Change.gov Content Now Under Creative Commons License

In the last few days, President-elect Obama's transition team took a significant stride towards a more open government by licensing the content of Change.gov under a Creative Commons Attribution license. Using that license essentially means that the transition team is allowing others to freely share and remix what's posted there, provided that reposts are attributed to Change.gov. The move is a victory for the public and the many advocates for a more wired, participatory democracy.

It's also another reminder of the importance of Creative Commons, which affords creators an opportunity to opt for something less than Disney-style copyright restrictions. By embracing a CC license, the Obama team sets a valuable example for others in government, many of whom may have defaulted to "all rights reserved" without considering other options.

While Change.gov has experienced some growing pains, the transition team appears to be making a real effort to use the website as a legitimate location for its conversation with the American public. The preview post of the President-elect's planned weekly address (posted on Thanksgiving Day) includes links to multiple sources — an embedded YouTube video, a link to the same video posted to Yahoo! Video, and a high-resolution .mov file — with the Creative Commons license guaranteeing that the public can freely share, remix, comment, and report on the President-elect's statement.

The switch to Creative Commons licensing is encouraging and we hope that it is a herald of more pro-open government changes to come.

[Permalink]

Apple Downgrades Macbook Video with DRM

Once again, thanks to DRM, a new product ends up less useful than the one it replaces. This time, it's the new family of Apple Macbook laptop computers that gets the downgrade.

When it launched the new Macbooks, Apple announced that they would sport a new digital video output connector, known as Mini DisplayPort. What Apple failed to mention, however, is that those connectors allow movies studios to force the computer to authenticate any external monitor before allowing playback of programs purchased or rented from the iTunes Store (Microsoft's Windows Vista does something similar). In other words, the HDTV monitor or projector that worked for you yesterday, won't work with your new computer tomorrow if Hollywood has embedded a flag in the iTunes content you paid for.

This is a remarkably short-sighted move for both Apple and Hollywood. This punishes existing iTunes customers: several have reported that iTunes purchases that played on external monitors on their old Macbooks no longer will play on their new Macbooks. In other words, thanks to the Macbook "upgrade," Apple just "downgraded" everyone's previous investment in iTunes content (if we've told you once, we've told you a dozen times -- when you buy DRMd content, the vendor can snatch your investment from you at any time).

And it's still not clear how bad this will be for purchasers of new Macbooks -- if Apple has deployed DPCP content protection on its DisplayPort implementation, there are virtually no display devices that support this new-fangled lockdown standard (it's not clear from news reports whether the Macbook DisplayPort will work with HDCP-compatible display devices over DVI or HDMI connectors).

As for the movie studios, this gives legitimate customers one more compelling reason to avoid "legit" sources of content in favor of downloading from The Pirate Bay or ripping DVDs using Handbrake. So this is just another example of the way in which the MPAA companies use DRM not to stop piracy (since this will, if anything, encourage people to opt for the Darknet), but rather to control those who make devices that play movies.

[Permalink]

Google is Done Paying Silicon Valley's Legal Bills

[I wrote the following op-ed, which appeared in the Nov. 14 issue of The Recorder. Because that publication's website is not publicly available, I'm posting a copy here, with their permission.]

For most of the decade, Silicon Valley technology startups have assumed that Google would pay their legal bills. Not literally, mind you, but rather by taking on the big, high-profile cases about fair use, interoperability, and other digital intellectual property issues that would set precedents that all disruptive innovators could rely on.

Well, Google just put the Valley on notice that the free ride is over, which means more legal burdens for smaller technology companies that previously depended on Google clearing a path for them.

Late last month, Google announced a settlement in its lawsuit with book publishers and authors over its Google Book Search offering. At the heart of the dispute is the question of whether scanning copyrighted books in order to index them violates copyright law, as the publishers argued, or is permissible as a fair use, as Google argued. If approved by the court, the $125 million settlement would buy Google — and only Google — permission not just to scan books for indexing purposes, but also to expand Book Search to provide more access to the scanned books.

The Book Search case is just one of a series of high-stakes lawsuits that Google has taken up in the name of the disruptive innovation that fuels the Internet economy. Others include the billion-dollar suit brought by Viacom over copyrighted video clips appearing on YouTube, as well as cases brought by trademark owners attacking Google's right to sell trademarks as keyword triggers for those "sponsored links" that appear when you use Google's search engine. Google has also fought copyright owners to defend its search engine, news aggregation, image search and Web caching activities.

Google, assisted by its expensive, top-drawer legal team, has a track record of winning these precedent-setting Internet cases. And by winning, Google sets a precedent that other innovators can rely on, as well. In essence, Google's legal investments have paid dividends for the entire Internet innovation economy.

Until now. By settling rather than taking the case all the way (many copyright experts thought Google had a good chance of winning), Google has solved its own copyright problem — but not anyone else's. Without a legal precedent about the copyright status of book scanning, future innovators are left to defend their own copyright lawsuits. In essence, Google has left its former copyright adversaries to maul any competitors that want to follow its lead.

Google will doubtless be considering the same endgame for the Viacom lawsuit against YouTube. If Google can strike a settlement with a large slice of the aggrieved copyright owners, then it solves the copyright problem for itself, while leaving it as a barrier to entry for YouTube's competitors.

But when innovators like Google cut individual deals, it weakens the Silicon Valley innovation ecology for everyone, because it leaves the smaller companies to carry on the fight against well-endowed opponents. Those kinds of cases threaten to yield bad legal precedents that tilt the rules against disruptive innovation generally.

For better or worse, it looks like tomorrow's cutting-edge Internet law precedents are going to be left to smaller companies to set. That means smaller startups (and their venture capital backers) need to start planning strategically to pick up the slack left by Google's gradual retreat from the field of battle. To put it bluntly, they need to set aside real money for litigation and find ways to cooperatively invest in the legal precedents that all of them collectively need.

Reproduced with permission from the Nov. 14, 2008 edition of The Recorder, copyright 2008 ALM Properties. Further reproduction without permission prohibited without permission of ALM Properties.

[Permalink]

The WIPO Broadcasting Treaty: Back from the Dead?

Last year, we reported that WIPO Member States had decided to postpone holding an intergovernmental diplomatic conference to adopt the controversial Broadcasting Treaty. For us, and the many others who had expressed concern about the proposed treaty, this was welcome news. But it was short-lived. In 2008, the Broadcasting Treaty is being pushed by its supporters with a vengeance. Surprisingly, the US seems to have reversed its most recent position, and expressed support for continuing treaty negotiations so long as it includes webcasting.

Despite the fact that there has been no agreement on fundamental elements of the treaty after over 10 years of negotiations, in March there was a concerted move to resurrect negotiations, led by the European Community and Japan, with support from a set of other countries. At the September 2008 WIPO General Assembly meeting, a number of WIPO national delegates expressed support for finalizing treaty negotiations. Then in October, the long-standing WIPO Copyright Committee Chair, Mr. Jukka Liedes of Finland, produced an "informal paper" describing the process of negotiations so far, and proffered several options which would result in continuing discussions and finalization of the treaty.

Yesterday, the Broadcasting Treaty was the main topic of discussion at this week's meeting of the WIPO Standing Committee on Copyright in Geneva. In spite of the enthusiastic efforts of treaty supporters, consensus still seems quite a long way off. Several country delegations (France on behalf of the European Community, Japan, El Salvador and China) expressed support for concluding a treaty. Others repeated that the treaty must be limited to protection of signals and not grant exclusive rights, which the current draft does (Pakistan on behalf of the Asia Group, the Africa Group, South Africa, India. the US).

As in previous meetings, the most contentious issue was whether the treaty should give broadcasters and cablecasters exclusive rights over Internet retransmissions of broadcast and cablecast content. The Africa Group, China, Nigeria, India, South Africa and Egypt all opposed inclusion of webcasting or extension to Internet transmissions. Japan, the US, Australia and the Ukraine supported the extension of the treaty to the Internet.

The US delegation said that if discussions are to continue, the treaty should include webcasting. This is a reversal of the United States' most recent position, and harks back to a May 2006 meeting, where it was agreed to take out webcasting and divide the treaty into two tracks -- first, a treaty on broadcasting and cablecasting, and then second, an instrument dealing with broadcasting on the Internet -- webcasting or "netcasting", as the US had wanted, and "simulcasting", as supported by the EU.

Yesterday, the United States' delegation stated it had agreed only temporarily to limit the scope of the treaty to traditional broadcasting entities, provided that simulcasting was also excluded, and with the failure to move to a diplomatic conference in 2007, any agreement on the two-track approach had now expired. In other words, the US apparently wants to go back to 2006 and bring webcasting or "netcasting" back in to the treaty. Finally, in case there was any doubt, the North American Broadcasters' Association repeated that their strong preference is for a treaty with exclusive rights for broadcasters and extending to Internet retransmissions.

EFF and a diverse group of public interest NGOs, libraries and major U.S. tech industry players continue to oppose the current treaty draft because it's not limited to signal protection, but would instead create a new layer of exclusive intellectual property rights for broadcasters and cablecasters that would harm access to knowledge and consumers' existing rights under national copyright law, endanger citizen broadcasting on the Internet, raise competition policy concerns and stifle technological innovation. Here and here is the joint statement presented by that group to WIPO this week. And here's EFF's briefing paper on our concerns with the current treaty draft.

Discussions at WIPO wound up today, after heated discussions on the issue of copyright exceptions and limitations. Member states agreed to keep the Broadcasting Treaty on the Copyright Committee's agenda and asked WIPO to convene an information session at the next meeting in May to discuss outstanding issues. The Committee did not make a decision on the various options presented by the Chair in his informal paper. Perhaps most importantly, Member States affirmed the mandate previously provided by the WIPO General Assembly -- that the treaty must be framed on a signal-based approach, and that the convening of a diplomatic conference could be considered only after agreement has been achieved on the treaty's objectives, specific scope and objectives. We'll be back shortly with the full text of the final adopted conclusions of the meeting and our analysis of this week's key issue, copyright exceptions and limitations for the visually impaired, libraries and archives, education and innovative services.

(With many thanks to Sherwin Siy of Public Knowledge and Judit Rius Sanjuan of KEI for their notes of delegates' interventions.)

[Permalink]

The Two Best Books About the DMCA

The blogosphere is doing a great job examining the legacy of the Digital Millennium Copyright Act (DMCA), which was enacted into law ten years ago this week. But people frequently ask me where they can turn for a more in-depth analysis of the DMCA, DRM, and their impact on digital culture. For them, there are two books I recommend first and foremost.

First, there is Jessica Litman's Digital Copyright, which does a masterful job explaining how the DMCA (and much of the rest of our copyright law) came to be. Tracing the law from its beginnings in the internal bureaucracy of the Clinton administration in 1992, over to the international treaty realm of the World Intellectual Property Organization (WIPO), and back to Congress, her account lays bare the political realities that produced a law that put corporate interests before the public interest.

Second, there is Tarleton Gillespie's Wired Shut, which picks up where Digital Copyright leaves off, tracing how the DMCA has been used as part of a larger effort to use technology and law to "weld the hood shut" on new digital devices. Tarleton's book is a bit more academic in tone than Jessica's, but at the heart of it are three fantastic chapters than provide a full historical accounting of the controversies surrounding (1) SDMI (chapter 5); (2) the development of CSS, used to encrypt DVDs (chapter 6); and (3) the broadcast flag for digital broadcast television (chapter 7). For those who want to get right to the action, I recommend starting at Chapter 5. EFF was deeply involved in all three of these watershed digital controversies, so to some degree these chapters are also a history of our digital copyright efforts.

If you want to understand what the DMCA does, and how we ended up with it as the law of the land, these two books are where to start.

[Permalink]

DMCA: Ten Years of Unintended Consequences

Today is the tenth anniversary of the Digital Millennium Copyright Act (DMCA), signed into law by President Bill Clinton on October 28, 1998. EFF is marking the occasion with the release of a 19-page report that focuses on the most notorious part of the law: the ban on "circumventing" digital rights management (DRM) and other "technological protection measures." The report, entitled Unintended Consequences: Ten Years Under the DMCA, collects reported cases where the DMCA was used not against copyright infringers, but instead against consumers, scientists and legitimate competitors.

The collected stories are like a trip down memory lane for those who have followed digital freedom issues over the past decade. Here are a few examples of DMCA abuse in the report that you might remember:

• In 1999, Sony sues Connectix over the Virtual Game Station, which let you play your legit Playstation games on your Macintosh.
• In 2001, the Secure Digital Music Initiative (SDMI) threatens Princeton Professor Ed Felten's research team over disclosure of vulnerabilities in audio watermarking technology.
• In 2001, Russian programmer Dmitry Sklyarov is arrested after speaking at Defcon, accused of building software for his employer, ElcomSoft, that converted Adobe e-books to PDF.
• In 2002, Blizzard sues a group of hobbyist open source developers over bnetd, server software that allows people to play Blizzard games against each other over the Internet.
• In 2003, Lexmark uses the DMCA to block distribution of chips that allow refilling of laser toner cartridges.
• In 2004, Hollywood succeeds in shutting down 321 Studios' DVD X Copy software, which allowed people to make backup copies of their own DVDs.
• In 2006, computer security researchers at Princeton delay disclosure of the Sony-BMG "rootkit" based on fears of DMCA liability.
• In 2008, Hollywood targets Real Networks over RealDVD, software that allows you to copy DVDs to a hard drive for later viewing.

The collection of stories makes vividly clear what EFF has been saying for the past ten years: the DMCA has harmed fair use, free speech, scientific research, and legitimate competition.

That's all the more galling because the law has failed in its stated goal of preventing digital piracy, instead being used to prop up weak DRM schemes whose only purpose is to hinder competition, innovation, and interoperability. That explains why the music industry has largely abandoned DRM, while the Hollywood studios cling to it more fervently than ever.

Not everything in the DMCA is bad. While the anti-circumvention provisions have proven to be a dangerous failure, the so-called "safe harbor" provisions for online service providers have succeeded in creating enough legal certainty to launch companies like Yahoo, Google, eBay, YouTube, and MySpace. Of course, copyright owners have been working hard in cases like Viacom v. YouTube and Io v. Veoh to erode these safe harbors. And, while the safe harbors have protected intermediaries like Google, they have not adequately protected the free speech interests of internet users, as the McCain-Palin campaign recently learned.

There have been recent rumors that the new Congress might reopen the DMCA, creating an opportunity for reform. Unfortunately, that may also create an opportunity for MPAA and RIAA mischief. For now, here's hoping that the DRM continues its slow death and the anti-circumvention provisions become less relevant to real businesses, while the courts continue to interpret the safe harbors to leave a door open to the Internet's disruptive innovators.

P.S. For more perspectives on the DMCA's origins and legacy during this 10 year anniversary week, see Freedom to Tinker and the Public Knowledge blog all this week.

[Permalink]

YouTube Anti-Scientology Takedowns: Good News, Bad News

Now that the dust has settled on the anti-Scientology video takedown controversy, it's time to take stock. For those of you who missed this one: on September 4th and 5th, hundreds and possibly thousands of videos critical of the Church of Scientology were taken down as a result of DMCA notices reportedly sent by by American Rights Counsel, Dr. Oliver Schaper, the Schaper Company, Media House Enterprises, and ContentFactory America. It rapidly became clear that these entities did not hold the copyrights to the materials they claimed to be infringed, including footage from a Clearwater City Commission meeting and a man-on-the-street interview. In addition, many of these videos were obvious fair uses, such as independent news reports.

Here’s the good news: YouTube quickly realized something was fishy, and began investigating. Within days, YouTube suspended the accounts that had sent out the allegedly fraudulent DMCA takedown notices, reinstated the accounts that had been suspended for multiple allegations of copyright infringement, and put most of the videos back up on YouTube, all without waiting to receive DMCA counter-notices from YouTube users who had had their videos taken down.

Well done, YouTube. The company identified a problem and worked to resolve it and protect users, rather than waiting passively for the takedown targets to send counter-notices. As we noted last month, online service providers play a crucial role in preserving and promoting online political speech, and YouTube seems to have taken that role seriously here.

Now, the bad news: if YouTube had not been proactive in dealing with what appeared to be fraud, the Anti-Scientology videos might still be down today. Very few YouTube users filed DMCA counter-notices in response to the takedowns, apparently out of concern for their privacy. The DMCA-compliant counter-notices must normally include the full name, address, and telephone number of the alleged copyright infringer. YouTube passes this information along to the party making the copyright infringement claim. Scientology critics, reportedly concerned about Scientology’s alleged Fair Game policy, were reluctant to surrender their anonymity.

And here's more bad news: not only would takedown targets have to give up their own private information to get their videos restored, they had no guarantee that they would in turn be given the names and addresses of the people who sent the DMCA notices. The DMCA does not require Online Service Providers, such as YouTube, to pass on the identifying information in the DMCA takedown notice to the alleged infringer. Without that legal requirement, YouTube, as well as other OSPs, are reluctant to reveal this information for fear of violating the sender's privacy. That lack of quid pro quo is not just unfair, it makes it very difficult for takedown targets to determine whether the notices are from legitimate owners, and to pursue legal action when notices are sent improperly.

But now back to the good news: YouTube and other OSPs can take steps to remedy this imbalance. They should require individuals who send takedown notices to agree, in advance, to disclosure of their identifying information. If circumstances caution against disclosure (e.g., if the takedown target has been harassing or stalking the copyright holder in some way), copyright holders can use an agent to send the takedown, giving the alleged infringer a point of contact while protecting the individual's personal privacy. Whether the DMCA is being used as a tool of censorship or to press a legitimate copyright claim, transparency and openness is critical, and the copyright holder should have the courage to stand up and be counted.

We understand YouTube is aware of the problem and is considering ways to correct it. We hope that happens soon, before the next wave of abusive takedowns hits.

[Permalink]

New Details of Official Dissent in Spying Scandal

A new book containing explosive details about the NSA's illegal spying program hits stores today. Barton Gellman's "Angler: The Cheney Vice Presidency," excerpted in the Washington Post in two parts (1 & 2), brings to light new information about the warrantless wiretapping scandal and the role played by the most powerful vice president in history.

A certain amount was already known about the behind-the-scenes intrigue concerning the spying program. Earlier reports have described the 2004 near meltdown within the administration, when the top echelon of the Justice department, including Deputy Attorney General James Comey, joined by FBI Director Robert Mueller, planned to resign en masse in protest against the flagrant illegality of the program. (The famous hospital episode — in which then-White House counsel Alberto Gonzales tried to bypass the acting AG by making a late night visit to the bedside of the ailing John Ashcroft — is now part of the sordid lore of the Bush years.)

But "Angler" adds some new insights into just how controversial the program was, and just how carefully it was guarded against a full internal review. From the excerpts published in the Post, we learn about the significant role the vice president and his counsel, David Addington, played a in developing and defending the program:

The command center of "the president's program," as Addington usually called it, was not in the White House. Its controlling documents, which gave strategic direction to the nation's largest spy agency, lived in a vault across an alley from the West Wing — in the Eisenhower Executive Office Building, on the east side of the second floor, where the vice president headquartered his staff.

The vault was in EEOB 268, Addington's office. Cheney's lawyer held the documents, physical and electronic, because he was the one who wrote them. New forms of domestic espionage were created and developed over time in presidential authorizations that Addington typed on a Tempest-shielded computer across from his desk [8].

It is unlikely that the history of U.S. intelligence includes another operation conceived and supervised by the office of the vice president. White House Chief of Staff Andrew H. Card Jr. had "no idea," he said, that the presidential orders were held in a vice presidential safe. An authoritative source said the staff secretariat, which kept a comprehensive inventory of presidential papers, classified and unclassified, possessed no record of these.

Cheney and Addington, the book reports, were so intent on keeping the spying program behind a veil of secrecy that details were carefully withheld even from top national security officials. According to Gellman, officials kept either totally or partially in the dark about the extent of the program include Homeland Security Secretary Tom Ridge, National Security Advisor Condoleeza Rice and the "Gang of Eight" — the ranking senators ordinarily kept in the loop on national security matters. The only lawyers allowed to review the program were Gonzales and John Yoo from the Office of Legal Counsel, and the NSA's lawyers' request for information was refused.

Even the president himself was kept in the dark about the internal dissent. Cheney shielded him from knowledge about the Department of Justice's legal concerns with the spying program for a full three months before Bush finally learned the extent of the rebellion. Even in the face of the Attorney General's refusal to certify the legality of the warrantless wiretapping, the president went ahead and signed a directive to renew the program on March 11, 2004 — without the signature of the Attorney General.

What Addington wrote for Bush that day... drew up new language in which the president relied on his own authority to certify the program as lawful. Bush expressly overrode the Justice Department and any act of Congress or judicial decision that purported to constrain his power as commander in chief. Only Richard M. Nixon, in an interview after leaving the White House in disgrace, claimed authority so nearly unlimited.

This renewal led to the brink of the mass resignation. When the president, under the impression that objections were being raised "at the last minute," took acting AG Comey aside to express his dismay, Comey reportedly replied:

"Oh, Mr. President, if you've been told that, you have been very poorly served by your advisers," Comey said. "We have been telling them for months we have a huge problem here."

"Give me six weeks," Bush asked. One more renewal.

[...]

"I think you should know that Director Mueller is going to resign today," Comey said.

Bush raised his eyebrows. He shifted in his chair. He could not hide it, or did not try. He was gobsmacked.

"Thank you very much for telling me that," he said.

Comey, who had drafted his resignation and was waiting only for the return of John Ashcroft to official duty for the opportunity to resign in tandem, was persuaded to meet with the president to forestall disaster for the Administration. In response to Comey's objections, the president agreed to make changes to his directive, and the program was modified in ways that remain unknown. On March 18, a new directive that satisfied Comey and Ashcroft was put into place.

What is known is that the fear within the Administration of prosecution for participation in the illegal program was likely a major factor in the decision to adjust course. The new information makes it all the more clear that Congress needs to have more hearings and investigations. In the meantime, we'll keep up the pressure.

[Permalink]

The Latest on DVD Copying

Real Networks has received quite a bit of attention thanks to the launch of its Real DVD software, designed to allow people to copy their DVDs to their hard drives for later playback. (Why is that a big deal? Because Hollywood DVDs are encrypted with CSS, and if you decrypt them without permission, the motion picture industry's lawyers may come a-callin'.)

Today there are two approaches for those who want to make and distribute DVD copying tools. First, you can just build a DVD decryptor, the U.S. court cases that have held that the distribution of those products violates the DMCA notwithstanding. Despite those legal precedents, there is no shortage of free, easy-to-use tools that take this approach, including Handbrake (Win/Mac/Lin), DVD Shrink (Win), or MacTheRipper (Mac). (The motion picture studios argue that anyone who uses these tools violates the DMCA, as well.)

The other approach is the one pioneered by Kaleidescape: sign licenses with the DVD-CCA (the cartel that controls the CSS encryption technology), build a licensed player, make bit-for-bit copies of encrypted files from DVD (aka "DVD archiving" as opposed to "DVD ripping"), and play back those files in the licensed player. DVD-CCA subsequently sued Kaleidescape claiming that the license requires that the original DVD be physically present in the device upon playback, but Kaleidescape prevailed. The case is currently on appeal (DVD-CCA filed its opening brief in December 2007).

Real has chosen to follow in Kaleidescape's footsteps. Apparently, it is not alone -- CEPro has an informative article summarizing all the DVD media server solutions for the home theater market that were announced at the recent CEDIA conference. Looks like Hollywood's iron-fisted grip of DVDs is slipping a little every day.

UPDATE: CEPro has followed up with an article that gathers all the FAQ answers offered by makers of DVD copying/server solutions (Kaleidescape, Real, Escient, ReQuest, Xperinet, Axonix, Fuze Media) to the question "how is this legal?"

[Permalink]

Google Cuts IP Log Retention to Nine Months

Yesterday, Google announced a revised log retention policy, saying "we'll anonymize IP addresses on our server logs after 9 months," instead of the previous 18-24 months. Other information, like cookies, will stay on the longer retention plan. The announcement was in conjunction with Google's response to the European Union's Article 29 Working Party. The Working Party had previously said "In view of the initial explanations given by search engine providers on the possible purposes for collecting personal data, the Working Party does not see a basis for a retention period beyond 6 months."

Google's original 18 month log retention policy was a good first step, and the 9 month policy is an excellent second step towards bring their policy in line with EFF's Best Practices for Online Service Providers, which recommends a combination of obfuscation, aggregation and deletion.

We appreciate that Google continues to re-assess its data retention policy, and hope it will further reduce the time period that the search giant keeps personally identifiable logs. The importance of eliminating logs was recently illustrated by the Viacom-Google lawsuit, in which federal court ordered Google to produce to Viacom (over Google's objections) the Logging Database for YouTube, showing who watched each and every video on YouTube. The court's ruling violated the Video Privacy Protection Act, and, after EFF brought the user viewing data controversy issue to light, Viacom narrowed its request. In yesterday's announcement, Google acknowledged that "privacy leaders also highlighted the risks of litigants using court-ordered discovery to gain access to logs, as in the recent Viacom suit."

In addition, Google announced that it was changing its retention policy with the Google Suggest feature. EFF and others were concerned because, in order to implement Google Suggest, the Google Chrome browser sends anything typed in the browser's Omnibox back to Google. Google Suggest is also used in Google Search, Google Toolbar, Firefox, and the Google Search application on the iPhone. Google said "given the concerns that have been raised about Google storing this information -- and its limited potential use -- we decided that we will anonymize it within about 24 hours."

Google did not provide the technical details of its new policies, writing it had not "sorted out all of the implementation details, and we may not be able to use precisely the same methods for anonymizing as we do after 18 months, but we are committed to making it work." As we know from the AOL search history debacle, anonymization is not easy. Under the announced policy, only IP addresses will be directly anonymized, and effective anonymization will be especially challenging since Google retains cookie information for longer than the IP information. We look forward to seeing the details.

[Permalink]