A “Snooper’s Charter” for the postal system?

I spotted this on my Facebook feed today, from an old University friend, who now works as a Senior Cyber Security Consultant:

“I will shortly be writing to my MP urging him to push the Cabinet to extend it’s Investigatory Powers Bill to mandate that all mail carriers must open all letters they collect, scan their contents, and store those images in an archive for a given period in case law enforcement agencies needed to review their contents. Furthermore, I think it would be reasonable outlaw glue on envelopes altogether…with a recommendation to allow postcards only.

I urge the rest of the UK to do the same as a matter of priority due to concerns around National Security.”

He always had a wicked sense of humour but for those who think this is just banter, it really is the postal mail equivalent of what the UK Government is proposing for email in the Investigatory Powers Bill (nicknamed “The Snooper’s Charter”). The staggering thing is that the UK public is largely unaware – generally engagement with politics here is low and I’d wager that the combination of politics and technology has a particularly high “snooze factor”.

[Perhaps Parliament needs to be transformed to involve some kind of “bake-off” type element with MPs getting voted out each week based on their performance. The Westminster Factor. Britain’s Got Legal Talent. Would that get the public involved?]

Putting aside low social engagement in politics (or anything that’s not a big competition on TV) this quote highlights how out of touch our legislators are with the realities of digital life – and how ridiculous the new law would be if applied to analogue communications…

Why Microsoft customers don’t need to worry about EU-US Safe Harbour/Harbor

When European Courts judged the 15-year-old EU-US Safe Harbour/Harbor treaty to be invalid last October, Internet news sites started to report how terrible this was for EU companies placing data into cloud services offered (mostly) by American companies. For some, that may be true, but that assumes Safe Harbour is the only protection in place.

This week, IT news sites are at it again. The Register (the tabloid newspaper of IT news sites) has an article titled Safe Harbor 2.0: US-Europe talks on privacy go down to the wire but the actual URI belies a much more dramatic title of “Safe Harbor countdown to Armageddon”. Sensationalist at best, some might even say irresponsible.

I’m no lawyer but, for my customers, who are implementing Microsoft cloud services, there seems to be nothing to worry about and I’ll explain why in this blog post. Of course, Microsoft is just one of many cloud services providers – and for others there may be valid concerns.

The United States Export.Gov website currently displays the following text regarding Safe Harbor:

“On October 6, 2015, the European Court of Justice issued a judgment declaring as ‘invalid’ the European Commission’s Decision 2000/520/EC of 26 July 2000 ‘on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.’

In the current rapidly changing environment, the Department of Commerce will continue to administer the Safe Harbor program, including processing submissions for self-certification to the Safe Harbor Framework. If you have questions, please contact the European Commission, the appropriate European national data protection authority, or legal counsel.”

EU Model Clauses trump Safe Harbour

Microsoft President and Chief Legal Officer, Brad Smith, issued a statement on 6 October 2015. Quoting from that article:

“For Microsoft’s enterprise cloud customers, we believe the clear answer is that yes they can continue to transfer data by relying on additional steps and legal safeguards we have put in place. This includes additional and stringent privacy protections and Microsoft’s compliance with the EU Model Clauses, which enable customers to move data between the EU and other places – including the United States – even in the absence of the Safe Harbor. Both the ruling and comments by the European Commission recognized these types of steps earlier today.

Microsoft’s cloud services including Azure Core Services, Office 365, Dynamics CRM Online and Microsoft Intune all comply with the EU Model Clauses and hence are covered in this way.”

There’s also a follow-on post which talks in general terms about the wider issues and privacy beliefs but the key point is that Microsoft offers EU Model Clauses within its contracts, which go beyond Safe Harbour. Microsoft also has an FAQ on the EU Model Clauses that is worth a read.

Quoting again from the 6 October 2015 statement:

“We wanted to make sure all of our enterprise cloud customers receive this benefit so, beginning last year, we included compliance with the EU Model Clauses as a standard part of the contracts for our major enterprise cloud services with every customer. Microsoft cloud customers don’t need to do anything else to be covered in this way.”

That suggests to me that customers who have signed up to Azure Core Services, Office 365, Dynamics CRM Online or Intune since early 2014 already have greater privacy protection than was afforded by Safe Harbour – and that protection meets the EU’s current requirements. In short, Microsoft customers don’t need to worry about Safe Harbor (sic).

Social media and the law (#socmedlaw)

Courtroom One GavelA couple of weeks ago, I received an invitation to a lunchtime round-table event, to chat about social media and the law. “What’s not to like?”, I thought, and a few days later I was enjoying the delights of good company in an Italian restaurant in London’s Covent Garden (and wishing I hadn’t driven to the station that morning – more vino please!). Well, what’s not to like indeed – a couple of hours flew by and I could quite happy have whiled away another couple, had I not needed to get back to the office…

So, social media and the law. Really? Is that such a big deal?

In a word, yes!

You see, whilst we’re all enthusing about sharing our lives online and building digital relationships, there are some for whom that’s a little too risky.  I’m not talking about over-sharing personal details here – exposing oneself to undesirable physical world impacts from digital world slip-ups – but about negatively impacting one’s employment as companies struggle to get their heads around a world where relationships are formed online as well as in the traditional methods. Indeed, even the round-table where we were discussing these issues was run under the “Chatham House rule” – precisely so that participants could speak openly and freely, without fear of the consequences of reporting what they said (reporting is fine, attribution is strictly off limits).

Starting the conversation with concerns about employees tweeting, there are a whole load of considerations, from issues of authenticity to accidentally committing an organisation to a contract. Some organisations maintain lists of approved social media users but what happens when an over-enthusiastic employee defends your brand using their personal account and crosses a line?

Ultimately, companies are trying to protect their reputation online and limit their liability in the digital space, just as they do in the physical world. But there’s no “one size fits all” solution: some brands may be “free and open”, others more “locked down” and it’s increasingly important to create policies for acceptable use of social media. The issue is that these policies need to be kept up to date, and need to reflect the real world. For example, an organisation might forbid its employees to affiliate themselves with a brand online. That’s OK on Twitter, Facebook, etc. but what about their online CV on LinkedIn? For all of my disclaimers absolving my employer of any views and opinions I express online (disclaimers that were, incidentally, triggered by an unclear social media policy), it’s still pretty easy to find who pays my salary and to establish a link between my personal views and a brand. Thankfully, I’m told, there is a legal distinction between a social media account used for work purposes and affiliation of a personal account to a company or brand.

Unfortunately, until “social” is embedded in our organisational DNA, there will be issues – and the legal minefield around developments in the way we use technology is not exclusively limited to social media.  Take recent legislation on the use of “cookies” for example, described at the event as “stupid laws by stupid people, made for the wrong generation”.

It’s important to recognise that much of the movement into social seen by companies today is out of compulsion rather than quantified need – organisations need to consider what’s right for their brand. And what if social media isn’t purely a marketing tool, but about relationships? Enlightened companies are accepting that employees are increasingly linked online but it’s still important to “think and use your brain”. Microsoft’s blogging policy is often quoted as “blog smart” – it’s actually two pages that boil down to “don’t be stupid”. The important element is being careful not to make forward facing statements on behalf of the company and monitoring takes place to control any breaches (inadvertent or otherwise).

Ultimately, employee behaviour is hard to control. Generally, there is no malicious intent. As employers we need to explain the consequences of actions but educating people is difficult.

Then there’s the issue of what happens when an employee leaves a company. There are high-profile cases of influential tweeters taking their followers to a new organisation, or of companies claiming that a LinkedIn profile belongs to them.  Many companies are only to happy to benefit from relationships (and skills) when staff are recruited but try to protect these assets when they move on – maybe a future legal case will clarify the situation, with a sensible judge telling companies that they can’t “have their cake and eat it” (one can hope).

Even in the most sales-focused organisations, handing over an address book is one thing but relationships are individual (people transact with people)… perhaps it’s the relatively new nature of social platforms that means the rules of engagement are still settling down?

There’s an argument that assets gained on company time belong to the company, but what exactly is company time? In our increasingly connected society, there’s a fine balance between an employment contract, bringing chores/devices to work and working extended hours outside the office. When do we stop being employees and start being individuals again? For many of us, there is no more 9 to 5!

A couple more points that I liked were: that corporate use of social media is not really about openness but about translucency; and that we have years of history with employees talking to customers – in shops! The difference now is the online evidence trail.

Some consider that the damage any one individual can cause online is limited anyway, that the Internet is “filling up”, with user-generated content increasingly buried in search results by bland, corporate results (which may be authoritative but make it hard to find any real information on making things work). On the other hand, if patent trolling is a valid business model (which it appears to be), what about copyright trolls, or social media offence trolls?

That brought us nicely onto copyright, which evolved because society saw creative endeavours that needed to be protected. But the nature and scope of copyright is that it can only exist where society respects and enforces the rules. That means that copyright does need to evolve, especially here in the UK, where there is no concept of “fair use”.

In summary, there are a lot of worries about social media and the law but nobody is really over concerned – we know that laws will change (eventually) – but there will be intervening years where the implications exercise the minds of everyone from board members downwards and only common sense can drive us through. That means that monitoring is required: companies can’t engage in social media unless they’re prepared to monitor and to be intelligent about what they find.

Highlight of #SocMedLaw - "stupid laws for stupid things, made by the wrong generation" eg: Cookie Law. Who agrees?... 100%
@AbigailH
Abigail Harrison

 

So, what was the biggest lesson for me? Actually, it was nothing to do with the law. I found that taking comprehensive notes whilst tweeting and eating lunch is difficult!

Thanks to Social Safe for sponsoring the event and to Abigail Harrison (@AbigailH) for making it happen.

Photo Credit: Joe Gratz via Compfight (licensed under Creative Commons)

Consumerisation think tank panel at Dell Technology Camp 2012 (#DellTechCamp)

Yesterday afternoon, I took part in a panel discussion on the evolution of consumerisation as part of a Dell Technology Camp and in advance of the publication of the third part of Dell/TNS Global’s Evolving Workforce research.  It was the first time I’ve taken part in an event like this and I have to admit I was pretty nervous but it was also an enjoyable experience – particularly given the wonderful surroundings of the Saatchi Gallery in south-west London.  I only wish I’d been able to tweet during the event (I did scribble some notes but was focusing so much on the conversation that tweeting would have been a step to far for this Gen-Xer who isn’t so great at “partial attention”!)

Evolving Workforce Think Tank @ #DellTechCampChaired by Stephen O’Donnell (@stephenodonnell), the discussion examined a number of topics related to consumerisation, including: the generational divide myth; recruiting and retaining talent; new working practices; technology choices; security;controlling costs and driving profit; and the impacts of geography and market sector on progress.

Dell have produced a Storify story about the whole day (not just the panel discussion) – and you can catch the recording of the live stream – but, for those who don’t have a couple of hours to spare, I thought I’d blog the highlights… I guess you could think of them as the tweets that never were:

  • Stephen Yap, TNS UK: It’s a myth that only generation Y gets “social” and consumerisation; TNS’ research finds that older generations are more accepting of IT as a transformation agent (and younger people are more sceptical).  [Something that one of my Baby Boomer colleagues, Vin Hughes, suggested over a year ago in a blog post about the digital world and generational labels.]
  • Alexis Lane, The Head Partnership: Organisations need a element of control to stay within the law, including open communication of policies.
  • Stephen Yap: IT is not just a utility – get it right and it can be a motivator for employees.
  • Mark Wilson (@MarkWilsonIT): The IT department is just a provider of “stuff” in our personal clouds – just like our bank, supermarket, email provider, etc. [Credit is due to Joe Baguley (@JoeBaguley) for that one… also see my post on the rise of the personal cloud, inspired by David Gentle (@DaveGentle).]
  • Helen Calthrop-Owen, Axicom: Consumerisation is part of a bigger change regarding how people work together.
  • Tim Weber (@Tim_Weber), BBC: Policies alone are not enough – citing Joshua Klein (@JoshuaKlein) he says that we need to “hack our work“, noting that it could get you fired, or you could be a big winner.
  • Bryan Jones (@BryanAtDell), Dell: It’s not “lazy IT” that holds us back so much as cultural challenges – the key is to create “competitive differentiation”.
  • Mathias Knöfel (@MathiasContext): Consider the cost factors and end user benefit – given a choice users will pay for flexibility.
  • Mark Wilson: Get under the surface of BYO and you’ll find it’s more about choice – giving users the ability to trade up to a “sexier” device [credit due to Garry Martin (@GarryMartin).]
  • Stephen Yap: Emerging markets see employer-provided devices as attractive (they tend not to have PCs at home); meanwhile in the US/Canada it’s about Bring Your Own Cloud [what I called the personal cloud] – questioning the need for corporate IT. Not so much about the choice of device but working in the way in which we have become accustomed to.
  • Alexis Lane: Increasingly difficult to draw lines of ownership (intellectual property and corporate data vs. life) – often old questions arise in a new context (e.g. the ownership of a contact database cf. LinkedIn profile).
  • Stuart Collingwood, Nivio: Enterprise-grade social media does exist; devices are more emotional and entitlement can create friction (i.e. who is entitled to what); light touch integration is required for end users to access corporate IT.
  • Bryan Jones: There is no silver bullet (in terms of technology); what’s required is a “portfolio discussion” about on premise IT; extrenal service provision (e.g. cloud) and how to bridge the gap.
  • Stuart Collingwood: Employee expectations for IT performance are “brutal”; tolerance of “corporate lethargy” and inflexible applications has dropped.
  • Tim Weber: Users tend to blame devices or applications but may be other issues; legacy holds us back (e.g. network performance).
  • Mark Wilson: Returning to issues of cost – tax implications with benefits in kind – need clearer advice from government.
  • Bryan Jones: The consumer knows what is possible – consumerisation is not solely an IT issue but raises business functional questions. The trick is to simplify IT, to become more responsive – and innovation is occurring whether we like it or not – there’s an opportunity to embrace it and to listen across the organisation, not just to IT.
  • Stephen Yap: There’s a shift towards outcome-based working with an unspoken contract between freedom and blurred boundaries [i.e. no more 9-5] and digital natives find this easier to understand.
  • PJ Dwyer, Dell: Flexible working is popular, but some employees dislike the remoteness/don’t feel part of the team.
  • Tim Weber: In addition to recognition issues, some roles require collaborative working and presence; interesting to see that Twitter (distributed by nature) has triggered Tweet-Ups – the Human Being is a social animal and companies are social organisations; consider team dynamics (e.g. in a large team, others suspicious that they are carrying the load) – management becomes a task of ensuring everyone knows what their colleagues are doing.
  • Marie-Christine Pygott, Context: Communications occur in many ways – if employees are not present, they are not on the mind of others (you can’t walk over to their desk for a chat).
Evolving #Workforce: Does a flexible working policy turn you into a flexible but virtual.. hermit?
@TNS_UK
TNS UK
  • Stephen O’Donnell: We need a virtual watercooler, do we need to use social media to highlight work milestones [or even, “I’m taking the kids to school, I’ll be back in 20 mins”]?
  • Stuart Collingwood: Expect to see that scenario become more common as future generations enter the workplace (and we’re already seeing changing literacy styles, such as use of “text speak” in written English).
  • Carly Tatum, Dell: Communications work in different ways; bringing people into a group situation from social media context can induce a different dynamic [one that doesn’t always work].
  • Mathias Knöfel: Often, meeting people face to face changes the relationship from that point onwards.
  • PJ Dwyer: Emerging markets have different perspectives, due to different stages of development.
Emerging countries leapfrogging with tech as no legacy technology. Getting best tech, big incentive #DellTechCamp
@GStudentAgain
Margo Smale
  • Stephen Yap: In BRIC, for example, skipping PCs and moving straight to smartphones; also leapfrogging legacy in the workplace – not as encumbered.  It will be interesting to see the change as security, etc. become bigger issues in developing nations. Also cultural differences as in some geographies work and technology may act as motivators.
  • Alexis Lane: When talking about the security of information, we need to understand what it is we are protecting. It’s not realistic to say “everything” – what can we be more relaxed about?
  • Tim Weber: The “castle/moat model” makes less sense as we become more mobile and blast more holes in the walls – need to look at data level and see what can be done to protect it; requires clever thinking, supported by technology, to understand how to protect the things that are critical to your company.
  • Stuart Collingwood: We have to think differently about how we build systems – it’s hard (and expensive) to retrofit so we need to re-architect from the ground up.

Graphic Recording from Evolving Workforce Think Tank at #DellTechCamp

Key takeaways

For those who find even that list too much to work through – here are the key takeaways from around the table:

  • Stephen O’Donnell: Consumerisation is happening, it won’t stop – indeed it will accelerate; employees like it, it frees them up from coming to the office as well as from Victorian-style employment contracts; work is becoming more outcome-based; difficult to draw line between work and home; requires serious management – need to think, plan and come up with new ways of thinking.
  • Tim Weber: There is no single solution; every company needs to look at legacy – not just productivity and happy employees but the underlying stategic business model – suss that out and have clarity of thinking to drive company forward; remain flexible as things will constantly change on the roadmap.
  • Mathias Knöfel: BYOD gives opportunities for flexibiity with the right incentives but also risks that need to be thought through more carefully (e.g. legal/risk).
  • Mark Wilson: From an end-user perspective, don’t just think about the “Digital Natives”, also consider “Digital Pioneers” who have seen previous waves of IT transformation and those with no time/inclination too (Digital Luddites); from a management standpoint we need to develop new attitudes to work – become more trusting and results oriented; and the IT department needs to address issues around legacy, removing barriers through innovation and avoiding stagnation; finally, we can’t close lid on this box!
  • PJ Dwyer: It’s happening now; organisations need to be proactive and it affects not just IT but also HR, legal – indeed the whole business. Flexibility and choice are key to success and aspirations vary by market and geography.
  • Marie-Christine Pygott: There are pros and cons to consumerisation – it changes the dynamic of an organisation – the way people work, their flexibility, work/life balance but also who teaches whom – employees suggest more about the technology used; there is no single solution and we need need integrated strategies; communication is vital; also differentiation in different parts of the world.
  • Stuart Collingwood: Consider company culture – not just policy and structural issues – need to instil communications protocols, sensitivities and context within company culture – requires a top down approach.  Culture is safety net and policy handbooks are not enough. People will use technology more responsibly than you might give them credit for.
  • Alexis Lane: Embedding culture of the organisation and taking a decision as to what the company needs to be is important. It’s exciting to consider technology as a motivation – and from a legal perspective we need to get to heart of data issues.
  • Bryan Jones: Not just a technology discussion – people and process too; competitive advantage downstream is enormous; culture is critical to changing the dynamic in a company; it permeates, into how we communicate internally and how we interact with customers.
  • Stephen Yap: Enterprise IT has ever been more exciting than now; we’re at a tipping point, elevating the significance of IT within the organisation and to our lives; not just about IT professionals but it makes a difference to all – in how we work and how we live; not just happy and motivated workers but new business models, new ways of doing things. And the conversations that we’re having are more strategic than 10 years ago; IT is making a bigger difference than ever before.

tl;dr view

Stephen O’Donnell’s summary: there is an enormous opportunity for businesses to adopt and drive the socialisation and consumerisation of IT; to really make a difference in driving down costs, improving agility and improving employee/customer communication. On the other side, there is a risk that we “throw the baby out with the bathwater”, that we don’t follow the processes because it’s all new, that we under manage employees, don’t deal with security appropriately, don’t invest in the underlying infrastructure and so don’t achieve the benefits.

Image credits – Dell’s Official Flickr Page, licensed under Creative Commons Attribution 2.0 Generic (CC BY 2.0). Visual communication/storytelling by Creative Connection.

Half-baked cookies…

I don’t know if this website uses cookies. I think it probably does beacuse I have Google Adsense code and Google Analytics code in place. It wouldn’t surprise me if WordPress uses some cookies too but, like many bloggers, I use off-the-shelf software and, as long as it works, I don’t worry too much about how things happen.

Unfortunately, some half-baked EU directive about privacy and cookies (half-baked – get it…) takes effect this month after even the UK government needed a year to get its act together (the Information Comissionners Office, which is responsible for enforcing the associated UK legislation, only removed its last cookie in March).

What’s worse is that the ICO’s guidance for website owners is really difficult to follow. Peter Bryant (@PJBryant) pointed me at an article in PC Pro magazine that suggests I should be OK without doing anything, meanwhile Kuan Hon (@Kuan0) from the Cloud Legal Project at Queen Mary University suggested a few weeks ago that we all need to be looking carefully at our sites if we want to avoid a fine…

I’m no lawyer and I can’t afford to be paying fines so I checked out some WordPress plugins that might help me. Some were linked to websites that should check my site for cookies… except they didn’t seem to work – and, anyway, I don’t really want to be making a big deal about cookies (they are, mostly, harmless).

I selected a very simple plug-in called Cookie Warning that presents a message (importantly, not a pop-up) to first time site visitors. The message is customisable (although changing the size of the text on the buttons will involve me editing the plugin) and it seems to be enough for me to gain consent from users. Importantly, it doesn’t seem to impact the way in which search engines see the site.

Only time will tell if this change negatively impacts my traffic – I’d like to think that most of my visitors understand enough about cookies to realise that this is not really such a big deal – but it will be interesting to see how this pans out over the next few months as companies big and small update their sites to comply with the legislation.

Microsoft surrenders to the bureaucrats in Brussels

A few days back I commented about the madness that is going on in Europe with the European Commission taking up the case of a minority web browser company and making life difficult for Microsoft in the courts.

Let’s get this straight: Opera may be a fine browser but, as far as I can tell, almost no-one uses it on the desktop. Part of the reason for this is that, long after most other browsers became free, Opera were still charging users so they failed to capitalise when Firefox grew its market share at the expense of Internet Explorer. Basically, Opera’s business strategy failed… so they went to court and other minority browser vendors piled in (e.g. Google).

As a result of componentisation of Windows, Microsoft gave us the ability to uninstall Internet Explorer from Windows 7 but that wasn’t enough for the bureaucrats in Brussels so now, in order to avoid costly delays in shipping Windows 7 as a result of legal action, Microsoft has decided to offer an E edition of Windows 7 in Europe, without Internet Explorer.

As I wrote last week:

“Personally, I would like to install Windows quickly with the least possible user interaction. Then, once the base operating system is installed, I’d like to select roles/features (as I do for Windows Server 2008) and install any third party software that I choose – independently of the Windows setup routine. If we have to have something to please the minority browsers (Opera, Chrome, Safari, etc.) then Windows already lets me choose search providers, media players, mail clients, etc. – why not use the same mechanism for browsers?”

Instead, I have multiple Windows versions for multiple markets. Thanks to the EU I have one version of Windows 7 in Europe and another for the rest of the world (what’s not clear is whether I can still buy the normal version in Europe, should I choose to do so). Gee, thanks. I’m glad to see my taxes are being used to tackle the real issues of the day… like financial meltdown, rising unemployment, global warming, world poverty…

It seems that, if I have a company with a product that no-one wants, I can go to the European Commission and have them stop the large, successful, companies from competing with me. Presumably Apple will stop shipping Safari with OS X and Linux distros in Europe will come without Firefox, etc.? No. I thought not.

The Pirate Party takes 7% of the vote in Sweden… meanwhile the European Commission wants Windows users to vote for their browser!

Last Friday saw the election of representatives to the European Parliament (MEPs) and the results were out today. Whilst this might not have the global impact of President Obama’s election in the United States, for the 375 million of us that live in the 27 EU member states (sorry, sovereign nations), it is pretty significant because, according to the eurosceptics, 75% of our national laws are passed down from Europe.

Here in the UK, minority parties faired well – partly as a protest against our own incumbent (or should that be incompetent?) Government and partly as a result of the proportional representation system that is used for the European elections. Whilst the UK Green party narrowly missed out on a third seat in South East England (but the far right British National Party gained significant support in the North of England…), it’s the result in Sweden that has perplexed me the most – 7.1% of Swedish voters said “yes” to the Pirate Party – formed in response to copyright laws and the impact of the Pirate Bay filesharing network!

Now, I’ve been very careful not to express any political views in this post but, with a new Parliament in place, it seems to me that now is the time to sort out the idiots in Europe who are pushing ahead with yet more action against Microsoft for bundling Internet Explorer in Windows (hey guys – you’re too late – the damage was done 10 years ago, the American Courts did very little about it, and Internet Explorer has credible competition in the shape of Firefox today). It seems that Microsoft’s componentisation of Windows and provision for the removal of Internet Explorer 8 is not enough for the European Commission – they want users to vote for their browser of choice when installing Windows!

Personally, I would like to install Windows quickly with the least possible user interaction. Then, once the base operating system is installed, I’d like to select roles/features (as I do for Windows Server 2008) and install any third party software that I choose – independently of the Windows setup routine. If we have to have something to please the minority browsers (Opera, Chrome, Safari, etc.) then Windows already lets me choose search providers, media players, mail clients, etc. – why not use the same mechanism for browsers? There’s more about this madness over on Mary Jo Foley’s All About Microsoft blog but I really do wish that my taxes (which pay for Neelie Kroes and her organisation to bring about action like this) were being used more effectively…

Accessing unsecured Wi-Fi – is it a crime?

Whilst I was researching my earlier post about WiMax in Milton Keynes, I came across an article on The Register about a couple of guys who got themselves arrested for accessing someone’s open Wi-Fi connection.

The comments make interesting reading – I recommend a read but will warn you that there are 111 of them, so you’d better be good at skim reading!

There are lots of useful analogies there (and the general consensus seems to be that, if a Wi-Fi access point is open, then you are inviting people to come in – especially with most wireless cards configured to connect to the strongest available signal – and that, if it’s secured, then it is clearly a private computer system) but I found a few of them particularly interesting after reading Section 1 of the Computer Misuse Act, 1990 (I’m sure other laws can equally be applied):

Unauthorised access to computer material
(1) A person is guilty of an offence if—
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.
(2) The intent a person has to have to commit an offence under this section need not be directed at—
(a) any particular program or data;
(b) a program or data of any particular kind; or
(c) a program or data held in any particular computer.
(3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.

[Computer Misuse Act, 1990]

Based on this it could be argued that, if anaccess point is broadcasting SSIDs and is unencrypted, then a person cannot know that the access that they intend to secure is unauthorised. It could also be argued that, by broadcasting its presence, the access point accessed any computers with wireless cards in the area without their respective owners’ permissions. Or consider, as another commenter highlighted, what happens when pinging a computer’s IP address – is that not requiring the other computer to perform an action (even if that action is to reject ping responses, it still has to read the packet)? What about accessing a web server – did I explicitly give you permission to come here and read this article? No, but by publishing this website, I gave implicit permission, which is expanded further in my legal notice. Ergo, by leaving wireless access point open and broadcasting it’s SSID, I would be giving implicit permission to access it.

I know there’s at least one Copper who reads this blog and I’m sure he has an opinion. As of course, do I. And that’s why I locked down my Wi-Fi.

Usual caveats apply: I am not a lawyer; don’t interpret anything you read here to be legal advice; etc., etc..

Time to get creative!

Late last night, I wanted to write a blog post which quoted a portion of someone else’s copyrighted work. After researching fair use legislation (and finding out that the UK equivalent is fair dealing), it seemed that what I was doing constituted criticism, review and news reporting under the terms of fair dealing in the United Kingdom Copyright, Designs and Patents Act 1988 (CDPA) but I was caught up in a haze of legal doubt. I made clear that I was not the originator of this work, credited the artists but even so I felt that I needed to disclaim my use of the work on the blog post and I’m no legal expert – what if I’ve got it all wrong? I’m not making vast sums of money from this blog and what if I get sued?

Whilst my problem related to copyrighted work and fair use/fair dealing is very vague, there is an answer for content publishers who do want to share their work – it’s been around for a while now and is really starting to get some traction – that answer is Creative Commons. I first heard about Creative Commons on an episode of TWiT a year or so back and when I recently redesigned this website, I turned it over to a Creative Commons Attribution-Noncommercial-Share Alike 2.0 UK: England & Wales License – effectively retaining some rights over the work whilst allowing others to use it in the manner that I see fit.

Basically, if anything is copyrighted (and under many jurisdictions it is automatically copyrighted – whether or not the © symbol is displayed) then permission is required to use it (subject to the vagaries of fair use/fair dealing). Creative Commons licenses are intended to make it easy to skip intermidiaries and to grant others permission to use creative works.

Creative Commons licenses are standard copyright licenses provided free of charge via the Internet. Written for lawyers and courts, they are translated for people, and again for computers. The are used to retain copyright whilst granting permission for certain uses, subject to some conditions (images are from Creative Commons):

AttributionAttribution. You let others copy, distribute, display, and perform your copyrighted work – and derivative works based upon it – but only if they give credit the way you request.
Noncommercial Noncommercial. You let others copy, distribute, display, and perform your work – and derivative works based upon it – but for noncommercial purposes only.
No Derivative Works No Derivative Works. You let others copy, distribute, display, and perform only verbatim copies of your work, not derivative works based upon it.
Share Alike Share Alike. You allow others to distribute derivative works only under a license identical to the license that governs your work.

Any content may be protected with Creative Commons license, e.g. files, photos, drawings, websites, films, sounds, books, or weblogs – there is even a Creative Commons search engine.

To find out more, watch the video clip below:

Get creative!

Gagging orders…

Oh! The joys of legal agreements… for the next 2 days, I’m attending the Exchange Server “12” Ignite training tour and the first thing I’ve had to do on arrival is to sign a non-disclosure agreement (NDA) which prohibits me from reproducing or summarising any confidential information gained for the next 5 years! To be fair, these things are pretty standard and much of what I do at work is covered by one NDA or another, but it does effectively prevent me from writing about anything I learn on this course. I guess when the product is released to manufacturing, the information will cease to be confidential, but in the meantime I guess I’ll have to keep quiet about E12!

What I can say is that the bag provided as part of the delegate information pack reminds me a bit of my earliest experiences with messaging – my days a newspaper delivery boy.