Friday, June 15, 2007

Don't look a leopard in the eye

Bruce Schneier discusses the value of targets, variable tactics and objectives in security in his latest Crypto-Gram. Recommended as usual.

"If you encounter an aggressive lion, stare him down. But not a leopard;
avoid his gaze at all costs. In both cases, back away slowly; don't run.
If you stumble on a pack of hyenas, run and climb a tree; hyenas can't
climb trees. But don't do that if you're being chased by an elephant;
he'll just knock the tree down. Stand still until he forgets about you...

The advice I was given was
based on thousands of years of collective wisdom from people
encountering African animals again and again.

Compare this with the Transportation Security Administration's approach.
With every unique threat, TSA implements a countermeasure with no basis
to say that it helps, or that the threat will ever recur.

Furthermore, human attackers can adapt more quickly than lions. A lion
won't learn that he should ignore people who stare him down, and eat
them anyway. But people will learn. Burglars now know the common
"secret" places people hide their valuables -- the toilet, cereal boxes,
the refrigerator and freezer, the medicine cabinet, under the bed -- and
look there...

This is the arms race of security. Common attack tactics result in
common countermeasures. Eventually, those countermeasures will be evaded
and new attack tactics developed. These, in turn, require new
countermeasures...

The result of these tactic-specific security countermeasures is to make
the attacker go elsewhere. For the most part, the attacker doesn't
particularly care about the target...

This approach requires a different kind of countermeasure, but it's
still well-understood in the security world. For people, it's what alarm
companies, insurance companies and bodyguards specialize in. President
Bush needs a different level of protection against targeted attacks than
Bill Gates does, and I need a different level of protection than either
of them...

Al-Qaeda terrorism is different yet again. The goal is to terrorize. It
doesn't care about the target, but it doesn't have any pattern of
tactic, either. Given that, the best way to spend our counterterrorism
dollar is on intelligence, investigation and emergency response. And to
refuse to be terrorized."

If you only have the time to read one or two of the stories in crypto-gram at the moment, may I suggest Portrait of the Modern Terrorist as an Idiot and the winner of the movie plot threat contest, a scenario which would lead to the banning of water on planes.

First Amendment meets IP

A newspaper is considering a first amendment suit against the US National Collegiate Athletic Association which threw one of its reporters out of a sports stadium for blogging about the baseball game while the game was in progress.

Just the latest battle in an ongoing war between sports franchises attempting to extract maximum revenues from every possible angle and those using new technologies in innovative ways in reporting or enjoying sports.

Abbot sue critics on Thailand

Via the A2K list: The pharmaceutical company Abbot have decided to sue an activist group based in Paris which organised an online protest against the company, highlighting the pressure has been putting on the Thai government for issuing compulsory licenses on certain drugs.

The action appears to be aimed at holding the group responsible for a denial of service attack on the company servers.

Word 2007 and backward compatibility

Tony has pointed me at a lovely dissection of the lack of backward compatibility of the new Microsoft Word formatted documents docx and the reasons why reputable science publishers are refusing to accept files authored in Word 2007. Bruce Rosenblum of Inera, for example, has written to Microsoft this week:

"If you detect no sense of urgency to upgrade systems in this vertical market, you are not mistaken. For most scholarly publishers, the challenge is to publish high quality and accurate information on a regular schedule. Software upgrades to critical publishing systems, unless they are seamless or provide a significant immediate benefit, are often not a priority.

In the case of Word 2007, upgrading is not seamless. Because files incorporating OMML equations are not semantically backwards compatible with older versions of Word, publishers must update an entire ecology of systems before they can accept DOCX files. Completing such updates requires work with third parties, careful testing, training, and finally deployment -- often one system at a time -- of updated applications. All of this takes time.

In the mean time, because a DOCX file with OMML equations renders the equations as graphics when used with today's systems, it's easier for publishers to ask authors to refrain from submitting DOCX files until every part of the workflow ecology is DOCX-compatible. And not just updated to accept DOCX, but also updated so that OMML can seamlessly be integrated into systems today that provide publishers with full text XML and tagged math according to the NLM DTD or other 12083-derived DTDs.

Had the conversion from DOCX to DOC provided a conversion from OMML to Equation Editor format, it would have provided the necessary backwards compatibility for publishers to upgrade one system at a time. But because this compatibility is not available, it's created the need for a "big bang" upgrade, or a delay until the ecosystem of inter-dependent systems is deliberately updated over time. In the environment of scholarly publishing, such substantive upgrades often take years, not months.

I hope this post clarifies some of the core issues DOCX format presents scholarly publishers and explains Word 2007 issues that are cause for publisher upgrade reticence. Those of us in the scientific community look forward to a dialog to articulate scholarly publishing requirements to Microsoft so that Microsoft can provide products that serve the needs of the entire scholarly community."

The classic insanity of the software market and the lack of intergenerational interoperability. Yet people still appear to be buying Vista in their millions.

Thursday, June 14, 2007

Skype, podcasts and broadband transform language teaching

According to the Economist, Skype, podcasts and broadband are transforming language teaching. There's no doubt that such technologies can complement traditional language teaching but the word "transform" in this context is a bit strong. Overhyping the educational possibilities and then complaining about failures to meet unrealistic expectations just undermines much of the terrific potential of such technologies (and it irritates the hell out of me, especially when they really do have transformational potential in certain educational contexts when appropriately deployed). Can we just be given the time and space to play with them, try them out and see what does and doesn't work, without the hype please?

MSF on the G8, IP and innovation in drugs research

MSF have recently pointed out a few basics regarding IP, pharmaceutical research and developing nations access to essential medicines. Karsten Gerloff has a nice summary (see original for links):

"Medicins sans Frontieres (MSF) warned of one-sided discussion of patents and other intellectual monopoly powers at the G8 summit, taking place in Germany this week.

Tido von Schön-Angerer, MSF’s director of the campaign for “Access to Essential Medicines”, said that the expansion of patent protection in developing countries had not led to more innovation in pharmaceutical research. These countries, he says, are still lacking access to affordable drugs to fight malaria, HIV/Aids and tuberculosis.

Mr Schön-Angerer said that while patents as an instrument were indispensable, they were not in themselves a sufficient way to promote innovation. He pointed to a special group at the WHO which is looking into alternavtive ways of providing incentives for pharmaceutical research (IP-Watch has more info here).

MSF is concerned that when the topic of patent protection for pharmaceuticals comes up, politicians often point to counterfeit medicines. The group’s spokesman condemned such conterfeiting as a criminal and dangerous activity, but pointed out that forged drugs do not actually endanger innovation, the protection of which the G8 leaders are currently highlighting as a key issue.

According to MSF, the G8 countries are planning talks with several emerging countries, in particular India, Brazil, Mexico, South Africa and China (termed “Outreach-5), in which they are going to emphasise the value of strict “protection” of intellectual monopolies.

Yet, said MSF, these countries are world leaders in the manufacturing of affordable generic medicines. The organisation is worried that they are going to be subjected to increasing pressure not to use the maneuvering space that TRIPS and other international agreements allow them on issues such as compulsory licences for drugs.

MSF emphasised that while there was usually a public outcry when a developing country issued a compulsory licence for producing an urgently-needed medicine, countries such as the US and Italy routinely used such instruments themselves.

Race to the Bottom

Privacy International which has been one of the key groups identifying the privacy problems associated with Google's services released their Race to the Bottom report last month. In it they identify Google as positively hostile to personal privacy (don't be evil now) and single out a number of others including AOL, Apple, Facebook, Microsoft, Yahoo and YouTube as posing serious threats to privacy.

Danny Sullivan doesn't agree and believes that Google rate as good if not better than the BBC, who Privacy International gave a "Generally Privacy Aware" rating on many of the criteria used in the study; though he does agree with their conclusions in some categories.

Copyright Silliness on Campus

Fred von Lohmann in the Washington Post: Copyright Silliness on Campus

"What do Columbia, Vanderbilt, Duke, Howard and UCLA have in common? Apparently, leaders in Congress think that they aren't expelling enough students for illegally swapping music and movies.

The House committees responsible for copyright and education wrote a joint letter May 1 scolding the presidents of 19 major American universities, demanding that each school respond to a six-page questionnaire detailing steps it has taken to curtail illegal music and movie file-sharing on campus. One of the questions -- "Does your institution expel violating students?" -- shows just how out-of-control the futile battle against campus downloading has become."

Recommended.

US object to access to knowledge

At the latest WIPO development agenda discussions the US and some other delgates have apparently objected to the use of the term "access to knowledge". The Canadians have claimed they don't know what it means. Here's Jamie Love's take on it (he's attending as an NGO observer)

"I'm in Geneva at a meeting on the World Intellectual Property Organization (WIPO), in a negotiation on something called the WIPO "Development Agenda." As Thiru Balasubramaniam has written in this blog entry, the U.S. government, as well as other members of a rich country negotiating bloc called "Group B," have opposed the use of the term "access to knowledge," in the context of topics that should be discussed by the UN agency responsible for setting global norms on intellectual property policy. Other Group B countries also have taken this position.

Technically, we are discussing the draft text on "issues related to norm-setting, flexibilities, public policy and the public domain," where the controversial paragraph 3 now has the following brackets:
3. To discuss possible new initiatives and strengthen existing mechanisms within WIPO to facilitate [access to knowledge] and technology for developing countries and LDCs and to foster creativity and innovation within WIPO's mandate.

Canada said it "didn't understand" what "access to knowledge" meant. The UK indicated that there was a sentiment by many countries that while WIPO could discuss measures that would make access to knowledge hard, such as tough new digital copyright laws, it shouldn't discuss proposals, like a treaty to provide minimum access to works by libraries, teachers and the blind, which would expand access.

Here "access to knowledge" is referred to by many simply as A2K, a term that is apparently terrorizing the many lobbyists for publishers. I'm hoping the U.S. will come around, and agree that yes, the U.N. can actually "discuss possible new initiatives" to facilitate "access to knowledge." It is rather amazing that this is even controversial."

They truly live in a world of their own.

Update from Jamie Love via the A2K list:

"The negotiations on the development agenda text have progressed, and as of
last evening, it appears as though the term "access to knowledge" is now
without brackets. The relevant paragraph now reads as follows:

"To initiate discussions on how, within WIPO's mandate, to further
facilitate access to knowledge and technology for developing countries
and LDCs to foster creativity and innovation and to strengthen such
existing activities within WIPO."

I think this is a very good outcome, and gives WIPO the mandate that it
needs to move forward in this area.

Some of the Group B countries had difficulty explaining why they were
opposed to WIPO discussing "access to knowledge." Even more important,
the developing country delegations were very strong on this issue. Now
it will be necessary to build the case for specific A2K initiatives at
WIPO, in the environment were WIPO has agreed that the topic is relevant
and appropriate.

Many particpants in the "green room" discussions here say the atmosphere
has been quite good this week, from everyone, including the Group B
countries and the WIPO Secretariat."

And the EFF, as usual have been in attendance and blogging the discussions.

DNA database agreed for police across EU

Via FIPR: DNA database agreed for police across EU

"A battery of police data-sharing and electronic surveillance measures to tackle trans-national crime and immigration issues was agreed yesterday by governments in Europe, 15 of which also gave the green light to a scheme for the world's biggest biometric system.

The system will store and allow sharing of data such as the photographs and fingerprints of up to 70 million non-EU citizens applying for visas to enter Europe,

Interior ministers from all 27 EU countries also agreed on automatic access to genetic information, fingerprints, and car registration details in police databases across the union."

Yet another coming giant information system disaster which will keep academics studying the fall-out for years.

Meanwhile, on a similar theme, Google have been defending their data retention policies.

"In the spirit of transparency, we're publishing our response to the Working Party's letter. The Internet is a global medium, and the principles at stake -- privacy, security, innovation and legal obligations to retain data -- have an impact beyond Europe, and outside of the realm of privacy. These principles sometimes conflict: while shorter retention periods are good for privacy, longer retention periods are needed for security, innovation and compliance reasons. We believe we’ve struck a reasonable balance between these various factors. Our policies are consistent with EU data protection laws, which acknowledge the need to set data retention periods that are proportionate and that enable companies like Google to comply with legal requirements.

We have a legitimate interest in retaining search server logs for a number of reasons:
  • to improve our search algorithms for the benefit of users
  • to defend our systems from malicious access and exploitation attempts
  • to maintain the integrity of our systems by fighting click fraud and web spam
  • to protect our users from threats like spam and phishing
  • to respond to valid legal orders from law enforcement as they investigate and prosecute serious crimes like child exploitation; and
  • to comply with data retention legal obligations.
After considering the Working Party's concerns, we are announcing a new policy: to anonymize our search server logs after 18 months, rather than the previously-established period of 18 to 24 months. We believe that we can still address our legitimate interests in security, innovation and anti-fraud efforts with this shorter period. However, we must point out that future data retention laws may obligate us to raise the retention period to 24 months. We also firmly reject any suggestions that we could meet our legitimate interests in security, innovation and anti-fraud efforts with any retention period shorter than 18 months. We are considering the Working Party's concerns regarding cookie expiration periods, and we are exploring ways to redesign cookies and to reduce their expiration without artificially forcing users to re-enter basic preferences such as language preference. We plan to make an announcement about privacy improvements for our cookies in the coming months.

As we build new products and services, we look forward to continuing our discussion with the Article 29 Working Party and with privacy stakeholders around the world. Our common goal is to improve privacy protections for our users."

Remember, don't be evil.

AT&T to target pirated content

Via Michael Geist: AT&T to target pirated content

At&T are sticking content filters on their Net traffic at the behest of Hollywood.

"But public interest groups are wary.

"The risk AT&T faces is fighting the last war by spending money and energy plugging an old hole in the wall when new ones are breaking out," said Fred von Lohmann, a senior staff attorney at the Electronic Freedom Foundation. The San Francisco digital-rights organization has sued AT&T, alleging it illegally released customers' phone data to the federal government.

Technology is putting unlimited copying power in the hands of consumers, Von Lohmann said, so the answer to piracy can't be trying to stop them from making copies.

"The answer should be to figure out how to turn them into paying customers," he said.

AT&T's decision surprised Gigi B. Sohn, president of Public Knowledge, a digital rights advocacy group.

"AT&T is going to act like the copyright police, and that is going to make customers angry," she said. "The good news for AT&T is that there's so little competition that where else are the customers going to go?"

Verizon Communications Inc., which has fiercely guarded the privacy of its customers, has refused so far to offer a network anti-piracy tool. It defeated in court the recording industry's demands to reveal names of those allegedly involved in downloading pirated songs."

Google poke a stick at Microsoft's antitrust scars

A new front is opening in the Microsoft - Google wars. The Washington Post reported on Tuesday:

"Allegations by Google that Microsoft's new operating system unfairly disadvantages competitors has revived antitrust accusations against Microsoft and opened a front in a bitter war between the two technology giants.

The complaint, which Google raised confidentially late last year, will probably be reviewed later this month by U.S. District Judge Colleen Kollar-Kotelly, who is overseeing Microsoft's compliance with a 2002 consent decree."

Vista's got all kinds of nasty controlware built into it and it was fairly natural business move that Microsoft would use it to chip away at Google in the search arena; though I suspect the Redmond lawyers were well prepared for the search giant's legal attack dogs. It should be a fascinating one to watch - any bets on which party ends up looking like the kettle and which the pot?

MercExchange back in Court with eBay

The MercExchange v eBay 'buy it now' button patent dispute, a case I mention in my book, has returned to court.

"A small Virginia company in a patent fight with eBay asked a federal judge Tuesday to stop the online auction powerhouse from using its "Buy It Now" feature, which allows shoppers to buy items at a fixed price.

A federal jury found in 2003 that eBay had infringed Great Falls, Va.-based MercExchange's patent. But last year, the U.S. Supreme Court handed a victory to patent-reform advocates when it ruled that MercExchange was not automatically entitled to a court order blocking the offending service.

Now, U.S. District Court Judge Jerome B. Friedman must decide whether MercExchange is entitled to a permanent injunction. The judge did not say when he would rule."

I know this is a David v Goliath kinda battle but I'll repeat what I say in the book - it is ridiculous that anyone could have a patent monopoly on a web click button. The chief justice of the Supreme Court basically even expressed puzzlement during the hearing last year that something so obvious could have received a patent.

UK support Thai compulsory licensing of AIDS drugs

Via Thiru Balasubramaniam and the A2k list: Campaigners secure the UK's support for Thailand's move to protect public health

"Earlier this year Thailand announced its plans to make urgently needed HIV/AIDS drugs affordable. This move was met with attacks from pharmaceutical companies and the US government...

The support of the international community for Thailand’s move is essential for encouraging developing countries to use measures to lower drug prices in order to provide essential medicines. Countries face both substantial technical and political barriers that stop them from using those measures.

Thailand’s case has highlighted the enormous political pressure countries face when making use of their right to protect public health:

* Brand name drug companies responded to Thailand’s move with threats of legal action and the withdrawal of investment. Abbott Laboratories went one step further by withdrawing life-saving medicines from Thailand’s market. Read about Abbott’s behaviour, and the response of campaigners

* Drug companies and their allies have launched misleading public ‘disinformation’ campaigns. One group, USA For Innovation (“a non-profit organization dedicated to the protection of intellectual property and continued innovation around the globe”,) launched a website called Thai Lies and took out advertisements in Thai newspapers suggesting that Thai patients would now receive poor quality, unsafe medicines. USA for Innovation’s Director, Kenneth Adelman, also works for the PR company “Edelman”, who list Abbott and a number of other drugmakers among their largest clients.

* Despite admitting that Thailand was entirely within its rights, US government representatives suggested that Thailand’s move was not “in the spirit of the TRIPS agreement”. The US government has recently elevated Thailand to its 2007 “301 priority watch list” citing Thailand’s “weakening respect for patents”. This list identifies countries that are judged as failing to offer “adequate and effective protection” for US intellectual property ‘rights’. "

Apparently the UK Government's Department for International Development now supports the Thai government's stand:

“The Thai Government has made the decision to use these TRIPS flexibilities in the form of compulsory licensing based on their assessment of the public health need within Thailand. We support Thailand’s right to use compulsory licensing provisions in order to protect public health, and in particular, to promote access to medicines for all.

“We agree that Thailand’s stated use of compulsory licensing provisions has not broken any WTO rules as there is no obligation to negotiate with the rights holder if the products are for public non-commercial use.”

Monday, June 11, 2007

Ventner Institute Patent number 20070122826

The ETC (Action Group on Erosion, Technology and Concentration) is "dedicated to the conservation and sustainable advancement of cultural and ecological diversity and human rights. To this end, ETC Group supports socially responsible developments of technologies useful to the poor and marginalized and it addresses international governance issues and corporate power."

Last week they issued a press release alerting us of their concern at the Ventner Institute's latest venture.

"Published on May 31, 2007, the Venter Institute's US Patent application (number 20070122826) claims exclusive ownership of a set of essential genes and a synthetic "free-living organism that can grow and replicate" that is made using those genes. The Venter Institute has also filed an international patent application at the World Intellectual Property Organization (WIPO number WO2007047148, published April 27, 2007) which names more than 100 countries where it may seek monopoly patents...

Synthetic biologists may also be dismayed to learn that Synthia is being patented for what it is not. The patent application explains that the inventors arrived at their minimal genome by determining which genes are essential and which are not. Remarkably, their patent application claims any synthetically-constructed organism that lacks at least 55 of 101 genes that they've determined are non-essential. "All synthetic biologists developing functionalized microbes are going to have to pay close attention to the claim on a 'non-essential' set of genes. If someone creates another bug that lacks some of the same genes that Synthia lacks, will the Venter Institute sue them for infringing its patent?" asks Kathy Jo Wetter of ETC Group."

I can't see that standing the test of any serious legal challenge. Think about it.

List a set of 101 genes.
Declare them 'non-essential'.
Build a synthetic organism which doesn't contain the 101 non-essential genes.
Claim ownership of any synthetic organism that does not contain 55 or more of the 101 non essential genes.

It's a bit like saying yellow, blue and red painted walls are not essential in a building. I've built a house in which the walls have not been painted. I own that house. I therefore now own any building which does not have two or more yellow, red or blue walls. It's barmy just as claiming ownership of any lifeform which does not have one or more of a left leg, left arm and left ear - none of which are essential but hardly redundant either - would be barmy. But translate it into legalese and an intellectual property claim in a technically complex area and somehow it attains disproportionate and dangerous credibility.

This kind of 'claim it by omission' tactic always reminds me of the classic English contract law case, Felthouse v Brindley in 1862. Felthouse wrote to his nephew, Brindley, offering to buy a horse for £30 and 15 shillings and declaring that if he didn't get a response the deal was sealed. The nephew sold the horse to someone else and then got sued by his uncle. The judge, Justice Willes, threw the case out:

"It is clear that the uncle had no right to impose upon the nephew a sale of his horse... unless he chose to... repudiate the offer."

The nephew had no obligation to repudiate the unsolicited deal in writing.

The US Patent Office and WIPO should follow suit with this patent and throw it out too.