Category Archives: Global Domination

France uncovers a vast Russian disinformation campaign in Europe

Posted on by

RUSSIA HAS been at the forefront of internet disinformation techniques at least since 2014, when it pioneered the use of bot farms to spread fake news about its invasion of Crimea. According to French authorities, the Kremlin is at it again. On February 12th Viginum, the French foreign-disinformation watchdog, announced it had detected preparations for a large disinformation campaign in France, Germany, Poland and other European countries, tied in part to the second anniversary of Vladimir Putin’s invasion of Ukraine and the elections to the European Parliament in June.

Viginum said it had uncovered a Russian network of 193 websites which it codenames “Portal Kombat”. Most of these sites, such as topnews.uz.ua, were created years ago and many were left dormant. Over 50 of them, such as news-odessa.ru and pravda-en.com, have been created since 2022. Current traffic to these sites, which exist in various languages including French, German, Polish and English, is low. But French authorities think they are ready to be activated aggressively as part of what one official calls a “massive” wave of Russian disinformation.

Viginum says it watched the sites between September and December 2023. It concluded that they do not themselves generate news stories, but are designed to spread “deceptive or false” content about the war in Ukraine, both on websites and via social media. The underlying objective is to undermine support for Ukraine in Europe. According to the French authorities, the network is controlled by a single Russian organisation.

[…]

For France, the detection of this latest Russian destabilisation effort comes after a series of campaigns that it has attributed to Moscow. Last November the French foreign ministry denounced a “Russian digital interference operation” that spread photos of Stars of David stencilled on walls in a neighbourhood of Paris, in order to stir intercommunal tension in France shortly after the start of the Israel-Hamas conflict. Viginum then detected a network of 1,095 bots on X (formerly Twitter), which published 2,589 posts. It linked this to a Russian internet complex called Recent Reliable News, known for cloning the websites of Western media outlets in order to spread fake news; the EU has dubbed that complex “Doppelgänger”.

France held the same network responsible in June 2023 for the cloning of various French media websites, as well as that of the French foreign ministry. On the cloned ministry website, hackers posted a statement suggesting, falsely, that France was to introduce a 1.5% “security tax” to finance military aid to Ukraine.

[…]

The EU wants to criminalize AI-generated deepfakes and the non-consensual sending of intimate images

Posted on by

[…] the European Council and Parliament have agreed with the proposal to criminalize, among other things, different types of cyber-violence. The proposed rules will criminalize the non-consensual sharing of intimate images, including deepfakes made by AI tools, which could help deter revenge porn. Cyber-stalking, online harassment, misogynous hate speech and “cyber-flashing,” or the sending of unsolicited nudes, will also be recognized as criminal offenses.

The commission says that having a directive for the whole European Union that specifically addresses those particular acts will help victims in Member States that haven’t criminalized them yet. “This is an urgent issue to address, given the exponential spread and dramatic impact of violence online,” it wrote in its announcement.

[…]

In its reporting, Politico suggested that the recent spread of pornographic deepfake images using Taylor Swift’s face urged EU officials to move forward with the proposal.

[…]

“The final law is also pending adoption in Council and European Parliament,” the EU Council said. According to Politico, if all goes well and the bill becomes a law soon, EU states will have until 2027 to enforce the new rules.

Source: The EU wants to criminalize AI-generated porn images and deepfakes

The original article has a seriously misleading title, I guess for clickbait.

Criticism as Dutch domain registry plans move to Amazon cloud

Posted on by

Questions are being asked in parliament about the decision by Dutch domain registration foundation SIDN to transfer the dot nl domain and its “complete ICT services” to Amazon’s cloud services. 

SIDN says the move will make managing the technology easier but some tech entrepreneurs have doubts, and now MPs have asked the government, which supports the idea of keeping .nl on Dutch or European servers, to explain why the move has been sanctioned. 

Tech entrepreneur Bert Hubert told BNR radio he opposes the idea of shifting the domain to cloud operators in the US. “If your servers are on your own continent and under your legal surveillance, then you can also be sure that no one will mess with your data,” he said. 

The added value of keeping .nl domain names under Dutch control also means “we control it ourselves and can innovate with it ourselves… When you outsource, you always lose your knowledge,” he said. 

Simon Besteman, managing director of the Dutch Cloud Community said on social media he was shocked by SIDN’s decision. “We have been inundated with questions from the Dutch internet community and our members… who have questions about the ethical as well as compliance and moral aspects.”

SIDN says that all data will remain on European servers and that users will not notice any difference in practice. It also argues that Amazon has the extremely specialised services it needs, and that these are not available in Europe.  

It was a difficult decision to move the systems to Amazon, SIDN technology chief Loek Bakker said in a reaction to the criticism.

“Although we seek to contribute to the strategic digital autonomy of the Netherlands and Europe in numerous ways, the need to assure the permanent availability of .nl and the protection of our data was decisive in this instance. That is, after all, our primary responsibility as a registry.”

Nevertheless, he said “We will be using generic, open-source technology, so that, as soon as it becomes responsible to migrate the system to a Dutch or European cloud service provider, we can do so relatively easily.”

You can smell the nonsense here very clearly – SIDN was and should be a  highly technical company. Apparently the bean counters have taken over and kicked out all the expertise in the name of… cost cutting? Are they aware that the costs of AWS are often higher than the costs of self maintenance? But the manager gets a nice trip to the US in a private jet or something like it?

And nothing about AWS is open source – they are in fact known for taking open source projects and then forking them and then pricing them through the nose.

MPs from GroenLinks, the PvdA and D66 have now asked the government to explain why the move is being made, Hubert said.

SIDN is a foundation that has the right to exploit the .nl domain name, earning some €21 million a year in the process. More than six million .nl domains have been registered. 

Source: Criticism as Dutch domain registry plans move to Amazon cloud – DutchNews.nl

Cory Doctorow’s McLuhan lecture on enshittification (30 Jan 2024)

Posted on by

Last year, I coined the term ‘enshittification,’ to describe the way that platforms decay. That obscene little word did big numbers, it really hit the zeitgeist. I mean, the American Dialect Society made it their Word of the Year for 2023 (which, I suppose, means that now I’m definitely getting a poop emoji on my tombstone).

So what’s enshittification and why did it catch fire? It’s my theory explaining how the internet was colonized by platforms, and why all those platforms are degrading so quickly and thoroughly, and why it matters – and what we can do about it.

We’re all living through the enshittocene, a great enshittening, in which the services that matter to us, that we rely on, are turning into giant piles of shit.

It’s frustrating. It’s demoralizing. It’s even terrifying.

I think that the enshittification framework goes a long way to explaining it, moving us out of the mysterious realm of the ‘great forces of history,’ and into the material world of specific decisions made by named people – decisions we can reverse and people whose addresses and pitchfork sizes we can learn.

Enshittification names the problem and proposes a solution. It’s not just a way to say ‘things are getting worse’ (though of course, it’s fine with me if you want to use it that way. It’s an English word. We don’t have der Rat für Englisch Rechtschreibung. English is a free for all. Go nuts, meine Kerle).

[…]

Source: Pluralistic: My McLuhan lecture on enshittification (30 Jan 2024) – Pluralistic: Daily links from Cory Doctorow

It’s a good essay on what enshittification is, what causes it, why it’s so bad and some ideas on how to get rid of it. Very worth reading.

Hundreds of thousands of EU citizens ‘wrongly fined for driving in London Ulez’ in one of EUs largest privacy breaches

Posted on by

Hundreds of thousands of EU citizens were wrongly fined for driving in London’s Ulez clean air zone, according to European governments, in what has been described as “possibly one of the largest data breaches in EU history”.

The Guardian can reveal Transport for London (TfL) has been accused by five EU countries of illegally obtaining the names and addresses of their citizens in order to issue the fines, with more than 320,000 penalties, some totalling thousands of euros, sent out since 2021.

[…]

Since Brexit, the UK has been banned from automatic access to personal details of EU residents. Transport authorities in Belgium, Spain, Germany and the Netherlands have confirmed to the Guardian that driver data cannot be shared with the UK for enforcement of London’s ultra-low emission zone (Ulez), and claim registered keeper details were obtained illegally by agents acting for TfL’s contractor Euro Parking Collection.

In France, more than 100 drivers have launched a lawsuit claiming their details were obtained fraudulently, while Dutch lorry drivers are taking legal action against TfL over £6.5m of fines they claim were issued unlawfully.

According to the Belgian MP Michael Freilich, who has investigated the issue on behalf of his constituents, TfL is treating European drivers as a “cash cow” by using data obtained illegitimately to issue unjustifiable fines.

Many of the penalties have been issued to drivers who visited London in Ulez-compliant vehicles and were not aware they had to be registered with TfL’s collections agent Euro Parking at least 10 days before their visit.

Failure to register does not count as a contravention, according to Ulez rules, but some drivers have nonetheless received penalties of up to five-figure sums.

[…]

Some low-emission cars have been misclassed as heavy goods diesel vehicles and fined under the separate low-emission zone (Lez) scheme, which incurs penalties of up to £2,000 a day. Hundreds of drivers have complained that the fines arrived weeks after the early payment discount and appeals deadlines had passed.

One French driver was fined £25,000 for allegedly contravening Lez and Ulez rules, despite the fact his minibus was exempt.

[…]

EU countries say national laws allow the UK to access personal data only for criminal offences, not civil ones. Breaching Ulez rules is a civil offence, while more risky behaviour such as speeding or driving under the influence of drink or drugs can be a criminal offence. This raises the question of whether Euro Parking can legally carry out its contract with TfL.

Euro Parking was awarded a five-year contract by TfL in 2020 to recover debts from foreign drivers who had breached congestion or emission zone rules.

The company, which is paid according to its performance, is estimated to have earned between £5m and £10m. It has the option to renew for a further five years.

The firm is owned by the US transport technology group Verra Mobility, which is listed on the Nasdaq stock exchange and headed by the former Bank of America Merrill Lynch executive David Roberts. The company’s net revenue was $205m (£161m) in the second quarter of 2023.

In October, the Belgian government ordered a criminal investigation after a court bailiff was accused of illegally passing the details of 20,000 drivers to Euro Parking for Ulez enforcement. The bailiff was suspended in 2022 and TfL initially claimed that no Belgian data had been shared with Euro Parking since then. However, a freedom of information request by the Guardian found that more than 17,400 fines had been issued to Belgians in the intervening 19 months.

[…]

Campaigners accuse Euro Parking of circumventing data protection rules by using EU-based agents to request driver data without disclosing that it is for UK enforcement.

Last year, an investigation by the Dutch vehicle licensing authority RDW found that the personal details of 55,000 citizens had been obtained via an NCP in Italy. “The NCP informed us that the authorised users have used the data in an unlawful way and stopped their access,” a spokesperson said.

The German transport authority KBA claimed that an Italian NCP was used to obtain information from its database. “Euro Parking obtained the data through unlawful use of an EU directive to facilitate the cross-border exchange of information about traffic offences that endanger road safety,” a KBA spokesperson said. “The directive does not include breaches of environmental rules.”

Spain’s transport department told the Guardian that UK authorities were not allowed access to driver details for Ulez enforcement. Euro Parking has sent more than 25,600 fines to Spanish drivers since 2021.

In France, 102 drivers have launched a lawsuit claiming that their details were fraudulently obtained

[…]

Source: Hundreds of thousands of EU citizens ‘wrongly fined for driving in London Ulez’ | TfL | The Guardian

I guess Brexit has panned out economically much worse than we thought

Palworld Is a Great Example Of The Idea/Expression Dichotomy | Techdirt

Posted on by

When it comes to copyright suits or conflicts that never should have existed, one of the most common misunderstandings that births them is not understanding the idea/expression dichotomy in copyright law. Even to most laypeople, once you explain it, it’s quite simple. You can copyright a specific expression of something, such as literature, recorded music, etc., but you cannot copyright a general idea. So, while Superman may be subject to copyright protections as a character and in depictions of that character, you cannot copyright a superhero that flies, wears a cape, shoots beams from his eyes, and has super strength. For evidence of that, see: Homelander from The Boys.

But while Homelander is a good case study in the protections offered by the idea/expression dichotomy, a more perfect one might be the recently released PC game Palworld, which has often been described as “Pokémon, but with guns.” This thing is a megahit already, hitting Early Access mid-January and also already hitting 1 million concurrent players. And if you’re wondering just how “Pokémon, but with guns” this game is, well…

The art styles are similar, it’s essentially a monster-collecting game involving battles, etc. and so on. You get it. And this has led to a whole lot of speculation out there that all of this somehow constitutes copyright infringement, or plagiarism, on the part of publisher PocketPair. There is likewise speculation that it’s only a matter of time before Nintendo, Game Freak, or The Pokémon Co. sues the hell out of PocketPair over all of this.

And that may still happen — the Pokemon company says it’s investigating Palworld. All of those companies have shown themselves to be voracious IP enforcers, after all. But the fact is that there is nothing in this game that is a direct copy of any expression owned by any of those entities. To that end, when asked about any concerns over lawsuits, PocketPair is taking a very confident posture.

On the other hand, we had a chance to talk to PocketPair’s CEO Takuro Mizobe before Palworld’s release, and addressing this topic, Mizobe mentioned that Palworld has cleared legal reviews, and that there has been no action taken against it by other companies. Mizobe shared PocketPair’s stance on the issue, stating, “We make our games very seriously, and we have absolutely no intention of infringing upon the intellectual property of other companies.” 

Mizobe has also commented that, in his personal opinion, Palworld is not at all that similar to Pokémon, even citing other IPs that Palworld more closely resembles. (Related article) He encouraged users to see past the rumors and give Palworld a chance.  

And he’s right. The game mechanics themselves go far beyond anything Pokémon has on offer. And while we can certainly say that even some of the Pals themselves look as though they were inspired by some well-known Pokémon, there are more than enough differences in sum-total to make any claim that this is some kind of direct ripoff simply untrue. Some of the ideas are very, very similar. The expression, however, is different.

In addition to the legal review that Mizobe mentioned, it’s not like the game as a concept has been kept a secret, either.

Though it released just a few days ago, Palworld’s concept and content has been open to the public for quite a while, and were even presented at the Tokyo Game Show in both 2022 and 2023. Many users are of the opinion that, if there were basis for plagiarism-related legal action, the relevant parties would have already acted by now. 

I would normally agree, but in this case, well, it’s Pokémon and Nintendo, so who knows. Maybe legal action is coming, maybe not. If it does come, however, it should fail. And fail miserably. All because of the idea/expression dichotomy.

Source: Palworld Is a Great Example Of The Idea/Expression Dichotomy | Techdirt

It’s quite fortunate that Palworld has sold millions of copies quickly, because that means they should have the funds to withstand a legal onslaught from Nintendo. In justice it’s not often if you are right, but if you are rich.

iPhone Apps Secretly Harvest Data When They Send You Notifications, Researchers Find

Posted on by

iPhone apps including Facebook, LinkedIn, TikTok, and X/Twitter are skirting Apple’s privacy rules to collect user data through notifications, according to tests by security researchers at Mysk Inc., an app development company. Users sometimes close apps to stop them from collecting data in the background, but this technique gets around that protection. The data is unnecessary for processing notifications, the researchers said, and seems related to analytics, advertising, and tracking users across different apps and devices.

It’s par for the course that apps would find opportunities to sneak in more data collection, but “we were surprised to learn that this practice is widely used,” said Tommy Mysk, who conducted the tests along with Talal Haj Bakry. “Who would have known that an innocuous action as simple as dismissing a notification would trigger sending a lot of unique device information to remote servers? It is worrying when you think about the fact that developers can do that on-demand.”

These particular apps aren’t unusual bad actors. According to the researchers, it’s a widespread problem plaguing the iPhone ecosystem.

This isn’t the first time Mysk’s tests have uncovered data problems at Apple, which has spent untold millions convincing the world that “what happens on your iPhone, stays on your iPhone.” In October 2023, Mysk found that a lauded iPhone feature meant to protect details about your WiFi address isn’t as private as the company promises. In 2022, Apple was hit with over a dozen class action lawsuits after Gizmodo reported on Mysk’s finding that Apple collects data about its users even after they flip the switch on an iPhone privacy setting that promises to “disable the sharing of device analytics altogether.”

The data looks like information that’s used for “fingerprinting,” a technique companies use to identify you based on several seemingly innocuous details about your device. Fingerprinting circumvents privacy protections to track people and send them targeted ads

[…]

For example, the tests showed that when you interact with a notification from Facebook, the app collects IP addresses, the number of milliseconds since your phone was restarted, the amount of free memory space on your phone, and a host of other details. Combining data like these is enough to identify a person with a high level of accuracy. The other apps in the test collected similar information. LinkedIn, for example, uses notifications to gather which timezone you’re in, your display brightness, and what mobile carrier you’re using, as well as a host of other information that seems specifically related to advertising campaigns, Mysk said.

[…]

Apps can collect this kind of data about you when they’re open, but swiping an app closed is supposed to cut off the flow of data and stop an app from running whatsoever. However, it seems notifications provide a backdoor.

Apple provides special software to help your apps send notifications. For some notifications, the app might need to play a sound or download text, images, or other information. If the app is closed, the iPhone operating system lets the app wake up temporarily to contact company servers, send you the notification, and perform any other necessary business. The data harvesting Mysk spotted happened during this brief window.

[…]

Source: iPhone Apps Secretly Harvest Data When They Send You Notifications, Researchers Find

France fines Amazon $35 million over intrusive employee surveillance

Posted on by

France’s data privacy watchdog organization, the CNIL, has fined a logistics subsidiary of Amazon €32 million, or $35 million in US dollars, over the company’s use of an “overly intrusive” employee surveillance system. The CNIL says that the system employed by Amazon France Logistique “measured work interruptions with such accuracy, potentially requiring employees to justify every break or interruption.”

Of course, this system was forced on the company’s warehouse workers, as they seem to always get the short end of the Amazon stick. The CNIL says the surveillance software tracked the inactivity of employees via a mandatory barcode scanner that’s used to process orders. The system tracks idle time as interruptions in barcode scans, calling out employees for periods of downtime as low as one minute. The French organization ruled that the accuracy of this system was illegal, using Europe’s General Data Protection Regulation (GDPR) as a legal basis for the ruling.

To that end, this isn’t being classified as a labor case, but rather a data processing case regarding excessive monitoring. “As implemented, the processing is considered to be excessively intrusive,” the CNIL wrote, noting that Amazon uses this data to assess employee performance on a weekly basis. The organization also noted that Amazon held onto this data for all employees and temporary workers.

[…]

Source: France fines Amazon $35 million over ‘intrusive’ employee surveillance

Ubisoft Says It Out Loud: We Want People To Get Used To Not Owning What They’ve Bought

Posted on by

if buying isnt owning then piracy isnt stealing

[…] the public too often doesn’t understand how it happens that products stop working the way they did after updates are performed remotely, or why movies purchased through an online store suddenly disappear with no refund, or why other media types purchased online likewise go poof. There is a severe misalignment, in other words, between what consumers think their money is being spent on and what is actually being purchased.

[…]

I suppose it’s at least a bit refreshing to see Ubisoft come out here and just say the quiet part out loud.

With the pre-release of Prince of Persia: The Lost Crown started, Ubisoft has chosen this week to rebrand its Ubisoft+ subscription services, and introduce a PC version of the “Classics” tier at a lower price. And a big part of this, says the publisher’s director of subscriptions, Philippe Tremblay, is getting players “comfortable” with not owning their games.

He claims the company’s subscription service had its biggest ever month October 2023, and that the service has had “millions” of subscribers, and “over half a billion hours” played. Of course, a lot of this could be a result of Ubisoft’s various moments of refusing to release games to Steam, forcing PC players to use its services, and likely opting for a month’s subscription rather than the full price of the game they were looking to buy. But still, clearly people are opting to use it.

On the one hand, there are realms where it makes sense for a subscription based gaming service where you pay a monthly fee for access and essentially never buy a game. Xbox’s Game Pass, for instance, makes all the sense in the world for some people. If you’re a more casual gamer who doesn’t want to own a library of games, but rather merely wants to be able to play a broad swath of titles at a moment’s notice, a service like that is perfect.

But Game Pass is $10 a month and includes titles from all kinds of publishers. Ubisoft’s service is nearly double that rate and only includes Ubisoft titles. That’s a much tougher sell.

[…]

Given that most people, while being a part of the problem (hello), also think of this as a problem, it’s so weird to see it phrased as if some faulty thinking in the company’s audience.

One of the things we saw is that gamers are used to, a little bit like DVD, having and owning their games. That’s the consumer shift that needs to happen. They got comfortable not owning their CD collection or DVD collection. That’s a transformation that’s been a bit slower to happen [in games]. As gamers grow comfortable in that aspect… you don’t lose your progress. If you resume your game at another time, your progress file is still there. That’s not been deleted. You don’t lose what you’ve built in the game or your engagement with the game. So it’s about feeling comfortable with not owning your game.

That last sentence’s thoughts are so misaligned as to be nearly in the realm of nonsense. If it’s my game, then I do own it. The point Ubisoft is trying to make is that the public should get over ownership entirely and accept that it’s not my game at all. It’s my subscription service.

And while I appreciate Ubisoft saying the quiet part out loud for once, I don’t believe for a moment that this will go over well with the general gaming public.

Source: Ubisoft Says It Out Loud: We Want People To Get Used To Not Owning What They’ve Bought | Techdirt

Hint: it hasn’t!

Amazon wants you to pay to give them your data with Its Next-Gen “Remarkable Alexa” – which is remarkable in how poorly it works

Posted on by

amazon alexa echo device covered in green goo

Amazon is revamping its Alexa voice assistant as it prepares to launch a new paid subscription plan this year, according to internal documents and people familiar with the matter. But the change is causing internal conflict and may lead to further delay.

Tentatively named “Alexa Plus,” the paid version of Alexa is intended to offer more conversational and personalized artificial-intelligence technology, one of the documents obtained by Business Insider says. The people said the team was working toward a June 30 launch deadline and had been testing the underlying voice technology, dubbed “Remarkable Alexa,” with 15,000 external customers.

But the quality of the new Alexa’s answers is still falling short of expectations, often sharing inaccurate information, external tests have found. Amazon is now going through a major overhaul of Alexa’s technology stack to address this issue, though the team is experiencing some discord.

[…]

The people familiar with the matter said the limited preview with 15,000 external customers discovered that, while Remarkable Alexa was generally good at being conversational and informative, it was still deflecting answers, often giving unnecessarily long or inaccurate responses. It also needed to improve its ability to answer ambiguous customer requests that require the engagement of multiple services, such as turning on the light and music at the same time.

The new Alexa still didn’t meet the quality standards expected for Alexa Plus, these people added

[…]

Source: Amazon Is Struggling With Its Next-Gen “Remarkable Alexa’

HP CEO: You’re ‘bad investment’ if you don’t buy HP supplies

Posted on by

hp printers printing money over your dead body

HP CEO Enrique Lores admitted this week that the company’s long-term objective is “to make printing a subscription” when he was questioned about the company’s approach to third-party replacement ink suppliers.

The PC and print biz is currently facing a class-action lawsuit (from 2.42 in the video below) regarding allegations that the company deliberately prevented its hardware from accepting non-HP branded replacement cartridges via a firmware update.

When asked about the case in a CNBC interview, Lores said: “I think for us it is important for us to protect our IP. There is a lot of IP that we’ve built in the inks of the printers, in the printers themselves. And what we are doing is when we identify cartridges that are violating our IP, we stop the printers from work[ing].”

Later in the interview, he added: “Every time a customer buys a printer, it’s an investment for us. We are investing in that customer, and if that customer doesn’t print enough or doesn’t use our supplies, it’s a bad investment.”

[…]

HP has long banged the drum [PDF] about the potential for malware to be introduced via print cartridges, and in 2022, its bug bounty program confirmed that third-party cartridges with reprogrammable chips could deliver malware into printers.

Kind old HP is, therefore, only concerned about the welfare of customers.

Sadly, Lores’s protestations were somewhat undermined by the admission that the company’s business model depends – at least in part – on customers selecting HP supplies for their devices.

“Our objective is to make printing as easy as possible, and our long-term objective is to make printing a subscription.”

This echoes comments by former CFO Marie Myers, who said in December:

“We absolutely see when you move a customer from that pure transactional model … whether it’s Instant Ink, plus adding on that paper, we sort of see a 20 percent uplift on the value of that customer because you’re locking that person, committing to a longer-term relationship.”

Source: HP CEO: You’re ‘bad investment’ if you don’t buy HP supplies • The Register

Dutch phones can be easily tracked online: ‘Extreme security risk’

Posted on by

a map of the netherlands with cellphone towers

BNR received more than 80 gigabytes of location data from data traders: the coordinates of millions of telephones, often registered dozens of times a day.

The gigantic mountain of data also includes movements of people with functions in which safety plays an important role. A senior army officer could be followed as he drove from his home in the Randstad to various military locations in the country. A destination he often visited was the Frederikazerne, headquarters of the Military Intelligence and Security Service (MIVD). The soldier confirmed the authenticity of the data to BNR by telephone.

[…]

The data also reveals the home address of someone who often visits the Penitentiary in Vught, where terrorists and serious criminals are imprisoned. A spokesperson for the Judicial Institutions Agency (DJI) confirmed that the person, who according to the Land Registry lives at this address, had actually brought a mobile phone onto the premises with permission and stated that the matter was being investigated.

These are just examples, the list of potential targets is long: up to 1,200 phones in the dataset visited the office in Zoetermeer where the National Police, National Public Prosecutor’s Office and Europol are located. Up to 70 telephones are registered in the King’s residential palace, Huis ten Bosch. At the Volkel Air Base, a storage point for nuclear weapons, up to 370 telephones were counted. The National Police’s management says it is aware of the problem and is ‘looking internally to see what measures are appropriate to combat this’.

‘National security implications’

BNR had two experts inspect the dataset. “This is an extreme security risk, with possible implications for national security,” says Ralph Moonen, technical director of Secura. “It’s really shocking that this can happen like this,” says Sjoerd van der Meulen, cybersecurity specialist at DataExpert.

The technology used to track mobile phones is designed for use by advertisers, but is suitable for other purposes, says Paul Pols, former technical advisor to the Assessment Committee for the Use of Powers, which supervises the intelligence services. According to Pols, it is known that the MIVD and AIVD also purchase access to this type of data on the data market under the heading ‘open sources’. “What is striking about this case is that you can easily access large amounts of data from Dutch citizens,” said the cybersecurity expert.

For sale via an online marketplace in Berlin

That access was achieved through an online marketplace based in Berlin. On this platform, Datarade.ai, hundreds of companies offer personal data for sale. In addition to location data, medical information and credit scores are also available.

Following a tip from a data subject, BNR responded to an advertisement offering location data of Dutch users. A sales employee of the platform then contacted two medium-sized providers: Datastream Group from Florida in the US and Factori.ai from Singapore – both companies have fewer than 50 employees, according to their LinkedIn pages.

Datastream and Factori offer similar services: a subscription to the location data of mobile phones in the Netherlands is available for prices starting from $2,000 per month. Those who pay more can receive fresh data every 24 hours via the cloud, possibly even from all over the world.

[…]

Upon request, BNR was therefore sent a full month of historical data from Dutch telephones. This data was anonymized – it did not contain telephone numbers. Individual phones can be recognized by unique number combinations, a ‘mobile advertising ID’ used by Apple and Google to show individual users relevant advertisements within the limits of European privacy legislation.

Possibly four million Dutch victims of tracking

The precise origin of the data traded online is unclear. According to the providers, these come from apps that have received permission from users to use location data. This includes fitness or navigation apps that sell data. This is how the data ultimately ends up at Factori and Datastream. By combining data from multiple sources, gigantic files are created.

[…]

it is not difficult to recognize the owners of individual phones in the data. By linking sleeping places to data from public registers, such as the Land Registry, and workplaces to LinkedIn profiles, BNR was able to identify, in addition to the army officer, a project manager from Alphen aan den Rijn and an amateur football referee. The discovery that he had been digitally stalked for at least a month led to shocked reactions. ‘Bizarre’, and: ‘I immediately turned off ‘sharing location data’ on my phone’.

Trade is prohibited, but the government does not act

Datarade, the Berlin data marketplace, informed BNR in an email that traders on their platform are ‘fully liable’ for the data they offer. Illegal practices can be reported using an online form. The spokesperson for the German company leaves open the question of whether measures are being taken against the sale of location data.

[…]

Source (Google Translate): Dutch phones can be secretly tracked online: ‘Extreme security risk’ | BNR News Radio

Source (Dutch original): Nederlandse telefoons online stiekem te volgen: ‘Extreem veiligheidsrisico’

Drivers would prefer to buy a low-tech car than one that shares their data

Posted on by

According to a survey of 2,000 Americans conducted by Kaspersky in November and published this week, 72 percent of drivers are uncomfortable with automakers sharing their data with advertisers, insurance companies, subscription services, and other third-party outfits. Specifically, 37.3 percent of those polled are “very uncomfortable” with this data sharing, and 34.5 percent are “somewhat uncomfortable.”

However, only 28 percent of the total respondents say they have any idea what kind of data their car is collecting. Spoiler alert: It’s potentially all the data. An earlier Mozilla Foundation investigation, which assessed the privacy policies and practices of 25 automakers, gave every single one a failing grade.

In Moz’s September Privacy Not Included report, the org warned that car manufacturers aren’t only potentially collecting and selling things like location history, driving habits and in-car browser histories. Some connected cars may also track drivers’ sexual activity, immigration status, race, facial expressions, weight, health, and even genetic information, if that information becomes available.

Back to the Kaspersky survey: 87 percent said automakers should be required to delete their data upon request. Depending on where you live, and thus the privacy law you’re under, the manufacturers may be obligated to do so.

Oddly, while motorists are worried about their cars sharing their data with third parties, they don’t seem that concerned about their vehicles snooping on them in the first place.

Less than half (41.8 percent) of respondents said they are worried about their vehicle’s sensors, infotainment system, cameras, microphones, and other connected apps and services might be collecting their personal data. And 80 percent of respondents pair their phone with their car anyway, allowing data and details of activities to be exchanged between apps and the vehicle and potentially its manufacturer.

This echoes another survey published this week that found many drivers are willing to trade their personal data and privacy for driver personalization — things like seat, mirror, and entertainment preferences (43 percent) — and better insurance rates (67 percent).

The study also surveyed 2,000 American drivers to come up with these numbers and found that while most drivers (68 percent) don’t mind automakers collecting their personal data, only five percent believe this surveillance should be unrestricted, and 63 percent said it should be on an opt-in basis.

Perhaps it’s time for vehicle makers to take note

Source: Surveyed drivers prefer low-tech cars over data-sharing ones • The Register

Also, we want buttons back too please.

Generative AI Will Be A Huge Boon For The Public Domain, Unless Copyright Blocks It

Posted on by

two people holding hands watching a pc screen. On the screen is a robot painting a digitised Bob Ross paintingA year ago, I noted that many of Walled Culture’s illustrations were being produced using generative AI. During that time, AI has developed rapidly. For example, in the field of images, OpenAI has introduced DALL-E 3 in ChatGPT:

When prompted with an idea, ChatGPT will automatically generate tailored, detailed prompts for DALL·E 3 that bring your idea to life. If you like a particular image, but it’s not quite right, you can ask ChatGPT to make tweaks with just a few words.

Ars Technica has written a good intro to the new DALL-E 3, describing it as “a wake-up call for visual artists” in terms of its advanced capabilities. The article naturally touches on the current situation regarding copyright for these creations:

In the United States, purely AI-generated art cannot currently be copyrighted and exists in the public domain. It’s not cut and dried, though, because the US Copyright Office has supported the idea of allowing copyright protection for AI-generated artwork that has been appreciably altered by humans or incorporated into a larger work.

The article goes on to explore an interesting aspect of that situation:

there’s suddenly a huge new pool of public domain media to work with, and it’s often “open source”—as in, many people share the prompts and recipes used to create the artworks so that others can replicate and build on them. That spirit of sharing has been behind the popularity of the Midjourney community on Discord, for example, where people typically freely see each other’s prompts.

When several mesmerizing AI-generated spiral images went viral in September, the AI art community on Reddit quickly built off of the trend since the originator detailed his workflow publicly. People created their own variations and simplified the tools used in creating the optical illusions. It was a good example of what the future of an “open source creative media” or “open source generative media” landscape might look like (to play with a few terms).

There are two important points there. First, that the current, admittedly tentative, status of generative AI creations as being outside the copyright system means that many of them, perhaps most, are available for anyone to use in any way. Generative AI could drive a massive expansion of the public domain, acting as a welcome antidote to constant attempts to enclose the public domain by re-imposing copyright on older works – for example, as attempted by galleries and museums.

The second point is that without the shackles of copyright, these creations can form the basis of collaborative works among artists willing to embrace that approach, and to work with this new technology in new ways. That’s a really exciting possibility that has been hard to implement without recourse to legal approaches like Creative Commons. Although the intention there is laudable, most people don’t really want to worry about the finer points of licensing – not least out of fear that they might get it wrong, and be sued by the famously litigious copyright industry.

A situation in which generative AI creations are unequivocally in the public domain could unleash a flood of pent-up creativity. Unfortunately, as the Ars Technica article rightly points out, the status of AI generated artworks is already slightly unclear. We can expect the copyright world to push hard to exploit that opening, and to demand that everything created by computers should be locked down under copyright for decades, just as human inspiration generally is from the moment it is in a fixed form. Artists should enjoy this new freedom to explore and build on generative AI images while they can – it may not last.

Source: Generative AI Will Be A Huge Boon For The Public Domain, Unless Copyright Blocks It | Techdirt

The NY Times Lawsuit Against OpenAI Would Open Up The NY Times To All Sorts Of Lawsuits Should It Win, shows that if you feed it a URL it can regurgitate what’s on the first parts of that URL

Posted on by

This week the NY Times somehow broke the story of… well, the NY Times suing OpenAI and Microsoft. I wonder who tipped them off. Anyhoo, the lawsuit in many ways is similar to some of the over a dozen lawsuits filed by copyright holders against AI companies. We’ve written about how silly many of these lawsuits are, in that they appear to be written by people who don’t much understand copyright law. And, as we noted, even if courts actually decide in favor of the copyright holders, it’s not like it will turn into any major windfall. All it will do is create another corruptible collection point, while locking in only a few large AI companies who can afford to pay up.

I’ve seen some people arguing that the NY Times lawsuit is somehow “stronger” and more effective than the others, but I honestly don’t see that. Indeed, the NY Times itself seems to think its case is so similar to the ridiculously bad Authors Guild case, that it’s looking to combine the cases.

But while there are some unique aspects to the NY Times case, I’m not sure they are nearly as compelling as the NY Times and its supporters think they are. Indeed, I think if the Times actually wins its case, it would open the Times itself up to some fairly damning lawsuits itself, given its somewhat infamous journalistic practices regarding summarizing other people’s articles without credit. But, we’ll get there.

The Times, in typical NY Times fashion, presents this case as thought the NY Times is the great defender of press freedom, taking this stand to stop the evil interlopers of AI.

Independent journalism is vital to our democracy. It is also increasingly rare and valuable. For more than 170 years, The Times has given the world deeply reported, expert, independent journalism. Times journalists go where the story is, often at great risk and cost, to inform the public about important and pressing issues. They bear witness to conflict and disasters, provide accountability for the use of power, and illuminate truths that would otherwise go unseen. Their essential work is made possible through the efforts of a large and expensive organization that provides legal, security, and operational support, as well as editors who ensure their journalism meets the highest standards of accuracy and fairness. This work has always been important. But within a damaged information ecosystem that is awash in unreliable content, The Times’s journalism provides a service that has grown even more valuable to the public by supplying trustworthy information, news analysis, and commentary

Defendants’ unlawful use of The Times’s work to create artificial intelligence products that compete with it threatens The Times’s ability to provide that service. Defendants’ generative artificial intelligence (“GenAI”) tools rely on large-language models (“LLMs”) that were built by copying and using millions of The Times’s copyrighted news articles, in-depth investigations, opinion pieces, reviews, how-to guides, and more. While Defendants engaged in widescale copying from many sources, they gave Times content particular emphasis when building their LLMs—revealing a preference that recognizes the value of those works. Through Microsoft’s Bing Chat (recently rebranded as “Copilot”) and OpenAI’s ChatGPT, Defendants seek to free-ride on The Times’s massive investment in its journalism by using it to build substitutive products without permission or payment.

As the lawsuit makes clear, this isn’t some high and mighty fight for journalism. It’s a negotiating ploy. The Times admits that it has been trying to get OpenAI to cough up some cash for its training:

For months, The Times has attempted to reach a negotiated agreement with Defendants, in accordance with its history of working productively with large technology platforms to permit the use of its content in new digital products (including the news products developed by Google, Meta, and Apple). The Times’s goal during these negotiations was to ensure it received fair value for the use of its content, facilitate the continuation of a healthy news ecosystem, and help develop GenAI technology in a responsible way that benefits society and supports a well-informed public.

I’m guessing that OpenAI’s decision a few weeks back to pay off media giant Axel Springer to avoid one of these lawsuits, and the failure to negotiate a similar deal (at what is likely a much higher price), resulted in the Times moving forward with the lawsuit.

There are five or six whole pages of puffery about how amazing the NY Times thinks the NY Times is, followed by the laughably stupid claim that generative AI “threatens” the kind of journalism the NY Times produces.

Let me let you in on a little secret: if you think that generative AI can do serious journalism better than a massive organization with a huge number of reporters, then, um, you deserve to go out of business. For all the puffery about the amazing work of the NY Times, this seems to suggest that it can easily be replaced by an auto-complete machine.

In the end, though, the crux of this lawsuit is the same as all the others. It’s a false belief that reading something (whether by human or machine) somehow implicates copyright. This is false. If the courts (or the legislature) decide otherwise, it would upset pretty much all of the history of copyright and create some significant real world problems.

Part of the Times complaint is that OpenAI’s GPT LLM was trained in part with Common Crawl data. Common Crawl is an incredibly useful and important resource that apparently is now coming under attack. It has been building an open repository of the web for people to use, not unlike the Internet Archive, but with a focus on making it accessible to researchers and innovators. Common Crawl is a fantastic resource run by some great people (though the lawsuit here attacks them).

But, again, this is the nature of the internet. It’s why things like Google’s cache and the Internet Archive’s Wayback Machine are so important. These are archives of history that are incredibly important, and have historically been protected by fair use, which the Times is now threatening.

(Notably, just recently, the NY Times was able to get all of its articles excluded from Common Crawl. Otherwise I imagine that they would be a defendant in this case as well).

Either way, so much of the lawsuit is claiming that GPT learning from this data is infringement. And, as we’ve noted repeatedly, reading/processing data is not a right limited by copyright. We’ve already seen this in multiple lawsuits, but this rush of plaintiffs is hoping that maybe judges will be wowed by this newfangled “generative AI” technology into ignoring the basics of copyright law and pretending that there are now rights that simply do not exist.

Now, the one element that appears different in the Times’ lawsuit is that it has a bunch of exhibits that purport to prove how GPT regurgitates Times articles. Exhibit J is getting plenty of attention here, as the NY Times demonstrates how it was able to prompt ChatGPT in such a manner that it basically provided them with direct copies of NY Times articles.

In the complaint, they show this:

Image

At first glance that might look damning. But it’s a lot less damning when you look at the actual prompt in Exhibit J and realize what happened, and how generative AI actually works.

What the Times did is prompt GPT-4 by (1) giving it the URL of the story and then (2) “prompting” it by giving it the headline of the article and the first seven and a half paragraphs of the article, and asking it to continue.

Here’s how the Times describes this:

Each example focuses on a single news article. Examples were produced by breaking the article into two parts. The frst part o f the article is given to GPT-4, and GPT-4 replies by writing its own version of the remainder of the article.

Here’s how it appears in Exhibit J (notably, the prompt was left out of the complaint itself):

Image

If you actually understand how these systems work, the output looking very similar to the original NY Times piece is not so surprising. When you prompt a generative AI system like GPT, you’re giving it a bunch of parameters, which act as conditions and limits on its output. From those constraints, it’s trying to generate the most likely next part of the response. But, by providing it paragraphs upon paragraphs of these articles, the NY Times has effectively constrained GPT to the point that the most probabilistic responses is… very close to the NY Times’ original story.

In other words, by constraining GPT to effectively “recreate this article,” GPT has a very small data set to work off of, meaning that the highest likelihood outcome is going to sound remarkably like the original. If you were to create a much shorter prompt, or introduce further randomness into the process, you’d get a much more random output. But these kinds of prompts effectively tell GPT not to do anything BUT write the same article.

From there, though, the lawsuit gets dumber.

It shows that you can sorta get around the NY Times’ paywall in the most inefficient and unreliable way possible by asking ChatGPT to quote the first few paragraphs in one paragraph chunks.

Image

Of course, quoting individual paragraphs from a news article is almost certainly fair use. And, for what it’s worth, the Times itself admits that this process doesn’t actually return the full article, but a paraphrase of it.

And the lawsuit seems to suggest that merely summarizing articles is itself infringing:

Image

That’s… all factual information summarizing the review? And while the complaint shows that if you then ask for (again, paragraph length) quotes, GPT will give you a few quotes from the article.

And, yes, the complaint literally argues that a generative AI tool can violate copyright when it “summarizes” an article.

The issue here is not so much how GPT is trained, but how the NY Times is constraining the output. That is unrelated to the question of whether or not the reading of these article is fair use or not. The purpose of these LLMs is not to repeat the content that is scanned, but to figure out the probabilistic most likely next token for a given prompt. When the Times constrains the prompts in such a way that the data set is basically one article and one article only… well… that’s what you get.

Elsewhere, the Times again complains about GPT returning factual information that is not subject to copyright law.

Image

But, I mean, if you were to ask anyone the same question, “What does wirecutter recommend for The Best Kitchen Scale,” they’re likely to return you a similar result, and that’s not infringing. It’s a fact that that scale is the one that it recommends. The Times complains that people who do this prompt will avoid clicking on Wirecutter affiliate links, but… um… it has no right to that affiliate income.

I mean, I’ll admit right here that I often research products and look at Wirecutter (and other!) reviews before eventually shopping independently of that research. In other words, I will frequently buy products after reading the recommendations on Wirecutter, but without clicking on an affiliate link. Is the NY Times really trying to suggest that this violates its copyright? Because that’s crazy.

Meanwhile, it’s not clear if the NY Times is mad that it’s accurately recommending stuff or if it’s just… mad. Because later in the complaint, the NY Times says its bad that sometimes GPT recommends the wrong product or makes up a paragraph.

So… the complaint is both that GPT reproduces things too accurately, AND not accurately enough. Which is it?

Anyway, the larger point is that if the NY Times wins, well… the NY Times might find itself on the receiving end of some lawsuits. The NY Times is somewhat infamous in the news world for using other journalists’ work as a starting point and building off of it (frequently without any credit at all). Sometimes this results in an eventual correction, but often it does not.

If the NY Times successfully argues that reading a third party article to help its reporters “learn” about the news before reporting their own version of it is copyright infringement, it might not like how that is turned around by tons of other news organizations against the NY Times. Because I don’t see how there’s any legitimate distinction between OpenAI scanning NY Times articles and NY Times reporters scanning other articles/books/research without first licensing those works as well.

Or, say, what happens if a source for a NY TImes reporter provides them with some copyright-covered work (an article, a book, a photograph, who knows what) that the NY Times does not have a license for? Can the NY Times journalist then produce an article based on that material (along with other research, though much less than OpenAI used in training GPT)?

It seems like (and this happens all too often in the news industry) the NY Times is arguing that it’s okay for its journalists to do this kind of thing because it’s in the business of producing Important Journalism™ whereas anyone else doing the same thing is some damn interloper.

We see this with other copyright disputes and the media industry, or with the ridiculous fight over the hot news doctrine, in which news orgs claimed that they should be the only ones allowed to report on something for a while.

Similarly, I’ll note that even if the NY Times gets some money out of this, don’t expect the actual reporters to see any of it. Remember, this is the same NY Times that once tried to stiff freelance reporters by relicensing their articles to electronic databases without paying them. The Supreme Court didn’t like that. If the NY Times establishes that merely training AI on old articles is a licenseable, copyright-impacting event, will it go back and pay those reporters a piece of whatever change they get? Or nah?

Source: The NY Times Lawsuit Against OpenAI Would Open Up The NY Times To All Sorts Of Lawsuits Should It Win | Techdirt

Google agrees to settle $5 billion lawsuit accusing it of tracking Incognito users

Posted on by

In 2020, Google was hit with a lawsuit that accused it of tracking Chrome users’ activities even when they were using Incognito mode. Now, after a failed attempt to get it dismissed, the company has agreed to settle the complaint that originally sought $5 billion in damages. According to Reuters and The Washington Post, neither side has made the details of the settlement public, but they’ve already agreed to the terms that they’re presenting to the court for approval in February.

When the plaintiffs filed the lawsuit, they said Google used tools like its Analytics product, apps and browser plug-ins to monitor users. They reasoned that by tracking someone on Incognito, the company was falsely making people believe that they could control the information that they were willing to share with it. At the time, a Google spokesperson said that while Incognito mode doesn’t save a user’s activity on their device, websites could still collect their information during the session.

The lawsuit’s plaintiffs presented internal emails that allegedly showed conversations between Google execs proving that the company monitored Incognito browser usage to sell ads and track web traffic. Their complaint accused Google of violating federal wire-tapping and California privacy laws and was asking up to $5,000 per affected user. They claimed that millions of people who’d been using Incognito since 2016 had likely been affected, which explains the massive damages they were seeking from the company. Google has likely agreed to settle for an amount lower than $5 billion, but it has yet to reveal details about the agreement and has yet to get back to Engadget with an official statement.

Source: Google agrees to settle $5 billion lawsuit accusing it of tracking Incognito users

New York Times Sues OpenAI and Microsoft Over Reading Publicly Available Information

Posted on by

The New York Times sued OpenAI and Microsoft for copyright infringement on Wednesday, opening a new front in the increasingly intense legal battle over the unauthorized use of published work to train artificial intelligence technologies.

The Times is the first major American media organization to sue the companies, the creators of ChatGPT and other popular A.I. platforms, over copyright issues associated with its written works. The lawsuit, filed in Federal District Court in Manhattan, contends that millions of articles published by The Times were used to train automated chatbots that now compete with the news outlet as a source of reliable information.

The suit does not include an exact monetary demand. But it says the defendants should be held responsible for “billions of dollars in statutory and actual damages” related to the “unlawful copying and use of The Times’s uniquely valuable works.” It also calls for the companies to destroy any chatbot models and training data that use copyrighted material from The Times.

In its complaint, The Times said it approached Microsoft and OpenAI in April to raise concerns about the use of its intellectual property and explore “an amicable resolution,” possibly involving a commercial agreement and “technological guardrails” around generative A.I. products. But it said the talks had not produced a resolution.

An OpenAI spokeswoman, Lindsey Held, said in a statement that the company had been “moving forward constructively” in conversations with The Times and that it was “surprised and disappointed” by the lawsuit.

“We respect the rights of content creators and owners and are committed to working with them to ensure they benefit from A.I. technology and new revenue models,” Ms. Held said. “We’re hopeful that we will find a mutually beneficial way to work together, as we are doing with many other publishers.”

[…]

Source: New York Times Sues OpenAI and Microsoft Over Use of Copyrighted Work – The New York Times

Well, if they didn’t want anyone to read it – which is really what an AI is doing, just as much as you or I do – then they should have put the content behind a paywall.

Verizon Once Again Busted Handing Out Sensitive Wireless Subscriber Information To Any Nitwit Who Asks For It – because no US enforcement of any kind

Posted on by

Half a decade ago we documented how the U.S. wireless industry was caught over-collecting sensitive user location and vast troves of behavioral data, then selling access to that data to pretty much anybody with a couple of nickels to rub together. It resulted in no limit of abuse from everybody from stalkers to law enforcement — and even to people pretending to be law enforcement.

While the FCC purportedly moved to fine wireless companies for this behavior, the agency still hasn’t followed through. Despite the obvious ramifications of this kind of behavior during a post-Roe, authoritarian era.

Nearly a decade later, and it’s still a very obvious problem. The folks over at 404 Media have documented the case of a stalker who managed to game Verizon in order to obtain sensitive data about his target, including her address, location data, and call logs.

Her stalker posed as a police officer (badly) and, as usual, Verizon did virtually nothing to verify his identity:

“Glauner’s alleged scheme was not sophisticated in the slightest: he used a ProtonMail account, not a government email, to make the request, and used the name of a police officer that didn’t actually work for the police department he impersonated, according to court records. Despite those red flags, Verizon still provided the sensitive data to Glauner.”

In this case, the stalker found it relatively trivial to take advantage of Verizon Security Assistance and Court Order Compliance Team (or VSAT CCT), which verifies law enforcement requests for data. You’d think that after a decade of very ugly scandals on this front Verizon would have more meaningful safeguards in place, but you’d apparently be wrong.

Keep in mind: the FCC tried to impose some fairly basic privacy rules for broadband and wireless in 2016, but the telecom industry, in perfect lockstep with Republicans, killed those efforts before they could take effect, claiming they’d be too harmful for the super competitive and innovative (read: not competitive or innovative at all) U.S. broadband industry.

[…]

Source: Verizon Once Again Busted Handing Out Sensitive Wireless Subscriber Information To Any Nitwit Who Asks For It | Techdirt

UK Police to be able to run AI face recognition searches on all driving licence holders

Posted on by

The police will be able to run facial recognition searches on a database containing images of Britain’s 50 million driving licence holders under a law change being quietly introduced by the government.

Should the police wish to put a name to an image collected on CCTV, or shared on social media, the legislation would provide them with the powers to search driving licence records for a match.

The move, contained in a single clause in a new criminal justice bill, could put every driver in the country in a permanent police lineup, according to privacy campaigners.

[…]

The intention to allow the police or the National Crime Agency (NCA) to exploit the UK’s driving licence records is not explicitly referenced in the bill or in its explanatory notes, raising criticism from leading academics that the government is “sneaking it under the radar”.

Once the criminal justice bill is enacted, the home secretary, James Cleverly, must establish “driver information regulations” to enable the searches, but he will need only to consult police bodies, according to the bill.

Critics claim facial recognition technology poses a threat to the rights of individuals to privacy, freedom of expression, non-discrimination and freedom of assembly and association.

Police are increasingly using live facial recognition, which compares a live camera feed of faces against a database of known identities, at major public events such as protests.

Prof Peter Fussey, a former independent reviewer of the Met’s use of facial recognition, said there was insufficient oversight of the use of facial recognition systems, with ministers worryingly silent over studies that showed the technology was prone to falsely identifying black and Asian faces.

[…]

The EU had considered making images on its member states’ driving licence records available on the Prüm crime fighting database. The proposal was dropped earlier this year as it was said to represent a disproportionate breach of privacy.

[…]

Carole McCartney, a professor of law and criminal justice at the University of Leicester, said the lack of consultation over the change in law raised questions over the legitimacy of the new powers.

She said: “This is another slide down the ‘slippery slope’ of allowing police access to whatever data they so choose – with little or no safeguards. Where is the public debate? How is this legitimate if the public don’t accept the use of the DVLA and passport databases in this way?”

The government scrapped the role of the commissioner for the retention and use of biometric material and the office of surveillance camera commissioner this summer, leaving ministers without an independent watchdog to scrutinise such legislative changes.

[…]

In 2020, the court of appeal ruled that South Wales police’s use of facial recognition technology had breached privacy rights, data protection laws and equality laws, given the risk the technology could have a race or gender bias.

The force has continued to use the technology. Live facial recognition is to be deployed to find a match of people attending Christmas markets this year against a watchlist.

Katy Watts, a lawyer at the civil rights advocacy group Liberty said: “This is a shortcut to widespread surveillance by the state and we should all be worried by it.”

Source: Police to be able to run face recognition searches on 50m driving licence holders | Facial recognition | The Guardian

Slovakian PM wants to kill EU anti-corruption policing

Posted on by

Prime Minister Robert Fico’s push dissolve the body that now oversees high-profile corruption cases poses a risk to the EU’s financial interests and would harm the work of the European Public Prosecutor’s Office, Juraj Novocký, Slovakia’s representative to the EU body, told Euractiv Slovakia.

Fico’s government wants to pass a reform that would eliminate the Special Anti-Corruption Prosecutor’s Office, reduce penalties, including those for corruption, and curtail the rights of whistleblowers.

Novocký points out that the reform would also bring a radical shortening of limitation periods: “Through a thorough analysis, we have found that if the amendment is adopted as proposed, we will have to stop prosecution in at least twenty cases for this reason,” Novocký of the European Public Prosecutor’s Office (EPPO) told Euractiv Slovakia.

“This has a concrete effect on the EPPO’s activities and indirectly on the protection of the financial interests of the EU because, in such cases, there will be no compensation for the damage caused,” Novocký added.

On Monday, EU Chief Prosecutor Laura Kövesi addressed the government’s push for reform in a letter to the European Commission, concluding that it constitutes a serious risk of breaching the rule of law in the meaning of Article 4(2)(c) of the Conditionality Regulation.

[…]

Source: Fico’s corruption reforms may block investigations in 20 EU fraud cases – EURACTIV.com

AI cannot be patent ‘inventor’, UK Supreme Court rules in landmark case – but a company can

Posted on by

A U.S. computer scientist on Wednesday lost his bid to register patents over inventions created by his artificial intelligence system in a landmark case in Britain about whether AI can own patent rights.

Stephen Thaler wanted to be granted two patents in the UK for inventions he says were devised by his “creativity machine” called DABUS.

His attempt to register the patents was refused by the UK’s Intellectual Property Office (IPO) on the grounds that the inventor must be a human or a company, rather than a machine.

Thaler appealed to the UK’s Supreme Court, which on Wednesday unanimously rejected his appeal as under UK patent law “an inventor must be a natural person”.

Judge David Kitchin said in the court’s written ruling that the case was “not concerned with the broader question whether technical advances generated by machines acting autonomously and powered by AI should be patentable”.

Thaler’s lawyers said in a statement that the ruling “establishes that UK patent law is currently wholly unsuitable for protecting inventions generated autonomously by AI machines and as a consequence wholly inadequate in supporting any industry that relies on AI in the development of new technologies”.

‘LEGITIMATE QUESTIONS’

A spokesperson for the IPO welcomed the decision “and the clarification it gives as to the law as it stands in relation to the patenting of creations of artificial intelligence machines”.

They added that there are “legitimate questions as to how the patent system and indeed intellectual property more broadly should handle such creations” and the government will keep this area of law under review.

[…]

“The judgment does not preclude a person using an AI to devise an invention – in such a scenario, it would be possible to apply for a patent provided that person is identified as the inventor.”

In a separate case last month, London’s High Court ruled that artificial neural networks can attract patent protection under UK law.

Source: AI cannot be patent ‘inventor’, UK Supreme Court rules in landmark case | Reuters

Somehow it sits strangely that a company can be a ‘natural person’ but an AI cannot.

AI Act: French govt accused of being influenced by lobbyist with conflict of interests by senators in the pockets of copyright giants. Which surprises no-one watching the AI act process.

Posted on by

French senators criticised the government’s stance in the AI Act negotiations, particularly a lack of copyright protection and the influence of a lobbyist with alleged conflicts of interests, former digital state secretary Cédric O.

The EU AI Act is set to become the world’s first regulation of artificial intelligence. Since the emergence of AI models, such as GPT-4, used by the AI system ChatGPT, EU policymakers have been working on regulating these powerful “foundation” models.

“We know that Cédric O and Mistral influenced the French government’s position regarding the AI regulation bill of the European Commission, attempting to weaken it”, said Catherine Morin-Desailly, a centrist senator at the during the government’s question time on Wednesday (20 December).

“The press reported on the spectacular enrichment of the former digital minister, Cédric O. He entered the company Mistral, where the interests of American companies and investment funds are prominently represented. This financial operation is causing shock within the Intergovernmental Committee on AI you have established, Madam Prime Minister,” she continued.

The accusations were vehemently denied by the incumbent Digital Minister Jean-Noël Barrot: “It is the High Authority for Transparency in Public Life that ensures the absence of conflicts of interest among former government members.”

Moreover, Barrot denied the allegations that France has been the spokesperson of private interests, arguing that the government: “listened to all stakeholders as it is customary and relied solely on the general interest as our guiding principle.”

[…]

Barrot was criticised in a Senate hearing earlier the same day by Pascal Rogard, director of  the Society of Dramatic Authors and Composers, who said that “for the first time, France, through the medium of Jean-Noël Barrot […] has neither supported culture, the creation industry, or copyrights.”

Morin-Desailly then said that she questioned the French stance on AI, which, in her view, is aligned with the position of US big tech companies.

Drawing a parallel from the position of big tech on this copyright AI debate and the Directive on Copyright in the Digital Single Market, Rogard said that since it was enforced he did not “observed any damage to the [big tech]’s business activities.”

[…]

“Trouble was stirred by the renowned Cédric O, who sits on the AI Intergovernmental Committee and still wields a lot of influence, notably with the President of the Republic”, stated Morin-Desailly earlier the same day at the Senate hearing with Rogard. Other sitting Senators joined Morin-Desailly in criticising the French position, and O.

Looking at O’s influential position in the government, the High Authority for Transparency in Public Life decided to forbid O for a three-year time-span to lobby the government or own shares within companies of the tech sector.

Yet, according to Capital, O bought shares through his consulting agency in Mistral AI. Capital revealed O invested €176.1, which is now valued at €23 million, thanks to the company’s last investment round in December.

Moreover, since September, O has at the Committee on generative artificial intelligence to advise the government on its position towards AI.

[…]

 

Source: AI Act: French government accused of being influenced by lobbyist with conflict of interests

The UK Government Should Not Let Copyright Stifle AI Innovation

Posted on by

As Walled Culture has often noted, the process of framing new copyright laws is tilted against the public in multiple ways. And on the rare occasions when a government makes some mild concession to anyone outside the copyright industry, the latter invariably rolls out its highly-effective lobbying machine to fight against such measures. It’s happening again in the world of AI. A post on the Knowledge Rights 21 site points to:

a U-turn by the British Government in February 2023, abandoning its prior commitment to introduce a broad copyright exception for text and data mining that would not have made an artificial distinction between non-commercial and commercial uses. Given that applied research so often bridges these two, treating them differently risks simply chilling innovative knowledge transfer and public institutions working with the private sector.

Unfortunately, and in the face of significant lobbying from the creative industries (something we see also in WashingtonTokyo and Brussels), the UK government moved away from clarifying language to support the development of AI in the UK.

In an attempt to undo some of the damage caused by the UK government’s retrograde move, a broad range of organizations, including Knowledge Rights 21, Creative Commons, and Wikimedia UK, have issued a public statement calling on the UK government to safeguard AI innovation as it draws up its new code of practice on copyright and AI. The statement points out that copyright is a serious threat to the development of AI in the UK, and that:

Whilst questions have arisen in the past which consider copyright implications in relation to new technologies, this is the first time that such debate risks entirely halting the development of a new technology.

The statement’s key point is as follows:

AI relies on analysing large amounts of data. Large-scale machine learning, in particular, must be trained on vast amounts of data in order to function correctly, safely and without bias. Safety is critical, as highlighted in the [recently agreed] Bletchley Declaration. In order to achieve the necessary scale, AI developers need to be able to use the data they have lawful access to, such as data that is made freely available to view on the open web or to which they already have access to by agreement.

Any restriction on the use of such data or disproportionate legal requirements will negatively impact on the development of AI, not only inhibiting the development of large-scale AI in the UK but exacerbating further pre-existing issues caused by unequal access to data.

The organizations behind the statement note that restrictions imposed by copyright would create barriers to entry and raise costs for new entrants. There would also be serious knock-on effects:

Text and data mining techniques are necessary to analyse large volumes of content, often using AI, to detect patterns and generate insights, without needing to manually read everything. Such analysis is regularly needed across all areas of our society and economy, from healthcare to marketing, climate research to finance.

The statement concludes by making a number of recommendations to the UK government in order to ensure that copyright does not stifle the development of AI in the UK. The key ones concern access to the data sets that are vital for training AI and carrying out text and data mining. The organizations ask that the UK’s Code of Practice:

Clarifies that access to broad and varied data sets that are publicly available online remain available for analysis, including text and data mining, without the need for licensing.

Recognises that even without an explicit commercial text and data mining exception, exceptions and limits on copyright law exist that would permit text and data mining for commercial purposes.

Those are pretty minimal demands, but we can be sure that the copyright industry will fight them tooth and nail. For the companies involved, keeping everything involving copyright under their tight control is far more important than nurturing an exciting new technology with potentially huge benefits for everyone.

Source: The UK Government Should Not Let Copyright Stifle AI Innovation | Techdirt

Internet Archive: Digital Lending is Fair Use, Not Copyright Infringement – a library is a library, whether it’s paper or digital

Posted on by

In 2020, publishers Hachette, HarperCollins, John Wiley and Penguin Random House sued the Internet Archive (IA) for copyright infringement, equating its ‘Open Library’ to a pirate site.

IA’s library is a non-profit operation that scans physical books, which can then be lent out to patrons in an ebook format. Patrons can also borrow books that are scanned and digitized in-house, with technical restrictions that prevent copying.

Staying true to the centuries-old library concept, only one patron at a time can rent a digital copy of a physical book for a limited period.

Mass Copyright Infringement or Fair Use?

Not all rightsholders are happy with IA’s scanning and lending activities. The publishers are not against libraries per se, nor do they object to ebook lending, but ‘authorized’ libraries typically obtain an official license or negotiate specific terms. The Internet Archive has no license.

The publishers see IA’s library as a rogue operation that engages in willful mass copyright infringement, directly damaging their bottom line. As such, they want it taken down permanently.

The Internet Archive wholeheartedly disagreed with the copyright infringement allegations; it offers a vital service to the public, the Archive said, as it built its legal defense on protected fair use.

After weighing the arguments from both sides, New York District Court Judge John Koeltl sided with the publishers. In March, the court granted their motion for summary judgment, which effectively means that the library is indeed liable for copyright infringement.

The judgment and associated permanent injunction effectively barred the library from reproducing or distributing digital copies of the ‘covered books’ without permission from rightsholders. These restrictions were subject to an eventual appeal, which was announced shortly thereafter.

Internet Archive Files Appeal Brief

Late last week, IA filed its opening brief at the Second Circuit Court of Appeals, asking it to reverse the lower court’s judgment. The library argues that the court erred by rejecting its fair use defense.

Whether IA has a fair use defense depends on how the four relevant factors are weighed. According to the lower court, these favor the publishers but the library vehemently disagrees. On the contrary, it believes that its service promotes the creation and sharing of knowledge, which is a core purpose of copyright.

“This Court should reverse and hold that IA’s controlled digital lending is fair use. This practice, like traditional library lending, furthers copyright’s goal of promoting public availability of knowledge without harming authors or publishers,” the brief reads.

A fair use analysis has to weigh the interests of both sides. The lower court did so, but IA argues that it reached the wrong conclusions, failing to properly account for the “tremendous public benefits” controlled digital lending offers.

No Competition

One of the key fair use factors at stake is whether IA’s lending program affects (i.e., threatens) the traditional ebook lending market. IA uses expert witnesses to argue that there’s no financial harm and further argues that its service is substantially different from the ebook licensing market.

IA offers access to digital copies of books, which is similar to licensed libraries. However, the non-profit organization argues that its lending program is not a substitute as it offers a fundamentally different service.

“For example, libraries cannot use ebook licenses to build permanent collections. But they can use licensing to easily change the selection of ebooks they offer to adapt to changing interests,” IA writes.

The licensing models make these libraries more flexible. However, they have to rely on the books offered by commercial aggregators and can’t add these digital copies to their archives.

“Controlled digital lending, by contrast, allows libraries to lend only books from their own permanent collections. They can preserve and lend older editions, maintaining an accurate historical record of books as they were printed.

“They can also provide access that does not depend on what Publishers choose to make available. But libraries must own a copy of each book they lend, so they cannot easily swap one book for another when interest or trends change,” IA adds.

Stakes are High

The arguments highlighted here are just a fraction of the 74-page opening brief, which goes into much more detail and ultimately concludes that the district court’s judgment should be reversed.

In a recent blog post, IA founder Brewster Kahle writes that if the lower court’s verdict stands, books can’t be preserved for future generations in digital form, in the same way that paper versions have been archived for centuries.

“This lawsuit is about more than the Internet Archive; it is about the role of all libraries in our digital age. This lawsuit is an attack on a well-established practice used by hundreds of libraries to provide public access to their collections.

“The disastrous lower court decision in this case holds implications far beyond our organization, shaping the future of all libraries in the United States and unfortunately, around the world,” Kahle concludes.

A copy of the Internet Archive’s opening brief, filed at the Second Circuit Court of Appeals, is available here (pdf)

Source: Internet Archive: Digital Lending is Fair Use, Not Copyright Infringement * TorrentFreak

Internet Archive Files Opening Brief In Its Appeal Of Book Publishers’ wanton destruction of it

Posted on by

A few weeks ago, publishing giant Penguin Random House (and, yes, I’m still confused why they didn’t call it Random Penguin House after the merger) announced that it was filing a lawsuit (along with many others) against the state of Iowa for its attempt to ban books in school libraries. In its announcement, Penguin Random House talked up the horrors of trying to limit access to books in schools and libraries:

The First Amendment guarantees the right to read and to be read, and for ideas and viewpoints to be exchanged without unreasonable government interference. By limiting students’ access to books, Iowa violates this core principle of the Constitution.

“Our mission of connecting authors and their stories to readers around the world contributes to the free flow of ideas and perspectives that is a hallmark of American Democracy—and we will always stand by it,” says Nihar Malaviya, CEO, Penguin Random House. “We know that not every book we publish will be for every reader, but we must protect the right for all Americans, including students, parents, caregivers, teachers, and librarians to have equitable access to books, and to continue to decide what they read.” 

That’s a very nice sentiment, and I’m glad that Penguin Random House is stating it, but it rings a little hollow, given that Penguin Random House is among the big publishers suing to shut down the Internet Archive, a huge and incredibly useful digital library that actually has the mission that Penguin Random House’s Nihar Malaviya claims is theirs: connecting authors and their stories to readers around the world, while contributing to the free flow of ideas and perspectives that are important to the world. And, believing in the importance of equitable access to books.

So, then, why is Penguin Random House trying to kill the Internet Archive?

While we knew this was coming, last week, the Internet Archive filed its opening brief before the 2nd Circuit appeals court to try to overturn the tragically terrible district court ruling by Judge John Koeltl. The filing is worth reading:

Publishers claim this public service is actually copyright infringement. They ask this Court to elevate form over substance by drawing an artificial line between physical lending and controlled digital lending. But the two are substantively the same, and both serve copyright’s purposes. Traditionally, libraries own print books and can lend each copy to one person at a time, enabling many people to read the same book in succession. Through interlibrary loans, libraries also share books with other libraries’ patrons. Everyone agrees these practices are not copyright infringement.

Controlled digital lending applies the same principles, while creating new means to support education, research, and cultural participation. Under this approach, a library that owns a print book can scan it and lend the digital copy instead of the physical one. Crucially, a library can loan at any one time only the number of print copies it owns, using technological safeguards to prevent copying, restrict access, and limit the length of loan periods.

Lending within these limits aligns digital lending with traditional library lending and fundamentally distinguishes it from simply scanning books and uploading them for anyone to read or redistribute at will. Controlled digital lending serves libraries’ mission of supporting research and education by preserving and enabling access to a digital record of books precisely as they exist in print. And it serves the public by enabling better and more efficient access to library books, e.g., for rural residents with distant libraries, for elderly people and others with mobility or transportation limitations, and for people with disabilities that make holding or reading print books difficult. At the same time, because controlled digital lending is limited by the same principles inherent in traditional lending, its impact on authors and publishers is no different from what they have experienced for as long as libraries have existed.

The filing makes the case that the Internet Archives use of controlled digital lending for eBooks is protected by fair use, leaning heavily on the idea that there is no evidence of harm to the copyright holders:

First, the purpose and character of the use favor fair use because IA’s controlled digital lending is noncommercial, transformative, and justified by copyright’s purposes. IA is a nonprofit charity that offers digital library services for free. Controlled digital lending is transformative because it expands the utility of books by allowing libraries to lend copies they own more efficiently and borrowers to use books in new ways. There is no dispute that libraries can lend the print copy of a book by mail to one person at a time. Controlled digital lending enables libraries to do the same thing via the Internet—still one person at a time. And even if this use were not transformative, it would still be favored under the first factor because it furthers copyright’s ultimate purpose of promoting public access to knowledge—a purpose libraries have served for centuries.

Second, the nature of the copyrighted works is neutral because the works are a mix of fiction and non-fiction and all are published.

Third, the amount of work copied is also neutral because copying the entire book is necessary: borrowing a book from a library requires access to all of it.

Fourth, IA’s lending does not harm Publishers’ markets. Controlled digital lending is not a substitute for Publishers’ ebook licenses because it offers a fundamentally different service. It enables libraries to efficiently lend books they own, while ebook licenses allow libraries to provide readers temporary access through commercial aggregators to whatever selection of books Publishers choose to make available, whether the library owns a copy or not. Two experts analyzed the available data and concluded that IA’s lending does not harm Publishers’ sales or ebook licensing. Publishers’ expert offered no contrary empirical evidence.

Weighing the fair use factors in light of copyright’s purposes, the use here is fair. In concluding otherwise, the district court misunderstood controlled digital lending, conflating it with posting an ebook online for anyone to access at any time. The court failed to grasp the key feature of controlled digital lending: the digital copy is available only to the one person entitled to borrow it at a time, just like lending a print book. This error tainted the district court’s analysis of all the factors, particularly the first and fourth. The court compounded that error by failing to weigh the factors in light of the purposes of copyright.

Not surprisingly, I agree with the Internet Archives’ arguments here, but these kinds of cases are always a challenge. Judges have this weird view of copyright law, that they sometimes ignore the actual law, the purpose of the law, and the constitutional underpinnings of the law, and insist that the purpose of copyright law is to award the copyright holders as much money and control as possible.

That’s not how copyright is supposed to work, but judges sometimes seem to forget that. Hopefully, the 2nd Circuit does not. The 2nd Circuit, historically, has been pretty good on fair use issues, so hopefully that holds in this case as well.

The full brief is (not surprisingly) quite well done and detailed and worth reading.

And now we’ll get to see whether or not Penguin Random House really supports “the free flow of ideas” or not…

Source: Internet Archive Files Opening Brief In Its Appeal Of Book Publishers’ Win | Techdirt