Privacy and the Encryption Puzzle

It’s safe to say that we have come a long way since the first mobile phones. No more clunky, low battery, single function, brick-like phones. No, today’s phones are tools for everyday living, whether it be sharing photos with your family and friends, paying your bills through online banking, or purchasing your favourite items on the Amazon app. Whatever the need, your phone has got you covered. While mobile phones are but one of the many many gadgets we use on a daily basis it encapsulates so much of our personal lives into one small and ultra-accessible device, so the question arises: what if the wrong person had access to all this? Well, this is where encryption comes in, the ultra-tech puzzle like cypher which keeps all of that content safe and sound (I think.....) 

Well, maybe they aren’t so secure 

Like here:

https://www.wired.com/2017/03/whatsapp-hack-shows-even-encryption-apps-vulnerable-browser/

Or here:

https://thehackernews.com/search/label/Vulnerability

Oh, here too

https://www.bloomberg.com/news/articles/2017-11-22/uber-hack-shows-vulnerability-of-software-code-sharing-services

A major point of focus in a post 9/11 world for encryption is whether governments should be allowed to compel private companies in granting them access keys to circumvent encryption in the public interest (e.g. prevention of terrorist attacks etc). This is actually an ongoing row between the FBI and Apple as John Oliver points out in the video below :

Some points to consider from the above video: Giving government such power could potentially go against the public interest of privacy (imagine an Orwellian reality where big brother is always watching). Additionally, a question that also arises is whether other parties would not then be able to get access to these backdoors to encryption? Which is essentially a similar argument to one of my recent posts on the Wannacry ransomware. If there is potential for 3rd parties to access government created backdoors, there would be a potential for the same situation to arise in relation to encryption backdoors. How then do we balance policy concerns, do we set aside our public security in return for our privacy? 

Maybe the question isn’t about privacy or security but rather how to find a balance between both.......

Re-Blog : Behavioural tracking: You’re being stalked across the web

http://www.macleans.ca/economy/business/behavioural-tracking-youre-being-stalked-across-the-web/

‘While the industry, which generates some US$31 billion annually, describes behavioural tracking as a “win-win”—advertisers enjoy more click-throughs while web surfers see more ads for things they might actually be interested in—privacy advocates warn it’s all taking place behind the scenes without people’s knowledge and little regulatory oversight, raising the potential for abuse. They also scoff at industry claims that users’ anonymity is being protected because cookies track computers, not people. We live in an age where the web is increasingly accessed from personal devices like iPhones and iPads and is used for everything from personal banking to diagnosing potential health issues.’

The video below is a great Ted talk by Gary Kovacs. He explains how our internet browsing is analogous to Hansel and Gretel and the act of leaving breadcrumbs in the forest. This is apparent in how items are marketed to us online, or how plane ticket prices increase once the ticket website has tracked our interest in a certain location, or even when apps use our locations to show interesting events around us. 

While this may have its positives an argument can definitely be made in giving users more information about what they are actually providing websites in terms of information. In the end, do we really know how much of our privacy we retain after a web visit?

Re-Blog : WANNACRY RANSOMWARE SHOWCASES GOVERNMENT’S DISDAIN FOR CYBERSECURITY

https://www.technollama.co.uk/wannacry-ransomware-showcases-governments-disdain-for-cybersecurity

‘But perhaps one of the most interesting aspects of the WannaCry attack is that it serves as a reminder of why we should continue to deny those who favour the creation of government-mandated backdoors to technologies‘

There is an interesting argument in this article relating to the prevention of backdoor access and decryption for government institutions in the effort to prevent wide-scale digital attacks. The reforms made to the Computer Misuse Act 1990 most notably the granting of immunity for intelligence officers and police from the provisions of the act, raise concerns as to whether generating exploits can prospectively aid hackers in utilising them. Is the Act really addressing the problem correctly here? Or will the exception for law officials generate further hacking tools which can then be leaked and exploited by hackers? (as seen in the USA). 

More info here 

https://www.scmagazineuk.com/update-gchq-and-police-hackers-protected-by-revised-computer-misuse-act/article/537065/

https://www.linklaters.com/en/insights/publications/tmt-news/tmt-news---june-2017/uk---reflections-on-the-wannacry-cyber-attack

http://www.wired.co.uk/article/gchq-hacking-legal-secret-change-in-law

Re Blog: EU Copyright Reform: Outside the Safe Harbours, Intermediary Liability Capsizes into Incoherence

http://copyrightblog.kluweriplaw.com/2016/10/06/eu-copyright-reform-outside-safe-harbours-intermediary-liability-capsizes-incoherence/

‘If the EU is going to harmonise accessory copyright liability (and I agree it should), it should give a lot more thought to the matter, adopt provisions in the main text of the legal instrument, not its recitals, and explain the logic behind its proposal much more convincingly. Why should providers be liable for the infringements that others have committed?’

Great article on the uncertain landscape of intermediary liability. Where art 15 of the E-commerce directive dismays attempts in asserting a general obligation to monitor by part of the ISP. The proposal for a new Directive on Copyright in the Digital Single Market seems to contradict the E-commerce Directive with filtering obligations that are not possible without general monitoring on the part of the ISPs’ (no more safe harbours as they become redundant in light of the proposal). The proposal’s filtering requirements under art13 (1) appear to be incompatible with the E-commerce Directive and The Fundamental Charter of Rights and demonstrate several contradictions with current EU law. 

The debate becomes whether the policy argument is ‘shifting from intermediary liability to intermediary responsibility.’ 

More on this on: https://www.law.ox.ac.uk/business-law-blog/blog/2017/04/reforming-intermediary-liability-platform-economy-european-digital

Re Blog - ACS Bore Troll Hunter  - Golden Eye International Ltd & TCYK LLC – The Court Jesters

Source:

https://acsbore.wordpress.com/2016/07/03/golden-eye-international-ltd-tcyk-llc-the-court-jesters/

‘ So where does this leave the poor unfortunate ISP subscribers who deny the infringement? Are any of these cases dropped? And when I say dropped, I mean have any of these ISP subscribers had official notification that their case has been dropped from either GEIL or TCYK? The answer again is NONE, NIL, ZIP…….NOT A SINGLE ONE.‘

Interesting read on the state of speculative invoicing, especially when coupled with the current debate on the effects that the Digital Economy Act 2017 might have in the encouraging of such practices. The article highlights several flaws with the most notable being that such threats never seem to be dropped (even with response letters claiming denial). Another point I’d like to bring up is whether Ofcom will have sufficient standards of evidence to actually be certain of who the actual infringer is? (IP address alone seems to certify nothing). 

For now, it seems like more power to the trolls........

At least it seems there is an awareness that such practices are parasitic in nature and go against general morality:

Lord Lucas SLAMS UK Copyright Trolls as PARASITES

Is Fair Use fair after all?

This week during one of my university classes we had the chance to touch on copyright and the internet. We were given a comparative outlook regarding Fair Use (USA) and Fair Dealing (UK) and we were given a chance to really put our brains to work in determining what system would better for content creators on the internet. 

Now, as a little background, Fair Dealing in the UK provides exceptions to copyright that allow the use of copyrighted work in a limited manner. These limited uses are permissible if they fall under the various exceptions laid out in the Copyright, Patents and Designs Act 1988. The more relevant ones in relation to content creators would be the Criticism and also the Parody Exception.

Yes, parodies like the kind Weird Al would make...... 

The major difference between this and the US Fair Use system is that Fair use is less restrictive in its approach, it’s flexible in the way that it allows every individual use to be assessed by its own merits. A sharp contrast from having a set list which could possibly not include every type of work out there. I mean, just think of the new and emerging content coming out on the internet every day, it’s difficult to really pin this down on the statute. An example is the fact that the parody exception was only added to the CDPA 1988 in the 2014 amendment! 

(Yes I know, that took forever right) 

But by now you must be thinking well clearly the best option is the free and flexible Fair Use right? 

Well...

That’s what I initially thought, but there’s one major flaw with Fair use in that it is super uncertain. Which means plenty of cases have to go to court, and many content creators online (especially those on YouTube) can’t afford to go to court so their legal use of content gets taken down and they lack the resources to fight back. 

So I did a little digging and discovered that this is an extremely major problem on YouTube at the moment, where a website made huge by content creators, actually facilitates the takedown of videos and enforces strict (and sometimes borderline illegal) copyright protection for holders. Videos clearly made for parody purposes or criticism get trampled on and there are very little content creators can do about it. 

This gives us a little bit to think on in terms of reforms and whether although fair dealing is restrictive perhaps it provides greater legal relief to online creators due it’s legal clarity? 

Also, I found a very informative video on the whole Youtube situation which you all might enjoy. This is coupled with another video of the Cool Cat case which really shows how ridiculous and ineffective Fair Use is within Youtube (You’ll have a laugh). 

Careful what you click! : Hyperlinks and Copyright

We’ve all been there.

That time you couldn’t afford to access a service so you got backdoor access online, or when you decided that it would be ok to post that Game of Thrones season 7 link. It’s alright not judging... (well HBO might be). 

But are those hyperlinks themselves an infringement of copyright? More specifically, are they a communication to the public under the current laws?

S.16(1)(d) of the Copyright, Designs and Patents Act 1988 (CDPA) states that “ The owner of the copyright... has the exclusive right..... to communicate the work to the public. 

With S.20(2) CDPA 1988 showing that “ .....communication to the public by electronic transmission, and in relation to a work include- ...... b) the making available to the public of the work by electronic transmission in such a way that members of the public may access it from a place and at a time individually chosen by them.”

On a wider scale, this derives and is transposed from Art.3 of the InfoSoc Directive 2001 and was implemented in Art.8 of the WCT 1996. Under Art.3 of the InfoSoc Directive, the CJEU's aim is to allow authors to be appropriately rewarded for the use of their work and was implemented with an awareness for current/future technology. Therefore, it includes communication to the public in a “broad” manner. Which ensures that several forms of online communications are encapsulated in the scope of the directive. For example, on demand services such as Spotify or Netflix or just general content hosting websites. 

Ok so it starts making sense, you can’t just communicate copyrighted material online. But what about links? They aren’t the actual content itself so posting them is ok right? 

Well according to the CJEU in the case of Filmspeler there are two criteria to this. 1. there must be an act of “Communication of the work” and 2. the communication of said work to a “public”. We then see that in Svensson v Retriever Sverige AB [2014] a hyperlink can be communication if it involves ‘a new technical means’ and is communicated to ‘a new public’. So if the link is used in a way that it circumvents the original website in order to grant access to this ‘new public’ of whom the author did not intend to have access, this would then count as a communication; and thus an infringement. 

However, the debate goes deeper and insights are given in regards to third-party links, broadcasts links and whether the communication criteria is effective. 

check out more on the topic by following the links below 

http://ipkitten.blogspot.co.uk/2016/06/communication-to-public-is-that-effect.html

http://ipkitten.blogspot.co.uk/2015/04/hyperlinks-and-cjeu-new-public.html

Oh, and don’t worry if you post something dubious the case of GS Media BV v Sanoma Media Netherlands BV and others shows that as long you didn’t do it for the money or had no idea that the content was illegal, you might in the clear.

On that note, the best tip is to play dumb......

REBLOG: The End of Ownership: Netflix, Spotify, and The Streaming Generation

http://www.makeuseof.com/tag/end-ownership-netflix-spotify-streaming-generation/

“You never buy a song from iTunes or an ebook from Amazon. – you only buy a license to view the content. It’s not actually much of a change from the way physical products work — in that case, the printed book is simply your license to view the contents in perpetuity.”

Real interesting read on today’s reality of consumers not actually wanting to own content, but simply wanting access to it. While some services may make it obvious that you are simply accessing content, some tread on dubious grounds.

Which actually got me thinking; do I actually own any of my Kindle books? 

And the answer is.......

No!

I know, I know, but it’s absolutely true

Check out this news article from back in 2009. Amazon actually removed copies of George Orwell’s 1984 and Animal Farm from kindles when they realised that actually, they didn’t have the right to licence them in the first place.

http://www.nytimes.com/2009/07/18/technology/companies/18amazon.html

Really makes you think of offline/online equivalency. No one would show up at your front door and take back your physical copy. However, this appears to be a plausible recourse in the digital world. Regardless, I’m keeping my paperback over a kindle any day.

REBLOG: Innovation Group: Lawrence Lessig, “Code, Version 2.0”

http://innovate.ucsb.edu/905-lawrence-lessig-code-version-2-0

‘Lessig attacks both points by noting that law is only one small component of a complex, interconnected system of regulation that depends on the market, cultural norms, architectural design (code), and finally government.’

More on cyberspace regulation by Lessig in the video below: 

“The first trick to rebuilding the dream is to realise that the Internet of cyber-utopianism is a fantasy that can never be achieved. We should temper our expectations about what technology can do with realistic expectations. Technology cannot save the world, only people can“

Check out this Link to Barlow’s ‘Declaration of Independence of Cyberspace’ .