Tag: Law

Categories
Aside Links

The Tyee

Via The Tyee:

Last September I filed FOIs that got me blacklisted for a time, depriving voters of facts they deserve.

You should read Bob’s article in case you’re curious about why the press, academics, and active citizens laugh at the ‘transparency’ into government operations made possible by access to information, or freedom of information and access, laws.

I would note: one of my colleagues has had a federal access request open for seven years at this point. Our work on license place recognition equipment, at the federal level, has been open almost two years, with no end in sight. There have been repeated ‘inappropriate’ (read: illegal, except it’s not illegal if the police do it, right?) closures of our file, and personal involvement by the federal information commissioner.

ATIP and FOI laws are a joke, and a bad ones at that.

Categories
Links Writing

Privacy Policies Don’t Need to Be Obtuse

Peter Fleischer has a good summary piece on the (miserable) state of online privacy policies today. As he writes:

Today, privacy policies are being written to try to do two contradictory things.  Like most things in life, if you try to do two contradictory things at the same time, you end up doing neither well.  Here’s the contradiction:  should a privacy policy be a short, simple, readable notice that the average end-user could understand? Or should it be a long, detailed, legalistic disclosure document written for regulators?  Since average users and expert regulators have different expectations about what should be disclosed, the privacy policies in use today largely disappoint both groups.

(…)

The time has come for a global reflection on what, exactly, a privacy policy should look like.  Today, there is no consensus.  I don’t just mean consensus amongst regulators and lawyers.  My suggestion would be to start by doing some serious user-research, and actually ask Johnny and Jean and Johann.

I entirely, fully, wholeheartedly agree: most policies today are absolute garbage. I actually read a lot of them – and research on social media policies will be online and available soon! – and they are more often than not an elaborate act of obfuscation than something that explains, specifically and precisely, what a service does or is doing with the data that is collected.

The thing is, these policies don’t need to be as bad as they are. It really is possible to bridge ‘accessible’ and ‘legalese’ but doing so takes time, care, and effort.

And fewer lawyers.

As a good example of how this can be done check out how Tunnelbear has written their privacy policy: it’s reasonably accessible and lacks a lot of the ‘weasel phrases’ you’ll find in most privacy policies. Even better, read the company’s Terms of Service document; I cannot express how much ‘win’ is captured in their simultaneously legal and layperson disclosure of how and why their service functions as it does.

Categories
Quotations

2013.4.7

You should get out of town”, the man said.

And so began the journey that resulted in my path intersecting with Matthew Duncan’s path. And thence to these reasons, with a slight detour through territory that might have confused Lewis Carroll.

I suppose that I should clarify that there was no menace in the man’s directive to me to get out of town. He was a friend and a colleague in two careers. His suggestion had been that he and I should change positions for a fortnight, giving him exposure to the realities of the northern reaches of Toronto, while I would enjoy a similar change of environment in the more sylvan environs of Niagara Region. I might even see a few plays in the evenings, he pointed out.

And thus I came to meet Mr. Duncan.

At heart, Mr. Duncan’s case was unremarkable. A minor alleged Highway Traffic Act offence led to a police-citizen interaction in the parking lot of Mr. Duncan’s apartment building in the wee hours of the morning. A request that Mr. Duncan produce his licence led to an alleged refusal, which led to an attempt to arrest him, which led to a struggle, which was captured on a very poor quality video taken on a mobile phone, at the end of which Mr. Duncan found himself being placed under arrest for allegedly assaulting a police officer. Nothing unusual in all that. The bread and butter of provincial court.

Of course, I hadn’t counted on the freemen on the land.

Ontario Court of Justice, “Between: Her Majesty The Queen AND Mathew Duncan

Seriously: this is an absolutely hilarious provincial court decision. Worth skimming (at least!) for the laughs.

Categories
Quotations Writing

“Commercially Friendly” Privacy Rules

Dr. Pentland, an academic adviser to the World Economic Forum’s initiatives on Big Data and personal data, agrees that limitations on data collection still make sense, as long as they are flexible and not a “sledgehammer that risks damaging the public good.”

He is leading a group at the M.I.T. Media Lab that is at the forefront of a number of personal data and privacy programs and real-world experiments. He espouses what he calls “a new deal on data” with three basic tenets: you have the right to possess your data, to control how it is used, and to destroy or distribute it as you see fit.

Personal data, Dr. Pentland says, is like modern money — digital packets that move around the planet, traveling rapidly but needing to be controlled. “You give it to a bank, but there’s only so many things the bank can do with it,” he says.

His M.I.T. group is developing tools for controlling, storing and auditing flows of personal data. Its data store is an open-source version, called openPDS. In theory, this kind of technology would undermine the role of data brokers and, perhaps, mitigate privacy risks. In the search for a deep fat fryer, for example, an audit trail should detect unauthorized use.

Steve Lohr, “Big Data Is Opening Doors, but Maybe Too Many

So, I don’t really get how Pentland’s system is going to work any better than the Platform for Privacy Preferences (P3P) work that was done a decade ago. Spoiler alert: P3P failed. Hard. And it was intended to simultaneously enhance users’ privacy online (by letting them establish controls on how their personal information was accessed and used) whilst simultaneously giving industry something to point to, in order to avoid federal regulation.

There is a prevalent strain of liberalism that assumes that individuals, when empowered, are best suited to control the dissemination of their personal information. However, it assumes that knowledge, time, and resourcing are equal amongst all parties. This clearly isn’t the case, nor is it the case that individuals are going to be able to learn when advertisers and data miners don’t respect privacy settings. In effect: control does not necessarily equal knowledge, nor does it necessarily equal capacity to act given individuals’ often limited fiscal, educational, temporal, or other resources.

Categories
Aside

Swartz vs Rapists

Now, the charges against Aaron were reported …poorly…insofar as individuals don’t tend to get all the charges piled onto one another when it comes time to sentencing. But still, he was looking at upwards to ½ the time the rapists are facing.

He was facing up to 35-years in prison. What are you talking about?

Orin Kerr walks through (see: http://www.volokh.com/2013/01/16/the-criminal-charges-against-aaron-swartz-part-2-prosecutorial-discretion/) how the charges likely would have unfolding had Aaron’s defense…and appeals…failed. My comment on sentence was a reference to the plea that was on the table (3 months, then 6 months).

(As a note: my comment isn’t meant as either supporting the prosecution of Aaron or the sentencing of the rapists.)

Categories
Quotations

2013.3.19

So even in the worst cases, free products don’t usually end too badly. Well, unless you’re a user, or one of the alternatives that gets crushed along the way. But everyone who funds and builds a free product usually comes out of it pretty well, especially if they don’t care what happens to their users.

Free is so prevalent in our industry not because everyone’s irresponsible, but because it works.

In other industries, this is called predatory pricing, and many forms of it are illegal because they’re so destructive to healthy businesses and the welfare of an economy. But the tech industry is far less regulated, younger, and faster-moving than most industries. We celebrate our ability to do things that are illegal or economically infeasible in other markets with productive-sounding words like “disruption”.

Marco Arment, “Free Works
Categories
Aside Humour

American Surveillance Catch-22

Categories
Quotations

2013.3.3

Being crass should not be a crime, but that’s essentially what Andrew Auernheimer was convicted of. This was the case where AT&T accidentally published the emails and device ideas of the first iPad customers. Andrew downloaded them and published proof of the problem to Gawker. His “coconspirator” pled guilty, testified against Andrew, and provided private emails to prosecutors that “proved” Andrew’s bad intentions. These emails disclose things like Andrew talking about stealing the information and wanting to profit from the event. That made his simple actions look very nefarious.

But that’s how we in the cybersec community always talk. When we find cybersec problems, we dream of the worst ways we can be horrible people and exploit them. If you listened to any of our private conversations, you’d be convinced that we were all secretly one step away from triggering World War III.

I’m pretty sure had I been in Andrew’s place, the prosecutors would’ve found much worse to hang me by. Indeed, you’ll find much in my public Twitter feed and blog posts to convict me of. When the Mars Curiosity Rover landed last August, and the first pictures arrived from the planet, I was about to tweet the URL to view those pictures. But the site was already failing under the load of all the nerds worldwide getting those pictures. Therefore, I changed my tweet to comment on the fact that this was essentially a DDoS attack – the sort of attack that activists do against large corporations they don’t like. I therefore made the humorous tweet “Join our DDoS against NASA and click” on their website.

Of course, I’m not against NASA, nor do I think anybody else is. I can’t imagine why anybody would want to DDoS them. It should be obvious that my tweet is humor. But, prosecutors taking this out of context might use it to try to convict me, to prove to jurors of my evil intent.

Robert Graham, “Context matters: we only appear to be blackhats
Categories
Links

TarenSK: DOJ admits Aaron’s prosecution was political

tarensk:

Even if Aaron’s intention was in fact to distribute the journal articles (to poor people! for zero profit!), that in no way condones his treatment.

But the terrifying fact I’m trying to highlight in this particular blog post is this: According to the DOJ’s testimony, if you express political views that the government doesn’t like, at any point in your life, that political speech act can and will be used to justify making “an example” out of you once the government thinks it can pin you with a crime.

Talk about a chilling effect on freedom of speech.

Chilling of speech is very, very real. And the things we’re learning in the aftermath of Aaron’s death only amplify concerns.

Categories
Quotations

2013.1.19

It’s not good to be on Power’s bad side, however. When you are on that side, Power piles on charges rather than shrugging off felonies as simple mistakes. Especially if what you do falls into the gray area of enforcing the letter as opposed to the principles of the law.

You can file all the petitions you like with the powers that be. You can try to make Power –whether in the form of wiretapping without warrants or violating international conventions against torture — follow its own laws. But Power is, as you might suspect, on the side of Power. Which is to say, Power never pleads guilty.

Ryan Singel, “Aaron Swartz and the Two Faces of Power