* Posts by Neil Brown

116 posts • joined 30 Sep 2008

Page:

El Reg talks to PornHub sister biz AgeID – and an indie pornographer – about age verification

Neil Brown

Optional

They'd need to stop marketing it as a porn site too.

Whether that's sufficiently dissuasive or not remains to be seen.

None too chuffed with your A levels? Hey, why not bludgeon the exam boards with GDPR?

Neil Brown

Paragraph 25, Schedule 2, Data Protection Act 2018

The GDPR establishes the right of access — Article 15 — but it is subject to the specific exclusion / limitation in paragraph 25, Schedule 2, Data Protection Act 2018. The ICO's guidance essentially parrots this paragraph. This limits the scope of Article 15, and extends the time to respond.

What fun.

Probe Brit police phone-peeking plans, privacy peeps plead

Neil Brown

It’s your option d - the PI report is focussed on the use of extraction tools, like Cellbrite, which the police connect to the target device.

(Your option (a) sounds like the product of an interception warrant.)

Adtech-for-sex biz tells blockchain consent app firm, 'hold my beer'

Neil Brown

They’re based in London...

Must contain letters.

Things that make you go hmmm: Do crypto key servers violate GDPR?

Neil Brown

> Uploading your key to a keyserver and requesting it to be published is pretty clear affirmative action.

I'd have thought so, yes, so "implied consent" is misleading.

Neil Brown

I'm not sure it's quite that easy...

There’s some rather shonky logic in the commentary here, IMHO.

First, I'd have thought that the starting point is to work out who is the controller of the processing which takes place on each key server, on what basis the data are being processed, what rights apply to the data subjects, whether any exceptions apply, whether any exemptions apply, and so on. Without this, it's all a bit nebulous.

Similarly, the reference to "implied consent" sounds like a red herring, since consent requires a "clear affirmative action" by the data subject — it is either "consent" or it is not — and, in any case, (a) consent can be withdrawn at any time (Article 7(3) GDPR), and (b) the right to erasure, under Article 17(1)(b) expressly applies to processing done on the basis of consent, where that consent is withdrawn. So, even if "implied consent" is a thing, you can't argue "implied consent" as the basis of continued processing, in the face of an objection / request for withdrawal of consent.

Lastly, I’m not sure where the concept that “the right of erasure only applies where it is practical” comes from. The right may not apply where the request is manifestly unfounded or excessive (Article 12(5)), but that’s hardly the same as whether the deletion is “practical”.

I suspect we simply have here a situation in which those designing and operating the key servers did so — perhaps entirely reasonably, at the time — without considering this kind of issue.

Trademark holders must pay for UK web blocking orders – Supreme Court

Neil Brown

Re: Good.

The indemnified costs here relate only to the incremental costs of adding new sites to the block list, not the setup or maintenance of filters. The court held that this is because the ISPs in question already had this kit, for other reasons.

Neil Brown

Re: Interesting

I'm not sure that's true, as the shielding law treats each transmission in isolation.

A company which offered an Internet access service and its own IPTV service would be shielded from liability in respect of a transmission initiated by a user of its Internet access service, but would not be shielded for something it chose to distribute via its IPTV service.

Neil Brown

Re: Trademark - or copyright ?

The ruling stems from the Cartier litigation, which relates to website blocking injunctions issued to make it a little bit harder to access sites which infringe on certain trade marks.

It should apply to blocking orders based on infringement of copyright, but I guess that's a battle for another day.

It will be interesting to see whether it has an impact on blocking orders imposed on ISPs under the Digital Economy Act, in respect of porn sites which do not implement age verification, but there's a completely different framework. While it seems reasonable to me that the same approach should be taken, and that the BBFC should reimburse ISPs for their costs, that seems... unlikely.

It has no direct bearing on the Norwich Pharmacal orders used to obtain subscriber information from ISPs, in my opinion.

We wanted a camera, they gave us the eye of Gemini – and an eSIM

Neil Brown
Happy

"The keyboard, while marginally improved, still takes getting used to."

Nicely done :)

El Reg deep dive: Everything you need to know about UK.gov's pr0n block

Neil Brown

Re: anonymous, non-tracking system wouldn't be hard

That describes one of the potential solutions — AVSecure — pretty well:

"Age verification cards will be obtainable at over 30,000 retail stores across the UK. It will allow face-to-face age verification to be completed at the point of sale. If you don’t clearly look over 18, you will be asked to show ID to the cashier in the same way you are asked when buying alcohol or cigarettes."

I'm not sure about the OTP bit though, although I *think* I've heard that mentioned...

UK.gov admits porn age checks could harm small ISPs and encourage risky online behaviour

Neil Brown

Re: From a legal perspective...

It depends.

A site can be made available “on a commercial basis” while still not being chargeable to visitors. For example, if the site derives income from advertising, or if it exists to drive traffic to paid sites.

There are draft regulations on what “on a commercial basis” means, here: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/600735/Draft_Online_Pornography_Commercial_Basis_Regulations_2017.pdf

(This is consistent with other areas of law, such as intermediary liability rules.)

Neil Brown

From a legal perspective...

The requirement to have age-verification in place applies to any person who "makes pornographic material available on the internet to persons in the United Kingdom on a commercial basis other than in a way that secures that, at any given time, the material is not normally accessible by persons under the age of 18." (s14(1) DEA 2017)

It does not matter whether that person is based in the UK or elsewhere.

An ISP can be compelled by an administrative (non-judicial) blocking order to take the steps either specified in the blocking notice, or else as "appear to the provider to be appropriate", to "prevent persons in the United Kingdom from being able to access the offending material using the service it provides". (s23(1))

The legislation expressly permits overblocking: "The steps that may be specified or arrangements that may be put in place ... include steps or arrangements that will or may also have the effect of preventing persons in the United Kingdom from being able to access material other than the offending material using the service provided by the internet service provider." (s23(3))

"Pornographic material" is defined in s15. It's too long for me to paste here, but it covers quite a lot, with an emphasis on material which was "produced solely or principally for the purposes of sexual arousal". And, since different people like different things, that potentially covers quite a lot.

UK Data Protection Bill lands: Oh dear, security researchers – where's your exemption?

Neil Brown

Logging applies only to law enforcement agencies

Clause 60 sits within Part 3, and Part 3 applies only to "processing by a competent authority", defined as "a person specified in Schedule 7, and any other person if and to the extent that the person has statutory functions for any of the law enforcement purposes, but excluding intelligence agencies".

At the moment, Schedule 7 contains pretty much what one would expect to be treated as law enforcement agencies.

For now, at least, "normal" data controllers can appear to be able to sleep a little easier...

Neil Brown

Re: [an offense of] altering personal data in a way to prevent it being disclosed.

Basically, if someone has made a subject access request, you can't decide to just delete the lot or amend the records.

Love bots lecture thrills room full of Reg readers

Neil Brown

This was a superb event

Thank you Kate, and Joe and Alexander.

BT Home Hub SIP backdoor blunder blamed for VoIP fraud

Neil Brown

FreePBX

I'm happily using FreePBX at home — as a lawyer, it started as a way for me to learn more about VoIP and over the top communications services to be able to give better advice, and ended up being useful enough that I keep it going.

- My understanding is that 5060 need not be open, if the PBX registers outbound with the SIP trunk — the FreePBX GUI makes this very easy, if the trunk provider supports it

- If 5060 does have to be open, could it not be limited to certain IP ranges of the trunk providers?

- If it has to be open fully (e.g. to permit incoming SIP URI calls from any originator), FreePBX comes with fail2ban pre-installed, and there is an "intrusion detection" function in the GUI: configuring it to read from the security log and to ban an IP after [x] failed password attempts was not trivial (for me), but I did get it to work

(I wanted incoming SIP URI calls "because I can" rather than for anything else, and it generates a lot of spam (spit?) which needs to be handled — separate to password attacks — but, so far, that has seemed manageable.)

Ten Mac freeware apps for your new Apple baby

Neil Brown

Re: And some more:

Thanks. For some reason, I had a recollection that VLC was used for the DVD decryption needed to feed the DVD contents into HandBrake.

Neil Brown

Re: Lots of other good products....

+1 for VirtualBox.

If you want your VM to start when the host Mac boots, rather than needing manual intervention in the VirtualBox GUI, a simple .plist file in /Library/LaunchDaemons/, run launchctl load, and you are away :)

Neil Brown

Re: MSPaint equivalent?

Great tip — thanks.

Neil Brown

Re: FileZilla

I think I used to use CyberDuck to do much the same. And with a comparably good name too...

Neil Brown

http://opensourcemac.org/

I don't know how often it is updated, but, when I switched to Mac, I have a feeling I spent quite a bit of time trying various bits and pieces referenced here:

http://opensourcemac.org/

Neil Brown

Caffeine, MagicPrefs

Caffeine: a coffee cup icon which sits in the taskbar. Click it to prevent the screen from going to sleep — great for presentations.

MagicPrefs: small utility for giving more functionality to trackpads or mice. I use it to turn an Apple Magic Mouse into a very good presentation controller, with taps on the top for moving slides forward, backwards and for blanking the screen.

Neil Brown

Re: MSPaint equivalent?

Seconded (thirded?) for Pixelmator, although I do still find I use the unfortunatley-named The GIMP now and again, having got used to it in my Linux-only days.

Neil Brown

Re: Lots of other good products....

+1 TextWrangler

Neil Brown

Re: And some more:

Handbrake reference should have been "potentially requires V*L*C", not V*N*C. Oops.

Neil Brown

And some more:

GPGMail / GPGTools: GPG implementation for Mac, including email signing + encryption. Beta for Yosemite currently, but reasonably stable. (I believe it is changing to requiring a payment, though)

Handbrake: for ripping DVDs / converting videos (potentially requires VNC too; I can't remember)

Chicken of the VNC: VNC client

Isolator: for keeping just one window in focus, without using full screen mode

MacTheRipper: DVD ripper

photorec: Unix command line recovery tool, great for recovering photos, documents etc. from USB or memory sticks

Telephone: nice SIP client with address book integration, but does not support encryption :(

Transmission: BitTorrent client, for downloading those Linux distributions

I’ve never paid for it in my life... we are talking Wi-Fi, right?

Neil Brown

Boingo subscription

When I was going through a phase of travelling every week or so last year, I finally bit the bullet and bought a Boingo subscription covering Europe, Africa and the Middle East — it was on "special offer", which might be available all the time if you hunt for it, for €9.95/month. I have had no problem streaming video over it, or running a VPN, and the times when I have needed to use their tech support phone number I was impressed — mobile providers could learn a lot from them!

It's a nuisance that this subscription does not include the US too, but I use a 3 pre-paid SIM with "Feel at Home" for that: £15 for a month for about 25GB, I think. The rules prohibit tethering although it did work when I tested it, just to check.

WTO sets new date for copyright crunch

Neil Brown

Alan Story's "Copy/South Dossier"

Well worth reading for anyone interested in the impact which Western copyright policies can have on less developed countries:

http://copysouth.org/portal/node/1

(The dossier is both Free and free — they'll even send you a hard copy (if they have any left) for nothing, and would not accept a donation...)

Japan Airlines to serve KFC on Christmas flights

Neil Brown

"topping it off with special mayonnaise"

You'd get tossed off the plane for less than that...

Medical scan record that the NHS says will cost £2k to retrieve: Detail

Neil Brown

Re: Disproportionate effort?

it does not need to supply the data

It could supply a copy of the data, perhaps, just not in an intelligible form — it perhaps depends on whether the storage medium has more than one patients' records on it, and whether it has any way of duplicating the disc without the specialist machine.

Neil Brown

Disproportionate effort?

It seems that the trust has the information, but not a means of expressing it in intelligible form without reacquiring some dedicated kit, or else finding a trusted third party to perform the conversion. I would be surprised if the trust did not argue that this constituted disproportionate effort, meaning that it does not need to supply the data:

s8(2), Data Protection Act 1998:

The obligation imposed by section 7(1)(c)(i) [to have communicated to the data subject in an intelligible form the information constituting any personal data of which that individual is the data subject] must be complied with by supplying the data subject with a copy of the information in permanent form unless—

(a)the supply of such a copy is not possible or would involve disproportionate effort

The Information Commissioner's Office has a reasonably concise guide on applying this test: http://www.ico.gov.uk/~/media/documents/library/Data_Protection/Detailed_specialist_guides/disproportionate_effort.pdf

So you want an office of Apple Macs - here's a survival guide

Neil Brown

Re: I just dont get it

Me, from time to time — I have not been able to get (yet, perhaps, but I've been waiting for a few months now) video editing software on my work machine, and so just bring in my Mac when I need to do it. I'd prefer that I could do it on my work machine, but it's not a big deal for me to use my own machine — I'm certainly not expecting any technical support for it, nor am I connecting it to the network.

Quite a lot of people in the office are using tablets of various guises (although, frankly, most are iPads) too, which are not corporate issue — I've used mine as a handy library of reference documents since I got one, and it's great to be able to have the legislation and cases, guidance documents and the like to which I refer quite regularly available in a small and searchable form.

Neil Brown

What can't be done on any opther machine that can be done on macs? Now't!

iOS development?

Neil Brown

I think it's pretty good for individual files, but I've had a bad time using it to image a replaced (identical) machine from a Time Machine backup. It took many hours before crashing, and it was far easier to reconfigure the machine by hand, and then sync documents back down from Unison (as I used then; now from my owncloud repository).

As a tool for backing up / restoring an entire system, my experience has been that it is unreliable.

Neil Brown

Support agreement with Apple?

I'd have thought that the "harder to fix" nature of the more modern Macs made them more challenging in a corporate environment? With my work Dell machine, when the hard drive dies, it's trivial to pop it out and put in another — if the SSD on my Air were to die, I'm not sure there would be a huge amount I could do without Apple's assistance? Having a stack of spare machines may be a workaround, to give time to get the borked machine to Apple, but keeping a stack of hard drives on hand seems easier and cheaper?

(Purely a guess on my part, based on being a Windows user at work, and a Linux/Mac/BSD user at home.)

Perth porkfest crowned ULTIMATE BACON SARNIE

Neil Brown

> I like a muffin or bagel with bacon and eggs too, this doesn't qualify as a bacon sarnie either

And there was me thinking I might have brought muffin-based enlightenment to the cheap white bread scoffing masses...

;)

Nominet mulls killing off the .co from .co.uk

Neil Brown

Re: I'd rather have

Shotgun linux.sco for me.

Speaking in Tech: Lawyers are the enemy of the cloud

Neil Brown

Lawyers are the enemy of the cloud

... as opposed to the many situations in which we are beloved?

Chick-lit star snubs Menshn.com password flaw alert

Neil Brown

"Passwords are encrypted: HTTPS"

Any kind security person care to help me understand this? I thought https was a transport layer security, protecting data in the course of transmission, rather than protecting the passwords on the server? Would the use of https protect against / prevent a CSRF attack?

Ten freeware gems for new Macs

Neil Brown

Caffeine, MagicPrefs, GPGMail, Chicken of the VNC, photorec and more...

So many great f/Free utilities out there:

Caffeine: places a coffee cup icon in the menu bar; click, and it changes the power settings to stop the screen from going to sleep. Ideal for presentations. http://lightheadsw.com/caffeine/

MagicPrefs: a (secondhand) Magic Mouse makes a great presentation controller, using MagicPrefs to adjust the functions available by simply tapping the device's surface. (Given there's no IR port on the new MacBook Air, I tried this is a solution a year or so ago, and haven't looked back — it works really well.) http://magicprefs.com/

GPGMail: not yet available for Mountain Lion (although hopefully soon — a donation to oil the wheels of development may help speed it up), but essential if you want to sign or encrypt your email. https://www.gpgtools.org/gpgmail/index.html

Chicken of the VNC: lightweight and simple VNC client. http://sourceforge.net/projects/cotvnc/

photorec: command line data recovery software. It's worked very well for me so far — recovering files from a trashed Windows HDD, "lost" photos from a camera's SD card and so on. http://www.cgsecurity.org/wiki/PhotoRec

MetaZ: once you've used HandBrake, use MetaZ to apply the metadata, to display artwork, actor information and so on. http://griff.github.com/metaz/

I don't appear to have linking privileges yet, so sorry for the bare URLs :)

(Load owncloud onto a spare server, run the owncloud client on your Mac, and you've got a great (and Free) dropbox alternative, under your control. Else, consider running unison on the server, and using the Mac unison client — great two-way synchronisation.)

Want to meddle with IP rights? Use the law, not amended regulations

Neil Brown

As presented here, not a great argument...

The government is hamstrung as to what exceptions it can (lawfully) introduce by virtue of the directive. As such, the legislation simply needs to say that the power to implement exceptions by statutory instrument is limited to those exceptions set out in the directive.

The power under statutory instrument is simply to select from a predefined menu of exceptions, and implement them — primary legislation is unnecessary, since the scope is so limited, and would simply slow down the process unnecessarily. Which might be exactly what is intended by some parties?

MPs wrestle slippery bureaucrats in intellectual property Jell-O

Neil Brown

"you need a copyright system. I don't think anyone in the mainstream is really challenging that"

Especially if this is based on circular reasoning, whereby one must not be challenging the need for copyright, to be considered "in the mainstream."

IP law probe MPs hunt for smoking gun, find plenty of smoke

Neil Brown

I'm often unconvinced by what Richard Mollett says...

... but he's one of the best public speakers I've ever heard. Very eloquent and hugely persuasive. His content often bothers me, but I can't fault the way in which he delivers it.

Creatives spin copyright licence that sticks to web

Neil Brown

Re: Conspicuous by absence

It's that imbalance which needs to be sorted out.

Part of the irony being that this was one of the reasons for the Copyright Act 1709 — to remove control from publishers, and put it back in the hands of authors...

Neil Brown

"Technical work will be undertaken by experts from across the media industry"

Given the basis of copyright as a tool to secure a social good, perhaps involving more than just those set to benefit financially might appropriate?

Whilst this is billed to develop "a universal standard framework for licensing out," and so seems more about rights management, interested members of the public, which is supposed to be the primary beneficiary of the effects of copyright, should perhaps be involved.

Adonit Jot Flip precision tablet stylus

Neil Brown

Re: recommended

Jai — how robust is it? It looks a little delicate, and I'd be fearful of putting it in a bag or a pocket — does it come with a cap, or is it tougher than it looks?

UK copyright exchange man: Nontrepreneurs are just stingy

Neil Brown

"a lot of assertion but less hard evidence"

Finding hard evidence that "digital start-ups were being stopped by copyright licensing processes" would be very hard, I'd have thought, unless people could produce business plans showing that they had assessed an opportunity and turned it down / declined to proceed on the basis of copyright licensing.

If I were looking for a new business model, I'd be ruling out areas which were "too hard" first, to focus on areas easier to access and make money, and likely not give the problem areas a second though — why spend time working on something fraught with problems, unless there's a clear profit at the end, and sufficient time/money to overcome the problems before making a profit? If something is sufficiently hard, the volume of evidence that people have tried and failed is likely to be low, as, once people become aware of the likelihood of failure, they are less inclined to try it for themselves. The presence of a problem with copyright licensing may be the very reason for the lack of evidence of a problem.

It may not, of course. But it's not clear whether the question was asked whether the lack of evidence was because there was no problem, or whether there is a problem (as likely put forward in the "assertions"), for which evidence is hard to find. If not, whilst the conclusion reached seems right as a matter of fact, it does not necessarily tell the whole story, nor form a good basis for policy making.

1,600 pubs and bars to get free Wi-Fi

Neil Brown

Re: VPN passthrough?

I have not had a problem with the (few) hotspots I've tried, usually BT-powered, provided that I do the authentication before trying to connect, which is no real surprise.

I have my web browser on my machine defaulted to connecting via a proxy on my home network, to avoid accidentally using an insecure connection / if I somehow fail to route all traffic down the VPN — even putting exceptions in place for the authentication pages, I have not been able to get this to work with the proxy requirement in place, so I have to remember to deselect the proxy before authenticating, then put it back in place afterwards, which is a nuisance.

Page:

Biting the hand that feeds IT © 1998–2019