I am delighted to report that tickets for the Barcamp Transparency main event are now available.

This is a free event, but we need to get an idea of how many people are coming, and a rough list of contacts so that we can furnish you with things like Wifi keys etc.

Anyway, tickets are being served by Eventbrite like our virtual event, go get yours!

Yesterday I spent a pleasant evening at Trinity College Oxford at the No2ID summer identity and privacy event.

This was an enjoyable and lively event made up of a panel of interested parties and members of the public.

On the panel were:

• Robert Buckland (Tory candidate, Swindon South)
• Steve Goddard (Lib Dem candidate, Oxford East)
• Peter Hitchens (Columnist, Mail on Sunday)
• Peter Tatchell (Human Rights Campaigner, Green candidate, Oxford East)
• Glyn Wintle (Open Rights Group)

Many points were raised, including the need to not be complacent.

Something of particular interest which was raised by someone in the audience before I had a chance to do so, and that is the issue of data ownership.

I think that it is data ownership that is at the heart of the issue here. As we move into a much more data-centric society with more and more information about us is held by third parties, we need to start looking at our laws – and in particular to enshrine in law the concept that data about a person belongs to that person.

Right now we have a rather backward system where agents – be they the Government or Amazon – who collect information about your view that information as theirs. They mine it, monetise it and share it, all without your permission.

If the organisation is in the UK, there is a certain amount of protection afforded to you by the data protection act (unless it’s the government that holds your data), but this is rarely enforced and has been systematically weakened by the labour government.

What would happen if individual was the arbiter of who has access to what? Since third parties can be rarely trusted to retain important data, what would happen if we made the individual the physical gatekeeper of such information?

Could we have a device that asked you “Agency X is trying to access item Y, allow? (no, once, always)”, and allow you to revoke such permission at any time?

Such data you released could then be licensed, and perhaps we could at last put DRM to some good use?

Its technically possible, but probably impractical. Still, if we could just do the very first part – reversing the basic idea of who owns what – we would have a way forward.

Data about me is mine, the audit trail I leave as I live my life is also mine. Some time after I die, I dare say it would be useful for society to have access to that data since I no longer need it (perhaps for census data or medical research) but certainly while I am alive it is me that should govern who has access and for what purpose.

While I am alive it will be necessary for some third parties to have access to my data, either because it exists in their systems, or because they need it to provide me with a service. I can choose to grant access to them for a limited time and for set purposes.

There is already a system in place to handle this sort of arrangement, its called copyright. Thanks to all the lobbying done by big business the punishment for copyright infringement these days is punitive to say the least (in most cases it is a civil offence not criminal – so theoretically less punitive than a breach of the DPA – but civil actions seem to be pursued more often).

Wouldn’t it be a delightful irony if these restrictive and punitive laws turned out to be one of the great safeguards of individual sovereignty?

Of course, as I mentioned previously – once the data is out it is out – so it is still better not to give out unnecessary information in the first place.

But if the individual was concious that data belonged to them in the same way as their clothes, car or house they might mind a little more if this data was misused. Equally, if agencies feared the punitive action for such misuse available under copyright law, perhaps such instances of misuse would be fewer.

Just a thought, any lawyers want to comment?

I am delighted to announce that we will be holding a virtual barcamp fringe event on Friday 24th July for all those people who can’t make our main event.

To give us some idea of the numbers coming we have tickets available on Eventbrite, so go grab yourself one!

Our main avenue is the event Friendfeed account here: http://friendfeed.com/barcamptransparency

We have prepared three virtual rooms for you to discuss issues related to:

1. Open government – http://friendfeed.com/ff-bct09opengoverment
2. Cyber-activism – http://friendfeed.com/ff-bct09cyberactivism
3. Social media ethics – http://friendfeed.com/ff-bct09socialmediaethics

Later this week we will be releasing the first batch of tickets for the main event using the same system, more to follow so watch this space!

I am absolutely delighted to be able to announce that I have managed to confirm the venue for Barcamp Transparency. Barcamp Transparency will be held at the Oxford University Club on the 26th July!

This is a fabulous venue (the same one as Barcamp Apache Oxford), directions and other details can be found on our website.

I am also delighted to announce that Google has agreed to be the main sponsor for the event and will be covering the cost of the venue for us! Big thanks to all at Google and our other sponsors for making this event possible!

See you there on the 26th July!

One thing we try and do when working on a new Elgg feature is – where we can – couple things together as loosely as possible and provide hooks for third party developers to extend Elgg and fill in any blanks.

A good example of where this has been done is the newly introduced Captcha functionality available in the latest nightly testing builds of Elgg.

The Captcha functionality is provided by a module which extends a view called “input/captcha“. This view is blank by default but is used in several places such as user registration and the lost password form.

This means two things; firstly that if a Captcha module isn’t installed or enabled then forms behave normally, and secondly it becomes a trivial matter for third party modules to provide their own Captcha functionality.

This same mechanism is how the URL shortener module works by the way.

Next, the Captcha module extends a number of actions to require a correctly validated Captcha code. This list itself is the product of a plugin hook which returns an array of actions which require Captcha validation:

$actions = array();
$actions = trigger_plugin_hook('actionlist', 'captcha', null, $actions);

...

function captcha_actionlist_hook($hook, $entity_type, $returnvalue, $params)
{
if (!is_array($returnvalue))
$returnvalue = array();

$returnvalue[] = 'register';
$returnvalue[] = 'user/requestnewpassword';

return $returnvalue;
}

The reason why the list of actions is provided this way is twofold, firstly it lets modules use Captcha functionality in their own code through a generic interface, and secondly it is harder to spoof than looking for some marker in the form code.

The Captcha itself injects a server generated token into the form, which together with the user’s response to the characters generated in an image are used to validate that the user is indeed human.

As we can see, Elgg asks to be provided with a Captcha if one is available by including a specific view, but is agnostic as to where (or indeed if) this functionality is supplied.

By using the techniques available to an Elgg programmer I was able to loosely couple the Captcha system to Elgg in such a way that a third party can easily use the same techniques to provide a more advanced module.

Happy coding!

Image “A new Captcha approach” by XKCD