I thought I'd grab up some of the many commentaries and responses to the Eldred decision. If you read only one of these links, see Lessig's blog. Jack Balkin, another law professor who contributed to the case, is discussing it in his blog. The NYTimes has two distinct news stories on the decision (NYT1, NYT2), plus a biting editorial about the decision. Copyright scholar Siva Vaidhyanathan has a piece in Salon. The LA Times posts one of the very few stories to present the decision in a positive light. Reason is one of several to mock the mouse.

CFP 2003 "Freedom to Move Think and Speak!" . (April 1-4 in New York City, NY)

This year's program is shaping up to be an exciting gathering. Topics planned for inclusion include the Pentagon's Total Information Awareness program, encryption, biotechnology and the international movement of information. The speakers will be exciting, but so will the casual conversation in the corridors.

We are planning on a global focus, befitting the global Internet, and I am pleased to announce that George Radwanski, the Privacy Commissioner of Canada has already agreed to give a keynote address. (Yes, there is a Privacy Commissioner in North America!) Stay tuned to the CFP web site for the full conference program.

The full program will be announced by February 1.

The Program Committee has initially decided on a wide variety of sessions that are expected to include:

* How broad is the right to travel? Should you be required to prove your identity?
* Internet Filtering and Blocking
* Internet Data Retention - The European Model
* Human Rights on the Internet - A view from the Human Rights Community
* A CFP Bill of Rights what would be included.
* The Technologies of Surveillance
* Technology Dumping from the developed to the developing world
* What is it like to live in a Surveillance Society ?
* The Total Information Awareness Program 1984 or common sense?
* Nano technology - Will it bring the end of humankind?
* Can Free Speech Survive the new intellectual property regimes.

Derek's Rantings and Musings: Sweet Jesus, AOL Guy! I want to cancel my goddamn service!.

"No, I don't want to speak to AOL Canada, and frankly I no longer want to speak to you. I want to speak to someone who is actually willing to acknowledge that a customer is not a prisoner and will act as you are legally required to when I tell you to no longer process a charge against my credit card, ever. If that person is not you, it might very likely be a lawyer you have on retainer when my lawyer explains it to them in monosyllabic words that are easily understood. I want to cancel my service, and I want to cancel it now."

"So am I to understand that you want to cancel your service?"

[insert sound here of me slamming my head into wall forcefully] "Golly, it finally recognizes the English language. YES! After saying it to you nigh on twenty times, YES I want to cancel my damned service."

Sounds like AOL is still playing the same old games.

CNET NEWS.COM - Building a better spam trap .

Unsolicited e-mail messages, or spam, are on track to make up the majority of traffic on the Internet. But a group of researchers and developers gathered here Friday hopes to halt that by coming up with better ways of blocking those messages from consumers' in-boxes.

The Spam Conference, held at the Massachusetts Institute of Technology, was originally intended to be an informal gathering of 30 people or so. But more than 500 registered to discuss and debate the best way to battle the problem.

"Spam-filtering is shooting at a target that is not just moving, it's taking evasive action," said Bill Yerazunis, a research scientist at the Mitsubishi Electronics Research Lab and the author of the CRM114 Discriminator, a spam filter.

Remember a webcast of the conference is available in RealPlayer format

Privacy News from Wired News - Bills: Down With Citizen Database.

A flurry of legislation seeking to ban or curtail the Total Information Awareness program -- whose goal is to develop ways to track patterns in databases of Americans' private info -- hits Capitol Hill. Privacy advocates cheer.

[ ... ]

Seeking to catch terrorists before they strike, the research program aims to develop data-mining and pattern-matching tools to search databases that track American citizens' purchases, doctor's visits and travel itineraries. It is the signature project of the Information Awareness Office, which operates under the Defense Advanced Research Projects Agency, commonly known as DARPA.

On Tuesday, a broad coalition of public interest groups, ranging from the American Civil Liberties Union to the American Conservative Union, urged Congress to scrap the surveillance program.

Just three days earlier, members of the Senate Judiciary Committee asked Attorney General John Ashcroft for detailed information on the project.

Now, lawmakers have introduced three separate bills banning or suspending the program.

Sen. Ron Wyden (D-Ore.) proposed an amendment on Wednesday to the Omnibus Appropriations Bill that would suspend the program's $112 million budget for 2003.

On Thursday, Sen. Russ Feingold (D-Wis.) introduced the Data Mining Moratorium Act of 2003, which "suspends data-mining programs until Congress finishes a complete and total review," according to Feingold spokesman Ari Geller.

[ ... ]

Privacy advocates welcomed the flurry of anti-TIA bills.

"I am pleased to see these bills, even though they are sort of a jumble," said Lee Tien of the Electronic Frontier Foundation. "The legislative confusion seems to me a genuine expression of concern from a lot of different politicians and their constituents."

Tien said he favors Feingold's bill because its data-mining limits also apply to programs in the "Homeland Security Department" and the Transportation Security Agency, including the TSA's new airline passenger screening system scheduled for release this year.

LawMeme (Yale) - Cheap Trick: RealPlayer Windows Installation.

The default unchecked boxes that are visible at the outset clearly lead the user to believe that ALL of the boxes are unchecked, and the avg customer probably won't think to scroll all the way down and uncheck these boxes. Which means that by clicking "next" when confonted with the first four unchecked boxes, the user unwittingly elects to receive sports, entertainment, music and new service announcements.

Slashdot | Your Rights Online - Hiding Your Choices And Saying You Made Them.

An anonymous reader writes "Lawmeme's Paul Szynol describes how during installation RealPlayer hides checkboxes that elect that the user receives spam, making it look like the user chose to make the selections when in fact he probably just didn't see the options. "This is essentially a cheap and dirty marketing tactic which creates an illusion of informed acceptance by the user where no such acceptance really exists." Other people have posted similar examples from other applications. Is this illegal, or just annoying?"

Unfortunately is just annoying. But it does indicate a mind set that would make me not trust and therefore avoid a company.

Slashdot | Interview - AMI Guy Talks About TCPA, Palladium, and Other BIOS Issues.

We ran the "Call for questions" Monday, January 13, under the headline, Discuss BIOS and Palladium Issues With an AMIBIOS Rep. Note that Brian Richardson, AMI sales engineer, is a real engineer, not just a salesperson, and is also a staunch Slashdot reader who knows we have low tolerance for PR whitewashes around here. Brian's answers are real, not laundered, and he responded not only to the 10 questions we sent him but also to some he felt deserved answers even though they weren't moderated all the way up. Please note that in much of this interview he is speaking as "Brian Richardson, individual," and that his opinions do not necessarily reflect those of AMI's management. With that said, be prepared to learn a lot about the BIOS business, and how TCPA and Palladium relate (and don't relate) to it.

Workbench: Friday, January 17, 2003.

Without notifying users, AOL adds http://free.aol.com to the browser's trusted sites zone, enabling executable code from that domain to be run without permission.

The comments after the article seem to indicate that not everyone has been hit so they are not sure what the pattern is, or if its an old project.

I went back in the Privacy Digest archives and found some more info from November 03, 2001.

InformationWeek > Fred Langa > Oct. 1, 2001 - Langa Letter: More Instant-Messaging Security Holes. Fred Langa warns that hyper-aggressive IM installations may end-run your online safeguards.

[ ... ]

AOL/Netscape's abuse of browser security settings first came to my attention when reader Michael G. Baker, Jr. sent this alarming E-mail:

"When a user downloads or updates AIM, free.aol.com is added to the users' IE Trusted Sites Zone. This also happens if you download Netscape6.x with integrated AIM. It is one thing for them to put that free.aol.com link everywhere when you download N6, even in IE's bookmarks, but quite another thing to mess with security settings. Although mostly harmless, it is the principle. I don't think this is right. If this was Microsoft messing with a Netscape security setting, all hell would break loose."

It's true. Without so much as a by-your-leave, AOL software inserts "free.aol.com" into your IE browser's "Trusted Zone." Talk about an aggressive installation routine!

The IE Trusted Zone's security permissions are intentionally relaxed. Scripts and ActiveX components can run (some with no prompting); downloads are enabled; Java safety is low; cross-domain data-sourcing is allowed; there's no alert when a site's security certificate is missing or revoked; and so on. Normally, that's OK, because the only sites in the Trusted Zone are those you put there yourself, after you decide that a site is entirely above-board. (Even so, many security-conscious users put no sites in the Trusted Zone, leaving nothing to chance or goodwill, and instead enforcing at least the "Internet Zone" restrictions on all Web sites.)

By automatically placing its own site in the Trusted Zone, AOL creates a double security threat. If you (or your users) download and install Netscape 6.x, AIM, or any product with integrated AIM, not only do you have to cope with the inherent problems of an IM client itself, but you'll also have AOL set up as trusted site. That can bypass the browser security settings you've established for normal Internet connections.

They keep playing little tricks like this and they wonder why we don't trust them. Just one more reason not to try AOL's alternative to Passport/Hailstorm.

CNET NEWS.COM Perspectives - IT glitches in homeland security.

A good place to begin would be with collaboration and data sharing across multiple government agencies, jurisdictions and disciplines. In other words, let's share what we've got. The Homeland Security Department should help by enabling the integration of watch lists with federal and civilian databases. A small group of systems engineers within Homeland Security, building on existing civilian solutions by using cutting-edge programming techniques, could drive fast development and rapid prototyping. They could deliver a cost-effective solution within six months.

Longer term, we need to integrate relevant federal, state and local databases, so those who track terrorists can identify patterns of behavior that could alert us to possible attacks. Real-time data mining is already in use in retailing and readily adaptable to the needs of government. By applying pattern-matching techniques, this provides near real-time alerts when it identifies a particular pattern of behavior. This instant flow of information could be the centerpiece of our strengthened domestic-security efforts. At the same time, we must also respect a citizen's constitutional right to protect his or her own personal information.

A long-term program must therefore be the re-engineering of the IT systems of all agencies responsible for homeland security. This initiative would require an updating, but not a complete overhaul, of the federal technology infrastructure. Security agencies must be able to create an information repository that can receive, synthesize and analyze unstructured data from many different sources--a task for which workable technologies already are available.

MIT - Spam Conference.

Arrangements will be very informal: no fees, sponsorships, proceedings, luncheons, contests, etc. Just a series of quick, concentrated talks, and then we all go off and get Chinese food.

The conference will be webcast. There are four urls, one for each of the four sessions Requires RealPlayer for playback

Political News from Wired News - Democrats Fight Data-Mining Plan.

A new Senate bill seeks to undermine the Justice Department's initiative to create a database of Americans' private information to fight terrorism. The bill's sponsors say the data-mining project endangers civil liberities.

CNET NEWS.COM - One year on, is Microsoft "Trustworthy"?

A year after Bill Gates called for Microsoft to make its products more "trustworthy," executives are touting myriad initiatives as proof of the software giant's new resolve.

The company has spent millions to train staff in privacy concerns and secure programming, while building new tools and processes to help create reliable software.

But critics--and Microsoft's own executives--said much more work remains.

"A year after, the verdict is mixed," said Bruce Schneier, chief technology officer for managed-security company Counterpane Internet Security. "Some stuff, it's too early to tell; some stuff, they haven't gotten; and some, they've improved."

That's an assessment Microsoft readily concedes.

"We said that Trustworthy Computing is a 10-year project, sort of like (President) Kennedy sending people to the moon," said Scott Charney, chief security strategist for Microsoft. "We're (only) a year into it. We want to get to a point where the end user says, I trust this technology, my privacy is protected, and it is reliable."

Privacy News from Wired News - Librarians Split on Sharing Info.

In the year following the passage of the Patriot Act, librarians' response to law enforcement requests for patrons' records has been sharply divided, according to a nationwide survey.

The Patriot Act allows investigators to seize patrons' book-borrowing and Internet-surfing records to investigate terrorist leads; it also prohibits library staff from publicizing law enforcement requests for such materials.

The survey (PDF) of 906 libraries by the Library Research Center at the University of Illinois Urbana-Champaign found that in the year following the Sept. 11 attacks, federal and local law enforcement agents visited at least 545 libraries to inquire after patrons' records.

When asked to voluntarily forfeit patrons' records, roughly half the librarians cooperated with investigators without demanding a subpoena or court order, the study found.

"What surprised me most was real tension between personal beliefs and concern about what librarians are obligated to do under the law," said center director Leigh Estabrook.

Estabrook said librarians -- traditionally fierce guardians of free speech and information access -- have been forced to juggle conflicting obligations: protecting patrons' privacy as good librarians and collaborating with law enforcement requests as good citizens.