Systems. For the first time a true mass market user tool deploys encryption as default.

Elsevier,  academic publishing behemoth, buys SSRN, a key repository for free scholarly articles online. They start to remove access to some articles. Luckily there is Sci-Hub.

Startup Score Assured offers service to profile potential tenants for landlords. Prospective renters will have to provide them with details of all their social media accounts.
23/6 Britain votes to leave the EU. Bad news for the EU and for Ireland especially, but possibly good news for  privacy and data protection advocates. Axel Arnbrak explains.
28/6 Google changes its privacy policy so that the combination of the Double Click advertising cookie (which tracks users all over the double click network i.e. a large part of the web) with Personally Identifying Information (PII) is no longer an opt-in matter.
In Belgium Facebook overturns an earlier decision on appeal, they had been forbidden from tracking non-users for advertising purposes around the web. It was found that the Belgian courts did not have jurisdiction. Such complaints are to be dealt with in Ireland.
The EU Commission issues its implementing decision for the Privacy Shield agreement on the transfer of data from the EU to the US, a jerry-rigged replacement for the Safe Harbour provisions challenged by Max Schrems and found invalid by the European Court of Justice in October 2015.
14/7 Microsoft vs US: the case is about the US DOJ’s attempt to extraterritotrally apply the Stored Communications Act under which they can access a user’s email on a foreign server. In this case the server was in Ireland (!) and the Second Circuit appeals Ct. held in favor of Microsft.
Google withdraws appeal to the UK Supreme Ct. in Vidal Hall – legal action and damages possible for breaches of Data Protection law even where there is no monetary loss. The decision is widely viewed as enabling a more muscular enforcement of data protection rules.

Whatsapp start sharing users’ telephone numbers with Facebook who want to use them for their magic advertising sausage recipe. Elsewhere Facebook meanwhile was recommending the users connect with each other on the basis because they shared the same psychiatrist. Nothing to hide, indeed.
Draft proposals for copyright revisions in the EU are leaked. Stomachs heave.

Further evidence of the value of ‘relevant’ ‘targeted’ advertising is provided by this account by a woman who had a miscarriage but continued to be pitched pregnancy and birth related products.
Digital Rights Ireland announces its legal challenge to Privacy Shield.

Open Whisper Systems, the entity behind he development of encrypted communications app Signal, announced that they had been subpoenaed for information for information on one of their users. The only information held by them was the date and time of the user’s registration and the time of their last connection to the Signal service’s servers. No content, no contact lists, nada.
Unlike Yahoo, who were caught trawling the entirety of their email user population at the behest of the US government, losing their head of security in the process, which seems careless.
In other mass surveillance news the UK’s Investigatory Powers Tribunal (oversight body for MI5, MI6 & GCHQ) finds that the collection of bulk communications data and retention of bulk personal data sets were in breach of the European Convention Human Rights.
A month now seems incomplete without a Facebook outrage and they were called out by ProPublica for targeting or enabling exclusion of users based on race.

Before the US election there is coverage of the Trump’s data based campaign to reduce Clinton supporter turnout by targeting them with ads focused on demoralising them.
9/11: Trump elected: hard to believe that the apparatus revealed by Snowden will soon be in his hands. This is a transcript from a TV broadcast with Trump from 2005:

An audience member asked Mr. Trump for his opinion of Watergate’s hero, Deep Throat (Mark Felt, Vice- Director of the FBI).

DT: “I think he’s disgusting. I think he’s scum. I don’t care how old he is, how sick he is, I think he ought to be arrested. He was an FBI agent, essentially, and he was ratting on the President. He could have done something against the President, he could have reported the President, he could have resigned and said something.”

23:52 MJ: “What do you think would have happened to him if he had actually gone to his superior and told him about this?”

23:52 DT: “Well he only had one superior, I mean he was the second guy in the FBI. He could have resigned and had a news conference, he could have said I won’t do this but instead he was underneath, I think he’s disgusting and frankly I’d arrest him, I’d throw him in jail. I think he’s a disgusting person, totally disloyal to the country. Here’s a guy that works at the FBI, and he’s ratting out his President, and you know, hey if the President did something wrong, who knows if he did something wrong? This guy shouldn’t have done it the way he did it.”

Mark Felt’s superior at the FBI was one J. Edgar Hoover. Perhaps not the type of person to whom one would bring an ethical concern.
In the desperate search for an explanation for Trump’s victory many a commentator grasp wildly at ‘fake news’ as an explanation, dumping Facebook into the muck yet again. In the UK the Admiral insurance company announces that it will price insurance premiums based on an analysis of users Facebook posts – they are quickly banned by the company.
Back to advertising and privacy: a German TV journalist pretends to be a digital marketing agency and gets a free test drive of web browsing data on 3 million Germans from a broker who had sourced the data through a browser plugin – Web of Trust – marketed as a user protection tool. Data acquired implicated identifiable members of the judiciary in kinky sex and confidential information about a criminal investigation. Politicians scratch their heads and wonder how such a thing could happen. — -?


17/11 the world’s greatest BitTorrent site dedicated to music,, shut down after a raid affecting part of their server infrastructure in France. Having existed for nearly a decade and built an outstanding archive its loss was widely mourned by both musicians and fans.


The ECJ announced its decision in the joined case of Tele2/Watson a further examination of national data retention laws after the EU directive had been struck down by the DRI’s action in 2014. The Court stated that data retention must be limited to serious criminal cases, targeted and limited o what is strictly necessary. There must also be proper oversight and other safeguards. Those placed under surveillance have the right to be notified once the investigation has concluded and the risk of jeopardising it is over.


After a major consultation earlier in the year a draft of the EU’s new ePrivacy regulation is leaked.

December 31, 2016 Posted by | / | Leave a comment

The Machinic Sewer

The Sewer
I recently visited the Wikipedia page of a left wing German politician. She had been hit with a pie by a critic of her views on migration. Wikipedia linked to a report on Russia Today containing a video of the incident uploaded to Youtube by RT’s European unit, Ruptly. At the Youtube URL most of the videos displayed in the related content sidebar were about migration, few were from Ruptly, and many were strongly anti-immigrant. I clicked on one where an old woman was interviewed about her fears, feelings and hostility towards immigrants and closed the video after a couple of minutes. The next time that I opened Youtube seven of the ten videos recommended to me concerned immigration. Five of them were clearly produced by right wing media activists and this flavour of curation extended to the videos on the right hand column as I browsed.

This experience captures what Eli Pariser characterised as a ‘filter bubble’ in a book of the same name: I was suddenly thrust into of a media universe imagined for me on the basis of one or two clicked links, and it felt weird. Encountering world-views contrary to my own doesn’t bother me – in fact I enjoy the conflict, but the skimpy basis for subjecting me to this flood of ideological personalisation is bothersome. If the viewer is uninterested in politics and has no knowledge of the mechanism selecting the stories presented to them, what are they to make of such goings on? In this universe old ladies, innocent blond haired teenagers, and middle-aged men are at one in insisting that migrants are criminals who should be deported – is that the normcore position? Sure viewers aren’t going to swallow propaganda whole, they’ll cross reference it with their own experience and knowledge, and apply some critical thinking. But the persistence of these recommendations for about week did make me feel like as if I was surrounded. I had fallen into the filter sewer and was being sprayed with a fire-hose of horseshit.

Getting Personal
Google would argue that if I logged in to Youtube they would know more about me so I would not have ended up in the sewer. But I don’t want my media consumption tracked or personalised. Never logging in to Google is the best I can do to minimise the tracking, short of systematically using a VPN or Tor, and because I want to have some idea of what the general experience of the web is, I will not do that. I do use anti-tracking tools such as Privacy Badger, Disconnect and uBlock Origin, but none of them can fully protect you from ‘the Google’.

Of course our media environments have always had their ‘bias’, and that was the case before the internet. Journalists wax about objectivity and balance but there have always been ideological assumptions and frameworks: the basic credibility of government statements and explanations of its actions; the virtues of capitalism and liberal democracy etc – the world inside the Overton window. Because Pariser wrote the book in the internet era, and focused on the results of algorithmic filtering, it was understood (perhaps unfairly?) as arguing that the problem was new, when it was actually an evolved iteration of an older phenomenon. [It reminds me of the fear that adblocking will wreck journalism – yet newspapers were in crisis already in the 1990s as the industry became more concentrated and the new owners expanded advertising sales whilst sacking journalists, a phenomenon chronicled by Ben Bagdikian in his classic, the New Media Monopoly.]

Old media was also driven by advertising logic: demographic targeting etc but the difference lies as much in the ease of of individualised distribution as in the availability of algorithmic engines. In the newspaper age you could tell a lot about a person politically and socially from the newspaper they read, their choice was also a filter, and the advertisers who bought slots chose silos for their campaigns. But the paper still had to appeal to a mass market so the silo was big, somewhat diversified and had to cover a range of subjects. Not so today.

Futures Past
Pariser’s book is actually about personalization but he must have thought filter bubble was a catchier term. Individualized customization of information flows is heralded as the compass to navigate a sea of excess information, but this has mostly meant that users should surrender control to machinic decision making whose logic is opaque. If the past once allowed room for the illusion that this could work out well, the future is now over and we’ve seen it’s not so rosy. Information filters are needed but only as tools under the control of the user. But such user sovereignty is not a tendency the economic forces of the web want to foster. In the web of 2016 the user is object of a system designed to shape them rather than a subject to be supported in their own self-development.

In The Daily You, Joseph Turrow outlined how the the idea of the powerful consumer is promoted whilst advertisers and marketers engage in ever more intrusive information gathering processes which lead to the separation of consumers into targets and ‘waste’. And if the consumer is so potent, surely they don’t need to be protected by regulation? In the adtech world that the real end goal of personalization is revealed: collect every last bit of data so as to eventually facilitate the encounter between consumer desire and business operation. This intrusion is presented as a means of giving you ‘what you want’ and clothed in the innocuous language of ’relevance’. But the user is never asked what they want, nor given the means to control the data and advertising flows around them – the answers are to be found by spying on them.

All Our Yesterdays…
In its early days the web was embraced by media critics as a formal remedy to the ills of the mass media – newspapers, television, radio, and film. The net/web was to undermine the tyranny of intermediaries and enable a direct dialogue between individuals and groups. It was not to be. The human decision-makers have had their wings clipped, but have merely been replaced by tech-moguls (unwilling to acknowledge their editorial power) and opaque machinic processes cast as agents of divine right.

If algorithms are the new monarchs, a renewed republicanism needs to dethrone them and their owners. Users do need tools to master the data flow, but they must be under their control, transparent in their logic and designed to nurture their autonomy.

November 30, 2016 Posted by | / | 1 Comment

A Yahoo User’s Journey through the Unknown

“We fight any requests that we deem unclear, improper, overbroad, or unlawful,”

Ron Bell, Yahoo General Counsel

Oh Yahoo, what have you gone and done now. You strange company, whose services I have rarely had occasion to use, save for the occasional casual email account useful for keeping commercial spam away from my real address and the odd photo uploaded to flickr. And yet I cannot help but feel disappointed, because behind that Yahoo octopus whose ink barely obscures a huge advertising-surveillance system, I actually thought that there were individuals serious about defending their users’ privacy at least vis a vis the state. This belief was not without foundation: in September 2014 documents were released chronicling Yahoo’s fight at the FISA court against the NSA’s mass surveillance program. They were alone in this legal resistance. Google, who like to see and portray themselves as the user’s friend, never challenged the government in court.

I had this on my mind in the autumn of 2014, when I was getting increasingly fed up with Google search and looking for an alternative. This was driven by disgust at their relentless data harvesting and disregard for user privacy, but also by the sense that Google’s results seemed to be getting noisier, including a lot of trash and click-bait pages designed solely to exploit the modalities of the algorithm. I thus embarked on an exploration of the alternatives first Bing, then Yahoo…

This was, I know, an eccentric decision – Yahoo has if anything a worse policy regarding retention of search queries than Google. The results themselves were ok, and the key discovery that I made as I test drove the other engines is that 80% of our queries can be resolved by any of them. It is only when you are searching for an exact phrase or rarefied subject matter that the distinctions emerge. Basically Google spiders more of the web, has a better index, and has a better chance of unearthing the obscure. But I did enjoy the apostasy of using Yahoo, and bragging about it; I remember a dinner with a google engineer in SF who stared at me in amazement when I told him of my search engine heresy and explained my motivation (on that point, why are so many at Google in denial about the fact that it is an advertising company rather than a vocation to make the world better through engineering?).

Truth be told, however, this dalliance didn’t last long. After three months I had shifted again to DuckDuckGo, where I have stayed. There are wrinkles to this too: DDG buy search results from Yahoo, Bing and Yandex, which they then combine with other sources and reprocess. But DDG are sound on privacy: they never track users and they’ve adopted the EFF’s Do Not Track policy, a document close to my heart. I resort to Google only as needed, in pursuit of the esoteric and arcane, but what I thereby disclose offers such a marginal (and bizarre) view into my head and habits and I can live with that. Firefox has all the major engines in their search box, thus switching involves no overhead, and I run Opera in parallel.

So it was just a fling with Yahoo but enough to make me sick when I read that they had adapted  a child pornography and malware filter and repurposed it to search the entirety of the mail passing through the @yahoo.*** system. (Incidentally the journalist who broke the story, Joseph Menn, is the author of the excellent All the Rave, which tells the story of Shawn Fanning and Napster – most enjoyable). It made me think how maddening, how insanely inconsistent, Yahoo is. Corporate Beelzebubery comes as no surprise, it’s the wild shenanigans that get to me. That’s what I intended to write about, before the rant above took shape, so here are some examples which come to mind.

Search Query Retention Times

Back in 2007 the Article 29 Working Group, an entity which drafts opinions on data protection/privacy in the EU intended to guide the actions of the Data Protection Authorities, started to breath down the necks of the search companies about how long they were retaining user query data. At the time Yahoo held the data for 13 months, Microsoft 18 months, and Google started ‘making it less identifiable’ after 9. In December 2008, Yahoo announced that they were going to start de-identifying the data after 3 months. Bravo!

Then in April 2011, Yahoo announced that they were needed to retain the data whole for… eighteen months! Otherwise they couldn’t compete! By this point Google were saying that they wouldn’t go below eighteen months either, only Microsoft’s Bing had adopted 6 months.
Do Not Track

In March 2012 Yahoo announced that they would be implementing support for the Do Not Track signal that users can enable in their browsers to tell sites that they don’t want to be tracked. This is not a message which advertising companies are pleased to receive and they have wasted a lot of people’s time at the W3C and elsewhere trying to make the subject more complex than necessary, basically as a means of stalling and sabotaging. No details were ever provided about what this Yahoo implementation would consist of, the sceptical might wonder if it was anything but air?

In April 2014 Yahoo announced that they would no longer honor DNT signals, because they believed that the default web should be ‘personalized’ i.e. tailored for you based on knowledge of what you’ve been up to; personalized thus joins relevant and interest-based as synonyms (and alarm bells) for surveillance-based advertising and content selection.

But Yahoo wasn’t finished: following a deal where they bought themselves the default search box on Firefox, they announced in November 2015 that they would be honoring DNT requests for Firefox users. Mmmmh. Why only Firefox users – oh did Mozilla make them sign up to that? Perhaps because Mozilla was one of the birthplaces of DNT? And what would honor mean exactly? It hardly matters as Yahoo may well change their position again once their takeover is complete. Or perhaps they’ll claim that they couldn’t do anything for the last five years because they were waiting for agreement at the W3C. Yawn.

Encrypted Mail

So now to the most delicious irony of all. After the uproar surrounding the Snowden revelations one of big tech’s responses was to implement encryption at various points in the network. The aspect of this closest to users was Google’s project to develop an end-to-end encryption plug-in for gmail. This was an open-source project and Yahoo declared that they would make it available for their webmail system as well. This was good for users but it would also involve a cost for the companies as both sell advertising based on scanning users’ email to select ‘relevant’ ‘personalized’ ads. If the mails are encrypted this type of analysis is not possible, resulting in lower revenues. But the NSA revelations  hurt a lot of people’s pride and made the tech industry as a whole look compromised, poodles of the US government’s PRISM program, so some notional loss could be stomached.

Alex Stamos, then head of security at Yahoo, set about recruiting programmers and engineers to move it on. In March 2015 this system was ready to demo and was unveiled at SXSW. Right around then Yahoo had been requested to search their whole email traffic for a specified identifier. This was implemented secretly and without consultation with Stamos and the security team, so that when they uncovered it they mistook it for a hostile insert placed by an intruder. The rest is well known: Stamos left Yahoo shortly afterwards to become head of security at Facebook. The Chrome extension for end-to-end encryption of Yahoo mail in Chrome was never officially completed and launched, although one of the lead developers says it’s basically good to go. (Incidentally, what happened to Google’s much trumpeted efforts in this regard?)

Yahoo has many other sins uncatalogued here, but what astonishes me is how erratic and capricious they are. What would you trust them with? Better, as the Intercept suggests, to just delete your account.

October 31, 2016 Posted by | / | Leave a comment

Filmpiraten Crush Austrofascists (at first instance…)

An Austrian court issued an interesting judgment this week. A leftist film collective, Filmpiraten, took a court case against the far-right Freedom Party of Austia (FPÖ) for copyright-infringing reuse of material published on youtube under a creative commons license. The video at issue documented antifascist protests against the Viennese Akademikerball, an annual event held by the FPÖ  which has been the target of demonstrators for many years.

Filmpiraten publish their work on the website and on youtube under a BY-NC-SA license. this means that others are free to use the material without permission providing the use is non-commercial, the work is attributed to them, and that whatever work is created downstream using it is distributed under the same licensing conditions.

The FPÖ operate their own youtube channel which includes a program called FPÖ-TV, published as work in which copyright is claimed. The court case thus concerned a violation of Creative Commons licensing terms under which the Filmpiraten had made their work available. Where a would-be user of material available under a CC license does not accept the licensing conditions, they must make a licensing agreement with the copyright holder in the usual way. Unless they are using it on the basis of one of the statutory exceptions (criticism, commentary etc).

In any case the Filmpiraten were successful in the Viennese court, so this is a significant decision for anyone interest in the treatment of CC licenses in the courts. The FPÖ will appeal. The newspaper report from Der Standard is available here (German).

September 2, 2016 Posted by | /, Austria, copyright, licenses | 1 Comment

Pirate Residuum

Hard to believe that only four or five years ago the Pirate Party (PP) were enjoying a German honeymoon, winning large numbers of votes and entering four regional parliaments. In the Berlin election in 2011 their results were so strong that they did not have enough candidates to fill all the seats won; candidates who ran with with little hope of getting into district assemblies were instead elected to the major-league Senate – the citywide parliament. But this unexpected triumph was to be their zenith, thereafter the party formed a circular firing squad.

During the five years of the Berlin Senate the PP parliamentary group had five chairs and co-chairs, of these four are no longer members of the party (although all continue to sit as part of the Pirate group) – Alexander Spies is the last of this band carrying a party card. Two of these former chairs were among  35 former Berlin Pirates who published an open  letter in January announcing their defection to Die Linke (the Left party) while another flirts with joining the SPD. Three other PP members elected to the Senate have also departed. This means that having started the Parliamentary session with 15 representatives, they now have 8.

A further twist to the current Berlin election is that former national chairperson of the Pirates, Bernd Schlömer, is running as a  leading candidate for the FDP (Liberals) having joined them last October. This is less surprising that it may seem as both FDP and Die Linke (as well as the Greens and the Pirates) once participated in the Freiheit Statt Angst! (Freedom Not Fear!) demonstrations, an annual field day of the forces opposed to mass surveillance/social control which used to take place in Berlin each September.


Pirate Party poster campaign against CDU law and order minister Frank Henkel

Berlin Election 2016

Polling currently puts the PP on 3%, well below the 5% threshold required to be allocated any seats in the Parliament. As in 2011 they are running an eye-catching campaign focused on issues where they have campaigned effectively: housing, the investigation into the billion euro airport scandal, against racism. But the nature of their public meltdown both at national and local level after 2012 has wrecked their credibility.  (If one wants to vote for a neo-Dadaist anti-party Berlin already has one, die Partei, who also have a European MEP!)

The departure of former members for other parties also undermines their position as  self-appointed interpreters of the magic powers of technology. This should not be underestimated: until 2012 they were effectively identified as the ‘party of the internet’, the people who wanted to usher in a streamlined tomorrow, the epitome of progress and forward thinking. But this stranglehold on the tech-dream is over.


Posters satirising the language of  danger zones ‘gefahrengebiet’ and highlighting local scandals around rising rents, the endless saga of the new Berlin airport etc…

The Berlin PP was regarded as representing the party’s left-wing and some of its votes will now return to Die Linke or move to the Greens. Meanwhile, populist discontent has shifted decisively right after the controversy over refugee policy met the gunpowder of the sexual assaults in Cologne on New Year’s Eve. electorally this means pay dirt for the Alternative fur Deutschland (AFD), a toxic brew of xenophobes, alienated conservatives, economic liberals and populists, who will almost certainly enter the city Parliament this month.


August 31, 2016 Posted by | /, berlin, Pirate Party | Leave a comment

Readings from the Book of (library) Genesis

In recent days it has been announced that the EU wants all scientific research papers funded through its programs to be released under Open Access by 2020*. Newspaper coverage has credited the combined efforts of the Dutch government and EU  Commissioner for Research, Innovation and Science, Carlos Moedas, for the initiative. Moedas caught my attention in April due to a speech he gave on ‘open science’ which began with a reference to Alexandra Elbakyan and the controversy around Sci-Hub. He went on:

“Elbakyan’s case raises many questions. To me the most important one is: is this a sign that academic journals will face the same fate as the music and media industries? If so – and there are strong parallels to be drawn − then scientific publishing is about to be transformed.

So, either we open up to a new publishing culture, with new business models, and lead the market… Or we keep things as they are, and let the opportunity pass us by. As I see it, European success now lies in sharing as soon as possible, because the days of “publish or die” are disappearing. The days of open science have arrived.”

Until recently it would have been impossible to imagine an institutional figure use Sci-hub as a springboard for a positive vision rather than an occasion for vitriol.


While legal action by Elsevier against Sci-Hub and Elbakyan grinds on in the US, it has succeeded only in generating large amounts of positive publicity for both – Elsevier’s attack on a library that once existed in the shadows has ended up biting the behemoth in the ass. Despite a court decision in their favor, the website remains online and usable.

Seeking to disable free access to scientific articles otherwise available only through overpriced subscriptions was never going to be a winning PR strategy. That Elsevier made an operating profit of 34% in 2014 doesn’t help their case, nor does the fact that the authors are not paid. Commentators have instead treated the liberation of academic work from copyright restrictions as an enlightenment gesture in favor of universal access to knowledge (which it is). There is sympathetic coverage all over, from Science to Le Monde ** – it’s all a far cry from the quiet annihilation of in 2012.

Academic work is special…

Such an outpouring was never going to emerge from the cases against Napster or the Pirate Bay – the shared objects at the centre of those trials were seen merely as trifling entertainment commodities. This is odd given how important shared cultural works are for shaping our identities, but somehow they are tainted by their association with pleasure and fun. Academic papers, on the other hand, are no terrain of indulgence; they are the stuff of seriousness, discipline, painful memories of homework…

Risk and Reward

With all this attention, use of Sci-Hub and Library Genesis is booming and presumably growing its holdings. Given that the entire collections are available for download via torrent it will be interesting to see if services on top of the corpus – text mining etc. Until now such techniques have been the preserve of the database owners or companies like Google,  with the resources for both mass scanning efforts and sustained legal defense involved in their Library/Book project. So let’s see the unauthorised repositories become the substrate for experiment, analysis, and additional layers of meaning.

Elbakyan is now carrying a lot of personal risk and is owed our support. Aside from the injunction against her there are claims under the Computer Fraud & Abuse Act (the same law used to prosecute and intimidate Aaron Swartz). She is cagey about her location and is concerned about the threat of extradition to the US.  But this must be weighed against what she has achieved: assembling and stewarding a system of self-provision for all those with inadequate access to literature wherever they are. Right now it is important that all those who believe in LibGen/SciHub state that support openly. Later this may also meant to step up and support her also materially


*There are caveats however, enabling exceptions for reasons of security… and intellectual property rights – an exception which could utterly undermine the rule depending on how it is interpreted.

**See also: Justin Peters’ article critiquing Science’s defence of their business model; a piece from Aaron Swartz’s  former colleagues at The Baffler; the very useful bibliography regarding Sci-Hub/LibGen maintained by Stephen Mclaughlin.

May 31, 2016 Posted by | /, books, copyright, Piracy | | Leave a comment

Cyberspace – the Fifth domain of Warfare?

Spotted this today in Treptow, it reads:

“Germany’s freedom is also defended in cyberspace. Do what really counts.”

As you may have guessed, it is part of an advertising campaign launched by the German army to recruit people with IT training.





April 30, 2016 Posted by | / | 2 Comments

Demystifying AdTech

Critical discussions about tracking, targeted advertising, surveillance capitalism seem to easily stray onto the terrain of paranoia and speculation. Cookies are associated with an inchoate but rather mild evil and almost no-one can explain how they produce their odious effects.

Cookies, however, are only the first hurdle in understanding the much more opaque universe of AdTech. This is a poorly understood world in part because it is rather new and has yet to assume a stable shape. The industry is dominated by companies which are far from being household names, and they describe themselves in terms of roles which are not easily grasped – demand side platforms, data management platforms, ad exchanges etc. The jargon accompanying the recreation of the advertising pipeline for real-time delivery is just the surface manifestation of a complex technical system. Little wonder then that most people in the advertising industry itself don’t get it, never mind us mortals (aka ‘targets’ and ‘waste’)  who are being bought and sold billions of times a day.

The trade press is a great source of information, as are company blogs, and even the mainstream media occasionally does something decent, but mostly it’s fragmented. Of course there’s a copious academic literature, mostly coming out of computer science, if you want to get into the detail. But for an overview one could do a lot worse that a to look at a report produced by the Norwegian Data Protection Authority last December, titled “The Great Data Race” (mercifully in English). The first half of the report (particularly pages 10-29) provide a good breakdown of the new division of labour, examine how data is collected and breakdown the actual process of ‘programmatic buying’ and real-time bidding.

For more of the context as well as a rich documentation of the consequences of the new orthodoxy, I’d recommend the work of Joseph Turow, and his book the Daily You.

February 29, 2016 Posted by | /, advertising, Data Protection, databrokers | | Leave a comment

The Hymn of Acxiom

somebody hears you. you know that. you know that.
somebody hears you. you know that inside.
someone is learning the colors of all your moods, to
(say just the right thing and) show that you’re understood.
here you’re known.

leave your life open. you don’t have. you don’t have.
leave your life open. you don’t have to hide.
someone is gathering every crumb you drop, these
(mindless decisions and) moments you long forgot.
keep them all.

let our formulas find your soul.
we’ll divine your artesian source (in your mind),
marshal feed and force (our machines will

to design you a perfect love—
or (better still) a perfect lust.
o how glorious, glorious: a brand new need is born.

now we possess you. you’ll own that. you’ll own that.
now we possess you. you’ll own that in time.
now we will build you an endlessly upward world,
(reach in your pocket) embrace you for all you’re worth.

is that wrong?
isn’t this what you want?

-Vienna Teng


December 31, 2015 Posted by | databrokers | Leave a comment

Knowledge is born free, yet is everywhere in chains…

On November 2nd the Southern District Court of New York granted Elsevier a preliminary injunction against Library Genesis for copyright infringement. The site is online repository of texts mostly, but not uniquely, of educational character, accessible to all. The defendant, Alexandra Elbakyan, never appeared in court but did submit a letter to the Judge explaining the reasons for the site, it’s worth reading. Library Genesis remains active for now and for technical reasons will be more difficult to kill than the last target of knowledge prohibition,, which was shut down in February 2012.

Supporters and advocates for free and open access have issued a statement in support of LibGen which is also a Manifesto sorts.

# In solidarity with Library Genesis and Sci-Hub

In Antoine de Saint Exupéry’s tale the Little Prince meets a businessman who accumulates stars with the sole purpose of being able to buy more stars. The Little Prince is perplexed. He owns only a flower, which he waters every day. Three volcanoes, which he cleans every week. “It is of some use to my volcanoes, and it is of some use to my flower, that I own them,” he says, “but you are of no use to the stars that you own”.

There are many businessmen who own knowledge today. Consider Elsevier, the largest scholarly publisher, whose 37% profit margin[^1] stands in sharp contrast to the rising fees, expanding student loan debt and poverty-level wages for adjunct faculty. Elsevier owns some of the largest databases of academic material, which are licensed at prices so scandalously high that even Harvard, the richest university of the global north, has complained that it cannot afford them any longer. Robert Darnton, the past director of Harvard Library, says “We faculty do the research, write the papers, referee papers by other researchers, serve on editorial boards, all of it for free … and then we buy back the results of our labour at outrageous prices.”[^2] For all the work supported by public money benefiting scholarly publishers, particularly the peer review that grounds their legitimacy, journal articles are priced such that they prohibit access to science to many academics – and all non-academics – across the world, and render it a token of privilege[^3].

Please read the rest at their site.


November 30, 2015 Posted by | /, books, copyright | Leave a comment

Adam Curtis in Berlin

The documentary maker Adam Curtis was at the Hebel Am Ufer theatre in Berlin this weekend. There were screening of his films Bitter Lake and the Century of the Self (and the selection prefigured the arguments that he was to make), but the main events were a lecture and two public dialogues, one of which with the leftwing critic Mark Fisher. Contrary to what one might expect there isn’t much online of Curtis speaking about his work, so I went to check it out.

From the outset he insisted on positioning himself as a journalist rather than filmmaker, and he consistently emphasized the value of narrative, the importance of stories, especially as regards political movements’ capacity to inspire and shape the materialization of new worlds in times of crisis (i.e. opportunity). Questions focused on more formal aspects of documentary production were pooh-poohed: filmmaking choices were tersely explained as being either a matter of personal preference, an intentionally self-evident result of the propaganda approach, or simply  more economic to produce,

It turned out that what Curtis wanted to talk about was the failure of liberals and the liberal left (amongst whom he counts himself) to achieve ‘real change’, their inability to imagine another type of future as embodied in the defeat of the Tahir Square and Occupy rebellions. Instead he described the descent into ‘oh dearism’, or the posture of impotently observing one disaster after another with no idea about how to intervene, to end or ameliorate the situation. He links this to the end of the era of mass democracy, where organizations made alliances and formed blocks capable of confronting embedded power structures meaningfully, and the failure to find any analog in a time where the basic unit of politics is not the collective but the individual.

This segues nicely into the thesis of The Century of the Self, whose second half tells how the defeat of the new left/counterculture of 1968 led to retreat by that generation into technologies of the self and a turning away from society. Curtis curses the new left for painting all politicians as corrupt, and sees this as both a simplification and a precondition for the refusal of politics wholesale by what he calls ‘hippies’. Later he remarked how radical it would be to make a series about the ‘nobility of politicians’ as a necessary upending of this cynical attribution of corrupt motives to all politicians. This judgement is seen by him as both a simplification of the facts and an abiding impediment to the organization of meaningful political action.

Century of the Self chronicles the emergence of a new type of social actor/subject, whose sense of their own centrality represents a decisive break with the type of collective subject of the era of mass democracy. Now individuals are said to require that they be addressed in a more persona manner, they grant inflated importance to self-expression, and seek their own personal utopias – as one interviewee characterizes it, their aim is ’socialism in one person’.

Curtis sees this personality type as representing the vital battlefield for political struggle in this time. He condemns the ‘left’ for failing either to appreciate it or find ways to appeal to it. His prescription is always the same: the crucial failure is the inability to imagine a future and convey it in a form which this new type of individual can find compelling and persuasive. What the form of this storytelling might be was left almost entirely unspecified, but we were told that it was to exclude economics, because it was ‘boring’; the mere mention of collateralized debt obligations would make people’s eyes roll in a stupefied mixture of bafflement and tedium. Simultaneous with this rejection of ‘wonk-ery’ however, he repeatedly decried the tendency towards simplification and worried that were a major crisis to occur, not only would the political vision be found wanting but the individuals would find itself confronted with a level of complexity so unfamiliar as to be irresolvable.


October 31, 2015 Posted by | / | 1 Comment

Baking Privacy and User Choice into the Web with Do Not Track

Today the EFF announced the adoption of its Do Not Track (DNT) policy by the adtech company Adzerk, they are the first advertising company to sign up to a meaningful DNT policy and their involvement will have two immediate consequences.

1. Companies have claimed that the technical obstacles to implementing DNT in the ad environment are insurmountable; they no longer have this alibi. On a more positive note, there is also reason to believe that other ad companies will emulate Adzerk’s example.

2. It puts in place another piece of scaffolding for those publishers considering DNT adoption but unsure how it can be implemented. Offering a version of the site where users are not tracked means reviewing all the third parties used on the site, many of which gather user data: analytics, embedded video hosts, social network ‘like’ buttons, and of course *ads*. These sources of data leaks to third parties need to be disarmed rather than gotten rid of entirely (something users’ expectations will not allow). Adzerk doesn’t supply ads themselves, but it provides the infrastructure for their delivery. As more publishers adopt DNT, it will become easier to convince advertisers that this is an audience worth addressing.

Whilst a lot of attention has been given to online tracking the responses have so far been ineffective. The relevant W3C working group failed to reach a compromise that would change industry practice voluntarily, whilst regulators appear unwilling to take on a sector which has grown during an otherwise lackluster economic period. Where legislation has been tried, the results have been ineffective (e.g. the ‘Cookie Directive’ in Europe). The EFF’s DNT effort aims to construct an alternative ecology where privacy protection and informed user choice is the design imperative behind modified services, and to overcome the engineering obstacles to that objective a step at a time.

September 30, 2015 Posted by | / | Leave a comment

Party Like it’s 2000: Revisiting Crypto

At the time when I first studied law, my interest in technology was entirely separate and parallel. On just one occasion they intersected, due to the requirement of a note from one’s tutor stating that the requested email address/shell account was necessary for purposes of scholarly activities; in those days emails were issued automatically only to maths and computer science students, everyone else had to demonstrate that they needed one.

There followed many all night sessions in the computer labs (the only buildings open 24 hours!) and conversations with nerds who began to drop in to the bookshop where I worked. Sometimes this just meant riffing about the exotic ideas encountered on Usenet (Ireland was seriously theocratic and very insular), but inexorably discussion would return to speculation on the political consequences of the new medium in two areas: copyright and surveillance/political control.

So when I later decided to return to law, it was natural to focus on these conflicts. My emphasis was originally on cryptography. In retrospect I guess this is because that moment was a kind of peak of political absurdity. Encryption technologies were still classed as dual use technologies by government, meaning that they had both civilian and military applications, and were thus subjected to a special regulatory regime limiting their export. At the same time the encryption software PGP (Pretty Good Privacy) was available for download from the net in flagrant breach of US export controls – the International Traffic in Arms Regulations (ITAR). Daniel Bernstein was challenging the constitutionality of these arrangements in the US while Phil Karn was filing requests with the US State Department to check whether a book, Applied Cryptography, and accompanying floppy disk were subject to export restrictions; it turned out the book wasn’t and the floppy was (I got a copies from amazon and never used either!).

Investigative journalist Duncan Campbell had already uncovered the first bits of information about a surveillance dragnet called Echelon. Meanwhile the US government had spent years trying to inject compromised encryption systems via hardware into the public’s computers and phones via its Clipper Chip proposal. This would have provided law enforcement with a side-door entrance to encrypted communications on foot of a warrant obtained as part of an investigation, but required that the secret keys necessary for this be stored at a location accessible to the police. Were they to be excluded from access to plaintext, we were told, the consequences would be dire: the four horsemen of infocalypse – terrorists, drug dealers, paedophiles and money-launderers – would ride forth unleashing their villainy on the innocent. A little later there was an international scandal involving a shady Swiss firm called Crypto AG, who were supplying compromised encryption systems to governments. When the exploit was revealed the Vatican was the first ‘user’ to change its system. … In short, these were exciting times, the rock and roll period of the so-called crypto wars.

Absurdly it was still possible then to imagine a field of ‘computer technology and the law’: the number of users was still small; the legal disputes actually reaching a judge were few: even the range of devices was limited. I gobbled it all up: digital signatures, data protection and copyright. Then I came across articles about Digital Rights Management systems and realized that where I had imagined a politically mobilized populace embracing PGP to engage in oppositional politics, it was more likely that users would encounter encryption as a lock preventing them from having access to the media cookie jar. Whereas the inability of governments to prevent civilian access to strong cryptography was foretold, the copyright and allied industries (mostly in the patent and trademark sectors) were well-organised, and had achieved considerable success in rewriting the law at both domestic (DMCA, European Copyright duration Directive) and international levels (GATT-TRIPS, WIPO-WCT). Thus in the United States the DMCA made it an offense both (a) to produce and distribute tools for the circumvention of DRM access controls on media and (b) to engage in the act of circumventing itself – irrespective of whether a breach of copyright occurred.

But the copyright industry’s victory turned out to be easier at the level of lobbying and legislation than it was in reality once these technologies were released into the wild. The dream of perfect technological control turned out to be a mirage. Worse, the internet ensured that once an access control technology was defeated once, it was effectively defeated everywhere, as the developers of the protection systems for DVDs and digital music formats were to discover at some expense. In 1999, just as the means to neutralize the DRM on DVDs was being made public, Napster, the first p2p system, appeared on the scene.

Thus at the turn of the millennium the struggle for public access to strong cryptography seemed to have been won, and the copyright industry’s efforts to retain control of distribution seemed to be skidding on the black ice of technological history. Such was the mood in January 2001 when Steven Levy’s celebratory account, Crypto, was published, with the unfortunate subtitle ‘How the Code Rebels Beat the Government Saving Privacy in the Digital Age ‘. By year’s end that tune would appear mistaken.

To be continued.

November 30, 2014 Posted by | / | Leave a comment