Lappies

Should we ban use of laptops, tablets, mobile phones and other devices in law lecture theatres and seminar rooms?

The 47 page 'Law Student Laptop Use During Class for Non-Class Purposes: Temptation v. Incentives' ( St. John's Legal Studies Research Paper No. 11-004) by Jeff Sovern considers law student use of laptops.

Sovern comments that -

This article reports on how law students use laptops, based on observations of 1072 laptop users (though there was considerable overlap among those users from one class to another) during 60 sessions of six law school courses. Some findings:

• More than half the upper-year students seen using laptops employed them for non-class purposes more than half the time, raising serious questions about how much they learned from class. By contrast, first-semester Civil Procedure students used laptops for non-class purposes far less: only 4% used laptops for non-class purposes more than half the time while 44% were never distracted by laptops.
• Students in exam courses were more likely to tune out when classmates asked and professors responded to questions and less likely to tune out when a rule was discussed or textual material read in class.
• For first-semester students, policy discussions generated the highest level of distraction while displaying a PowerPoint slide which was not later posted on the web elicited the lowest level.
• With some exceptions, what was happening in the class did not affect whether upper-year students tuned out or paid attention.
• The format used to convey information - lecture, calling on students, or class discussion - seemed to make little difference to the level of attention.
• Student attentiveness to the facts of cases is comparable to their overall attention levels.

The article speculates that student decisions on whether to pay attention are responses to the tension between incentives and temptation. While the temptation to tune out probably remains constant, ebbs and flows in incentives may cause students to resist or yield to that temptation. Because first-semester grades have more of an impact on job prospects, first-semester students have a greater incentive than upper-year students to attend to classes. Similarly, because students probably anticipate that rules are more likely to be tested on exams, students perceive that they have more of an incentive to pay attention when rules are discussed. Conversely, students may suspect that matters asked about by classmates are less likely to be tested on and so their grades are unlikely to be affected if they miss the question and answer, reducing the incentive to pay attention.

Because of methodological limits to the study, the article notes that its conclusions cannot be considered definitive, and so it urges others to conduct similar studies.

CyberFloss

Yet another recitation of superficial conventional wisdom about 'cybersecurity', this time in 'Cyber-security: the vexed question of global rules: An independent report on cyber-preparedness around the world' [PDF] by Brigid Grauman at Security Defence Agenda [sic] under the auspices of McAfee.

The 104 page report claims to present "the risks and threats associated with the rising use of the internet to access personal and professional information". The author, a journalist whose work has appeared in the FT and other publications (eg articles on art fairs, tourism, film directors, and molecular gastronomy), indicates that it is

made up of a survey of some 250 leading authorities worldwide and of interviews carried out in late 2011 and early 2012 with over 80 cyber-security experts in government, companies, international organisations and academia. It offers a global snapshot of current thinking about the cyber-threat and the measures that should be taken to defend against it, and assesses the way ahead.

It is aimed at the influential layperson, and deliberately avoids specialised language. For the moment, the “bad guys” have the upper hand – whether they are attacking systems for industrial or political espionage reasons, or simply to steal money - because the lack of international agreements allows them to operate swiftly and mostly with impunity. Protecting data and systems against cyber-attack has so far been about dousing the flames, although recently the focus has been shifting towards more assertive self-protection.

No great revelations there and the "influential layperson" might be better off looking at OECD studies, Australian parliamentary committee cyber-security reports or some of the writing by figures such as Bruce Schneier, not least because Schneier emphasises both the ICT and 'wetware' aspects of security and moves beyond a simplistic awarding of gold stars.

The report's recommendations are anodyne -

1. Build trust between industry and government stakeholders by setting up bodies to share information and best practices, like the Common Assurance Maturity Model (CAMM) and the Cloud Security Alliance (CSA).
2. Increase public awareness of how individuals can protect their own internet data, and promote cyber-security education and training.
3. New problems and opportunities created by smart phones and cloud computing must be examined. Cloud computing needs an appropriate architecture to achieve optimum security levels.
4. Prioritise information protection, knowing that no one size fits all. The three key goals that need to be achieved are confidentiality, integration and availability in different doses according to the situation.
5. Consider establishing cyber-confidence building measures as an alternative to a global treaty, or at least as a stopgap measure, knowing that many countries view a treaty as unverifiable, unenforceable and impractical.
6. Improve communication between the various communities, from policy-makers to technological experts to business leaders both at national and international levels.
7. Enhance attribution capabilities by investing in new technologies, and establishing rules and standards.
8. Follow the Dutch model of a third party cyber-exchange for improved private-public partnership on internet security.
9. Despite the many practical hurdles in the way of transparency, both for private companies and for governments, find ways of establishing assurance – or trust – through the use of security mechanisms and processes.
10. Move the ball forward and encourage integration of cyber into existing processes and structures. Make sure cyber considerations and investment are present at every level.

One of my more acerbic ICT contacts added three further recommendations -

11. Take a cut lunch and a spare set of socks
12. Wear clean underwear
13. Be nice to your dad, mum and - of course - the PA who knows where the cybersecurity skeletons are buried

Some sense of the report is provided by the snapshot on Australia -

Until late 2011 Australia's Attorney General was in charge of cyber-security policy and of streamlining work between government departments and setting up information groups to discuss problems like critical infrastructure protection. However since December the responsibility is in the hands of Prime Minister Julia Gillard in a move to consolidate whole-of-government responsibilities, according to a spokesperson for her department.

Interviewed before the reshuffle Ed Dawson of Queensland University of Technology said cyber-security policy involved most big companies but that on the downsuide the private sector is loath to take responsibility and spend money. A Cyber White Paper, issued in late 2011, focused on how to bring together the various stakeholders.

"With electricity for instance", Dawson continued, "we'll have the distributor saying that cyber-security is the responsibility of the power generators. It's like they're waiting for an accident to happen." The government has proposed to partly fund projects in the area of critical infrastructure.

Australia's funding policy on the whole gets good marks. Queensland University of Technology is currently engaged in two large projects. The first, co-funded by India (to the tune of A$4.4 million) is researching denial-of-service attacks. "We're trying to see what sort of attacks are feasible and we're developing mechanisms like cryptography to guard against them", says Dawson. The other is a five year project on airport security worth A$5 million.

The Australian Department of Defence's Cyber-Security Operations Centre (CSOC) provides threat detection and mitigation for government departments and agencies, and the Department is recruiting an extra 130 cyber-security experts to work there.

The country is also promoting a voluntary code of conduct for ISPs to educate customers, offer better online protection, and quarantine infected users. "The problem with voluntary codes is their uneven application," says Tim Scully, CEO of stratsec and Head of Cyber-Security at BAE Systems Australia. The Australian Communications and Media Authority has a list of blacklisted sites, and requires Australian ISPs to filter them.

Communications Minister Stephen Conroy says that the blacklist targets only illegal sites, but some feel that the scope of the censored content is too broad. "Selling cyber security regulations is a brave thing for a government to do," says Scully, citing the public outcry at the government’s attempts to introduce internet censorship to protect children from porn. In a country where most people are hostile to the idea of carrying ID papers, privacy is high on the agenda.

No evaluation of whether consolidation of whole-of-government responsibilities was needed and is working. No critique of the Cyber White Paper. No indication that Dawson is representative of the 'cyber-security community' or offers a uniquely authoritative insight into Australian public/private sector practice. No reference to law, whether domestic or in relation to Australian adherence to global cyber-security agreements such as the Council of Europe Cybercrime Convention. No data on the incidence and severity of cyber-security problems in Australia. No indication of whether the government's proposal to "partly fund projects" is meaningful. No indication of whether there is any cyber-security research outside QUT.

All in all - in my opinion - a report on which the conscientious "informed layperson" need not waste her time. It's not much better than the piece of brightly-coloured and not-nutritious cyberfloss known as the Norton Cybercrime Report noted here last year.

Wikifriendz

In a conference paper last year I argued that Julian Assange is the bestest bestest friend of  'the forces of darkness', as Wikileaks would legitimate government efforts to tighten up access - authorised or otherwise - to public/private sector information.

Bill Keller in a NY Times piece today comments that

The Army private accused of divulging three-quarters of a million secret documents to WikiLeaks, Bradley Manning — who was at first kept in such inhumane custody that the State Department spokesman quit in protest — is scheduled to be arraigned Thursday on charges that could mean life in prison. You don’t have to excuse his alleged crime to think the original sin in the whole drama is that this tormented soul had access to so many secrets in the first place.

What we cannot know for sure is the fate of the many informants, dissidents, activists and bystanders quoted in the American cables. Assange published source names over the strong objections of the journalists who had access to the data (we expunged the names from our reports) and to the horror of human rights groups and some of his WikiLeaks colleagues. I’ve been told that a few exposed sources fled their countries with American help, a few others were detained by authorities, and none are known to have been killed. But would we even know? When I read stories like the Reuters account last week of the three men beheaded in Yemen for giving information to Americans, I worry anew about the many innocent witnesses named in the WikiLeaks cables.

The publication of so many confidences and indiscretions did not bring U.S. foreign policy to a halt. But it did, at least temporarily, complicate the lives of U.S. diplomats. American officials say that foreign counterparts are sometimes more squeamish about speaking candidly, and that it is harder to recruit and retain informants around the world.

As raw material for journalists, the cache of secrets has had a phenomenal afterlife. It’s been 10 months since The Times, The Guardian, Der Spiegel and the other partners in this project filed their last major extracts from the files. And still, literally every day, stories based on the trove appear somewhere in the world, either because local news organizations are catching up with morsels of scandal that did not attract major newsrooms, or because new events cast the cables in a more interesting light. Notably, State Department dispatches reporting on the dissolute lifestyles of Mideast autocrats provided a little extra kindling for the bonfires of the Arab Spring.

But the idea that this was the opening of a floodgate has proved exactly wrong. In the immediate aftermath of the breach, several news organizations (including this one) considered creating secure online drop-boxes for would-be leakers, imagining that new digital Deep Throats would arise. But it now seems clear that the WikiLeaks breach was one of a kind — and that even lesser leaks are harder than ever to come by.

Steven Aftergood, who monitors secrecy issues for the Federation of American Scientists, said that since WikiLeaks the government has elevated the “insider threat” as a priority, and tightened access to classified material. Nudged by an irate Congress, the intelligence agencies are at work on an electronic auditing program that would make illicit transfer of secrets much more difficult and make tracking the leaker much easier.

“A lot of attention has been focused on WikiLeaks and its colorful proprietors,” Aftergood told me. “But the real action, it turns out, is not at the publisher level; it’s at the source level. And there aren’t a lot of sources as prolific or as reckless as Bradley Manning allegedly was.”

For good reason. The Obama administration has been much more aggressive than its predecessors in pursuing and punishing leakers. The latest case, the arrest last month of John Kiriakou, a former C.I.A. terrorist-hunter accused of telling journalists the names of colleagues who participated in the waterboarding of Qaeda suspects, is symptomatic of the crackdown. It is this administration’s sixth criminal case against an official for confiding to the media, more than all previous presidents combined. The message is chilling for those entrusted with keeping legitimate secrets and for whistleblowers or officials who want the public to understand how our national security is or is not protected.

Here’s the paradox the documentaries have overlooked so far: The most palpable legacy of the WikiLeaks campaign for transparency is that the U.S. government is more secretive than ever.

Immunity

'The Legal Status of the Holy See' [PDF] by Cedric Ryngaert in 3(3) Goettingen Journal of International Law (2011) comments that -

The Holy See enjoys rights under international law that few, if any, non-State actors (excluding intergovernmental organizations) enjoy: it has joined various intergovernmental organizations, it is a party to a substantial number of bilateral and multilateral treaties, it sends and receives diplomatic representatives, is said to enjoy immunity from jurisdiction, and has been granted permanent observer status at the United Nations. However, unlike the Vatican City State, the Holy See is not to be characterized as a State, given that it has a global spiritual remit and that it can act internationally without a territorial base. Instead, it is a sui generis non-State international legal person which borrows its personality from its ‘spiritual sovereignty' as the center of the Catholic Church.

The article is of most interest for its discussion of immunity issues. Ryngaert comments that -

the diminishing autonomy of the Holy See vis-à-vis States is also exemplified by domestic courts’ reluctance to grant the Holy See immunity from jurisdiction.

Immunity cases do not only arise in Italy, where the Holy See has its seat. In various States, and in particular the United States, sex abuse scandals in the Church have recently given rise to legal proceedings against the Holy See on the basis of the latter’s vicarious liability for the Catholic clergy or its negligence in the face of the abuses.

The immunity of the Holy See in Italy is purportedly regulated by Article 11 of the Lateran Conciliation Treaty (1929), which provides that “[a]ll central bodies of the Catholic Church shall be exempt from any interference on the part of the Italian State (except as provided by Italian law with regard to acquisition of property made by recognized public bodies (corpi morali), and with regard to the conversion of real estate)”. Italian courts have traditionally given this provision a broad interpretation. In a 1987 case, for instance, the Italian Court of Cassation granted immunity from criminal jurisdiction to three high officials of the Vatican Bank accused of complicity in the fraudulent bankruptcy of the Banco Ambrosiano, on the basis of Article 11 of the Conciliation Treaty. Along similarly liberal lines, the Court of Cassation held in 1982 that the Vatican Radio enjoyed immunity from jurisdiction as it was a central body of the Catholic Church.

The liberal interpretation of Article 11 of the Conciliation Treaty was rejected in 2003, however. In the Tucci case, the Court of Cassation, drawing on Article 31 of the VCLT (which lays down the rules of treaty interpretation), held that the Holy See’s immunity from jurisdiction could not be inferred from the obligation of non-interference enshrined in the Lateran Treaty:

The obligation set out in Article 11 of the Lateran Treaty not to interfere with activities of the central bodies of the Catholic Church could not be considered in any way as equivalent to immunity from jurisdiction. Indeed, while the latter would have required the Italian State to waive its jurisdictional authority, no such limitation was implied when abiding by the obligation of non-interference. The obligation in question was not tantamount to a general waiver by Italy of its sovereignty and, in particular, to the exercise of jurisdiction. It only aimed at protecting the independent performance of the activities connected with the Magisterium of the Catholic Church.

The right to invoke immunity from jurisdiction must be stated expressly and could not be inferred from a provision dealing with non- interference. As the immunity imposed heavy limitations on state sovereignty, it had to be provided for by special rules not subject to an extensive interpretation. The fact that immunity from jurisdiction could not be inferred from the obligation of non-interference, was confirmed by Article 31(1) of the Vienna Convention on the Law of Treaties (23 May 1969) 1155 UNTS 331; 8 ILM 679 (1969); 63 AJIL 875 (1969), entered into force 27 January 1980, which considered the textual criterion to be the general rule of interpretation of treaty provisions.

While undertaking the obligation not to interfere, and recognizing the absolute sovereignty and independence of the Catholic Church, the Italian State had, at the same time, maintained its own sovereignty in the temporal order.

Importantly, the Court of Cassation considered the Lateran Treaty as a self-contained régime concerning the relationship between the Italy and the Holy See; only in passing did it note that the Holy See did not enjoy immunity from jurisdiction under customary international law.

As regards the particular facts of the Tucci case, in which private citizens and environmental organizations sought redress from three managers of the Vatican Radio for alleged damage sustained as a consequence of electro-magnetic radiation emanating from plants situated on the territory of the Holy See, the Court’s rejection of the Holy See’s immunity reinstated the full sovereignty of Italy over (environmental) crimes of which the effects were felt in Italian territory:

Italy could fully exercise its competence to punish criminal offences that, although committed on the territory of the Holy See, caused harmful effects within the national territory. The exercise of Italian jurisdiction was subject to the sole condition of a causal link between those harmful effects and the illicit act committed on the territory of the Holy See

It is of note that, in the Court’s view, human rights, constitutional protections, and the individual’s right to an (effective) remedy corroborated the restrictive interpretation of Article 11 of the Lateran Treaty, and the resulting rejection of immunity. It was precisely the Court’s failure to consider such protection in its 1980s case law that led to fierce criticism of the Court’s interpretation of Article 11 at the time.

Regardless of the restrictive interpretation of Article 11 of the Lateran Treaty and the Court’s unwillingness to equate the principle of non- interference with the notion of immunity, also after the Tucci case immunity continues to flow de facto from Article 11 to the extent that harmful acts emanate from a ‘central body’ of the Catholic Church, i.e., a body of the Roman Curia (which the Vatican Radio was not according to the Court). It would indeed be difficult to fathom how a jurisdictional assertion over the Roman Curia on the part of Italian courts could not amount to interference with the (spiritual) activities of the Holy See.

In States that have not entered into a bilateral agreement with the Holy See – indeed the great majority of States – any immunity that could accrue to the Holy See is to be derived from domestic law, international law, or a combination of both. In practice, while States have enacted legislation regulating the affairs of the Catholic Church, they have not enacted legislation addressing the legal status of the Holy See within their territory or before their courts. Nor may there be a clear principle that the Holy See, as a sui generis international legal person that differs from States, is entitled to immunity under general international law in ways similar to the immunity of States.

Still, U.S. courts have treated the Holy See as a sovereign for purposes of applying the U.S. Foreign Sovereign Immunities Act (FSIA), although, technically speaking, the act only applies to foreign States and their political subdivisions, agents, and instrumentalities. This may be explained by the fact that the U.S. and U.S. courts consider the Holy See and the Vatican City State as interchangeable, or the Holy See as representing the Vatican City State.

Plaintiffs suing the Holy See have made the most forceful argument against the characterization of the Holy See as a State for purposes of FSIA application in the case of O’Bryan v. Holy See (2009), which concerned the Holy See’s liability for sex abuses committed by U.S. Catholic clergy in Kentucky. They asked a Kentucky District Court, and on appeal the Court of Appeals for the 6th Circuit, to conceive of the Holy See as two separate entities: one being identifiable with the Vatican as a foreign sovereign recognized as such by the U.S. Government, and another being the ‘unincorporated head of an international religious organization’, namely the Roman Catholic Church, which “has no defined territory and no permanent population, and thus does not satisfy the definition of ‘foreign state’ under the Restatement’s [Third, of U.S. Foreign Relations Law 1987] standard”, and that is “wholly distinct and separate from its role and activities as a sovereign”.

The plaintiffs’ argument in O’Bryan was rejected by the courts, however. The District Court held that the plaintiffs “cite no authority for the proposition that the Holy See may be sued in a separate, non-sovereign function as an unincorporated association and as head of an international religious organization”. The Court of Appeals affirmed, citing other U.S. courts’ case law, and held that the status of the Holy See as a “parallel non-sovereign entity” was “conjured up by the plaintiffs”. This determination did not come as a surprise, as the U.S. Government had intervened as an amicus curiae in the case supporting the position of the Holy See regarding its status as a foreign sovereign for purposes of the FSIA. In our view, however, plaintiffs’ argument was convincing, since, as argued above, the Holy See should not always be considered as representing its territorial base, the Vatican State. When supervising priests, it acts in its capacity as a non-State religious organization rather than as a State.

In any event, since U.S. courts have considered the Holy See as a State for purposes of the FSIA, immunity disputes involving the Holy See have not revolved around the question of whether the FSIA is applicable in the first place, but around the question of whether exceptions to the FSIA were triggered in specific cases pending before the U.S. courts. For instance, in the case of Dale v. Colagiovanni, the latter being an agent of the Holy See who was sued for having participated in an international insurance fraud scheme, the Court ruled that the commercial activity exception did not apply, on the ground that the agent had only acted with ‘apparent’ and not the ‘actual’ authority of the Holy See. In the recent sexual abuse cases of O’Bryan and Doe v. Holy See, the question was whether the tortious and commercial activity exceptions to the FSIA applied. Various courts came to divergent conclusions on the application of these exceptions, and the exceptions to the exceptions, but the U.S. Supreme Court refused to grant certiorari on 28 June 2010. U.S. case law regarding the exceptions to the application of the FSIA is not further discussed here, as it has no particular relevance for the subject of our study (the legal status of the Holy See under international law).

In the author’s view, consistent State practice in favor of granting immunity to the Holy See may be lacking (it may be observed that U.S. courts have conferred immunity on the Holy See under the FSIA, a domestic law instrument, rather than under international law). Furthermore, in light of the increasing importance of individuals’ right to access to a court, immunities ought to be interpreted restrictively, all the more so if the beneficiary of the immunity is not a State but a non-State actor. It is recalled in this respect that international organizations, another category of non-State actors, do not enjoy immunity under general international law, but only on the basis of particular treaties. Even if treaties confer immunity on international organizations, domestic courts, at least in the ECHR area, will only uphold such immunity if it is compatible with the right to access to a court (Article 6(1) ECHR). Finally, as far as the immunity from jurisdiction of functionaries of the Holy See (possibly including every Catholic cleric) is concerned, the immunity ratione personae of the Pope and possibly the Cardinal Secretary of State, representatives of the Vatican City State, appears as self-evident, at least if one accepts the statehood of the Vatican. A more difficult question, however, is whether functionaries of the Catholic Church (or possibly every bishop or Cardinal) enjoy immunity ratione materiae for acts that were committed in sufficient proximity to the culprit’s office, i.e. ‘under color of authority’ or by use of official resources. All charges of abuse, or of covering up cases of abuse, would then be covered by immunity ratione materiae. Against this it may be argued that offences committed in the forum State may not attract immunity. But more importantly, if the view is taken that the Holy See (unlike the Vatican City State) does not enjoy immunity under general international law, then logically its functionaries cannot enjoy immunity either, as in international law, the immunity of officials is derived from the immunity of the entity which they serve.

Driverless

The Victorian Privacy Commissioner, one of the most positive Australian privacy agencies, last month released its 39 page report [PDF] on the 2011 Portable Storage Devices Privacy Survey.

The Commissioner comments that "Portable Storage Devices continue to pose privacy risks for the public sector", with the survey revealing that "a disappointing number of organisations have showed no improvement as compared with the 2008 results".

The 2011 survey sought to gauge the degree to which the Victorian public sector entities surveyed in 2008 had improved their management of portable storage devices (PSDs) such as USB drives and to explore the management of new devices such as tablets. The Commissioner notes that -

Seven organisations, including three local councils, still had no documented policies and procedures to control the use of PSDs, despite the fact that I recommended in the first survey report that, at a minimum, organisations require them.

The fact that 12 organisations still do not restrict the use of PSDs in the face of risks such as those posed by portable external hard drives is unacceptable and that 16 organisations failed to provide any encryption at all on PSDs raises serious doubts as to whether these organisations are taking reasonable steps to secure personal information in compliance with IPP 4 (Data Security). The reality is that these devices now have the capacity to store an organisation’s entire data holdings.

It is difficult to see how organisations that have obligations to manage personal information properly can ignore this significant data security risk. They do so at their peril.

The report covers 31 of the 55 entities surveyed in 2008. The Commissioner notes that

Smartphones, tablets and portable external hard drives represent significant technological advances since 2008. While these technologies can provide great benefits to the workplace they also create additional privacy risks. Portable Storage Device policies should be substantially expanded to cater for the full range of issues raised by the use of these technologies.

The report features several recommendations, most of which are directly applicable to public/private sector bodies across Australia -

1. Storage Device Developments

1(a) Organisations should ensure that the use of portable external hard drives is strictly controlled. They pose a major risk to data stores.

1(b) All active ports in a computer fleet should be controlled: not just USB ports.

1(c) Organisations should purchase hardware-encrypted USB keys. They are widely available, reasonably priced and more effective than those which come with encryption software.

2. Smartphones and Tablets

2(a) Organisations should ensure that information and document integrity is not compromised by the use of tablets.

2(b) If cloud services are to be utilised for tablets and smartphones, ensure that personal information is protected as per the Information Privacy Act.

2(c) Portable Storage Device policies should be substantially expanded to cater for the full range of issues raised by the use of tablets and smartphones.

2(d) Organisations should ensure that systems administrators are given full authority to uphold policies and controls regardless of the source of network access requests.

3. Endpoint Security Products

3(a) Endpoint security solutions should incorporate the following features:

• the ability to whitelist or blacklist PSDs;
• to provide detailed logs of PSD access;
• the ability to control the type of access permitted to specific users or PSDs;
• and to enforce encryption on device connection.

3(b) Endpoint security solutions should handle all types of PSD.

3(c) When considering an endpoint security solution, organisations should ensure that data loss protection features are included. If not, they should augment with a specific data loss protection product.

4. ‘Thin Client’ Solution

4(a) The following features should be examined where ‘thin client’ solutions are being considered:

• access to the clipboard should be disabled;
• local drive mapping should be disabled;
• local port mapping should be disabled; and
• there should be restrictions on locally attached printing.

4(b) Endpoint security should be considered in parallel with ‘thin client’ solutions to provide full protection

5. Cloud Based Storage

5(a) Where organisations are proposing to use cloud based services, PSDs such as tablets should be included in Privacy Impact Assessments and other forms of risk assessment.

6. CenITex

6(a) CenITex and its clients should work together to implement PSD controls as a matter of priority.

6(b)CenITex should work with its clients to proactively raise standards at the earliest opportunity.

Experimentation?

Michael Brooks modestly characterises cosmetic surgery as "nothing more than an industrial-scale scientific experiment, carried out on vulnerable women". I'm unconvinced by the claim, not least because some cosmetic surgery involves men rather than women - vulnerable or otherwise - and because some cannot be dismissed as attributable to vanity.

His 'Why breast implants don't work' in the New Statesman - increasingly a home for the cranky - argues that -

Viewing cosmetic surgery as an experiment means we should also submit it to ethical consideration. The Nuremberg Code governing experimentation on human subjects states that the individual "should have sufficient knowledge and comprehension of the elements of the subject matter involved"; that the experiment "should be such as to yield fruitful results for the good of society, unprocurable by other methods"; and: "Proper preparations should be made and adequate facilities provided to protect the experimental subject against even remote possibilities of injury, disability, or death." The great breast augmentation experiment does not meet these standards.

Cosmetic breast implantation is a flawed and ethically corrupt psychological experiment, carried out for commercial profit on vulnerable women. And it should now be halted.

Much contemporary medicine is susceptible to Brooks' problematical characterisation as "an experiment". So of course is the mumbo-jumbo known as 'alternative' or 'complementary' medicine ... 'magic touch', homeopathy and so forth. It's possible to be critical of the TGA's incapacity regarding breast implants without waving around the 'Nuremberg Code' or damning medical practice as an 'industrial-scale experiment'.

Ventilation

The Medical Ethics Committee of the British Medical Association (BMA) has released an 80 page report [PDF] titled Building on Progress: what next for organ donation policy in the UK.

The report coincides with NSW government consideration of public responses to the NSW Health Department's discussion paper on organ donation in NSW [including a detailed response by myself and colleague Dr Bonython]. The UK report proposes several controversial measures, arguably so controversial that they will not be adopted in the UK and Australia.

They include -

• a shame campaign to draw attention to the "moral disparity" of people who decline to donate, but are happy to accept an organ
• elective ventilation (ie keeping "brain dead" patients alive solely so they can become organ donors, a practice restricted after Health Dept advice in 1994)
• "retrieving" hearts from newborn disabled babies (there are currently no standard UK tests for diagnosing brain stem death in neonates, so that neonatal hearts are not donated in the UK, with neonatal hearts instead being imported)
• using body parts from high-risk donors including the elderly, people with cancer, drug users and people with high-risk sexual behaviour.
• making donation after cardiac death "a normal source" for organs
• a presumed consent system for organ donation
• payment of funeral expenses for donors

In discussing elective ventilation the report comments that -

Once a patient has been diagnosed as dead using brain stem tests, artificial ventilation is usually continued for a period of time to allow the family time to say goodbye or, if organ donation has been authorised, for arrangements to be made for the organs to be retrieved. Elective ventilation is different in that it involves starting ventilation, once it is recognised that the patient is close to death, with the specific intention of facilitating organ donation. This system was introduced, with strict controls, in Exeter in 1988 and led to a 50% increase in the number of organs suitable for transplantation. It was stopped abruptly in 1994, however, when the Department of Health advised that the practice was unlawful.

The law requires that, when patients lack the capacity to consent, procedures or interventions must be in their best interests. The use of elective ventilation is not intended to be for the clinical benefit of the individual but to facilitate donation. The Mental Capacity Act 2005, however, takes a broad approach to ‘best interests’ (and a similar broad approach to ‘benefit’ is likely under the Adults with Incapacity (Scotland) Act 2000) and there has recently been a formal recognition that taking some steps before death to facilitate donation could be in an individual’s best interests (see section 4). The BMA has long argued that where an individual had expressed a wish to donate organs after death, some steps to facilitate that wish may be seen as in that person’s best interests or benefit (or at least not contrary to his or her interests). Individuals who are sufficiently informed may also wish to give specific, advance consent, to permit elective ventilation to take place. The UK Donation Ethics Committee has called for further debate on this issue, to more clearly define the appropriate balance between benefits and harms and the types of interventions that could reasonably be undertaken. The BMA would also welcome further clarification on this issue. From an ethical perspective one of the major concerns with elective ventilation is the level of the risk to which the incapacitated adult may be exposed. Fears have been expressed that, in theory at least, elective ventilation could induce a persistent vegetative state (pvs). Although the chance of harm occurring is considered to be very low, inducing pvs would be a very significant harm and, if elective ventilation were to be permitted, very careful safeguards would be needed to minimise this risk. This might include, for example, restricting elective ventilation to those patients dying of spontaneous intracranial haemorrhage (since these patients rarely, if ever, develop pvs) and stating that artificial ventilation must not be started until natural respiratory arrest has occurred. There are also practical difficulties associated with the lack of ICU beds and competing demands for limited resources. In the BMA’s view, priority would always need to be given to the use of intensive care facilities for those who have a chance of recovery rather than for those who are being ventilated to facilitate donation.

Elective ventilation is not an easy option but it has been shown to increase donation rates, and to facilitate the wishes of a group of patients who want to donate and would otherwise be unable to do so. The BMA is not calling for the law to be changed to permit elective ventilation but believes this may be an issue that would benefit from debate both to assess the clinical, legal and ethical issues raised and to assess public opinion about its use.