Joris van Hoboken

The New York TImes BITS blog has an interesting piece on BT’s system PHORM. They are starting a test with 10.000 customers (They tested before but now will do it properly I guess). The service is called Webwise. It consists of their PHORM web traffic profiler, about which the notice for customers is rather vague. On top of that it promises to protect BT’s customers against fraudulent or ‘phishing’ websites.

Why on earth did they bundle these services? (As far as I can see you cannot use them seperately.) They are totally different in character and altogether unrelated. This is one of the worst ‘opt-ins’ I have ever seen.

UPDTATE: For more details on Phorm, see coverage by The Register.

In his piece for Google 10 year anniversary Google watcher Danny Sullivan says: “Google is a habit, a good habit that no one feels a need to kick.”

I was interviewed for a 10 year Google piece (in Dutch) by Vrij Nederland’s Maurits Martijn, in which Jos de Mul asserts: “Google sucks. Google sucks life.”

This recent article on Google by Geert Lovink is also worth a read. He describes the rise of Google in this way:

“The World Wide Web, which should have realized the infinite library Borges described in his short story The Library of Babel (1941), is seen by many of its critics as nothing but a variation of Orwell’s Big Brother (1948). The ruler, in this case, has turned from an evil monster into a collection of cool youngsters whose corporate responsibility slogan is “Don’t be evil”. Guided by a much older and experienced generation of IT gurus (Eric Schmidt), Internet pioneers (Vint Cerf) and economists (Hal Varian), Google has expanded so fast, and in such a wide variety of fields, that there is virtually no critic, academic or business journalist who has been able to keep up with the scope and speed with which Google developed in recent years.”

To help us see he bright side of that expansion, Google itself made a nice cute website.

A week ago an academic study (in Dutch, English summary on p. viii-xiii) was released on the filtering of child pornography by Internet providers in the Netherlands. The government’s reaction is here. The study discusses the existing child pornography filtering schemes in the Netherlands and abroad, the effectiveness of the schemes and Internet filtering more generally and lays out four scenarios for the future. The report gives an excellent account of the political discussion about child pornography filtering in the Netherlands over the last years. I am not so sure about some of the legal and normative conclusions it contains. I do hope that the debate about these issues will continue, possibly in the area of filtering and blocking in the context of intellectual property enforcement, which is currently being pushed for in the European Parliament.

Without going into too much detail, let me give an overview of the four scenario’s the study comes up with. The idea in all scenario’s is that there is some kind of Internet filtering scheme targeting child pornography. I find this inconsistent with the study’s finding that the present schemes are ineffective. (The study measures effectiveness in relation to the goal of preventing internet users against child pornography. It does not consider it realistic to measure internet filtering effectiveness in relation to preventing child abuse.) Nonetheless, the study states the following:

“It makes sense to extend existing technical possibilities to filter and to improve them in particular. There is simply no way back. The Internet will be, more than in the past years, not only a place outside the law (’vrijplaats’) but also a place subject to (government) control. The development of technologies of control suit this societal trend.” (Study, p. 113)

The Dutch government seems to share this view, stating in its response to the report that “naturally it is unimaginable that The Netherlands would stop with the filtering and blocking of child pornography on the Internet.” (I would have agreed if it had stated “investigation and prosecution”.)

The scenario’s relate to the roles of the principal actors of the Internet filtering, and in particular the degree of government involvement. The principal actors are (in the study) (1) the government’s executive branch, i.e. law enforcement and the Ministry of Justice, (2) the legislative branch, (3) private parties (by which they mean ISPs, commercial filtering developers, and other (not for profit) organizations such as association) and (4) citizens. (I miss the judicial branch as a possible principal actor, which seems relevant because of the issue of censorship.)

Scenario 1. The government does not participate in the filtering scheme in any way and hands over its current activities with regard to Internet filtering to a non profit (we have one in the Netherlands, Meldpunt Kinderporno). ISPs, citizens, and this organization participate in the filtering. The executive branch and the police investigate and prosecute child pornography but do not participate in the filtering scheme.

Scenario 2. The government participates as a facilitator of self-regulation by ISPs and the named NGO which would coordinate a black list, but does not have any executive role in the filtering regime. This scenario is also termed controlled self-regulation. Under this scenario, the government would invest in the development of more effective filtering technologies and research about internet filtering.

Scenario 3: The government, in particular law enforcement agencies, participate in the filtering by assisting private parties (companies that develop internet filters) with lists of child pornography material (or hash codes representing such material). The responsibility for the lists and the decision to filter remains with the producers of internet filers and ISPs respectively.

Scenario 4: The legislature introduces a new mandatory child pornography filtering obligation for ISPs, or possibly for schools and public libraries. The researchers conceive of a provision that would make it illegal for ISPs to provide access to child pornography on the Internet, it seems in specific cases. I won’t discuss this further, because the proposal seems unrealistic at this point.

Why these four scenario’s? It is clear that the degree of government involvement mirrors the fundamental right to freedom of expression. The study states that the first two scenario’s would not cause any legal problems in terms of censorship and article 10 of the European Convention, simply because the right to freedom of expression protects us (and ISPs) against government interference, not against private parties. A similar solution is found in scenario 3. In this scenario, the police provides lists but does not make the decision (what) to filter. Interestingly, the little diagram points out that the government does make the list in this scenario. This seems inconsistent.

The conclusions that are tied to the proposed degree of government involvement in light of freedom of expression are simplistic. They are also not in line with the Recommendation of the Council of Europe’s Committee of Ministers on freedom of expression and Internet filters of March 2008. This Recommendation sees a positive role for the State with respect making sure that Internet filters do not unduly restrict the freedom to impart and receive information. It specifically addresses the important issue of private censorship. Unfortunately the study does not mention this recommendation. The reason could have been that the study was already finished.

The first three scenario’s are also inconsistent with the remark I translated above. If the researchers consider a filtered and (partly) government controlled Internet as inevitable, they should advise the government and legislator to put their money where their mouth is, i.e. to help develop technology, to amend existing legislation, and most importantly how to do so in a way that would be consistent with the right to freedom of expression as enshrined in Article 10 ECHR. In my opinion it is politcially inconsistent to draw a scenario that basically means the government does not really participate in a scheme we see as inevitable for the future for upholding the law in cyberspace (in the Netherlands). What law is that going to be? Our ISP’s law? Google’s law? The content industry’s law? These are normally not considered to be part of the law.

Another point where the report merits additional debate is the answer to question 2(a) and (b) about the legal possibilities and restrictions on Internet filtering. The study concludes: “It is unquestionably legally possible that ISPs, LAN administrators or private parties filter their internet [emphasis added]. [...] Legal limitations mostly apply to filtering by the government. These restrictions, enshrined in Constitution and ECHR, can -realistically speaking - not be removed. However, one can choose not to come within reach of these limitations by leaving the filtering to [private parties].”

Is this legal possibility that unquestionable? The study reasons that Article 18.13 of the Dutch Telecommunications Law, which protects confidentiality of electronic communications, does not allow ISPs to unilaterally block or filter, where this would involve looking into the contents of traffic. It then simply states that it is enough for the ISP to have permission of its customers to override legal concerns and compares the situation to the (from the perspective of free speech incomparable practice of) filtering of spam and viruses. It then states “since  the nature of the measure and the nature of the information to be blocked leaves no room for individual preferences, the legal terms of use [of the ISP] is the feasible way” to get this consent. The study then recommends that ISPs include the criteria on the basis of which it does not provide access to specific Internet domains or IP-addresses.

I am currently working on this issue in the context of my dissertation research and following the debates about internet filtering in the context of the review of the Telecommunications Framework at the EU level. My present understanding is that this analysis is incorrect. See for instance one of the basic considerations from the recommendation of the Council of Europe:

“Convinced of the necessity to ensure that users are made aware of., understand and are able to effectively use, adjust and control filters according to their individual needs.”

Finally, as an Internet user, I would not choose an ISP that would participate in some ineffective symbolic filtering scheme that I have never needed to prevent me from seeing material that I never ran into and have never heard people did run into when using the Internet. If all ISPs were to filter under the present technical conditions, however, I would like to be able to turn it off. Let the parties involved put their energy into the investigation and prosecution of child abuse, the production and distribution of child pornographic material and the development of guarantees against private censorship. The study shows there is a lot of room for improvement in this direction.

Google is publicly defending the Google-Yahoo Deal on its Public Policy Blog. This specific Q&A struck me as possibly misleading and revealing at the same time:

Question: Will Google benefit from access to Yahoo!’s user data?
Answer: No. We have taken steps in the Yahoo! agreement to make sure that neither company has access to personally identifiable user information from the other company.

What is this supposed to mean? To answer this question, one has to know what Google considers to be personally identifiable information (pii). I would love to hear some clarification from Google here. In the past Google has stated it considers user logs of non-authenticated users to be non-pii. Its privacy policy is constructed in a way that allows the legal defence to be made that server logs are non-pii. So the question remains, what data do they share? Since the statement specifically refers to the term personally identifiable information (and the statement must have passed Google lawyers)  I place my bet that the deal gives Google access to Yahoo search data. That would make Google (Search, AdSense Network, Analytics, etc…) + DoubleClick + Yahoo. Of course, I would love to hear that I am wrong.

I haven’t posted for over a month, mainly because of holidays and my (short term) move to Cambridge (U.S.). Two things I missed writing about here:

Google’s response to the Article 29 Working party. For some debunking of the 9 month ‘anonimization’ period see Chris Soghoian’s post at CNET. (He is also working at the Berkman Center this year.) There is much more to it than the retention period and the link to the privacy policy. The issue of jurisdiction and the Data Protection Directive is, although rather technical and legalese, very interesting. Google does not acknowledge outright that there is jurisdiction but between the lines it does. (To be honest, legally there is no escape.) It argues that its headquarters are the only one that could have responsibility (not its Irish headquarters). Finally, there is the question whether a search engine is the controller for the personal data it processes in the context of crawling, indexing, caching and the offering of search results. This is by far the most complicated issue and involves both the fundmental right to privacy and the right to freedom of expression and information. I have an article coming up (in Dutch) about this issue in the Dutch journal Privacy and Informatie. It will be posted on the IViR site, when published.

United Airlines crashes after which publisher and Google fight over who’s to blame. See Benjamin Mako Hill’s post @ Revealing Errors for some details. My take on this: Some people that were clever enough not to rely on one story made a lot of money. The story would not make a lot of sense if you would know enough about United through other sources. The stocks went from  $12 to almost $3 and then back up again. There must have been some people that were clever enough to start buying when it started reaching 3-4 dollars. They made a 200 % profit within one day. Not bad at all.

Lucky me! I am visiting researcher this fall at the Berkman Center for Internet & Society at Harvard University. I am working on my own research on search engines and freedom of expression and have started to enjoy as much as possible all that the Berkman Center research community, Harvard University and the broader US East-Coast academic environment have to offer me.

The Berkman Center is an extremely vibrant and pleasant research community. In the two weeks that I have been there, I have attended a conference on the legacy of the Microsoft antitrust case, lectures on the future of the Internet and citizen journalism research, and a range informal discussions. I knew the Berkman Center primarily through the Summer Doctoral Programme (which I attended a year ago) and from OpenNet Initiative, Chilling effects, and Stopbadware, but there are many more interesting projects going on that I hope to learn more about in the coming months. On top of that some of the most knowledgeable people in the field are walking around there.

Harvard Law School’s primary asset for me is the library. It’s open all the time, very comfortable and spaceous and most importantly, it has a lot of books. This is extremely helpful for my research.

I can’t complain about Cambridge and Boston as living environment. I live close in a very green area and close enough to bike to work. There is a lot of music and performing. And only four hours and 15 dollars away there is New York City (I visited last weekend). MIT is around the corner, Yale (and the ISP in particular) is not far away.

Lucky me!