Automating the professionals

Automating the professionals

I attended a seminar the other day which raised some questions in my mind about the next and prior waves of automation, the location of value creation and the legal/social barriers to adoption. Much is spoken of the use of artificial intelligence to augment or replace professional workers and this note briefly looks at this. It examines the nature of decisions and the need to transparently serve a human rights agenda, the question of regulation and assessment by one’s peers, and why it’s so hard to organise Trade Unions amongst the software authors. …

Labour and the Surveillance State

I am planning to get a motion on the Justice and the Surveillance State to LP Conference, I asked for help in this article on this blog, and I believe the final words for CLPD are very similar to my version 2. Here they are,

Investigatory Powers to be subject to Human Rights Law

Conference notes the absence from the NPF Report 2018 of the surveillance society.

Conference notes the continual use of surveillance powers in the private and public sectors authorised by law, or government programme including:

  • Investigatory Powers Act 2016,
  • Immigration Act 2014
  • Counter-Terrorism and Security Act 2015
  • Digital Economy Acts 2017/2010,
  • Data Protection Act 2018

Conference notes that the IPA 2016 and DEA 2010 were both interdicted by the CJEU as contrary to Human Rights Law and/or the EU acquis.

The intrusive programmes include Prevent and ‘get it right from a genuine site’.

Conference believes that freedom of expression and the right to privacy are universal human rights, that the current surveillance and investigatory powers regime is in breach of these rights.

Conference resolves that a Labour Government will ensure that private and public surveillance technologies and systems will conform to laws that meet the requirements of the European Convention on Human Rights, including a need to prove reasonable suspicion before collecting evidence and the right to a fair trial with the principle of innocent until proved guilty.

Conference calls on the Labour Party to draw up a Human Rights based policy for the regulation of British Law Enforcement authorities and their investigatory powers. This to include the abolition of Prevent, the repeal of the 2014 Immigration Act and the repeal of the immigration data exception established by the DPA 2018.

Conference instructs the relevant Policy Commission to launch a consultation on Surveillance and Justice to report to Conference 2020.

If you can get it to Conference that would be very helpful.

I have put the words in a word document,  Motion on Investigatory Powers for Lab19., or in a .pdf if you prefer, Motion on Investigatory Powers for Lab19. …

Digital Democracy

Digital Democracy

One of the motions proposed but not debated at the CLPD AGM was called “Digital Democracy & the need for greater voter participation”. It’s quite long at over 550 words and I planned to speak against it, by saying something like,

This motion, despite its length, says only two things: that we’ve read Corbyn/Barbrook’s Digital Democracy Manifesto and that we approve of a digital identity card as part of a system of access to e-voting in public elections.

I have read the manifesto and believe it is flawed, most importantly in it postpones the consideration of what human rights looks like in an age of the ultimate surveillance machine until after the election of a Labour Government, when it proposes a consultation. It proposes a People’s Charter of Digital Liberties but makes no mention of the work other campaigners for digital liberty have done in defining new Human Rights needs in a connected world and old Rights that need defending. These campaigning bodies include Liberty, the Open Rights Group, the Electronic Frontier Foundation and Labour’s members on the European Parliament’s LIBE committee.

But we can’t talk about e-voting without talking about Estonia, the poster child of e-voting, and its failed audits, and its proof that e-voting does not increase turnout, and its alleged failure to meet European data protection standards.

We can’t talk about e-voting without talking about the Surveillance State and its private corporate arm. It’s bad enough that the datenkraken can use our phones to spy on us, but I suppose the fact that the US government has access via them to all they know perhaps should reassure us that there is no risk to making a short cut to British Intelligence of our internet usage records, they already have it.

We can’t talk about e-voting without talking about the digital divide.

We can’t talk about e-voting without looking at whether the ERS removed votes from the 2015 Labour Leadership elections, a fact if true showing the vulnerability of the “transparency of the result” to insider attack.

We can’t talk about e-voting without talking about Russia’s interference in the US, British elections and the Brexit referendum through their advanced hacking capability.

We can’t talk about e-voting without noting that Verify, the current Government identity portal has been criticised as a failure by the Public Accounts Committee and now looks likely to be privatised.

We can’t talk about e-voting without looking at the fundamental criticisms of such systems, that they are hard to build, and it may be impossible to resolve the conflict between having a transparent result and a secret ballot; this is before we address the issues of coercion,  impersonation and 2nd party verification i.e. how to implement polling/counting agents in a proprietary software system.

In the US, engineers and electoral administrators are developing the systems to make this easier, requiring physical receipts of the cast vote, which are then electronically counted with statistical control samples manually counted.

This motion is technically premature at best and otherwise dangerous populist nonsense.

Please remit or oppose.

ooOOOoo

Interestingly, DARPA have announced an e-voting proof of concept, I am pointed at it by Bruce Schneier. …

A giant juke box

A giant juke box

This (European) Commission and Parliament must be the worst ever. Previous Parliaments have stopped ACTA & TTIP, previous Commissions have sanctioned Microsoft and Intel but it seems that this regime is going to commit two huge mistakes in regulating the new techno-economy.

The European Council has made the proposed Copyright Directive even worse! The link tax and the upload filters are still in place but the protections for authors and researchers have been weakened. The duties on social media sites with respect to licensing material are onerous to the extent of impossibility but then the law was always designed to transfer money from the datenkraken to legacy publishing businesses and turn the internet into a commercial jukebox. It’s so poor that despite,

As the entertainment industry representatives have said repeatedly during this fight, they are after nothing less than a fundamental reshaping of the Internet, where our ability to use networks for employment, family, civics, politics, education, collaboration, romance, and all the other purposes we put them to are subordinated to the use of the Internet as a glorified jukebox and video-on-demand service — where killing every EU competitor to U.S. Big Tech is an acceptable price to pay if it means transferring a few points to Big Content’s balance sheet. corydoctorow @eff

even the music companies now no longer want this law as it is.

The other piece of legislation is the Public Sector Information (PSI) Directive in which the Government’s have weaked the principle that public money buys public domain. For more see Glyn Moody on Tech Dirt, EU’s New ‘Open By Default’ Rules For Data Generated By Public Funding Subverted At The Last Minute.

Julia Reda, the Euro Pirate Party MEP writes on how to stop the Copyright Directive and points that the final votes in the Parliament will take place in the run-up to the Parliamentary elections. Not sure if the UK is taking part in them, or if there will be a selection for the candidates in the Labour Party, there wasn’t in 2012, they forgot, but I shall be writing to the Labour MEPs asking them to vote to support freedom of speech and a free internet.

You might want to too! …

Reinforcing Monopoly

Hereby are two stories about how software acts as a barrier to entry to a market and reinforces the monopoly power of its provider.

The first is shown by the fact that industrial content are getting cold feet over the EU copyright directive as the service providers have switched to supporting Article 13 since they already have the so-called “upload filters”. Only the big boys will be able to remain in the game of hosting user authored content. As predicted, the new regulations will inhibit both startups and SMEs.

The second story is closer to home. The UK have decided to mandate age verification functionality for porn sites. Who do you think is going to build that? Alec Muffet and the Open Rights Group have been tracking this and even if you think it’s a good idea, they way it’s being done is disastrous. The BBFC is the regulator and this is a massive piece of scope creep, it looks like they will licence a third party to act as the software provider and again the favourites to win this business is an interested party. Alec’s latest blog post is on Medium and is critical of the regulator’s stance and IT Security expertise and he previously wrote about the competitive dynamics and opportunities created by the new laws. Muffet is also concerned about the profiling use of such a database of porn users. It’s almost back to the days of the Roman Empire where monopolies were licensed. …

Mass Action or Court Action

I have today posted a limited review of Orgcon17 which happened last year. One of the most provocative presentations was this one, “Is the law the best way to stop mass surveillance?” While it documents the heroic struggle by a small group of fiercely motivated lawyers, it’s incredibly slow at the time, the court cases considered in 2017 related to 2015 laws and by the time the rulings came through the law in question had been replaced, but while pursuing legal action, mass action is hard, although crowdjustice.com and other petition sites allow the building of an on-line communities.

The presentation made me think about the numerous, trade union legal actions on collective bargaining issues, most notably their pursuit and criminalisation of Uber. In these cases, the use of the law is a sign of weakness, albeit of both sides, but demos and voting aren’t enough to change politicians minds on issues they consider peripheral. …

At Orgcon 17

I am just back from orgcon17, and here are my notes; this was a two day conference, with many sessions on issues of concern to digital liberty campaigners on regulation of the use personal data. It took place over two days, consisting of lectures & panels and workshops. On the first day, at Friends House, where we had the use of the amazing central meeting room it looked at the coming legislation on investigatory powers, the use of the law to make political advances (it’s slow & uncertain), an interview with Caroline Criada Perez, the campaigner who got the first woman on British bank notes and a women’s statue in Parliament Sq.. It looked at e-voting systems in Taiwan where the government used a consensus building software product to engage the population in traffic management solutions design. Jamie Bartlett spoke about privacy vs. security. There was a session on Digital Liberty & regulation in Nigeria. There was also a session on the privacy vulnerability to the coming “age verification for porn users” regulations. Much of these lectures are available on the ORG’s Video channel.

The second day consisted mainly of workshops focused on campaigning. There was a workshop that reviewed the technical architecture of the investigatory powers bill (as they then were i.e. the architecture and legislative stage). There was a workshop in using the Freedom of Information Laws to enhance campaigning, and also about the likely campaigning tools to be offered by the coming General Data Protection Regulation (GDPR) i.e. enhanced subject access requests, the right to be forgotten, of remediation and to object and stop processing.

There were sessions on building local Open Rights Group groups, how to perform IT security effectively for campaigners and a review of the ORG’s Blocked tool.

I chaired a session on building a Charter of Digital Rights, with Richard Barbrook and Mara Leverkuhn. Richard announced his initiative to put some more detail behind the Jeremy Corbyn’s Digital Manifesto which they created to support his 2016 Leadership Campaign. I documented/advertised this session on my blog https://davelevy.info/digital-liberties/

ooOOOoo

The relevance of this conference to CISSP certification is in the Regulation & Compliance domain. One of the critical to IT organisations is failing to keep up with laws and regulations. The ORG focuses on the law as it relates to privacy, censorship & intellectual property. Businesses need to keep these laws in mind when designing their risk taxonomy and control catalogue.

This was written in Oct 2018, nearly 12 months after the event; I did it to claim CISSP CPD Credits. I have as normal, for me, in these circumstances backdated the article to the time of occurrence. …

No safe space

No safe space

I made a storify after the election, and its terrorist disruption about the, mainly Tory response in blaming the internet. I don’t make the point that the Northern Ireland “troubles” were pre-internet but I do talk about the Tories, and May’s instinctive response is to censor and silence dissidents. I also point to Amnesty International’s critical report on the UK’s surveillance laws. I transferred this to the blog, as at the original date of publication, once Storify announced they were abandoning their service.

 …

Policy

I wrote a piece on my essay blog, now here trying to resurrect my thoughts on the #digitalliberty agenda just before the election. The thoughts were formed and committed to writing in 2014 and I said in the article that I thought they’d stood the test of time.

On second thoughts I think it’s weak on

  1. the right to privacy being a right to use encryption
  2. a failure to recognise that access to records created for fighting serious crime may have unacceptably low thresholds of access i.e. no-one is checking that the use is about serious crime
  3. justice must be public and require human judgement; algorithms can’t be judges (although it does cover that!)

Third thoughts would be that the Digital Economy Act 2016 widens the definition of criminal file sharing beyond reasonable and proportionate. …