Intellect or Insanity, Jonathan Klinger's Blog

0. Abstract.

[This Wednesday I shall lecture at the LiSS working group conference, here is a draft of my lecture] From 2003, and until today, the Israeli Government has been working diligently in order to legislate the biometric database act and the orders and ordinances according to it. However, This biometric database is not the only biometric database in Israel and is not the only database where government authorities have access to. In my brief lecture, I shall present a different approach, asking whether this database act was actually required and what are the reasons for choosing a legislative act when doing so. When doing so, I’ll have to ask whether the act of legislation was needed because the social contract was broken, or because it was a megalomaniac act made out in will to block any different approach to databases.

1. Database Laws, Privacy.

Let’s first understand how government databases operate. The Israeli Privacy Protection Act does not differentiate public sector databases from private sector ones; moreover, article 23D provides any person the right to know about such database and article 23C provides government bodies the right to request and transfer data from other databases when the action is required by law or by the body’s function. Meaning, if it was it’s desire, the Government could have set up a registered database and operated the biometric database out of such act; but in such case, it couldn’t have mandated the people to provide their biometric information.

So what could it do? It could have amended the Census Act. The Israeli Census Act is the act regulating the management of the Israeli Census (which, as we already know, was leaked to the Internet); article 2 writes down the fields in the database that are required to be listed. In such case, amending and mandating a person’s biometric data under it could have solved the biometric database problem in a 1-line amendment, without requiring massive legislation.

However, The Israeli legislator decided to pass a 30 page long act (PDF), which describes in full the security and use in detail, and allow public debate over it. In order to understand why, let’s understand how other government databases work.

2. Government Databases and legislation.

First let’s see what are the databases which were legislated and which weren’t; Meir Sheetrit, the biometric database’s entrepreneur, said that “Israel has enough [other] biometric databases“. However, if we inspect his claims, we find out a different perspective; the one who says who and when is required to provide his information willfully to the database.

Let’s first inspect what are the databases that were legislated under the Israeli Law: The Israeli Anti-Money Laundering Act, The Israeli Census Act (which actually does not establish a database, but only allows the inquiry of information), The Police DNA Database (The Criminal Procedure Act (Searching in a person’s body and taking of identifying information)), Criminal Records (The Criminal Record Act).

On the other hand, there are quite a lot of databases which contain information which is as personal and as sensitive as the legislated databases, including the migrant workers biometric database, the driver’s license database which includes photographs and according to the Israeli transportation office, does not require legislation in order to retain a database (where the transportation office provides this biometric information at least to the ministry of interior), the unemployed database, which contains fingerprints of unemployed and  the Bus Authority database that contains information regarding passengers and their routes.

3. Why do you legislate databases?

We can see that while some databases were legislated because of their sensitive nature (money laundering, f.e), there is no actual difference between the sensitivity; There is no actual difference between money laundering information or the biometrics of a migrant worker. We can also say that legislation did not come because of the voluntary nature of the database; a person cannot choose to be unemployed or not to travel by car or bus. None of the non-legislated databases are actually voluntary; they just address specific needs and puts the person “agreeing” to provide the information in an inferior place: he is either unemployed, or he wishes to travel to Israeli to work, he may want to drive in Israel or take a bus. These are all daily functions that a person cannot go without.

4. Why Legislation.

Now, let’s go to the theoretical assumption that legislating the biometric database could have been made without any real or substantial legislation; It could have actually just establish a national database by issuing an order of the Passport Act, seeing that most Israelies have a passport, and hold the information in a way that is “required” to issue a passport; he could have went in the same way the Transportation Office went, and required just the issuance of fingerprints. However, the choice to legislate the database was taken. And why?

The reason is the Israeli Privacy Protection Act, but not the article requiring willful consent, nor the article mandating informing the data subject on its rights, but because of article 23C. Let’s inspect the text:

“Notwithstanding article 23b, providing the information is permitted, if not prohibited by any legislation or professional ethics – (1) between public bodies, if one of the following exists (a) providing the information is in the authority or role of the body who provides the data and it is required to exercise a law or a cause by the authority of the data provider or its recipient; (b) providing the database is to a public body who is allowed to demand such information according to law from any other source; (2) from a public body to a government office or another state establishment, or between offices or bodies as such, if the providing of information is required to exercise any legislation or for a purpose in the authority or roles of the data provider or its recipient …”

Well, we do need to read this carefully: There could have been a state-wide database without legislation;  however, in such case the Police could not have been granted access to the information. And why? because neither article 23b(a)(i) nor article 23b(a)(ii) allow it: The first alternative requires specific authorization under law to disclose the information and the second requires that the police would have been authorized to request the information at source. However, the police are not entitled to coerce a person to give them his biometric information, and the ministry of interior [was] not authorized to specifically assist the police.

Therefore, unlike other databases, the mobility of the information and the detachment between the cause of why it was collected and its use brought the actual need for legislation.

5. Ruling out other factors.

Now, we can inquire about the question of whether this was actually the reason; whether there was a secret hand that required it. The only reason to explain why a 30-page long bill was passed was explained when alternatives were presented to the government. The rejection of the Adi Shamir proposal, for a non-identifiable database, and the choice to store both a person’s facial photo and fingerprint (where such information is not required to maintain a clean database, see Yoram Oren’s statement “if the purpose is to reduce a list, then yes“). Meaning, the legislator was presented with at least two alternatives that allow a secure database that does not allow double-inclusion and does not retain so much sensitive data, but rejected it.

Such rejection may be discussed later in courts when inquiring about the constitutionality of the act, but that’ out of the point. The choice of both legislating and deciding on this architecture was made solely in order to allow surveillance.

6. Summary and Conclusions.

We know that the legislator had other options to legislate a database (or not to legislate it); and that it could have allowed it to be used quicker, without any pilot and even with the coercion against the persons, but in such case, the police and other security authorities could not have obtained access to the database. Therefore, the sole purpose of addressing legislation is in order to allow such access, and unless we can rule this out, this is the true purpose of the database.

The ruling in C 48511-07 Dr. Dov Klein v. Proportzia ltd will most probably not be in any future cyberlaw schoolbook unless Google, one of the defendants (or actually three of them), will decide do appeal even though such a small amount (around 12,000 US$) was ruled against it and Proportzia. In brief, before we discuss the problems of this ruling, let’s tell the story. Dr. Dov Klein is a plastic surgeon. One day he found out that Proportzia, a clinic providing cosmetic surgery and other beauty treatments, decided to purchase AdWords under his name. Klein did not like the use of his name and decided to sue Proportzia as well as Google, the service provider. The Magistrate Court of Tel Aviv-Jaffa ruled that Proportzia and Google are liable for invasion of privacy and must compensate Dr. Klein.

Google AdWords lawsuits were a big issue in the past (where the most famous was Government Employees Insurance Co. v. Google, Inc., No. 1:04cv507, see more at Eric Goldman’s blog). In Israel, however, there was one material ruling, OP 506/06 Matim Li v. Crazy Line, where the Israeli District Court of Tel-Aviv ruled that as long as the ad itself is not misleading, there is no problem with purchasing ads using someone’s tradename. But here the court needs to explain why he deviated from this decision, so he ruled that “These are keywords which contain a personal name, and not a trademark, and therefore you cannot say that in regards to this name the internet is an advertising space similar to others. So it would be adequate to rule that in regards that without the personal name’s holder’s permission, the name shall not be used for advertising”

The court goes with the infamous publicity rights and determines that when the use use is of someone’s personal name, and not a trade name, then the use has to be with permission of its “owners“. However, here already stands a first problem in regards to publicity rights. Dr. Klein is a celebrity, and as such he has not right for privacy (in regards to publicity rights). Israeli courts ruled that when a person uses his name for trade, he cannot later state that he does not want others to rely on such business name. In a recent case, the court ruled that “the right for privacy is a right that protects the emotional-personal interest of a person, his autonomy and his private matters, but not his financial interests” (C 534-08 Hava Koren v. Shai Cohen). Meaning, the rationale behind publicity rights apply where a person does not wish to be known publicly and is coerced to do so, not where he is already known.

The second problem here is where is the border between a person’s name and a trade name. Is Ford protected under this ruling, being the surname of Henry Ford? This is the incoherence that later calls of over-litigation and pays the lawyer’s retainer is bad lawsuits. If the court had a reasonable rationale, it had to provide it in a detailed manner, even if it means writing 50 pages instead of 14.

Now, after having said that, the real problem arises. As the court did not provide reasoning for its ruling, it did not explain where Google’s active involvement that provides incurring liability on it. That’s why Google did not know, and was not expected to know, about the existence of a person named Dr. Klein and that he does not want others to use his name. The court here goes against any other service provider liability case in Israe (C 567-08-09 ALIS v. Rotter, C 1559/05 Hemda Gilad v. Netvision, C 64045/04 Al Hashulchan v. Ort).

The fact that the court did not provide reasoning to its ruling is a problem. It does not let us understand why it decided that Google is liable and does not let us understand the issue. We have to wait and see whether Google appeals this.

[Originally in Hebrew]

A recent Israel court ruling stated that linking to copyright infringing content does not constitute a direct copyright infringement (CA 567-08-09 ALIS – Association for the protection of cinematic works v. Rotter.net Ltd) was quite an interesting one. Alis, the Israeli equivalent of the MPAA sought a popular forum website, Rotter.net, in regards to user generated content in two of its popular forums: Downloads and Movies. Alis’ claim was that by providing links to infringing content, Rotter is liable for direct infringement.

The court recognized that notice and takedown is the correct way to handle user generated content and ruled that Rotter is not liable for any user generated content as long as it removes the infringing content promptly. By ruling this way, the court created the so requested connection between the recent Supreme Court ruling in CA 5977/07 Hebrew University v. Schoken (which dealt with the university’s liability for coursebooks distributed by students creating infringing content) and the virtual world (and in regards to notice and takedown under Israeli law, see RCA 1700/10 Avi Roy Dubitzky v. Liav Shapira, C 1559-/05 Hemda Gilad v. Netvision and C 64054/04 Al Hashulchan v. Ort).

However, the main issue with notice and takedown was the amount of actual knowledge the court required: The court determined that it is not enough that Rotter is reported that a specific forum has infringing content, but they have to have actual knowledge of any specific infringement. However, the court opened a latch for “bad forums”, meaning that a place where the service provider knew about a material amount of infringements it shall be liable to the forum’s activity. In the court’s words “the presumption is that the website’s owner is aware that he is assisting in the existence of direct infringements, and that such assistance is actual and material contribution to them. Therefore, the burden is on that website owner where a suspected forum exists to prove that the existence of the forum serves a legitimate purpose or that he was unaware of the infringing activity (and if so, he shall not be liable until he was notified that this is a “bad forum”“. Therefore, the court actually narrowed the service provider exemption from liability.

In the court’s opinion, “as a rule of thumb, we can determine that a closed forum, where in a specific time there are more than 10 links to infringing sites, and that the messages including links to infringing sites constitute more than a quarter of the substantial content of the forum (meaning, messages that are not information requests or responses to other messages), should be suspected as a “bad forum”“. Meaning, the court determines that a forum that has more than 10 infringing links, and when these links are more than a quarter of the content, even if the website owner had no actual knowledge, he may be liable. This ruling may be dangerous, and having being a district court one, we should put our fingers on the pulse to see how it goes in the future.

From where did the court conclude the numbers? why didn’t he include the number of absolute postings in the website as a criteria (in contrast of forum messages), why didn’t it inquire whether opening a forum requires the owner’s consent? all these questions were irrelevant to the ruling and were not included in the court’s opinion.

However, this part of the ruling is not the material part, but only the part easy to understand. The important decision was in the question whether directly linking to an infringing content on another site constitutes as direct infringement. Here is the time and place to remember how copyright works: actually, there are specific actions where the copyright holder is the only person entitled to perform, and the rest of the actions are allowed. These are specified in clause 11 to the Copyright Act. One of these rights, in Israel, is making a work available to the public.

Alice tried to claim that linking is making a work available to the public, defined as “performing an action in a work so that people from the public may have access from a place and time of their choice”. However, the court rejected this claim and said: “creating a link which transfers the user directly to the infringing site (either to the homepage or an internal page) is not “making a work available” … First, creating the link is not “performing an action in a work”; second, the link, by itself eases people from the public to locate the infringing work, but it does not create the access. In other words, the work has already been made available by the infringing site and therefore linking to that site cannot be deemed as “making a work available”“.

The court determined that there is no actual direct infringement (but may allow contributory, secondary or vicarious ones) by linking, this is a blessed interpretation of the law, which was not always acknowledged by the court (it was, however, ruled so in 11-cv-20427 Disney v Hotfile).

The meaning of this ruling may be relevant, however, to other torts. For example, could a person being slandered in a website sue all people directly linking to it? It seems that in such case, this ruling goes in favor of the actual logic.

[Originally in Hebrew, here]

Software patents are a problem, not a solution; that’s why when the Israeli Patent Registrar wanted to hear what the public thinks of them, we (at Hamakor, Israel’s Free Software and Open Source Association) wrote a detailed paper about it; in the end, the Israeli Patent Registrar gave a final decision stating that software by itself is not patentable in Israel [Hebrew Link]. However, other jurisdictions may not think the same.

That’s why corporations like Microsoft tend to use software patents as a strategic whip; for example, Microsoft approached HTC with a patent settlement offer, that will cause HTC to pay 5 US$ for every Android mobile device it sells. The thing is that Microsoft directly competes with Android with its “Windows Phone” operating system. Therefore, Microsoft makes more money when its competitors sell Android devices than when it sells its Windows Phone. But, of course, that the problem, not the solution.

Yesterday, David Drummond, Google’s chief legal counsel, ranted in the official Google blog about this conduct (covered also by TechCruch). He said that ”
A smartphone might involve as many as 250,000 (largely questionable) patent claims, and our competitors want to impose a “tax” for these dubious patents that makes Android devices more expensive for consumers“. The thing is that Drummond is also relating to the problem, and not the solution.

Recently, Android had became less and less of Open Source and more proprietary, where Google refused to release Android’s source code. Also, the choice of non-GPL license caused it to be less free. Of course, this lead Google further from the Solution.

The solution to Patent Trolling in the Android market segment is inherent with free software: detach the software distribution from hardware distribution. When people can purchase the devices and then install their OS at home, when they download it for free from the Internet, then these Patent Trolls will have to go against the actual distributor: Google.

As you know, Google, unlike other software companies, has the backbone and endurance to go into legal battle and keep the software segment patent-free. They did it during their long dispute with Viacom over YouTube and they’ll do it again and again.

The only way to win is to fight.

0.
Terms and Conditions (and Privacy Policies) are a bitch. I know, because I write them for a living. Yes, it’s me who made you agree to provide that website with an “irrevocable, unlimited, commercial right to access your personal information stored in the service” just so they could fight the spam they tackle on a day-by-day basis. I’m also the guy that these websites call when some random schmuck send them a cease-and-desist letter claiming they hold the copyright on the word “party” or something like that.

1.
Lawyers face a terrible problem, most users don’t read the terms and conditions; this causes them to be unenforceable in some cases (DeFontes v. Dell, Inc., No. 2004-137, 2009, more here) and lawyers tend to create presumptions of acceptance in different terms, which are always uncertain because they are never tested in court. Some lawyers tend to add the “I Agree” button only at the end of the document, some require email confirmation and some just add an “I Agree” checkbox.

2.
In comes CommonTerms. CommonTerms tries to simplify the reading of hard to read legal documents by adding nice icons about how the service providers use your data, if they are allowed to revise the terms for any reason or other information. In order to do so, Common Terms analyzes existing agreements and attempts to draft a database of practices. While their idea is nice, it’s yet to be perfect for the end-user because he needs to know such icons exist and actually read the terms for it.

3.
In comes my solution; however it requires some cooperation from lawyers. Lawyers could use XML tags or RDF, where lawyers could tag their Terms and Conditions with specific tags, such as “Shares your user generated content with 3rd parties” or “allows other users to create derivative works of content you upload”. In terms of Privacy Policies, it may be even easier, as a privacy policy is a set of specific questions, where the Icons just may show “uses 3rd party cookies” or “profiles you and sends information to advertisers”. Now, once the specific list of terms are defined, we can actually create a tag generator so the tech guys could mark the site; then, like websites put the Truste seal, they could mark their website in terms of user-friendliness.

4.
After we get the marking down, we still have some problems, but all are solvable: Self-Enforcement and Information, as well as comparing sites in terms of their Terms and Conditions. The other factor may be creating common grounds for tagging and creating child-friendly filters or other uses that users may do to understand what happens when they post their content in websites: is it sold, reused, mixed, shares or just removed after 36 hours.

5.
The thing is, that as a lawyer, I cannot code and I cannot enforce these things on people: not on other lawyers and not on my clients (or other lawyers’ clients). So, in order to make this happen, a demand has to come from the public, and that’s you.

You also appreciate reading about the EULA Generator.

In about two weeks time, I’ll attend the Wikimania2011 Conference and discuss Cultural Fair Use, Political Narrative and Copyright; while this might sound as one big mashup, because there is no apparent connection between copyright and political narrative. The story of fair use, however, points us to why copyright, more than any other thing, has to do with Politics. The text of this lecture is somewhat derived from my research with Dr. Nimrod Kozlovski for Consumers International about Fair Use in Israel.

But first, a short story. One of my favorite TV shows is South Park. I’ve been watching them from 1997, and have been a fan of the authors and their opinions; when Trey Parker and Matt Stone described their approach towards copyright in their interview for Reason Magazine back in 2006 i was quite happy to find out their approach for copyright was that of a true artist, a wish to reach a wider audience. In a same manner, back in 2008 when they launched South Park Studios, a website to allow watching all their episodes through video streaming as well as remixing and sharing their content, I understood how much they were artists and how they were not just in it for the money.

In 2008, South Park paid tribute to the internet nation with an episode criticizing the Writer’s Guild of America’s Strike while paying tribute to some of the latest internet meme sensations such as the sneezing panda and the Star Wars Kid. One of the subjects of criticism was Samwell, whose video “What What (in the butt)” depicted an African American male pondering whether the viewers of the video wish to “do it in the butt” with him. The video was displayed in the popular YouTube site free of charge and received millions of views.

In the “Canada on Strike” episode, the four prepubescent characters in South Park wish to earn a quick buch from the internet and decide to film a viral video. The position Butters, one of the characters, in the same way as Samwell is in the video and make the unconceivable, take the already grotesque video and make it even more grotesque. This is basically why I love South Park so much: the interaction between extreme free speech and the ability to mock the already mocked to a grain gives them the ability to go on for so many shows. This is the video that Butters produced:

Samwell decided that South Park’s use of his “Work” constituted as copyright infringement and decided to sue Viacom for copyright infringement. Viacom decided to be the better person and instead of settling the case out of court (which would help it, as a copyright owner to fight others who make similar uses of its content) decided to try and use the affirmative Fair Use defense. This week, a Wisconsin federal judge dismissed the case, arguing that South Park’s use of the work was fair (read the full opinion of 10-CV-1013 Brownmark Films LLC, v. Comedy Partners). The court weighed in favor of what I try to call “Cultural Fair Use” which became somewhat popular recently, but is not actually in the general Fair Use exemptions.

For all you non-lawyers, fair use is a defense (codified in 17 USC 107 for those who use copyrighted works for causes such as “criticism, comment, news reporting, teaching, scholarship, or research”. However, South Park’s use, in spite of the wish to be considered criticism, is not really criticism, but mockery or homage. South Park used Samwell’s work in order to criticize the viral videos altogether, not the work itself. In a similar case, where a famous Israeli Comic Book (or should I actually say “Graphic Novel”) cartoonist depicted Donald Duck in order to mock the Isreali Society, the Israeli Supreme Court ruled that his use was not fair as the criticism was not on the work itself (RCA 2687/92 Geva v. Disney). Only recently, the lower courts acknowledged that other, cultural aspects of fair use in order to stretch society’s public domain and ability add some works of authorship to the public domain without the formal requirements of copyright terms, solely because such works have become works of the public due to popularity and demand.

The recent cultural fair use is based on folklore more than anything else. The basic elements are that once a work has exhausted its commercial value and became a part of popular culture, it may allow others to create additional social value by reusing the work. Such uses may be mashups, remixes or other uses which are not highly criticizing or transformative, but are without any impact on the actual market value.

[Here comes that part where if you read this prior to hearing my lecture you thanked me, because the crowd will be rickrolled]

A good example is Rickrolling, the phenomenon of baiting someone into clicking a link on the internet which leads to Rick Astley‘s “Never Gonna Give You Up” video, which is not as grotesque as Samwell’s “What What”, but is no less funny. People have used this song and attempted to add it into popular culture and other works as an homage to the internet nation; either by playing it instead of the end credits to Bill O’Rielly‘s show, paying tribute in an episode of the popular TV show Family Guy, using Barack Obama as the singer by mashing up his speeches or even a Stephen Hawking tribute to the song.

But putting Rick Astley‘s career aside, let’s discuss Government Works for a bit. The US, as well as other states, has a “Government Works” clause that determines that any work of authorship made by the state itself is not subject to copyright. Unlike the US, Israel does not have such clause. Therefore, a material part of Israel’s history is subject to copyright; meaning that the national photo archives and other government works such as reports of the Central Bureau of Statistics are subject to copyright. In such case, when Israeli nationals (and other nationals, actually) wish to use government works, they must either license them or find other sources.

This creates a burden, first of all because the Israeli government does not benefit from selling licenses. It is not one of its positions as a government nor is it a material source of profit. The government has set up its Press Office to allow dissemination of information freely from the government outwards and copyright restrictions seems to contradict Israel’s wish to disseminate its message.

During the 2010 term, Parliament Member Meir Sheetrit submitted a bill introduced by Wikipedia Israel, proposing that non-commercial use of government pictures shall be free of charge, as long as the use is with credit, and does not manipulate or alter the photos in any way. In an interview, Sheetrit stated that one of the reasons for the governmental opposition to the bill was the fear from use of the photos by organisations
which are hostile to Israel or wish to promote the opposing narrative.

The bill was prepared following a study by Creative Commons Israel and Wikimedia, which dealt with Crown Copyrights. The understanding and discussions were whether to apply fair use principles to these uses or to exempt them individually. The tension between personal uses and political uses was balanced by the Israeli ministry of justice, which drafted the bill for MK Sheetrit, and exempted non-commercial use only.

Interestingly enough, the definition of what is commercial and what is not has yet to be discussed. It is interesting to note that both the language of the bill and the language opposing the bill use copyright as censorship or impediments on free speech. The rationale behind the bill, at least as stated by MK Sheetrit, was to allow the dissemination of Israeli Hasbara (propaganda) and use of the Israeli imagery for free by bloggers, Wikipedia and other organisations who wish to use them in order to enrich their works. However, at least as stated by MK Sheetrit, the governmental opposition was based on the fear of use by hostile organisations. Both parties held an opinion that government works are a part of the discourse and that copyright may be used to prohibit others’ speech or to allow them to undertake one’s narrative. These rationales underplay the economical aspects of copyright, and deal with fair use in a different manner, which is the ability to silence political speech.

If, indeed, the only rationale for copyright in Israeli government works is political: to maintain the political narrative, then one material aspect, which is the commercial value of the work, has to be let aside when discussing government works. Let’s, for this cause, inspect the incentives behind copyright and see whether they apply for government works (based on the incentives described by Julie E, Cohen in Copyright as Property in the Post-Industrial Economy: A Research Agenda); the purpose of Copyright was to encourage new and original authorship, however, in Government Works, there is little originality, most Government Works are either documentary (formal photographs or official journals) or are the result of a research; and even if commercial uses were made using these works, then the Government shall continue to create.

Therefore, the incentives for Government Works do not exist in copyright. Now, what’s left is the apparatus of control, and this is actually what’s important in copyright nowadays, more than the economical incentives in Copyright, it seems that Governments, like artists, wish to keep the control of what others shall do with their works, therefore applying their political narrative through copyright.

Israel’s offer for a “Israel Friendly License” shows that we do have a problem: Israel wishes to enforce its political narrative through copyright, by granting a license to use its works solely for those who adhere to its standards. Because the Government does not work for-profit, we can learn, more than from any commercial entity, that fair use is required for criticism, because it is made exactly where people do not want others to use their intellectual property.

WPP, the advertising giant, leased a database that allows profiling more than 500,000,000 internet users and allows showing them, using this information, relevant and tiered ads. The profile based advertising method means that there is no actual knowledge about the specific person browsing the internet, but the advertising companies know better than him what he likes, where he browses and other information.

The collection of the information was made available mostly by third party cookies, the same cookies which are set in your computer when you browse websites by advertising and media companies. These companies have a better understanding than the specific sites they provide services to. For example, if WPP purchases media in websites A and B, it knows who uses both A and B, and moreover, it knows that if C, a person, uses the sport section more both in A and B, it will show him sport-related advertisements when it uses D, a non-sport website.

Well, as troubling as it may sound, just when we are are meant to be calmed down with privacy issues things get worse. Google’s launch of Google Plus, the search giant’s antisocial network, which was meant to be with privacy by design and allows sharing of information according to different circles of proximity: a person could be a left-winged activist for his immediate family, but be a closet right-wing bigot for his school friends. It’s not that the other antisocial-netowork, Facebook, does not have the functionality to create friend lists and share the information, but it’s a lot more complicated there.

So, Google Plus was meant to be a haven for privacy seekers: It brought the best from Facebook, which was a walled garden for many years and from Twitter, which allows asynchronous social contacts (meaning I could add Benjamin Netanyahu as a person I follow, without him having to follow me ). Theoretically, an intertopia.

But the question is: how does Google benefit from Plus? (or what’s the plus for Google). Google is a media and advertising giant more than anything else. It earns money from selling advertising space; therefore it is in need for two indices: the first is the number of webpages viewed by end users and the time they consume in said pages (billboarding) and the second is the quality of the data it has for selling advertisements better (profiling).

In billboarding, Google suffered a grave loss recently; people spend less time in Google’s services and more in the other antisocial network; moreover, Google, that displays advertisements in 3rd party websites, is in fear of the day where Facebook shall launch a competing service and allow displaying “Facebook Ads”. In profiling, Google had a not-so-awful knowledge on your browsing behaviour, the things you liked and the people you connected with, it just didn’t know how to organize them. For example, if you’re interested in three different data, Google did not have the ability to connect datum to datum.

In came Google Plus and helped to solve the two problems: First, at least in the launch date, more and more people use this service to meticulously sort their friends in close circles and spend more time in their website (more billboards and profiling).

Now, all that Google needs to do is to integrate the social network seamlessly in the services it already provides. If Facebook made people take effort to amend their website’s code and display the “Like Button” in one million websites within a year of the product’s launch [which, of course, allows behavioural targerting] then Google could take one simple step to kill the like button, which is reasonable and mean.

A material portion from the websites, as said, implement Google-Analytics, Google’s statistics service that collects behavioural data. It is activated every time that a user browses a website and retrieves a file from Google’s servers which include JavaScript commands that request data and collect statistics. In the same manner, Google could change the file to allow social interaction and display a social toolbar in a same way to how Wibiya interacts with websites, and they can do it without obtaining the websites’ consent.

Indeed, it is not an optimal step and might cause antagonism, but it could be implemented to wipe Facebook’s remains from the earth, just because it already holds a neat market share. At this moment, Google has the best data to sell advertisements, and that cannot be taken away.

Last Thursday marked the final approval of the biometric database regulations and the biometric database order in Israel; the regulations and order were approved by a special panel participated solely by Meir Sheetrit and Abraham Michaeli, where Sheetrit was the initial entrepreneur of the Biometric Database in his position as minister of interior. This marks the end of a two year process that began two years ago when The Knesset approved the biometric bill. The discussions prior to the approval were on who shall be granted access to the citizen’s biometric database (but not to whether it’s really needed). According to the biometric law, any citizen or resident that shall join the database shall have to provide the ministry of interior his fingerprints and a photograph of his face which will be stored in a central database which may be accessible to the ministry of interior, the police and other security services.

Following the public protest, made mostly in the internet, it was decided that the database shall commence with a pilot program which shall be no longer than four years. during this term, which shall commence this November, the necessity   of the database shall be examined (however, recent statements show that the pilot is not actually a pilot). The only way you can help during this pilot is to refuse to provide the government with your fingerprint.

On the actual question why is the biometric database dangerous to you and your country there are numerous answers which were already raised by experts and discussed over and over again. Briefly, the stated purpose of the database is to prevent forgery of identity cards (and identities). However, it order to prevent identity theft and ID forgery there is no actual need for a biometric database and several other methods already exist, including electronic identification cards. However, as we learned from a recently leaked document, the only reason that a biometric database is required was to pass information to the police about the citizens of Israel. We learned so when the police rejected a safer mean of storing biometric information detailed by Prof. Adi Shamir (the S in RSA), claiming that it cannot utilize the database if made in the Shamir method. And yes, the same police that uses extreme violence on protesters from right and left, against Arabas and against social activists.

Another reason to object to biometric identification and the biometric database is that once your biometrics is your unique identifier, then anyone with access to this information could possibly steal your identity. And of course I need not remind you that you leave your fingerprints on any cup of coffee you drink, right?

So, once we passed the “why we detest a biometric database in two paragraphs or less” the question that comes to mind is how you, as citizens, could protest against it. First, you have to understand that the state is going to try as hard as it can to persuade you to provide it with your fingerprints; the bureaucrats and clerks in the ministry of interior are obliged, by the national order, to offer you to join the pilot. Yes, in the same way that your grocery store clerk is obliged to offer you to join their value club, so does the clerk in the ministry of interior have to offer you to join the experiment.

However, one of the criteria set in the pilot is how many people did not join the database out of the entire population; these people have to be you. Beginning November first it is your civil duty to go to the ministry of interior’s offices and have new, non-biometric, cards, so that your refusal to enter the pilot will be counted and in two years time, when the pilot shall be examined, the parliament shall find out that no one wants it.

If you will not do so, then you will find yourselves in two years with a biometric database, that like any other database held in Israel, makes us forfeit our privacy.

[Originally published in 972Mag]

0.

About a month ago I blogged about the requirement to protect cloud storage users from the cloud service providers. I offered a mechanism to protect a person’s files from the cloud and gave Dropbox as an example. The reason I provided Dropbox as the example was both the simplicity of things, and that due to Dropbox’s architecture, I knew that the last month’s events are bound to happen. First, we found out that Dropbox did not protect end-users from the cloud and allowed law enforcement to access them, as a part of their privacy policy. Second, Dropbox misbehaved when terminating an open source file sharing project which based itself on a file sharing flaw in Dropbox, which was a feature, not a bug.

1.

In order to understand how the feature worked, you have to understand how Dropbox dealt with files, as a part of their service: Dropbox recognized files and their digital signatures, and when it saw that it already had a copy of the file, it used the existing copy instead of downloading it from the end-user’s computer. For example, if I wanted to put my (legally purchased) Justin Bieber MP3s in my Dropbox, then when connecting to the Internet, Dropbox would have recognized that it already has those files from another person (who, of course, legally purchased them) and just copied them to my cloud folder. This was not a bug, but a feature: it saved storage, bandwidth and computing power and it allowed users to thrive.

2.

However, it also allowed another thing: some people decided to use Dropbox to share files: all they needed to know in order to do so was to share the hash value of each file, where Dropbox did the rest: it took the files from the cloud and copied them to their computers. Of course, they could always create shared folders of pirate downloads and share them with the public, but the users decided to create a peer-to-peer system for cloud hosting. However, Dropbox did not like the idea at all and issued DMCA takedowns of the source code for the hack, called Dropship, calling the hosting companies that host the files (in this case, Dropbox itself) not to host it, as well as amended their services just to avoid such use.

3.

Dropship did not do anything illegal, it just did to Dropbox what AIMSter did to chat services a decade ago, When they found a security hole, which allowed you to copy files simply by knowing their Hash Value, Dropship showed the public the flaw with Dropbox, the fact that any person can copy any file from any other Dropbox without knowing anything but the Hash Value; this was not a feature anymore, it became a bug; where the only way to terminate the bug is actually to rewrite Dropbox with privacy by design.

4.

Dropbox came out as the lesser party. After enjoying a wave of great publicity and reaching 25,000,000 users without any marketing or advertisements, it seems that they jumped a bit too high. Freedom and flexibility were the main reasons to use Dropbox, as well as the lack of actual competition. However, once you know that your information is both insecure and constantly monitored, you feel less than safe in the cloud.

5.

Maybe it’s time to reconsider the whole cloud hosting model. Dropbox was great while it lasted, but it should go in the way of the dodo and find a more cooperative, interactive, friendly cloud storage service.

This Wednesday I’ll speak in CloudCon 2011, instead of a regulatory lecture, I decided to focus about a technological solution to a legal problem, which I believe might be elegant. I’d appreciate it if you could join me at CloudCon or just come over to say hi.

0. The Cloud and Your Information.
On the verge of the Age of Intelligent Machines, Cloud Computing brings a new era for data processing. The Cloud holds more and more information, where data owners and data subjects lose physical control over it. If the old-world model was that data was about the end-user was held by the service provider, which processed and brought the data to the end-user, the cloud model allows the service provider to hold the information for the end-user at the quarters of 3rd parties. For this brief lecture, we’ll use Dropbox as an example, but when Dropbox’s examples fail, we’ll move on to others. In brief, Dropbox is a storage service which remotely backups your information on Amazon’s S3 Servers automatically. When you Install Dropbox, you use at least one more CSP (Cloud Service Provider) and are subject to its terms.

1. Shared Hosting, Shared Computing, Shared Control [meaning: The Problem];
Now, who has control over your information? Dropbox’s privacy policy suggests that “Dropbox cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process“; also, Amazon S3′s privacy policy which states that “We release account and other personal information when we believe release is appropriate to comply with the law; enforce or apply our Conditions of Use and other agreements“. Meaning, both Amazon and Dropbox shall abide to law enforcement requests and provide information if a court says so. Generally speaking, this is a good thing.

Let’s take this into proportions, however: Let’s say that I produce Lemonade and have a trade secret: the recipe; I store it in my Dropbox folder, as i need to provide access to several employees and I want it to be backed up securely. Now, my biggest competitor wants to access my Lemonade recipe. He goes to court, and with a good attorney gets an Anton Piller Order (an order allowing him to seize my assets held by a third party before any legal process is in progress); the order is based on his claims that I stole the recipe and the court rules, ex-parte that Dropbox should grant him access to my files. This is done because my competitor’s claim was that Dropbox itself holds the files. Dropbox receives the order and does not know how to treat it: it is unable to understand whether I am the actual owner of the file or stole it, and has to provide the files to my competitor: an order is an order.

There are two material differences that come to mind between cases where I hold the information and where the ISP holds it, and such difference explain the problems of using cloud storage for such sensitive information: (1) If I held the material, the execution of each order had to be with knowledge of such order because the files were stored at my quarters and under my control [see, for example, RCA 1810/10 PCIC v. Kaplan, where a shared hosting provided was requested to reveal the email accounts of one of its users without their knowledge]; (2) The CSP has a rational indifference as to disclosing my information, as if it does not, it might incur liability. Israeli Courts ruled in several cases that active participation and interest in not removing content even after knowledge of infringement may incur liability [For example, C 176992/09 Eti Abramov v. Aviv Frenkel, C 32986/03 Buschmitz v. Refuah]. Therefore, the when you post information on the cloud, you are at risk that your information might be sought by other parties.

The question is whether it is technically possible to do so? meaning, could CSPs access your files? let’s say that, legally, Dropbox’s terms allow such use, and that other CSPs (such as google as providing email services) already ordered to reveal a user’s IP address (C 4854/07 Berlomenfeld v. Google) and disabled access to other accounts. Moreover, Dropbox (and let’s see Dropbox as an example) designed the architecture, it has the ability to recover my files and to recover my password, meaning that it can always bypass its internal security mechanisms.

2. Loss of Centralization;

Now, as we see it, when we discuss CSPs, we know that the control has to move from one centralized user to many distributed players, where each has the ability to disclose the information. At least prima facia, the CSP is considered as a 3rd party that either retains the information or processes it. In such cases, the Israeli Law, Technology and Information Authority has issued a draft set of regulations regarding processing by 3rd parties or outsourcing services.

Now, if I hold sensitive information on 3rd parties, and some of it is held on the cloud, then I have to make sure that my CSPs adhere to a privacy policy that protects my information. For example, if I am a lawyer, I have to notify Dropbox that I am one and that all my information is protected under an attorney-client privilege so that when they receive such Anton-Piller orders, they’ll refuse and defend me. Moreover, I have to make sure that my CSP shall not divulge any personal, private or sensitive information to any 3rd party either with or without my consent.

3. Protecting Yourself from Your CSP;
How can one protect himself from his CSP? Theoretically, there are a few suggestions for Encrypted Cloud Storage (for example, Kamara et al, “Cryptographic Cloud Storage“) which offer theoretical, yet to be implemented, method of encrypting information on the cloud. Generally speaking, their proposal is that “Before uploading data to the cloud, Alice uses the data processor to encrypt and encode the documents along with their metadata (tags, time, size, etc.), then she sends them into the cloud. When she wants to download some documents, Alice uses the TG to generate a token and a decryption key“.

Another technological option is to encrypt the virtual machine’s drive or to use encrypted file systems on cloud storage. Another option is to use an encryption software, such as TrueCrypt on your cloud storage service (such as Dropbox); however, such a solution may be problematic as Dropbox cannot access your filesystem and might have to back up your entire folder each time you change each and every one of your files.

A different approach may be to establish a secret sharing mechanism where the information may be distributed on several different clouds, each holding only a portion of the information (such as in Parakh et al, Recursive Secret Sharing for Distributed Storage and Information Hiding).

However,  these solutions are theoretical and have yet to be implemented by organizations or storage services as an integral part of their scope of services (maybe, apart from this one).

4. Solution[s];

Let’s discuss solutions as well. We need to form a strict set of rules of how to define a cloud system as privacy enabled. Our requirements are that the CSP shall allow: (1) seamless access to the set of files; (2) indexing and searching; (3) sharing parts of the information with 3rd parties; (4) reporting on each authorized and unauthorized access.

Mounting an encrypted virtual filesystem allows three out of the four: access, indexing and reporting. However, in order to share the information with 3rd parties, access to the filesystem has to be granted to the CSP (especially in order to allow sharing, see Y unqi Ye et al, Dependable and High Performance Cloud Storage). The other option is to encrypt each file differently (with different symmetric keys for each file so that no problems with sharing the files exist); however, such option shall not allow search and indexing (or require a central key database), therefore allowing three out of the four conditions.

Even if we assume that the encryption is symmetric, and that each sharespace between  users receives different symmetric keys, then we cannot define the solution as seamless, as in order to convert files from a privatespace to sharespace a client-side conversion of the files is required, as well as when files are copied from a private folder to the shared folder (also, a keyserver is required).

Let’s take, for the solution, Adi Shamir‘s secret sharing mechanism (Shamir, How to share a secret) and for the purpose of this solution define our efficient threshold as one (1) user. In such case, we define the shared folders with at least three cryptographic keys (one for the folder, to be shared with anyone, and one for each user) in such way, each user could read or write to the folder seamlessly, he could also index and search using his key (and the shared key), share the information with others (by adding another key).

Implementing secret sharing in such a case (which was yet to be tested) may allow enhanced privacy with the flexibility of sharing the information through networks and users.

5. Conclusions.

We have yet to implement a technological solution to a legal problem we might face in the near future. The much unrequired loss of control over data stored in the cloud, especially sensitive information, is inevitable nowadays due to current architecture, CPU and bandwidth limits and other problems.

However, theoretically and with a little hassle, an encryption based model may be implemented in order to allow storage of information on remote servers (i.e cloud) where the CSP cannot access the files but the end user may share such files with 3rd parties of his choice.