Apologists justified the broad, civil-liberties corroding powers granted to the government under the USA PATRIOT Act by arguing that they would be used to put terrorists behind bars. Yet several provisions can be used against Americans in a wide range of investigations that have nothing to do with terrorism. Others are too vague, jeopardizing legitimate activities protected under the First Amendment. Worse, the Department of Justice has worked to expand and/or make permanent a number of these provisions -- despite the fact that they were sold to the public as "temporary" measures and are scheduled to expire, or "sunset," in December of 2005.
Periodically in our EFFector newsletter, we profile one of the 16 provisions scheduled to sunset and explain in plain language what's wrong with the provision and why Congress should allow it to expire.
Bush's selection of conservative Judge Samuel A. Alito Jr. for the Supreme Court is doubtless going to lead to an ideological battle in the Senate, focusing on Alito's position on hot button issues like abortion rights, federalism, and gun control. Given the divisiveness of these issues, there is a substantial chance for a Democratic filibuster to block confirmation of Alito.
Many organizations have looked over Alito's fifteen-year record on the bench, and are providing thorough analyses of his position on these divisive issues. Below, we will examine some of on Alito's history with other issues nearer to our organizational heart.
(Read more after the jump.)
Today the Second Circuit Court of Appeals heard argument in the case of Doe v. Gonzales, considering whether National Security Letters (NSLs) are unconstitutional. NSLs are secret subpoenas for communications logs, issued directly by the FBI without any judicial oversight. These secret subpoenas allow the FBI to demand that online service providers produce records of where their customers go on the Web, as well as what they read and with whom they exchange email. The FBI can even issue NSLs for information about people who haven't committed any crimes.
In addition, NSLs are practically immune to judicial review. They are accompanied by gag orders that allow no exception for talking to lawyers and provide no effective opportunity for the recipients to challenge them in court. This secret subpoena authority, which was expanded by the USA PATRIOT Act, could be applied to nearly any online service provider for practically any type of record, without a court ever knowing.
For years now, copy-restriction software has been a looming threat to those who purchase music and want to make fair uses such as space-shifting it from one device or computer to another. Fortunately, early versions of the software were so cumbersome and easy to work around that consumers whole-heartedly rejected or bypassed them. Recently, however, at least one record label has stepped up the war for control of digital content by drawing from the playbook of spyware companies and virus-writers.
As we've noted before, the DMCA has increasingly been used to block competition, rather than to stop "piracy." First it was printer toner cartridges, then garage door openers, and today, in Storage Technology v. Custom Hardware Engineering, it's being used in an effort to tie hardware sales to post-sale service contracts. Today, EFF filed an amicus brief in this case, currently pending before the Federal Circuit.
For years, EFF has been following a case in Colorado District Court involving Family Flicks and Play it Clean Video -- companies that make and distribute copies of movies with sexual and violent content removed. The Motion Picture Association of America (MPAA) and a number of prominent Hollywood directors claim this is copyright infringement.
EFF has no opinion on that aspect of the case. What interested us was a particular element of the claim that would have broad implications for fair use of copyrighted material. When Family Flicks and Play it Clean Video make their "clean" copies, they first make an "intermediate copy" of the entire movie in order to edit it. The MPAA claimed that the copy was an infringement as well as the final product.
Today's Washington Post contains a shocking (and breathtakingly thorough) investigative piece, worth reading in its entirety, which reveals how the FBI has been using its surveillance powers—greatly expanded under the USA PATRIOT Act—even more aggressively than we feared:
The FBI now issues more than 30,000 national security letters a year, according to government sources, a hundredfold increase over historic norms. The letters—one of which can be used to sweep up the records of many people—are extending the bureau's reach as never before into the telephone calls, correspondence and financial lives of ordinary Americans.
On the Sunday talk shows, several senators were pressed to comment on the Washington Post's investigative report showing that the FBI issues more than 30,000 national security letters a year. As reported in the New York Times, the Associated Press and a follow up story in the Post:
NBC's Meet the Press
"We should not ever give up freedom on the basis of fear, and any freedom that we give up should be limited in time and limited in scope," Senator Tom Coburn, an Oklahoma Republican who is a member of the Judiciary Committee.
Molly Wood over at CNET has done a wonderful job summarizing what Sony-BMG's "rootkit" CD copy-protection is all about, and why it's such a bad thing:
So, let's make this a bit more explicit. You buy a CD. You put the CD into your PC in order to enjoy your music. Sony grabs this opportunity to sneak into your house like a virus and set up camp, and it leaves the backdoor open so that Sony or any other enterprising intruder can follow and have the run of the place. If you try to kick Sony out, it trashes the place. And what does this software do once it's on your PC? ... The DRM itself is almost unbelievably restrictive, and some have suggested that the reasoning behind it is part of Sony's ongoing war over digital music supremacy with the decidedly more supreme Apple.
We were pleased to see the domain name arbitration decision in Homer TLC, Inc. v. GreenPeople last week. The University of San Francisco Internet and Intellectual Property Justice Clinic handled this case, on a referral from EFF, and won it for the gripe website homedepotsucks.com . EFF gets far more requests for help than we can handle with our tiny legal staff, and law school clinics like the USF's Legal Clinic serve a much needed role, along with the hundreds of attorneys who take cases from EFF's cooperating attorneys referral list.
As we've mentioned before, Sony-BMG has been using copy-protection technology called XCP in its recent CDs. You insert your CD into your Windows PC, click "agree" in the pop up window, and the CD automatically installs software that uses rootkit techniques to cloak itself from you. Sony-BMG has released a "patch" that supposedly "uncloaks" the XCP software, but it creates new problems.
But how do you know whether you've been infected? It turns out Sony-BMG has deployed XCP on a number of titles, in variety of musical genres, on several of its wholly-owned labels.
One more magistrate judge has refused to allow the government's practice of secretly using cell phones to track people without probable cause--this time in the Southern District of New York (Manhattan). The magistrate judge declined to grant the government's request "without further briefing from the Government concerning the propriety of issuing these orders."
The SDNY judge sought further briefing due to an August decision from a magistrate judge in the Eastern District of New York (Long Island) denying a similar government request. The government provided a letter brief in support, and, upon the court's request, the SDNY Federal Defender's Office responded last week with an amicus brief in opposition.
EFF and 12 other national non-profit organizations have won their battle against a government fundraising policy that required checking employees against terrorist government watch-lists. It's a big victory for free speech and privacy -- not to mention the non-profits and the federal employees who want to support them through the Combined Federal Campaign, or CFC.
CFC allows federal workers to donate to charities with automatic payroll deductions, and it raises hundreds of millions of dollars every year for thousands of organizations. But CFC rules put in place last year would have forced us to check all of our employees and expenditures against several anti-terrorism "black lists" of people and organizations that the government suspects are linked to terrorism.
EFF is collecting stories from EFF members and supporters who have purchased Sony-BMG CDs that contained the "rootkit" copy protection software. We've previously posted at least a partial list of CDs infected here
We're considering whether the effect on the public, or on EFF members, is sufficiently serious to merit a lawsuit.
If you satisfy the following criteria, we would like to hear from you:
1. you have a Windows computer;
2. First 4 Internet's "xcp" copy protection has been installed on your computer from a Sony CD (for more details, see our blog post referenced above or SysInternals blog);
3. you reside in either California or New York;
4. you are willing to participate in litigation.
It's only been about a week since the world learned about the stealth software that some Sony-BMG music CDs install when you play them on your computer. But, as reported by The Register and Reuters, someone has already written a virus to exploit the security vulnerability created by this invasive technology.
The virus travels around in an email, and if executed, reportedly hides itself inside the rootkit and then installs an IRC backdoor. The rootkit's cloaking doesn't just protect itself from discovery--it protects this new virus as well. Just another example of why Sony-BMG's invasion of your computer is a dangerous development.
Xerox has responded to our
href="http://www.eff.org/Privacy/printers/">research on how printers
made by Xerox and other companies track the origin of documents
Its new "Xerox Statement on Counterfeit Detection" contains some
bizarre suggestions. The most prominent of these is that Xerox's
invasions of privacy are OK because other privacy invasions are worse:
Unlike much of the computer spy-ware prevalent on the
internet today, the yellow dots do not "contact" Xerox or
the government and send user content or location.
Many people have been concerned about the security risks of the XCP copy restriction software bundled on several recent Sony/BMG music CDs. Sony has made available a remarkably difficult-to-obtain uninstall program, which is not even capable of uninstalling all the components of the XCP system. However, Finnish security researcher Muzzy reported that this uninstall program introduces its own set of possible security problems -- and that it may even make matters worse.
Today, following up on this possibility, Ed Felten and Alex Halderman announced that they have
This morning, security researcher Dan Kaminsky announced an ingenious method for gauging the extent of the Sony XCP CD rootkit infection. His findings suggest that at least hundreds of thousands of computers are likely already infected, and that Sony probably has data that would show exactly how many computers are infected. Kaminsky's method is based on sophisticated use of the Domain Name System (DNS), which translates names like www.eff.org into the IP addresses that computers use to route communications on the Internet.
EFF has been collecting stories from EFF members and supporters who have purchased Sony-BMG CDs that contained the "rootkit" copy protection software. Thanks to all who have responded, and keep the stories coming!
EFF is also collecting stories from EFF members and supporters who have purchased Sony-BMG CDs that contained SunnComm's MediaMax copy protection software. The MediaMax software is somewhat different, but similarly has no true uninstall option and establishes an undisclosed ongoing communication from the users' computer to SunnComm. CDs with this technology include:
Amici Forever, Defined
David Gray, Life in Slow Motion
Foo Fighters, In Your Honor
My Morning Jacket, Z
Santana, All That I Am
Sarah McLachlan, Bloom Remix Album
We're considering whether the effect on the public, or on EFF members, is sufficiently serious to merit a lawsuit.
This Wednesday, at 10AM EST, the
Subcommittee on Commerce, Trade, and Consumer Protection will hear from witnesses discussing
Use: Its Effect on Consumers and Industry."
It should make for a fine contrast to the arguments made so forcefully by
the MPAA and RIAA earlier this month, when they proposed that Congress should
adopt their triple
horror bill of the broadcast flag, digital radio controls, and their
massively intrusive fix for that non-problem, the "analog hole."
Now is the time for all good bloggers to come to the aid of their legal rights!
Here at EFF, we're fighting hard for bloggers' rights. We've created the Legal Guide for Bloggers, we're litigating the reporter's privilege for online journalists and we are working hard to defend bloggers' rights to free expression, political speech, and anonymity, just to name a few.
Last week, as Senators and Congresspersons met in conference to negotiate the final PATRIOT reauthorization bill, we had high hopes that they would add meaningful new checks and balances to the USA PATRIOT Act.
But EFF has obtained a draft of the final conference report (in three parts: one, two, and three). It is exactly what we feared: the same old PATRIOT Act, with a grab-bag of illusory reforms that will do little to curb abuse of the Act's most dangerous powers.
The United States Computer Emergency Readiness Team (US-CERT) is a part of the Department of Homeland Security that is charged with the task of "protecting the nation's Internet infrastructure" by coordinating the "defense against and responses to cyber attacks across the nation." In response to the Sony XCP DRM debacle:
US-CERT recommends the following ways to help prevent the installation of this type of rootkit:
Sony BMG has released list of all 52 CD titles that have used the XCP software. If you have used one of the CDs listed in your computer running Windows, you are likely infected with the rootkit that opens you up to security vulnerabilities. If you haven't yet put this CD into your Windows computer, please don't. There have been some problems with recent uninstaller programs -- stay tuned for more on how to remove this software from your computer.
Thanks to everyone who called Congress yesterday to voice opposition to the draft PATRIOT renewal bill, which we expect a vote on soon. It looks like our voices were heard--the Associated Press is reporting that because of civil liberties concerns, the draft conference report was *not* filed last night as expected, and won't be hitting the House floor today. Instead, based on the objections of civil liberties groups and opposition by a bipartisan group of Senators, the contents of the final conference report are still being fought over.
Earlier this week, when the legislative conference tasked with reconciling the House and Senate versions of the PATRIOT renewal bill started circulating drafts of its so-called "compromise", a vote seemed certain by the end of the week. But the civil liberties community recognized the conference report for what it was: the same old PATRIOT with illusory reforms.
Luckily, several dedicated and patriotic Senators and Representatives--yes, Virginia, they do exist!--recognized it too and have revolted, promising to oppose the conference report if more real checks and balances from the Senate version of the bill aren't put back in.
Today, the World Intellectual Property Organization, the UN's copyright/patent/trademark body, hosted a "Information Meeting on Educational Content and Copyright in the Digital Age" -- a meeting where representatives of libraries, Creative Commons, publishers, and science organizations vied to convince representatives from WIPO's 182 member national governments about the need for laws that balance the rights of creators and educational users of copyrighted works. Representatives from the governments of Chile and Canada gave inspirational presentations about the education-friendly copyright exception proposals currently being considered in their national legislatures.
Last Friday we blogged the news of a revolt in Congress against the latest draft of the PATRIOT renewal bill coming out of the House/Senate conference committee. That draft lacked many of the civil liberties reforms that were in the Senate version, and a bipartisan coalition of concerned senators and representatives vowed to oppose the bill unless those checks and balances were put back in.
At the time, we wondered: "Will the conference leaders bow to pressure and rewrite the conference report to better protect our rights, so that they can get a vote on it before the holiday? Or will they stand firm and risk a drawn-out public debate on PATRIOT and civil liberties, which can only weaken their position? We don't know yet."
The UN's World Intellectual Property Organization (WIPO) has just finished another round of deliberations on a new treaty. Although the draft treaty is nominally about Broadcasters' rights, most of the discussion focused on proposals to create new rights over Internet transmissions: the US's proposal to extend the treaty to "webcasting", and the European Union's pitch for "simulcasting" rights, covering retransmission of broadcasts and cablecasts over the Internet.
At a time when the music industry appears intent on pitting itself against digital music fans, at least one artist is staking out the opposite end of the spectrum.
Jane Siberry is a Canadian singer-songwriter, probably best known for the song "Calling All Angels," which featured kd lang and appeared on soundtracks for Wim Wenders' Until the End of the World and, later, Pay It Forward. She's enjoyed considerable success in both Canada and the US, has more than 10 albums to her name since 1981, and is often compared to Kate Bush and Joni Mitchell.
Like many, EFF was pleased when SonyBMG announced that it would stop production on its dangerous XCP CDs. Yet announcing a recall seems to be all that SonyBMG intends to do.
As holiday purchases kicked off over the past week, the damaging disks are still being sold in stores. Customers writing to SonyBMG to complain about the disks are still not being told that they can exchange their disks. Most importantly, SonyBMG has taken no steps to affirmatively notify the public other than a notice on their website (when was the last time you casually browsed the SonyBMG website?) and responding to press calls.
EFF helped score a big win for election transparency in North Carolina today, convincing a North Carolina judge to dismiss Diebold's attempt to evade the state's tough electronic voting regulations.
North Carolina has enacted one of the most robust laws in the country, requiring that e-voting companies put their source code in escrow and release the names of all the programmers. But earlier this month -- on the day that voting equipment bids to the state were due -- Diebold said it could not comply. In a last-minute filing to a North Carolina superior court, Diebold was granted a temporary restraining order that would allow it to continue with the bidding process without criminal or civil liability.
December 1 is the last day to submit proposals (by 5p EST) to the Copyright Office seeking a 3-year DMCA exemption for noninfringing activities that are otherwise squelched by "digital rights management" (DRM) restrictions.
As we mentioned back in October, Congress has instructed the U.S. Copyright Office to consider every three years whether we need temporary exemptions to the DMCA's blanket ban on circumventing "technological protection measures" (aka DRM) used to lock up copyrighted works.