A July 25 letter sent to Attorney General John Ashcroft by 19 American legislators asked him to devote more Justice Department resources in the fight against peer-to-peer networks and users swapping digital media without permission.

Forget the fact that the FBI is neck-deep in an internal crisis of confidence and competence, having a hard time recruiting and keeping qualified agents, and shifting from a diverse federal law enforcement entity to one in-line with the emerging threats to American society from terrorism.

No, it seems that one of the highest priorities for the Justice Department - behind that simple task of securing America's Homeland - should be copyright enforcement....at least in the eyes of the Recording Industry Association of America. Of course, this is made all the easier when "peer-to-peer" - a valuable technological architecture - is interpreted and subsequently marketed by the RIAA as synonymous with "pirating" and evil economic - potentially terrorist - activities aimed against the $40 billion entertainment industry. And, of course, Congress, mental wizards that they are, believe whatever they're asked to believe so long as the campaign contributions are of the right type and amount.

[ ... ]

Rosen says that piracy "ultimately hurts consumers by undermining the creators' incentive to bring new works to the market." In her eyes - and in the eyes of her purchased lawmakers - the only 'creators' that should be allowed to easily bring new works to market are those under contract to RIAA's member companies. To RIAA, you're either part of their cartel or you don't matter.

Thus, we see proposals like Berman's bill, and the RIAA suggesting that all blank compact disks (and possibly hard drives) be taxed to compensate for piracy losses, even if such media are used for the backup of software and user data, not entertainment content. Most sinister is the recent proposal by Senator Fritz "Hollywood" Hollings that would mandate copyright enforcement 'features' be part of any device that can store electronic data, from computers and DVD players to microwaves, garage door openers, and rectal thermometers. The Hollings proposal would essentially force the interests of the $40 billion entertainment industry on the $500 billion-plus technology and hardware industries in a variety of industrial sectors. Talk about the mouse trying to own the elephant herd.

[ ... ]

If you control the means to disseminate content, you can subsequently control the public. If you can't afford - or are not willing - to play by the 'established' means of control, you are typically left to fend for yourself in local venues and audiences.

Thanks to the Information Age, this is not the case anymore. This harsh reality terrifies the entertainment industry that will stop at nothing - no matter how ill-conceived - to keep its reign despite a failing business model and changing economic and customer environment. The copyright debate isn't only about profit, it's also about who controls information, and ultimately, people and society.

Political News from Wired News - A Site to Despise Untrained Spies. Think the Bush administration's citizen informant program is a huge invasion of privacy? The ACLU has a website for you.

Slashdot | Declan McCullagh On Geek Activism.

die_jack_die writes "Declan McCullagh, formerly of Wired News, lately at News.com, has written an insightful piece about the realities of geek activism. Short version: spend your time coding, not lobbying. (You might also want to check out Politech , his mailing list for this sort of stuff.)" --- This in contrast to "Lessig"s call for more lobbying.

The Atlantic | September 2002 | Homeland Insecurity . A top expert says America's approach to protecting itself will only make matters worse. Forget "foolproof" technology--we need systems designed to fail smartly

[ ... ]

To help merchants verify and protect the identity of their customers, marketing firms and financial institutions have created large computerized databases of personal information: Social Security numbers, credit-card numbers, telephone numbers, home addresses, and the like. With these databases being increasingly interconnected by means of the Internet, they have become irresistible targets for criminals. From 1995 to 2000 the incidence of identity theft tripled.

[ ... ]

Schneier's side won the battle as the nineties came to a close. But by that time he had realized that he was fighting the wrong war. Crypto was not enough to guarantee privacy and security. Failures occurred all the time--which was what Schneier's terrible idea demonstrated. No matter what kind of technological safeguards an organization uses, its secrets will never be safe while its employees are sending their passwords, however unwittingly, to pornographers--or to anyone else outside the organization.

The Parable of the Dirty Web Site illustrates part of what became the thesis of Schneier's most recent book, Secrets and Lies (2000): The way people think about security, especially security on computer networks, is almost always wrong. All too often planners seek technological cure-alls, when such security measures at best limit risks to acceptable levels. In particular, the consequences of going wrong--and all these systems go wrong sometimes--are rarely considered. For these reasons Schneier believes that most of the security measures envisioned after September 11 will be ineffective, and that some will make Americans less safe.

It is now a year since the World Trade Center was destroyed. Legislators, the law-enforcement community, and the Bush Administration are embroiled in an essential debate over the measures necessary to prevent future attacks. To armor-plate the nation's security they increasingly look to the most powerful technology available: retina, iris, and fingerprint scanners; "smart" driver's licenses and visas that incorporate anti-counterfeiting chips; digital surveillance of public places with face-recognition software; huge centralized databases that use data-mining routines to sniff out hidden terrorists. Some of these measures have already been mandated by Congress, and others are in the pipeline. State and local agencies around the nation are adopting their own schemes. More mandates and more schemes will surely follow.

Schneier is hardly against technology--he's the sort of person who immediately cases public areas for outlets to recharge the batteries in his laptop, phone, and other electronic prostheses. "But if you think technology can solve your security problems," he says, "then you don't understand the problems and you don't understand the technology." Indeed, he regards the national push for a high-tech salve for security anxieties as a reprise of his own early and erroneous beliefs about the transforming power of strong crypto. The new technologies have enormous capacities, but their advocates have not realized that the most critical aspect of a security measure is not how well it works but how well it fails.

[ ... ]

Where Schneier had sought one overarching technical fix, hard experience had taught him the quest was illusory. Indeed, yielding to the American penchant for all-in-one high-tech solutions can make us less safe--especially when it leads to enormous databases full of confidential information. Secrecy is important, of course, but it is also a trap. The more secrets necessary to a security system, the more vulnerable it becomes.

To forestall attacks, security systems need to be small-scale, redundant, and compartmentalized. Rather than large, sweeping programs, they should be carefully crafted mosaics, each piece aimed at a specific weakness. The federal government and the airlines are spending millions of dollars, Schneier points out, on systems that screen every passenger to keep knives and weapons out of planes. But what matters most is keeping dangerous passengers out of airline cockpits, which can be accomplished by reinforcing the door. Similarly, it is seldom necessary to gather large amounts of additional information, because in modern societies people leave wide audit trails. The problem is sifting through the already existing mountain of data. Calls for heavy monitoring and record-keeping are thus usually a mistake. ("Broad surveillance is a mark of bad security," Schneier wrote in a recent Crypto-Gram.)

To halt attacks once they start, security measures must avoid being subject to single points of failure. Computer networks are particularly vulnerable: once hackers bypass the firewall, the whole system is often open for exploitation. Because every security measure in every system can be broken or gotten around, failure must be incorporated into the design. No single failure should compromise the normal functioning of the entire system or, worse, add to the gravity of the initial breach. Finally, and most important, decisions need to be made by people at close range--and the responsibility needs to be given explicitly to people, not computers.

Unfortunately, there is little evidence that these principles are playing any role in the debate in the Administration, Congress, and the media about how to protect the nation. Indeed, in the argument over policy and principle almost no one seems to be paying attention to the practicalities of security--a lapse that Schneier, like other security professionals, finds as incomprehensible as it is dangerous.

I haven't had a chance to read the whole thing but it looks like a long and interesting article. Check it out.

Slashdot | Distributed Security.

A reader writes: ""Where Schneier had sought one overarching technical fix, hard experience had taught him the quest was illusory." A long and detailed article at The Atlantic Online on why Bruce Schneier has come down from his strong cryptography tower to preach the gospel of small scale, ductile security against the popular approach of broad scale, often high tech security that often proves to be very brittle."

Slashdot | Your Rights Online - Briefs in Eldred Case Against CTEA. Online.

EricEldred writes: "Legal briefs are now online, from the government and more friends of the Supreme Court, in the Eldred case against the Copyright Term Extension Act, at eldred.cc Also, a special edition of the Loyola of Los Angeles Law Review on the case is at llr.lls.edu. The case will be heard by the Supreme Court October 9th."

New York Times - free registration required Court Upholds School Policy on Drug Tests in New Jersey.

A New Jersey appeals court ruled yesterday that a Hunterdon County high school can randomly conduct drug tests on students who participate in teams and clubs or who park their cars in the school parking lot.

The decision overturned a January 2001 injunction issued by a Superior Court judge that stopped the drug-testing program at the school, Hunterdon Central Regional High School in Flemington. In the 2001 decision, the judge agreed with lawyers from the New Jersey chapter of the American Civil Liberties Union that the State Constitution provided more privacy protection for students against random drug tests than the United States Constitution

[ ... ]

In June, the court expanded the earlier ruling and upheld the widespread use of random drug testing of public school students. The 5-to-4 decision upheld a program in a rural Oklahoma district that required students engaged in "competitive" extracurricular activities -- including the future homemakers' club, the cheerleading squad and the choir -- to submit to random drug testing.

In response to yesterday's New Jersey ruling, Kevin B. Kovacs, a lawyer for Hunterdon Central, said the school planned to resume testing when school begins.

"This is a big victory not just for Hunterdon, but for all school districts in New Jersey," he said, adding that the New Jersey School Boards Association had filed a brief supporting Hunterdon.

[ ... ]

In 1999, Hunterdon Central was among eight of 600 school districts in the state that conducted drug testing of athletes. Mr. Kovacs said lawyers for the A.C.L.U. had already said they would appeal yesterday's decision. Because the vote on the court's panel was 2 to 1, he said, the decision can be heard by the State Supreme Court. A.C.L.U. officials could not immediately be reached for comment.

Drug testing, in the meantime, will proceed, Mr. Kovacs said. "It means that right now schools are free to conduct random drug testing in New Jersey," he said.