It's Official: TSA Lied

Posted by Donna Wentworth

Two government reports confirm what EFF and other privacy advocacy organizations have long known: the Transportation Security Administration (TSA) lied about its role in using airline passengers as guinea pigs for testing "Secure Flight" - the latest version of a fundamentally flawed passenger-profiling system for screening terrorists. And not only did TSA lie, it lied repeatedly, to everyone.

A DHS report [PDF], released this past Friday, reveals that TSA misled individuals, the press, and Congress in 2003 and 2004. A GAO report [PDF], released Monday, also shows that Secure Flight has failed to meet 9 out 10 conditions the GAO set for giving the program the go-ahead. These conditions include providing adequate protection for passengers' privacy and ensuring the accuracy of the data it would use to classify people as terrorist risks.

Passenger records contain detailed personal information, such as your name, address, phone number, travel itinerary -- even your credit card number. Yet the DHS report says TSA shared passenger information with outside contractors while neglecting to "inquire whether the data used by the vendors had been returned or destroyed."

"This is worse than ChoicePoint," says EFF Senior Privacy Attorney Lee Tien. "It reflects an attitude toward the privacy of Americans that falls well below what people are up in arms about in the commercial data industry. These people have a public trust and they're abusing it."

For additional information, see Bruce Schneier's GAO's Report on Secure Flight; for background, see TSA and CAPPS II -- Anatomy of a Cover Up.

[Note: This report was corrected to distinguish between two separate reports on Secure Flight.]

[Permalink]

New US Passports Will Serve as Terrorist Beacons

Posted by Donna Wentworth

The US State Department is pushing for what may be the most misguided and dangerous travel "security" plan ever proposed: putting insecure radio-frequencyidentification (RFID) chips in all new US passports. These chips would broadcast your name, date of birth, nationality, unique passport number, and any other personal information contained in the passport to anyone with a compatible RFID reader. That's right - anyone, not just passport control.

"The upshot of this is that travelers carrying around RFID passports are broadcasting their identity," observes security expert Bruce Schneier. "It means that anyone with a reader can learn that information, without the passport holder's knowledge or consent. It means that pickpockets, kidnappers, and terrorists can easily -- and surreptitiously -- pick Americans or nationals of other participating countries out of a crowd."

Astonishingly, the State Department proposal abandons even the most fundamental security protections. Why broadcast passport data at all? With machine-readable travel documents that require physical contact between passport and reader, you can rest assured that your passport will only be read when you intend to show it, eliminating any risk of surreptitious reading. But the State Department isn't only endorsing contactless RFID technology for passports - it wants to broadcast your personal information in the clear. In other words, it wants to use digital signatures for authentication, but doesn't want to encrypt or otherwise protect passport data, claiming that the information isn't worth protecting and that encryption would interfere with "global interoperability."

This is especially disturbing in light of the fact that safer options are readily available; the government already uses a line-of-sight LaserCard optical memory card that can't be read from your wallet or purse for multiple-entry visa Border Control Cards ("LaserVisas").

Privacy advocate Bill Scannell calls RFID-embedded passports "terrorist beacons" - and that's precisely what they'll become if we allow the State Department to move ahead with this plan. The Department is soliciting the public's input on the new passports, and the time to act is now - the deadline for submitting comments is this coming Monday, April 4. Follow the links below to learn more and submit your comments today:

US State Department Notice of Proposed Rule Making
(Please note that all comments must include the Regulatory Identification Number, RIN 1400-AB93, in the message subject line.)

Bruce Schneier: RFID Passports

Bill Scannell's website: RFID Kills

Edward Hasbrouck: Deadlines Loom for RFID Tracking Chips in USA Passports

[Permalink]

Justices Ask the Right Questions in MGM v. Grokster

Posted by Jason Schultz

At the oral arguments in MGM v. Grokster before the Supreme Court today, it was hard to tell which side a majority of the justices fell on. But one thing was clear: they were asking the right questions.

Over and over, the justices hammered the lawyer for the RIAA and MPAA with questions about the potential impact of a ruling in their favor against small inventors -- the "guy in the garage" as Justice David Souter put it. Justice Stephen Breyer also grilled MGM's attorney about whether lawyers who advise technologists -- for example, the inventor of the next iPod -- could give any assurance at all to their clients under MGM's rule that he would not be sued at some point down the road for copyright infringement.

Justice Scalia was also skeptical of the plaintiffs' arguments, questioning whether their proposed "primary use" test made any sense, given that the balance of lawful versus unlawful uses of technology are constantly changing.

What the justices will ultimately think and decide won't be known until later this summer, but we're encouraged to hear that they understand what's at stake. Let's just hope they take it to heart.

[Permalink]

Grokster: From the Courthouse Steps

Posted by Wendy Seltzer

Oral argument has just concluded before the US Supreme Court in MGM v. Grokster. Here, from the courthouse steps, is the first EFF dispatch.

The entire bench was engaged with argument from both sides. Three key points stood out:

• In at least some questions, the Court seemed concerned that movement from a clear "capability of substantial noninfringing use" standard would cloud future innovation.
• Similarly, some justices seemed
  concerned that an "active inducement" standard could chill innovation, from Xerox through the iPod.

• The Court also engaged jurisdictional questions of what acts were before the Court, and how it could separate past from current conduct.

More to come...

[Permalink]

EFF Goes to Washington

Posted by Matt Zimmerman

Washington, DC, 3:26 a.m. EST

Braving briskly mild weather and motion-detector floodlights, EFF staffers have arrived on the steps of the Supreme Court, claiming the first seats in the line reserved for members of the Supreme Court bar. The public line reached capacity at approximately 10:00 p.m. on Monday night. An informal survey of line-sitters indicates (if t-shirts can be trusted) that the majority supports the preservation of the Betamax doctrine. Further updates, laptop battery life permitting.

[Permalink]

Hollywood Profits v. Technological Progress

Posted by Donna Wentworth

Over at The Chronicle of Higher Education, Fordham University history professor Doron Ben-Atar makes short work of the entertainment industry's and the US Solicitor General's arguments in MGM v. Grokster:

On the face of it, the case for harmony of interests between the studios and the nation is clear. P2P technology allows individuals and organizations to reproduce unlicensed copies for personal viewing and even commercial sale here and abroad. Every pirated version downloaded by an American college student or sold for a couple of dollars at New Delhi's Palika Bazaar, according to this logic, is a net loss of the retail price for the studios and also adds to America's growing trade imbalance.

But that point of view is disingenuous and shortsighted. There is no denying that commercial use of copyrighted material is both illegal and immoral. Yet estimates of the cost of piracy are misleading. They don't account for the fact that piracy fuels demand for entertainment products: 2004 was a banner year for pirates; it was even better for the movie industry, where rentals and sales of DVD and VHS movies accounted for nearly $26-billion. When Hollywood cries poverty, as the victim of pilfering teenagers and workers who live on a couple of dollars a day, it is laughable. And the studios' suit could severely curtail P2P programs' development in America as a resource combining multiple databases, allowing real-time cooperation on a vast scale in science, business, and education.

For more on the entertainment industry crying poverty, see our own Cory Doctorow's post @ BoingBoing: Record Sales Up, P2P Sales Up -- RIAA's Story Doesn't Add Up.

[Permalink]

Reason #85,0027 That Business-Method Patents Suck

Posted by Donna Wentworth

They threaten nonprofits that use the Internet for fundraising and advocacy. That's nearly every modern nonprofit out there.

Thankfully, there's a solution in the making. A newly minted organization called the Nonprofit Innovation Alliance (NIA) has clever plan for keeping business-method patents out of the nonprofit arena. It's rounding up all the leading technology and consulting companies that help nonprofits use the Internet, then forging an alliance in which every member agrees to cross-license any current and future business-method patents on a royalty-free basis.

Think The Sopranos, but in reverse. That's right -- these companies are ganging up to make sure that nonprofits like EFF don't have to pay a "patent tax" when we purchase the technology and services that allow us to send EFFector or run the Action Center. That means more of donors' money going to the actual work we do, not the software systems we use.

And not a moment too soon -- at least one company that services nonprofits has obtained a business-method patent and started shaking down its competitors.

Its software systems and services aren't especially inventive or original. But needless to say, that doesn't always stop the US Patent and Trademark Office from issuing a business-method patent. For an example of how bad it can get, check out this claimed "invention" described in a pending patent application:

"A method for conducting a fundraising campaign by an organization or person over a wide-area network, comprising the steps of: hosting a website including a plurality of linked web pages, the website providing information about the fundraising campaign and soliciting potential donors to make a charitable contribution to the fundraising campaign; registering on the website; contacting third parties via email messages soliciting charitable donations; and providing one or more reports, on the website, including information on the status of the fundraising campaign." (Patent application entitled: "Method and system for an efficient fundraising campaign over a wide area network" application number 764787.)

That's not a patent application. That's a baseball bat for beating back competitors who don't fork over the protection money -- er, I mean the licensing fee.

The NIA solution will only work if enough companies and nonprofits join the effort to make the nonprofit world a business-patent-free space. Check out the website for more information and consider endorsing the NIA and using software solutions from the companies that are facing down the bad guys.

[Permalink]

Why Apple Should Stop Threatening Journalists

Posted by Donna Wentworth

The San Jose Mercury News gets it:

Consider the following scenario. A drug company's research determines that one of its drugs already on the market is dangerous. The company decides the research results are proprietary trade secrets and bottles them up.

It's clear that the public would be served by a conscientious insider leaking the research data to the media.

But after a ruling that could limit the public's access to vital information, insiders may now be reluctant to leak that kind of information. That's because Santa Clara County Superior Court Judge James Kleinberg said a reporter's promise of confidentiality may not be worth anything when the leak involves trade secrets.

You might also want to consider the automobile manufacturer that wants to keep secret the fact that its airbags malfunction in such a way as to threaten young children strapped in car seats. Or the e-voting machine vendor seeking to silence rumblings about the security of its machines, potentially leaving your vote vulnerable to hackers. (Sound familiar?)

This is a core function of journalist's shield laws that protect the confidentiality of sources. These laws allow the whistle-blower to blow the whistle. They protect us from companies that might otherwise harm us.

You might argue that no one's life is at stake in Apple v. Does and that stripping these journalists of their ability to keep their sources private is therefore a small matter. But Judge Kleinberg's ruling [PDF] is broad-brush. If it is allowed to stand, it can and will be used liberally by deep-pocketed companies to keep business journalists of all stripes from reporting on whatever they decide to call a "trade secret."

The Mercury News editorial concludes with the following warning:

What's more, Kleinberg seems to indicate that he's in a position to decide what is newsworthy. Saying that "an interested public is not the same as the public interest,'' he suggests that information about upcoming Apple products is little more than gossip.

That's a dangerous precedent. Would a leak last month about Hewlett-Packard's imminent firing of Carly Fiorina be news or mere gossip? Could a wide swath of information about private businesses become off-limits to reporters?

Let's hope the answer doesn't have to be "yes."

[Permalink]

Noninfringing Use for P2P: Free Fiona!

Posted by Fred von Lohmann

The San Francisco Chronicle runs this fascinating article about Grammy award-winning singer/songwriter Fiona Apple's mythical next record, completed two years ago but shelved by her label. Here's a substantial noninfringing use of P2P networks if I've ever seen one:

"Extraordinary Machine" is an album that Apple finished over two years ago, but which was quickly shelved by the sad corporate drones over at Sony because they didn't "hear a single" and because it doesn't sound exactly like Norah Jones and because they're, well, corporate drones. They dictate cultural tastes based on relatively narrow and often deeply ignorant criteria related to marketing and money and fear of the new and the different. This is what they do.

In other words, it was shelved because it's different, unique, a little eccentric, all bells and oompah horns and strings and oddly lovely circuslike arrangements, and you as the co-opted overmarketed oversold listening audience can't really handle anything like that, anything challenging or interesting or distinctive or deeply cool or lacking in prepackaged backbeats that sound just like Kelly Clarkson or maybe "American Idiot," even if it comes from an stupendously talented world-class Grammy-winning artist. Right? Isn't that you? Doesn't matter. This is what they believe.

But now, a hot new twist. The rest of "Extraordinary Machine" has, somehow, been leaked onto this fair Internet. All of it. Every song, some at first sounding not all that complete and some reportedly with only tentative titles, but, then again, a DJ at a radio station up in Seattle (the End 107.7) somehow managed to get his hands on the whole album and has apparently been playing almost every track and it's all much more finished and incredible than anyone thought.

And fans have been whipping the tracks into high-quality MP3s and splaying them all over the Net, and Rolling Stone and MTV and other media have picked up on the odd story, noting how fans are calling into the station like mad and most everyone loves the songs and protest Web sites like freefiona.com (alongside dedicated fan sites like fionaapple.org) have popped up to try and get some action and yet Sony refuses to actually release the album and the corporate drones remain mum and everyone's wondering just what the hell's going on.

So, in case you missed it: Fiona Apple's fans are downloading her music for free, then demanding that Sony release the album so they can pay for it. At least in the case of Fiona Apple, P2P isn't hurting her CD sales. In fact, P2P appears to be Fiona's only chance of actually getting her CD on store shelves at all.

[Permalink]

EFF to ITU: DRM Is Dangerous for Developing Countries

Posted by Donna Wentworth

EFF is pleased to announce that we have submitted a paper to the International Telecommunications Union (ITU), the UN agency that advises global leaders on telecommuncations policy, as part of its survey of "Digital Rights Management" (DRM) technologies (ITU-R Working Party 6M Report on Content Protection Technologies). Our message: These technologies have been a disaster in the developed world and they are a disaster in the offing for the developing world.

"This paper is part of our ongoing effort to bring some sanity to the blind march toward DRM technologies," explains EFF Eurpoean Affairs Coordinator Cory Doctorow, the principal author. "These technologies don't work for stopping copyright infringement -- their supposed function -- yet they've served as an anti-competitive cudgel, a set of shackles on the public's rights in copyright, and a rubric for censoring and even jailing security researchers. EFF is delighted to be able to get this much-needed reality check before policymakers worldwide as they consider the question: 'Which DRM is best for my country?' Our answer: 'DRM will exact a punishing toll on your national interest and yield no benefit at all.'"

The paper, called "Digital Rights Management: A Failure in the Developed World, a Danger to the Developing World," explores the ways that DRM has harmed the developed world, negatively impacting scientific research, speech, innovation, competition, legitimate consumer interests, access by disabled people, archiving and library functions, and distance education. The paper goes on to examine the risks to the developing world in terms of its potential to curtail the public domain, to criminalize free and open source software projects, to enable region-based discrimination, and to lock local artists, authors, and performers into the monopoly pricing of DRM vendors.

We'd like to thank the Union for the Public Domain, the Open Knowledge Forum, IP Justice, the Alternative Law Forum, the World Blind Union, the European Digital Rights Initiative, Electronic Frontier Finland, and the Foundation for Internet Policy Research for their help and endorsement of the paper. If your organization focuses on these issues and would like to sign on, please contact us.

[Permalink]