New Computer

Getting a new computer is a fun and, at the same time, annoying experience. On Monday I got a shiny new Macbook Pro and spent the day organising and customising it to make myself feel at home. Now when I think that I have almost installed all the software I need and customised most of it I am beginning to grow accustomed to my new machine. But one major step remains…

On my old computer I engraved an image of Don Quixote and Sancho Panza based on drawing entitled â??Reflectionsâ?? by Gene Colan. After some minor changes the engraving looked like this:

Â

Rather nice! But here is the dilemma. The new laptop is this blank empty space. I need to put something there. So the question is what image shall I engrave on my new shiny laptop? The imagery and metaphor of Quixote is excellent but maybe it’s time for a change?

Six questions about open standards

The question of open standards is a challenging and important one. Unfortunately most people tend to lose interest very quickly when standards are being discussed.

The FSFE has presented six questions which national standardisation bodies should ask before adopting the ECMA/MS-OOXML format as an IEC/ISO standard. Unless a national standardisation body has conclusive and affirmative answers to all of them, it should vote no in IEC/ISO and request that Microsoft incorporate its work on MS-OOXML into ISO/IEC 26300:2006 (Open Document Format).

1. Application independence?

No standard should ever depend on a certain operating system, environment or application. Application and implementation independence is one of the most important properties of all standards.

Is the MS-OOXML specification free from any references to particular products of any vendor and their specific behaviour?

2. Supporting pre-existing Open Standards?

Whenever applicable and possible, standards should build upon previous standardisation efforts and not depend on proprietary, vendor-specific technologies.

MS-OOXML neglects various standards, such as MathML and SVG, which are recommendations by the W3C, and uses its own vendor-specific formats instead. This puts a substantial burden on all vendors to follow Microsoft in its proprietary infrastructure built over the past 20 years in order to fully implement MS-OOXML. It seems questionable how any third party could ever implement them equally well.

What is the benefit of accepting usage of such vendor-specific formats at the expense of standardisation in these areas? Where will other vendors get competitive, compatible and complete implementations for all platforms to avoid prohibitively large investments?

3. Backward compatibility for all vendors?

One of the alledged main advantages of MS-OOXML is its ability to allow for backward compatibility, as also referenced in the ECMA International press release.

For any standard it is essential that it is implementable by any third party without necessity of cooperation by another company, additional restricted information or legal agreements or indemnifications. It is also essential to not require the cooperation of any competitor to achieve full and comparable interoperability.

On the grounds of the existing MS-OOXML specification, can any third party regardless of business model, without access to additional information and without the cooperation of Microsoft implement full backward compatibility and conversion of such legacy documents into MS-OOXML comparable to what Microsoft can offer?

4. Proprietary extensions?

Proprietary, application-specific extensions are a known technique employed in particular by Microsoft to abuse and leverage its desktop monopoly into neighboring markets. It is a technique at the heart of the abusive behaviour that was at the core of the decision against Microsoft by the European Commission in 2004 and Microsoft is until today continuing its refusal to release the necessary interoperability information.

For this reason, it is common understanding that Open Standards should not allow such proprietary extensions, and that such market-distorting techniques should not be possible on the grounds of an Open Standard.
Does MS-OOXML allow proprietary extensions? Is Microsoft’s implementation of MS-OOXML faithful, i.e. without undocumented extensions? Are there safeguards against such abusive behaviour?

5. Dual standards?

The goal of all standardisation is always to come to one single standard, as multiple standards always provide an impediment to competition. Seeming competition on the standard is truly a strategic measure to gain control over certain segments of a market, as various examples in the past have demonstrated.

There is an existing Open Standard for office documents, namely the Open Document Format (ODF) (ISO/IEC 26300:2006). Both MS-OOXML and ODF are built upon XML technology, so employ the same base technology and thus ultimately have the same theoretical capabilities. Microsoft itself is a member of OASIS, the organisation in which the ODF standard was developed and is being maintained. It was aware of the process and invited to participate.

Why did and does Microsoft refuse to participate in the existing standardisation effort? Why does it not submit its technological proposals to OASIS for inclusion into ODF?

6. Legally safe?

Granting all competitors freedom from legal prosecution for implementation of a standard is essential. Such a grant needs to be clear, reliable and wide enough to cover all activities necessary to achieve full interoperability and allow a level playing field for true competition on the merits.

MS-OOXML is accompanied by an unusually complex and narrow “covenant not to sue” instead of the typical patent grant. Because of its complexity, it does not seem clear how much protection from prosecution for compatibility it will truly provide.

Cursory legal study implies that the covenant does not cover all optional features and proprietary formats mandatory for complete implementation of MS-OOXML. So freedom of implementation by all competitors is not guaranteed for the entire width of the proposed MS-OOXML format, and questionable even for the core components.

Does your national standardisation body have its own, independent legal analysis about the exact nature of the grant to certify whether it truly covers the full spectrum of all possible MS-OOXML implementations?

All these questions should have answers that should be provided by the national standardisation bodies through independent counsel and experts, and in particular not by Microsoft or its business partners, which have a direct conflict of interest on this issue. If there is no good answer to any one of them, a national body should vote no in ISO/IEC.

University email & student privacy

Some time ago Linköping University proudly announced that they were outsourcing their student email to Google. Basically the students will see the university email address but “under the hood” the system will be run by Google. The BBC reports (11 June) that Trinity College Dublin is doing the same thing.

Google email (gmail) has some privacy issues:

Google automatically scans e-mails to add context-sensitive advertisements to them. Privacy advocates raised concerns that the plan involved scanning their personal, assumed private, e-mails, and that this was a security problem. Allowing e-mail content to be read, even by a computer, raises the risk that the expectation of privacy in e-mail will be reduced. Furthermore, e-mail that non-subscribers’ choose to send to Gmail accounts is scanned by Gmail as well… (wikipedia)

So an uninformed gmail user may be losing some integrity. This is bad but at the same time it can be seen as a question of choice. (Don’t get me started on the problems of uninformed choice). But now the universities are pushing students to become gmail users. In Sweden universities are publicly funded government bodies and therefore they should be more concerned about forcing citizens to become customers of a private corporation.

Generally people are not to aware of the privacy risks which technology may create. Universities should help people to understand society and it is a shame that they are now acting as a sales representative for a company providing them with customers instead of acting as an example and educating citizens about the advantages and disadvantages of technology.

iSummit begins

Today is the first day of the iSummit and we begin with the legal day with presentations by Catharina Maracke, Heather Ford, Paul Keller, Lucie Guibault and Mike Linksvayer.

The agenda is the version 3.o, international law and statistics on license use so it should be very exiting and I am looking forward to the presentations and discussions.

Naturally there are lots of other people here blogging – amongst them is TechnoLlama

Technology doesn't lie

Via Bruce Schneier I read an article from the BBC about the growth of car cloning in the UK. This is basically when someone mimics the number plate of another car to avoid being fined for speeding or avoiding the congestion charges.

What struck me was the interesting part of the story

Tony Bullock’s car was cloned even though his plates were not physically stolen, and he was threatened with prosecution after “his” car was repeatedly caught speeding in Leicester.

He said: “It was horrendous. You are guilty until you can prove you’re not. It’s the first time that I’ve thought that English law is on its head.”

Here is the problem. Technology does not lie and unfortunately, we tend to believe, that technology is infallible.

The problem is that the technology in question does not take into account that the license plate may be cloned and therefore the socio-technical system (i.e. the stakeholders involved in the system) need to be aware that the technology may create false positives.

Unfortunately in this case an unfair burden of proof is placed on the clone victim to prove that neither she/he nor her/his car were involved in the illegal activities.

Naturally the most powerful actors in this scenario is the legal system which for some reason prefers to believe in the convenient fiction that the technology is correct.

Stop the SPY Act

This is an important anti-spyware campaign from the EFF:

The SPY Act is supposed to help stop spyware, deceptive adware, and other malicious software, but it is unlikely to do any good and could actually make things worse. If enacted, it would block lawsuits similar to the one EFF brought against Sony-BMG for infecting customers’ computers with privacy-invasive copy protection. Don’t let badware makers off the hook — tell Congress to go back to the drawing board and draft a more sensible law.

Both the Federal Trade Commission and Department of Justice have said that they already have the authority they need to go after badware vendors, and this bill doesn’t add any funds or significant tools for federal enforcement.

At the same time, the bill would stunt states’ enforcement, preempting most of their stricter badware laws. For acts covered by the bill, state statutes (including consumer protection laws) wouldn’t be available to consumers themselves as grounds for a lawsuit. And it leaves enforcement exclusively in the hands of federal bureaucrats, specifically barring private citizens and organizations like EFF working on their behalf from using the new law to fight back in the courts.

This is a terrible move. If Congress is serious about enacting tough laws against deceptive and malicious programs, it should create incentives that would encourage private citizens to pursue the bad guys. The federal government and state attorneys general can’t possibly take on the entire job alone.

Congress should also focus on protecting anti-badware tool companies from harassing lawsuits brought by spyware and adware vendors. After all, badware removal programs are doing far more to protect your computer than the federal government ever will. Unfortunately, this bill does nothing to help sustain these helpful tools.

The SPY Act has already passed the House, but with your help we can make the Senate understand that they need to do better.

More info:

  1. Complete the form below with your information.
  2. Personalize the subject and text of the message on the right with your own words, if you wish.
  3. Click the Send Your Message button to send your letter to these decision makers:

Dubrovnik

Tomorrow I leave for Croatia and the yearly Creative Commons meeting, the iCommons Summit, which will be held in Dubrovnik this year. This is an event that I am really looking forward to attending and I shall be blogging from the summit – so will many others be.

Affero General Public License

The Free Software Foundation (FSF) has released the first discussion draft of the GNU Affero General Public License (GNU AGPL). This new license is based on version 3 of the GNU GPL. It has a new term to ensure that users who interact with the software over a network can receive the source for that program.

The original Affero GPL was intended to guarantee that everyone could receive the source for web applications that they used, so the software could always be shared and improved. The corresponding provision in the GNU AGPL applies this same principle to all software that interacts with users through a network, but doesn’t impose additional requirements when the same code is used for other purposes. Since the GNU AGPL is based on version 3 of the GNU GPL, it will also provide improved internationalization, compatibility with the Apache License, and other
benefits.

As with its other licenses, the FSF will hear feedback on the draft from the public before releasing the final version of the license. The additional provision is in the first paragraph of section 13. We ask that comments not specific to the GNU AGPL be submitted to the latest draft of GPLv3. You can learn more about this draft on the GPLv3 portal at <http://gplv3.fsf.org/agplv3-dd1-guide.html>.

Free Aunty Beeb

The BBC is one of those world institutions, a social and cultural backbone which we almost always take for granted. Naturally one does not achieve such status without making wrong turns. Thankfully there are those who are quick to point out the errors and attempt to show the correct path. Much like one may lead an old aunty to the table there are activists who disagree with the BBC’s use of DRM technologies.

The site Free the BBC contains a letter to the BBC with the main arguments (relevant to the BBC) against DRM. Many of the arguments have been heard before but I particularly liked this new one:

The BBC royal charter establishes a number of goals and operating conditions including “promoting education and learning”, “stimulating creativity and cultural excellence”, and “bringing the UK to the world”. DRM runs contrary to all of these purposes. DRM limits education by restricting copying for public educational purposes, and even inhibits private study. It stifles creativity by trying to make even incidental remixing impossible. Finally, it arbitrarily limits the BBC’s reach by forcing viewers to use particular proprietary software applications. DRM advances corporate interests over the public interest, which is in flagrant opposition to the charter.

So what are you waiting for? Go there, read the letter containing the arguments and sign it!

For those of you who found the title slightly cryptic: The BBC is sometimes referred to as Aunty Beeb.