[Update: You did it! After being alerted to the problems with this fake compromise bill, sympathetic senators on the committee intervened to stop a vote on Specter's bill Thursday. Consideration will now be delayed until after the recess. It's still important to continue to let the committee know that this is a hot issue, so keep the calls and letters coming.]
Here we go again. Despite all of our efforts to dispel the false dichotomy between secure voting and accessible voting, a shrinking but vocal minority of the disability rights community continues to take steps to prevent more secure voting by claiming that it will violate the rights of the disabled. They've now filed a federal lawsuit in San Francisco, called PVA v. McPherson, to try to turn back the clock -- and force Californians back into insecure, inauditable voting systems. This argument was wrong when it was rejected by a federal judge in 2004 and it's still wrong now.
The Convention on Cybercrime is a sweeping treaty that has been waiting in the wings of the Senate for nearly three years. Now the administration is putting pressure on the Senate to ratify it in the next two days. If it does, it would mean the U.S. would enforce not just our own, but the rest of the world's bad Net laws. Call your Senator now, and ask them to hold its ratification.
Jason Calacanis is CEO of blogging network Weblogs, Inc., which AOL bought last year. In light of AOL's disclosure of 658,000 users' search queries, Calacanis publicly denounced this massive privacy violation and gave his bosses one clear message: "Frankly, I want us to NOT KEEP LOGS of our search data" (emphasis, his).
Exactly -- as discussed in our "Best Practices" white paper, online service providers shouldn't be keeping these kinds of logs. Voluntary limits on data retention would help prevent another Data Valdez like AOL's, but Congress should also strengthen and clarify privacy protections.
[ Since the dawn of history, EFF has been running a summary of news links from around the Web, both as a section in our regular newsletter EFFector, and as a mini-blog on our website. These days, many sites have rolled their own "linklogs" into their main blog feed, so we thought we'd do the same. If you've been subscribed to the miniLinks RSS feed, you might want to switch to DeepLinks (RSS feed here), where you'll find miniLinks now continuing as a regular feature. We'll be dropping updates of the separate miniLinks feed shortly.]
AOL has rightly apologized for its massive disclosure of over 650,000 users' search data. But it has also seemed to downplay the disclosure by saying, "there was no personally identifiable data linked to these accounts," even as it concedes "search queries themselves can sometimes include such information."
And thus these records can all too easily be linked to a user's identity, as this New York Times article clearly demonstrates. Without a doubt, many AOL users could be identified like the woman in this story -- whether vanity searches for your name or MySpace profile, or searches related to your city and neighborhood, your search history may provide clues to your identity.
If you are an AOL member, use our Action Center to contact AOL and find out whether you were one of the AOL customers whose search data was publicly disclosed. By voicing your concerns now, you can make sure AOL works to prevent another damaging data leak from happening again.
Regardless of whether you're an AOL user, send a link to the Action Center (http://action.eff.org/aolsearch) to friends and family who use AOL. We've also posted sample tell-a-friend letter text and blog buttons (like the one below) here.
AOL's data leak is a disaster, but there may be some silver lining. By putting the spotlight on the dangers of Internet companies storing massive amounts of private information, the data leak could spur better business practices and Congressional action to protect privacy.
While AOL rightly apologized and began investigation into its practices, Google CEO Eric Schmidt unfortunately appeared to shrug off the issue, essentially saying "trust us." That's not an adequate response, as the LA Times and USA Today made clear in editorials this week:
- Never Mind the Piracy, Feel the Profits
Ed Felten says that the DRM debate has moved from combating piracy to supporting price discrimination...
- "DRMs Enable Business Models, They Don't Stop Piracy" - Universal VP
... as Universal's Jerry Pierce confirms the change of tack.
- "We Have Already Helped you Filter Out Excess Web Pages!"
Human Rights China documents how Yahoo censors its Chinese users...
- "Lost" in Translation
...while Chinese TV fans bypass censorship by trading and translating US shows...
Read the complaint here [PDF], and take action now to help protect privacy in your search queries.
Yesterday, EFF joined an amicus brief filed in support of Sima in its battle against DRM-vendor Macrovision. In essence, Macrovision is trying to leverage the DMCA into a technology mandate, forcing all digital video products in the future to respond to its analog-era DRM system.
How can you help prevent damaging privacy invasions like AOL's data leak? Along with spreading the word about this debacle, you can take steps to protect yourself online. Beneath the fold, we've listed some tips and tools that will help keep your search history private.
Without careful safeguards, RFIDs in IDs can broadcast your personal information to anyone nearby with cheap, readily-available equipment. Your government could be exposing you to the risk of covert tracking, stalking and identity theft.
In California, EFF has been working with a diverse range of concerned groups to stop insecure ID cards. The result, S.B. 768, faces a vote next week in the Legislature before reaching the governor. (The bill has already passed the Senate once, though not in its amended form.)
As reported by the AP, "A federal judge ruled Thursday that the government's warrantless wiretapping program is unconstitutional and ordered an immediate halt to it." The ACLU brought this lawsuit after the spying program was first disclosed.
This is a huge victory in the fight to stop the government's massive and illegal surveillance. This ruling deals with the so-called "Terrorist Surveillance Program."
September 22 is OneWebDay, a day to "celebrate the Web and what it means to us as individuals, organizations, and communities." Founded by cyberlaw professor Susan Crawford and spearheaded by volunteers around the globe, the initiative is helping to plan events in major cities. The goal is to get people to take a moment and reflect on the beneficial role the Web already plays in our lives -- and how important it is to take action to protect its development in the future. Learn more by visiting the OneWebday site.
- RIAA Deposes Dead Defendant's Children
Lawyers allow 60 days for grieving process...
- Demonstrates an "Abundance of Sensitivity" to the Press Outrage
...backing out when the case is publicized.
- You typed "Verb." Did you mean: Registered Trademark?
Google(TM) decides that it's not such an everyday word, after all.
- British Parliament Criticizes Net Companies' Complicity With China
Barney the purple dinosaur may teach kids a lot about playing fair, but his lawyers need a lesson in fair use. Now EFF is fighting back on behalf of one website owner to stop Barney's lawyers' abuse of copyright and trademark law.
Yesterday, EFF asked a federal court [PDF] in New York to uphold Stuart Frankel's online parody of Barney as non-infringing protected speech. Stuart posted the parody on his website in 1998, and Barney's lawyers have repeatedly sent him baseless cease-and-desist letters over the last four years.
As reported throughout the blogosphere, a tool for evading Windows Media DRM has been made widely-available online. Will Microsoft block music fans' ability to make fair use of legitimately acquired music and respond with DMCA threats or even lawsuits, perhaps at the record labels' behest?
Engadget makes the case for why they shouldn't in an open letter published today:
- AOL Goes From Badware to Worseware
As AOL's servers give out your search terms, its client takes control of your computer without permission. What's not to like?
- Barney's Last Gasp
New York Times sees our case as the final straw for the purple dinosaur.
- Boomtime for Biometrics Manufacturers
Tech companies eye $8 billion in government ID contracts.
- IGF IP workshop
The California State Senate passed tough new privacy safeguards yesterday for use of "tag and track" devices known as Radio Frequency Identification (RFID) chips embedded in state identification cards. The bill, SB 768, helps ensure that Californians can control the personal information contained on their drivers' licenses, library cards and other important ID documents.
EFF worked with a diverse range of concerned groups to get this bill passed, and now it just needs to clear one last hurdle -- the governor's signature -- before becoming law. If you live in California, follow this link and call the governor's office immediately to voice your support for S.B. 768.
Regardless, forward that link to friends and family who live in California and urge their support.
Yesterday, the AP reported on a tool called TrackMeNot, which promises to protect "web-searchers against surveillance and data-profiling." While we certainly appreciate the intentions of TrackMeNot's developers, it is wholly ineffective at serving its stated purpose. EFF recommends you follow these tips to keep your search history private.