Skip to main content

Press Room

Press Room

April 3, 2006

Patent Office Orders Reexamination at EFF's Request

San Francisco - At the request of the Electronic Frontier Foundation (EFF), the US Patent and Trademark Office (PTO) today agreed to reexamine an illegitimate patent held by Clear Channel Communications. The patent -- for a system and method of creating digital recordings of live performances -- locks musical acts into using Clear Channel technology and blocks innovations by others.

"The Patent Office agrees that there are serious questions about the patent's validity," said EFF Staff Attorney Jason Schultz. "This is a significant victory for artists and innovators harmed by Clear Channel's patent and for anyone concerned about overreaching, illegitimate patents."

Clear Channel now has two months to file comments defending its patent, to which EFF will get to respond. The PTO will then determine whether to invalidate the patent. In roughly 70% of instances like this one in which a request for reexamination is granted, the patent is narrowed or completely revoked.

"Patents serve an important role in our economy," said Schultz. "Keeping illegitimate patents out of that system benefits all of us, helping up-and-coming artists and entrepreneurs."

EFF filed the request for reexamination in conjunction with Theodore C. McCullough of the Lemaire Patent Law Firm and with the help of students at the Glushko-Samuelson Intellectual Property Clinic at American University's Washington College of Law. The Clear Channel patent challenge is part of EFF's Patent Busting Project, aimed at combating the chilling effects bad patents have on public and consumer interests. The Patent Busting Project seeks to document the threats and fight back by filing requests for reexamination against the worst offenders.

For more information about EFF's request and Clear Channel's patent:
https://www.eff.org/patent/wanted/patent.php?p=clearchannel

For EFF's Patent Busting Project:
https://www.eff.org/patent/

Contacts:

Jason Schultz
Staff Attorney
Electronic Frontier Foundation
jason@eff.org

Theodore C. McCullough
Attorney
Lemaire Patent Law Firm

Related Issues:
March 31, 2006

DOJ Demands First Look at Documents It Claims Might Be Classified

San Francisco - The Electronic Frontier Foundation (EFF) filed a motion for a preliminary injunction in its class-action lawsuit against AT&ampT today. However, much of the evidence that was to be included in the motion—as well as the legal arguments based on that evidence—was held back temporarily at the request of the Department of Justice (DOJ). While the government is not a party to the case, DOJ attorneys told EFF that even providing the evidence under seal to the court—a well-established procedure that prohibits public access and permits only the judge and the litigants to see the evidence—might not be sufficient security.

EFF's motion seeks to stop AT&ampT from violating the law and the privacy of its customers by disclosing to the government the contents of its customers' communications, as part of the National Security Agency's (NSA's) massive and illegal program to wiretap and data-mine Americans' communications. The motion was supported by a number of internal AT&ampT documents that the government now claims might include classified information.

EFF will seek the Court's permission to publicly release the preliminary injunction motion and supporting documents, and hopes to have redacted versions available after further discussions with the government.

"Openness in court proceedings is fundamental to a free society," said EFF Staff Attorney Kurt Opsahl. "The facts supporting our motion are not classified and are important to the public debate over the propriety of the NSA domestic spying program. The public deserves to know the truth."

The NSA program came to light in December, when the New York Times reported that the President had authorized the agency to intercept telephone and Internet communications inside the United States without the authorization of any court. Over the ensuing weeks, it became clear that the NSA program has been intercepting and analyzing millions of Americans' communications, with the help of the country's largest phone and Internet companies, including AT&ampT. This surveillance is ongoing, and today's injunction motion seeks to stop the spying while the case is pending.

"AT&ampT's wholesale diversion of communications into the hands of the NSA violates federal wiretapping laws and the Fourth Amendment," said EFF Staff Attorney Kevin Bankston. "More than just threatening individuals' privacy, AT&ampT's shameful choice to allow the government to spy on millions of ordinary Americans' communications is a threat to the Constitution itself. We are asking the Court to put a stop to it now."

In the lawsuit, EFF is representing the class of all AT&ampT residential customers nationwide. Working with EFF in the lawsuit are the law firms Traber &amp Voorhees, Lerach Coughlin Stoia Geller Rudman &amp Robbins LLP and the Law Office of Richard R. Wiebe.

For the motion for preliminary injunction:
Brief and some evidence NOT AVAILABLE BY DOJ REQUEST

For more on EFF's suit:
http://www.eff.org/legal/cases/att/

Contact:

Rebecca Jeschke
Media Coordinator
Electronic Frontier Foundation
press@eff.org

Related Issues:
March 13, 2006

EFF and Other Groups Call for Bills' Withdrawal

San Francisco - A diverse coalition of companies, public interest organizations, and legal scholars, including the Electronic Frontier Foundation (EFF), craigslist, Public Citizen, the US Internet Industry Association (USIIA), the Center for Democracy and Technology (CDT) and Professors Lyrissa C. Barnett Lidsky and Jennifer M. Urban, sent an open letter today to three New Jersey assemblymen, urging them to withdraw their support from two bills designed to eliminate anonymous online speech.

Assembly bills A1327 and A2623 would require Internet service providers to record users' identities and reveal them in any claim of defamation. While aimed at curbing online bad actors, the bills instead run afoul of the First Amendment—which protects the right to speak anonymously—as well as a federal law designed to protect speech in online fora. The bills would require identification of an online poster before the facts were resolved, leading to a flood of unsubstantiated claims designed simply to unmask online speakers.

"Protecting anonymity is vital to maintaining the diversity of viewpoints on the Internet," said EFF Staff Attorney Kurt Opsahl. "Keeping online debates robust enables democracy, even if it allows name-calling and strongly worded opinions about political figures."

The open letter calls for Assemblymen Peter J. Biodi, Wilfredo Caraballo, and Upendra J. Chivukula not to waste taxpayer resources in defending these bills that will inevitably be struck down in court. New Jersey courts are already handling claims of defamation online in a careful and constitutionally appropriate manner, balancing a speaker's anonymity rights with the merits of the plaintiff's claim. The well-established standard in New Jersey and elsewhere for deciding whether to order the identification of anonymous defendants has functioned well to separate ill-founded lawsuits from cases in which identification is appropriate.

As evidence of this balanced approach, the open letter points to the cases available for review on a web site maintained by the Cyberslapp Coalition—several of whose members signed the open letter—at www.cyberslapp.org. The Cyberslapp web site provides briefs, evidence, and opinions from nearly four dozen "John Doe" cases in which the standard has been discussed and applied. The site, which permits search both by keyword and by state of decision, is provided free of charge as a resource for litigants on both sides of Doe disputes.

For the full text of the open letter:
http://eff.org/Privacy/Anonymity/NewJerseyLetter.pdf

The Cyberslapp Coalition:
http://www.cyberslapp.org

Contact:

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

Related Issues:
March 7, 2006

30,000 Email Users Sign Open Letter

San Francisco - Despite AOL's attempt to divide its critics, the DearAOL.com Coalition announced Monday it has grown tenfold from 50 organizations to more than 500 as it fights AOL's controversial plan to create a two-tiered Internet that leaves the little guy behind.

Last week, AOL's proposed "email tax" came under fire from a coalition of political groups on the left and right, businesses and non-profits, charities, and Internet advocacy organizations. More than 400 publications around the world published articles about AOL's plan to allow large mass-emailers to pay to bypass AOL's spam filters and get guaranteed delivery directly into the inboxes of AOL customers—leaving the little guy behind with increasingly unreliable second-tier Internet service.

In just several days, the DearAOL.com Coalition grew to include everything from babysitting co-ops to pony clubs, from farmers markets to biker dailies, from Hawaiian skateboard makers to church groups—demonstrating that small, large, ordinary and extraordinary groups depend on free email delivery. All coalition members are located at www.dearaol.com.

Clearly worried by the coalition's growing momentum, AOL on Friday tried to repackage its already existing "Enhanced Whitelist" as if it were a new program for nonprofits. It also tried to divide the coalition with an offer to give special email privileges to some "qualified" nonprofits while leaving other non-profits, charities, small businesses, and even neighbors with community mailing lists behind. Neither of these addresses the core of the problem: AOL's increased financial incentive to downgrade ordinary email delivery.

"I don't take bribes," said Gilles Frydman, Executive Director of the Association of Cancer Online Resources, a free nonprofit online service for cancer patients. "The solution is not AOL offering a few of us service for free in exchange for our silence—the solution is preserving equal access to the free and open Internet for everyone."

If anything, the net result of AOL's Friday announcement was that they conceded the central point of the DearAOL.com Coalition.

"By offering to move a few of the little guys from the losers circle to the winners circle, AOL conceded the broader point of our coalition—that AOL's would create a two-tiered Internet that leaves many behind with inferior service," said Adam Green, a spokesperson for MoveOn.org Civic Action.

This weekend, the San Jose Mercury News exposed this reality in an editorial entitled, "Paid e-mail will lead to separate, unequal systems free systems will become neglected." It identified AOL's threat to the "free and open" Internet this way: "the temptation would be to neglect the free e-mail system, whose reliability would decline. Eventually, everyone would migrate to the fee-based system. There would be no way around the AOL tollbooth."

"Perversely, AOL's pay-to-send system would actually reward AOL financially for degrading free email for regular customers as they attempt to push people into paid-mail," said Danny O'Brien, Activism Coordinator for the Electronic Frontier Foundation. "AOL should be working to ensure its spam filters don't block legitimate mail, not charging protection money to bypass those filters and offering band-aids to allow some select nonprofits to bypass them as well."

"AOL's pay-to-send scheme threatens the free and open Internet as we know it," said Timothy Karr, campaign director of Free Press, a national, nonpartisan media reform organization. "The Internet needs to be a level playing field. The flow of online information, innovation and ideas is not a luxury to be sold off to the highest bidder."

The DearAOL.com Coalition:
http://www.dearaol.com

San Jose Mercury News editorial:
http://www.mercurynews.com/mld/mercurynews/news/opinion/14023726.htm

Contact:

Danny O'Brien
Activism Coordinator
Electronic Frontier Foundation
danny@eff.org

Related Issues:
February 24, 2006

National Conference Call - Tuesday, 1pm EST

This Tuesday, an unlikely coalition of left and right, non-profits and small businesses, and Internet advocacy groups will hold a national telephone news conference call to announce an unprecedented combined campaign against AOL's new "pay-to-send" email proposal – which amounts to an "email tax."

To RSVP for the call, please email Alex@Fenton.com. Space is limited.

Under AOL's recently announced "certified email" proposal, large emailers willing to pay an "email tax" can bypass spam filters and get guaranteed access to people's inboxes—with their messages having a preferential high-priority designation. Charities, small businesses, civic organizing groups, and even families with mailing lists will have no guarantee that their email will be delivered unless they are willing to pay the "email tax" to AOL. AOL's proposed pay-to-send system is the first step down the slippery slope toward dividing the Internet into two classes of users—those who get preferential treatment and those who are left behind. The Internet is a force for democracy and economic innovation because it is open to all Internet users equally – AOL's "email tax" would create an unlevel playing field and harm the Internet forever.

Tuesday's 1pm EST conference call will be co-hosted by Internet free speech advocates the Electronic Frontier Foundation and media policy group Free Press. Participants will include Craig Newmark of Craiglist and representatives from the Gun Owners of America, MoveOn.org Civic Action, and the Association of Cancer Online Resources. Dozens of other concerned groups will be announced on the call as members of the coalition, and details about the campaign will be announced on the call.

WHAT: Conference call to announce campaign against AOL's "email tax"
WHO: Co-hosts: Electronic Frontier Foundation &amp Free Press
PARTICIPANTS: Craig Newmark (Craigslist), Gun Owners of America, MoveOn.org Civic Action, the Association of Cancer Online Resources
WHEN: Tuesday, February 28, 2006 – 1PM EST
RSVP: Please email Alex@Fenton.com. Space is limited.

Contacts:

Trevor Fitzgibbon or Alex Howe
Fenton Communications
alex@fenton.com

Rebecca Jeschke
Media Coordinator
Electronic Frontier Foundation
rebecca@eff.org

Related Issues:
February 16, 2006

EFF Urges Consumers to Claim Clean CDs and Extra Downloads

San Francisco - The Electronic Frontier Foundation (EFF) is urging music fans who purchased Sony BMG music CDs containing flawed digital rights management (DRM) to submit their claims now for clean CDs and extra downloads as part of a class action lawsuit settlement.

"This settlement gives consumers what they thought they were buying in the first place -- clean, safe music that will play on their computers and their iPods as well as their stereo systems," said EFF Staff Attorney Kurt Opsahl.

Anyone who purchased Sony BMG CDs that included First4Internet XCP and SunnComm MediaMax software can receive the same music without DRM. Some will also get downloads of other Sony BMG music from several different services, including iTunes. Music fans have through the end of the year to participate in the settlement, and they should receive their compensation within six to eight weeks of submitting their claim forms. Customers can find out more about the settlement and how to submit their claims at http://www.eff.org/sony.

The problems with the Sony BMG CDs surfaced when security researchers discovered that XCP and MediaMax installed undisclosed--and in some cases, hidden--files on users' Windows computers, potentially exposing music fans to malicious attacks by third parties. The infected CDs also communicated back to Sony BMG about customers' computer use without proper notification.

In addition to compensating consumers, Sony BMG was forced to stop manufacturing CDs with both First4Internet XCP and SunnComm MediaMax software. The settlement also waives several restrictive end user license agreement (EULA) terms and commits Sony BMG to a detailed security review process prior to including any DRM on future CDs.

"This settlement got music fans a fair shake in exchange for a raw deal," said EFF Staff Attorney Corynne McSherry. "If you were upset about this DRM debacle, submitting your claim is one way to show the entertainment industry that you want to be treated with respect and fairness."

EFF and its co-counsel--Green Welling LLP, Lerach, Coughlin, Stoia, Geller, Ruchman and Robbins, and the Law Offices of Lawrence E. Feldman and Associates--along with a coalition of other plaintiffs' class action counsel, reached the settlement after negotiations with Sony BMG in December of 2005.

To submit your claim:
http://www.eff.org/sony

For litigation documents and frequently asked questions:
http://www.eff.org/IP/DRM/Sony-BMG/

Contacts:

Corynne McSherry
Staff Attorney
Electronic Frontier Foundation
corynne@eff.org

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

Related Issues:
February 15, 2006

EFF Calls for Limits on Data Collection and Retention

San Francisco - As Congressional hearings about how U.S. Internet companies do business in China are set to begin, the Electronic Frontier Foundation (EFF) is calling for the industry and government to work together to develop simple guidelines to decrease the harm done by participating in authoritarian regimes.

"Without careful thought, even well-meaning Internet companies can become the handmaidens of state repression. Internet routers can be turned into powerful wiretapping tools," said EFF Activism Coordinator Danny O'Brien. "Web servers and search engines can become honeypots of personal data, plundered by state police to identify dissidents."

In an open letter to the Subcommittee on Africa, Global Human Rights, and International Operations and the Subcommittee on Asia and the Pacific, EFF says the best course of action for companies concerned about human rights violations and censorship is to avoid repressive countries all together. However, EFF believes that companies deciding to go forward can mitigate some of the harm.

"In considering how these companies might construct their services to best serve global human rights, we believe that simple guidelines, consciously followed, could significantly limit the damage caused by corporate engagement with these regimes," said EFF Legal Director Cindy Cohn.

EFF's letter gives five courses of action for companies and the US government to consider, including restricting the collection and storage of personal data in oppressive regimes, "bearing witness" and documenting acts of state control, innovating around censorship, and offering encrypted connections to their web services by default.

The joint Subcommittee hearing, "The Internet in China: A Tool for Suppression?" begins Wednesday at 10am EST.

For EFF's open letter:
http://www.eff.org/deeplinks/archives/004410.php

Contacts:

Danny O'Brien
Activism Coordinator
Electronic Frontier Foundation
danny@eff.org

Cindy Cohn
Legal Director
Electronic Frontier Foundation
cindy@eff.org

Related Issues:
February 14, 2006

Illegitimate Patent Locks In Artists and Threatens Innovators

San Francisco - The Electronic Frontier Foundation (EFF) filed a challenge Tuesday to an illegitimate patent from Clear Channel Communications. The patent -- for a system and method of creating digital recordings of live performances -- locks musical acts into using Clear Channel technology and blocks innovations by others.

Clear Channel claims that its patent creates a monopoly on all-in-one technologies that produce post-concert live recordings on digital media and has threatened to sue anyone who makes such recordings with a different system. This has forced bands like the Pixies into using Clear Channel's proprietary technology, and it hurts investment and innovation in new systems developed by other companies.

"Clear Channel shouldn't be able to intimidate artists with bogus intellectual property," said EFF Staff Attorney Jason Schultz. "We hope the Patent Office will take a hard look at Clear Channel's patent and agree that it should be revoked."

The request for reexamination filed with the United States Patent and Trademark Office shows that a company named Telex had in fact developed similar technology more than a year before Clear Channel filed its patent request. EFF, in conjunction with Theodore C. McCullough of the Lemaire Patent Law Firm and with the help of students at the Glushko-Samuelson Intellectual Property Clinic at American University's Washington College of Law, wants the patent office to revoke the patent based on this and other extensive evidence.

"The patent system serves an important public purpose in our economy," said Schultz. "Keeping illegitimate patents out of that system helps up-and-coming artists and entrepreneurs succeed for all of us."

The Clear Channel patent challenge is part of EFF's Patent Busting Project, aimed at combating the chilling effects bad patents have on public and consumer interests. Illegitimate patents currently in effect could prevent you from building a hobbyist website or even streaming a wedding video to your friends. The Patent Busting Project seeks to document the threats and fight back by filing requests for reexamination against the worst offenders.

For the full reexamination request:
http://www.eff.org/patent/wanted/clearchannel/CC_reexam.pdf

For more on the evidence against Clear Channel:
http://www.eff.org/patent/wanted/patent.php?p=clearchannel

Contacts:

Jason Schultz
Staff Attorney
Electronic Frontier Foundation
jason@eff.org

Theodore C. McCullough
Attorney
Lemaire Patent Law Firm

Related Issues:
February 10, 2006

Awards Recognize Leaders on the Electronic Frontier

San Francisco - The Electronic Frontier Foundation (EFF) is calling for nominations for its 2006 Pioneer Awards -- the annual celebration of leaders on the electronic frontier who extend freedom and innovation in the realm of information technology. Past winners have included Tim Berners-Lee, Linus Torvalds, and Ed Felten.

Pioneer Awards nominations are open to individuals or organizations from any country. Nominations are reviewed by a panel of judges chosen for their knowledge of the technical, legal, and social issues associated with information technology.

This year's award ceremony will be held in Washington, DC, in conjunction with the Computers, Freedom and Privacy conference (CFP), which takes place in early May. Persons or representatives of organizations receiving an EFF Pioneer Award will be invited to attend the ceremony at EFF's expense.

How to Nominate Someone for a 2006 Pioneer Award:

You may send as many nominations as you wish by email to pioneer@eff.org, but please use one email per nomination. We will accept nominations until March 1, 2006.

Simply tell us:
1. The name of the nominee
2. The phone number or email address or website by which the nominee can be reached, and, most importantly
3. Why you feel the nominee deserves the award.

Nominee Criteria:

There are no specific categories for the EFF Pioneer Awards, but the following guidelines apply:
1. The nominees must have contributed substantially to the health, growth, accessibility, or freedom of computer-based communications.
2. To be valid, all nominations must contain your reason, however brief, for nominating the individual or organization and a means of contacting the nominee. In addition, while anonymous nominations will be accepted, ideally we'd like to contact the nominating parties in case we need further information.
3. The contribution may be technical, social, economic, or cultural.
4. Nominations may be of individuals, systems, or organizations in the private or public sectors.
5. Nominations are open to all (other than current members of EFF's staff and executive board or this year's award judges), and you may nominate more than one recipient. You may also nominate yourself or your organization.

More on the EFF Pioneer Awards:
http://www.eff.org/awards/pioneer/

Contact:

Katina Bishop
Projects Coordinator
Electronic Frontier Foundation
katina@eff.org

February 9, 2006

Consumers Should Not Use New Google Desktop

San Francisco - Google today announced a new "feature" of its Google Desktop software that greatly increases the risk to consumer privacy. If a consumer chooses to use it, the new "Search Across Computers" feature will store copies of the user's Word documents, PDFs, spreadsheets and other text-based documents on Google's own servers, to enable searching from any one of the user's computers. EFF urges consumers not to use this feature, because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password.

"Coming on the heels of serious consumer concern about government snooping into Google's search logs, it's shocking that Google expects its users to now trust it with the contents of their personal computers," said EFF Staff Attorney Kevin Bankston. "If you use the Search Across Computers feature and don't configure Google Desktop very carefully—and most people won't—Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index. The government could then demand these personal files with only a subpoena rather than the search warrant it would need to seize the same things from your home or business, and in many cases you wouldn't even be notified in time to challenge it. Other litigants—your spouse, your business partners or rivals, whoever—could also try to cut out the middleman (you) and subpoena Google for your files."

The privacy problem arises because the Electronic Communication Privacy Act of 1986, or ECPA, gives only limited privacy protection to emails and other files that are stored with online service providers—much less privacy than the legal protections for the same information when it's on your computer at home. And even that lower level of legal protection could disappear if Google uses your data for marketing purposes. Google says it is not yet scanning the files it copies from your hard drive in order to serve targeted advertising, but it hasn't ruled out the possibility, and Google's current privacy policy appears to allow it.

"This Google product highlights a key privacy problem in the digital age," said Cindy Cohn, EFF's Legal Director. "Many Internet innovations involve storing personal files on a service provider's computer, but under outdated laws, consumers who want to use these new technologies have to surrender their privacy rights. If Google wants consumers to trust it to store copies of personal computer files, emails, search histories and chat logs, and still 'not be evil,' it should stand with EFF and demand that Congress update the privacy laws to better reflect life in the wired world."

For more on Google's data collection:
http://news.com.com/FAQ+When+Google+is+not+your+friend/2100-1025_3-6034666.html?tag=nl http://www.boston.com/news/nation/articles/2006/01/21/google_subpoena_roils_the_web http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2006/01/20/EDGEPGPHA61.DTL http://news.com.com/%20Bill+would+force+Web+sites+to+delete+personal+info/2100-1028_3-6036951.html

Contact:

Kevin Bankston
Staff Attorney
Electronic Frontier Foundation
bankston@eff.org

Related Issues:
February 2, 2006

SunnComm Agrees to Terms of EFF Open Letter

San Francisco - In response to an open letter written by the Electronic Frontier Foundation (EFF), SunnComm Technologies, Inc., has outlined what it has done and will do to address potential security problems caused by its MediaMax CD copy-protection software and to help protect against future vulnerabilities. Use of the software on CDs released by Sony BMG has received significant media attention, but many consumers are unaware that the software was also used by several independent music labels.

SunnComm says it will ensure that future versions of MediaMax will not install when the user declines the end user license agreement (EULA) that appears when a CD is first inserted in a computer CD or DVD drive. SunnComm has also agreed to include uninstallers in all versions of MediaMax software, to submit all future versions to an independent security-testing firm for review, and to release to the public the results of the independent security testing. SunnComm and EFF are discussing how to ensure that legitimate security researchers who have been, are, or will be working to identify security problems with MediaMax will not be accused of copyright violations under the Digital Millennium Copyright Act (DMCA).

In January, SunnComm published a complete list of all music CDs that employ the MediaMax technology and sent a letter to the independent labels using MediaMax with information about a security vulnerability in MediaMax version 5. Music label Sony BMG has separately committed to addressing security concerns arising from CDs using MediaMax.

"We are pleased to be working with EFF to ensure that consumers are notified of this potential vulnerability and our update," said acting SunnComm President and Chief Executive Officer Kevin Clement. "As a software company, we are committed to developing high-quality products and promptly addressing any potential vulnerability, and we appreciate this opportunity to help lead the industry in the development of best practices for both quality and security."

"EFF applauds SunnComm's commitments to better security and privacy practices," said EFF Staff Attorney Kurt Opsahl. "While we continue to disagree with SunnComm on the wisdom of CD copy protection in general, we are pleased that it has taken important steps to notify consumers of the security vulnerability and help resolve the security and privacy issues raised by the MediaMax software."

EFF wrote the open letter to SunnComm because of its concerns about the MediaMax software, which is included with a wide variety of music from independent labels, such as Cuban Link's "Chain Reaction" by Men of Business Records, Peter Cetera's "You Just Gotta Love Christmas" by Viastar Records, and several releases on KOCH Records.

The problems with MediaMax came to light in November and December 2005, after independent security analysts discovered problems on Sony BMG CDs that included MediaMax. EFF and others subsequently brought legal actions against Sony BMG based on its distribution of the MediaMax titles, and a settlement in that case provided a remedy for music fans who bought Sony BMG MediaMax CDs. SunnComm's response to EFF's open letter commits the company to addressing the potential vulnerability for fans who bought such CDs on independent labels and to a continuing process that should help protect fans against future vulnerabilities.

EFF's open letter to SunnComm:
http://www.eff.org/deeplinks/archives/004245.php

SunnComm's response:
http://www.eff.org/IP/DRM/Sony-BMG/response-to-open-letter.pdf

List of CDs with SunnComm MediaMax 5:
http://www.sunncomm.com/CD/List_CD_B.html

List of CDs with SunnComm MediaMax 3:
http://www.sunncomm.com/CD/List_CD_A.html

Contact:

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

Related Issues:
January 31, 2006

Telecom Collaborated with NSA to Spy on Customers

San Francisco - The Electronic Frontier Foundation (EFF) filed a class-action lawsuit against AT&ampT Tuesday, accusing the telecom giant of violating the law and the privacy of its customers by collaborating with the National Security Agency (NSA) in its massive and illegal program to wiretap and data-mine Americans' communications.

The NSA program came to light in December, when the New York Times reported that the president had authorized the agency to intercept telephone and Internet communications inside the United States without the authorization of any court. Over the ensuing weeks, it became clear that the NSA program has been intercepting and analyzing millions of Americans' communications, with the help of the country's largest phone and Internet companies.

Reporting has also indicated that those same companies—and AT&ampT specifically—have given the NSA direct access to their vast databases of communications records, including information about whom their customers have phoned or emailed with in the past. And yet little has been accomplished by this illegal spying: recent reports have shown that the data from this wholesale surveillance has done little more than waste FBI resources on dead leads.

"The NSA program is apparently the biggest fishing expedition ever devised, scanning millions of ordinary Americans' phone calls and emails for 'suspicious' patterns, and it's the collaboration of US telecom companies like AT&ampT that makes it possible," said EFF Staff Attorney Kevin Bankston. "When the government defends spying on Americans by saying, 'If you're talking to terrorists we want to know about it,' that's not even close to the whole story."

In the lawsuit, EFF alleges that AT&ampT, in addition to allowing the NSA direct access to the phone and Internet communications passing over its network, has given the government unfettered access to its over 300 terabyte "Daytona" database of caller information—one of the largest databases in the world.

"AT&ampT's customers reasonably expect that their communications are private and have long trusted AT&ampT to follow the law and protect that privacy. Unfortunately, AT&ampT has betrayed that trust," said EFF Senior Staff Attorney Lee Tien. "At the NSA's request, AT&ampT eviscerated the legal safeguards required by Congress and the courts with a keystroke."

By opening its network and databases to unrestricted spying by the government, EFF alleges that AT&ampT has violated the privacy of AT&ampT customers and the people they call and email, as well as broken longstanding communications privacy laws.

While other organizations are suing the government directly, EFF is seeking to protect Americans' privacy by stopping the collaboration of AT&ampT with the illegal NSA spying program and making it economically impossible for AT&ampT to continue to give its customers' information to the government.

"Congress has set up strong laws protecting the privacy of your communications, strictly limiting when telephone and Internet companies can subject your phone calls to government scrutiny," said EFF Staff Attorney Kurt Opsahl. "The companies that have betrayed their customers' trust by illegally handing the NSA direct access to their networks and databases must be brought to account. AT&ampT needs to put a sign on its door that reads, 'Come Back With a Warrant.'"

In the suit filed Tuesday, EFF is representing the class of all AT&ampT customers nationwide. EFF is seeking an injunction to stop AT&ampT participation in the illegal NSA program, as well as billions of dollars in damages for violation of federal privacy laws. Working with EFF in the lawsuit are the law firms Traber &amp Voorhees, and Lerach Coughlin Stoia Geller Rudman &amp Robbins LLP.

For the full complaint:
http://www.eff.org/legal/cases/att/att-complaint.pdf

For more on EFF's suit:
http://www.eff.org/legal/cases/att/

Contact:

Rebecca Jeschke
Media Coordinator
Electronic Frontier Foundation
rebecca@eff.org

Related Issues:
January 27, 2006

EFF Asks Justices to Consider Critical Free-Speech Implications

San Francisco - The Electronic Frontier Foundation (EFF) filed a friend-of-the-court brief with the United States Supreme Court Thursday, asking justices to overturn a court ruling in a patent case with dangerous implications for free speech and consumers' rights. The Public Patent Foundation, the American Library Association, the American Association of Law Libraries, and the Special Library Association joined EFF on the brief.

At issue is a case involving online auctioneer eBay and a company called MercExchange. Last year, the Federal Circuit Court of Appeals ruled that eBay violated MercExchange's online auction patents and that eBay could be permanently enjoined, or prohibited, from using the patented technology. But as part of the ruling, the court came to a perilous conclusion, holding that patentees who prove their case have a right to permanent injunctions under all but "exceptional circumstances," like a major public health crisis. This radical rule created an "automatic injunction" standard that ignored the traditional balancing and discretion used by judges to consider how such a decision might affect other public interests--including free speech online.

"As more and more people use software and Internet technology to express themselves online, the battle over software patents has grave implications for online speech," said EFF Staff Attorney Corynne McSherry. "Courts must work harder than ever to ensure that technologies like blogs, email, online video, and instant messaging remain free and available to the public."

The lower court's ruling stems in part from a misperception that patents are just like other forms of property, with the same rights and remedies. However, Supreme Court rulings have repeatedly emphasized that patents are a unique form of property, designed to achieve a specific public purpose: the promotion of scientific and industrial progress.

"Part of the court's duty in patent cases is to make sure that the system helps the public's right to free speech instead of hurting it," said EFF Staff Attorney Jason Schultz. "If this ruling is allowed to stand, courts won't be able to do what's right."

For the full brief:
http://www.eff.org/legal/cases/ebay_v_mercexchange/eff_amicus_brief.pdf

For more on patents and how bad law can hurt the public:
http://www.eff.org/patent

Contacts:

Corynne McSherry
Staff Attorney
Electronic Frontier Foundation
corynne@eff.org

Jason Schultz
Staff Attorney
Electronic Frontier Foundation
jason@eff.org

Related Issues:
January 25, 2006

Important Milestone for Digital Copyright Law

San Francisco - A federal district court in Nevada has ruled that Google does not violate copyright law when it copies websites, stores the copies, and transmits them to Internet users as part of its Google Cache feature. The ruling clarifies the legal status of several common search engine practices and could influence future court cases, including the lawsuits brought by book publishers against the Google Library Project. The Electronic Frontier Foundation (EFF) was not involved in the case but applauds last week's ruling for clarifying that fair use covers new digital uses of copyrighted materials.

Blake Field, an author and attorney, brought the copyright infringement lawsuit against Google after the search engine automatically copied and cached a story he posted on his website. Google responded that its Google Cache feature, which allows Google users to link to an archival copy of websites indexed by Google, does not violate copyright law. The court agreed, holding that the Cache qualifies as a fair use of copyrighted material.

"This ruling makes it clear that the Google Cache is legal and clears away copyright questions that have troubled the entire search engine industry," said Fred von Lohmann, EFF senior staff attorney. "The ruling should also help Google in defending against the lawsuit brought by book publishers over its Google Library Project, as well as assisting organizations like the Internet Archive that rely on caching."

Field v. Google ruling:
http://www.eff.org/IP/blake_v_google/google_nevada_order.pdf

Contact:

Fred von Lohmann
Senior Intellectual Property Attorney
Electronic Frontier Foundation
fred@eff.org

Related Issues:
January 19, 2006

But Broader Privacy Concerns Remain

But Broader Privacy Concerns Remain

San Francisco - Yesterday, the Justice Department asked a federal court in San Jose, California to force Google to turn over search records for use as evidence in a case where the government is defending the constitutionality of the Child Online Protection Act (COPA). Google has refused to comply with a subpoena for those records, based in part on its concern for its users' privacy.

COPA is a federal law that requires those who publish non-obscene, constitutionally protected sexual material online to take difficult and expensive steps to prevent access by minors, steps that would chill publishers of sexual material as well as the adults who want to access such material anonymously. EFF is one of the plaintiffs in the First Amendment challenge to COPA.

The subpoena to Google currently asks for a random sampling of one million URLs from Google's database of web sites on the Internet. More importantly, the DOJ is also subpoenaing the text of each search string entered into Google's search engine over a one-week period, absent any information identifying the people who entered the search terms.

"The government is overreaching here, asking Google to do its dirty work and collect information about the Internet speech activities of Google users," said EFF Staff Attorney Kurt Opsahl. "Last month, the federal court rejected many of the government's over broad discovery requests to its opposing parties. Rather than learn its lesson, the DOJ continues to push for overreaching discovery, this time from a company that isn't even a party to the case."

Google has cited its concern for user privacy as a reason for not complying with the subpoena, in addition to the unreasonable burden that compliance would place on Google and the proprietary nature of its query database. In particular, Google is rightly concerned that many of the randomly selected search queries would contain personal information about Google users.

While EFF applauds Google for defending its users' privacy in this case, the current controversy only highlights the broader privacy problem: Google logs all of the searches you make, and most if not all of those queries are personally identifiable via cookies, IP addresses, and Google account information.

"The only way Google can reasonably protect the privacy of its users from such legal demands now and in the future is to stop collecting so much information about its users, delete information that it does collect as soon as possible, and take real steps to minimize how much of the information it collects is traceable back to individual Google users," said EFF Staff Attorney Kevin Bankston. "If Google continues to gather and keep so much information about its users, government and private attorneys will continue to try and get it."

Importantly, users can also take steps to protect their privacy from Google, the government, and others, by using anonymizing technologies such as Tor when surfing the web. Tor helps hide your IP address from Google so that even if the lawyers come knocking, Google cannot identify you by your searches.

More about Tor:
http://tor.eff.org/

Contacts:

Kevin Bankston
Staff Attorney
Electronic Frontier Foundation
bankston@eff.org

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

Lee Tien
Senior Staff Attorney
Electronic Frontier Foundation
tien@eff.org

Related Issues:
January 6, 2006

Customers to Get Clean CDs and Extra Downloads Because of Flawed Copy-Protection

New York - A US District Court judge in New York gave preliminary approval Friday to a settlement for music fans who purchased Sony BMG music CDs containing flawed copy protection programs.

Under the proposed settlement, Sony BMG will stop manufacturing CDs with both First4Internet XCP and SunnComm MediaMax software. People who have already purchased the flawed CDs will be offered the same music without digital rights management (DRM), and some will also receive downloads of other Sony BMG music from several different services, including iTunes. The settlement would also waive several restrictive end user license agreement (EULA) terms and commit Sony BMG to a detailed security review process prior to including any DRM on future CDs, as well as providing for adequate pre-sale notice to consumers in the future.

Consumers can exchange CDs with XCP software for clean CDs now, but the rest of the settlement benefits will not be available until an official notice to the class has been issued. The court ordered that the notice--via newspaper ads, Google ads, email and other means--must occur by February 15. Once that notice goes out, consumers can begin submitting claims for settlement benefits and should get those benefits within 6-8 weeks of submitting the proof of claim form.

To help consumers figure out what the settlement means to them, EFF has posted a list of frequently asked questions (FAQ) on its website. The FAQ tells music fans how to return their flawed CDs, how to get their clean CDs and downloads in exchange, and how to opt-out of this settlement. The deadline to opt-out of the settlement is May 1, 2006.

"The settlement helps consumers finally get music that will play on their computers without invading their privacy or eroding their security," said EFF Staff Attorney Corynne McSherry. "Now that the court has given preliminary approval, the next step is to make sure that the millions of music fans who bought these XCP and MediaMax CDs understand what is available and how to get it."

The problems with the Sony BMG CDs surfaced when security researchers discovered that XCP and MediaMax installed undisclosed--and in some cases, hidden--files on users' Windows computers, potentially exposing music fans to malicious attacks by third parties. The infected CDs also communicated back to Sony BMG about customers' computer use without proper notification.

EFF and its co-counsel--Green and Welling, Lerach, Coughlin, Stoia, Geller, Ruchman and Robbins, and the Law Offices of Lawrence E. Feldman and Associates--along with a coalition of other plaintiffs' class action counsel, reached the settlement after negotiations with Sony BMG over the last month.

You can stay updated on the progress of the settlement agreement by visiting the FAQ page.

FAQ on Sony BMG settlement proposal:
http://www.eff.org/IP/DRM/Sony-BMG/settlement_faq.php

Contacts:

Corynne McSherry
Staff Attorney
Electronic Frontier Foundation
corynne@eff.org

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

Cindy Cohn
Legal Director
Electronic Frontier Foundation
cindy@eff.org

Related Issues:
January 4, 2006

Fear of Legal Action Chills Computer Security Researchers

San Francisco - The Electronic Frontier Foundation (EFF) today sent an open letter to EMI Music -- the record label representing artists including Paul McCartney and Coldplay -- calling on it to agree not to pursue any legal action against computer security researchers who examine the copy-protection technologies used on some EMI CDs.

In late 2005, independent researchers uncovered security problems with Sony-BMG copy-protected CDs, forcing the label to issue patches and uninstallers to those customers who had played the CDs on Windows computers. Several record labels owned by EMI, including Virgin Records, Capitol Records, and Liberty Records, use similar copy-protection technologies supplied by Macrovision. On those CDs, an end user license agreement (EULA) forbids reverse engineering for any reason, including security testing. In addition, the Digital Millennium Copyright Act (DMCA) has chilled the efforts of computer security researchers interested in examining copy-protected CDs.

In the open letter published Wednesday, EFF urges EMI Music to publicly declare that it will not take legal action against computer security researchers who study copy-protected CDs released by record labels owned by EMI.

"Music fans deserve to know whether EMI's copy-protected CDs are exposing their computers to security risks," said Fred von Lohmann, senior staff attorney with EFF. "When it comes to computer security, it pays to have as many independent experts kick the tires as possible, and that can only happen if EMI assures those experts that they won't be sued for their trouble."

Full text of the open letter to EMI Music:
http://eff.org/IP/DRM/emi.pdf

Contact:

Fred von Lohmann
Senior Intellectual Property Attorney
Electronic Frontier Foundation
fred@eff.org

Related Issues:
December 29, 2005

“The proposed settlement will provide significant benefits for consumers who bought the flawed CDs,” said EFF Legal Director Cindy Cohn. "Under the terms, those consumers will get what they thought they were buying--music that will play on their computers without restriction or security risk. EFF is continuing discussions with Sony BMG, however, and believes that there is more they can do to protect music lovers in the future.”

"Sony agreed to stop production of these flawed and ineffective DRM technologies,” noted EFF Staff Attorney Kurt Opsahl. “We hope that other record labels will learn from Sony’s hard experience and focus more on the carrot of quality music and less on the stick of copy protection.”

Electronic Frontier Foundation (EFF) joined in this preliminary settlement agreement with Sony BMG this week to settle several class action lawsuits filed due to Sony's use of flawed and overreaching computer program in millions of music CDs sold to the public. The proposed terms of settlement have been presented to the court for preliminary approval and will likely be considered in a hearing set for January 6, 2005 in federal court in New York City.

Related Issues:
December 23, 2005

Raleigh, North Carolina - After a series of lawsuits led by the Electronic Frontier Foundation (EFF) to defend North Carolina's election integrity laws, controversial electronic voting machine manufacturer Diebold Election Systems finally withdrew from the state's voting machine procurement process on Thursday.

In November, Diebold filed suit against the North Carolina Board of Elections to try to avoid a state requirement that vendors place into escrow all source code "that is relevant to functionality, setup, configuration, and operation of the voting system." Under a strong new state law, this code is to be available to the Board of Elections and the chairs of the state political parties for review so that they could look for security vulnerabilities. EFF intervened in the case on behalf of local voter integrity advocate Joyce McCloy and succeeded in convincing the judge to dismiss the case and require Diebold to comply.

Despite Diebold's open admission that it could not meet the state requirements for voting machine integrity, the Board of Elections later agreed to certify Diebold. EFF filed suit against the Board of Elections last week, arguing that the Board had violated its own obligations to perform extensive security-related tests of all of the code on all certified systems prior to certification. The court denied EFF's motion, but Diebold was nonetheless forced to withdraw from the North Carolina procurement process because it did not escrow its code.

In a letter to the Board of Elections on Thursday, Diebold indicated that it is still unwilling to comply with the law. Instead, it offered to help the state "revise" the law so that "all vendors will be able to comply with the state election law."

"The purpose of election integrity law is to ensure that votes are accurately counted, not to ensure that all equipment vendors can comply," said Matt Zimmerman, EFF's Staff Attorney specializing in electronic voting issues. "The law requires voting machine transparency for good reason. All vendors must realize that the public will not and should not accept a process that forces them to simply trust, but not verify, their votes are accurately counted."

By withdrawing from North Carolina's electronic voting contract, Diebold cedes the market to competitor ES&ampS. The rival company has stated that it will comply with all state escrow requirements.

Contacts:

Cindy Cohn
Legal Director
Electronic Frontier Foundation
cindy@eff.org

Matt Zimmerman
Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

Related Issues:
December 16, 2005

Opposes Prison Mail Ban on Materials Printed from Internet

The Electronic Frontier Foundation (EFF) on behalf of Prison Legal News told a federal court Wednesday that Georgia state prisoners should be allowed to receive material printed from the Internet through the mail.

Although Georgia state prisons allow prisoners to receive handwritten letters in the mail, Georgia prison policy also includes a blanket ban on any incoming mail containing printouts from the Internet. Since prisoners cannot themselves access the Internet, Internet materials printed and mailed by family and friends are often the only way for them to receive valuable legal information, health advice, and religious materials. In a friend-of-the-court brief for a case filed by Georgia prisoner Danny Williams, EFF argues that this indiscriminate and arbitrary ban on Internet-generated materials violates prisoners' First Amendment rights. Several courts in other states have already ruled that mail policies like the one at issue here are unconstitutional.

"Georgia prisons are violating the rights of prisoners and those who correspond with them by senselessly allowing prisoners to receive handwritten mail but prohibiting printouts of material from the Internet," said EFF Staff Attorney Kevin Bankston. "It makes no sense and serves no legitimate interest for a prison to prohibit a prisoner from receiving, for example, a printout of the latest issue of Prison Legal News, or information from the Internet about health issues like AIDS that can be life-or-death issues for prisoners."

Prison Legal News is a non-profit legal magazine, publishing monthly review and analyses of prisoner rights, prisoner-relevant legislation and court rulings, and news about general prison issues. The majority of Prison Legal News subscribers, as well as most of its writers, are currently incarcerated.

EFF was assisted in this case by attorney Sarah M. Shalf of Bondurant, Mixson & Elmore, LLP in Atlanta, Georgia.

For the brief filed in this case:
http://eff.org/legal/cases/williams_v_donald/EFF_PLN_amicus.pdf

Contact:

Kevin Bankston
Staff Attorney
Electronic Frontier Foundation
bankston@eff.org

Related Issues:
December 9, 2005

Online Rights Canada Launches with EFF, CIPPIC Support

Toronto - Online Rights Canada (ORC) launched in Canada Friday, giving Canadians a new voice in critical technology and information policy issues. The grassroots organization is jointly supported by the Canadian Internet Policy &amp Public Interest Clinic (CIPPIC) and the Electronic Frontier Foundation (EFF).

"Canadians are realizing in ever-greater numbers that the online world offers tremendous opportunities for learning, communicating, and innovating, but that those opportunities are at risk as a result of corporate practices, government policies and legal regimes that hinder online privacy and free speech," said Philippa Lawson, Executive Director and General Counsel of CIPPIC. "Online Rights Canada provides a home on the Internet for grassroots activism on digital issues that are important to ordinary Canadians."

"With the Canadian government preparing for a January election, all of last year's legislation is back on the drawing board. Canadians now have another chance to present a public interest perspective on issues like copyright reform and increased government surveillance," said Ren Bucholz, EFF's Policy Coordinator, Americas. "We are happy to be launching ORC at such a critical time."

One of ORC's first actions is a petition drive against unwarranted surveillance law. A bill proposed in Parliament last month would have allowed law enforcement agencies to obtain personal information without a warrant and forced communications providers to build surveillance backdoors into the hardware that routes phone calls and Internet traffic. The petition asks Canadian lawmakers to protect citizens' privacy rights when the new government convenes in 2006. Other important issues for ORC will include copyright law, access to information, and freedom from censorship.

"Today, ORC focuses on digital copyright and lawful access. But there is no reason to restrict the site to those two issues," said CIPPIC Staff Counsel David Fewer. "Our hope is that ORC will evolve into the first place to go for Canadians looking for opportunities to protect their online rights. Anyone can be an activist - Online Rights Canada will give you the tools you need."

Online Rights Canada is the latest group to join the global fight for digital rights. Digital Rights Ireland launched earlier this week, and the Open Rights Group launched in the United Kingdom last month.

For Online Rights Canada:
http://www.onlinerights.ca

Contacts:

Ren Bucholz
Policy Coordinator, Americas
Electronic Frontier Foundation
ren@eff.org

Philippa Lawson
Executive Director
Canadian Internet Policy and Public Interest Clinic
plawson@uottawa.ca

Related Issues:
December 8, 2005

EFF Asks Court to Void Approval of Diebold and Others Without Source Code Review

Raleigh, North Carolina - The Electronic Frontier Foundation (EFF) on Thursday filed a complaint against the North Carolina Board of Elections and the North Carolina Office of Information Technology Services on behalf of voting integrity advocate Joyce McCloy, asking that the Superior Court void the recent illegal certification of three electronic voting systems.

North Carolina law requires the Board of Elections to rigorously review all voting system code "prior to certification." Ignoring this requirement, the Board of Elections on December 1st certified voting systems offered by Diebold Election Systems, Sequoia Voting Systems, and Election Systems and Software without having first obtained – let alone reviewed – the system code.

"This is about the rule of law," said EFF Staff Attorney Matt Zimmerman. "The Board of Elections has simply ignored its mandatory obligations under North Carolina election law. This statute was enacted to require election officials to investigate the quality and security of voting systems before approval, and only approve those that are safe and secure. By certifying without a full review of all relevant code, the Board of Elections has now opened the door for North Carolina counties to purchase untested and potentially insecure voting equipment."

North Carolina experienced one of the most serious malfunctions of e-voting systems in the 2004 presidential election when over 4,500 ballots were lost in a voting system provided by e-voting vendor UniLect Corp. Electronic voting systems across the country have come under fire during the past several years as unexplained malfunctions combined with efforts by vendors to protect their proprietary systems from meaningful review have left voters with serious questions about the integrity of the voting process.

"North Carolina voters deserve to have their election laws enforced," said co-counsel Don Beskind of the Raleigh law firm of Twiggs, Beskind, Strickland &amp Rabenau, P.A. "Election transparency is a requirement, not an option. The General Assembly passed this law unanimously, and it is now time for the Board of Elections to meet their obligations."

On behalf of McCloy, EFF and Beskind intervened in – and convinced a judge to dismiss – a separate lawsuit filed last month by Diebold, which sought to be exempted from the state's transparency laws. Diebold represented to the court that it would be "unable" to comply with the code escrow requirement of the statute. Inexplicably, the Board of Elections certified Diebold despite its admitted inability to comply with the law.

A hearing in McCloy's case against the Board of Elections is set for Wednesday, December 14. EFF and Beskind have asked the Court for a temporary restraining order preventing North Carolina's 100 counties from purchasing any of the recently certified systems unless and until the Board of Elections complies with its statutory obligations.

For the full complaint:
http://www.eff.org/Activism/E-voting/EFF_Mandamus_Complaint_TRO_20051208140945.pdf

Contact:

Matt Zimmerman
Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

Related Issues:
December 7, 2005

EFF Urges New York Judge to Reject Latest Surveillance Request

New York - The Electronic Frontier Foundation (EFF) has asked a federal magistrate judge in New York City to reject a Department of Justice (DOJ) request to track a cell phone user without first showing probable cause of a crime. In a brief filed in New York on Tuesday, EFF and the Federal Defenders of New York argue that no law authorizes the government's request, and that granting the order would threaten Americans' Fourth Amendment right against unreasonable searches.

This latest briefing comes after a decision last week in Maryland denying a similar order, which combined with two recent denials published by federal courts in New York and Texas, represents an unprecedented judicial rebuke to the DOJ's surveillance practices. The DOJ's apparently routine practice of asking for and receiving cell-tracking orders without probable cause only recently came to light as a result of these newly published decisions typically, such requests are made and granted in secret, without any public accounting.

"Even though three federal courts have now completely rejected the Justice Department's arguments for tracking a cell phone without probable cause, it is still asking other judges for these plainly illegal surveillance orders," said Kevin Bankston, EFF Staff Attorney. "How many public denials is it going to take before the Justice Department either stops seeking such orders altogether, or is willing to appeal one of these decisions and subject its baseless arguments to scrutiny by higher courts?"

The DOJ, despite claims that its cell phone tracking requests are routine, necessary, and perfectly legal, has so far chosen not to appeal any of the recent decisions.

For this brief:
http://eff.org/legal/cases/USA_v_PenRegister/EFF_FDNY_reply_brief.pdf

For more on cell phone tracking:
http://www.eff.org/legal/cases/USA_v_PenRegister/

Contact:

Kevin Bankston
Staff Attorney
Electronic Frontier Foundation
bankston@eff.org

December 6, 2005

Click here for more on the issues with the software patch.

SunnComm Makes Security Update Available To Address Recently Discovered Vulnerability On Its MediaMax Version 5 Content Protection Software, Which Is Included On Certain SONY BMG CDs

San Francisco, CA and New York, NY - The Electronic Frontier Foundation (EFF) and SONY BMG Music Entertainment (SONY BMG) said today that SunnComm is making available a software update to address a security vulnerability with its MediaMax Version 5 content protection software on certain SONY BMG compact discs (CDs). The vulnerability was discovered by the security firm iSEC Partners after EFF requested an examination of the SunnComm software.

"We're pleased that SONY BMG responded quickly and responsibly when we drew their attention to this security problem," said EFF staff attorney Kurt Opsahl. "Consumers should take immediate steps to protect their computers."

"We're grateful to EFF and iSEC for bringing this to our attention," said Thomas Hesse, president, Global Digital Business, SONY BMG. "We believe that the availability of the update coupled with our campaign to notify customers will appropriately address the CDs with MediaMax Version 5 in the market."

SunnComm as well as independent software security firm NGS Software have determined that the security vulnerability is fully addressed by the update. NGS Director Robert Horton said, "After carefully researching the security vulnerability presented to us by SONY BMG, we have determined that it is not uncommon and, importantly, it is easily fixed by applying a software update."

The security vulnerability on SunnComm MediaMax Version 5 software differs from that reported in early November on First4Internet XCP software contained on certain SONY BMG CDs. A full list of the 27 U.S. SunnComm MediaMax Version 5 titles is included in the link below. Consumers can download the software update that is designed to address this security vulnerability from SunnComm's and Sony BMG's websites at http://www.sunncomm.com/support/updates/update.asp and http://www.sonybmg.com/mediamax.

The security issue involves a file folder installed on users' computers by the MediaMax software that could allow malicious third parties who have localized, lower-privilege access to gain control over a consumer's computer running the Windows operating system.

SONY BMG will notify consumers about this vulnerability and the update through the banner functionality included on the player, as well as through an Internet-based advertising campaign. The update is also being provided to major software and Internet security companies. EFF and SONY BMG urge all consumers who receive notice to download and install the patch immediately. In accordance with standard information security practices, EFF and iSEC delayed public disclosure of the details of the exploit to provide SunnComm the opportunity to develop an update.

Full list of titles affected:
http://www.sonybmg.com/mediamax/titles.html

Links to patch:
http://www.sunncomm.com/support/updates/update.asp
http://www.sonybmg.com/mediamax

iSEC Partners Report on the Vulnerability:
http://www.eff.org/IP/DRM/Sony-BMG/MediaMaxVulnerabilityReport.pdf

iSEC Partners:
http://www.isecpartners.com

NGS:
http://www.ngssoftware.com

Contacts:

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

Cory Shields
Sony BMG
212-833-4647

John McKay
Sony BMG
212-833-5520

Related Issues:
December 2, 2005

Board of Elections Ignores Rules to Escrow Code, Identify Programmers

Raleigh, North Carolina - The North Carolina Board of Elections certified Diebold Election Systems to sell electronic voting equipment in the state yesterday, despite Diebold's repeated admission that it could not comply with North Carolina's tough election law. The Electronic Frontier Foundation (EFF) believes that this raises important questions about the Board of Elections' procedures as well as the integrity of Diebold's bid for certification.

In all, three companies were certified for e-voting in North Carolina: Diebold, Sequoia Voting Systems, and Election Systems &amp Software. However, Keith Long, an advisor to the Board of Elections who was formerly employed by both Diebold and Sequoia, has said that "none of them" could meet the statutory requirement to place their system code in escrow. Instead of rejecting all applications and issuing a new call for bids as required by law, the Board chose to approve all of the applicants.

"The Board of Elections has simply flouted the law," said EFF Staff Attorney Matt Zimmerman. "In August, the state passed tough new rules designed to ensure transparency in the election process, and the Board simply decided to take it upon itself to overrule the legislature. The Board's job is to protect voters, not corporations who want to obtain multi-million dollar contracts with the state."

Last month, Diebold obtained a broad temporary restraining order that allowed it to evade key transparency requirements without criminal or civil liability. The law requires escrow of the source code for all voting systems to be certified in the state and identification of programmers. Diebold claimed that it could not comply because of its reliance on third-party software.

Monday, responding to EFF's arguments, a judge dismissed Diebold's request for broad exemptions to the law and told Diebold that if it wanted to continue in its certification bid, it must follow the law or face liability. Diebold had told the court that it would likely withdraw from the bidding process if it was not granted liability protection. But instead, Diebold went forward with the certification bid.

Diebold's certification now means it is permitted to sell e-voting equipment in North Carolina. But Zimmerman says that any county that buys from Diebold is taking a risk.

"If Diebold's certification is revoked, counties using their equipment could be left holding a very expensive bag," Zimmerman said.

Despite Long's assertion, at least one Diebold competitor -- Nebraska-based Election Systems &amp Software -- has publicly stated that it is capable of meeting the escrow requirement for the code used it its system.

For more on the judge's decision Monday:
http://www.eff.org/news/archives/2005_11.php#004203

Contact:

Matt Zimmerman
Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

Related Issues:
December 1, 2005

EFF Bows Out of Broken Process

EFF Bows Out of Broken Process

San Francisco - The Electronic Frontier Foundation (EFF) today released a report entitled "DMCA Triennial Rulemaking: Failing the Digital Consumer," describing why the third triennial DMCA rulemaking, currently underway before the U.S. Copyright Office, does not effectively address the concerns of American digital media consumers. In light of the shortcomings of the DMCA rulemaking procedure, EFF will not propose any DMCA exemptions for the 2006-2009 triennial rulemaking period.

Digital media consumers are finding themselves increasingly hemmed in by "digital rights management" (DRM) restrictions on digital music, movies, video games, and software. The Digital Millennium Copyright Act of 1998 (DMCA) generally prohibits consumers from circumventing DRM mechanisms that control access to DVDs, CDs, and other digital media products. In an effort to ensure that these DRM mechanisms would not impede lawful uses of copyrighted works, however, Congress included what it described as a "fail-safe" mechanism in the DMCA rulemaking proceeding to be held every three years by the Copyright Office. The law delegates to the Copyright Office and Librarian of Congress the power to grant three-year exemptions to the DMCA's prohibition on circumventing DRM restrictions where the restrictions would otherwise encroach on lawful uses of copyrighted works.

Today is the last day to submit proposals for DMCA exemptions to the Copyright Office as part of the latest triennial rulemaking. EFF has participated in each of the two prior rulemakings in 2000 and 2003, each time asking the Copyright Office to create exemptions for perfectly lawful consumer uses for digital media that are encumbered by DRM. The Copyright Office has rejected all of EFF's previous proposals.

Based on its prior experience with the rulemaking procedure, as well as the increasing pervasiveness of DRM restrictions on digital media products, EFF has concluded that the triennial rulemaking does not effectively address the concerns of digital media consumers. Instead, EFF's report calls on Congress to take legislative action to reform and repair the DMCA rulemaking process.

"When the Copyright Office is unwilling to grant a DMCA exemption that would allow consumers to play copy-protected CDs on their computers, you know the rulemaking process is failing digital media consumers," said Fred von Lohmann, Senior Staff Attorney with EFF. "In the wake of the Sony BMG DRM debacle, it's time for Congress get involved on behalf of American consumers."

"DMCA Triennial Rulemaking: Failing Consumers Completely":
http://www.eff.org/IP/DMCA/copyrightoffice/DMCA_rulemaking_broken.pdf

For more on why EFF won't participate:
http://www.eff.org/deeplinks/archives/004212.php

For more on DMCA rulemaking:
http://www.eff.org/IP/DMCA/copyrightoffice/

Contact:

Fred von Lohmann
Senior Intellectual Property Attorney
Electronic Frontier Foundation
fred@eff.org

Related Issues:
November 30, 2005

EFF Fights Heavy-Handed Tactics From Satellite TV Giant

San Francisco - The Electronic Frontier Foundation (EFF) and the Center for Internet and Society Cyberlaw Clinic at Stanford University Law School filed an amicus brief in the Ninth Circuit Court of Appeals Wednesday, asking judges to protect legitimate researchers from the heavy-handed tactics of the DirecTV Group, Inc., a worldwide provider of digital television entertainment, broadband satellite networks and services, and global video and data broadcasting.

Federal law makes it illegal to intercept satellite TV signals without authorization and also bans modifying or assembling interception tools for sale or distribution. In the case before the Ninth Circuit, DirecTV claims that it can sue individuals for both interception of its signal as well as modification of receiving equipment in cases where altered smart cards are simply inserted into standard television equipment. DirecTV claims that inserting a smart card into preexisting television equipment constitutes "assembling" a pirate device. The amicus brief claims that DirecTV is overreaching and also points out that legitimate security researchers would be threatened under the proposed misreading of the law. A lower court has already ruled that DirecTV cannot sue on this theory and dismissed DirecTV's attempt to "double-dip" by punishing individuals twice for a single offense.

"Researchers are constantly assembling, modifying, and building smart card components in furtherance of scientific knowledge and innovation," said EFF Staff Attorney Jason Schultz. "Congress clearly meant to exclude these beneficial activities from any legal liability. The court below understood this, and we hope the Appeals Court agrees."

Over the past few years, DirecTV has orchestrated a nationwide legal campaign against hundreds of thousands of individuals, claiming that they were illegally intercepting its satellite TV signal. The company began its crusade by raiding smart card device distributors to obtain their customer lists, then sent over 170,000 demand letters to customers and eventually filed more than 24,000 federal lawsuits against them. Because DirecTV made little effort to distinguish legal uses of smart card technology from illegal ones, EFF and the Cyberlaw Clinic received hundreds of calls and emails from panicked device purchasers. We worked with DirecTV to get them to limit their lawsuits to only those people they could prove were illegally receiving their signal. The two groups co-sponsor a website at http://www.directvdefense.org to help people defend themselves.

For the full brief filed in the case:
http://directvdefense.org/files/hunyh_amicus_brief_final.pdf

Contacts:

Jason Schultz
Staff Attorney
Electronic Frontier Foundation
jason@eff.org

Jennifer Granick
Executive Director
Stanford Law School Center for Internet and Society Cyber Law Clinic
jennifer@law.stanford.edu

Related Issues:
November 28, 2005

E-Voting Company Forced to Comply with Election Transparency Laws

Raleigh, North Carolina - Responding to arguments made by the Electronic Frontier Foundation (EFF), a North Carolina judge today told Diebold Election Systems that the e-voting company must comply with tough North Carolina election law and dismissed the company's case seeking broad exemptions from the law.

EFF intervened in the case earlier this month, after Diebold obtained a broad temporary restraining order that allowed it to evade key transparency requirements without criminal or civil liability. The law requires escrow of the source code for all voting systems to be certified in the state and identification of programmers. In today's hearing, the judge told Diebold if it wanted to continue in the bidding process for certified election systems in the state, it must follow the law and if it failed to do so, it would face liability.

"The North Carolina legislature showed great leadership and courage in passing one of the most robust voting machine transparency laws in the country," said EFF Staff Attorney Matt Zimmerman. "The court decision reiterates what EFF had been arguing on behalf of our client all along: Diebold is not entitled to special rules."

EFF intervened in the case on behalf of North Carolina voter and election integrity advocate Joyce McCloy, with assistance from Don Beskind and the North Carolina law firm of Twiggs, Beskind, Strickland &amp Rabenau, P.A. EFF argued that Diebold had failed to show why it was unable to meet election law provisions requiring source code escrow and identification of programmers, and asked the court to force Diebold and every other North Carolina equipment vendor to comply.

Diebold could appeal the ruling, go forward with its bid, or withdraw from the process. However, Diebold told the court that it would likely withdraw the bid if the company did not have liability protection.

North Carolina experienced one of the most serious malfunctions of e-voting systems in the 2004 presidential election when over 4,500 ballots were lost in a voting system provided by Diebold competitor UniLect Corp. The new transparency and integrity provisions of the North Carolina election law were passed in response to this and other documented malfunctions that have occurred across the country.

The North Carolina Board of Elections is scheduled to announce winning voting equipment vendors on December 1, 2005.

For the brief filed in the case:
http://www.eff.org/Activism/E-voting/20051117_Diebold_v_NC_Motion.pdf

Contacts:

Matt Zimmerman
Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

Cindy Cohn
Legal Director
Electronic Frontier Foundation
cindy@eff.org

Related Issues:
November 23, 2005

EFF and Others Petition to Stop 18 Month Countdown to Internet Backdoors

The Electronic Frontier Foundation (EFF), the Center for Democracy and Technology, and representatives of industry, academia, librarians and others today filed a joint request for a stay with the Federal Communications Commission (FCC), arguing that the Commission has been "unreasonable, arbitrary and capricious" in demanding that broadband Internet access providers and interconnected Voice over Internet Protocol (VoIP) providers include backdoors for wiretaps in their services. The stay requested that the Commission should either postpone its Spring 2007 "full compliance" deadline for implementing these taps, or halt the requirement entirely.

EFF, CDT, and other groups have already petitioned the D.C. Circuit Court of Appeals to overrule the FCC's September 23rd ruling extending the 1994 Communications Assistance for Law Enforcement Act (CALEA) to cover broadband Internet access and Voice-over-IP (VoIP) service providers. Under the ruling, companies like Vonage and private institutions that provide Net access, such as universities, have 18 months to redesign their networks to be wiretap-friendly, but neither the ruling nor the FCC have been willing to specify what is required.

"The FCC has distorted an already dubious law designed for telephone services in order to reach Internet providers and private networks," said EFF Senior Staff Attorney Lee Tien. "They have plainly overreached their authority in requiring internet providers to design systems that make surveillance of the public easier and we are confident that the courts will agree. But in the meantime the FCC deadline has not been moved and no one knows what CALEA compliance means on the Internet. The Commission refused to say, the FBI has been playing coy, and the rest of us just don't know. The result is a nonsensical deadline that forces companies to begin compliance without knowing what is required of them, or whether CALEA even applies to them, all happening in the shadow of a strong claim that the FCC does not even have authority to do this at all. The FCC needs to call a timeout until it knows what it wants, and seriously reconsider whether it has the authority to demand it."

CALEA, the controversial law passed in the early 1990s that provides the FCC with powers to mandate backdoors into traditional, centralized telephony systems, expressly exempted information services such as the Internet. At the time of its drafting, Congress was convinced by EFF and other privacy groups that such backdoors would endanger privacy and security, strangle innovation, and be technologically burdensome to implement within the Internet's decentralized architecture. The September FCC ruling claims, contrary to this plain intent, that CALEA now applies to broadband ISPs and Internet telephony.

Parties supporting the petition include the American Library Association, Association for Community Networking, the Association of College and Research Libraries, Champaign Urbana Community Wireless Network, Electronic Privacy Information Center, Pulver.com, Sun Microsystems and the Texas ISP Association.

Copy of the Stay Request:
http://www.eff.org/Privacy/Surveillance/CALEA/calea_order_stay_request.pdf

November 21, 2005

Company Should Repair Damage to Customers Caused by CD Software

The Electronic Frontier Foundation (EFF), along with two leading national class action law firms, today filed a lawsuit against Sony BMG, demanding that the company repair the damage done by the First4Internet XCP and SunnComm MediaMax software it included on over 24 million music CDs.

EFF is pleased that Sony BMG has taken steps in acknowledging the security risks caused by the XCP CDs, including a recall of the infected discs. However, these measures still fall short of what the company needs to do to fix the problems caused to customers by XCP, and Sony BMG has failed entirely to respond to concerns about MediaMax, which affects over 20 million CDs -- ten times the number of CDs as the XCP software.

"Sony BMG is to be commended for its acknowledgment of the serious security problems caused by its XCP software, but it needs to go further to regain the public's trust," said Corynne McSherry, EFF Staff Attorney. "It is unconscionable for Sony BMG to refuse to respond to the privacy and other problems created by the over 20 million CDs containing the SunnComm software."

The suit, to be filed in Los Angeles County Superior court, alleges that the XCP and SunnComm technologies have been installed on the computers of millions of unsuspecting music customers when they used their CDs on machines running the Windows operating system. Researchers have shown that the XCP technology was designed to have many of the qualities of a "rootkit." It was written with the intent of concealing its presence and operation from the owner of the computer, and once installed, it degrades the performance of the machine, opens new security vulnerabilities, and installs updates through an Internet connection to Sony BMG's servers. The nature of a rootkit makes it extremely difficult to remove, often leaving reformatting the computer's hard drive as the only solution. When Sony BMG offered a program to uninstall the dangerous XCP software, researchers found that the installer itself opened even more security vulnerabilities in users' machines. Sony BMG has still refused to use its marketing prowess to widely publicize its recall program to reach the over 2 million XCP-infected customers, has failed to compensate users whose computers were affected and has not eliminated the outrageous terms found in its End User Licensing Agreement (EULA).

The MediaMax software installed on over 20 million CDs has different, but similarly troubling problems. It installs files on the users' computers even if they click "no" on the EULA, and it does not include a way to fully uninstall the program. The software transmits data about users to SunnComm through an Internet connection whenever purchasers listen to CDs, allowing the company to track listening habits -- even though the EULA states that the software will not be used to collect personal information and SunnComm's website says "no information is ever collected about you or your computer." If users repeatedly requested an uninstaller for the MediaMax software, they were eventually provided one, but they first had to provide more personally identifying information. Worse, security researchers recently determined that SunnComm's uninstaller creates significant security risks for users, as the XCP uninstaller did.

"Music fans shouldn't have to install potentially dangerous, privacy intrusive software on their computers just to listen to the music they've legitimately purchased," said EFF Legal Director Cindy Cohn. "Regular CDs have a proven track record -- no one has been exposed to viruses or spyware by playing a regular audio CD on a computer. Why should legitimate customers be guinea pigs for Sony BMG's experiments?"

"Consumers have a right to listen to the music they have purchased in private, without record companies spying on their listening habits with surreptitiously-installed programs," added EFF Staff Attorney Kurt Opsahl, "Between the privacy invasions and computer security issues inherent in these technologies, companies should consider whether the damage done to consumer trust and their own public image is worth its scant protection."

Both the XCP and MediaMax CDs include outrageous, anti-consumer terms in their "clickwrap" EULAs. For example, if purchasers declare personal bankruptcy, the EULA requires them to delete any digital copies on their computers or portable music players. The same is true if a customer's house gets burglarized and his CDs stolen, since the EULA allows purchasers to keep copies only so long as they retain physical possession of the original CD. EFF is demanding that Sony BMG remove these unconscionable terms from its EULAs.

The law firms of Green Welling, LLP, and Lerach, Coughlin, Stoia, Geller, Rudman and Robbins, LLP, joined EFF in the case. Sony BMG is also facing at least six other class action lawsuits nationwide and an action by the Texas Attorney General. EFF looks forward to representing the voice of digital music fans in the resolution of these disputes between Sony BMG and consumers.

For more on the Sony BMG litigation, see:
http://www.eff.org/IP/DRM/Sony-BMG/

EFF's open letter to Sony:
http://www.eff.org/IP/DRM/Sony-BMG/?f=open-letter-2005-11-14.html

November 18, 2005

EFF Goes to Court to Force E-voting Company to Comply With Strict New North Carolina Law

Raleigh, North Carolina - The Electronic Frontier Foundation (EFF) is going to court in North Carolina to prevent Diebold Election Systems, Inc. from evading North Carolina law.

In a last-minute filing, e-voting equipment maker Diebold asked a North Carolina court to exempt it from tough new election requirements designed to ensure transparency in the state's elections. Diebold obtained an extraordinarily broad order, allowing it to avoid placing its source code in escrow with the state and identifying programmers who contributed to the code.

On behalf of North Carolina voter and election integrity advocate Joyce McCloy, EFF asked the court to force Diebold and every other North Carolina equipment vendor to comply with the law's requirements. A hearing on EFF's motion is set for Monday, November 28.

"The new law was passed for a reason: to ensure that the voters of North Carolina have confidence in the integrity and accuracy of their elections," said EFF Staff Attorney Matt Zimmerman. "In stark contrast to every other equipment vendor that placed a bid with the state, Diebold went to court complaining that it simply couldn't comply with the law. Diebold should spend its efforts developing a system that voters can trust, not asking a court to let it bypass legal requirements aimed at ensuring voting integrity."

On November 4, the day that voting equipment bids to the state were due, Diebold obtained a temporary restraining order from a North Carolina superior court, exempting it from criminal and civil liability that could have resulted from its bid. EFF, with the assistance from the North Carolina law firm of Twiggs, Beskind, Strickland &amp Rabenau, P.A., intervened in the case on behalf of McCloy, the founder of the North Carolina Coalition for Verified Voting. In a brief filed Wednesday, EFF argued that Diebold had failed to show why it was unable to meet various new election law provisions requiring source code escrow and identification of programmers. North Carolina experienced one of the most serious malfunctions of e-voting systems in the 2004 presidential election when over 4,500 ballots were lost in a voting system provided by Diebold competitor UniLect Corp. The new transparency and integrity provisions of the North Carolina election code were passed in response to this and other documented malfunctions that have occurred across the country.

The North Carolina Board of Elections is scheduled to announce winning voting equipment vendors on December 1, 2005.

For the brief filed in the case:
http://www.eff.org/Activism/E-voting/20051117_Diebold_v_NC_Motion.pdf

Contact:

Matt Zimmerman
Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

Related Issues:
November 18, 2005

San Francisco - The Electronic Frontier Foundation (EFF) will have an announcement on Monday about EFF's plans regarding the First4Internet XCP software and the SunnComm MediaMax software that Sony BMG included in 24 million copies of their music CDs. The software has affected the computers of unsuspecting customers when they used their CDs on computers running the Windows operating system.

For more on EFF's concerns see:
http://www.eff.org/IP/DRM/Sony-BMG/?f=open-letter-2005-11-14.html

Contacts:

Cindy Cohn
Legal Director
Electronic Frontier Foundation
cindy@eff.org

Corynne McSherry
Staff Attorney
Electronic Frontier Foundation
corynne@eff.org

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

Fred von Lohmann
Senior Intellectual Property Attorney
Electronic Frontier Foundation
fred@eff.org

Related Issues:
November 18, 2005

Legal Blogging Tips from EFF

San Francisco - Millions of students across the country are speaking their minds in Internet blogs, and some kids are getting punished for it despite their right to free expression. School administrators in one New Jersey district disciplined a student for his website that was critical of the school. The student eventually received a settlement of $117,500 for the violation of his First Amendment rights, but not before he was suspended for a week and barred from going on his class trip.

Just what are students allowed to publish about their school, their teachers, and their classmates? The Electronic Frontier Foundation (EFF) released a guide to student blogging Friday to help kids learn about their rights and how to defend them. These are important issues for millions of students: a study this month by the Pew Internet &amp American Life Project says approximately 4 million teens keep a blog.

"Teens are blogging everyday, reaching an audience of millions," said EFF Staff Attorney Kurt Opsahl. "With this legal guide, students will have the tools they need to blog legally, and understand how to defend their rights."

The guide to student blogging addresses the different rules for personal blogs and school blogs, for both public and private school students. It also gives advice on how to speak freely about school and discuss controversial issues.

"Students can and should talk about what's important to them in their blogs," said EFF Staff Attorney Kevin Bankston. "That is naturally going to include their school life, and perhaps even topics that make some adults uncomfortable. Students should know their First Amendment rights, so that they can continue to have honest discussions about their lives."

For the guide to student blogging:
http://www.eff.org/bloggers/lg/faq-students.php

Contacts:

Kevin Bankston
Staff Attorney
Electronic Frontier Foundation
bankston@eff.org

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

Related Issues:
November 14, 2005

EFF Issues Open Letter on Rootkit Controversy

San Francisco - Sony-BMG's damaging secret rootkit technology has potentially infected millions of computers around the world. Now, the Electronic Frontier Foundation (EFF) is asking Sony-BMG to publicly commit to fixing the problems it has caused for its music fans and take steps to reassure the public that its future CDs will respect its customers' ownership of their computer.

While Sony-BMG belatedly announced a decision to halt manufacturing of CDs with the rootkit software, this is only a small step in the right direction, since reports indicate that over 2.1 million infected disks have been sold already and 2.6 million remain unsold in the stream of commerce. In an open letter to Sony published Monday, EFF spells out the steps that should be taken by Sony to prevent future harm and repair the damage done to computer equipment and consumers' privacy. The letter includes discussions concerning Sony's XCP software as well as its use of SunComm MediaMax software, which has similar problems.

"Sony-BMG should treat its customers with respect and fairness instead it acted little better than the thugs who unleash stealth computer viruses on the public," said EFF Staff Attorney Corynne McSherry. "Halting production is not enough. Sony needs to take steps to fix that damage it has already caused and ensure that nothing like this happens again in the future."

Among the make-good measures recommended by EFF: a recall of all XCP and SunnComm MediaMax-infected CDs, from both consumers and store shelves a guarantee to repair, replace, or refund the purchase price of the CDs to anyone who bought the merchandise and a major publicity campaign warning about the security risks of XCP and SunnComm MediaMax.

"Sony-BMG must have spent a great deal of money advertising these infected CDs to an unsuspecting public," said EFF Staff Attorney Jason Schultz. "We think that it's only fair that an equal amount of money is spent educating the public on the damage that the product could cause to consumers around the world."

EFF believes that Sony-BMG should pay all consumer costs associated with the damage caused by the XCP or SunnComm MediaMax technology. Additionally, Sony should also compensate people for the time, effort, and expense required to verify that their computer was or was not infected with the rootkit.

"Sony-BMG needs to be strongly reminded that it doesn't own your computer, you do," said EFF Senior Staff Attorney Fred von Lohmann.

For the full text of the open letter to Sony:
http://www.eff.org/IP/DRM/Sony-BMG/?f=open-letter-2005-11-14.html

Contacts:

Corynne McSherry
Staff Attorney
Electronic Frontier Foundation
corynne@eff.org

Jason Schultz
Staff Attorney
Electronic Frontier Foundation
jason@eff.org

Fred von Lohmann
Senior Intellectual Property Attorney
Electronic Frontier Foundation
fred@eff.org

November 9, 2005

EFF Confirms Secret Software on 19 CDs

San Francisco - News that some Sony-BMG music CDs install secret rootkit software on their owners' computers has shocked and angered thousands of music fans in recent days. Among the cause for concern is Sony's refusal to publicly list which CDs contain the infectious software and to provide a way for music fans to remove it. Now, the Electronic Frontier Foundation (EFF) has confirmed that the stealth program is deployed on at least 19 CDs in a variety of genres.

The software, created by First 4 Internet and known as XCP2, ostensibly "protects" the music from illegal copying. But in fact, it blocks a number of legal uses--like listening to songs on your iPod. The software also reportedly slows down your computer and makes it more susceptible to crashes and third-party attacks. And since the program is designed to hide itself, users may have trouble diagnosing the problem.

"Entertainment companies often complain that fans refuse to respect their intellectual property rights. Yet tools like this refuse to respect our own personal property rights," said EFF staff attorney Jason Schultz. "Sony's tactics here are hypocritical, in addition to being a security threat."

If you have listened to a CD with the XCP software on your Windows PC, your computer is likely already infected. An EFF investigation confirmed XCP software on the following titles:

Trey Anastasio, Shine (Columbia)

Celine Dion, On ne Change Pas (Epic)

Neil Diamond, 12 Songs (Columbia)

Our Lady Peace, Healthy in Paranoid Times (Columbia)

Chris Botti, To Love Again (Columbia)

Van Zant, Get Right with the Man (Columbia)

Switchfoot, Nothing is Sound (Columbia)

The Coral, The Invisible Invasion (Columbia)

Acceptance, Phantoms (Columbia)

Susie Suh, Susie Suh (Epic)

Amerie, Touch (Columbia)

Life of Agony, Broken Valley (Epic)

Horace Silver Quintet, Silver's Blue (Epic Legacy)

Gerry Mulligan, Jeru (Columbia Legacy)

Dexter Gordon, Manhattan Symphonie (Columbia Legacy)

The Bad Plus, Suspicious Activity (Columbia)

The Dead 60s, The Dead 60s (Epic)

Dion, The Essential Dion (Columbia Legacy)

Natasha Bedingfield, Unwritten (Epic)

This is not a complete list and Sony-BMG continues to refuse to make such a list available to consumers. Consumers can spot CDs with XCP by inspecting a CD closely, checking the left transparent spine on the front of the case for a label that says "CONTENT PROTECTED." The back of these CDs also mention XCP in fine print. You can find pictures of these and other telltale labeling at http://www.eff.org/IP/DRM/Sony-BMG/.

"Music fans should protect themselves from this stealth attack on their computer system," said EFF Senior Staff Attorney Fred von Lohmann.

For more tips on keeping your computer uninfected:
http://www.eff.org/deeplinks/archives/004144.php

Contacts:

Corynne McSherry
Staff Attorney
Electronic Frontier Foundation
corynne@eff.org

Jason Schultz
Staff Attorney
Electronic Frontier Foundation
jason@eff.org

Related Issues:
November 9, 2005

AcompliaReport.com Settles Fair Use Dispute with Drug Company

San Francisco - A medical news website, with the assistance of the Electronic Frontier Foundation (EFF), has settled a dispute with a French pharmaceutical giant over using the name of a trademarked medication, Acomplia.

The settlement came after EFF filed suit on behalf of the AcompliaReport.com, an independent online newsletter devoted to reporting about a drug called Acomplia. Acomplia may help consumers lose weight and quit smoking, but is not yet approved by the US Food and Drug Administration (FDA). Since March 2004, AcompliaReport.com has published original news and commentary about Acomplia's clinical trials, the drug approval process, and anti-obesity drugs in general—all aimed at helping consumers make more informed decisions about their health.

To emphasize the newsletter's impartiality, every page has always included the subhead "your independent source of news and reviews about the new diet drug Acomplia." Nevertheless, drug maker Sanofi-Aventis claimed that the use of the term "Acomplia" in the AcompliaReport domain name created a "risk of confusion." Sanofi asked an international arbitrator to order the domain name transferred, alleging that the publisher of the AcompliaReport, Milton R. Benjamin, was a cybersquatter. Benjamin promptly sought a declaration from a U.S. district court protecting his right to the domain name, claiming both fair use and First Amendment rights to the name as an online publisher.

"Sanofi's tactics threatened to quash free and accurate speech," said EFF staff attorney Corynne McSherry. "The website uses the Acomplia mark solely to refer to Sanofi's product. That use is a textbook fair use. And basic First Amendment principles barred Sanofi from using trademark law to shut down an independent news site."

Under terms of Tuesday's settlement, AcompliaReport.com keeps its domain name, as long as there is a disclaimer stating that the website is not associated with Sanofi-Aventis.

"We are happy to have this absurd dispute behind us, enabling us to focus on independent coverage of the regulatory process and further development of a novel drug that appears to have the potential to be of considerable benefit to many people," said Benjamin. "A news site needs to be able to use a trademarked name in order to report on a trademarked product."

Contact:

Corynne McSherry
Staff Attorney
Electronic Frontier Foundation
corynne@eff.org

Related Issues:
November 4, 2005

DOJ's Decision Denies Courts Guidance on When to Authorize Tracking

San Francisco - The US Department of Justice (DOJ) has told the Electronic Frontier Foundation (EFF) that it will not appeal a New York decision that forcefully rejected its request to track a cell phone user without first showing probable cause of a crime. It also appears that DOJ will not appeal a similar opinion recently issued in Texas.

Last week in the Eastern District of New York, Federal Magistrate Judge James Orenstein, in a scathing opinion, rejected DOJ's request to track a cell phone without a warrant, agreeing with a brief EFF filed in the case. Describing the government's justifications for the tracking request as "unsupported," "misleading," and "contrived," Orenstein ruled that tracking cell phone users in real time required a showing of probable cause that a crime is being committed. Earlier this month, another federal magistrate judge in the Southern District of Texas published his own opinion denying another government application for a cell phone tracking order. DOJ has failed to file timely objections with the District Court in that case, too. Although DOJ may still decide to appeal that case to the Fifth Circuit, its choice not to appeal the nearly identical opinion in the New York case makes that seem unlikely.

"The government's decision not to appeal either of these cases is disappointing," explained EFF staff attorney Kevin Bankston. "The magistrate judge in New York explicitly encouraged the government to appeal the decision so that he and his fellow judges around the country could get some guidance from the higher courts. The very important question of when the government can track your cell phone remains an open question that should be argued openly in the appeals court, not litigated piece-meal in lower-court proceedings where the government is secretly presenting cell phone tracking requests."

An October 28 story in the Washington Post reported that, when questioned about the court decisions, "Justice Department officials countered that courts around the country have granted many such orders in the past without requiring probable cause."

"The Justice Department has been arguing for warrantless cell phone tracking in secret proceedings with magistrate judges across the country, probably for years," said Bankston. "My biggest fear is that DOJ intends to continue seeking these illegal surveillance orders in secret, while avoiding scrutiny from higher courts."

You can read the full text of Judge Orenstein's opinion, and the similar Texas opinion, at http://www.eff.org/legal/cases/USA_v_PenRegister.

Contact:

Kevin Bankston
Staff Attorney
Electronic Frontier Foundation
bankston@eff.org

November 3, 2005

RIAA v. The People: Two Years Later

Chicago - It's been two years since the Recording Industry Association of America (RIAA) started suing music fans who share songs online. Thousands of Americans have been hit by lawsuits, but both peer-to-peer (P2P) file sharing and the litigation continue unabated.

In a report released Thursday, "RIAA v. The People: Two Years Later," the Electronic Frontier Foundation (EFF) argues that the lawsuits are singling out only a select few fans for retribution, and many of them can't afford either to settle the case or defend themselves. EFF's report cites the case of a single mother in Minnesota who faces $500,000 in penalties for her daughter's alleged downloading, as well as the case of a disabled veteran who was targeted for downloading songs she already owned.

"Out of the millions of people who download music from P2P systems every day, the RIAA arbitrarily picks a few hundred to sue every month," said EFF Senior Staff Attorney Fred von Lohmann. "Many of those families suffer severe financial hardship. But despite all the publicity, studies show that P2P usage is increasing instead of decreasing."

"RIAA v. The People" was released in conjunction with the first annual P2P Litigation Summit in Chicago on Thursday, which brings together defense attorneys, clients, advocates, and academics to discuss the latest developments in the lawsuits.

Three other reports released Thursday were aimed at helping lawyers representing music fans sued by the RIAA. "Typical Claims and Counter Claims in Peer to Peer Litigation" is a general discussion of the lawsuits, while "Parental Liability for Copyright Infringement by Minor Children" and "Copyright Judgments in Personal Bankruptcy" both tackle important issues arising in defending families from devastating judgments.

"After two years of lawsuits, there's only one conclusion to draw," said von Lohmann. "Suing music fans is no answer to the P2P dilemma."

For "RIAA v. The People: Two Years Later":
http://www.eff.org/IP/P2P/RIAAatTWO_FINAL.pdf

For "Typical Claims and Counter Claims in Peer to Peer Litigation:
http://www.eff.org/IP/P2P/RIAA_v_ThePeople/P2P_witkin.pdf

For "Parental Liability for Copyright Infringement":
http://www.eff.org/IP/P2P/Parent_Liability_Nov_2005.pdf

For "Copyright Judgments in Personal Bankruptcy":
http://www.eff.org/IP/P2P/RIAA_v_ThePeople/P2P_bktcy_memo.pdf

For more on the P2P Litigation Summit:
http://www.eff.org/IP/P2P/p2p_litigation_summit.php

Contacts:

Cindy Cohn
Legal Director
Electronic Frontier Foundation
cindy@eff.org

Fred von Lohmann
Senior Intellectual Property Attorney
Electronic Frontier Foundation
fred@eff.org

Related Issues:
October 26, 2005

No Cell Phone Location Tracking Without Probable Cause

New York - Agreeing with a brief submitted by EFF, a federal judge forcefully rejected the government's request to track the location of a mobile phone user without a warrant.

Strongly reaffirming an earlier decision, Federal Magistrate James Orenstein in New York comprehensively smacked down every argument made by the government in an extensive, fifty-seven page opinion issued this week. Judge Orenstein decided, as EFF has urged, that tracking cell phone users in real time required a showing of probable cause that a crime was being committed. Judge Orenstein's opinion was decisive, and referred to government arguments variously as "unsupported," "misleading," "contrived," and a "Hail Mary."

"This is a true victory for privacy in the digital age, where nearly any mobile communications device you use might be converted into a tracking device," said EFF Staff Attorney Kevin Bankston. "Combined with a similar decision this month from a federal court in Texas, I think we're seeing a trend—judges are starting to realize that when it comes to surveillance issues, the DOJ has been pulling the wool over their eyes for far too long."

Earlier this month, a magistrate judge in Texas, following the lead of Orenstein's original decision, published his own decision denying a government application for a cell phone tracking order. That ruling, along with Judge Orenstein's two decisions, revealed that the DOJ has routinely been securing court orders for real-time cell phone tracking without probable cause and without any law authorizing the surveillance.

"The Justice Department's abuse of the law here is probably just the tip of the iceberg," said EFF Staff Attorney Kurt Opsahl. "The routine transformation of your mobile phone into a tracking device, without any legal authority, raises an obvious and very troubling question: what other new surveillance powers has the government been creating out of whole cloth and how long have they been getting away with it?"

The government is expected to appeal both decisions and EFF intends to participate as a friend of the court in each case.

You can read the full text of Judge Orenstein's new opinion, and the similar Texas opinion, at http://www.eff.org/legal/cases/USA_v_PenRegister.

Contacts:

Kevin Bankston
Staff Attorney
Electronic Frontier Foundation
bankston@eff.org

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

October 17, 2005

EFF Urges Fresh Inquiry Into Ramifications of DRM

London - The Electronic Frontier Foundation (EFF) has criticized a European Commission group for assuming that digital rights management (DRM) is the only way to foster development of the home audiovisual market.

In comments filed last week, EFF European Affairs Coordinator Cory Doctorow took the Networked Audiovisual Systems and Home Platforms (NAVSHP) group to task for its report on developing a harmonized system of DRM requirements. Doctorow urged NAVSHP to explore approaches grounded in empirical research, not industry mythology.

"DRM is already widely deployed without a hint of success and the NAVSHP group has the opportunity to learn from its well-known failures," said Doctorow. "NAVSHP should take a new look into how DRM affects the public, artists, and industry."

So far, DRM has failed to reduce unauthorized copying or enrich content authors and performers, and instead has curtailed competition and sacrificed user-rights for the benefit of entertainment giants. A fresh inquiry could examine why otherwise law-abiding citizens have resorted to finding unrestricted material on peer-to-peer networks and look at technological systems that might encourage new artistic works and new business models.

"The EU and the world are experiencing a revolution in creativity thanks to the Internet," said Doctorow. "An entire generation of remixers, talented amateurs, and Creative Commons enthusiasts have created works that do not require DRM to thrive. NAVSHP should produce recommendations for systems that embrace unrestricted distribution methods in support of these new Internet-native business models. These European creators deserve every bit as much attention from the EU as do American film studios and other incumbents."

For the full critique submitted to NAVSHP: http://www.eff.org/IP/DRM/NAVSHP/

For more on digital video standards in Europe: http://www.eff.org/IP/DVB/

Contact:

Cory Doctorow
European Affairs Coordinator
Electronic Frontier Foundation
cory@eff.org

Related Issues:
October 17, 2005

Tiny Dots Show Where and When You Made Your Print

Tiny Dots Show Where and When You Made Your Print

San Francisco - A research team led by the Electronic Frontier Foundation (EFF) recently broke the code behind tiny tracking dots that some color laser printers secretly hide in every document.

The U.S. Secret Service admitted that the tracking information is part of a deal struck with selected color laser printer manufacturers, ostensibly to identify counterfeiters. However, the nature of the private information encoded in each document was not previously known.

"We've found that the dots from at least one line of printers encode the date and time your document was printed, as well as the serial number of the printer," said EFF Staff Technologist Seth David Schoen.

You can see the dots on color prints from machines made by Xerox, Canon, and other manufacturers (for a list of the printers we investigated so far, see: http://www.eff.org/Privacy/printers/list.php). The dots are yellow, less than one millimeter in diameter, and are typically repeated over each page of a document. In order to see the pattern, you need a blue light, a magnifying glass, or a microscope (for instructions on how to see the dots, see: http://www.eff.org/Privacy/printers/docucolor/).

EFF and its partners began its project to break the printer code with the Xerox DocuColor line. Researchers Schoen, EFF intern Robert Lee, and volunteers Patrick Murphy and Joel Alwen compared dots from test pages sent in by EFF supporters, noting similarities and differences in their arrangement, and then found a simple way to read the pattern.

"So far, we've only broken the code for Xerox DocuColor printers," said Schoen. "But we believe that other models from other manufacturers include the same personally identifiable information in their tracking dots."

You can decode your own Xerox DocuColor prints using EFF's automated program at http://www.eff.org/Privacy/printers/docucolor/index.php#program.

Xerox previously admitted that it provided these tracking dots to the government, but indicated that only the Secret Service had the ability to read the code. The Secret Service maintains that it only uses the information for criminal counterfeit investigations. However, there are no laws to prevent the government from abusing this information.

"Underground democracy movements that produce political or religious pamphlets and flyers, like the Russian samizdat of the 1980s, will always need the anonymity of simple paper documents, but this technology makes it easier for governments to find dissenters," said EFF Senior Staff Attorney Lee Tien. "Even worse, it shows how the government and private industry make backroom deals to weaken our privacy by compromising everyday equipment like printers. The logical next question is: what other deals have been or are being made to ensure that our technology rats on us?"

EFF is still working on cracking the codes from other printers and we need the public's help. Find out how you can make your own test pages to be included in our research at http://www.eff.org/Privacy/printers/wp.php#testsheets.

Contact:

Seth Schoen
Staff Technologist
Electronic Frontier Foundation
seth@eff.org

Related Issues:
October 13, 2005

Injunction Could Shut Down Popular Service

Los Angeles - The Electronic Frontier Foundation (EFF) filed a brief Wednesday in support of Google Image Search, arguing that a federal district court should reject a request for a preliminary injunction that could shut the service down.

In its lawsuit, adult entertainment website Perfect 10 claims that Google violates its copyrights by making and delivering thumbnail images of its photos as Internet search results. In its friend-of-the-court brief, EFF shows that these copies are a well-established fair use of digital images and they help people find and use the works for informational and educational endeavors.

"Google Image Search helps millions of people locate and learn about information on the web every day," said Jason Schultz, EFF staff attorney. "We're concerned that the public will lose out if Perfect 10 succeeds in shutting it down."

Perfect 10 argues that a preliminary injunction is justified because Google is violating its right to reproduce, distribute, and display its copyrighted work. But there is a long tradition in fair use that certain kinds of copies are socially useful, even without permission of the author. Courts have held that copies are a legal intermediate step to making non-infringing uses of the copyrighted work—for example in teaching, education, and news reporting.

Thumbnails created by Google Image Search allow users to identify information they are looking for online and then access that information—much like an electronic card catalog. As certain information about images can only be conveyed visually, there is no other feasible way to provide image search on the Internet than capturing images, transforming them into thumbnails, and then displaying them on a search results page for users.

While the images provided by Perfect 10 may have limited academic application, the ramifications of its lawsuit could have a huge impact on educational research.

"Without the right to make legal copies, Google Image Search wouldn't be able to help you find a picture of Martin Luther King, Jr. at the Lincoln Memorial, for example," said Schultz.

A hearing in this case is set for November 7, 2005.

For the full text of the brief, see:
http://www.eff.org/legal/cases/Perfect10_v_Google/EFF_amicus_brief.pdf

Contact:

Jason Schultz
Staff Attorney
Electronic Frontier Foundation
jason@eff.org

Related Issues:
October 6, 2005

Requires Plaintiffs to Meet Strict Standard Before Unmasking Critic

Wilmington, Delaware - The Delaware Supreme Court has protected the identity of a blogger in the case of Doe v. Cahill, finding that the plaintiffs failed to meet the strict standards required by the First Amendment to unmask an anonymous critic. It dismissed the case Wednesday.

This is the first state supreme court to rule on a "John Doe" subpoena or to address bloggers' rights.

"Bloggers have a strong First Amendment right to speak anonymously," said Kurt Opsahl, staff attorney at the Electronic Frontier Foundation (EFF). "It is critical that plaintiffs' claims face a stringent test before a court unmasks online critics, lest we reduce the vibrant public debates on the Internet to the cautious views of a select few voices."

The defendant in the case posted under the alias Proud Citizen on the "Smyrna/Clayton Issues Blog" (www.newsblog.info/0405). In two messages from September of 2004, Proud Citizen discussed a member of the Smyrna Town Council, Patrick Cahill, referring to Cahill's "character flaws," "mental deterioration," and "failed leadership," and stated that "Gahill [sic] is...paranoid."

Cahill and his wife filed a complaint for defamation, and sought to discover Proud Citizen's identity, which the trial court allowed under a very relaxed standard -- merely requiring a claim made in good faith. The Delaware Supreme Court disagreed, noting that substantial harm may come from allowing a plaintiff to compel the disclosure of an anonymous defendant's identity with a weak or trivial claim.

Instead, the Court required a stricter standard: the plaintiff must (1) make reasonable efforts to notify the defendant and (2) provide facts sufficient to defeat a summary judgment motion (i.e., submit enough evidence to show the Court that the case was strong enough to proceed to trial). The Court held that the plaintiffs had not shown that statements made by Proud Citizen met this test, in large part because they were likely to be seen by the Internet audience as statements of opinion.

EFF, along with Public Citizen, the American Civil Liberties Union, and the American Civil Liberties Union of Delaware, filed a "friend of the court" brief supporting the blogger's right to speak anonymously. You can learn more about EFF's efforts to defend bloggers' rights at www.eff.org/bloggers/.

Contact:

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

Related Issues:
October 5, 2005

Brief Supports Past Court Opponent DirecTV

San Francisco - The Electronic Frontier Foundation (EFF) filed a brief this week in support of one of its previous court opponents, DirecTV, arguing that a federal appeals court should throw out a lawsuit against the company for accessing a public website.

DirecTV is being sued by Michael Snow, the publisher of an anti-DirecTV website that contained warnings to DirecTV employees that they were not authorized to enter. In its friend-of-the-court brief to the Eleventh Circuit Court of Appeals, EFF argues that the federal Stored Communications Act, on which Snow's suit relies, only protects websites that are configured to be private.

"If you want to keep your website private, then you should protect it with a password," said EFF Staff Attorney Kevin Bankston. "The law doesn't allow web publishers to sue when people they don't like visit their site. Otherwise, any company could publish terms of service forbidding competitors, consumer watchdogs, journalists, or even government officials from scrutinizing a public website." Under Snow's theory, not only could such unauthorized visitors be sued, they could also be prosecuted and sent to prison.

Snow is asking the appeals court to overturn the district court's dismissal of his case. EFF agrees with DirecTV that the case should have been dismissed, but argues that the lower court's reasoning for dismissal was flawed.

"The district court made the right decision but based on the wrong reasons, threatening the legal protections for private web communications," Bankston said. "The appeals court needs to clarify that although public websites aren't protected by federal privacy laws, sites that are actually configured to be private are fully covered."

EFF has opposed DirecTV in the past for its legal campaign against "smart cards," and co-sponsors a website, www.directvdefense.org, designed to help those who have been sued by DirecTV. However, as Bankston said, "When it comes to protecting the rights of Internet users, EFF doesn't hold a grudge. We may oppose DirecTV in other cases, but here, it's plainly on the correct side."

The US Internet Industry Association, whose membership includes many web hosts that offer private web services, joined EFF on the brief.

For the full text of the brief, see: http://www.eff.org/legal/cases/Snow_v_DirecTV/EFF_amicus.pdf

Contact:

Kevin Bankston
Staff Attorney
Electronic Frontier Foundation
bankston@eff.org

October 3, 2005

Comments to House of Commons Warn About Regulation

London - The Electronic Frontier Foundation (EFF) has filed comments with the Department of Culture, Media, and Sport (DCMS) in the British House of Commons about plans for digital television broadcasting in Europe. In comments submitted last week, EFF expressed concern that switching off analog broadcasts could result in new digital television standards that unduly restrict the public and manufacturers.

The Digital Video Broadcasting Project (DVB) -- a group that creates standards for digital television in Europe, Australia, and much of Asia -- has proposed a complex system for restricting digital broadcast programming after reception, analogous to the disastrous broadcast flag proposal in the United States. This system, called "Content Protection Copy Management" (CPCM), has been under discussion since 2003.

The CPCM restrictions include an "authorized domain" governing the number of devices that can use content and a myriad of broadcast flags that will restrict usage, recording, and storage. They also specify compliance rules for all manufacturers. As with the US broadcast flag proposal, these compliance rules would result in a ban on the use of free and open source software in connection with digital TV reception and usage.

"The DVB broadcast flag is much more sweeping than the one they tried for in America," said Cory Doctorow, EFF's European Affairs Coordinator, who attends the standards-specifying meetings on behalf of manufacturers who use free and open source software in their products. "The North American Broadcasters' Association has threatened to turn this into a global regulatory mandate. If that comes to pass, you'll never know which TV shows your devices can record or whether a new device will be allowed onto your home network. Additionally, this will give a veto over technology to entertainment companies, who've already ruled out open source because it lets users modify their own equipment."

EFF believes that a European broadcast flag would also be used to gain political leverage to argue again for a broadcast flag in the United States.

For EFF's full comments submitted to the British House of Commons: http://www.eff.org/IP/DVB/dvb_critique.php

One-page summary: http://www.eff.org/IP/DVB/

For EFF's action alert on the US broadcast flag: http://action.eff.org/site/Advocacy?id=129

Contact:

Cory Doctorow
European Affairs Coordinator
Electronic Frontier Foundation
cory@eff.org

September 29, 2005

TSA Stops Deleting "Secure Flight" Records, But Drags Feet On Project Transparency

Washington, DC - After receiving hundreds of requests from Americans asking to know what personal information the government has obtained about them, the Transportation Security Administration (TSA) told passengers that it "does not have the capability to perform a simple computer-based search" to locate individual records.

TSA revealed last fall that it would use private passenger data from all domestic airline flights taken in June of 2004 to test its troubled "Secure Flight" passenger-screening system. In response to a fruitless Privacy Act request by four Alaska residents, the Electronic Frontier Foundation (EFF) encouraged other airline passengers to request their own files. TSA recently began notifying the passengers who filed Freedom of Information Act (FOIA) and Privacy Act requests that it lacks the ability to easily search its records. TSA also said that it would close such requests unless individuals provided additional detailed information, such as the air carrier they used, the dates of travel, and their phone numbers -- part of the data that requestors were seeking in the first place.

"TSA is failing to follow the law," said EFF Staff Attorney Matt Zimmerman. "The Freedom of Information Act and the Privacy Act place very clear obligations on government agencies for searching their records, and TSA has simply said that it doesn't want to go through the effort. It's bad enough that Secure Flight has repeatedly failed to show that it can be a useful tool to strengthen airline security. However, that doesn't excuse the federal government from telling Americans about the private information it has gathered and used to test the project."

In light of the high volume of record requests that it has received, TSA recently agreed to stop deleting the passenger data it obtained for testing Secure Flight until it processed its backlog of requests. However, TSA told initial requestors that some of their data had already been deleted.

Secure Flight, a passenger-profiling system aimed at identifying security risks, is the successor of the controversial "CAPPS II" program that was cancelled in the wake of questions about its cost, effectiveness, and impact on privacy and civil liberties. The Secure Flight screening process would involve comparing airline passenger reservation data with an interagency terrorist watch list to determine who should be subject to more invasive screenings or arrest. After repeatedly misleading Congress and the public about its intention to use data provided by commercial data brokers to supplement the watch list, TSA recently announced that it would not use such data in the program for the time being. Despite the controversy surrounding the project, TSA has stated that it is moving forward this fall with plans for a partial roll-out involving two airlines.

For more on EFF and Secure Flight: http://action.eff.org/secureflight

Contacts:

Danny O'Brien
Activism Coordinator
Electronic Frontier Foundation
danny@eff.org

Matt Zimmerman
Staff Attorney
Electronic Frontier Foundation
mattz@eff.org

September 29, 2005

EFF Criticizes Plan for Restrictive New Cell Technology

San Francisco - The Trusted Computing Group (TCG), an industry consortium developing controversial computer security specifications, has released a wish list of applications of TCG technology to cell phone security. Unfortunately, much of this "security" aims to help cell phone carriers cement their control over their customers.

The Electronic Frontier Foundation (EFF) attended TCG's announcement in San Francisco on Tuesday and criticized the proposals as steps in the wrong direction for the future of mobile communications.

"TCG is proudly offering to help cell phone carriers lock down your phone," said EFF Staff Technologist Seth Schoen. "The proposals described today aim to help your cell phone company decide who can publish software or media for your phone, whether you can load your own documents, and even whether you can switch carriers or resell your phone. These are not innovations that consumers will applaud."

TCG announced a set of eleven "use cases" that its members will discuss how to support with TCG technologies in cell phones. Among other applications, TCG suggested:

* "Device integrity" and "SIMlock/device personalization," which would prevent you from switching mobile carriers or reselling or donating your phone to someone else.

* "Platform integrity" and "software use" controls, which would let your cell phone company, not you, decide what software is allowed to run on your phone.

* "Digital rights management support" helps publishers, not you, control how you can use media on your cell phone.

TCG says these new "features" are all in the name of "security" - whether they are protecting against viruses or ensuring that users can't take their phones with them when they change carriers and can't use third-party applications that aren't provided by their carriers. But this security is not necessarily for consumers' benefit. In many cases, TCG's proposals offer "security" only against you, not for you, and the legitimate security benefits could be achieved without also locking down consumer choice. You won't see such consumer benefits as being able to change cell phone carriers easily or freely use the digital media you have purchased.

TCG's proposals for cell phones contrast with its work on security chips for personal computers. In the PC environment, TCG has taken pains to say that its technology is not specifically aimed at restricting users. But TCG is now explicitly offering to help restrict users.

"The cell phone industry hasn't yet realized that cell phones are little computers, and that users expect the same amount of choice about how to use their phones as they enjoy with their PCs and PDAs," Schoen added. "We should be working to make cell phones more like PCs rather than making PCs more like restricted cell phones. But today TCG has demonstrated its eagerness to assist carriers who wish to force more restrictions on consumers, rather than offer them more control and flexibility."

For TCG's announcements at the CTIA Wireless IT &amp Entertainment conference: https://www.trustedcomputinggroup.org/groups/mobile

For more on trusted computing on the PC: http://www.eff.org/Infrastructure/trusted_computing

Contacts:

Chris Palmer
Technology Manager
Electronic Frontier Foundation
chris@eff.org

Seth Schoen
Staff Technologist
Electronic Frontier Foundation
seth@eff.org

September 28, 2005

EFF and Others to Challenge Privacy-Invasive Rule

Washington, DC - The Federal Communications Commission (FCC) has issued a "First Report and Order" confirming its expansion of the Communications Assistance to Law Enforcement Act (CALEA) to the Internet. The Electronic Frontier Foundation (EFF) is planning to challenge the rule in court.

The new rule forces Internet broadband providers and "interconnected" Voice-over-IP (VoIP) providers to build backdoors into their networks to make it easier for law enforcement to listen in on private communications. EFF has argued against this expansion of CALEA in several rounds of comments to the FCC.

"A tech mandate requiring backdoors in the Internet endangers the privacy of innocent people, stifles innovation, and risks the Internet as a forum for free and open expression," said Kurt Opsahl, EFF staff attorney.

CALEA, a law passed in the early 1990s, required that all telephone providers build surveillance backdoors into their networks. Due to pressure from EFF and other privacy groups, Congress expressly exempted information services like broadband. But the new details released on September 23rd show that the FCC has decided to ignore Congress's decision to protect the Internet, instead forcing all "facilities-based" providers of any type of broadband Internet access service, as well as interconnected VoIP services, to make their networks wiretap-ready. According to the FCC, all VoIP communications on a given service must be wiretap-ready if the VoIP service offers the capability for users to connect calls with the public switched telephone network (PSTN), even those communications that do not involve the PSTN.

Practically, what this means is that the government will be asking broadband providers -- as well as companies that manufacture devices used for broadband communications -- to create new backdoors for surveillance, imperiling the privacy and security of citizens on the Internet. It also hobbles technical innovation by forcing companies involved in broadband to redesign their products to meet government requirements.

Acknowledging that the FCC is reaching beyond Congress's intention by expanding CALEA to the Internet, FCC Commissioner Michael J. Copps admitted that "[the] statute is undeniably stretched," and FCC Commissioner Kathleen Q. Abernathy issued a plea that Congress revisit its decision to exempt the Internet, stating the "application of CALEA to these new services could be stymied for years" by litigation.

"The FCC's overreach is an attempt to overrule Congress's decision to exclude 'information services,'" said EFF Senior Staff Attorney Lee Tien. "By mandating backdoors in any service that has the capability to replace functions provided by a telephone, the FCC has stretched the statute to the breaking point."

Contact:

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

September 26, 2005

EFF Asks Supreme Court to Consider Controversial Case

San Francisco - On Monday, the Electronic Frontier Foundation (EFF) filed a friend-of-the-court brief with the United States Supreme Court, asking the Court to review an important patent case that has broad implications for free speech and consumers' rights.

The Federal Circuit Court of Appeals ruled earlier this year that eBay violated MercExchange's online auction patents and that eBay could be permanently enjoined, or prohibited, from using the patented technology. Then the Court went a dangerous step further. It held that patentees who prove their case have a right to permanent injunctions unless the injunction poses a risk to public health. This "automatic injunction" rule deprives judges of their traditional discretion to consider how an injunction might affect other public interests -- including free speech online.

If this rule is allowed to stand, free expression could suffer.

"We're not saying injunctive relief is never a good idea," said EFF Staff Attorney Corynne McSherry. "But courts must have the ability to look at how an injunction will affect a variety of public interests. That's especially true now, when so many companies are claiming patents on basic technologies that citizens use to communicate online."

In its brief, EFF argues that this ruling threatens free speech because patent owners who claim control over Internet publishing mechanisms are in a position to threaten anyone who uses them to broadcast their ideas, even for noncommercial purposes.

Added McSherry, "Given the explosion of new communications technologies such as blogs, instant messaging, and wikis, this is hardly the time to limit courts' ability to consider the benefits that a given technology brings to freedom of expression, or evaluate the chilling effects of forbidding the use of that technology."

You can read the full brief at:
www.eff.org/legal/cases/ebay_v_mercexchange/EFF_brief.pdf.

For more on patents and how bad law can hurt the public, see:
www.eff.org/patent.

Contacts:

Corynne McSherry
Staff Attorney
Electronic Frontier Foundation
corynne@eff.org

Related Issues:
September 26, 2005

Cell Phones Used to Track Users Without Probable Cause

San Francisco - The Electronic Frontier Foundation (EFF) is arguing that a New York federal court should stand by its decision to require probable cause to believe a crime has been or is about to be committed before letting the government secretly track people using their cell phones.

"This is the first case considering when the government can track the movements of your cell phone, and the answer couldn't be more important," said EFF Staff Attorney Kevin Bankston. "Allowing the government to turn anyone's cell phone into a tracking device without probable cause will enable a surveillance society that would make Big Brother jealous."

Last month, the court denied a Justice Department request to monitor a cell phone's location. The ruling revealed that the DOJ has routinely been securing court orders for real-time cell phone tracking without probable cause and without any law authorizing the surveillance.

Many cell phone users aren't aware that their phones can be used to track their location in real-time, even when they aren't using them. EFF filed a friend-of-the-court brief on Friday to oppose a DOJ motion asking the court to reconsider its pro-privacy decision. EFF argues that the Fourth Amendment requires a search warrant for such invasive surveillance, issued under the same strict standards as warrants that authorize phone and Internet wiretaps.

The government has tried to justify this gross expansion of its authority by combining two surveillance statutes, neither of which authorize cell phone tracking on their own. As EFF explains in its brief, there is no support anywhere for this argument -- not in the statutes' language, nor in legislative history, case law, or academic commentary. Indeed, it contradicts the government's own electronic evidence manual. "It's as if the government wants the court to believe that zero plus zero somehow equals one," said Bankston.

EFF's brief marks the first time the DOJ has had to face lawyers presenting an opposing argument on this issue. "Secrecy breeds abuse," said EFF Staff Attorney Kurt Opsahl. "Before this court had the courage to stand up to the government, the hearings were hidden from the public and the judge only saw the government's point of view this led to secret tracking orders -- without basis in law -- that threaten our fundamental liberties."

The DOJ is expected to appeal to the district court if Magistrate Judge Orenstein denies its motion to reconsider. The court has not said when it intends to rule.

You can read the full text of the EFF brief at www.eff.org/legal/cases/USA_v_PenRegister.

Contacts:

Kevin Bankston
Staff Attorney
Electronic Frontier Foundation
bankston@eff.org

Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org

Pages

Subscribe to EFF Press Releases
JavaScript license information