EFFector Vol. 17, No. 5 February 18, 2004
A Publication of the Electronic Frontier Foundation ISSN 1062-9424
In the 280th Issue of EFFector:
- Record Industry Targets 531 More Filesharers
- EFF Privacy Coalition Presses Congress for Hearings on Travel Privacy
- Update on CAPPS II Passenger Profiling: What's Going On?
- Let the Sun Set on PATRIOT - Section 215
- Update on IEEE Electronic Voting Standards - Progress!
- Internet Pioneer Gives Over $1.2 Million to EFF to Defend Online Freedom
- Deep Links (14): Jim Griffin - "The war is over. The public has won."
- Staff Calendar: 02.25.04 - Fred von Lohmann speaks at the Future of Music Coalition's Music Summit West, U.C. Hastings Law School, San Francisco, CA; 03.02.04 - Seth Schoen speaks at OpenBSD Users Group, San Francisco, CA; 03.03.04 - Fred von Lohmann speaks at Digital Piracy Dilemma Panel, London, UK
Record Industry Targets 531 More Filesharers
San Francisco, CA - In response to the record industry's announcement Tuesday of five new lawsuits targeting 531 more unnamed alleged music filesharers, the Electronic Frontier Foundation (EFF) renewed its efforts to ensure that the lawsuits adequately protect the rights of the accused.
EFF pointed out that the record industry failed to follow the basic rules required in all lawsuits when it lumped together hundreds of people in five lawsuits filed in Philadelphia, Atlanta, Orlando and Trenton, New Jersey. The cases include alleged filesharers located throughout the United States who acted independently, used different types of filesharing software and allegedly shared different music files. Also, the record industry has not ensured accused filesharers a means of reviewing and responding to potentially incorrect accusations before Internet Service Providers reveal their identities.
"The RIAA continues to cut corners in its crusade against filesharers and deny ordinary people the legal protections that are available in all other types of legal cases," said EFF Legal Director Cindy Cohn. "The courts should require the record industry to sue people individually in the appropriate local courts and provide notice so those sued have a chance to refute accusations of filesharing before the record industry compels an ISP to reveal their identities."
- ACLU, EFF and Public Citizen amicus brief in RIAA v. the People (EFF website)
- More information on RIAA v. the People
EFF Privacy Coalition Presses Congress for Hearings on Travel Privacy
Controversial Passenger-Screening System Fails Government Review
San Francisco, CA - In the wake of a government report that gives the controversial CAPPS II passenger-screening program a failing grade for protecting passenger privacy, the Electronic Frontier Foundation (EFF) and a diverse coalition of advocacy groups on Tuesday asked the House Committee on Transportation and Infrastructure to hold Congressional hearings on the threat posed to privacy and civil liberties by the government's collection and use of passengers' private information.
"The amount of data - potentially incorrect data - that the government is asking to access before permitting you to fly is simply astounding," said Lee Tien, a senior staff attorney at EFF. "Doing background checks on every American who chooses air travel doesn't seem like a logical way to keep bombs and weapons off of planes."
In its CAPPS II report issued late last week, the General Accounting Office (GAO) states that transportation authorities have failed to address Congress's concerns about the system's accuracy, effectiveness and impact on personal privacy. Further, the GAO shares EFF's concerns that the CAPPS II mission may "creep" beyond its original purpose of keeping terrorists from boarding flights and that there is no adequate redress for passengers mistakenly tagged as terrorists.
The request for hearings comes on the heels of the release last week of an open letter by a group of House Representatives asking President Bush to suspend plans to implement CAPPS II until a specific government policy is adopted that "makes clear the role of airlines in sharing consumer information with the federal government."
The groups joining EFF in the call for Congressional hearings on travel privacy are (in alphabetical order):
- American Civil Liberties Union
- Americans for Tax Reform
- Business Travel Coalition
- Center for Democracy and Technology
- Common Cause
- Don't Spy on Us
- Electronic Privacy Information Center
- Free Congress Foundation
- People for the American Way
- For the full media release
- EFF Coalition letter asking for Congressional hearings on travel privacy
- GAO report on CAPPS II: "Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges" (PDF)
- Congressional letter to President Bush calling for the suspension of plans to implement CAPPS II (House website)
- Why EFF is Concerned About CAPPS II
- More about CAPPS II
Update on CAPPS II Passenger Profiling: What's Going On?
EFF and other privacy advocacy groups are making headway in the battle to stop implementation of the Computer Assisted Passenger Prescreening System (CAPPS II), but the fight is far from over. Below, we provide an update on the latest developments; we urge you to take a look and to join us in calling for Congressional hearings on CAPPS II and the current state of our travel privacy.
Congress Flunks CAPPS II for Protection of Passenger Privacy
Last week, Congress's investigatory arm, the General Accounting Office (GAO), issued a report giving CAPPS II failing grades in tests for privacy, security, effectiveness, accuracy, fairness, due process and accountability: http://www.gao.gov/new.items/d04385.pdf. Under an appropriations provision enacted late last year, passing these congressional tests is the precondition for funding CAPPS II on anything more than an experimental basis. Unfortunately, President Bush has made it clear that he believes these requirements to be merely advisory and, as such, will not serve to prevent the Transportation Security Administration (TSA) from proceeding with implementation as scheduled.
EFF and a Diverse Coalition of Advocacy Groups Call for Congressional Hearings
As noted in the media release above, EFF and a coalition of advocacy groups on Tuesday asked the House Committee on Transportation and Infrastructure to hold hearings on CAPPS II and on all government use - or abuse - of air passenger records: http://www.eff.org/Privacy/CAPPSII/coalition_letter.php
House Representatives Ask President Bush, TSA to Suspend Plans to Implement CAPPS II
No fewer than 40 members of the House of Representatives last week voiced their concern about CAPPS II and passenger privacy in two public letters. In a letter sent to President Bush, a group of House Representatives asked that plans for its deployment be suspended until a specific government policy is adopted that "makes clear the role of airlines in sharing consumer information with the federal government": http://www.eff.org/cgi/tiny?urlID=126 (House website)
In a second, more strongly worded letter sent to Acting TSA Administrator David Stone, another coalition of House Representatives cited the many unanswered questions about CAPPS II and asked that the program be "suspended indefinitely until these serious concerns are addressed": http://www.house.gov/kucinich/action/letter.pdf
Travel Industry Groups Doubt that the Government or Airlines Can Be Trusted with Passenger Data
Asked about the security of passenger data, the majority of corporate travel and purchasing managers surveyed by the Business Travel Coalition expressed grave concern about what one manager called "[The] sharing of data without permission, then the deceit that followed that sharing": http://www.eff.org/cgi/tiny?urlID=128 (BTC).
The Association of Corporate Travel Executives has established a task force to advise TSA of its concerns about CAPPS II: http://www.acte.org/initiatives/CAPPSII.shtml.
High-ranking TSA Official Resigns
Ben Bell has announced that he is resigning effective April 3. Bell has been director of TSA's Office of National Risk Assessment (ONRA), which was responsible for much of the design of CAPPS II: http://www.eff.org/cgi/tiny?urlID=129 (Washington Post; registration unfortunately required.)
Join EFF today in calling for hearings on CAPPS II and our travel privacy - your voice makes a difference: http://action.eff.org/action/index.asp?step=2&item=2854
Let the Sun Set on PATRIOT - Section 215:
"Access to Records and Other Items Under the Foreign Intelligence Surveillance Act"
Welcome to "Let the Sun Set on PATRIOT," a new EFFector series on the battle to let some of the most troubling provisions in the USA PATRIOT Act expire, or "sunset." Each week, we'll profile one of the 13 provisions set to expire in December of 2005 and explain in plain language what's wrong with the provision and why Congress should allow it to sunset. This week we begin with the notorious section 215, which allows the FBI secretly to demand access to your private records.
What Section 215 Does
Section 215 allows the FBI secretly to order anyone to turn over your private records or any other "tangible things," so long as the FBI tells the secret Foreign Intelligence Surveillance Act (FISA) court that the information is sought "for an authorized investigation...to protect against international terrorism or clandestine intelligence activities." These demands for your personal records come with a "gag order" prohibiting the recipient from telling anyone, ever, that they received a Section 215 order.
How Section 215 Changed the Law
It used to be that the power to use a secret order to demand access to your private records had two critical checks: the FBI was (1) limited to reviewing records of particular use to terrorist or counter-intelligence investigations, such as hotel or car, truck and storage rental records, and (2) was required to present to the FISA court "specific and articulable facts giving reason to believe that the person to whom the records pertain[ed]" was a terrorist or spy.
Section 215 dispensed with these safeguards. Now, the FBI can use a secret order to examine anything, including "books, records, papers, documents, and other items." Nor does the FBI need any facts demonstrating that you may be a spy or terrorist in order to do so. Instead, it can use these secret orders to investigate anyone it chooses - even a U.S. citizen not suspected of any crime. And the FISA court no has choice in the matter: it must issue the order even when there are no facts to back it up.
Why Section 215 Should Sunset
By allowing the FBI secretly to search through your most personal information - including financial records, medical records, student records, even your library records - without ever having to give probable cause to suspect you of a crime, or even to show that your records are relevant to an investigation, Section 215 profoundly violates your Fourth Amendment rights.
Further, Section 215 makes it so that you could be investigated because of the political or religious meetings you attend, the websites you visit or even the books that you read. Under the provision, the FBI can investigate United States persons (citizens and legal residents) based at least in part on their exercise of First Amendment rights, and can investigate non-U.S. persons based solely on their free speech activities or religious practices. As a result, Americans are chilled from exercising their Constitutional rights. Already, attendance at and donations to mosques have dropped significantly, as many Muslims reasonably fear that they will be targeted for investigation due to their religious beliefs.
Finally, and unlike grand jury subpoenas used in non-FISA investigations, there is no way for someone served with a Section 215 order to go to court and challenge its legality. Combined with the FISA court's lack of discretion and oversight when it comes to Section 215 orders, this is a recipe for abuse, giving the FBI essentially unchecked power to scrutinize the private lives of innocent Americans.
Of the PATRIOT provisions scheduled to sunset, Section 215 is perhaps the most dangerous to your civil liberties. EFF strongly opposes its renewal, and urges you to do the same. We support the Security and Freedom Ensured Act (SAFE Act, S 1709/HR 3352), a PATRIOT reform bill that would, among other things, restore the requirement that the FBI have specific facts indicating you are a spy or terrorist before using Section 215 to gain access to your private records. We encourage you to visit EFF's Action Center today to let your representatives know you support the bill: http://action.eff.org/action/index.asp?step=2&item=2866
We'll look at Section 206, which allows the FBI to conduct "John Doe" roving surveillance.
Update on IEEE Electronic Voting Standards - Progress!
EFFector readers may remember that EFF asked for your help in getting the wayward IEEE standards- development process for electronic voting machines back on track. While standards are important for all sorts of products, this particular standard is likely to determine the quality of our nation's voting machines for years to come. Proper certification is necessary to ensure that e-voting machines are reliable, usable and, most of all, secure.
Why Standards and Certification Matter
At their best, e-voting standards and certification mean that your precinct's machines have been shocked, shaken and banged. The source code has been examined, compiled and prodded for holes. The best minds in the country have tried to break into the machines and failed. When working properly, certification provides a baseline for the integrity of election equipment in an otherwise fragmented, county-by-county equipment procurement process.
However, certification is only as good as the "standard" it uses - that is, only as good as the document that designates what to test for and at what level of rigor. If the standard says, "machines may fail 50 percent of the time," a voting district may purchase seriously faulty machines. In short, if a standard merely describes current machines, rather than sets benchmarks that the machines must meet, it fails us.
Unfortunately, today's voting machine standards were written for yesterday's technology. The Federal Elections Commission's (FEC) most current standard is from 2002, but the bulk of the document was written in 1990. It fails to provide adequate guidance for the usage of cryptography, wireless security, voter verification and other contemporary issues. In fact, several independent security reviews have uncovered serious vulnerabilities in federally certified election systems throughout the last year. Our certification process will continue to fail unless these standards are updated.
EFF Gets Involved
In August of 2003, EFF was approached by concerned members of the IEEE committee tasked with creating a new standard for e-voting machines. Project Group 1583 (P1583) was supposed to update the FEC's antiquated standards, but some members worried that the process was being rushed through without careful consideration or was being co-opted by voting machine vendors. Instead of providing a blueprint for securing computerized voting machines, they argued that P1583 was only codifying the voting machine industry's current, questionable security practices. Worse, members who advocated security features like voter-verifiable paper audit trails were systematically precluded from full participation. Meetings were held with little notice and some participants were denied the ability to vote based on arbitrary rules. Meanwhile, the proposed standard provided no guidance for machines that create voter-verified paper audit trails.
After interviewing members of P1583, EFF initiated discussions with IEEE - the group's parent organization and respected standards-setting body - and began to catalog the committee's problems. Our legal department sent two letters to P1583's leadership in an effort to stop their troubling practices. We also asked EFFector readers and IEEE members to demand IEEE intervention, and nearly 500 people called on IEEE to help guide the wayward standards-development process.
Good News, But More Work Needed
These efforts appear to be working. EFF Activist Ren Bucholz attended the last two P1583 meetings and is happy to report that the group is showing substantial progress. In particular, the following changes have taken effect since EFF and EFF supporters became involved:
- The committee's most serious procedural problems (secret rules, inconsistent application of those rules) have been corrected
- Future meetings will take place at the IEEE's headquarters in Piscataway, New Jersey, where parliamentarians and other observers can be present to ensure compliance with IEEE rules
- P1583's membership has grown to include a more diverse range of stakeholders
- Voter verification, strongly supported in the security and academic communities, now has a dedicated task group within P1583 and will likely be part of the final standard
P1583 remains months away from a final standard, but it is already conducting a more balanced, transparent process. EFF will continue to monitor its progress and invite others to join the process.
EFF would also like to thank all of the people who have helped put this critically important standards-development process back on track.
- EFF media release: Flawed E-Voting Standard Sent Back to Drawing Board
- EFF E-Voting archive
- EFF Action Alert on P1583 standard
- P1583 standard homepage
Internet Pioneer Gives Over $1.2 Million to EFF to Defend Online Freedom
Electronic Frontier Foundation Announces Endowment Fund for Digital Civil Liberties
San Francisco, CA - EFF, the leading civil liberties organization working to protect rights in the digital world, is honored to receive a $1.2 million bequest from the estate of Leonard Zubkoff, an EFF supporter and technology pioneer. EFF will use $1 million of this money to establish the EFF Endowment Fund for Digital Civil Liberties.
"This generous legacy enables us to establish a permanent source of support for EFF," explained EFF Development Director Terri Forman. "It also leverages a $1 million pledge challenge from one of our co-founders and board members. We are now two-thirds of the way towards our Phase I goal of $3 million."
"This gift is important to us for several reasons," said EFF Executive Director Shari Steele. "Not only does it help us establish our endowment fund, Leonard's legacy makes it possible for us to bring aboard a Chief Technology Officer (CTO) to create and implement a technology strategy for EFF. With our combined expertise in both the law and technology, EFF is perfectly situated to help create and foster new technologies designed to enhance freedom."
Leonard Zubkoff was an internationally known software developer and entrepreneur, respected for his expertise in computer architecture and operating systems. He loved to fly and was learning to pilot a helicopter when he died in a crash in Misty Fjords National Monument Wilderness in Alaska on August 29, 2002.
Mr. Zubkoff was born in Seattle and earned a master's degree in computer science from Carnegie Mellon University after graduating summa cum laude in mathematics and physics at the University of Rochester. He moved to the Bay Area in 1985 to become the principal scientist for a Menlo Park company developing artificial intelligence software. In 1994, Mr. Zubkoff joined Oracle Corp., the database software giant located in Redwood Shores, as a principal member of its technical staff. He joined VA Linux Systems Inc., a Fremont company now known as VA Software Corp., as chief technical officer in 1998. Zubkoff also founded Dandelion Digital, a small, state-of-the-art recording studio that produced "filk" - originally a typo of "folk" - recordings on compact discs.
For information about making a gift to EFF's endowment fund or about establishing a bequest to benefit EFF, please contact Terri Forman at +1 415 436-9333 x113, or firstname.lastname@example.org
To make an initial inquiry about the CTO position and to receive a job description when it becomes available, please send a note to email@example.com
Deep Links features noteworthy news items from around the Internet.
- "The war is over. The public has won."
Jim Griffin, former head of technology for Geffen Records, sums up the battle over peer-to-peer technology in a compelling, unapologetic interview on the history of innovation and the future of music.
- KaZaA Cries Foul
(SMH.com; registration unfortunately required.)
After 12 raids on its offices and executives' homes, Sharman Networks is asking an Australian court to wait on the outcome of a U.S. appeal before moving forward with its proceedings.
- Record Label Breaks Ranks, Distributes Via P2P
(LA Times; registration unfortunately required.)
Artemis Records - home of The Pretenders and the late Warren Zevon - has signed a deal that will put music on KaZaA, Grokster and two other peer-to-peer networks for a fee.
- Canadian ISPs Give Recording Industry Cold Shoulder
(The Globe and Mail)
CRIA (Canada's RIAA) is going after P2P users, but ISPs claim that the country's newest privacy law protects their customers.
- 321 Studios Gets Five for Fighting Hollywood
That is, five lawsuits over its DVD X Copy software.
While its software has been taken off the shelves in Australia (Registration unfortunately required.)
- Aussie Libraries get Bono'd
The Aussie version of our Sonny Bono Copyright Term Extension Act will prevent many more works from entering the public domain, forcing libraries to pay licensing fees for materials that otherwise would have been free for everyone to use.
- EU Policy May Put Innovation Under Lockdown
The Foundation for a Free Information Infrastructure has a new analysis of the EU's ill-advised draft patent policy.
- New Airport Security Measure: The Eyes Have It
German air travelers will shortly undergo iris scans.
- Op-ed: Air
Security Needs Privacy Protections to Fly
USA Today has an editorial on the need to balance air security with privacy.
- Aussies React Badly to Export of U.S.-style Copyright
One says U.S. copyright and patent laws are universally recognized as a "joke":
JD's New Media Musings,
Electronic Frontiers Australia
Technology Continues to Evolve
(NYT; registration unfortunately required.)
BitTorrent allows users to download enormous files by rewarding those who share.
- EU Moves Toward
Penalizing Non-commercial Infringers
The EU's proposed Intellectual Property Rights Enforcement Directive may expose alleged copyright infringers, ISPs and network administrators to actions including search and seizure of assets and freezing of bank accounts. The EU Parliament is scheduled to vote on the proposed Directive on February 25, 2004. EFF encourages European members to write to their MEPs now.
- Diebold Back in Court Over Voting Machines (PDF)
Voting-rights advocates are suing Diebold Election Systems, Inc. and the California Secretary of State for using uncertified software in California elections.
For a complete listing of EFF speaking engagements (with locations and times), please visit the full calendar.
- February 25 -
Fred von Lohmann speaks at the Future of Music Coalition's
Music Summit West, U.C. Hastings Law School,
San Francisco, CA
9:30 a.m.-10:30 a.m.
- March 2 -
Seth Schoen speaks at OpenBSD Users Group
San Francisco, CA
7:00 p.m.-8:00 p.m.
- March 3 -
Fred von Lohmann speaks at Digital Piracy Dilemma Panel,
9:00 a.m.-10:00 a.m.
EFFector is published by:
The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
Donna Wentworth, Web Writer/Activist
To Join EFF online, or make an additional donation, go to:
Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements and articles may be reproduced individually at will.
To change your address or other information, please visit: http://action.eff.org/subscribe/
If you have already subscribed to the EFF Action Center, please visit: http://action.eff.org/login.asp/
To unsubscribe from the EFFector mailing list, send an email to firstname.lastname@example.org with the word "Remove" in the subject.
(Please ask email@example.com to manually remove you from the list if this does not work for you for some reason.)
Back issues are available at:
You can also get the latest issue of EFFector via the Web at:
Please send any questions or comments to firstname.lastname@example.org