I've discussed Audible Magic and its filtering technology on "The Importance Of..." before: Audible Magic's Sleight of Hand. Basically, Audible Magic filters content based on an audio fingerprinting service that checks against a database of copyrighted works. Installed in a piece of P2P software, it prevents copyrighted works from being transmitted in the first place, which is what the article above discussed. However, Audible Magic is now attempting to sell its technology to schools and universities. In such cases, Audible Magic's technology will listen in to the data transfers (aka sniff packets) in the network and attempt to terminate those virtual circuits it believes are violating copyright. See, Audible Magic's six-page white paper: Managing Peer-to-Peer Traffic with the CopySense™ Network Appliance [PDF].
EFF has just posted a technical analysis of the CopySense technology and concluded that it would be easy to defeat (Audible Magic — No Silver Bullet for P2P Infringement):
Session encryption for file transfers based on ephemeral keys represents a cheap, easily implemented countermeasure that would effectively frustrate Audible Magic's filtering technology. Based on publicly available information, it does not appear that this vulnerability can be easily remedied. Should Audible Magic's technology be widely adopted, it is likely that P2P file-sharing applications would be revised to implement encryption. Accordingly, network administrators will want to ask Audible Magic tough questions before investing in the company's technology, lest the investment be rendered worthless by the next P2P "upgrade."However, EFF's technical paper doesn't address many of the policy issues. When I read their report, however, one policy/legal issue immediately came to mind:
An engineering goal of Audible Magic's network appliance is to add no additional latency to the network. Therefore, it cannot be interposed between the client and the server, as it would be in traditional firewall or filtering proxy deployment. The network appliance is installed as a peer to other hosts on a network segment, not as a gateway or bridge. The segment is configured such that the appliance can sniff all traffic going over the link layer fabric.Audible Magic functions like a wiretap. Which leads to the question: (Read on...)
Does Audible Magic Violate Wiretap Laws?
I believe that there is good reason to think so. Interestingly, I was unable to find a discussion of this issue on Audible Magic's website. There was a reference to legal issues in their white paper, but it was ambiguous:
Some of the P2P vendors are encrypting packet content. Does that affect sensing? Some of the P2P applications do encrypt the search process, but encryption is not used in the actual file transfer. This would carry legal implications if it were implemented.What would carry legal implications? Implementing encrypting for file transfers? It would certainly carry legal implications if Audible Magic were cracking encryption to look at copyrighted content. It's called a violation of the anti-circumvention provisions of the DMCA. Even if there were a technical means for Audible Magic to crack encryption during packet sniffing, it would clearly be illegal under existing law. But I digress.
The wiretap law in question is 18 USC 2511: "Interception and disclosure of wire, oral, or electronic communications prohibited." In pertinent part it reads:
(1) Except as otherwise specifically provided in this chapter any person who -To understand this, however, we have to look at a couple of the definitions (18 USC 2510):(a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication;....shall be punished as provided in subsection (4) or shall be subject to suit as provided in subsection (5).
(4) ''intercept'' means the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device....Alright, let's look at this. P2P transfers would certainly seem to qualify as "electronic communication." Perhaps I'm mistaken, but sniffing and holding packets in order to analyze the content for digital fingerprints would seem to be "acquisition of the contents" of an electronic communication. Indeed, using the contents of the copied packets in this manor might also be a violation of 2511(1)(d):
(12) ''electronic communication'' means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce,....
(d) intentionally uses, or endeavors to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection....shall be punished as provided in subsection (4) or shall be subject to suit as provided in subsection (5).However, does Audible Magic's technology fall into any of the exceptions? Such as, 2511(2)(a)(i)
It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.Is Audible Magic's technology a "necessary incident" to the rendition of service? Nope. Is it a "necessary incident" to protection of the rights or property of the provider of the service? No. There are various traffic control algorithms that don't need to be as invasive as Audible Magic's technology if P2P traffic is a problem. Legally, the DMCA's safe harbor provisions (17 USC 512) don't require packet sniffing.
There is one provision that might provide protection: 2511(2)(d):
It shall not be unlawful under this chapter for a person not acting under color of law to intercept a wire, oral, or electronic communication where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State.The key here, however, is that there must be consent on the part of one of the communicating parties. Now, most terms of service include provisions for packet sniffing for "security purposes." Presumably, this would include things like scanning for viruses or trojans or what not. I don't think copyright enforcement is a "security purpose." Spam filtering for email is usually a separate consent for email terms of service.
You would think that Audible Magic's webpage might mention that consent is necessary for this before someone implements their system and subjects themselves to possible criminal and civil (18 USC 2520) liability.
For those who are wondering, the recent email wiretap case, US v. Councilman, which I've discussed previously (E-Mail Wiretap Decision: Out of the Wiretap Frying Pan, Into the Copyright Fire), would not control in this case. Unlike the copying of stored emails, Audible Magic involves packet sniffing, which would be a "contemporaneous acquisition" and thus the equivalent of a wiretap.
Ok, So We Get Consent, So What?
Well, it's an awful precedent. With the exceptions of particular applications (such as email) in which the filtering is explicit and essentially implemented by the users, this is a program that looks into the content (application layer) of every packet no matter tha application. Generally, network management takes place on much lower communication layers and isn't concerned with content at all.
However, if universities and other organizations adopt a policy that it is permissible to inspect application layer packets, what other filtering regimes might they implement? Why not an indecency or obscenity filter? Why not a program that flags and terminates conversations when key words such as "bomb" or "cheat" are mentioned? Do we really want to encourage a regime of private wiretaps to enforce various policies? This may sound alarmist, but once you've set a precedent that it is okay to inspect application layer packets for "illicit" bits, you've begun to significantly erode privacy.
And, in any case, such filtering ultimately wouldn't work as EFF points out. Reduction in privacy for no benefit. That's great.
via Furdlog
There has been a lot of rightfully worried commentary about a recent decision by the US Court of Appeals for the First Circuit that found that intercepting and copying users' emails by an email service provider did not violate US wiretap laws. See: EFF (Online Privacy "Eviscerated" by First Circuit Decision); WIRED (E-Mail Snooping Ruled Permissible); and, Slashdot (Appeals Circuit Ruling: ISPs Can Read E-Mail). As EFF put it:
The defendant in the case is a seller of rare and used books who offered email service to customers. The defendant had configured the mail processing software so that all incoming email sent from Amazon.com, the defendant's competitor, was copied and sent to the defendant's mailbox as well as to the intended recipient's. As the court itself admitted, "it may well be that the protections of the Wiretap Act have been eviscerated as technology advances."Read the 16-page decision (and 37-page dissent): US v. Councilman [PDF] or HTML.
Now I in no way want to de-emphasize the dangers to privacy that this decision represents. If intercepting email is not a violation of the wiretap act, then all sorts of internet privacy goes out the window. If this ruling is not overturned, Congress will have to act to protect all of our privacy.
However, the defendant in this case, Bradford C. Councilman, may not have done himself any favors by winning. The problem is, by convincing the court that the emails intercepted were in "electronic storage," the defendant has pretty much made the case that he is guilty of criminal copyright infringement. Additionally, he would also be liable for huge amounts of civil damages for willful copyright infringement as well. From the decision:
According to the Indictment, on or about January 1998, defendant directed Interloc employees to write computer code to intercept and copy all incoming communications from Amazon.com to subscriber dealers. The Interloc systems administrator wrote a revision to the mail processing code called procmail.rc ("the procmail"), designed to intercept, copy, and store, all incoming messages from Amazon.com before they were delivered to the members' e-mail, and therefore, before the e-mail was read by the intended recipient. Defendant was charged with using the procmail to intercept thousands of messages. Defendant and other Interloc employees routinely read the e-mails sent to its members seeking to gain a commercial advantage.[emphasis added]Hmmmm....According to the statutes on criminal copyright infringement, 17 USC 506:
Any person who infringes a copyright willfully either -The criminal copyright infringement indictment just about writes itself. Copying the emails is a clear infringement of the right of reproduction. Ordering employees to write a program to copy emails seems pretty willful to me. Finally, the infringement was done for purpose of "commercial advantage." Slam dunk. Interestingly, as long as the commercial value of the emails was greater than $2,500 (which is likely) then the criminal penalties for both infringement and wiretapping are equivalent.(1) for purposes of commercial advantage or private financial gain, or
Bonus. The civil penalties for willful infringement are much higher than one can usually get for wiretapping. I mean, heck, up to $150,000 per email copied! All Amazon has to do is sue.
The only problem with this theory, however, is that the statute of limitations for criminal copyright infringement is five years (which means you normally can't prosecute someone five years after the crime occurs). I know that the infringement started in 1998 and Councilman was indicted in 2001. However, these aren't enough facts to know whether or not the statute of limitations will preclude prosecution for criminal copyright infringement.
So, while this decision remains a serious threat to our privacy, if it can be shown that the interceptions were for "commercial advantage" then the Copyright Act comes to the temporary rescue (and perhaps provides even worse penalties).
UPDATE
The Washington Post (annoying reg. req.) has an excellent editorial on this case today (Derail E-Mail Snooping). As does the New York Times (Intercepting E-Mail).
WIRED has a very interesting article on the various websites that make it easier to track campaign finance in the political system (Following the Money Made Easier). A number of the best websites are cited, such as Fundrace, Political Money Line, and my favorite, Open Secrets.
Worrisome Privacy Issues
Increased transparency in funding is all to the good (especially for larger donors), but I feel a little strange being able to know which of my neighbors have given $100 to Bush or Edwards (no local Kerry fans, apparently). How long will this data be held? Will these websites discourage people from donating to candidates not favored by their neighbors? What effect will this have on our politics?
More Efficient Tracking Desired
Of course, I would love for these websites to become even more efficient. What about email alerts and RSS feeds? You could subscribe to a candidate feed and be notified when they have new donations above a certain limit. You could have geographic feeds and industry feeds. You could track particular donors, especially industries, across a variety of candidates. Bloggers could make excellent use of such feeds.
Fix the Problem of Money in Politics
We really need to reduce the importance of money in politics (it'll never go away entirely). The more we undermine mass media, the better I think. A vast amount of political money is spent on television advertising, if we can change that paradigm with something like broadcatching we would be better off.
Bonus IP issue: The logo for Fundrace is highly reminiscent of Nascar's.
The LA Times (reg. req.) reports that California state legislators are hauling water for Hollywood once again (Setting a Trap for Net Pirates). The basic idea of the bill is to extend a "true name and address" statute to cover virtually all exchanges of copyrighted audiovisual information. That is, if you send someone a copy of a recording or audiovisual work electronically without also providing your true name and address, you could be fined $2,500 and spend a year in the clink.
Read Assembly Bill 2735 (the Assembly Version): An act to amend Section 653v of, and to add Section 653aa to the Penal Code, relating to Internet piracy.
What is the point of this bill? According to a sponsor:
[State Sen.] Murray [D - Culver City] says the point isn't to take names; his idea is to give state prosecutors, who have no jurisdiction over copyright infringement, a charge they can bring against online pirates.
Hmmmm ... the concept of federal preemption of copyright law comes to mind. One might argue that many states have "true name and address" statutes, but they generally apply only to sales of physical goods. Like copyright law, this proposed law applies to any transfer (outside your home and family), not only sales. If this isn't preempted I'm not sure what would be.
And what is this? Hollywood can't afford to sue people? We citizens of California have to expend precious tax dollars and limited law enforcement resources on copyright enforcement because Hollywood is too darn cheap? With massive statutory copyright damages available as a remedy, there is no excuse for Hollywood not to prosecute copyright infringers directly. Heck, it could even be a profit center.
An Attack on Privacy and Anonymity
Read the EFF press release: California Bill Backed by Hollywood Attacks Internet Privacy. The EFF notes the pernicious effects on children's privacy: "These California anti-anonymity bills would force everyone - including children - to put their real names and addresses on all the files they trade, regardless of whether the files actually infringe copyrights."
There are many more problems with this bill as well. EFF notes that there are no exceptions for fair use. For example, if one emails a friend a copy of a political campaign commericial that includes copyrighted music, I'm a Dole Man comes to mind, you can be fined and sent to jail. Heck, posting and commenting on Janet Jackson's wardrobe malfunction could get you sent to jail.
This is certainly an attack on the anonymity protections of the First Amendment. Unlike commercial "true name and address" statutes, this bill reaches beyond a state's interest in preventing fraud to cover all types of anonymous speech, including speech that is clearly protected by the First Amendment. State Sen. Murray says, "There's one way to maintain your privacy in my bill. That is not to engage in illegal activity." But that is the problem. The bill strips anonymity even when people are engaging in constitutionally protected activities. On this basis alone, I believe it is clearly unconstitutional under the First Amendment.
An Attack on the Creative Commons
Even worse, there is no exception for permission of the copyright holder. So, if I record a song and post it under a Creative Commons license that permits redistribution but reserves commercial use rights, you can go to jail for redistributing it. I mean, really, what more can be said about such an overbroad bill?
We need to have a "true names" bill for politicians. By all rights, State Sen. Kevin Murray should start calling himself State Sen. Hollywood Sycophant.
UPDATE
You can find your California State representatives here: Find Your California State Legislative Representatives. Let them know what you think of these bills.
I must admit it is very frustrating to read, frankly, ignorant security columns on the op-ed page of America's most prestigious newspaper, the New York Times (reg. req.). Columnist Nicholas Kristof is the culprit this time, with a couple of half-baked security measures (May I See Your ID?). In response I ask Kristof, may I see your security analyst credentials?
The first idea is, as the title gives it away, a renewed call for a national ID card. Argues Kristof:
If the right is willing to imprison people indefinitely and send young people off to die in Iraq in the name of security, then why is it unthinkable to standardize driver's licenses into a national ID?
This is an argument, why?
Hey, I'm not too happy with the imprisoning people indefinitely thing either (at least without, you know, some judicial process), but Guantanamo makes national ID cards a good idea how? And sending troops overseas to war justifies national ID cards at home because...? Let's try that argument again: "If the right is willing to send young people off to die in Afghanistan in the name of security, then why is it unthinkable to standardize driver's licenses into a national ID." Make any more sense?
More than 100 nations have some kind of national ID card. And the reality is that we're already moving toward a government ID system — using driver's licenses and Social Security numbers to prove who we are — but they neither protect our privacy nor stop terrorists. Instead, they simply promote identity theft.
You might think he would have made a stronger case in favor of a national ID card before he brings out the "everyone else is doing it" argument. You know, identity theft is a serious problem. National ID cards solve this how? Many security experts believe that they may, in fact, exacerbate the identity theft problem. A real security expert, Bruce Schneier, wrote, in Crypto-Gram Newsletter - December 15, 2001 - National ID Cards:
Identity theft is already a problem; if there is a single ID card that signifies identity, forging that will be all the more damaging. And there will be a great premium for stolen IDs (stolen U.S. passports are worth thousands of dollars in some Third World countries).
But, whatever, Kristof continues:
At least seven of the Sept. 11 hijackers, some living in Maryland hotels, managed to get Virginia ID cards or driver's licenses, which can be used as identification when boarding planes. Americans routinely travel to and from Canada, Mexico and the Caribbean with just a driver's license.
And I guess that foreigners won't be allowed to get these ID cards and will not be permitted to live in Maryland hotels? Of course, we will have to issue some sort of identification to foreigners ... and we all know how reliable the identity paperwork from foreign countries is. As Scheier notes, "Some of the 9/11 terrorists who had stolen identities stole those identities overseas." Yep, national ID cards will stop that.
Some U.S. officials privately fret that security may depend on a harried immigration officer in Maine who is handed a forged Guam or North Dakota driver's license. One undercover federal study underscored the vulnerability last year by using off-the-shelf materials to forge documents that were then used to get driver's licenses in seven states and the District of Columbia. The forgeries worked in each place attempted.
And having a national ID card will stop people from forging documents to get the licenses how? And I guess that Kristof is guaranteeing that relying on a single national ID card won't lull that harried Maine officer into complacency?
So why not plug this hole with a standardized, hard-to-forge national ID card/driver's license that would have a photo, a fingerprint and a bar code that could be swiped to check whether the person is, for example, a terror suspect who should not be allowed onto a plane?
Yeah, because we know who the terror suspects are and terror suspects are happy to properly register themselves with the government. They also, when asked politely, explain to the airline counter clerk that, yes, someone else packed their luggage and they are carrying gifts for strangers. And from Schneier again, "Biometric information, whether it be pictures, fingerprints, retinal scans, or something else, does not prevent counterfeiting; it only prevents one person from using another's card. And this assumes that whoever is looking at the card is able to verify the biometric."
Schneier summed up the national ID issue best I think:
I am not saying that national IDs are completely ineffective, or that they are useless. That's not the question. But given the effectiveness and the costs, are IDs worth it? Hell, no.
Kristof's other concern is with the availability of instructions for creating weapons of mass destruction:
The other area where I'd like to see a tougher approach has to do with "cookbooks" to make anthrax, sarin and other chemical, biological or nuclear weapons. Over the last few years, I've collected a horrifying set of booklets, typically sold at gun shows or on the Internet, detailing how to make mustard gas, VX, anthrax or "home-brew nerve gas."
....Sure, I cherish the First Amendment. But remember what Alexander Bickel, the eminent First Amendment scholar, told the Supreme Court when he argued on behalf of this newspaper in the Pentagon Papers case. Pressed by the justices on whether publication could be blocked if 100 Americans would certainly die as a result, he reluctantly agreed: "I am afraid that my inclinations to humanity overcome the somewhat more abstract devotion to the First Amendment."
Funny quote from Bickel, that. Why, if I knew for certain that Kristof's column would lead to certain death for even one person, let alone 100, I would have to agree with Kristof that "In these exceptional circumstances, we are — I hate to admit it — better off banning books."
Now, whether or not it should be legal to publish information about making WMDs is a serious question and one that shouldn't be addressed lightly. But lightly, in a few paragraphs, is how Kristof deals with it. He couldn't even write an entire column on the issue? There are many questions he doesn't even raise, such as, how and where do you draw the lines on such information? Is a recipe for ricin bannable? What about flight simulator software? What about dual-use items?
Maybe, for certain types of exceptional information, we should have more control. But to simply come out and say, "we are ... better off banning books" is not a terribly compelling argument by itself. I am surprised that the New York Times is the source for this perfunctory argument in favor of censorship.
LawMeme briefly summarizes and collects a number of articles on several law enforcement agencies' (FBI, DOJ and DEA) recent petition to the FCC to expand government wiretap capability (FBI seek to expand the system-formerly-known-as-Carnivore).
C|Net News reports that the petition "aims to give police ready access to any form of Internet-based communications" (FBI adds to wiretap wish list):
Legal experts said the 85-page filing includes language that could be interpreted as forcing companies to build back doors into everything from instant messaging and voice over Internet Protocol (VoIP) programs to Microsoft's Xbox Live game service. The introduction of new services that did not support a back door for police would be outlawed, and companies would be given 15 months to make sure that existing services comply.
That's just wonderful. And I suppose only the US government will have access to these backdoors?
The Washington Post (reg. req.) talks to one of the leading experts on wiretapping, CDT's James X. Dempsey (Easier Internet Wiretaps Sought):
But privacy and technology experts said the proposal is overly broad and raises serious privacy and business concerns. James X. Dempsey, executive director of the Center for Democracy & Technology, a public interest group, said the FBI is attempting to dictate how the Internet should be engineered to permit whatever level of surveillance law enforcement deems necessary.
"The breadth of what they are asking for is a little breathtaking," Dempsey said. "The question is, how deeply should the government be able to control the design of the Internet? . . . If you want to bring the economy to a halt, put the FBI in charge of deploying new Internet and communications services."
Dempsey is right. The amount of intervention in technology development necessary for the FBI and DOJ to accomplish what they want with regard to wiretapping is enormous. The costs will be both direct (money out of consumer's pockets) and indirect (loss of innovation). However, that is only half the picture. Unfortunately for the FBI, the costs to defeat the wiretapping are relatively small and will continue to decrease. We have here an asymmetric situation that will only grow more asymmetric as time goes on.
The problem is with the underlying architecture of the internet. Advances in technology along with the end-to-end/layers principle mean that it will always be cheaper to add encryption to the edges of the network than to increase the amount of surveillance at the center of the network. How much does it cost to write an encrypted VoIP app? Not much. How much does it cost to build the surveillance mechanism and conduct the surveillance across all possible ISPs? A heck of a lot more.
Ok. Now that the first encrypted VoIP app is compromised ... how much will it cost to build another encrypted layer on top of the first one? How much will it cost to conduct surveillance on this new layer? Hmmmm, if this progression continues, as we add additional layers of encryption and surveillance, the costs will increasingly diverge. Not a game you can win ultimately. In fact, it doesn't make much sense to even start. The FBI should be happy with what they've got.
Nor should we forget how darn cheap computing is getting. I wish my first computer had the power of a Treo 600. How hard is it to write voice encryption software for Treos and all the follow-on smart phones? How hard will be to add additional layers to the communications stack especially given all the various options for communication being made available through ubiquitous grid-network wireless?
If I were the FBI, I wouldn't waste my time on a battle I ultimately couldn't win and instead would concentrate my efforts on the place where I could still achieve my goals - the ends. You want to know what someone is up to online? I would recommend, for example, key loggers, "real" spyware, and social engineering. It ain't gonna be easy, but you have a chance of winning in the long term. The sooner you quit a race you can't win, the faster you can enter a race where you have a chance.
Bonus FBI Inanity: Sunday, March 14th was the 54th birthday of the FBI's "Top Ten Most Wanted Fugitive List." What better way to celebrate than with a humorous quiz? For example,
5. What Bible-carrying female impersonator was captured in 1964 while working as "Bobo the Clown" with a traveling carnival?
ANSWER: Leslie Douglas Ashley. And for extra credit, Isaie Aldy Beausoleil [apparently another man] was arrested in 1953 dressed as a woman...acting v-e-r-y suspiciously in a Chicago ladies' restroom.
7. Who was arrested in Japan, extradited to the U.S., and in Honolulu presented FBI Agents--in all seriousness--with [sic] a Monopoly "Get Out of Jail Free" card?
ANSWER: James Robert Ringrose, arrested in 1967.
And this one is really a laugh riot, har-d-har-har:
4. What Top Ten terrorist who was apprehended in 1995 said at his trial in New York City, "I am a terrorist, and I am proud of it"?
ANSWER: Ramzi Ahmed Yousef, who masterminded the 1993 World Trade Center bombing in New York and planned the bombing of an American airplane in the Far East, an act that was prevented. Judge Kevin Thomas Duffy of Manhattan's Federal District Court called him "an apostle of evil [who] wanted to kill for the thrill of killing human beings."
Bonus FBI Inanity 2: A Strengthened Partnership to Protect Children: Name that Sexual Predator! - That's the real name for the page - no foolin'. Frankly, I am somewhat disturbed when law enforcement agencies turn child abuse into a game.
UPDATE
Brother Dana has some observations here: Following The Chinese Way
Findlaw's Modern Practice's Anita Ramasastry has written a column on the recent California appellate decision upholding the city of Garden Grove's requirement that cybercafes maintain surveillance cameras (Can a City Require Surveillance Cameras in Cybercafes?). She is disapproving of the decision and cites the dissent's comparison of Garden Grove's actions with those of dictatorial governments. I've written on the decision extensively here: CyberCafe Ordinance Decision - First Amendment Victory - Privacy Defeat.
via Ernie the Attorney, whose response to this privacy invasion is incredulity
On the Moore's Lore blog Dana Blankenhorn makes the provocative claim that DRM will be useful as a privacy protection measure (Mobile DRM Argument Misses The Point). Dana points out a major issue the world of "always on" raises, that of privacy. When almost everything we do is generating wireless data, such as our blood sugar levels, refrigerator contents, and garden soil moisture levels, we will certainly want to protect much of that information from prying eyes. Dana's response is to promote the use of DRM as a privacy protection measure.
This is not such a good idea for a variety of reasons.
First, it would essentially propertize our privacy. There are a number of major concerns regarding propertizing privacy, especially the fact that it is unlikely to solve many of our problems. Without going into a major critique here, Pam Samuelson has written a good introduction to many of the issues involved: Privacy as Intellectual Property? [PDF].
Second, enabling DRM in everything is far more likely to be privacy corroding. Anonymity would be very difficult to assure when everything is digitally signed and encrypted.
Third, DRM is a technical solution, not a policy or social solution. Dana claims that,
Under DRM the holder of the content has the absolute right to control where it goes, and the conditions under which it is used. Right? Isn't that what you want, when the content is personal, even intimate, knowledge about you, your body, your possessions? Isn't that the very basis of privacy?
There is also a strange dissonance in Dana's position. Dana says that, "Once you buy something, whether it's a can of peaches, a microwave, or a song by Nelly, it's yours." However, why wouldn't the same apply when the grocery store "buys" my grocery-shopping habits in return for everyday lower prices? Why wouldn't the grocery store "own" that data? After all, that data was generated with the grocery store, they are partially responsible for generating that data in the first place.
Privacy is an important issue in the "always on" world, and DRM may play some role in the solution with regard to particular problems and specific threat concerns. However, there is simply no reason to believe that DRM should be "baked into the World of Always-On" in order to protect privacy.
Larry Lessig has written a brief note about a California Appeals Court decision that eviscerated privacy rights in cybercafes (mandated telescreen upheld). There is a Law.com article here (Internet Cafe Ordinance Sparks War of Words). Read the decision (Thany Thuy Vo v. City of Garden Grove [PDF]). The issue that has Prof. Lessig rightfully incensed is an operational requirement for cybercafes that forces them to monitor (read over the shoulder) what people are doing on cybercafe screens, whether it is reading email, browsing the web or playing a game of Counter Strike. However, there are other major issues involved and the decision has some very important victories in it for those who care about the First Amendment.
The ordinance in the City of Garden Grove was initially passed as a typical political overreaction to some isolated violence associated with a handful of cybercafes in the city. Places where young people, particular young males, spend time are almost always suspect in the eyes of older citizens. Cybercafes attract many young males. Think this revised chorus from "The Music Man":
Trouble, oh we got trouble,
Right here in Garden Grove City!
With a capital "T"
That rhymes with "C"
And that stands for Cyber,
That stands for Cyber.
We've surely got trouble!
Right here in Garden Grove City,
Right here!
Gotta figger out a way
To keep the young ones moral after school!
Trouble, trouble, trouble, trouble, trouble...
The evidence of trouble in Garden Grove City was basically anecdotal:
By memorandum of December 31, 2001, Joseph M. Polisar, the city’s chief of police, advised the city manager of the rapid growth in the number of CyberCafes operating in the city. In the space of two years, the number of these establishments had risen from three to a total of twenty. Polisar’s memorandum detailed seven incidents of criminal activity occurring in or near four different CyberCafes during the last three months of 2001. Five of the seven incidents involved gang activity. The most recent incident, occurring the day before the memorandum was written, was the murder of a 20-year-old male while he was standing in front of a CyberCafe. Polisar also reported that patrol officers were finding school aged children at these establishments during school hours, and he expressed concern about minors being able to access inappropriate and dangerous web sites. Polisar concluded: “[T]he Police Department believes that it is vital that the City enact an ordinance regulating the use of ‘Cyber Café’s [sic].’”
Heavens to Betsy! A whole seven incidents of crime! The murder was a terrible thing, but people are frequently murdered outside many other establishments as well. And my, oh, my, minors might access inappropriate dangerous web sites. Someone ought to do somethings about those libraries and schools, where children might also access inappropriate information. Seriously, read the dissent for an analysis of how much "trouble" these cybercafes really create. The original "study" by the police was a joke. For example, there are no baseline comparisons to similar business or general crime rates. If this sort of "study" were valid, one could find that any business was dangerous to the well-being of the community. Do you know how many shoplifting violations stores create?
In any case, the ordinance was passed and attacked the "problem" several different ways, with zoning and other permit requirements. The first ordinance was clearly not going to pass judicial muster, so the city revised it. The revised ordinance is what the decision considers.
One of the most important parts of the decision is that the court declares quite clearly that cybercafes enjoy First Amendment protections, much as book publishers and movie theaters:
We perceive no rationale by which CyberCafes should be accorded less protection than any of these older or more traditional businesses. As the court below aptly observed, “The targeted business is a gateway to the information super highway [—] the modern new location for information’s dissemination.” [citation omitted]
This may seem obvious (because it is), but it hasn't been obvious to many courts previously. Most of the regulations of cybercafes has been based on regulations similar to those for videogame arcades and penny arcades. Most courts have not found that videogame arcades and penny arcades have protected First Amendment status. You see, games aren't protected speech, apparently. Anyway, since cybercafes also provide access to email and the internet, regulation aimed at them does raise First Amendment issues. It would have been nice to see language about videogames being covered by the First Amendment too, this is still a significant victory.
One of the reasons is that regulation aimed at First Amendment protected businesses must beat a slightly higher standard of judicial scrutiny, as opposed to regular businesses which can be regulated almost at a whim. For example, regulations of First Amendment protected businesses must be regulated according to "objective measurement." Which doesn't mean really "objective" but does mean there can't be too much leeway for the regulators making the decision. Basically, business regulations must meet a somewhat special version of the same test used for "time, place and manner" speech restrictions.
Conditional Use Permits
Probably the most important aspect of the ordinance, from an immediate, practical point of view, was the requirement that cybercafes needed to have a Conditional Use Permit (CUP). A CUP is basically a zoning regulation that lets a city veto (through a public hearing process) particular businesses that would otherwise be permitted. Obtaining a CUP can be very expensive, time-consuming and easily turned down, even after one has gone through all the trouble of applying for one. Typical CUP ordinances can be quite vague and arbitrary. For example, here is a passage on CUPs from the city of Los Angeles:
In approving any conditional use, the decision-maker must find that the proposed location will be desirable to the public convenience or welfare, is proper in relation to adjacent uses or the development of the community, will not be materially detrimental to the character of development in the immediate neighborhood, and will be in harmony with the various elements and objectives of the General Plan.
What the heck does the above mean? What it means is that a CUP can basically be denied if the decision-maker (frequently the head of zoning) doesn't like your business. This can be very troublesome from a civil liberties point of view, especially when one is regulating First Amendment protected businesses. Luckily, the California Supreme Court has held that "A long line of decisions has held unconstitutional ordinances governing the issuance of licenses to conduct First Amendment activities where administrative officials were granted excessive discretion in determining whether to grant or deny the license."
Accordingly, the court completely invalidated the City of Garden Grove's CUP-based regulations as applied to cybercafes.
This is an important victory because cybercafes throughout the state are being regulated, primarily through the CUP process. Indeed, in the city of Los Angeles itself, the city is using CUPs to regulate cybercafes under an antiquated statute for "penny arcades." CUPs have been challenged by videogame arcades as violating the First Amendment previously, but have always lost.
Daytime Curfew for Minors
Here the court allows the city to deny minors access to cybercafes during school hours unless accompanied by a parent or guardian. Without going into detail here, let me make a few quick points:
Employee and Security Guard Requirements
The city requires at least one employee over the age of 18 (and an additional employee if there are more than 30 computers), as well as a security guard on Friday and Saturday evenings from 8pm to 2am. The court decided that these requirements were narrowly tailored to prevent gang violence. I believe they are correct on the age of 18 requirement. However, there was never any evidence of gang violence at more than a few of more than 20 different establishments. It hardly seems narrowly tailored that all cybercafes should be burdened with expensive, state-licensed security guards when there may only be problems at a handful of similar businesses. Moreover, the burden is substantial. Cybercafes are not major profit centers generally speaking, and the additional cost associated with more employees and security guards can mean the difference between a marginally successful business and an unsuccessful business.
Privacy
Here the decision really is Big Brother-ish. The court describes the ordinance thus:
section 8.82.020, subdivision (8) to the Garden Grove Municipal Code, ... requires CyberCafes to install a video surveillance system. The video system must be “capable of delineating on playback . . . the activity and physical features of persons or areas within the premises,” and must “cover all entrances and exit points and all interior spaces, excepting bathroom and private office areas.” “The system shall be subject to inspection by the City during business hours” and “[t]he videotape shall be maintained for a minimum period of 72 hours.”
The court concludes and the City of Garden Grove stipulates, that the information collected can only be turned over to authorities according to legal process, such as a search warrant. That is fine as far as it goes, though the ordinance could have been a little more clear on the point. However, that is not really the issue.
The issue is whether the government needs legal process to obtain certain information, but whether the government can require First Amendment protected business to create and retain such information in the first place. Yes, if information is being gathered and stored about First Amendment activities, of course the government should have to use legal process to obtain that information. But should the government be allowed to require the maintenance of such records in the first place? According to this decision, that isn't even a question.
Whatever that [privacy] interest is, it surely is not “fundamental to personal autonomy.” People don’t do things “fundamental to personal autonomy” in a public retail establishment. The dissent throws the reader off track by confusing the privacy issue with the free speech issue, asserting that CyberCafes “are the poor man’s printing press and private library.” As we have pointed out in the majority opinion, reasonable expectations of privacy in the setting of a CyberCafe are simply not present.
The court even goes so far as to say that the presence of human surveillance, such as the employee or security guard, is the same as the unblinking eye of a video camera:
Turning to what the video surveillance portion of the ordinance does say, we are not persuaded the video surveillance system affects First Amendment activity any more than does the presence of an adult employee and/or security guard.In a footnote, the court jests at any concern:
If an employee had a 72-hour photographic memory, would we make him unemployable because his presence would invade the privacy of the customers?
Apparently, this distinction is of no consequence to the Constitution:
That the video system has a 72-hour memory that may be better than the short-term memory of the average security guard, customer, or employee is not a distinction of constitutional significance on First Amendment grounds.
The court goes on to analyze the privacy rights according to the California State Constitution. The court basically finds that:
A person’s physical features are not “confidential,” nor are activities on the premises of a public retail establishment. No legally recognized informational privacy right can attach to either. Nor can it reasonably be understood that the observation of persons using a computer in a CyberCafe involves intrusion either on the making of an intimate personal decision or on the conduct of a personal activity. Plaintiffs do not explain why observation by a video camera intrudes on privacy any more than observation by employees or other patrons.
The closest analogy I can think of to show how wrong-headed this decision is, is to public telephones, which are frequently located on the premises of public retail establishments. Additionally, it happens that conversations on such public telephones might be observed (heard) by employees or other patrons (particularly those who are waiting in line to use the public telephone). Nevertheless, would it therefore be permissible to require all public telephones to be wiretapped and the recordings held for 72-hours? In Katz v. United States, the Supreme Court said wiretapping a public telephone booth was a violation of the Fourth Amendment. The telephone booth in question was enclosed in glass, but I don't think the decision would have been different if the telephone had been in an open booth. I certainly don't think the Supreme Court would have allowed pre-emptive wiretapping of all public telephones.
No More Privacy - Get Used to It
Of course the decision in Katz was also based on a "reasonable expectation of privacy." But apparently, we no longer have any reasonable expectation that we are not constantly under video surveillance in all public areas.
A ‘reasonable’ expectation of privacy is an objective entitlement founded on broadly based and widely accepted community norms.” With the near ubiquitous use of video surveillance in retail establishments, at automated bank teller machines, and at road intersections, it is difficult to imagine, certainly at the preliminary injunction stage, that the customer’s expectation of privacy is reasonable under the circumstances.Wow. I'll say it again, wow. Now we have to prove that we don't expect to be constantly videotaped in public.
The Dissent
Highly recommended reading. The dissent is a blistering attack on the majority decision and I must say the judge really does seem to understand what is going on. The dissent discusses blogging, for example, and cybercafe regulation in totalitarian societies, such as China and Vietnam. If you are interested in privacy, read it.
As reported by Donna Wentworth on Copyfight, Verizon has emerged victorious in its effort to thwart the RIAA's subpoenas under the DMCA (Verizon Wins Victory for Privacy). The US Court of Appeals for the District of Columbia Circuit has reversed a lower court's ruling and held that the RIAA may not send subpoenas to ISPs for information on alleged infringers using P2P. Read the DC Circuit decision: RIAA v Verizon [PDF].
The decision is a victory for privacy, but not a victory for privacy as such.
The result was reached on a technical reading of the statute, and turned on the fact that a subpoena can only be sent if a DMCA notice-and-takedown letter can also be sent. A DMCA notice-and-takedown letter can only be sent to the ISP if the ISP can remove access to the material (and not if the only way to remove access is to terminate a user's account). Thus, a copyright owner cannot send a DMCA notice-and-takedown to an ISP for what a user shares via P2P (the ISP can do nothing but terminate the user's account, which is not a remedy under a DMCA notice-and-takedown letter). Consequently, if no notice-and-takedown may be sent, no subpoena may be issued.
The constitutional issues that would have made this a victory for privacy as such, or for freedom of expression, were not addressed by the court.
What does all this mean?
First, the RIAA has nearly hosed itself. They were trying to issue all the subpoenas through the DC Circuit and not through the other circuits. They did this for administrative reasons and in order to preserve what they thought would be a victory for their interpretation of the DMCA in the DC Circuit. Of course, MIT and others fought this interpretation, forcing the RIAA to issue subpoenas through other circuits. There is also an ongoing legal battle between the SBC and the RIAA in San Francisco, one of the questions of which is why the case is not being heard in DC as the RIAA desires desired. Ooops. Of course, the RIAA (being the weasels they are) can shift on a dime and forum shop their subpoenas in other circuits, looking for a circuit split. However, the DC Circuit decision is bound to be rather influential and many other courts will find it persuasive.
Second, this will greatly increase the pressure on Congress to address the P2P issue directly. With losses in the Kazaa case and now the Verizon case, the RIAA has few recourses in existing law to fight massive copyright infringement. The pressure that will be exerted on Congress to act will be quite large, and the outcome will be indeterminate.
Of course, the RIAA (and its members) do retain the ability to sue infringers under John Doe lawsuits and then have subpoenas issued to ISPs. This would be a tremendous administrative burden on the courts and thus increase pressure on Congress to act. Additionally, the settlements that the RIAA would have to get from P2P file sharers would likely have to be higher to recoup at least some of the additional costs of filing hundreds, if not thousands, of lawsuits.
A quibble with the decision, however, is the following sentence:
The issue is whether § 512(h) applies to an ISP acting only as a conduit for data transferred between two internet users, such as persons sending and receiving e-mail or, as in this case, sharing P2P files.
I believe that the analogy between email and P2P is misleading. E-mail is often one-to-one, but can also be one-to-many. A webpage is technically one-to-one (every webpage served is a single transaction between server and browser), but operates as a one-to-many distribution. P2P is technically one-to-one, but operates as one-to-many. Yes, the ISP in this case is simply a conduit and should be treated as such, but we should not misleadingly analogize one-to-one transfers with one-to-many, unless one consistently refers to webpages as data transferred between two internet users as well.
EFF has a statement (Court Rules Verizon Can Refuse to ID Customers to Music Industry).
The American Booksellers Foundation for Free Expression has launched a new campaign to support their challenges to the PATRIOT Act provisions that give law enforcement wide discretion to seize various records, including bookseller and library records. The campaign adds a cool new homophone to the language: Freadom.
via Copyfight
This story is actually several months old, but is something that I hadn't see before. Apparently, some GPS-enabled camera phones can tag the resulting photo with GPS metadata, so you not only have the photo, but know where it was taken as well. The AkuAku SF blog even has a nifty interface that will allow you to click on a GPS-tagged photo and bring up a map that will show the location (GPS Tagged JPEGS). UltraNifty, but one has to wonder about the privacy implications.
via BoingBoing
Doug Simpson points out that California's Office of Privacy Protection has issued a set of recommendations for businesses to comply with California's requirement that they notify customers of security breaches (California Guide on Disclosure of Personal Info Security Breach). You can find links to all of California's recommendations here (Recommended Practices). The specific guide is here (Recommended Practices on Notification of Security Breach Involving Personal Information [PDF]). The 39-page document covers protection and prevention, preparation for notification and notification itself. Additionally, it has many other resources, such as sample notification letters and the California laws in question and a benchmark study on compliance.
The Register points out a recent policy announcement by the Department of Defense mandating the use of RFID tags for everything but bulk items such as sand, gravel and liquids by January 2005 (Defense Department wants RFID tags on everything but sand). You can read the official news release here (DoD Announces Radio Frequency Identification Policy). ZDNet UK also covers the story (US military throws weight behind RFID).
This will be a huge boost for RFID manufacturer and will likely speed its widespread adoption for consumer goods.
Freedom to Tinker points (Rescorla on Airport ID Checks) to the Educated Guesswork blog, which notes an incredibly stupid airline ticket verification protocol (Airport ID checks: a broken protocol). The article shows how, even if you were Osama Bin Laden, you could print your airline ticket at home and avoid being screened through the government databases. Great.
Educated Guesswork also suggests some elementary methods of closing this security hole (Designing a non-broken boarding pass protocol). Given the relative ease of the fix, you have to wonder if anyone in the Transportation Security Administration is really concerned with airline security, or if they simply want to violate privacy.
In a related story, the New York Times (reg. req.) reports on Steven Brill's new venture to create private, third-party "I am not a terrorist" ID cards that will smooth your transit through security at airports, major sporting events, etc. (Venture to Offer ID Card for Use at Security Checks). Great.
Bruce Scheier, one of the world's leading cryptography and security experts, has an op-ed on Newsday.com pointing out the foibles of mass terrorist screening at airports and the like (Terror Profiles By Computers Are Ineffective). As an ex-military type myself, the example he used of bogus screening criteria hits close to home:
I have an idea. Timothy McVeigh and John Allen Muhammad - one of the accused D.C. snipers - both served in the military. I think we need to put all U.S. ex-servicemen on a special watch list, because they obviously could be terrorists. I think we should flag them for "special screening" when they fly and think twice before allowing them to take scuba-diving lessons.
CNETAsia has an interesting artice on the backlash towards camera phones (Ban camera-phones in workplaces: Analyst). The analyst in question is Jack Gold, of the META Group, and he seems to be a bit reactionary. Certainly banning all camera phones is going to become difficult when all phones will soon have cameras (see, Nokia's All Seeing Eye(s)).
The article does point out some other interesting news as well. For example, Iceberg Systems is testing technology ("Safe Haven") that will disable camera phones in particular locations. Also, Korea's legislature is considering requiring camera phones to make a loud noise when a photo is taken. Perhaps the two aspects could be combined ... cameras would have to emit a loud noise when a photo is taken in a particular location.
via Techdirt
UPDATE 0715 PT
On the other hand Jeff Jarvis is celebrating The all-in-one, super-duper, deluxe everything citizens' reporting machine.
Edward Hasbrouck, aka "The Practical Nomad", highlights on his blog the privacy-friendly position the Air Transport Association seems to be taking (USA airlines say privacy must come before CAPPS-II tests):
The Air Transport Association, which represents America's commercial airlines, is just as adamant that proper protections be put in place before they give anyone's private information to the government. They're particularly sensitive since the recent controversy over JetBlue, which provided a defense contractor passenger information, without the passenger's knowledge.
"We're in very intense negotiations with the TSA," says the ATA's Doug Wills. "You can't have higher levels of protection without taking steps to secure customers' private information."
The quotes above come from a Christian Science Monitor article on the CAPPS II debate with the Transportation Security Administration (Passenger tracking at airports on hold).
The New York Times (reg. req.) reports that Victoria's Secret has settled with Attorney General Eliot Spitzer of New York regarding the retailer's privacy practices (Victoria's Secret Reaches a Data Privacy Settlement). Apparently, the retailer's lack of server security resulted in the names, addresses and orders of more than 560 customers being made available for several months to anyone who figured out how to manipulate the online customer identification number and order number to call up customer records. The information revealed did not include credit card numbers, but only who was buying what frilly underwear. In the absence of comprehensive privacy legislation, it is a pretty good result that Victoria's Secret was held up to is announced privacy policy.
C|Net News reports on recent statements by Nokia's CEO on the company's strategy (Nokia says it gets the picture). The most interesting news is that "the company intends to make cameras a part of nearly every kind of Nokia phone by the second half of 2004." Indeed, "Nokia believes it could become the biggest digital camera manufacturer globally in 2003."
Welcome to the Panopticon.
