DeepLinks Archives, 2006
Noteworthy news from around the internet.
Year-end 2006, Darknet Assumptions = True
Posted by Fred von LohmannWay back in November 2002, a set of Microsoft's senior-most security engineers wrote a paper that has come to be known as "the Microsoft Darknet Paper" (the company never endorsed it -- this was independent scholarship by the engineers). The paper explained why DRM for popular entertainment content would never work, so long as three assumptions remained true:
1. Any widely distributed object will be available to a fraction of users in a form that permits copying.
2. Users will copy objects if it is possible and interesting to do so.
3. Users are connected by high-bandwidth channels.
As we ring in 2007, here are a few year-end stories that illustrate, yet again, that the Darknet Assumptions remain vividly, indisputably, true.
Assumption #1: AACS DRM Cracked by BackupHDDVD Tool? All it takes is one leak, and DRM always leaks.
Assumption #2: 2.6 billion blank CDs were sold in 2006, as compared to 588 million CDs of recorded music, says the Philadelphia Inquirer. By the end of 2006, Apple will have sold a total of approximately 80 million iPods. Audio and video features are now a standard feature on hard-drive enclosures and in network attached storage (NAS) solutions; in fact, inexpensive routers and NAS enclosures now include Bit Torrent clients, so that the downloading can continue, even when your computer is turned off.
Assumption #3: A year-end review of trends in file-sharing, courtesy of Seattle Weekly, explains that users aren't just relying on P2P networks anymore, thanks to sharity blogs, YouTube (now downloadable, thanks to software tools), MySpace (again, downloadable), CD-Rs, and wireless sharing (ala Zune). And, according to Nielsen/NetRatings, 78% of Amercian Internet users now have high-speed connections at home, up from 65% in 2005.
Privacy Office Slams Secure Flight Testing, But Doesn't Call It Illegal
Posted by Marcia HofmannAccording to a report released today by the Department of Homeland Security Privacy Office, the Transportation Security Administration publicly misrepresented how it handled commercial data while testing the controversial Secure Flight program. "As ultimately implemented, the commercial data test conducted in connection with the Secure Flight program testing did not match TSA's public announcements," the Privacy Office said.
The Privacy Act of 1974 requires an agency to give public notice when it establishes or changes a system of records. The Privacy Office stopped short of explicitly saying that TSA violated the law during the testing, though did note, "However well-meaning, material changes in a federal program's design that have an impact on the collection, use, and maintenance of personally identifiable information of American citizens are required to be announced in Privacy Act system notices and privacy impact assessments."
Celebrate EFF's Sweet 16 on Jan. 11 in San Francisco!
Posted by Derek SlaterAll teenagers have big dreams for their sweet 16, and EFF is no different: we want to throw the Best Party Ever, we want a new car, and we want to secure your digital rights.
We're kidding about the car, but please do join EFF for a birthday bash to celebrate 16 years fighting for your rights. The party will be on January 11, 7-10 PM at 111 Minna Gallery in San Francisco. DJ Ripley and Kid Kameleon will be keeping the dancefloor hopping all night long.
A $20 donation gets you in the door. No one will be turned away for lack of funds, and all proceeds go toward our work defending your digital freedom.
This fundraiser is open to the general public. 21+ only, cash bar.
Please RSVP to events@eff.org or on Upcoming.org.
What:
EFF Sweet 16 Party
When:
January 11, 2007
7-10 PM
Where:
111 Minna Gallery
111 Minna Street
San Francisco, CA
94105
www.111minnagallery.com
Tel: (415) 974-1719
Help EFF Investigate Invasive Travel Screening Program
Posted by Derek SlaterFor several years, the Department of Homeland Security has been treating innocent travelers like suspected terrorists by using the Automated Targeting System (ATS) to assign them "risk assessment" scores. This invasive data-mining program was only recently revealed to the public, and EFF is attempting to document the system's effect on law-abiding individuals.
If you have experienced difficulties when entering or leaving the United States, we'd like to hear from you. We are particularly interested in hearing from folks who have had repeated problems, or have been told by government agents that they are on a "list" or that there is some unexplained "problem" that needs to be resolved. Please share your story with us by writing travel@eff.org and providing as much detail as possible. We will treat all responses confidentially and may contact you to follow-up.
Akaka-Sununu Bill Corrects Many Bad Aspects of Real ID Act
Posted by Hugh D'AndradeIn 2005, Congress hastily passed legislation that rolled back privacy rights and moved the country towards a national ID system. The REAL ID Act states that drivers' licenses will only be accepted for "federal purposes"—like accessing planes, trains, national parks, and court houses—if they conform to certain uniform standards. The law also requires a vast national database linking all of the ID records together. Estimated costs of $12 billion or more will be passed on to the states and, ultimately, average citizens in the form of increased DMV fees or taxes.
Thankfully, new bipartisan legislation could correct some of REAL ID's many flaws and add critical privacy and civil liberties safeguards. With the "Identification Security Enhancement Act of 2006," Senators Daniel Akaka (D-HI) and John Sununu (R-NH) would cancel most of the standardization that might have led to a national ID card, call for more flexible standards, require encryption of the data itself, and prohibit the use of ID data by third parties.
For more information on the problems with the Real ID Act of 2005, visit www.realnightmare.org.
State AGs Reach Settlement on Sony BMG Rootkit Debacle
Posted by Corynne McSherryOver a year since infecting CD purchasers' computers with flawed copy protection software, Sony BMG has reached a settlement with several state attorneys general (AGs) over the rootkit debacle. We've reviewed the Texas settlement agreement, which appears to be similar to agreements reached in other states, and it looks like the AGs used their investigatory and enforcement powers to obtain important additional relief for consumers.
Among other things, the settlement requires Sony BMG to compensate consumers whose computers were damaged by the XCP or Media Max software and to continue providing the settlement benefits obtained in the private litigation for an additional six months (through June 30, 2007).
Equally important are Sony BMG's future obligations. If Sony uses DRM on its CDs in the future, it will have to provide detailed pre- and post-sale disclosures to customers, provide an easy uninstaller, and notify consumers if it finds security flaws in the software.
Well done, AGs!
The Texas agreement is available here. Background regarding the Sony BMG litigation is available here.
UPDATE: The Federal Trade Commission has settled its case against Sony BMG as well, under terms similar to those of the state AG's agreements. The FTC agreement is available here.
E-Voting Whistleblower Deserves Medal, Gets Punished
Posted by Derek SlaterThe need for e-voting reform is now widely-recognized, as this Friday's front page story in the New York Times demonstrates. Along with many other people deserving credit for bringing this issue to the fore, you'd think that whistleblowers like Stephen Heller would be unanimously celebrated. Unfortunately, you'd be mistaken.
In 2004, Heller leaked documents showing that Diebold Election Systems used uncertified software in California elections even though it knew that doing so was likely illegal. The documents outraged voters and spurred instant media coverage for an issue that, at that time, was largely ignored. For defending Californians' fundamental right to vote, Heller deserves a medal from the state.
Instead, Heller has been facing criminal charges and threats by Diebold's lawyers to sue him for multimillion dollar damages. Last month, Heller accepted a plea agreement of three years probation and a $10,000 payment to lawyers at Jones Day.
This sad outcome could only be made worse if Heller's virtuous aims remain unfulfilled and votes continue to be cast on flawed machines. EFF is pushing for voting reform around the country, including in our recent lawsuit in Sarasota, Florida. You can support reform, too, by writing to your representatives through our Action Center.
Chertoff Shocked(!) at Privacy Uproar Over "Targeting" System
Posted by David SobelIn a fascinating article by Shane Harris in the National Journal, Homeland Security Secretary Michael Chertoff professes great surprise at the public uproar over the Automated Targeting System (ATS). He claims that he has discussed the "collection" and "analysis" of personal data -- including airline Passenger Name Records (PNR) -- "incessantly." The Secretary says that critics of the system -- which assigns "risk assessment" scores to all travelers, including U.S. citizens, and retains them for 40 years -- just haven't been paying attention:
"Yeah, they missed about 100 speeches that I gave," an exasperated Chertoff told National Journal on December 5. "I've talked about... PNR data and biographic data and using it to analyze and connect the dots about people before they come into the country; I have to have given at least 20 speeches about it."
Well, many of us have paid attention, and despite our best efforts, we've been unable to learn much about Homeland Security's collection and use of personal data.
Read on for more after the jump.
DRM Fading for Music: The Year in Review
Posted by Fred von LohmannAlmost exactly one year ago, I predicted the beginning of the end for DRM on digital music. Now EMI has announced the release of the new Norah Jones single on Yahoo! Music in DRM-free MP3 format (many will remember that Yahoo! has been urging the major labels to give up DRM).
So let's pause to recap the year in music DRM's slow demise, including:
- Rhapsody and Napster begin streaming to any browser;
- Major labels all give up on CD copy protection in US market in the wake of the Sony-BMG rootkit debacle;
- Major labels abandon DRM-laden SACD and DVD-A formats;
- Sony-BMG releases Jessica Simpson song in MP3;
- Disney's Hollywood Records releases Jesse McCartney album as MP3s;
- EMI artist Lily Allen releases new track as MP3;
- EMI releases Norah Jones and Reliant K tracks as MP3s;
- eMusic becomes the #2 online music store selling nothing but MP3 files from independent labels.
Here's to more of the same in 2007. As I said in December 2005, "once the DRM is gone, we can see what a real, robust, competitive digital music marketplace looks like."
URGENT: Spying Bill Could Let AT&T Off The Hook
Posted by Derek SlaterThe president and telephone companies are desperate to avoid accountability for the massive and illegal NSA program. Their latest trick: sneaking through a bill that could threaten cases like EFF's lawsuit against AT&T and let corporations off the hook for illegally assisting the government. We're now hearing credible rumors that the lame duck Congress could take up this proposal in the next three days.
Call your Senators now and tell them to stop the illegal spying.
When the newly-elected Congress takes office in January, key legislators may hold hearings to investigate the illegal spying program, and three federal courts have already rejected the government's bogus arguments shielding it. This latest proposal is a last-ditch effort to subvert such vigorous oversight.
And if you don't take action now, the Bush Administration and telephone companies might get away with it. Don't let that happen -- use our Action Center to find your Senators' phone numbers and take action now.
Update: Once again, you helped block this dangerous proposal -- the lame duck Congress adjourned early Saturday morning without passing any NSA spying legislation.
