惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Spread Privacy
Spread Privacy
V
Visual Studio Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recorded Future
Recorded Future
云风的 BLOG
云风的 BLOG
Microsoft Azure Blog
Microsoft Azure Blog
I
InfoQ
Apple Machine Learning Research
Apple Machine Learning Research
MyScale Blog
MyScale Blog
M
MIT News - Artificial intelligence
WordPress大学
WordPress大学
Recent Announcements
Recent Announcements
V
V2EX
The GitHub Blog
The GitHub Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Jina AI
Jina AI
小众软件
小众软件
aimingoo的专栏
aimingoo的专栏
V
Vulnerabilities – Threatpost
C
Check Point Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
AI
AI
宝玉的分享
宝玉的分享
P
Proofpoint News Feed
量子位
Attack and Defense Labs
Attack and Defense Labs
H
Hackread – Cybersecurity News, Data Breaches, AI and More
P
Privacy International News Feed
Google DeepMind News
Google DeepMind News
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
CERT Recently Published Vulnerability Notes
腾讯CDC
Latest news
Latest news
Google DeepMind News
Google DeepMind News
The Register - Security
The Register - Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
G
GRAHAM CLULEY
Blog — PlanetScale
Blog — PlanetScale
博客园_首页
美团技术团队
The Cloudflare Blog
T
Tenable Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
J
Java Code Geeks
SecWiki News
SecWiki News
Webroot Blog
Webroot Blog
N
News | PayPal Newsroom
博客园 - 叶小钗
博客园 - Franky

Henri Sivonen’s pages

Parin vuoden tutkimattomuus crates.io: Rust Package Registry Asiakirjatonta toimintaa It’s not wrong that "🤦🏼‍♂️".length == 7 Koulutartuntojen tilastointimenettely Perusteasiakirjoja hallussapitämättä ikärajoitettu Asiantuntijat ja nukkuva vallan vahtikoira Koronapassilausunto Suppealla tietopohjalla ohimeneväksi väitetty Text Encoding Menu in 2021 The Text Encoding Submenu Is Gone An HTML5 Conformance Checker Not Part of the Technology Stack Browser Technology Stack Bogo-XML Declaration Returns to Gecko A Look at Encoding Detection and Encoding Menu Telemetry from Firefox 86 Why Supporting Unlabeled UTF-8 in HTML on the Web Would Be Problematic Rust Target Names Aren’t Passed to LLVM Toimintamalli Activating Browser Modes with Doctype Johtopäätöksiä mallin rakenteesta Tehtävänmäärittelyä kirjoittamatta ja kuolemia laskematta laumasuojamallinnettu Character Encoding Menu in 2014 Erillissuosituksen tarpeettomuudesta yleissuosituksen poikkeukseksi? STM:n maskiaikajana Rust 2021 Oma-aloitteisesti mallinnettu Kokopinovaatimuksin kilpailutettu chardetng: A More Compact Character Encoding Detector for the Legacy Web Varauksia paisutellen tiedotettu Perusteasiakirjoitta tiedotettu Always Use UTF-8 & Always Label Your HTML Saying So IME Smoke Testing The Validator.nu HTML Parser About the Hiragino Fonts with CSS It’s Time to Stop Adding New Features for Non-Unicode Execution Encodings in C++ Rust 2020 The Last of the Parsing Quirks About about:blank Rust 2019 a Web-Compatible Character Encoding Library in Rust How I Wrote a Modern C++ Library in Rust Using cargo-fuzz to Transfer Code Review of Simple Safe Code to Complex Code that Uses unsafe A Rust Crate that Also Quacks Like a Modern C++ Library #Rust2018 No Namespaces in JSON, Please A Lecture about HTML5 Julkisesti luotettu varmenne ikidomainille TLS:ää (SSL:ää) varten -webkit-HTML5 Lists in Attribute Values The Sad Story of PNG Gamma “Correction” If You Want Software Freedom on Phones, You Should Work on Firefox OS, Custom Hardware and Web App Self-Hostablility HTML5 Parser Improvements ARIA in HTML5 Integration: Document Conformance (Draft, Take Two) Schema.org and Pre-Existing Communities Lowering memory requirements by replacing Schematron HTML5 Parsing in Gecko: A Build Introducing SAX Tree NVDL Support in Validator.nu HOWTO Avoid Being Called a Bozo When Producing XML An Unofficial Q&A about the Discontinuation of the XHTML2 WG Thoughts on HTML5 Becoming a W3C Recommendation Four Finnish Banks Training Users to Give Banking Credentials to Another Site Unimpressed by Leopard Sergeant Semantics The Content Sink Inheritance Diagram – 2006-06-30 What is EME? About Points and Pixels as Units The Performance Cost of the HTML Tree Builder Social Media Impression Management The spacer Element Is Gone Openmind 2006 Performance Mistake XHTML and Mobile Devices WebM-Enabled Browser Usage Share Exceeds H.264-Enabled Browser Usage Share on Desktop (in StatCounter Numbers) HTML5 Parser-Based View Source Syntax Highlighting Vendor Prefixes Are Hurting the Web Accept-Charset Is No More Dualroids Writing Structural Stylable Document in Mozilla Editor ISO-8859-15 on haitallinen Hourglass The Scientific Method According to Hixie Maemo Source Code Karpelan lukkovertaus ontuu Digitaalisesta arkistoinnista ARIA in HTML5 Integration: Document Conformance (Draft) XHTML—What’s the Point? (Draft, incomplete) Mac OS X Browser Comparison HOWTO Spot a Wannabe Web Standards Advocate An Idea About Intermediate Language Trees and Web UI Generation Thoughts on Using SSL/TLS Certificates as the Solution to Phishing Bureaucracy Meets the Web Europe Day HOWTO Establish a 100% Literacy Rate What to Do with All These Photos? Charmod Norm Checking Validator Web Service Interface Ideas DTDs Don’t Work on the Web EFFI’s Day in Court
Big Brother EU
Henri Sivonen · 2011-12-22 · via Henri Sivonen’s pages

I’m hoping I’m not totally alienating the those who subscribe to my feed and expect entries about Web technologies in English and have been receiving entries related to the Finnish EUCD implementation in Finnish. But this stuff is related to the Internet.

On Tuesday 2005-11-22, I went to a public discussion event titled “Big Brother EU” and held in the auditorium of the Tapiola high-school. The speakers were Heidi Hautala (the presidential candidate for the Greens and a Member of the Parliament) and Jyrki J.J. Kasvi (a Member of the Parliament also from the Greens). The moderator was Matti Kuronen. Ykä encouraged me to blog about it, so here goes. (It is debatable whether I have a blog, but at least this is a Blogish Note. :-)

Both Hautala and Kasvi came straight from the Parliament. The Parliament had been discussing the huge stock options awarded to the leadership of the state-owned oil company Fortum. Kasvi explained that the Greens did not support canceling the stock options, because that would require a retroactive law and retroactive laws have no place in a state governed by law. Kasvi pointed out that the last time a retroactive law was passed is considered a shameful episode in the Finnish legal history. (The last time was when after the war the Soviet Union pressured Finland to pass a law in order to convict those “guilty of the war”.) He also said that letting the bad contract stand is important in order to maintain the credibility of the state when making contracts. Since we were in Espoo, he pointed out to that the majority of those receiving the stock options will be paying their taxes, which are significant, to Espoo, so in a way the municipality of Espoo is getting a lot of money from the state indirectly.

We still waited to get to the topical discussion, because a class of the adult evening high-school from the same building was expected to come in to listen as part of their civic studies. While waiting to get on the topic, income transfers were discussed briefly. Hautala spoke about reforming the current confusing mixed bag of benefits into a base income for citizens, which would eliminate incentive traps. A person is in an incentive trap when it makes financial sense not to accept a job, because accepting the job would stop the unemployment benefits and make the person worse off. A member of the audience pointed out that using the term citizen’s salary tends to make a lot of people freak out. Hautala advised her not to use that term.

The civic studies class came in and the event got on topic.

Kasvi introduced the subject area by stating that without freedom of speech and protection for privacy there is no democracy. He said that the freedom of speech was written in the Finnish Constitution and the time when there was rioting in Finland and news about the first extermination camps in World was spreading from Finland to abroad. (A member of the audience corrected that they were the first extermination camps in Europe, and Kasvi acknowledged that indeed the English-run camps in South Africa during the Boer War predated the Finnish ones. The terminology was not disputed and the discussion moved on.) The point was that the writers of the Constitution realized that suppressing speech did not calm society but instead was a cause of the unrest.

Kasvi then proceeded to the issue of data retention in the EU. It has been proposed that telecom operators would be required to store data on who is messaging with whom in order to purportedly combat terrorism. Collecting the data would be delegated to private corporations. Kasvi said this sort of thing should belong to a public offical (if done at all). He said that with the recent opposition to the amendments to the Copyright Act, those opposing the amendments had been accused of presenting dire scenarios based on speculation even though the Sony XCP debacle quickly demonstrated that it wasn’t mere speculation. Therefore, he stressed that he has examples that are real and not speculative. He said that in Colombia a drug cartel acquired communication traffic data and then the targeted those who had been communicating with the police. Kasvi said that instead of helping combatting organized crime the retention of communication traffic data gives new targets and opportunities for criminal organizations.

Hautala said that the atmosphere changed significantly on September 11th 2001. She said that security should not subdue freedom of speech and privacy. She pointed out that since September 11th the United States has not criticized the war in Chechnya, because it does not want its own actions to be likewise criticized. Hautala said that there is a need to show that something is being done.

Kasvi said that the content of the communications would not be logged and the cost of the data retention would be 40 million euros in Finland. (Overall? In some period of time? I can’t remember if it was said. Update: Tuomas Venhola says it was per year according to his recollection.)

Hautala said that the decision-making no longer happens in the Parliament.

Kasvi said that the data retention initiative is about showing people that something is being done but the scheme doesn’t work for the stated purpose. With reference to September 11th he mentioned that since September 11th Echelon has no longer been mentioned in the EU although before September 11th there were even suggestions of imposing sanctions on to the United States because of Echelon.

Hautala mentioned an initiative to unify criminal records all the EU countries. She said that we cannot trust the level of privacy protection in all the other EU countries. There would be too many people who would have access to the criminal records. She mentioned that the data transferred in relation to the arrangements related to the Schengen accord already is seen as too many access points by too many people and may include information such as sexual orientation.

On the note of sharing data with other EU countries Kasvi said that the data retention initiative includes a requirement to share the data with other EU countries. He said this would be a problem for example if the intelligence bureaus of other countries which engage in industrial espionage for the benefit of the local industry requested data on for example the communications of the leadership of Nokia.

Kasvi said that a science fiction author (whose name escapes me Update: David Brin according to a reader) has been pondering the issue of the ubiquitous availability of cheap surveillance equipment and its effects on society. He has concluded that the best way to address the issue is to make surveillance equipment totally unregulated and operable by anyone so that people can watch the watchers. Kasvi said that he hasn’t come up with a better solution is so far.

He went on to point out that surveillance equipment is indeed often misused. He told a story about going on a cable installation gig when he was younger. The installations to place in an office that has surveillance cameras in public parks. The people there showed the installation guys some of the videos they had captured from the parks using the night vision-capable cameras. Kasvi said the videos would qualify as hard-core [pornography], and the videos were detailed enough for the persons involved to be recognizable.

I asked whether the EU data retention initiative involved logging all IP packets. Kasvi said it doesn’t, because doing so was deemed too expensive. Email, SMS and phonecalls would be logged. (What about HTTP? It was not mentioned.) He reiterated that getting around the system is so easy that it won’t work against terrorists. He pointed out that the logging for example does not apply to organizational subscribers but only to individual ISP and telco customers!

I asked whether creating new application-level protocols would be allowed without the protocol designer cooperating with the surveillance authorities. Kasvi replied that coming up with new protocols would not be banned but would be unnecessary, because he could himself write software to hide messages in images on the Web, so obviously the terrorists would be able to so as well. (It was pretty cool to talk to politicians who understood the questions and used steganography as an example to make a point.)

A member of the audience tried to steer the discussion off topic by asking a more general presidential campaign question from Hautala. In reference to the usual Finnish debate about the role of the president in external and in internal matters Hautala asked rhetorically where in these matters should the line between external and internal policy be drawn.

I asked whether crypto that really keeps data private (ie. that really works) should be allowed even though this necessarily means keeping the data private from the police as well. Here the reply went besides the question. (I don’t know if it was intentional. I did not press for a focused answer.) Kasvi talked about encypting patient records and said that the use of a passepartout should always be documented.

Going a bit off topic the law initiative by Hautala and Kasvi banning rootkit-style DRM and affirming the consumer’s right to make three copies of a work was briefly introduced. It was discussed more after the main event.

(I think banning rootkit-style DRM is good and it’s a problem if there is not already a general ban on such malware. I’d go further with banning DRM because of the anti-competitive effects of unnaturally strong links between complementary products. The main worry I have is that codifying three copies in law sets a too low number for the allowed copies. Think about a mirroring RAID plus a backup disk and then a portable player. Besides, a fundamental problem with copyright is that the law is invoked on copying even if the copy is just an implementation detail within the control sphere of one person.)

A member from the audience (during the main event or after – I can’t remember) pointed out that Rosa Meriläinen (also a Green Member of the Parliament) has blogged about having gone to Gramex’s (a copyright lobby group of record producers and musicians) party to be praised about the recent amendments to the Copyright Act. (Side note: When talking about politics, the top gripe I hear people having about the Greens is that they appreciate Kasvi, Soininvaara, Hautala and the late Matti Wuori but that they don’t want the boost the likes of Meriläinen. The second gripe is the nuclear energy policy.)

Hautala talked about the history of the Finnish public information (about the work of officials) access principle and how it got copied to the EU level. She mentioned that there was this guy who made a document request about the documents on the meaning of the directive that the minister of culture had referred to in the parliamentary reading of the recent bill to amend the Copyright Act. The reply was that there were no special document besides the directive itself and its rationale. I said I was the guy.

I asked who is behind the data retention initiative and who is actually making the decision. At least with the amendment of the Copyright Act it was pretty clear that the real decision was made in WIPO (with non-elected officials like Jukka Liedes representing Finland), then codified as a directive by the Comission and finally handed to rubber-stamping by the Finnish Parliament. Hautala said Belgium had a role and the initiative originates from the EU, but the exact structure is unclear and discussions go on behind closed doors. She said that taking along elected representatives when non-elected officials go to treaty negotiations is good.

Kasvi said the data retention initiative has been shot down many times but it pops up again and again like a zombie.

Kasvi wrapped up the event by saying that the terrorists are winning by inducing us to destroy our basic values [of freedom and privacy] ourselves. He finished with the famous Benjamin Franklin quote that those who give up liberty in exchange for security deserve neither.

After the main event, I had the chance to give an extensive braindump about my views on copyright with two politicians listening. Which was nice.