The anti-piracy war is about to spill over onto the home front.

Until now, the entertainment industry has relied on civil lawsuits aimed at companies, not individuals, to limit widespread copyright infringement on peer-to-peer networks.

Napster fell to legal assaults, and MP3.com soon came under fire by the recording industry. MP3Board.com, Scour.com, and Sharman Networks, which markets Kazaa, have been targets of the entertainment industry's legal fusillades against suspected copyright infringers.

Now, however, the entertainment industry is revising its strategy. The new plan appears to extend the target beyond companies with an apparent declaration of legal warfare against individuals who the industry believes are swapping illicit songs or movies through peer-to-peer networks. The outcome could include jail time for those convicted of wrongful file swapping.

[ ... ]

Trading copyrighted wares without permission generally runs afoul of current federal law, which means that the Recording Industry Association of America (RIAA), if it chooses could pursue the matter in court. That has some benefits: If the RIAA wins a judgment, it can take a cut of the defendant's future paychecks and inheritances, and the debt does not disappear even if that person files for bankruptcy.

But suing individual pirates is expensive. Some of the most prolific file-swappers may have few assets to seize, and trying to hold parents financially responsible for their teenager's legally dubious online activities could become a public-relations nightmare.

[ ... ]

Under the NET Act, signed by President Clinton in 1997, it is a federal crime for a person to share copies of copyrighted products such as software, movies or music with friends and family members if the value of the work exceeds $1,000. Violations are punishable by one year in prison, or if the value tops $2,500, not more than five years in prison.

That's a mighty weapon to wield against peer-to-peer pirates, especially when so many Americans are potential federal felons, but it seems likely that the Justice Department will honor Congress' request. The agency already has used the NET Act to imprison software pirates, a move that tech companies hailed as "an important component of the overall effort to prevent software theft."

CNET NEWS.COM - The myth of cybersecurity.

Groove Networks CEO Ray Ozzie calls it the industry's dirty little secret: If you use the company network or the Internet, some snoop is likely monitoring your daily online communications.

[ ... ]

Surely the industry can--and should--take a good share of the blame, as should the government. Internet pioneer David Reed recently pointed out that in the early years, efforts to incorporate end-to-end encryption into the base standards of the Net were reportedly discouraged for reasons of national security.

But "weak encryption" is no longer a reasonable excuse for insecure systems. It's clear by now that real security comes not just from strong crypto, but from recognizing and embracing human strengths, frailties and common behaviors in building, managing and using complex systems. People are always the weakest link.

The industry also needs to explore new approaches to secure systems. Although Public Key Infrastructure (PKI) works within a well-managed enterprise environment, work relationships now commonly cross enterprise boundaries into domains of questionable trust. And third-party "notaries" don't help much; they introduce significant risk: When VeriSign was fraudulently duped into issuing Microsoft certificates to an unknown party in early 2001--with little reported recourse--utopian visions of "outsourcing identity and trust" crumbled.

Enterprises need, and must demand, more cellular approaches to trust and secure information-sharing, such as peer trust, webs of trust and fine-grained federated trust. The "Great Wall" approach is outdated, with the distinction between inside and outside becoming blurred. We need alternatives to the firewall and VPN models of protection.

New York Times - free registration required Princeton Disciplining Staff for Yale Web Site Break-Ins.

Princeton University said yesterday that it planned to allow its two top admissions officials to remain at the university despite their lapses in judgment involving a break-in by admissions officials into Yale University's computer system.

In announcing the findings, Princeton's president, Shirley M. Tilghman, said that Stephen E. LeMenager, the admissions official who first broke into a Yale Web site for college applicants, would be moved to another job at Princeton.

She said Princeton would also allow Fred Hargadon, its longtime dean of admission and Mr. LeMenager's boss, to remain in place until next June, when he will retire as previously planned. She said yesterday that Mr. LeMenager, the associate dean and director of admission, had told Mr. Hargadon of the unauthorized entry and that Mr. Hargadon failed to recognize its significance, to prevent other such entries or to report the break-in.

Dr. Tilghman also said that everyone involved in the break-ins -- including those who knew about them and did not report them -- would be disciplined, though she would not say how many people were involved or how they would be disciplined.

Slashdot | Lessig @ OSCON.

passthecrackpipe writes "Leonard Lin has put up the presentation Lawrence Lessig gave at OSCON (mirror). It is great. It requires Flash." --- Nice Flash work, very impressive, and of course Lessig is a superior speaker. Worth your time and the 8Mb download.

More mirrors are at http://lessig.org/freeculture/ and http://creativecommons.org/freeculture/

CNET NEWS.COM - Yahoo yields to Chinese Web laws..

Yahoo on Tuesday defended its decision to sign off on voluntary content limitations in China, a move that critics say opens the door to online censorship by the Web portal.

The agreement, called the "Public Pledge on Self-Discipline for the China Internet Industry," essentially ensures that Internet companies in China will abide by the country's pre-existing regulations. Although these regulations are controversial, including requirements that companies monitor and restrict information deemed "harmful," the pledge does not broaden existing laws, according to Yahoo.

"The restrictions on content contained in the pledge impose no greater obligation than already exists in laws in China," said Greg Wrenn, associate general counsel at Yahoo. "If this called for a form of self-censorship beyond laws that exist in China, we would have serious questions."

CNET NEWS.COM - Web site exposes shoppers' info.

A list of more than 1,800 Web users and their personal details has been left at an extension of an online shopping mall that directs buyers to a range of well-known British retailers.

On display at the site, UK Shopping City, are shoppers' names, e-mail and postal addresses, gender and age group. The U.K. Information Commissioner's Office said it will act on behalf of the thousands of consumers who have had their details exposed.

"This is a breach of (the Data Protection Act's) Principle 7, which states companies must take 'appropriate measures' to make sure this type of breach doesn't occur," said Faye Spencer, a compliance manager at the U.K. Information Commissioner's Office. Normally an individual affected by such a gaffe would have to contact the body before it would take action, but now that the agency has been notified, it will pursue the offending company, she said.