DeepLinks Archives, August 2005
Noteworthy news from around the internet.
Next, MPAA Will Pass Stamp Act, Establish Discriminatory Levy on Tea
Posted by Derek SlaterQ. What does the Motion Picture Association (MPA) have in common with the pre-revolutionary colonial British?
A. They get to use general warrants.
General search warrants are part of what caused the American Revolution. Now it's the legal tool of choice for the movie industry in its war against copyright infringement -- or at least, the tool of choice in Delhi, India.
According to this press release from the international arm of the more familiar Motion Picture Association of America, the MPA "has obtained a general search and seizure warrants order covering the entire city. The order permits police to search any premises suspected of containing pirated products, and permits officers to open locked premises without delay."
These kinds of warrants are ripe for abuse. That's why they're prohibited in this country under the Fourth Amendment, which was prompted by British abuses of power during colonial times. The MPA has the right to go after those suspected of infringment all around the globe, but it should be ashamed of using tactics that ignore basic civil liberties.
Give the Government an Inch of CALEA and It Will Take a Mile of Privacy
Posted by Derek SlaterThe FCC is set to expand CALEA and force VoIP and broadband providers to make their networks wiretap-"friendly." Along with curbing technological innovation and passing along the costs to service providers and their customers, this casual expansion of surveillance powers poses a substantial privacy threat. If we want to see where the slippery slope leads, we need look no further than Italy.
According to a recent LA Times story, wiretaps in Italy are so easy to do that they're used routinely to snoop on millions of innocent people:
"Surreptitious listening is now so common in Italy that people with little or no connection to criminal cases have found themselves recorded and their private utterings made public in newspapers....
"One of Italy's largest cellphone companies complained this year that government-ordered taps — 7,000 at one time — had maxed out its technological capacity."
Expanding CALEA invites this kind of abuse, risking pervasive surveillance of private communication. As we note in our letter to Time magazine, additional surveillance isn't necessary to achieve legitimate law enforcement ends -- Internet service providers already cooperate with law enforcement to provide sufficient information under existing laws, and there's nothing to suggest that the FBI is having any trouble with compliance. The potential incremental benefit of extending CALEA to the Internet just isn't worth the inevitable, immense costs.
Time Magazine Swallows FBI Surveillance Story
Posted by Seth SchoenTime recently published a very brief -- even glib -- article [subscription required] on the FBI's push to expand the Communications Assistance for Law Enforcement Act (CALEA) to some Internet communications. The article is remarkably uncritical of law enforcement's claims, so we wrote a letter to the editor to give readers the whole story:
Your account of FBI efforts to embed wiretapping into the design of new Internet communication technologies ("Psst! The FBI is Having Trouble on the Line," Notebook, August 15) is in error.
You claim that police "can't tap into [Internet] conversations or identify the location of callers, even with court orders."
That is false. Internet service providers and VoIP companies have consistently responded to such orders and turned over information in their possession. There is no evidence that law enforcement is having any trouble obtaining compliance.
But more disturbingly, you omit entirely any reference to the grave threat these FBI initiatives pose to the personal privacy and security of innocent Americans. The technologies currently used to create wiretap-friendly computer networks make the people on those networks more pregnable to attackers who want to steal their data or personal information. And at a time when many of our most fundamental consititutional rights are being stripped away in the name of fighting terrorism, you implicitly endorse opening yet another channel for potential government abuse.
The legislative history of the Communications Assistance for Law Enforcement Act (CALEA) shows that Congress recognized the danger of giving law enforcement this kind of surveillance power "in the face of increasingly powerful and personally revealing technologies" (H.R. Rep. No. 103-827, 1994 U.S.C.C.A.N. 3489, 3493 [1994] [House Report]). The law explicitly exempts so-called information services; law enforcement repeatedly assured civil libertarians that the Internet would be excluded. Yet the FBI and FCC have now betrayed that promise and stepped beyond the law, demanding that Internet software be redesigned to facilitate eavesdropping. In the coming months, we expect the federal courts to rein in these dangerously expansive legal intepretations.
For more detailed information about CALEA, see our CALEA page and the CALEA FAQ.
EFF Launches Cooperating Techs Listserv - Take Two
Posted by Donna WentworthNot long ago we told you about our new "Cooperating Techs" listserv to help connect technologists with attorneys working on cases that are core to EFF's mission but beyond what we can handle in-house. After a couple of weeks with only a few responses, we realized we made a technical mistake with the email alias for signing up!
Now that we've recognized our error -- as well as the irony -- we've corrected the problem. If you're a technologist who'd like to apply your skills to the fight for digital civil liberties, please send -- or re-send - an email to cooptechs@eff.org. We promise that this time, your request will get through -- and you'll even get a confirmation notice to prove it!
For more information about how the list will work, check out the original announcement.
The Broadcast Flag Cannot Be Fixed
Posted by Derek SlaterYesterday, our colleagues at the Center for Democracy and Technology (CDT) published recommendations [PDF] for Congress should it choose to reinstate the broadcast flag, which EFF and a coalition of organizations defeated in court. While we admire CDT's tortured attempt to make the broadcast flag seem reasonable, its suggestions are flawed. That was inevitable--the broadcast flag is fundamentally flawed policy and should be scrapped entirely.
The broadcast flag simply cannot satisfy its stated objective: preventing widespread distribution of digital television content. The "ordinary user" might not be able to get around the restrictions, but it only takes one skilled user [DOC] to put an unencrypted copy online and make it instantly available to everyone.
The flag will, however, chill technological innovation. While less draconian than the FCC's original ruling in certain ways, CDT's proposal ultimately gives the FCC and Hollywood broad veto power over innovation.
The flag will also create significant incompatibilities between devices, especially the millions of HDTV devices consumers have already purchased. CDT would have us throw away our current TVs at the behest of Hollywood in the futile fight against online downloading. In fact, CDT's only "recommendation" to address this problem is to educate consumers on exactly how much of their equipment to dump and repurchase under the new regime. EFF believes consumers deserve better than to be told "tough luck"--they deserve to be able to use digital television content on the device of their choice, including those they've already purchased.
Consumers also should be able to use content for non-infringing uses, such as playback on their laptop or mobile device. CDT's proposal only contains a limited exception for consumer use when it relates to "critical" news or public affairs; that's not enough.
Don't let Congress misinterpret CDT's waffling on the flag as a change to the public's position. Tell your representatives that this flawed policy should be junked, not "fixed."
See also Public Knowledge's official response.
DRM By Any Other Name...
Posted by Donna WentworthYesterday, Sun Microsystems announced its new "Open Media Commons," with a goal of "[s]pecify[ing] open, royalty-free digital rights management and codec standards" to "ensur[e] intellectual property protection." The problem with this approach is that making DRM "open" and "royalty-free" doesn't make it any less damaging and counter-productive.
People have the legal right to make fair uses of content. They have the legal right to use materials in the public domain. They have the legal right to use publicly owned works, such as government-gathered facts. Any software system, open or not, that blocks us from making these legal uses of our digital content is bad, especially when the Digital Millennium Copyright Act (DMCA) makes it illegal for us to circumvent the copyright protection to make these legal uses.
This "Open Media Commons" says a lot about fostering sharing and so forth, but there's precious little to indicate that it will be any less threatening than the Microsoft DRM that it's supposed to challenge.
Using "commons" in the name is unfortunate, because it suggests an online community committed to sharing creative works. DRM systems are about restricting access and use of creative works. We wish that Sun's announcement brought better news for people worried about DRM taking away their rights, but it doesn't.
If you want to do something positive to protect your rights to use your media as you choose, visit EFF's action center and tell your representative to support the Digital Media Consumers' Rights Act (DMCRA, HR 1201). That bill would permit people to circumvent DRM on media in order to make a legal use of that media. Here's the link.
Update: For a discussion about the logical impossibility of a perfectly compatible, perfectly transparent DRM system, see Edward Felten's A Perfectly Compatible Form of Incompatibility.
You Can't Resell This Software Even if it Sucks
Posted by Corynne McSherryWhen seamstress Laura Flores first heard about a software product called Dress Shop that would help her make and print dress patterns, she was thrilled. At last, she could customize classic dress designs on her computer -- and, according to the ads, it would be "fast, fun and easy." At $400, Dress Shop wasn't cheap -- but it would be money well spent if the software lived up to the hype.
It didn't. Printing out the patterns in typing paper-sized sections and piecing them together was more trouble than it was worth. Fed up, Flores decided to cut her losses and put her copy of Dress Shop up for sale on eBay, including the key codes that allow the user to print out the patterns. She figured it would be easy enough, since she saw that someone else had already auctioned off their copy.
Little did she know that her troubles were just beginning. Not long after she put the software up on eBay, Flores started getting anonymous messages informing her that the End User License Agreement (EULA) she clicked through when she installed Dress Shop prohibited re-sale. Intimidated and unsure of her rights, Flores took it down -- though not before firing off a response to the anonymous poster stating that she was selling the software because it "sucks." She then contacted the person who had managed to auction off a copy, asking if they had a different EULA.
Nope. The other auctioneer had simply asked permission from Livingsoft, the maker of Dress Shop, and the company had granted it. Heartened, Flores contacted Livingsoft and asked for more information about the permissions policy. The president of the company, Robert Clardy, promptly responded with the information she requested -- and a sharp rebuke. He told her that she was free to sell her Dress Shop CD, but not the codes that would allow the user to print out the patterns. In other words, she couldn't sell what potential buyers would want the most.
Then Clardy told her Livingsoft does sometimes grant permission to re-sell the software with the codes, but only if the seller has a physical or financial necessity (e.g., an injury or family financial crisis) and asks permission "courteously" in advance, "acknowledging that they are requesting a favor rather than demanding a right." He told Flores that she hadn't demonstrated any "compelling need" and had already admitted that she was selling the software because it "sucks." (Yep, turns out the anonymous poster was Clardy himself.) In other words, Livingsoft lets customers resell software if they like it -- but if they dislike it, they must keep it forever.
Unfortunately, this isn't an isolated incident. It's yet another example of companies using EULAs in arbitrary ways to undermine consumer rights. In this case, Livingsoft isn't only enforcing its EULA capriciously, it's also trying to overwrite federal copyright law.
By forbidding re-sale, the Dress Shop EULA flies in the face of the longstanding, consumer-friendly exemption to copyright law called the "right of first sale doctrine," which says, in part, that "the owner of a particular copy lawfully made...is entitled, without the authority of the copyright owner, to sell or otherwise dispose of the possession of that copy." 17 U.S.C. 109(1). There's nothing in there about having to ask "courteously" to resell a copy.
Livingsoft shouldn't be permitted to undermine its customers' rights with this EULA -- especially since the company seems to be using the agreement to punish customers who think its software sucks.
Update: For more, see Ed Foster's piece, Last Stand for First Sale
What's the Urgency About Emergency 911?
Posted by Annalee NewitzEarlier this week, EFF joined a bunch of other groups -- the Center for Democracy and Technology, the Computer & Communications Industry Association, and Pulver.com -- in filing comments [PDF] before the FCC about how the agency should handle making Emergency 911 (E911) features available on next-generation IP phones. In its request for comment, the FCC asked a number of questions, including which new technologies should absolutely guarantee access to emergency services, where and how "automatic location technologies" should be deployed, and finally how users' privacy should be protected.
It's not hard to be sympathetic to the FCC's position here -- it wants to make sure the broadest array of commonly used communications devices can summon help quickly. The agency has already mandated that the plain old telephone system (POTS) be E911 compliant, which means among other things that the government guarantees a connection to local emergency services and has a way to locate where the emergency call originated. This setup has led to faster service for people whose lives are in danger.
Now that IP phones are becoming more and more common, however, the agency has to make some decisions about whether those devices should be E911 compliant too. In our joint comments, we argue that the FCC needs to be very hesitant to mandate E911 compliance in nascent technologies. When an IP phone looks like a traditional phone and connects to the POTS network, users might reasonably expect that it will have the same 911 functionality as other phones. But other devices, such as IP phones that never touch the POTS network and are operated via the speaker on a common laptop, should not be regulated. Nor should other applications like instant messengers that may carry voice but aren't a replacement for the telephone. Mandating expensive and strict regulations this early in the life cycle of these technologies could stop their development in its tracks.
Moreover, the FCC seems to be overstepping its bounds with these attempts to control IP networks that have little to do with the telephone system. Rather than overreaching, the FCC would do better to encourage vendors of communications devices to market 911 capabilities as a feature in their products. If an IP phone is 911-capable, that should draw consumers to it. If it isn't 911 capable, this should also be disclosed to consumers so that they can choose a device knowing what emergency services it offers.
When it does come time to start imposing E911 regulations on IP phones, the agency must consider user privacy. Part of E911 compliance means having the ability to figure out where people are when they use their computers. In the wrong hands, this information constitutes a gross invasion of privacy at best -- and is a source of genuine danger at its worst. We recommend strict regulations on who has the ability to locate the origin of IP phone calls. In addition, we suggest that users be able to control what information is sent about their locations and when.
Our main goal with these comments is to urge the agency to strike a sensible balance between privacy and public safety. But that doesn't always mean putting E911 regulations in place everywhere. Sometimes the public is best served by fostering less-regulated innovation and discouraging unnecessary surveillance. And certainly it's better served by making it difficult for anyone other than emergency workers to find out where IP phone callers live.
More on the Mother of Acrimonious Acronyms
Posted by Donna WentworthMarcia Coyle has the best piece yet on why applying CALEA to the Internet is a terrible idea: Wiretap the Net? Not So Fast (previous Deep Links coverage: The Mother of Acrimonious Acronyms).
Here's a bit that will be sure to interest librarians who've been fighting PATRIOT Section 215 and the Broadcast Flag (hyperlink, mine):
There are a number of collateral consequences to the FCC's order, said Perkins Coie's Gidari, counsel to education, library and other associations that opposed the FCC's decision.
"I don't think the commission had a clue that what they were saying affected other facilities-based providers," he said.
"A lot of companies and organizations make broadband available to their work force, students, faculties, researchers and others. That's why Congress holds hearings, to determine impact. The commission put out an order only carriers would pay attention to," Gidari said.
"The notion a librarian would have to do a wiretap and is subject to felony penalties if she discloses it, is amazing," he said.
"That's what CALEA requires -- you have to have a security office, security procedures. In truth, that won't happen because the library will be closed because it has no budget for this. That's why this issue is important."
Applying CALEA to the Internet is in many ways like a combo 215/Broadcast Flag -- in short, it's a technology mandate to make it easier for the government (and others) to spy on people. The kicker is that it's the customers/patrons/surveillance subjects themselves who will pay for it.
Laura Quilter on Google Print: Don't Embrace Limits to Fair Use
Posted by Donna WentworthAs has been widely reported, Google decided last week to hit the pause button on its ambitious Google Print library project to allow publishers to opt-out of scanning. The decision has sparked considerable debate, both about the copyright questions the project raises and Google's strategy for dealing with them. Here, Laura Quilter offers an especially compelling and thoughtful response, arguing that Google should move forward and that "it just doesn't make sense for information activists/copyfighters to start downwardly limiting various users' sets of rights." We couldn't agree more.
Excerpt:
Libraries should push fair use in the service and interests of their users, history, and humanity. But libraries are not the sole beneficiaries of fair use, nor should they be. For-profit corporations, not-for-profit corporations, heck, even tax-exempt religions — all should be able to exercise fair use broadly.
Well, Siva [Vaidhyanathan] says Google is not a library. It's true that Google is not the mom-and-apple-pie ALA version of a downtown library, complete with modern atrium and skylights for Mayoral gatherings. But I think we have to push on "library" for a bit. The Internet Archive is certainly a library. My home collection is certainly a library. (It even circulates, and I have remote storage, and I recently began a belated investment in DVDs.) Libraries may be private, semi-private, public; for- or not-for-profit; paper or digital. Why is Google not a library?
