Paul Hardwick: OpEd

Big Brother State - An animated short about public surveillance by David Scharf

Sun, 11 Mar 2007 04:06:35 GMT

please also download using Bit Torrent:
(Xvid Version, ca. 50 MB, 768 px x 432 px) ---> CLICK HERE
(Big FLV Version, 55 MB, 768 px x 432 px, use FLV Player to view) ---> CLICK HERE

Check the Internet Archive for other resolutions and formats: CLICK HERE

EFF Calls For Aggressive Congressional Hearings on National Security Letter Misuse.

Sun, 11 Mar 2007 03:52:46 GMT

EFF Calls For Aggressive Congressional Hearings on National Security Letter Misuse.

EFF is calling for Congress to hold aggressive hearings on the FBI's domestic intelligence authority after the release of a Justice Department report [PDF] showing the Bureau abusing its power to collect telephone, Internet, financial, credit, and other personal records about Americans without judicial approval.

Sen. Patrick J. Leahy, D-Vermont, has said the Senate Judiciary Committee will hold hearings into the report's findings. But the widespread abuse detailed in the report requires more than just a cursory examination.

"The Bureau's misuse of its intelligence authority is an ongoing critical problem," said EFF Staff Attorney Marcia Hofmann. "Congress must use its investigative power to find out what's really going on at the FBI -- and then rein in the Bureau's investigative authority to where is was before the USA PATRIOT Act."

In the report, the Justice Department's inspector general identifies four dozen instances in which demands for personal information -- known as National Security Letters -- may have violated laws and agency regulations. The report also found that the Bureau lied to Congress about its use of the letters.

The FBI has had limited authority to issue National Security Letters for many years. However, a controversial provision of the PATRIOT Act greatly expanded the Bureau's ability to use them to gather information about anyone, as long as the agency believes the information could be relevant to a terrorism or espionage investigation.

Today's report follows the inspector general's findings last year that the Bureau had disclosed more than 100 instances of possible intelligence misconduct to the Intelligence Oversight Board in the preceding two years, a number of which were "significant."

In 2005, EFF argued in a friend of the court brief that the FBI's "unfettered authority" to issue National Security Letters "is ripe for abuse." The danger of such abuse has now been documented.

"This is not simply about errors in 'oversight,'" said EFF Senior Staff Attorney Lee Tien. "This is about disregard for the law. For example, FBI terrorism investigators ignored their own lawyers' advice to stop using so-called 'exigent' letters for about two years."

For more information, read the full report from the Justice Department, as well as this brief description of National Security Letters .

[EFF: Deep Links]

Justice Department Says F.B.I. Misused Patriot Act.

Sun, 11 Mar 2007 03:49:18 GMT

Justice Department Says F.B.I. Misused Patriot Act.

In what should not come as that big of a surprise, AP reports:

The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.

And for three years the FBI underreported to Congress how often it forced businesses to turn over the customer data, the audit found.

[sigma]The audit by Justice Department Inspector General Glenn A. Fine found that FBI agents sometimes demanded personal data on individuals without proper authorization. The 126-page audit also found the FBI improperly obtained telephone records in non-emergency circumstances.

[sigma]Fine[base ']s annual review is required by Congress, over the objections of the Bush administration.

The audit released Friday found that the number of national security letters issued by the FBI skyrocketed in the years after the Patriot Act became law.

In 2000, for example, the FBI issued an estimated 8,500 letters. By 2003, however, that number jumped to 39,000. It rose again the next year, to about 56,000 letters in 2004, and dropped to approximately 47,000 in 2005.

Over the entire three-year period, the FBI reported issuing 143,074 national security letters requesting customer data from businesses, the audit found. But that did not include an additional 8,850 requests that were never recorded in the FBI[base ']s database, the audit found.

[sigma]The FBI also used so-called [OE][base ']exigent letters,'[base '] signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.

[OE][base ']In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent,'[base '] the audit concluded.

Unbelievable. The full 199-page report can be downloaded here (PDF). And more coverage is available at Boing Boing and 27B Stroke 6.

[michaelzimmer.org]

Newly Revealed FBI Data Abuses and the Data Retention Red Flag.

Sun, 11 Mar 2007 03:43:18 GMT

Newly Revealed FBI Data Abuses and the Data Retention Red Flag.

Greetings. The release of a new report detailing massive FBI abuses of the PATRIOT Act (particularly in regard to National Security Letters), now confirms concerns that I and others have been long expressing about the potential abuse of retained Internet and other data, e.g.:

Sounding the Alarm on Government-Mandated Data Retention

An Open Letter to Google: Concepts for a Google Privacy Initiative

Broad abuses of retained data are now demonstrated to be real, not theoretical, as described in this Washington Post story.

We don't yet really know the full extent of these violations, but what has already been revealed is bad enough as a starting point.

I hope that these events will not only trigger considerable soul-searching by those firms who voluntarily retain user activity data, but also cause a renewed recognition of how broad mandated data retention can facilitate, and inevitably will facilitate, such abuses in the future.

--Lauren--

[Lauren Weinstein's Blog]

Justice: FBI misused Patriot Act powers - Yahoo! News

Fri, 09 Mar 2007 21:34:53 GMT

The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.

And for three years the FBI underreported to Congress how often it forced businesses to turn over the customer data, the audit found.

Attorney General Alberto Gonzales, who oversees the FBI, described the problems cited in the report as unacceptable and left open the possibility of criminal charges. He ordered further investigation.

"Once we get that information, we'll be in a better position to assess what kinds of steps should be taken," Gonzales told reporters following a speech to privacy officials.

[...]

The FBI also used so-called "exigent letters," signed by officials at FBI headquarters who were not authorized to sign national security letters, to obtain information. In at least 700 cases, these exigent letters were sent to three telephone companies to get toll billing records and subscriber information.

"In many cases, there was no pending investigation associated with the request at the time the exigent letters were sent," the audit concluded.

In a letter to Fine, Gonzales asked the inspector general to issue a follow-up audit in July on whether the FBI had followed recommendations to fix the problems.

"To say that I am concerned about what has been revealed in this report would be an enormous understatement," Gonzales told the privacy officials. "Failure to adequately protect information privacy simply is a failure to do our jobs."

Senators outraged over the conclusions signaled they would provide tougher oversight of the FBI -- and perhaps limit its power.

"The report indicates abuse of the authority" Congress gave the FBI, said Senate Judiciary Committee Chairman Patrick Leahy (news, bio, voting record), D-Vt. "You cannot have people act as free agents on something where they're going to be delving into your privacy."

The committee's top Republican, Pennsylvania Sen. Arlen Specter (news, bio, voting record), said the FBI appears to have "badly misused national security letters." The senator said, "This is, regrettably, part of an ongoing process where the federal authorities are not really sensitive to privacy and go far beyond what we have authorized."

Sen. Russ Feingold (news, bio, voting record), D-Wis., another member on the panel that oversees the FBI, said the report "proves that 'trust us' doesn't cut it."

The American Civil Liberties Union said the audit proves Congress must amend the Patriot Act to require judicial approval anytime the FBI wants access to sensitive personal information. "The Attorney General and the FBI are part of the problem and they cannot be trusted to be part of the solution," said Anthony D. Romero, the ACLU's executive director.

Policy Makers call for University Internet Filters.

Fri, 09 Mar 2007 17:16:28 GMT

Policy Makers call for University Internet Filters.

At today[base ']s House Judiciary Subcommittee on Courts, the Internet, and Intellectual Property hearing, titled [base "]An Update - Piracy on University Networks,[per thou] we heard from legislators that they[base ']re very concerned about [base "]piracy[per thou] on campus networks.

You should be able to watch the video of the hearing here.

The common theme of the solutions was not only educating students (which all of the witnesses said that they were working on collaboratively), but for campuses to employ technology to filter the packets flowing over the network.

[Public Knowledge - Blogging, Events, and Action Alerts]

Video: the New Kid for the Block.

Fri, 09 Mar 2007 17:13:14 GMT

Video: the New Kid for the Block.

It looks like video sites are the new flashpoint in the battle against free speech online. Perhaps it is that many states control television broadcasts far more tightly than they control the press. Judges across the world clearly think they understand how to censor television - and are surprised when their attempts to do the same to video online don't work as effectively.

In January it was Brazilian judges who found themselves caught in a hailstorm of criticism when attempting to prevent all Brazilians from downloading a salacious video of a Brazilian celebrity. When the only method of obeying the order at local ISP's disposal was blocking all of YouTube from Brazil, Brazilian net users rose up and complained. The decision was overturned three days later.

This week, it was Turkey, whose Istanbul First Criminal Court ordered Turk Telekom to redirect its users away from YouTube to prevent them seeing a video that poured scorn on Turkey and the country's founder, Mustafa Kemal Ataturk.

As in so many cases of government internet censorship, Turkey's reaction has affected the free speech rights of thousands of innocent parties, and done nothing to stop what they want to stop. The growing legions of Turkish net users were denied access to tools to share their own stories, while anti-Ataturk commentary still exists on YouTube and elsewhere. Meanwhile, nationalists inside Turkey found themselves unable to post their own responses to the video, meaning that the ratio of Turkey critics and supporters on YouTube no doubt lurched towards the critics. Those who agreed with the judges that this video was outrageous found themselves as effectively silenced as the video's maker. As one of the four college students who bravely petitioned the court Thursday, Kursat Cetinkoz, said:

"Banning access to the Website does not punish those who did that (posted the videos) but the citizens of the Turkish Republic."

It looks as if the court will now restore access now that the one video has been removed. To YouTube's credit, the company did not remove the video itself. Then again, it didn't have to: the original user appears to have deleted it from his or her account.

The reaction in Turkey, and fear of discovery and retribution by the creator may have played its part in that personal decision. For free speech online to grow, we need to have not only network operators that cannot be intimidated, but we also need safety through anonymity for speakers. Tor, and services like it, work for both viewers and writers. With Tor and other anti-censorship programs, bypassing the court's censorship was straightforward - and publishing via anonymizers helps give intimated speakers the confidence to stand their ground.

[EFF: Deep Links]

Telecoms.com - Telecoms industry "worst for consumer privacy"

Fri, 09 Mar 2007 00:27:48 GMT

The telecoms industry has been accused of collecting excessive amounts of personal data from its customers, with telecom firms faring worse for privacy than companies in other industries.

The accusations come in the "First Quarter 2007 Online Customer Respect Study of the Telecommunications Industry", from international research...

Editor: Just this teaser unless you register at their site.

C-SPAN Unchains Congressional Hearing Videos.

Thu, 08 Mar 2007 22:56:27 GMT

C-SPAN Unchains Congressional Hearing Videos.

C-SPAN has announced that, effective immediately, its videos of Congressional hearings, White House briefings, and other federal events will be freely available for noncommercial copying, sharing and posting, so long as attribution is included (sounds like the Creative Commons by-nc license, but no confirmation on whether that's what they are using). According to the C-SPAN press release, the move recognizes that we're in "an age of explosive growth of video file sharers, bloggers and online citizen journalists."

This is fantastic news! A considerable helping of the credit belongs to Carl Malamud, who responded to a copyright kerfuffle involving House Speaker Nanci Pelosi's use of C-SPAN hearing footage by writing an open letter to C-SPAN's CEO Brian Lamb challenging him to open up the archives to enable these kinds of public uses of C-SPAN content. Several meetings later, it appears C-SPAN decided to rise to the challenge.

Kudos to Carl, and kudos to C-SPAN. This is an amazing bit of public service all around. (Full disclosure: EFF represented Carl in connection with this issue, but we hardly lifted a finger -- all credit goes to Carl.)

[EFF: Deep Links]

Editor: Hmm maybe I'll have to consider making some snippets available in the future. A lot of hearings are dry, but every once in a while you get a real gem.

Yochai Benkler, Cory Doctorow, and Bruce Schneier Win EFF Pioneer Awards.

Thu, 08 Mar 2007 22:39:43 GMT

Yochai Benkler, Cory Doctorow, and Bruce Schneier Win EFF Pioneer Awards.

Mark Cuban to Keynote Award Ceremony in San Diego

San Francisco - The Electronic Frontier Foundation (EFF) is pleased to announce the winners of its 2007 Pioneer Awards: Professor Yochai Benkler of Yale Law School, writer and Boing Boing co-editor Cory Doctorow, and security technologist Bruce Schneier. Mark Cuban -- HDNet Chairman and NBA Dallas Mavericks owner -- will give the keynote address at the award ceremony. The 16th annual Pioneer Awards will be held at 7:30pm, March 27th, at the Manchester Grand Hyatt in San Diego in conjunction with the O'Reilly Emerging Technology Conference.

Professor Yochai Benkler of Yale Law School researches the effects of laws on information, knowledge, and culture in the digital world. Benkler's important contributions include a theoretical explanation of how the Internet has allowed decentralized groups to produce things like technologies and bodies of knowledge more efficiently than any centrally organized corporation or trade-based marketplace could. After the publication of Benkler's most recent book, "The Wealth of Networks," Lawrence Lessig called him "the leading intellectual of the information age."

Cory Doctorow is an activist, writer, blogger, and public speaker about copyright, digital rights management, and electronic freedom. As a co-editor of the Boing Boing blog, he highlights critical technology issues for more than a million readers a day. Doctorow has lectured around the globe and has been nominated for Hugo and Nebula Awards for his science fiction novels. Doctorow is currently the Canadian Fulbright Chair at the USC Center on Public Diplomacy. He was EFF's European Affairs Coordinator until December of 2005.

Bruce Schneier is an internationally renowned security technologist acclaimed for his criticism and commentary on everything from network security to national security. His books -- including the highly influential "Secrets and Lies" and "Applied Cryptography" -- his monthly newsletter, and his security blog have reached hundreds of thousands of people with candid and lucid analysis of security issues. Schneier has often testified before Congress on security policy.

"This year's award winners have all provided important analysis and criticism of our digital world, educating the public on how electronic systems really work and what it means to us and our future," said EFF Executive Director Shari Steele. "I'm thrilled to honor Yochai, Cory, and Bruce. They are truly pioneers of the electronic frontier."

Since 1991, the EFF Pioneer Awards have recognized individuals and organizations that have made significant and influential contributions to the development of computer-mediated communications and to the empowerment of individuals in using computers and the Internet. Past winners include World Wide Web inventor Tim Berners-Lee, Linux creator Linus Torvalds, science fiction writer Bruce Sterling, and Wikipedia founder Jimmy Wales, among many others.

Benkler, Doctorow, and Schneier were nominated by the public and then chosen by a panel of judges. This year's panel includes Kim Alexander (President and founder, California Voter Foundation), Esther Dyson (Internet court jester and blogger, Release 0.9; founding chairman of ICANN; former chairman of EFF), Mitch Kapor (Chair, Open Source Applications Foundation; co-founder and former chairman EFF), Drazen Pantic (Co-director, Location One), Barbara Simons (IBM Research [Retired] and former president ACM), James Tyre, (Co-founder, The Censorware Project; EFF policy fellow) and Jimmy Wales, (Founder, Wikipedia; co-founder, Wikia; chair emeritus of the Wikimedia Foundation).

The Pioneer Awards are sponsored by Sling Media, the world's leading digital lifestyle company offering consumer services and products. Sling Media's product family includes the internationally acclaimed Slingbox that allows consumers to watch and control their living room television at any time, from any location, using PCs, Macs, PDAs and smartphones. For more information on Sling Media or the Slingbox, visit www.slingmedia.com.

Tickets to the Pioneer Awards ceremony and Mark Cuban's keynote address are $35. If you plan to attend, RSVP to events@eff.org. You can also pay for your tickets in advance at http://secure.eff.org/pioneerfundraiser. Members of the media interested in attending the event should email press@eff.org.

For more on attending the Pioneer Awards:
http://www.eff.org/awards/pioneer

Contact:

Katina Bishop
Associate Director of Development
Electronic Frontier Foundation
katina@eff.org

[EFF: Breaking News]

The Fix is In: Massive Web Radio Fee Hike and the XM/Sirius Merger.

Thu, 08 Mar 2007 22:37:56 GMT

The Fix is In: Massive Web Radio Fee Hike and the XM/Sirius Merger. Greetings. While no conspiracy beyond "business as usual" is required to explain this confluence of events, it is fascinating to note the continuing collapse of true competition in the music and radio industries (as in the Internet ISP industry). [Lauren Weinstein's Blog]

How Computers Can Make Voting More Secure.

Thu, 08 Mar 2007 22:35:06 GMT

How Computers Can Make Voting More Secure.

By now there is overwhelming evidence that today[base ']s paperless computer-based voting technologies have such serious security and reliability problems that we should not be using them. Computers can[base ']t do the job by themselves; but what role should they play in voting?

It[base ']s tempting to eliminate computers entirely, returning to old-fashioned paper voting, but I think this is a mistake. Paper has an important role, as I[base ']ll describe below, but paper systems are subject to well-known problems such as ballot-box stuffing and chain voting, as well as other user-interface and logistical challenges.

Security does require some role for paper. Each vote must be recorded in a manner that is directly verified by the voter. And the system must be software-independent, meaning that its accuracy cannot rely on the correct functioning of any software system. Today[base ']s paperless e-voting systems satisfy neither requirement, and the only practical way to meet the requirements is to use paper.

The proper role for computers, then, is to backstop the paper system, to improve it. What we want is not a computerized voting system, but a computer-augmented one.

This mindset changes how we think about the role of computers. Instead of trying to make computers do everything, we will look instead for weaknesses and gaps in the paper system, and ask how computers can plug them.

There are two main ways computers can help. The first is in helping voters cast their votes. Computers can check for errors in ballots, for example by detecting an invalid ballot while the voter is still in a position to fix it. Computers can present the ballot in audio format for the blind or illiterate, or in multiple languages. (Of course, badly designed computer interfaces can do harm, so we have to be careful.) There must be a voter-verified paper record at the end of the vote-casting process, but computers, used correctly, can help voters create and validate that record, by acting as ballot-marking devices or as scanners to help voters spot mismarked ballots.

The second way computers can help is by improving security. Usually the e-voting security debate is about how to keep computers from making security too much worse than it was before. Given the design of today[base ']s e-voting systems, this is appropriate [~] just bringing these systems up to the level of security and reliability in (say) the Xbox and Wii game consoles would be nice. Even in a computer-augmented system, we[base ']ll need to do a better job of vetting the computers[base '] design [~] if a job is worth doing with a computer, it[base ']s worth doing correctly.

But once we adopt the mindset of augmenting a paper-based system, security looks less like a problem and more like an opportunity. We can look for the security weaknesses of paper-based systems, and ask how computers can help to address them. For example, paper-based systems are subject to ballot-box stuffing [~] how can computers reduce this risk?

Surprisingly, the designs of current e-voting technologies, even the ones with paper trails, don[base ']t do all they can to compensate for the weaknesses of paper. For example, the current systems I[base ']ve seen keep electronic records that are subject to straightforward post-election tampering. Researchers have studied approaches to this problem, but as far as I know none are used in practice.

In future posts, we[base ']ll discuss design ideas for computer-augmented voting.

'30s Hollywood Cartoon Censorship.

Wed, 07 Mar 2007 17:45:23 GMT

'30s Hollywood Cartoon Censorship. Cartoon Brew highlights how the Hayes Code impacted cartoons in 1939 -- male characters couldn't be effeminate, kids had to behave and Flossie the cow's sexy udders had to be clothed. At Table of Malcontents. [Wired News: Top Stories]

Nightline NSA Spy Exclusive: Dud.

Wed, 07 Mar 2007 17:07:37 GMT

Nightline NSA Spy Exclusive: Dud. AT&T whistleblower Mark Klein breaks silence to tell ABC News' Nightline about the NSA eavesdropping on the internet, but reveals little new information. In 27B Stroke 6. [Wired News: Top Stories]

Spying at Wal*Mart: Human nature run amuck?

Wed, 07 Mar 2007 16:46:37 GMT

Spying at Wal*Mart: Human nature run amuck? Does the Wal-Mart eavesdropping debacle have the potential to be this year's HP scandal? A former IT security staffer for the retailer evaluates what might have happened. [Computerworld Privacy News]

Cybercrime Treaty: What it Means to You

Wed, 07 Mar 2007 02:53:57 GMT

In that vein, in August the Senate ratified the Convention on Cybercrime, drafted by the Council of Europe with considerable input from the United States. So far, 43 nations have signed on. The Convention includes many sensible provisions aimed at unifying global computer-crime laws, and closes loopholes that make it possible for criminals to escape prosecution by locating their activities offshore.

But civil libertarians, along with leading telecommunications companies, strongly oppose the treaty. Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located. If France is investigating a sale of Nazi memorabilia on eBay, the U.S. must cooperate, even though such transactions are not illegal in the U.S.

Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind.

These are potentially serious problems, especially given that the Convention is open to any country that wants to join. But there are more practical reasons U.S. businesses should be concerned. The provisions for data retention and production apply to any operator of a computer network, not just telecoms. Worse, Article 12 attaches liability to businesses for "lack of supervision or control" of employees who commit criminal offenses covered by the Convention. Businesses must worry about employee activities that may be legal here, but illegal elsewhere, risking administrative, civil, or even criminal penalties.

These investigative and supervision costs will invariably be imposed on businesses without any real controls. Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you.

Cybercrime Treaty ó Hidden Costs For All.

Wed, 07 Mar 2007 02:48:08 GMT

Cybercrime Treaty [~] Hidden Costs For All. linuxtelephony writes in with an article at CIO Insight about a cybercrime treaty drafted in Europe with help from the US. It has implications for just about everyone with a network. From the article: "Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located... Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind... The provisions for data retention and production apply to any operator of a computer network, not just telecoms... Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you." [Slashdot: Your Rights Online]

Action Alert: Repeal the REAL ID Act!

Wed, 07 Mar 2007 02:24:48 GMT

Action Alert: Repeal the REAL ID Act!

The federal government has taken another step towards forcing you to carry a national ID in order to get on airplanes, open a bank account, enter federal buildings, and much more. But with state legislatures and Congressional representatives increasingly turning against the REAL ID Act, you can help stop this costly, privacy-invasive mandate -- voice your opposition now.

On March 1, the Department of Homeland Security (DHS) released draft regulations [PDF] for implementing REAL ID, which makes states standardize drivers licenses and create a vast national database linking all of the ID records together. Once in place, uses of the IDs and database will inevitably expand to facilitate a wide range of tracking and surveillance activities. Remember, the Social Security number started innocuously enough, but it has become a prerequisite for a host of government services and been co-opted by private companies to create massive databases of personal information.

REAL ID won't just cost you your privacy. The states and individual taxpayers bear the estimated 23 billion dollar burden of implementing the law, and that figure is probably low given that the necessary verification systems don't exist yet.

And what will you get in return? Not improved national security, because IDs do little to stop those who haven't already been identified as threats, and wrongdoers will still be able to create fake documents.

REAL ID is fundamentally flawed, and DHS' proposed regulations do nothing to change that. Thankfully, the tide is turning against REAL ID in a big way -- state legislatures around the country are passing or considering legislation rejecting its implementation, and Congress is considering repealing it.

The DHS regulations mean that states must have an implementation plan ready by October 2007. Make sure your Congressional representatives support the repeal of REAL ID before it's too late.

For more information, check out San Jose Mercury News' recent editorial opposing REAL ID as well as the ACLU's Realnightmare.org.

[EFF: Deep Links]

Top Secret: We're Wiretapping You.

Mon, 05 Mar 2007 21:41:41 GMT

Top Secret: We're Wiretapping You. The feds accidentally give a D.C. attorney a classified document showing that the NSA intercepted his phone calls without a warrant. When they ask for it back, they get a $2 million lawsuit along with it. By Ryan Singel. [Wired News: Security Blanket]

F2C: Freedom to Connect being webcast starting March 5

Mon, 05 Mar 2007 20:57:29 GMT

F2C is a meeting of people engaged with Internet connectivity and all that it enables, including vendors, customers, regulators, legislators, analysts, financiers, citizens and co-creators. This year, the theme of F2C is how universal connectivity and the plunging capital requirements of information production are changing our fundamental economic and social assumptions. (F2C is produced by David S. Isenberg of isen.com, LLC.)

Tune into F2C Group Chat beginning about 8:30AM, Monday 5 March

F2C Webcast available for those who can't be there. (Please participate in Group Chat too.)

Techdirt: An Economic Explanation For Why DRM Cannot Open Up New Business Model Opportunities

Mon, 05 Mar 2007 03:11:01 GMT

Continuing my increasingly lengthy series of posts on the economics of non-scarce goods, I wanted to take a look at an issue that I mentioned in passing earlier this week concerning the ongoing insistence among the entertainment industry (and the DRM industry) that DRM somehow will open up new business models. I'd like to explain why, economically, that doesn't make sense.

First, to clarify, I should point out that, technically, I mean that it doesn't make sense that DRM could ever open up feasible or successful business models. Anyone can create a new unsuccessful business model. For example, I'm now selling $1 bills for $1,000. It's a new business model (well, perhaps not to the dot coms of the original dot com boom), but it's unlikely to be a successful one (if you disagree, and would like to pay me $1,000 for $1, please use the feedback form above to make arrangements). However, for a new business model to make sense, it needs to provide more value. Providing more value than people can get elsewhere is the reason why a business model succeeds. So, any new business model must be based on adding additional value.

Why DRM Cannot Open Up New Business Models.

Mon, 05 Mar 2007 03:08:11 GMT

Why DRM Cannot Open Up New Business Models. An anonymous reader writes "Techdirt has a cool post up that doesn't just explain why DRM is bad, but gives a really interesting economic explanation for why DRM cannot create successful new business models. Since the RIAA and MPAA keep insisting that DRM will create new business models, it's useful to see an argument for why that's basically impossible." As the article says, anyone can create a "new" business model. Creating a successful "new" business model is what is so elusive here. [Slashdot]

Concurring Opinions: The Rise of Customer Blacklists

Sun, 04 Mar 2007 04:55:39 GMT

Blacklists appear to be the rage these days. With the ease of storing and sharing personal information -- coupled with lax privacy law restrictions on such activities -- companies can increasingly create blacklists of bad customers. In this article from the Ottawa Citizen, hotels in Australia and Canada (and soon the United States) are signing up for a service that compiles a blacklist against "bad" hotel guests:

DoJ Mulls Tracking Picture Uploads.

Sun, 04 Mar 2007 03:57:23 GMT

DoJ Mulls Tracking Picture Uploads. Dominus Suus passed us a link to a C|Net article about a disturbing threat to privacy from the Justice Department. According to the article, a private meeting was held Wednesday between Justice officials and telecom industry representatives. With individuals from companies such as AOL and Comcast looking on, the officials continued overtures to increase data retention by ISPs on American citizens. This week, they were specifically looking to have records kept of photo uploads. In this way, and 'in case police determine the content is illegal and choose to investigate,' an easy trail from A to Z will be available. The article provides a good deal of background on the Bush Administration's history with data retention, with ties to events even older than the Bush presidency. --- "The Justice Department's request for information about compliance costs echoes a decade-ago debate over wiretapping digital telephones, which led to the 1994 Communications Assistance for Law Enforcement Act. To reduce opposition by telephone companies, Congress set aside $500 million for reimbursement and the legislation easily cleared both chambers by voice votes. Once Internet providers come up with specific figures, privacy advocates worry, Congress will offer to write a generous check to cover all compliance costs and the process will repeat itself." [Slashdot: Your Rights Online]

Patently Bad Move Gags Critics.

Wed, 28 Feb 2007 23:47:07 GMT

Patently Bad Move Gags Critics. A company finds a sneaky new way to silence security researchers: Claim that defeating its products infringes on patents. Commentary by Jennifer Granick. [Wired News: Security Blanket]

EFF - miniLinks for 2007-02-28.

Wed, 28 Feb 2007 22:50:21 GMT

miniLinks for 2007-02-28.

Supreme Court Debates Patentability of Software
Justices look skeptically at the details of software's protection.

Toward an Ethical Patent System
European citizens unite against over-broad patents....

Bad Patents Are Bad for Business
... as does the European business community to go with it.

Canada Turns Away Americans for Past Misdemeanors
Thanks to DHS data mining, Canada turned away a visitor who shop-lifted during a fraternity prank 20 years ago and others with minor criminal records.

Has the Media Center Moved to Silicon Valley?
On the day of the Oscars, Tom Forenski thinks that films have lost their magic, and Net technology has seized it.

Whit Diffie Warns Of Overbroad Privacy Laws
"I am, on balance, more pleased with the fact that I can learn lots of information about people in minutes by using the Web than I am concerned about the fact that people can learn lots of information about me that way. And I would not like to see laws that restrict people's ability to go investigate things. "

Protect Your Users' Data With a Privacy Wall
How one company works to protect its users' financial information.

SF Chronicle: Reverse Real ID
"Congress must take a hard look at whether it makes sense to proceed with an expansive law that would be more appropriately called the National ID Act."

North Korea and the Internet
North Korea's strange, inward-looking national intranet.

Did WIPO's Director-General Lie About his age?
Confidential report suggests that he was 28 when he first took the job, not 37, and has repeatedly given the wrong age on official documents for 24 years.

The "Crime" of Blogging in Egypt
Abdelkareem Nabil Soliman is sentenced to four years for free speech.

Recording Industry Targets Colleges
Administrators get caught in the crossfire: "[The complaint] is asking us to pursue an investigation and as the service provider we don't see that as our role", says Purdue spokesman.

[EFF: Deep Links]

Lawsuits, patent claims silence Black Hat talk | InfoWorld | 2007-02-27 | By Paul F. Roberts

Wed, 28 Feb 2007 02:59:50 GMT

A planned talk on RFID security by a security researcher has been pulled from this week's Black Hat Federal security conference after secure card maker HID claimed the talk violated the company's patent rights and threatened to take legal action against Chris Paget, the researcher, and IOActive, Paget's employer, if the talk went forward.

The company decided to cancel the talk after all-night negotiations with HID collapsed, said Josh Pennell, CEO of IOActive. In response, Black Hat organizers were forced to tear materials out of printed show proceedings and will instead present a discussion by a representative of the ACLU on the criticality of RFID security, said Jeff Moss, founder and director of Black Hat.

A spokeswoman for HID did not immediately respond to a request for comment.

The incident recalled a 2005 dispute over a presentation at Black Hat in Las Vegas involving Cisco Systems and Michael Lynn, a security researcher who worked for Internet Security Systems at the time.

New Controversy over Black Hat Presentation.

Wed, 28 Feb 2007 02:55:39 GMT

New Controversy over Black Hat Presentation. uniquebydegrees writes "InfoWorld is reporting about a new controversy swirling around a planned presentation at Black Hat Federal in Washington D.C. this week. Security researcher Chris Paget of IOActive will demo an RFID hacking tool that can crack HID brand door access cards. HID Corp., which makes the cards, is miffed and is accusing IOActive of patent infringement over the presentation, recalling the legal wrangling over Michael Lynn's presentation of a Cisco IOS hole at Black Hat in 2005. Black Hat's Jeff Moss says they're standing by their speaker. A news conference is scheduled for tomorrow AM." Update: 02/27 20:10 GMT by Z :InfoWorldMike wrote with a link to story saying that the presentation has been pulled from the slate for Black Hat, as a result of this pressure. [Slashdot]

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Wed, 28 Feb 2007 00:39:01 GMT

OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.

Administrivia: Our data-center was hit by a DDOS attack today.

Tue, 27 Feb 2007 22:19:59 GMT

Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.

Protect the Children From Porn.

Tue, 27 Feb 2007 21:33:20 GMT

Protect the Children From Porn. Sending a teacher to prison for mishandling a classroom porn storm does not address the root of the problem: fear that traces back to ignorance. Commentary by Regina Lynn. [Wired News: Top Stories]

Fool Me Once, Shame On You But Fool Me Twice....

Mon, 26 Feb 2007 22:27:39 GMT

Fool Me Once, Shame On You But Fool Me Twice....

In aiming to settle a class action suit, a group of companies is throwing a proverbial pie in the face of affected consumers.

A Security Fix reader forwarded an e-mail about a benefit he allegedly was eligible to collect as a result of a class-action settlement over services offered by a subsidiary of Experian, one of the three major credit reporting bureaus.

I immediately sensed a phishing scam after reviewing the e-mail and the third-party site touted in the message, which asks the visitor to enter a Social Security number and birth date. But it turns out that the site is legitimate, although extremely insensitive to consumers.

The class-action case referenced in the e-mail is the latest in a series of lawsuits against Consumerinfo.com. The firm promised free credit reports but allegedly failed to clarify that it would charge a customer's credit card $79.95 for a "credit monitoring service."

In yet another insult for affected consumers, the Web site providing more information about the settlement encourages affected individuals to further expose their personal data online.

Consumerinfo.com agreed last week to pay $300,000 to settle charges brought by the Federal Trade Commission that it violated the terms of a previous settlement with the agency over the misleading "free credit reports." It was originally fined $950,000.

The impersonal e-mail was sent to consumers from browningnotice@gardencitygroup.com. It begins: "NOTICE FROM FEDERAL COURT. PLEASE READ. Records show that you entered into an agreement over the Internet with Consumerinfo.com or an Experian entity to purchase any Credit Check or Credit Check Monitoring (which were formerly known as CreditCheck Monitoring Service), Credit Manager (including Yahoo! Credit Manager), Triple Alert, or Triple Advantage credit-monitoring product, or you paid for a credit score sold on a Web site that also sold one of these credit-monitoring products, between June 17, 1998 and December 27, 2006. If so, you may be eligible to receive a benefit under the proposed settlement."

So, exactly what is this perk? It's 60 days of free credit monitoring service from Experian. If you don't cancel this "benefit," Experian will bill you $9.95 per month after the initial 60 days.

The e-mail details the terms of the settlement:

"If you choose credit monitoring, and you don't cancel your credit-monitoring membership after using your code to obtain the credit monitoring benefit but prior to the expiration of the 60 day, settlement benefit period, you will be billed at the then-applicable rate, which is currently $9.95, for each month that you continue your membership."

If you were an individual burned by this bogus "free credit report" offer who wasn't already insulted enough, go to browningsettlement.com, the site erected by Melville, N.Y.-based Garden City Group, a company that administers class action settlements.

The Web site includes a link to "update your contact information," where it asks a visitors to enter a Social Security number and birth date. Phishing scams almost always try to dupe people into entering personal data at fake bank and e-commerce sites by blasting out e-mails telling people they need to "update" their information. I spoke with the contact who registered the site, Frank Dmuchowski, but he referred me without comment to Garden City's public relations staff. That person in turn referred me to a woman at Experian, with whom I'm currently playing phone tag.

How else does this whole operation resemble a phishing scam? The e-mail does not address the recipient by name. It contains some very elaborate explanations and legalese that is somewhat akin to a Nigerian scheme. There is also the element of urgency. Recipients are told that if they do not respond within a given period of time, they will give up their rights to sue the company in as part of a class in any other lawsuit. Maybe that's one reason why we have seen phishing scams disguised as settlement offers succeed so well: settlement companies are conditioning consumers to respond to them, and the federal courts are encouraging this practice.

But wait, there's more. While a federal court has deemed it acceptable for companies like the Garden City Group to communicate with people this way via e-mail, anyone who wants to object or exclude themselves from the settlement terms must do so by snail mail by May 15. Anyone who wants to accept the dubious settlement benefit, however, is free to do so by e-mail.

Please do not let this May 15 deadline slip away. Write to the Browning Settlement Administrator to tell the court why you think the settlement stinks:

Objections-Browning Settlement Administrator
P.O. Box 91141
Seattle, WA 98111-9241

In addition, you can request to speak in court about the fairness of the settlement at a hearing on July 31.

Under federal law, all U.S. citizens are eligible for a free copy of their credit report from each of the three major credit reporting bureaus: Experian, Equifax and Trans Union. Consumers should take advantage of this benefit, but only by visiting http://www.annualcreditreport.com or calling a toll-free number: 1-877-322-8228. You will get the most mileage out of your free reports if you scatter them across the entire calendar year by contacting a different credit bureau every four months.

Update, 3:50 p.m.: I heard from Experian spokesperson Heather Greer, who said that all communications were reviewed and approved by the court in accordance with the settlement." With regard to this settlement, we felt that this was the best way to inform consumers as soon as possible as to the products they were entitled to as part of the class," Green said. She added that the settlement site also includes a toll-free number (1-800-399-4322) that consumers also can use to either opt-out or accept the terms of the settlement.

[Security Fix]

Wired News: Why Smart Cops Do Dumb Things By Bruce Schneier

Sun, 25 Feb 2007 04:58:46 GMT

Since 9/11, we've spent hundreds of billions of dollars defending ourselves from terrorist attacks. Stories about the ineffectiveness of many of these security measures are common, but less so are discussions of why they are so ineffective. In short: Much of our country's counterterrorism security spending is not designed to protect us from the terrorists, but instead to protect our public officials from criticism when another attack occurs.

Are we stuck with CYA homeland security? | NetworkWorld.com Community

Sun, 25 Feb 2007 04:53:52 GMT

Wired has a thought-provoking piece this morning from security expert Bruce Schneier - headlined "Why smart cops do dumb things". It makes the case that the bulk of post-9/11 homeland security excesses stem from a most natural of human instincts: the need to cover one's ass.

The headline is misleading in that the essay is not about police officers specifically, but rather public safety officials, politicians and regulators of all stripes. But on the broader score the column is dead-on accurate: We've scared ourselves half to death and thus practically demand that those entrusted with keeping us safe go to absurd extremes to keep from being scapegoated should something go wrong. ... And something will go wrong. That part of the equation is not irrational.

The only quibble I have with Schneier's assessment is his conclusion that "there might not be a solution." Call me a crazy optimist (you'd be the first), but I've got to believe there's a way out of this knot.

Human Nature Trumps Homeland Security.

Sun, 25 Feb 2007 04:41:19 GMT

Human Nature Trumps Homeland Security. netbuzz writes "Security expert Bruce Schneier suggests this morning that 'there might not be a solution' to our post-9/11 penchant for making domestic anti-terrorism decisions based on the basic human desire to cover one's backside. He might be right. But shouldn't we at least try to figure out a better way? For example, wouldn't 'Commonsense Homeland Security' be a winning political banner, not a risky one? " [Slashdot: Your Rights Online]

Pendulum Swinging Toward Privacy.

Sun, 25 Feb 2007 04:31:04 GMT

Pendulum Swinging Toward Privacy. netbuzz writes "The New York Times reports this morning on a gathering movement to remove Social Security numbers from online public records. While justifiable, given the reality of and concerns about identity theft, it also doesn't take much to imagine how such concerns will be abused by public officials who are strapped for cash and/or ethically challenged." [Slashdot: Your Rights Online]

DRM Causes Piracy.

Sun, 25 Feb 2007 04:26:18 GMT

DRM Causes Piracy. igorsk recommends an essay by Eric Flint, editor at Baen Publishing and an author himself, over at Baen's online SF magazine, Baen Universe. In it Flint argues that, far from curbing piracy of copyrighted materials, DRM actually causes it. Quoting: "Electronic copyright infringement is something that can only become an 'economic epidemic' under certain conditions. Any one of the following: 1) The products they want... are hard to find, and thus valuable. 2) The products they want are high-priced, so there's a fair amount of money to be saved by stealing them. 3) The legal products come with so many added-on nuisances that the illegal version is better to begin with. Those are the three conditions that will create widespread electronic copyright infringement, especially in combination. Why? Because they're the same three general conditions that create all large-scale smuggling enterprises. And... Guess what? It's precisely those three conditions that DRM creates in the first place. So far from being an impediment to so-called 'online piracy,' it's DRM itself that keeps fueling it and driving it forward." [Slashdot: Your Rights Online]

RIAA to Parents: Pop-Ups + Viruses = Piracy!

Sun, 25 Feb 2007 04:01:25 GMT

RIAA to Parents: Pop-Ups + Viruses = Piracy!

If a parent sees pop-up ads and viruses on her computer, she can be sued for copyright infringement by the RIAA.

At least that's what the RIAA is arguing in a recent court filing in the Capitol v. Foster case, in which a federal judge made the RIAA cough up attorney's fees to a mother, Debra Foster, who had been sued because her daughter was file sharing. The RIAA lawyers had dawdled in dismissing their complaint against Foster, even after her child admitted to being the file-sharer in the house (the RIAA went ahead and got a default judgment against the child).

This new filing marks the first time the RIAA has explained its claim that parents are liable for the infringements committed by their children (a theory that has never been accepted by any court, to the best of my knowledge). The argument is pretty remarkable, built on a house of cards including the notion that "everyone knows" pop-up ads and viruses signify piracy! Here's the relevant portion of the RIAA brief:

Given that it has been established that the Kazaa file-sharing program was on the Foster family's computer, the evidence would have established that the Kazaa icon was clearly visible on the computer when defendant was using it and that there were likely a substantial number of pop-up advertisements, the types of which have been associated with the Kazaa program.

In other words, the RIAA believes that pop-up ads and a system tray icon should put every parent on the hook for every download on the computer.

In addition, it is undisputed that defendant had an account with Cox Communications. Defendant's subscriber agreement with Cox made clear that defendant, as the account holder, was responsible for what is done on her account. ...

Here, the RIAA is trying to make a private contract between Cox and the parent into a promise to the RIAA. Of course, since this is standard boilerplate in ISP customer agreements, this argument would apply equally to every broadband subscriber, whether parent, employer, library, or school.

Finally, plaintiffs believe that discovery would have revealed substantial other evidence of defendant's knowledge and material assistance in the underlying infringements. For example, the computer may well have been in a common area such that defendant heard music coming from the computer when admitted infringer Amanda Foster was using it. In addition, the evidence may have established, as it has in other similar cases, that there were viruses on the computer due to Kazaa and that defendant may have had work done on the computer that would have revealed the existence of the file-sharing program. ...

Yes, parents, that means every time you hear music emanating from a computer, the RIAA believes you have a legal duty to check the copyright pedigree of its source. Oh, and if your computer has a virus, same answer.

Similarly, plaintiffs believe that, had they been given the opportunity, they would have been able to prove vicarious infringement. Specifically, plaintiffs would have proved that, as a parent, defendant had the full right and ability to control her daughter's use of the computer at issue. Most parents impose restrictions on computer usage by their children (e.g., rules about pornography sites and chat rooms), and plaintiffs believe that defendant would have done so as well. Plaintiffs further would have proven that defendant had a direct financial interest in her daughter's infringing activities, which, of course, involve substantial sums of money in terms of the value of the recordings at issue and the potential liabilities resulting from such activities.

By this logic, the more responsible you are as a parent, the more the RIAA will be entitled to collect from you. Moreover, the RIAA is confusing the benefit to the child with the benefit to the parent. As every parent knows, just because your kids wants a new CD doesn't mean you would have bought it for them.

Let's be clear what this pretzel logic is really all about -- the RIAA wants to reach a hand into every parent's pocket in order to fuel their mass litigation campaign, irrespective of whether the law supports this. But there is a bigger risk, as well. If court's accept this argument in file-sharing cases, the RIAA will have a precedent to use against every employer, every library, and every school for every copyright infringement committed on its computers. So I'm on the side of the judge in Capitol v. Foster, who dubbed these RIAA arguments "untested and marginal."

For more on parental liability in RIAA file sharing lawsuits, take a look at the memo we prepared on the subject in 2005 (soon to be updated in light of more recent authorities, including Capitol v. Foster).

[EFF: Deep Links]

Going to Canada? Check your past / Visitors with minor criminal records turned back at border

Fri, 23 Feb 2007 22:25:44 GMT

There was a time not long ago when a trip across the border from the United States to Canada was accomplished with a wink and a wave of a driver's license. Those days are over.

Take the case of 55-year-old Lake Tahoe resident Greg Felsch. Stopped at the border in Vancouver this month at the start of a planned five-day ski trip, he was sent back to the United States because of a DUI conviction seven years ago. Not that he had any idea what was going on when he was told at customs: "Your next stop is immigration.''

Felsch was ushered into a room. "There must have been 75 people in line," he says. "We were there for three hours. One woman was in tears. A guy was sent back for having a medical marijuana card. I felt like a felon with an ankle bracelet.''

[...]

Welcome to the new world of border security. Unsuspecting Americans are turning up at the Canadian border expecting clear sailing, only to find that their past -- sometimes their distant past -- is suddenly an issue.

While Canada officially has barred travelers convicted of criminal offenses for years, attorneys say post-9/11 information-gathering, combined with a sweeping agreement between Canada and the United States to share data, has resulted in a spike in phone calls from concerned travelers.

They are shocked to hear that the sins of their youth might keep them out of Canada. But what they don't know is that this is just the beginning. Soon other nations will be able to look into your past when you want to travel there.

[...]

"From the time that you turn 18, everything is in the system,'' says Lucy Perillo, whose Canada Border Crossing Service in Winnipeg, Manitoba, helps Americans get into the country.

[...]

So it isn't as if rules have stiffened. But what has changed is the way the information is gathered. In the wake of 9/11, Canada and the United States formed a partnership that has dramatically increased what Lesperance calls "the data mining'' system at the border.

The Smart Border Action Plan, as it is known, combines Canadian intelligence with extensive U.S. Homeland Security information. The partnership began in 2002, but it wasn't until recently that the system was refined.

"They can call up anything that your state trooper in Iowa can,'' Lesperance says. "As Canadians and Americans have begun cooperating, all those indiscretions from the '60s are going to come back and haunt us.''

[...]

The lesson, the attorneys say, is that if you must travel to Canada, you should apply for "a Minister's Approval of Rehabilitation" to wipe the record clear.

Oh, and by the way, if you don't need to travel to Canada, don't think you won't need to clear your record. Lesperance says it is just a matter of time before agreements are signed with governments in destinations like Japan, Indonesia and Europe.

"This,'' Lesperance says, "is just the edge of the wedge.''

Cerf: Internet Reflects Society.

Fri, 23 Feb 2007 17:04:22 GMT

Cerf: Internet Reflects Society. Online abuses merely mirror its users' interests, says Net luminary and ICANN chief. [PC World: Latest Technology News]

What would you do as chief information security officer?

Fri, 23 Feb 2007 16:56:57 GMT

What would you do as chief information security officer. Becoming the chief information security officer (CISO) of a corporation makes you a strategic IT advisor to business management, the chief information officer, and the rest of the information technology staff. Just as no company is the same as another, the job of CISO -- or alternately, "chief security officer," which might include physical security as well -- isn't either. The four security professionals who share their priorities with us make it clear there's nothing cookie-cutter about the top IT security job.
[CSO Online Data Security Briefing]

Social Networks Key to 2008 Race.

Fri, 23 Feb 2007 16:51:14 GMT

Social Networks Key to 2008 Race. Social networking sites have changed the game for political candidates. [PC World: Latest Technology News]

Colleges Struggle to Cope With Flood of Copyright Complaints.

Fri, 23 Feb 2007 16:49:38 GMT

Colleges Struggle to Cope With Flood of Copyright Complaints.

The major record labels are sending thousands more copyright nastygrams to colleges regarding student file sharing this year. Of course, file sharing continues unabated, and these P2P-related notices will simply push fans to use other readily-accessible technologies that the RIAA can't easily monitor -- copying music through iTunes over the campus LAN, swapping hard drives and USB flash drives, burning recordable DVDs, and forming ad hoc wireless networks.

So the RIAA's strategy still won't stop file sharing, but it certainly will cause collateral damage to academic freedom, free speech, and privacy. In a recently released report, the Brennan Center lays out what that cost looks like today based on interviews with representatives from 25 service providers including 10 from universities. Universities are already being forced to waste substantial resources on doing the RIAA's dirty work. Flooded with machine-generated complaints, schools are unable to evaluate the merits of particular complaints. While lacking procedural safeguards to make sure students wrongly accused of infringement are not penalized, many schools have adopted stricter penalties than the law requires. Schools have also adopted network monitoring and filtering tools that interfere with legitimate expression.

The increase in P2P-related notices stands only to make matters worse. The RIAA's Cary Sherman states that the increase in the notices is "something we feel we have to do," but blanket licensing provides a clear alternative to blanket lawsuits. Take action now to help stop the lawsuit campaign.

[EFF: Deep Links]

AT&T Whistleblower Wins Award.

Thu, 22 Feb 2007 16:28:40 GMT

AT&T Whistleblower Wins Award.

Whistleblower Mark Klein will get some well-deserved acknowledgement when he receives a James Madison Freedom of Information Award next month. The award could hardly find a more deserving recipient [~] Klein is the former AT&T technician who exposed the extent of the government's warrantless wiretapping program

In early 2006, Klein came forward with internal AT&T documents that show the company cooperated with the NSA's secret program to eavesdrop on internet communications, in violation of federal wiretapping laws and the Fourth Amendment. Klein's evidence demonstrates that in at least one of AT&T's facilities, internet traffic was diverted to a secret, secure room to which only the NSA had access.

All of the documents have been used in EFF's court case, which is currently under review by the Ninth Circuit Court of Appeals and a portion have been made broadly available on the internet since April, 2006.

In the words of EFF Staff Attorney Kurt Opsahl, Klein is [base "]a true American hero.[per thou] This public recognition of his bravery in defense of the public's right to know is richly deserved.

[EFF: Deep Links]

Music moguls seek security blanket - Los Angeles Times

Thu, 22 Feb 2007 16:24:50 GMT

One way to judge the music industry's troubles is to watch annual sales figures for CDs, which have slumped 25% since 2000. But it's more revealing to chart how the major record companies' attitudes about new business models online have been shifting.

At first the shifts were almost too small to notice, as when the labels started making a handful of downloadable songs available for $2.50 or more. But as the file-sharing phenomenon grew and CD sales slipped, the changes became more pronounced. The labels started offering the rights to songs on terms that didn't cripple their online partners. They embraced Apple's iTunes Music Store, whose anti-piracy technology doesn't actually limit copying. They cut deals with file-sharing companies for subscription services that let users share the songs they rented.

Along the way, though, the major labels adamantly refused to do the kind of deal necessary to replicate what the original Napster, Kazaa and eDonkey had provided: they would not accept a flat fee a "blanket" license that lets Internet service providers sell an all-you-can-eat sonic buffet, enabling customers to download, burn and swap as much as they pleased. The rights would be included in the cost of a high-speed Internet access line, so the downloads would seem free while still generating royalties for artists, songwriters, labels and publishers.

That reticence may be giving way, too, thanks to the relentless decline in revenue. Just look at what the head of the major record companies' global trade group, let slip last month at a music-industry gathering in France. If Internet service providers "want to come to us and look for a blanket license for an amount per month," IFPI chief John Kennedy said, "let's engage in that discussion."

His U.S. counterpart, Mitch Bainwol of the Recording Industry Assn. of America (RIAA), quickly added that the licenses should be negotiated voluntarily, not compelled by the government. So that part of the labels' thinking hasn't changed. Nevertheless, Kennedy's remark reflects a potential sea change in the way the record companies do business. If the labels follow through, it could trigger the greatest explosion in innovation since engineers at the Fraunhofer Institute in Germany developed the MP3 format.

That's a big "if," but two of the four majors have already taken the first step. In England, a venture called PlayLouder MSP is negotiating deals with record companies and music publishers for a competitively priced high-speed Internet access service that will include the right to download millions of songs, transfer them to portable devices and share them with friends. The main restriction is that subscribers can't send songs to people who aren't customers of PlayLouder MSP. In other words, it's a private electronic playground for music lovers.

The company, which expects to launch its service this year, plans to put a chunk of the monthly service charges into a royalty pool that would be divided according to popularity--the more often a song is downloaded, the larger the share of the pool that its copyright holders will receive. To monitor the network and enforce its borders, PlayLouder MSP relies on technology that can identify songs as they pass through the network--and, if necessary, block them. So far, several large independent labels from the U.S. and the U.K. have agreed to let the company offer MP3s of all their songs, while two of the majors, Sony BMG and EMI, have agreed to supply songs wrapped in electronic locks. Those locks won't make much difference, though; as part of the deal, subscribers will be free to share MP3s from all of PlayLouder MSP's partners, including Sony BMG and EMI.

LA Times: Start Blanket Licensing, Stop Blanket Lawsuits.

Thu, 22 Feb 2007 16:19:11 GMT

LA Times: Start Blanket Licensing, Stop Blanket Lawsuits.

The major record labels have stayed the course for the last five years with predictable results -- they've stuck by DRM, ratcheted up their file sharing lawsuit campaign, and let revenues continue to slide. Today, the LA Times suggests some reasons to think the labels may finally be coming around to a sensible solution that EFF has long advocated -- blanket licenses for music fans to share as much music as they like for a flat monthly fee.

"If Internet service providers 'want to come to us and look for a blanket license for an amount per month,' IFPI chief John Kennedy said, 'let's engage in that discussion....'
In the past, label executives made three main arguments against the blanket-licensing concept: it turned their companies into glorified marketing firms; it forced labels to fight over a fixed pool of dollars, so that one artist's gain was another one's loss; and there wouldn't be enough money in the pool to replace all the CD sales that would be lost. The first two complaints get little mention today; instead, the make-or-break issue for blanket-licensing deals is the amount of royalties the service can generate."

"That's the right focus. Blanket licensing wouldn't transform labels into advertising companies; the only element of their business they would lose is the part that distributes plastic discs, and that's going away anyway. When consumers can choose from a virtually unlimited supply of songs, the ability of a label to find, sign and promote the most compelling artists will be even more important than it is today. And the fees that consumers pay for downloading rights represent only a portion of the money [that blanket licensing] could generate for copyright holders. There's also money to be made from advertisers, mobile phone companies, device makers and premium music services that want to insert themselves into the network."

As we point out in our white paper about blanket licensing, even a small monthly fee from the millions of American filesharers could provide more profit than the industry has ever seen.

Unfortunately, the record labels haven't done a complete 180 from their backward-thinking ways. For instance, the labels seem eager to coopt ISPs into helping push their file sharing lawsuit campaign even further, and the AP reports that the labels have radically increased their copyright notices aimed at college students. Neither of these actions will put a dime in artists' pockets or get the labels any closer to a real solution.

The LA Times story closes by saying, "You have to wonder how low [major label revenues] have to go before blanket licenses look like a better approach than blanket lawsuits." To put it another way: how much longer do ordinary music fans and innovators have to be treated like criminals before a better way forward is finally pursued?

[EFF: Deep Links]

From the Unmitigated Gall Department.

Thu, 22 Feb 2007 16:15:31 GMT

From the Unmitigated Gall Department.

How is it that the National Association of Broadcasters, which is seeking regulatory relief from current media ownership caps, has the gumption to criticize the proposed merger of XM Satellite Radio and Sirius Satellite Radio? Their statement following the announced merger can be found here, but this is the part I like best:

When the FCC authorized satellite radio, it specifically found that the public would be served best by two competitive nationwide systems. Now, with their stock price at rock bottom and their business model in disarray[sigma]they seek a government bail-out to avoid competing in the marketplace.

[Public Knowledge - Blogging, Events, and Action Alerts]

Hip-Hop Outlaw (Industry Version) - Samantha M. Shapiro - New York Times

Mon, 19 Feb 2007 22:02:09 GMT

Late in the afternoon of Jan. 16, a SWAT team from the Fulton County Sheriff's Office, backed up by officers from the Clayton County Sheriff's Office and the local police department, along with a few drug-sniffing dogs, burst into a unmarked recording studio on a short, quiet street in an industrial neighborhood near the Georgia Dome in Atlanta. The officers entered with their guns drawn; the local police chief said later that they were "prepared for the worst." They had come to serve a warrant for the arrest of the studio's owners on the grounds that they had violated the state's Racketeer Influenced and Corrupt Organizations law, or RICO, a charge often used to lock up people who make a business of selling drugs or breaking people's arms to extort money. The officers confiscated recording equipment, cars, computers and bank statements along with more than 25,000 music CDs. Two of the three owners of the studio, Tyree Simmons, who is 28, and Donald Cannon, who is 27, were arrested and held overnight in the Fulton County jail. Eight employees, mostly interns from local colleges, were briefly detained as well.

Later that night, a reporter for the local Fox TV station, Stacey Elgin, delivered a report on the raid from the darkened street in front of the studio. She announced that the owners of the studio, known professionally as DJ Drama and DJ Don Cannon, were arrested for making "illegal CDs." The report cut to an interview with Matthew Kilgo, an official with the Recording Industry Association of America, who was involved in the raid. The R.I.A.A., a trade and lobbying group that represents the major American record labels, works closely with the Department of Justice and local police departments to crack down on illegal downloading and music piracy, which most record-company executives see as a dire threat to their business.

Kilgo works in the R.I.A.A.'s Atlanta office, and in the weeks before the raid, the local police chief said, R.I.A.A. investigators helped the police collect evidence and conduct surveillance at the studio. Kilgo consulted with the R.I.A.A.'s national headquarters in advance of the raid, and after the raid, a team of men wearing R.I.A.A. jackets was responsible for boxing the CDs and carting them to a warehouse for examination.

Macrovision's DRM valentine: Consumers not only need it, they will love it

Mon, 19 Feb 2007 21:30:00 GMT

Fred Amoroso is the CEO of Macrovision, a company that earns its keep by inventing and maintaining DRM systems and charging Hollywood an arm and a leg for it. The two are a good match, insofar as they both greatly fear technology, and both spin amazing tales to bolster their views.

In the wake of Steve Jobs' fashionably-late missive against DRM, Amoroso has crafted a response that seeks to convince us all that DRM is not only needed, it's actually a fantastic "enabler" that consumers should embrace. He focuses on four arguments:

DRM is broader than just music
DRM increases, not decreases consumer value
DRM will increase electronic distribution
DRM needs to be interoperable and open

DRM is indeed broader than music, and it's no surprise that the CEO of a DRM-producing company would like to see DRM put on everything possible, particularly movies, music, games and software. The reasons why we should want this are ridiculous.

The Doghouse: Onboard Threat Detection System.

Mon, 19 Feb 2007 02:44:55 GMT

The Doghouse: Onboard Threat Detection System.

It's almost too absurd to even write about seriously -- this plan to spot terrorists in airplane seats:

Cameras fitted to seat-backs will record every twitch, blink, facial expression or suspicious movement before sending the data to onboard software which will check it against individual passenger profiles.

[...]

They say that rapid eye movements, blinking excessively, licking lips or ways of stroking hair or ears are classic symptoms of somebody trying to conceal something.

A separate microphone will hear and record even whispered remarks. Islamic suicide bombers are known to whisper texts from the Koran in the moments before they explode bombs.

[Schneier on Security]

EFF: DeepLinks - RIAA to ISPs: Help Us Sue Your Customers Better

Sun, 18 Feb 2007 23:53:10 GMT

As if suing thousands of music fans isn't bad enough, now the RIAA wants to conscript ISPs into helping them streamline the shakedowns. The major record labels sent a letter to ISPs across the country asking them to trade away customers' rights and make the overzealous file sharing lawsuits more profitable -- and the RIAA even has the audacity to suggest that this is all for your own good.

ISPs currently have no obligation to maintain IP log files, and that's a good thing when it comes to protecting your privacy. Those log files can serve as Internet breadcrumbs -- your ISP and any third party that has access to them can retrace your online activities.

But the RIAA wants ISPs to maintain (and disclose) a customer's IP logs for six months whenever the RIAA says the user may have infringed copyright. In exchange, the record companies will reduce its initial lawsuit settlement demands. Of course, the actual customer would have no say in the matter. The RIAA letter says it wants the information kept because it could "exculpate" the customer, but of course those same records can also implicate the user. Funny, the labels don't mention that.

EFF and others have long warned that copyright claims could become an altar on which personal privacy is sacrificed. Now the RIAA wants your ISP to voluntarily wield the knife, and there's no telling what else the RIAA might ask for once this cut has been made.

The RIAA also wants ISPs to keep customers in the dark about their legal options. Before the RIAA has even verified that the user is correctly identified, it wants ISPs to send along a note saying the user might be sued and can already settle potential claims. At the same time, the RIAA scolds ISPs for giving information to their customers that could help provide sound legal counsel. Instead, the RIAA wants ISPs to direct subscribers solely to the RIAA.

MPAA Violates Another Software License.

Sun, 18 Feb 2007 23:45:13 GMT

MPAA Violates Another Software License. Patrick Robib, a blogger who wrote his own blogging engine called Forest Blog recently noticed that none other than the MPAA was using his work, and had completely violated his linkware license by removing all links back to the Forest Blog site, not crediting him in any way. The MPAA blog was using the Forest Blog software, but had completely stripped off his name, and links back to his site. He only found about it accidentally when he happened to visit the MPAA site. [Slashdot: Your Rights Online]

Is AT&T helping the NSA ? First your phone calls and now your e-mails (For Your Eyes Only? ) NOW | PBS.

Sun, 18 Feb 2007 19:53:13 GMT

For Your Eyes Only? NOW | PBS

This week, NOW reports on new evidence suggesting the existence of a secret government program that intercepts millions of private e-mails each day in the name of terrorist surveillance. News about the alleged program came to light when a former AT&T employee, Mark Klein, blew the whistle on what he believes to be a large-scale installation of secret Internet monitoring equipment deep inside AT&T's San Francisco office. The equipment, he contends, was created at the request of the U.S. government to spy on e-mail traffic across the entire Internet. Though the government and AT&T refuse to address the issue directly, Klein backs up his charges with internal company documents and personal photos.

QDN: The growing consensus behind OpenID

Fri, 16 Feb 2007 18:28:06 GMT

It's because of this that I'm so happy to see an initiative like OpenID succeeding. A few years ago, the idea of OpenID was floated by the inestimable Brad Fitzpatrick (the father of LiveJournal, now a Six Apart property) as a way for people to carry around virtual identity cards on the net, and to securely use those credentials as a way of demonstrating to others on the internet who they really are. Between then and now, OpenID's development has taken place out in the open, on mailing lists and wikis and web forums, and the result is a technology that Microsoft adopted last week and AOL has been quietly rolling out to its online service and instant messenger users for a few months now. That's a great adoption rate, and I'd like to think that it's because it's a technology that's sorely needed on today's web. I'm not naive enough to think that it's a salve to cure all the net's wounds -- for example, there's still work to be done to make sure that anonymous ID providers don't become the way spammers and miscreants get around the system -- but I'm hopefuly enough to recognize that OpenID might be one of the more important building blocks to us all being able to trust our online interactions just a bit more.