According to The Hollywood Reporter, a group known as the "U.S. Copyright Group" has quietly targeted 20,000 Bit Torrent users for legal action in federal court in Washington, DC. The targets are accused of having downloaded independent films, including "Steam Experiment," "Far Cry," "Uncross the Stars," "Gray Man" and "Call of the Wild 3D," without authorization. The group plans to target 30,000 more individuals for legal action in the coming months.
This time, the lawyers involved are being explicit about their motivations: it's all about the money. "We're creating a revenue stream and monetizing the equivalent of an alternative distribution channel," said one of the attorneys involved. The cases are taken on a contingency basis, designed so that quick settlements will prove lucrative for both the firm and the copyright owners involved.
The attorneys involved are reportedly relying on technology provided by Guardaley IT that claims to enable real-time monitoring of movie downloads on torrents. The IP addresses and information gathered using this technology are then used to file "John Doe" lawsuits and issue subpoenas to ISPs seeking the names and addresses of subscribers associated with those IP addresses. Settlement demands are then sent.
This is not the first time we've seen mass litigation (a.k.a. "spam-igation") used as a profit-center—DirecTV pioneered that tactic by sending demand letters to more than 170,000 Americans accused of satellite piracy. And the major record labels followed up by targeting more than 30,000 people for legal actions between 2003-08.
If this story is correct, it's the latest evidence that copyright law has become unmoored from its foundations. Copyright should help creators get adequately compensated for their efforts. Copyright should not line the pockets of copyright trolls intent on shaking down individuals for fast settlements a thousand at a time.
The American Library Association (ALA) Office for Information Technology Policy (OITP) and its Copyright Advisory Subcommittee issues the award to recognize work done in support of fair use and the public domain. The award is named after the late L. Ray Patterson, a copyright scholar and historian that left a lasting impression on the law of copyright, the public domain, and fair use.
Chair of the OITP Copyright Advisory Subcommittee Patrick Newell said, "Fred is a tireless advocate for openness of information and seeking the proper balance between intellectual property protection and the public interest in fair use, expression and innovation."
An award reception honoring Fred will be held on June 25 during the ALA's Annual Conference in Washington, D.C.
Yesterday, EFF Senior Staff Attorney Kevin Bankston testified before Congress, urging that the federal wiretapping law be updated to protect Americans against secret video surveillance just as it protects against covert electronic eavesdropping.
The Subcommittee on Crime and Drugs of the U.S. Senate Judiciary Committee was prompted to hold the hearing, titled "Video Laptop Surveillance: Does Title III Need to Be Updated?", in response to reports that school administrators in Pennsylvania secretly spied on students in their homes by remotely activating the webcams on school-issued laptops. "Title III" refers the federal privacy statute that regulates electronic eavesdropping and the wiretapping of telephone and Internet communications. Unfortunately, as Bankston and other witnesses explained at the hearing, Title III does not regulate video surveillance, even though it can be just as invasive as eavesdropping.
In his testimony, Bankston argued to Subcommittee Chairman Arlen Specter (D-PA) that the need to fill this glaring gap in the law has taken on new urgency with the rapid proliferation of web cams: "Any camera controlled by software on a computer that is connected to the Internet carries the risk that the camera will be remotely activated without the knowledge or consent of the user," Bankston testified. "With millions upon millions of laptop web cams routinely being carried into the home and other private spaces, surreptitious video surveillance has become a newly pervasive threat," a threat that the law must be updated to address.
Bankston urged Congress to amend the law to better protect Americans from secret video surveillance, by clarifying that the government has to get a search warrant based on probable cause before engaging in unconsented video surveillance of the home or any other private place, and by prohibiting such surveillance by anyone else, be it a stalker, a computer criminal, your employer or your school.
At the conclusion of the hearing, Senator Specter agreed that it was time to close this gap in the law and said that he intended to introduce legislation this year to provide new privacy protections against video spying.
While researching a story for Wired Magazine about people who fake their own deaths, journalist Evan Ratliff began to wonder: How hard would it be to disappear in today's digital world? Email, online banking, mobile phones and other ubiquitous technologies leave traces of ourselves that can be easily tracked. If you wanted to disappear while using these tools, could you?
To find out the answer, he went underground himself, and issued a challenge to his readers: find Evan and win $5000. While continuing to use the Internet, mobile phones — and a variety of disguises — Evan managed to stay on the run for a total of 25 days before obsessive fans tracked him down in New Orleans. The whole story is documented in the fascinating piece he published in the December 2009 issue of Wired.
On April 13, Evan will talk about his experience in a special Geek Reading event for EFF. Join us at San Francisco's 111 Minna bar for Evan's presentation on the questions of privacy, surveillance, and identity raised by his groundbreaking experiment.
We are a bookish crowd here at the Electronic Frontier Foundation, so we figured it might be interesting to share a list of some of our favorite books. Choosing categories was a contentious process, but we ultimately decided to split up the list into the following rough categories:
The top 3 in each category are standouts or classics, but every book in the list has inspired fresher, smarter considerations about technology, civil liberties, and what it means to be on the electronic frontier. Enjoy!
In comments filed today, EFF, Public Knowledge, the American Association of Law Libraries, the Medical Library Association, the Special Libraries Association and U.S. PIRG urged the Intellectual Property Enforcement Coordinator (IPEC), Victoria Espinel, to pay careful attention to the various costs and benefits of different enforcement mechanisms and objectives, and spend public funds on IP enforcement only where the alleged violations will cause significant economic harm under clearly settled legal rules.
Among other things, the comments suggest that the government should only spend our tax dollars on IP enforcement when (1) the costs of enforcement do not exceed the damages caused by the infringement; (2) the infringement meets the standards for criminal conduct; and (3) the infringement involves clear legal violations of the law, rather than a “gray area” activity that tests evolving legal or marketplace norms. Applying these principles should help avoid the use of public funds to chill competition and innovation.
The comments call on the IPEC to consider more creative solutions to thorny IP problems, such as promoting voluntary collective licensing and facilitating legal access to content through mechanical licensing at reasonable rates. Such solutions should prove more effective at discouraging infringement than the heavy-handed solutions often recommended by the entertainment industry.
The comments also urge the IPEC not to lose sight of broader foreign policy objectives. For instance, overly restrictive trade rules on pharmaceuticals can impede access to AIDS drugs. And, the IPEC should promote systems of IP enforcement that recognize and reflect both the strong protections for and careful limitations on IP rights. Laws and technologies that ostensibly target online copyright infringement can cause collateral damage: they may be overly punitive, for example, or may too easily be repurposed to bolster government censorship.
UPDATE: All the public comments provided to the IPEC have now been posted online.
Today two computer security researchers, Christopher Soghoian and Sid Stamm, released a draft of a forthcoming research paper in which they present evidence that certificate authorities (CAs) may be cooperating with government agencies to help them spy undetected on "secure" encrypted communications. (EFF sometimes advises Soghoian on responsible disclosure issues, including for this paper.) More details and reporting are available at Wired today. The draft paper includes marketing materials from Packet Forensics, an Arizona company, which suggests that government "users have the ability to import a copy of any legitimate keys they obtain (potentially by court order)" into Packet Forensics products in order to impersonate sites and trick users into "a false sense of security afforded by web, e-mail, or VoIP encryption". This would allow those governments to routinely bypass encryption without breaking it.
Many modern encryption systems, including the SSL/TLS system used for encrypted HTTPS web browsing, rely on a public-key infrastructure (PKI) in which some number of CAs are trusted to vouch for the identity of sites and services. The CA's role is crucial for detecting and preventing man-in-the-middle attacks where outsiders invisibly impersonate one of the parties to the communication in order to spy on encrypted messages. CAs make a lot of money, and their only job is to make accurate statements about which cryptographic keys are authentic; if they do this job incorrectly — willingly, under compulsion, by accident, or negligently — the security of encrypted communications falls apart, as man-in-the-middle attacks go undetected. These attacks are not technically difficult; surveillance companies like Packet Forensics sell tools to automate the process, while security researchers like Moxie Marlinspike have publicly released tools that do the same. All that's needed to make the attack seamless is a false certificate. Can one be obtained?
Soghoian and Stamm also observe that browsers trust huge numbers of CAs — and all of those organizations are trusted completely, so that the validity of any entity they approve is accepted without question. Every organization on a browser's trusted list has the power to certify sites all around the world. Existing browsers do not consider whether a certificate was signed by a different CA than before; a laptop that has seen Gmail's site certified by a subsidiary of U.S.-based VeriSign thousands of times would raise no alarm if Gmail suddenly appeared to present a different key apparently certified by an authority in Poland, the United Arab Emirates, Turkey, or Brazil. Yet such a change would be an indication that the user's encrypted HTTP traffic was being intercepted.
Who are these CAs, and why do we trust them? Most are for-profit companies, though Microsoft Internet Explorer is willing to trust two dozen governments as CAs, from a list of around 100 entities. Soghoian and Stamm identify the governments Internet Explorer currently trusts as Austria, Brazil, Finland, France, Hong Kong, India, Japan, Korea, Latvia, Macao, Mexico, Portugal, Serbia, Slovenia, Spain, Switzerland, Taiwan, The Netherlands, Tunisia, Turkey, the United States and Uruguay. (Some countries have more than one government entity on the list; Internet Explorer also trusts subnational governments like that of the Autonomous Community of Valencia in Spain, and government-affiliated organizations like the PRC's China Internet Network Information Center.) Although there is no public evidence that this power has been abused or that government-run CAs are less trustworthy than private-sector CAs, each of these states has the power to facilitate attacks on encryption anywhere in the world — not just in its territory or Internet domain.
Certificate authorities get on browsers' trusted lists by making a public statement about how they operate and submitting to some sort of external audit. If they do their job properly, they make it easy for users to securely interact with web sites and services automatically, without having to somehow look up and manually verify encryption keys. Yet these organizations' position at the center of the web encryption infrastructure is largely unaccountable, since users will never know if a CA signs off on something untrue. But any CA could choose to do so. Given what we now know about the vulnerability of the trust infrastructure to both technological and legal interference, we urgently need a meaningful way to double-check the CAs. Soghoian and Stamm propose some mechanisms and offer a plug-in to give users browsers' more information about who is certifying sites and where the CAs are located, which could be of particular interest to those concerned about international espionage.
Concerned by this and other research on the vulnerabilities introduced by CAs, EFF has also been working on concepts to help Internet users make use of many more sources of information to supplement and double-check the CAs — and help detect when they certify things that are not true. We will be publishing a whitepaper to outline some of our proposals in the near future.
Making good on its promise to stop censoring results of its Chinese language website earlier this year, Google announced on Monday that its uncensored search services are now live. Chinese Internet users searching at google.cn are now redirected to google.com.hk, where its Chinese language results are delivered through its servers in Hong Kong. Google is also cleverly keeping public track of the availability of its services in China.
Google’s decision to stop censoring in China is a watershed moment for the free and open global Internet. The corporate decision was undoubtedly a difficult one, where the commitment to freedom of expression and the self-determination of its customers were among the considerations that won out over likely concerns of market share loss and strong political pressure. Before its new year’s resolution, Google had been complicit for four years with the Chinese government’s efforts to exert centralized control over the Internet, hoping that it could find a compromise solution to make Google available to Chinese citizens with the integrity of Web search intact. Google's decision that it could no longer participate in censorship is a profound recognition of social responsibility in selling technology. We hope other companies who have made commitments against collaboration with the architecture of censorship will follow their lead.
Initial reports from on the ground indicate that google.com and google.com.hk are being at least partially blocked by the Chinese authorities, though inconsistently. The availability of uncensored Chinese search through Google's Hong Kong servers inevitably raises the tide of free flows of information through the already known cracks in the Great Firewall of China. For those Chinese citizens determined to speak freely and to have access to the global Internet, there will always be tools available to circumvent the censorship systems, at least in part. With its actions, Google has garnered good will among those Chinese Internet users who want access to a free and open Internet as well as with all those who fight censorship in the rest of the world.