Deeplinks Blogs related to Anonymity
Defending Anonymity Online: Legislation Would Give Does a New Weapon in Battle Against Frivolous Lawsuits
Posted by Corynne McSherryThe California Assembly took a crucial first step yesterday towards closing a significant gap in protection for anonymous speech online. One of the most pernicious threats to anonymity is the filing of bogus lawsuits as an excuse to force ISPs to reveal speakers’ identities. Once such a lawsuit is filed, speakers who want to protect their anonymity must find a way to pay a lawyer to go to court and prevent disclosure of their personal information. That can be a real hardship—in fact, even the threat of having to go to court may intimidate many people from speaking out in the first place.
Fortunately, Assembly member Paul Krekorian with co-authors Sally Lieber and Anthony Portantino introduced AB 2433 to help answer this problem. If AB 2433 becomes law, speakers who successfully oppose the use of bogus litigation to obtain their identities could also demand attorneys' fees. The bill has now passed the Assembly unanimously and is moving on to the Senate. EFF, the California AntiSLAPP project, and the California Newspaper Publishers Association are all supporters of this bill.
Californians have long had an extra layer of protection against these lawsuits. Thanks to California’s anti-SLAPP law (SLAPP stands for Strategic Lawsuits Against Public Participation) they can file a special motion to strike any cause of action based upon their speech or petition activity. Courts are required to strike the action unless the plaintiff can show a probability of prevailing on the merits. As a deterrent to abusive lawsuits, a defendant who successfully moves to strike can also seek attorney fees and court costs. This procedure has been very successful in preventing abusive lawsuits designed to chill speech and waste precious court resources.
The Anti-SLAPP law works fine to stop the abusive subpoena if the underlying lawsuit is filed in California. But there’s a loop-hole: If the underlying lawsuit is filed outside California, at least one California court has read the law narrowly and held the Anti-SLAPP law is unavailable. As a result, speakers and companies in California are exposed to frivolous satellite litigation without the shield of deterrence provided by the Anti-SLAPP law.
AB 2433 would close this loophole by amending California law to provide that individuals whose information is subpoenaed can move to quash the subpoena (i.e, to prevent production of the requested information) and, if they succeed, seek compensation for the costs of going to court.
A Free Speech Double Whammy: Flawed Anti-Phishing Bill Would Dilute Trademark Fair Use and Anonymity Protections
Posted by Corynne McSherryCongress is contemplating a so-called “Anti-Phishing Consumer Protection Act” (APCPA) that takes an odd view of consumer protection. In the name of stopping phishing schemes, Senator Olympia Snowe has introduced S. 2661, a bill that would expand trademark law, limit consumer access to information about competitive products, and eviscerate key protections for anonymous speech. Co-sponsors are Senators Bill Nelson and Ted Stevens (yes, THAT Ted Stevens).
The bill starts off relatively inoffensively by prohibiting the use of false information to solicit identifying data from a computer (this was already illegal, but we’ll let that go for now). But then it goes on to forbid the use of brand names in domain names, and the use of another’s domain name in emails, on websites, or in web ads. This prohibition is unnecessary: if the use of a brand name in a domain name is confusing, it is already actionable under trademark law. And it is dangerous because, unlike current federal trademark law, the APCPA does little to protect noncommercial and comparative advertising uses of trademarks. For example, U.S. trademark dilution law excludes noncommercial, parodic and comparative uses. Under the APCPA, however, noncommercial use is merely a factor to be “considered,” not a clear exclusion, and comparative use is not explicitly protected at all. Given that trademark law simply doesn’t apply to noncommercial uses of marks, such meager “protection” for noncommercial use is unacceptable. Moreover, it appears that the bill would give a new weapon to folks like Sanofi-Aventis, the pharmaceutical giant that tried to use trademark law to shut down a news site about a new and controversial drug, Acomplia, because the site (www.acompliareport.com) included the name of the drug.
To make matters worse, another provision allows any Tom, Dick or Harry to force domain name registrars to reveal a customer’s personally identifying information by simply sending an email alleging that the customer has violated the new law. No need to comply with the traditional legal niceties of, say, an actual filed lawsuit or a subpoena that might permit the customer to go to court to protect her anonymity. A mere allegation is enough.
Sure, phishing is a problem. But you don’t solve it by rewriting trademark law and depriving lawful speakers of the chance to keep their identities private. This ill-conceived legislation should be stopped in its tracks.
Arista v. Does 1-21: What's at Stake for the Rest of Us
Posted by Fred von LohmannAs if it weren't bad enough that the RIAA's lawsuits against file-sharers are futile, unfair, and immoral [PDF], they are also beginning to distort the law. In many of these cases, the recording industry is urging judges to accept controversial legal theories on the way to busting file sharers. It's not clear whether this is a tactical effort to cut legal corners to save money, or a strategic effort to build lower court precedents for use in other cases. Either way, these are frequently extremely unfair fights (such as in Atlantic v. Howell, where the defendant can't even afford a lawyer), and thus bad vehicles for making controversial new law. The judges simply aren't hearing both sides.
EFF is trying to do something about that.
Earlier this week, EFF filed an amicus brief [PDF] in Arista v. Does 1-21, a case against 21 Boston University students whose identities are being sought through a subpoena to the university. One of the anonymous students filed a motion to quash the subpoena, which is now pending before Judge Gertner in Boston. EFF filed the amicus brief on Monday, which was accepted by the judge yesterday.
EFF's brief in Arista v. Does 1-21 focuses on two issues that have been the subject of several EFF briefs in the past:
First Amendment Protection for Anonymous Speech: In many other cases, EFF has long fought hard to establish a baseline of constitutional protection for anonymous speech online. We've been successful, with courts recognizing that, where anonymous speech is concerned, you don't get to unmask someone just by having your lawyers file a meritless lawsuit in order to issue a subpoena. Instead, courts must make a preliminary inquiry to ensure that the suit has merit.
The RIAA, however, insists that their boilerplate complaints are enough to unmask anonymous file-sharers, even when completely unsupported by any specific evidence about the target. That's just flat wrong, as other courts have recognized [PDF]. But the RIAA keeps making the argument, without mentioning the First Amendment standard.
It may well be that the recording industry can meet the constitutional threshold here (as they have in other cases where they were forced to come forward with the evidence gathered by MediaSentry). But it's critical that the precedents don't get distorted to somehow treat copyright claims as exempt from the constitutional test that applies to every other sort of anonymous speech online. To understand the importance of consistently applying the right standard, imagine how this would work in a future case where a copyright owner was trying muzzle or intimidate an anonymous fair user (see, e.g., OPG v. Diebold, where Diebold tried to use bogus copyright claims to censor leaked documents off the Internet).
Distribution and "Making Available": In all of these cases, the recording industry is arguing that simply having a file in a shared folder makes you an infringer because you are "distributing" the file, even if no one has ever downloaded it from you. Huh? That sounds like attempted distribution, at best. That's not the law (and the Department of Justice has thus far failed in its efforts to change the Copyright Act to reach mere attempts).
This "making available" theory is wrong in two ways. First, as we've argued in other cases, distribution under the Copyright Act doesn't apply to electronic transmissions. Second, even if it does, the copyright owner has to prove that an actual distribution occurred -- it's not enough to say it could have happened.
This doesn't leave the recording industry without a weapon -- everyone agrees that file sharing involves the making of unauthorized copies of songs. It's just that the recording industry doesn't want to have to go to the trouble of gathering and introducing evidence of copying in court (like everyone else does). It's much easier to rely exclusively on MediaSentry's downloads from each defendant -- that way there is no need to know anything about the defendant.
The trouble with this is the precedent it sets for the future. Already, the recording industry has sued XM as a "distributor" because they transmit satellite radio to subscribers who have recording devices. The movie industry also pressed this "making available" theory against Google [PDF], reasoning that just linking to something online "makes it available." Fortunately, courts in these high profile cases have not taken the bait. But if the RIAA racks up a string of contrary precedents in file sharing cases, the next lawsuit against XM or Google might come out differently.
The trouble for those who are hoping to prevent these kinds of distorted precedents is that it's hard to keep up with all of the more than 20,000 lawsuits (and litigation threats) that have been brought by the recording industry. With any luck, one of the judges will sit down and write a strong opinion letting the RIAA know that it can't use overmatched file-sharers to reshape the law to their liking.
Between Friends: The Perils of Centralized Blogging
Posted by Danny O'BrienOne of the paradoxes of current social software is how many of your closely-guarded secrets you are obliged to entrust to a third party. Take the social blogging site LiveJournal: its centralized server allows you to set blog posts to "friends only" or "private". To use this feature, you post these semi-confidential journal entries to LiveJournal's server, and rely on it to hide your thoughts from the most of the world using its centrally-maintained list of friends to control access. LiveJournal holds your secret data in trust, as much as you trust it to keep your public data available.
We give these companies a great deal of control over our privacy and our speech - and even if we trust that company with those responsibilities now, there are no guarantees that the pressures upon and motivations of that company will stay constant over time.
The news that LiveJournal has been sold to SUP, a Moscow-based company, is the latest vivid indication of this danger. Now, LiveJournal journal entries are under the control of not only a young new company, but a new jurisdiction: Russia. What does that mean for the privacy of LiveJournal posts, and the free expression of LiveJournal users?
Despite strong protections in the Constitution and the Electronic Communication Privacy Act, United States law is by no means a perfect guarantor of privacy. It surprises many people to learn that U.S. courts have in the past decided that the simple act of handing data over to a company removes many of your constitutional protections over that data (though statutory protections remain).And, despite the United State's long tradition of being a free speech-friendly country, Six Apart, in an apparent attempt to fend off external domestic pressure, has removed content and cancelled accounts in an arbitrary manner that could easily chill speech among its users.
Countries like Russia have, legally and culturally, weaker protections over privacy and free speech than many users might have come to expect. Legal considerations aside, LiveJournal may come under far more intense pressure when run from Moscow than from the United States. The site is very popular among Russian-speakers (the common word for blog in Russian is taken from the site's name), and is used by opposition politicians there as much as by enthusiastic fan-fiction authors. The political status of free expression in Russia is on shakier ground, with journalists, online and off, assaulted and threatened by the authorities.
LiveJournallers, already disturbed by acts of control by Six Apart, could well find themselves caught up in far nastier fights over the public and private content held by SUP's servers. That's of particular concern for Russian users, or the many Russia-speaking LJers in the former-Soviet republics that surround Russia, who do not necessarily trust the political or business culture of Moscow.
Fortunately, for those concerned by the implications, LiveJournal's legacy in the world of open source and open standards means that extracting data from the service is not as painful as it might otherwise be.
But for now, the most important lesson for Americans and Russians alike, is to be cautious about with who and where you share your secrets. The Internet has given us the opportunity to make public and secure our own data; hopefully the next generation of social software will give us the tools to use these capabilities for ourselves, rather than entrust the responsibility to others.
