Just a few weeks after his interview with EFF Legal Director Cindy Cohn, American hero Stephen Colbert has returned to the subject of digital rights. And in his show on Tuesday, he came up with a great solution to the problem of privacy and online social networks: Control-Self-Delete.
As Colbert suggests, the CEOs of Google and Facebook can be astonishingly tone deaf when it comes to the question of the privacy of their customers. As these experts in social media ought to know, the fact that a person chooses to share some information about themselves online is no indication that they prefer to share everything — nor does it indicate that control of personal data is not something they care deeply about.
">Study after study has shown the opposite to be true: users care about privacy, and demand control of their own data.
We like Colbert's basic point, saved for the end of this clip: if anyone should change their behavior to address the problem of online privacy, it isn't young people who have uploaded some racy pics — it's the companies that have made themselves the guardians of our personal data.
Facebook is facing down another embarrassing episode of censorship this week after refusing to show ads submitted by the Just Say Now marijuana legalization campaign. The gag is an important reminder that social networks like Facebook — while useful, interesting, and pretty — are "walled gardens" with overseers whose interests can overwrite free speech, open communication, and in this case, essential political debate. (In this they have something in common with Apple.)
Most recently, Facebook was caught censoring mentions of Power.com, an online tool designed to help users collect their information from Facebook to facilitate migration to other social networks. To this day, users are still blocked from sending messages or posting status updates containing the word "Power.com," preventing users from spreading the word about a convenient way to "make the move" to Orkut, or LinkedIn, or any other social networking service that may crop up to compete. The block even stopped law professor Eric Goldman from commenting on Facebook’s lawsuit against Power.com (Disclosure: EFF filed an amicus brief in support of Power in that case).
Facebook's censorship for anticompetitive reasons is petty and lame to be sure, but silencing Just Say Now's marijuana legalization ad campaign is even worse. Voters in various districts nationwide will have to make important political decisions about marijuana this year (California's Proposition 19 is one example). Facebook's decision, reportedly an attempt to be consistent with its ad policies restricting smoking and/or marijuana-related content, is instead primarily silencing an important, motivated voice in a politically significant debate.
Facebook should lift the ban and show Just Say Now's political ads. For better or worse, Facebook has become a important means of communication and organization for candidates and political campaigns. In this role, Facebook functions best as a neutral platform, hosting the debate without entering it. Whether or not Facebook wants to restrict depictions of smoking in commercial ads, it should not prohibit the open and robust political debate central to the value and promise of the Internet.
Music lovers take note: the classical music archive Musopen needs your help to liberate some classic symphonies from copyright entanglement. Museopen is looking to solve a difficult problem: while symphonies written by Beethoven, Brahms, Sibelius, and Tchaikovsky are in the public domain, many modern arrangements and sound recordings of those works are copyrighted. That means that even after purchasing a CD or collection of MP3s of this music, you may not be able to freely exercise all the rights you'd associate with works in the public domain, like sharing the music using a peer-to-peer network or using the music in a film project.
To fix this, Musopen is asking backers to join an effort to hire a world-class orchestra to record sublime digital performances of the symphonies by the composers mentioned above. Musopen will then relinquish all rights to the recordings, giving the public the freedom to experience these works in full: to download, share, derive, and remix without limit. The fundraising campaign is taking place on Kickstarter, a site where users can pledge money to various creative projects. (Users pledge an amount towards a project, but the money doesn't actually go to the project unless the specified funding goal is reached. Kickstarter has a great explanation for their "all-or-nothing funding" design on their FAQ.)
It’s too bad such seminal, cultural works have been effectively buried by copyright interests — despite their age, ubiquity, and importance. (Note problems like this are exacerbated by discrepancies in international laws that create different "public domains" that copyright owners can exploit to stop online archives.) The Musopen campaign presents a creative solution that could help ensure that such essential music is preserved and shared for generations to come. Music lovers and copyfighters — vote with your wallet and support Museopen's work!
The Electronic Frontier Foundation is seeking to assist defendants in the Righthaven copyright troll lawsuits. Righthaven, founded in March of 2010, files hundreds of copyright infringement lawsuits on behalf of newspaper publishers against bloggers who make use of news content without permission. To that end, Righthaven searches the internet for stories and parts of stories from the newspapers that they represent. Once they find content that has been re-published, Righthaven purchases the copyright to the article and sues the owner of the blog.
Just like the US Copyright Group shakedowns, and the RIAA shakedowns of the recent past, Righthaven relies on the threat of enormous statutory damages associated with the Copyright Act to scare defendants, often individual bloggers operating non-commercial websites, into a quick settlement, reportedly ranging from two to five thousand dollars. The Righthaven lawsuits are of particular concern because they sometimes target the operators of political websites who re-publish newspaper stories, chilling political speech. Righthaven has also targeted the newspaper's source for the very articles allegedly infringed.
If you are the target for a Righthaven lawsuit in need of representation, please contact Rebecca Reagan at firstname.lastname@example.org. Please understand that we have a relatively small number of very hard-working attorneys, so we do not have the resources to defend everyone who asks, no matter how deserving. However, if we cannot represent you directly, we will make every effort to put you in touch with attorneys who can.
Good news in the fight against bad software patents: a jury in the Eastern District of Texas recently found the Firepond/Polaris patent (U.S. Patent No. 6,411,947) invalid. This patent was on EFF's "Most Wanted" list, targeted because it claimed nothing more than a system using natural language processing to respond to customers' online inquires by email.
EFF was not involved in this case, in which Bright Response, LLC — the technical owner of the patent — sued Google, Inc., Yahoo!, Inc. and eight other companies, alleging that Google's AdWords and Yahoo!'s Sponsored Search infringes the Firepond/Polaris patent. The jury found three of the patent's claims invalid based on the public use bar, obviousness, and for lacking written description. The jury also found that neither Google nor Yahoo! infringed those claims. Finally, the jury found the entire patent invalid due to improper inventorship.
In addition to the jury's findings, the Patent and Trademark Office is nearing completion of a reexamination of the patent, instituted by Google, that narrows the scope of that patent's claims.
"This is a great outcome and good news for people and developers who create new products related to customer service or email," said Patrick King, one of the attorneys assisting EFF on this matter.
Because the court has not yet entered a final judgment, Bright Response could still, in theory, attempt to prohibit others from using the basic natural language processing technology in its patent. EFF is on the lookout for this threatening behavior, so please make sure to let us know if you hear of any. EFF will continue to monitor this case — and the corresponding reexam — and will take action as necessary to fight any additional efforts to use the Firepond/Polaris patent to quash competition and hurt innovation.
"We are still waiting for the court case to finish up and to see if Bright Responses will appeal the decision. If any of the patent is still alive after that, we will do whatever we can to invalidate it, and allow competitors to use this simple technology, which was well known prior to the patent filing," said Gina M. Steele, another attorney assisting EFF with this matter.
The Firepond/Polaris patent was one of the ten original Top Ten Patents targeted by EFF’s Patent Busting Project, which combats the chilling effects of bad patents on the public and consumer interests. So far nine patents targeted by EFF have been busted, invalidated, narrowed, or had a reexamination granted by the Patent Office.
It looks like Apple, Inc., is exploring a new business opportunity: spyware and what we're calling "traitorware." While users were celebrating the new jailbreaking and unlocking exemptions, Apple was quietly preparing to apply for a patent on technology that, among other things, would allow Apple to identify and punish users who take advantage of those exemptions or otherwise tinker with their devices. This patent application does nothing short of providing a roadmap for how Apple can — and presumably will — spy on its customers and control the way its customers use Apple products. As Sony-BMG learned, spying on your customers is bad for business. And the kind of spying enabled here is especially creepy — it's not just spyware, it's "traitorware," since it is designed to allow Apple to retaliate against you if you do something Apple doesn't like.
Essentially, Apple's patent provides for a device to investigate a user's identity, ostensibly to determine if and when that user is "unauthorized," or, in other words, stolen. More specifically, the technology would allow Apple to record the voice of the device's user, take a photo of the device's user's current location or even detect and record the heartbeat of the device's user. Once an unauthorized user is identified, Apple could wipe the device and remotely store the user's "sensitive data." Apple's patent application suggests it may use the technology not just to limit "unauthorized" uses of its phones but also shut down the phone if and when it has been stolen.
However, Apple's new technology would do much more. This patented device enables Apple to secretly collect, store and potentially use sensitive biometric information about you. This is dangerous in two ways: First, it is far more than what is needed just to protect you against a lost or stolen phone. It's extremely privacy-invasive and it puts you at great risk if Apple's data on you are compromised. But it's not only the biometric data that are a concern. Second, Apple's technology includes various types of usage monitoring — also very privacy-invasive. This patented process could be used to retaliate against you if you jailbreak or tinker with your device in ways that Apple views as "unauthorized" even if it is perfectly legal under copyright law.
Here's a sample of the kinds of information Apple plans to collect:
The system can take a picture of the user's face, "without a flash, any noise, or any indication that a picture is being taken to prevent the current user from knowing he is being photographed";
The system can record the user's voice, whether or not a phone call is even being made;
The system can determine the user's unique individual heartbeat "signature";
To determine if the device has been hacked, the device can watch for "a sudden increase in memory usage of the electronic device";
The user's "Internet activity can be monitored or any communication packets that are served to the electronic device can be recorded"; and
The device can take a photograph of the surrounding location to determine where it is being used.
In other words, Apple will know who you are, where you are, and what you are doing and saying and even how fast your heart is beating. In some embodiments of Apple's "invention," this information "can be gathered every time the electronic device is turned on, unlocked, or used." When an "unauthorized use" is detected, Apple can contact a "responsible party." A "responsible party" may be the device's owner, it may also be "proper authorities or the police."
Apple does not explain what it will do with all of this collected information on its users, how long it will maintain this information, how it will use this information, or if it will share this information with other third parties. We know based on long experience that if Apple collects this information, law enforcement will come for it, and may even order Apple to turn it on for reasons other than simply returning a lost phone to its owner.
This patent is downright creepy and invasive — certainly far more than would be needed to respond to the possible loss of a phone. Spyware, and its new cousin traitorware, will hurt customers and companies alike — Apple should shelve this idea before it backfires on both it and its customers.
An Indian computer scientist was arrested this weekend when he refused to disclose an anonymous source who provided an electronic voting machine to a team of security researchers.
Hari Prasad is the managing director of Netindia Ltd., an Indian research and development firm. He and other researchers have long questioned the security of India's paperless electronic voting machines. Despite repeated reports of election irregularities and concerns about fraud, the Election Commission of India insists that the machines are tamper-proof.
In 2009, the commission publicly challenged Prasad to show that India's voting machines could be compromised, but refused to give him access to the machines to perform a review. Earlier this year, an anonymous source provided an Indian voting machine to a research team led by Prasad, Alex Halderman, and Rop Gonggrijp. The team exposed security flaws that could allow an attacker to change election results and compromise ballot secrecy. They published a paper detailing their findings, which you can read here.
According to Halderman, Prasad was questioned Saturday morning at his home in Hyderabad by authorities who wanted to know the identity of the source who gave the voting machine to the research team. Prasad was ultimately arrested and taken to Mumbai, though reportedly hadn't been charged with a crime.
This turn of events is deeply troubling. Prasad is a respected researcher who helped to discover a critical flaw in India's voting system. He and his fellow researchers would never have been able to document the weaknesses in India's voting machines without the help of their anonymous source. This is precisely why anonymity is important: it allows people to make important contributions to the public dialogue without fear of retribution.
The Election Commission of India should have given researchers access to the voting machines in the first place. Rather than attempting to persecute Prasad and the anonymous source, the government should be focusing its attention and resources on the real problem: electronic voting machines with no mechanism for accountability.
UPDATE: According to the Times of India and Reuters, Prasad has been charged in connection with the alleged theft of the voting machine studied by the research team. He has been remanded to police custody until Thursday, August 26.