It was the 3rd of March 2011. South Korea was under attack. A ddos attack, but not your average ddos attack, in fact, it was no ddos attack at all. It was an attack targetting social networks, banks, businesses and private citizens infecting them with a worm wiping the harddisks of infected computers and then self-destruct.
It was the 7th of July 2009. South of Korea was under attack. A ddos attack, but not your average ddos attack, in fact, it was no ddos attack at all. It was an attack targetting social networks, banks, businesses and private citizens infecting them with a worm wiping the harddisks of infected computers and then self-destruct.
The observant reader will have seen by now that these numbers boil down to 3.3 and 7.7, an observation also made by Korean openweb activist Keechang Kim.
Why would a worm herder kill off her worms? And why is there no political nor economic message attached to the attack? A surprise attack, like Hannibal and the elephants emerging from the mists of the Alps. Well. It’s a second surprise attack and you would expect war elephants to work only once. In the case of anything involving computers this is not so. Virii, for instance, have made governments and computer users insecure since the dawn of time. I don’t know what to make of the fear against Stuxnet, for instance. Technically the only thing it does is make a reactor unable to produce refined fissionable material for possible nuclear weapons. By attacking, as far as I understand, SCADA systems that are anyway not secured very well. Instead of securing SCADA systems, the fear makes governments want regulation. We think. Why?
A reader with good memory will have remembered by now that the French internet authority HADOPI last year suggested a universal piece of (open source) software installed on all French computers to help users determine whether they are in fact downloading copyrighted material or not. I guess you’d have to be pretty informed to know that there was a similar proposal in South Korea pursued happily by an ambitious government in 2009, called the Zombie PC Prevention Act. See, I am very concerned about the EU-South Korea FTA effects on European internet policies, and many Korean activists (most notably IPLeft) are similarly concerned about the US-South Korea FTA effects on Korean internet policies. But this is not a free trade agreement. It’s an own-initiative report.
Popular support is rising for a helpful Zombie PC Act giving a government-controlled authority the mandate to access and scrutinize commercial, official and private datasystems. The authortity will help the government determine if the system is infected by any potential virus. Lacking appropriate anti-virus software shall, according to the bill, lead to repercussions.
The Luxembourg National Library sees as its mission to preserve and archive old newspapers. They already have a large collection of old newspapers online, dating back to the mid-1800’s. You can search for them, read them (they have this superdreary, really old font and the text is luxembourgian so I can mostly appreciate the aesthetics – of having the train times printed at the top right corner!). Train for Brussels departs at 13:10 on Saturday afternoon. Now. They papers are no longer copyrighted. Other papers are. De Spiegel or Le Monde from the 1950’s for instance. They’re digitizing them as well though, hoping that no one will file a lawsuit (class action? when manymany file at the same time?), and if someone does they’re more or less fucked. So they hope no one cares – he says.
They would need extended collective licenses in two countries: France, and Germany. And Luxembourg and Belgium wouldn’t wrong either, so that’s four. It’s a bit inconvenient for them to manage, so this man was saying it would be easier for them if their activities were legalised by a harmonised European legislation. This is, of course, not possible, because the Union doesn’t really have competence in that specific area. They can only stress competition and collaboration (under surveillance). And this is not possible anyway, because there are no extended collective licenses in France, Germany, Luxembourg or Belgium.
Some time after La Quadrature’s endorsement of Philippe Aigrain’s model of collective cultural sponsorship I thought, people who live in countries where the going has gone really tough, like France, must be more likely to look for a politically feasible quick fix. Philippe Aigrain’s book is not really along those lines, though.
Who will be compensated for what and how are the wrong questions to ask, I think. No kind of fee, tax, flat or not, can be considered compensation. It’s rather about what you want to achieve. You start by setting up a goal, then you work your way there.
There is Flattr, which is rightly considered a very convenient granular financing system for blogs or written material at large. It had the goal of creating a micro-donation system, and the system is widely adapted for almost every blog I know, or care to read, in Sweden.
But more problem formulation:
We know that there is much money in culture. The money is distributed very unevenly. This seems suboptimal if we want a big variety of culture(s) to grow and prosper.
We also know, presumably, that copyright is dead. By analogy, so must related rights be. It seems stupid to perpetuate an uneven distribution of money based on (actually by definition human) rights that don’t exist. So if there is much money in culture it needs to be distributed in a way that is not rights-based. An example of which is… Flattr.
I would boldly state that there is much culture that is not being sponsored by Flattr or its members. Perhaps culture that wont be sponsored by anything Flattresque even. If we’ve been going for a very simple compensation-issue in the past, we’ll be heading for a much more complicated sponsorship or promotion issue in the future. Compensation and remuneration is like… A one-way deal. Sponsorship and promotion can take all sorts of forms. I imagine.
The problems of justice and the solution to all our problems (hark and hear the angels!) are not really my primary, present concern. I know that I’m weak-hearted and soppy and all of that, but licensing issues for archivers are actually a problem. Other statements supporting that claim were, for instance, made at the e-Commons conference in Amsterdam last year. It’s a bit heartless to expect them to collect licenses from each and every individual who’s ever made anything that might be worth saving in an archive or a library. It’s slightly less horrible to create a system wherein which they have to keep track of who’s a member of which organisation and what kind of deal they have with that organisation. The least cruel option is probably making sure there is only the one license that is paid somewhere and then someone else can sort the problem. Librarians and archivers are in the business of librarianing and archiving. It’s good if they can do that, instead of worrying about lawsuits or creating massive databases of potential copyright holders.
I’m not heartless enough to wait for them to go down while we’re waiting for the regulatory revolution in copyright legislation to come. It’s like. It’s here. It causes huge problems. Deal with it.
er att Anna Troberg blockerats från arbetsplatser på grund av sin sex appeal. Jag förstår visserligen var anklagelsen kommer ifrån men påminns också om något jag velat skriva ett tag.
För inte så länge sedan skrev Bruce Schneier om konsumenten som hot mot företaget. Det stora problemet för Apple är inte att folk hotar företaget utifrån. Tvärtom har dominerar de sin marknad mer än vad som rimligtvis kan vara önskvärt. Hotet kommer istället från de egna konsumenterna som kan införskaffa till exempel skruvmejslar.
Schneier fortsätter med vitlistor vs svartlistor. På en arbetsplats eller skola kan det vara rimligt att använda vitlistor istället för svartlistor för att i största möjliga mån skydda sin infrastruktur. Det lär inte skydda mot när vanligtvis pålitliga sidor drabbas av hackattacker (till exempel Sourceforge(!!)) men man kan i alla fall minska risken att råka ut för något (antar jag).
Ett större problem är när nationalstater vill skydda sin inrastruktur eller ekonomi genom att blockera till exempel domäner eller IP ranges. Ett sådant förslag verkar finnas i Österrike, och jag vet att kommissionen har nosat på tanken i Stockholmsprogrammet. Jag tror att reds under the bed kan vara en bov i dramat. Sveriges utrikesminister är ganska rädd för monster under sängen och lägger gärna in små nålstick mot vår stora granne i öst på sin blogg.
Jag är lite osäker på hur man tänker sig blocka bort Ryssland från internetkartan efter att Ryssland gått med i Världshandelsorganisationen, vilket ser ut som att det är relativt snart. Men vi kan ju i alla fall roa oss med Iran eller Zimbabwe. Varför vi nu skulle vilja göra det när internet är källa till så mycket demokratisk aktivism i båda länderna.
Spanska Asociación de Internautas har för övrigt lämnat över ett kritiskt brev till USA:s ambassadör i Spanien och likställt Sindelagen (som jag skrivit om här, här och här) med den censur som Spanien utsattes för under Franco-regimen. Nu är det lite svårt att avgöra vilken tyngd Franco-referenser innebär för nya generationer av spanjorer, men lägg märke till att El País och El Mundo fortfarande rapporterar om varje massgrav från inbördeskriget som hittas.
För att återkoppla till Annas skönhet har The Register också publicerat en utmärkt text om det sanna användningsområdet för Comic Sans.
Not a lot of people think about it, but the evaluation of the present data protection directive consultation from the European Commission is by far one of the most important missions we’ve had in the past two years.
— Experienced telecoms activist
After the PNR and SWIFT discussions in the European Parliament there’s no doubt that the parliament is conscious about data protection, and particularly the differences between American data protection and the European. The biggest difference is bound to the American indirect protection of private data through Supreme Court jurisprudence on the right for individual autonomy. Another major difference is that American data protection is only extended to people protected by their constitution, that is, citizens of the united states. European data protection, on the other hand, is a human right and applicable to all private data handled automatically or otherwise inside the European geographical jurisdiction.
For being a territory handling a lot of private data, it is not difficult to be concerned with how private data is treated inside the American borders (although we should probably extend this concern to China).
But well. The SWIFT discussions had a largely disappointing outcome. But there is hope for change! The European Commission opened a consultation on the 1995 Data Protection Directive late autumn last year. In the case that the result is critical of the implementation outcome we might see attempts on more stringency with respect to privacy rights. I have a slight hunch that further efforts will be made for technological or medium independence, which of course may be problematic. I do not know how, suggestions? Be paranoid.
European politicians at large feel a duty to protect private data. It is trendy in politics right now, even for ambitious protect that leads to less desirable results.
The biggest problem with all directives, though, is the ability of member states to fulfill formal requirements but fail in the work of upholding them. Regulatory authorities in data protection sometimes behave very similarly to telecommunications regulatory authorities and become far too passive in their work to uphold the law. This is true for instance in Ireland and in the Netherlands, where the regulatory authorities exist, but their work is marked by lack of action, or lack of authority to act on perceived failures in the data handling system. Lack of action and lack of authority is present in Ireland and the Netherlands. This is perhaps good to keep in mind for people who make commercial contact with Ryanair.
In Sweden, the regulatory authority Datainspektionen can hardly be accused of lack of action. I do remember Pirate Party member SM5POR pointing out some years ago that their interpretation of certain provisions of the law or the directive may be less conventional or practical (may he correct me if I have misunderstood). The data protection authority has apparently not been interpreting their mission narrowly, but rather exceptionally widely (although I am unsure of what measures they can take when they discover flaws in data handling processes). However, I don’t think criticism against an ambitious authority is not best applied in further legislation, but rather discussions with the authority at hand about their mission. Swedish regulatory authorities tend, further, to be very pragmatic and there is no reason to suspect that their work will be less efficient due to ambitious mission statements.
Germany, like Sweden, has implemented the regulatory authority constitution rather well. The authority is very able to make independent observations and criticisms of legislator and private actor compliance with data protection laws (Germany also has the additional protection from the constitutional court). They keep informed of who protects data, when and how.
A common implementation failure in member states is that the regulatory authority is not made financially or operationally independent of state authorities. It makes it difficult for the regulatory authority to criticize state actions, and is perhaps a point where the Commission ought to take stronger, and more frequent, action.
As the dead line for the consultation submissions is drawing closer (January 12), I’ve also pondered the difference between identification systems versus authentication systems, but I’ll leave it for a blog post for tomorrow.