9/11 Legislation Launches Misguided Data-Mining and Domestic Surveillance Schemes

Posted by Donna Wentworth

On Friday President Bush signed into law the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA; PDF), launching several flawed "security" schemes that EFF has long opposed. The media has focused on turf wars between the intelligence and defense communities, but the real story is how IRTPA trades basic rights for the illusion of security. For instance:

~ Section 1016 - a.k.a. "TIA II" ~

A clause authorizing the creation of a massive "Information Sharing Environment" (ISE) to link "all appropriate Federal, State, local, and tribal entities, and the private sector."

This vast network links the information in public and private databases, which poses the same kind of threat to our privacy and freedom that the notorious Terrorism Information Awareness (TIA) program did. Yet the IRTPA contains no meaningful safeguards against unchecked data mining other than directing the President to issue guidelines. It also includes a definition of "terrorist information" that is frighteningly broad.

~ Section 4012 and Sections 7201-7220 - a.k.a. "CAPPS III" ~

A number of provisions that provide the statutory basis for "Secure Flight," the government's third try at a controversial passenger-screening system that has consistently failed to pass muster for protecting passenger privacy.

The basic concept: the government will force commercial air carriers to hand over your private travel information and compare it with a "consolidated and integrated terrorist watchlist." It will also establish a massive "counterterrorist travel intelligence" infrastructure that calls for travel data mining ("recognition of travel patterns, tactics, and behavior exhibited by terrorists").

It's not clear how the government would use the travel patterns of millions of Americans to catch the small number of individuals worldwide who are planning terrorist attacks. In fact, this approach has been thoroughly debunked by security experts. What is clear is that the system will create fertile ground for constitutional violations and the abuse of private information. The latest Privacy Act notice on Secure Flight shows that the Transportation Security Administration (TSA) still doesn't have a plan for how long the government will keep your private information, nor has it mapped out adequate procedures for correcting your "file" if you are wrongly flagged as a terrorist.

~ Section 6001 - a.k.a. "PATRIOT III" ~

Straight from the infamous "PATRIOT II" draft legislation leaked to the public last year comes a provision that allows the government to use secret foreign intelligence warrants and wiretap orders against people unconnected to any international terrorist group or foreign nation. This represents yet another step in the ongoing destruction of even the most basic legal protections for those the government suspects are terrorists.

~ Sections 7208-7220 - a.k.a. "Papers, Please" ~

Just as EFF, the ACLU, and a number of other civil liberties groups feared, IRTPA creates the basis for a de facto national ID system using biometrics. Driven by misguided political consensus, the law calls for a "global standard of identification" and minimum national standards for birth certificates, driver's licenses and state ID cards, and social security cards and numbers. It also directs the Secretary of Homeland Security to establish new standards for ID for domestic air travelers.

Identification is not security. Indeed, the 9/11 Commission report revealed that a critical stumbling block in identifying foreign terrorists is the inability to evaluate *foreign* information and records. Yet we are placing disproportionate emphasis on pervasive domestic surveillance, opening the door to a standardized "internal passport" -- the hallmark of a totalitarian regime.

If you care about preserving your privacy and basic consitutional freedoms, help us fight the good fight by joining EFF today.

[Permalink]

Supreme Court to Hear MGM v. Grokster

Posted by Fred von Lohmann

The US Supreme Court today granted certiorari in MGM v. Grokster. The Court will hear oral arguments in the case in March 2005. EFF represents one of the defendants in the case, StreamCast Networks, makers of the Morpheus P2P software application.

The copyright law principles set out in the Sony Betamax case have served innovators, copyright industries, and the public well for 20 years. We at EFF look forward to the Supreme Court reaffirming the applicability of Betamax in the 21st century.

For more on what's at stake, I'll refer you to a piece I wrote after the Ninth Circuit's ruling in the case.

[Permalink]

Big Content Snubbed by Congress This Year

Posted by Donna Wentworth

The public can sleep easier now that Congress has officially adjourned without passing any of the copyright lobby's biggest requests. Hollywood lost because it constantly asked for too much, rather than finding narrowly tailored solutions to specific problems. Big Content got greedy with bills like the Induce Act, asking the feds to pick up their legal tab, and trying to criminalize the activity of millions of Americans.

Kudos to groups like Public Knowledge, the librarians, the consumer electronics industry, Downhill Battle, the EFF supporters who used our Action Center, and so many others who fought the good fight. Let's hope this girds the spine of those who argue that Hollywood can't be resisted on Capitol Hill.

[Permalink]

Artists Agree -- P2P Lawsuits Are Not the Answer

Posted by Donna Wentworth

Cynthia Webb of the Washington Post synthesizes the discussion about the new Pew study [PDF] reporting that while many artists believe file sharing should be illegal, they don't necessarily believe that 1.) it's actually hurting them, 2.) the RIAA lawsuits are doing anything to help the situation:

While the study, released yesterday by the Pew Internet & American Life Project, found that about half of the artists it surveyed think unauthorized file sharing should be illegal, it also concluded that "the vast majority do not see online file sharing as a big threat to creative industries. Across the board, artists and musicians are more likely to say that the internet has made it possible for them to make more money from their art than they are to say it has made it harder to protect their work from piracy or unlawful use," according to the study, which also found that "two-thirds of artists say peer-to-peer file sharing poses a minor threat or no threat at all to them."

"The study by US researchers ... suggests musicians do not agree with the tactics adopted by the music industry against file sharing. While most considered file sharing as illegal, many disagreed with the lawsuits launched against downloaders. 'Even successful artists don't think the lawsuits will benefit musicians,' said report author Mary Madden," BBC News reported in its summary of the study.

"When you listen to the arguments in Washington, it's very easy to think that the internet has been a disastrous technological development for artists and musicians," said Madden, as quoted by Wired News. "We found that [artists and musicians] overwhelmingly feel that the Internet has had a positive effect on their creative lives and careers. In general they're embracing the Internet as a tool in their creative lives."

Sound like a lot of artists would like to see the labels work on a real solution to the P2P problem -- that is, one that helps them get paid for their work. We can't say we're surprised.

[Permalink]

L'il Infringers

Posted by Donna Wentworth

Our own Fred von Lohmann has a new Law.com column chronicling the misadventures of Marvel Comics as it seeks [PDF] to hold NCSoft Corp. and Cryptic Studios -- the operators of an online game called "City of Heroes" -- liable for the alleged copyright and trademark infringement of people who don virtual masks and "become" their favorite (Marvel) superheros.

Writes Fred:

Marvel's assertion of copyright and trademark rights over the noncommercial expressive activities of its fans is both unprecedented and unnecessary. The fundamental justification for copyright is that we must tolerate a limited statutory monopoly on expression in order to secure an adequate incentive for the creative industries. That's an adequate incentive, not the maximum conceivable incentive. ... Does anyone believe that Marvel will fire its authors and close up shop if it can't prevent little Johnny from pretending to be Wolverine online?

When will the "content" industry begin to recognize that there are long-term rewards for letting fans be fans? A fan's gratitude and loyalty lasts a lot longer than the judgment-money from shutting down the playground.

[Permalink]

E-voting Systems Are By Definition Beta

Posted by Donna Wentworth

So writes James Fallows in a clear-eyed NYT piece on why rational people are concerned about the current state of electronic voting technology.

Snippet (emphasis, mine):

On the available evidence, I don't believe that voting-machine irregularities, or other problems on Election Day, determined who would be the next president. The apparent margins for President Bush were too large, in Ohio and nationwide. But if the race had been any closer, we could not have said for sure that the machines hadn't made the difference. That is because many electronic systems violate the two basic rules of trustworthy computing.

By definition, they have barely been exposed to real-world testing. The kind of thorough workout that Visa's or Google's systems receive every hour happens for voting machines on only a few special days a year. By commercial standards, the systems are necessarily still in "beta version" - theoretically debugged, but not yet vetted by extensive, unpredictable experience - when voters show up to choose a president.

[...]

When I voted this year, I fed my paper ballot through an optical scanner and into a storage box. In a recount, those ballots could have been pulled out and run through the scanner again. If I had used the touch screen, I would have had no tangible evidence that the vote counted or was recountable.

Is that a problem because the chief executive of Diebold, the largest maker of such systems, is a prominent Republican partisan? No. It's a problem because it defies the check-and-balance logic built into every other electronic transaction.

Well worth the read. And while you're at it, check out the the EFF/VVF petition for independent testing of e-voting machines and pass the URL along.

[Permalink]

Slinging Spam - Point/Counterpoint

Posted by Annalee Newitz

There have been a lot of interesting responses to our latest white paper on spam. We appreciate the feedback, and in response, we've complied a list of issues you've raised and provided our replies. We hope this helps clarify EFF's position on some of the more tricky questions in this debate.

The Argument Against "Pay to Play"

Some groups and individuals have argued that the best way to prevent spam is essentially to "tax" it through proposals like e-stamps. We believe it's unlikely that this kind of scheme would succeed in preventing any significant amount of spam. But more importantly, we believe that introducing artificial costs into Internet communications would do a lot more damage to the owners of noncommercial email lists than it would to spammers.

Spam is big business. It not only pays, it pays well, with tremendous profit margins for spammers. Placing an artificial cost-burden on sending email might reduce those margins somewhat, but we've yet to see any compelling evidence that it would actually drive any successful spammer out of business, much less affect the wildly successful ones that are the bulk of the problem.

Second, proposals like this miss the central point we're trying to make here -- that noncommerical, grassroots mailing lists, often administered by a single person in his or her spare time, are one of the great things about the Internet.

There has been a lot of heat produced by our discussion of Moveon.org's problems with its mailing lists, but very little light has been shed on the problems smaller, less well-funded groups have been experiencing. Mailing lists like Crypto-Gram, IP, Politech, and TidBits likely would not exist if the list owner was required to pay for each mail sent and received. It should never be the case that if a list-serve is popular and growing, or a list-serve topic sparks an especially lively discussion, the list owner (or any speaker) has to pay more money. More speech should be rewarded, not penalized.

The Argument for Global Standards

Some readers of our white paper have argued that we are imposing a US-centric notion of freedom of expression on an unwilling global community when we say that the problem with spam filtering is that it endangers free speech. But freedom of expression is also part of international law. It's included in the Universal Declaration on Human Rights and the Covenant on Civil and Political Rights, which have been adopted worldwide. There should be no question that freedom of expression is recognized as a basic human right all around the world.

Where the US differs from other countries is at the "margins," not the center, of the free speech issue; for example, we have different standards with regard to hate speech, libel, and pornography. But, again, this does not mean that the international community does not value free expression. It therefore makes no sense for EFF to pretend that protecting legitimate email is important only to US citizens.

The Argument for Freedom of Expression on Private Property

Some critics have noted that we suggest that free speech doctrines ought to inform the discussion about the problems caused by overzealous or poorly implemented anti-spam efforts. These critics claim that EFF doesn't understand the difference between government and private actors when it comes to speech.

As an organization that has devoted 15 years to fighting for freedom of speech, we obviously understand the difference between private and public actors in the law, and that is why you see no legal claims in the paper. But that shouldn't end the matter.

There is no real question that if the government started using current anti-spam mechanisms to decide which of your email messages you should receive and which you should not, with no due process, no method of redress, and no accountability, it would face serious First Amendment challenges. The effect on speech is the same when private parties engage in this kind of behavior. Wanted speech is being blocked from reaching a willing audience, often without that audience's knowledge or consent.

We argue that private actors running mail servers or providing anti-spam tools should care about silencing wanted noncommercial speech as a matter of principle, even if their acts do not create the basis for a First Amendment lawsuit.

Our goal is to have an honest discussion about these collateral effects and to ask the Internet community as a whole if the kind of censorship that we would not tolerate from a government is what we want our ISPs and anti-spam community to engage in on their own. We think that's a fair question.

The Argument for User-Controlled Filtering

Our critics often ask us what kinds of antispam techniques we recommend, since we seem to have negative things to say about the most common systems available.

We recommend user-side filtering using technologies such as SpamAssassin. One of our concerns, however, is that SpamAssassin can be misused (and often is). Despite their usefulness when deployed under ideal conditions, SpamAssassin and other filtering technologies can be used to block email based on the language it contains or the country of origin.

It's important to note that blocking by language or country is not a default setting in SpamAssassin. But that doesn't mean this tool isn't being used that way. Many systems administrators describe routinely blocking email from China and/or Korea using the SpamAssassin point system. This kind of blocking becomes an issue when it's done server-side and users have no control over it. If a user wants to block all mail from China, that's her prerogative. But when a sysadmin decides the question unilaterally, that's a problem.

Ultimately, EFF would like to see users given the right to determine for themselves what constitutes "wanted" and "unwanted" email. Spam is in the eye of the beholder, and the beauty of user-side filtering is that it allows end users control over the process of creating filters so that they can get rid of email they don't want while still receiving what they do.

[Permalink]

Blogging WIPO: Day 3

Posted by Cory Doctorow

Today at WIPO saw a flat-out disgraceful cooking of the deliberative process. The administrators of the meeting -- the chair and secretariat -- are pushing hard to make this treaty pass, even if no one wants it to. The solution to the deadlock is "regional meetings" in which countries that oppose the treaty can be isolated and arm-twisted into coming into line, and where few or no public-interest NGOs will be present. Some of the most populous countries in the world -- India and Brazil -- along with many others called for a better approach: any region that wants a meeting can have one, but the real action would be at an "inter-sessional meeting" held in Geneva, with all countries represented. Even though these countries presented a solution that would have given regional meetings to those who wanted them, the chair steadfastly refused to hear from them -- eventually, he used a straw poll to discard their proposal altogether, and then called it "democracy." (Oh, and even more of the public-interest group papers were stolen and trashed today)

[Read the entire post]

Omnibus Intellectual Property Bill Would Harm Public Interest

Posted by Wendy Seltzer

The first problem with the omnibus intellectual property bill barreling through Congress's lame duck session this week is figuring out what's in it. That's because the bill is a ragtag collection of old bills from special interest backers who couldn't get them through during Congress's ordinary session. So now, they're trying again, knowing that their bills will face less public scrutiny in the rush to close the session.

But the bills -- bad ideas the first time they were introduced -- don't taste any better together. Among the bills the package probably includes:

• The Piracy Deterrence and Education Act creates a new crime of "offering for distribution," with jail terms up to five years. Since the crime doesn't require proof of willfulness, the standard for other copyright crimes, people could be prosecuted merely for having 1,000 songs in their music folders, without intending that they be redistributed.

• The Family Movie Act exempts from copyright or trademark litigation the skipping of portions of movies -- but leaves makers and users of commercial-skipping technology open to lawsuits like the one that bankrupted ReplayTV.
• The Fraudulent Online Identity Sanctions Act presumes that anyone who has tried to protect his or her privacy by faking the WHOIS info in a domain name registration is willfully infringing copyright or trademark (see letter from ACLU, ALA, CDT, EFF, and PK).
• The PIRATE Act authorizes the Justice Department to step in for entertainment companies to prosecute civil copyright infringement cases.
• An anti-counterfeiting provision would add new dangers to fair use of digital media (see Lessig blog).

Both the substance of these bills and the rushed way they're being re-introduced now are dangerous to the public interest. Public Knowledge has an action alert set up where you can
let your congressional representatives know your concerns.

[Permalink]

WIPO: EFF statement on "limitations and exceptions"

Posted by Cory Doctorow

Tomorrow, I'm scheduled to take the floor and give an "intervention" (WIPO-speak for "talking") on a killer proposal from Chile for a harmonized set of limitations and exceptions to benefit the disabled, educators and archivists. What this means is that every country would have a core set of public rights in copyright that you could count on wherever you were. F'rinstance, in the USA, you're allowed to convert a book to Braille without the author's permission, but not so in many other countries. If you pick up a Braille book in New York on your way to Madrid, will you be breaking the law when you land? What if you're exporting them to the Ivory Coast? A unified set of limitations and exceptions (that acted as a minimum set of public rights in every country) would be the first public-interest project undertaken by WIPO -- let's hope they do it!

[Read the entire post]