The Information Policy Blog

The (unofficial) blog of the BCLA Information Policy Committee

Reactions to the Leaked Trans-Pacific Partnership Document – It’s Pretty Terrible

A chapter from the Trans Pacific Partnership agreement was leaked this week (thank you WikiLeaks) and the text is as draconian and terrible as we had feared.

From Consumer Affairs:

WikiLeaks published the complete draft of the Intellectual Property chapter for the Trans-Pacific Partnership (TPP), a proposed international commercial pact between the United States and 11 Asian and Latin American countries. Although talks started in 2008, this is the first access the public and press have had to this text. The administration has refused to make draft TPP text public, despite announcing intentions to sign the deal by year’s end. Signatory nations’ laws would be required to conform to TPP terms.

The leak shows the United States seeking to impose the most extreme demands of Big Pharma and Hollywood, Public Citizen said, despite the express and frequently universal opposition of U.S. trade partners.

There are other commentators talking about it very astutely right now, but one of the most important things is how this agreement would make the possibility for change in copyright regimes insanely difficult:

The second that Congress tries to change a law that goes against the TPP — such as, say, reducing the term of copyrights from the insane level today to merely crazy — lobbyists and pundits will come screaming from every direction about how we can’t abandon our “international obligations.” We’ll hear horror stories about how breaking the agreement will have widespread implications, including trade wars, tariffs and other horrible things. Once it’s in the trade agreement, “breaking it” becomes effectively impossible.

The lobbyists for the entertainment industry know this stuff cold. Over the past three decades they’ve perfected this process of getting crap they can’t get done in Congress pushed through in various trade agreements, and then they use that to mold US law to exactly how they want it.

Now that is from a US perspective, but is there any reason to think that Canada would push for fewer restrictions in defiance of a trade agreement like this? Strangely enough, according to Michael Geist’s first reading of the document, there is:

Interestingly, Canada has also promoted Canadian-specific solutions on many issues. The bad news is that the U.S. – often joined by Australia – is demanding that Canada rollback its recent copyright reform legislation with a long list of draconian proposals.

We have our own issues with copyright laws here, but an agreement like this would seem to effectively wipe out any progress we’re making in favour of stricter more punitive laws designed not for and by citizens but corporations.

As we’ve come to expect in this arena, OpenMedia is on the case, providing good calls to action for citizens, though they’re focused on the ISP billing aspect and its anti-consumer implications. The TPP also would turn our Internet Service Providers into copyright police:

Instead of your ISPs selling you a connection service, the TPP will force them to pry into what you’re doing online. The TPP will make ISPs legally responsible if any of their hundreds of thousands of customers downloads illegal content.

A Councillor for the Pirate Party Australia pointed out the punitive nature of aspects of this agreement in a way that could have real implications for libraries:

Perhaps the most shocking inclusion in the TPP IP chapter is criminalisation of non-commercial copyright infringement. Article QQ.H.7.2 contains language that is supported by the United States and by Australia, that would potentially imprison people considered to have committed infringement on a “commercial scale”, regardless of whether there was a financial incentive. This is a fundamentally unbalanced proposal.

Librarians should probably be concerned about that kind of thing. Is the important accessibility work that a Canadian organization like the National Network for Equitable Library Service does on a large enough scale to run afoul of these provisions? Could we be sending anyone who helps break DRM for format shifting purposes to jail? Maybe not, but we are not being given a voice in this debate.

Secret negotiations on issues that affect us, including huge trade agreements, are bullshit. People deserve to have a real voice and make informed choices as to what happens in their lives. Please read up on the TPP (OpenMedia compiled a good bunch of links today) and make yourself heard.

Elizabeth Denham and Terms & Conditions May Apply – #MDD2013

Media Democracy Days 2013 was this past weekend in Vancouver and I was glad to be able to attend. In the IPC we’d talked a couple of months ago about trying to get together a screening of the film Terms & Conditions May Apply, and were happily pre-empted from that by the Media Democracy Project showing the movie at the Cinematheque on Friday night. Thanks

Before showing the movie though, Elizabeth Denham talked to the audience about her role as Information and Privacy Commissioner for the province of BC. It was a good talk, which highlighted some of the important reasons citizens should be concerned about their lack of privacy and how their rights are being protected.

Her main themes were transparency and accountability and how those principles are necessary for a democratic government to function. “Sunlight is the best disinfectant” was one of the phrases she used. This led into a discussion of how every scandal one can think of in government has an Access to Information angle to it. It’s the perception of secrecy by those people in power that messes everything up, because an informed citizenry knows you shouldn’t just rely on the goodwill of the folks making up whatever government is in power at any given time.

One of the things she discussed was how new democracies are so much better at enshrining laws about transparency and privacy regulation than older, more established democracies. When a country makes a constitution now, privacy rights are clearly seen as fundamental and get strong wording to protect them (in theory – she didn’t provide any specific examples).

The biggest concern Denham had for the future was the complacency of our citizens on privacy and transparency issues. keep these issues of privacy in the front of people’s minds. Even though no Canadian Snowden has dropped a bunch of CSEC powerpoint presentations in our laps there should still be a deep concern about the systematic collection of our personal data. Denham encouraged the audience to advocate and politicize this issue, and really, that’s something that librarians have every opportunity to do.

There is a real divide out there between people who have the technical knowledge to deal with privacy invasions and the people without that knowledge. We are out there working with people and their information habits every day. We need to be using the goodwill we create to try to correct the imbalance between what corporations and governments know about us and what we know about them. Denham talked about how important it was to pull back the curtain enshrouding these secret decisions.

The movie

Terms & Conditions May Apply is a movie about the things we agree to when we click through End User Licensing Agreements and how much information we are giving away to be used against us later. There were interviews with people from the EFF and the ACLU as well as with people held on pre-crime charges and the British guy who was banned from entering the US because he tweeted about how he was ready to go destroy America.

The movie was completed before Snowden and his big revelations about the NSA, but there was an added-on postscript mentioning it and how much that plays into the rest of the film.

It was a good documentary. If you’ve been immersing yourself in these types of issues there wasn’t a lot of really new stuff, but there was an ambush interview of Mark Zuckerberg, which was done well and used effectively. The weirdest part was that they had Orson Scott Card talking for a few sentences. Thankfully, it wasn’t about his thoughts on homosexuality, but it was a little weird.

Open Access Salon Writeup (& more) in the BCLA Browser

Not only has Allison Trumble done a great job organizing the rebirth of the IPC salons, she wrote up last week’s for the BCLA Browser: IPC Salon: Open Access Week. Thanks Allison!

The Browser also has an article by Leanna Jantzi about BCLA joining the Protect Our Privacy Coalition, which we in the IPC are very proud to be a part of.

BCCLA Sues Canadian Government to Stop Illegal Spying

Canada’s CSEC agency isn’t as well known as its American counterpart, the NSA, but the Snowden leaks have brought them into the spotlight for their spying efforts. This spying has many questionable aspects, including economic espionage on Brazil, but even more concerning (if you’re Canadian) is how little we know about their spying on Canadians.

Not everyone is content to assume that things can’t be that bad in Canada. The BC Civil Liberties Association has launched a lawsuit against the Canadian government because of CSEC’s unaccountable illegal spying. This is a huge precedent-setting deal.

OpenMedia is organizing the public awareness campaign around this, as they’ve done with the stop online spying initiative (which the IPC is proud to remind you BCLA has signed onto).

There is loads of information on their sites for you to familiarize yourself with the issues, and to support these people who are fighting the legal fight for our rights to live unsurveilled.

Watch this space for more of what librarians specifically can do to help (and feel free to make suggestions here, on Twitter or wherever else you feel moved to).

IPC Salon: Challenges of Funding & Sustaining Open Access – October 23

IPCSalon.001-001In celebration of Open Access Week 2013, BCLA’s Information Policy Committee is bringing back the IPC salon. Our salons are informal gatherings where interested people come together learn more about important (or just exciting!) issues around information policy. Fun, debate, and discussion are enthusiastically encouraged.

The IPC is very excited to welcome Brian Owen for our first salon; Brian will be speaking about “challenges of funding and sustaining open access initiatives”, with a discussion to follow.

When: Wednesday, October 23rd, 7pm

Where: Heartwood Community Cafe (formerly Rhizome – fully licensed, food available for purchase), 317 E. Broadway, Vancouver, BC

Who: Brian Owen is the Associate University Librarian for Technology Services and Special Collections at the SFU Library. He is also the Managing Director for the Public Knowledge Project (PKP), which, among other things, is responsible for the development and support of Open Journal Systems (OJS), an open source software publishing platform used by thousands of scholarly journals. He is an Associate with SFU’s Canadian Centre for Studies in Publishing and SFU’s Master of Publishing Program. In 2012 he chaired the joint CARL/CRKN Open Access Working Group.

Please join us (and join us in thanking Allison Trumble for the work she’s been putting in as the IPC Salon Coordinator)!

BCLA joins the Protect Our Privacy coalition

In light of mounting concerns over user privacy and government surveillance of internet activity, the Intellectual Policy Committee is very pleased to announce the launch of the Protect Our Privacy coalition. We are also very proud to say that BCLA is a member – we are the first library association in Canada to participate in this effort.

In partnership with OpenMedia and dozens of other organizations around the country, the coalition centers on the following statement:

More than ever, Canadians need strong, genuinely transparent, and properly enforced safeguards to secure privacy rights. We call on Government to put in place effective legal measures to protect the privacy of every resident of Canada against intrusion by government entities.

Learn more at https://openmedia.ca/ourprivacy

Breaking Cryptography Matters

This week we learned that Glenn Greenwald was not exaggerating when he said that there was more in Edward Snowden’s leaked info than we had seen thus far. It turns out the NSA (and the GCHQ, its UK equivalent) has been using many methods to attack ubiquitous encryption on the internet:

Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.

Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.

This is different from saying that the NSA had cracked everyone’s encryption, but it appears that they’ve been undermining everyone’s privacy and security with the complicity of major technology companies.

This is a big fucking deal.

Part of the reason is because putting in secret vulnerabilities means that dedicated non-governmental agents can find those vulnerabilities and exploit them.

There are ways to protect your security online, but seriously, if the NSA really wanted something about you (and I’m assuming here that most of this blog’s readers are Canadians, thus foreigners to the NSA and fair game for spying on their information conveniently passing through US data-centres) they can get it. From Bruce Schneier:

This kind of thing is done by its TAO – Tailored Access Operations – group. TAO has a menu of exploits it can serve up against your computer – whether you’re running Windows, Mac OS, Linux, iOS, or something else – and a variety of tricks to get them on to your computer. Your anti-virus software won’t detect them, and you’d have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.

In Wired Kim Zetter lays out a bit of the history of this program, called Bullrun:

The ten-year Bullrun program began after the U.S. government failed in its pla to place a backdoor, the so-called Clipper chip, into encryption that would have allowed it to eavesdrop on communications at will. Without the Clipper chip, the government launched a systematic plan using trickery and other methods to circumvent encryption and achieved an unspecified breakthrough in 2010. In the wake of this, according to one document, “vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

Some of the methods involved the deployment of custom-built, supercomputers to break codes in addition to collaborating with technology companies at home and abroad to include backdoors in their products. The Snowden documents don’t identify the companies that participated.

Schneier again:

Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it’s explained away as a mistake.

We don’t have a secure internet. Major corporations have joined up with security agencies to make it that way.

One thing we can and probably should be doing as information professionals is calling for our libraries and other institutions to be using more Free and Open Source Software. These independent, community-based technologies allow us to see inside the code and make it much more difficult for nefarious shadowy agents (governmental or non-) to add in holes specifically to spy on us and our members we’re providing services to.

I work in a public library in a community that isn’t on the cutting edge of technology. For many of our members I’m the public tech support person, and people ask me about using things like online banking and whether it’s safe to do. It’s important for anyone in this kind of position to know about the tradeoffs being made by technology titans, and how we’re selling our members to companies that, even though the language of the internet is cute (“like” “friend” even “google”), those companies don’t have our members’ best interests at heart.

Schneier suggests techniques like using Tor, and encrypting communications with public-domain encryption that’s cross compatible (this makes it less likely to have been NSA compromised). These won’t keep everything you do secret from a determined, well-funded attacker, but it does make you more expensive to target.

Most members of my library probably don’t need to be paranoid about encryption. They’re looking up recipes and sending messages to their kids and reading romance novels or whatever. But our individual uses of the internet shouldn’t really matter. As Byron Holland says in his post NSA Internet surveillance where’s the outrage?:

It’s not that governments should not have the power to monitor citizens under certain circumstances and with the appropriate oversight – it’s an unfortunate necessity to maintain law and order. But we’re not talking about surveillance with appropriate oversight. We’re talking about an opaque and deliberate system to gather and monitor the activities and communications of potentially everyone who is online.

Why should a government feel it is above judicial oversight to monitor its citizens’ activities, just because they’re online?

Because apparently, we’re fine with it. At the very least, we’re complacent with it.

As information professionals we need to be aware of, and ensure our communities have the chance to be learn about the consequences of these surveillance and broken security technologies. That is our way to help fight complacency.

OpenCanada’s Surveillance Primer

OpenCanada.org has done a bang-up post about NSA-style surveillance in Canada by CSEC entitled Canadian Surveillance 101. Here’s their preamble:

The information leaked by Edward Snowden about the U.S. National Security Agency (NSA)’s data collection programs is driving a nation-wide debate in America over the future of privacy and national security. Americans, however, are not the only ones who should be considering the consequences the NSA’s activities. Other countries, including Canada, operate similar surveillance programs and participate in national security data sharing partnerships that crisscross the globe. Given this reality, and the fact that much of Canadians’ online data flows though servers located in the U.S. where it is not subject to any Fourth Amendment protection, we think the tenor of the privacy-security debate within Canada is too quiet. Expanding the debate will require engaging more Canadians with what we know and don’t know about surveillance in Canada. To this end, here is a modest exploration of what we’ve learned since the Snowden story broke.

Go forth and read!

Open Media on Privacy and the Cloud

Catherine Hart wrote an excellent piece on privacy and storing data in the Canadian infosphere on OpenMedia:

As more and more of our personal information circulates online, is stored in ‘the cloud’, or is moved about on USBs and other portable devices, it’s essential that we make sure those data flows are secure. And as we’ve been seeing, due to a lack of safeguards they’re not secure at all when it comes to the government. Cloud services are likely more secure for both citizens and the government than carrying around USB keys or hard drives full of sensitive data (see “data breaches” below), but that increased security goes out the window when government bureaucrats recklessly use them for spying without our consent.

I tweeted it already but just wanted to stress how good a resource that post is. It’s filled with links so if you’re inclined to get lost in rabbit holes that’s an excellent place to start.

This kind of article is important because it’s not focused on the personalities involved, but the policies. Don’t get me wrong, I think we should be supporting Snowden and Manning and Swartz as people, but the issues these people brought to light are bigger even than them.

Follow

Get every new post delivered to your Inbox.

Join 188 other followers