Peer-To-Peer News - The Week In Review - August 9th, '08

[JackSpratts]

Since 2002


































"I don't think making people pay subscriber fees for content is sustainable." – Alan Levy


"It was completely different from what I learned in school. It's hard to believe the first time you see a different edition of history. At first I felt it's unbelievable. Then I felt angry because I was deceived for such a long time." – Shanghai IT worker


"If you believe in the Constitution, and you believe in what this country means, you can NOT believe that any American should ever face prison for writing fiction -- no matter what the subject matter of that fiction might be." – Marc John Randazza


"In the age of Internet (almost) anywhere, why be tied to a TV? [Television networks] no longer have the same viewer monopoly they had 30 years ago — why don’t they see that?" – Lorie Johnson


"It wasn’t the best quality, and I’m sure it will be better on TV, but to watch that flame go up [on the 'net] at the same time as the rest of the world was a beautiful, moving thing." – Aida Neary


"The idea of watching a 14-hour delay is repulsive." – Tracy Record



































August 9th, 2008




College Funding Bill Passed With Anti-P2P Provisions Intact
Ryan Paul

The Senate and House have voted to reauthorize the Higher Education Act and approved controversial new provisions that will require universities to provide students with access to commercial music downloading services and implement traffic filtering technologies in order to deter peer-to-peer filesharing. The bill now goes to President Bush, who is expected to sign it into law.

These provisions have strong support from the content industry, but have been targeted with widespread criticism from the academic community and advocacy groups such as Educause. The push for mandatory filtering at universities began in 2007 when the RIAA published a list of top piracy schools and the MPAA claimed that piracy on university campuses accounts for 44 percent of the movie industry's annual losses to piracy. The group later retracted this claim when it was discovered that the numbers were grossly inflated. The RIAA followed up its top piracy school list with a litigation and propaganda campaign which included the development of a web site to handle automated settlements, but soon faced serious setbacks in court.

The MPAA also developed an Ubuntu-based software toolkit for detecting file-sharing on university networks, but was forced to discontinue distribution of the software when they were hit with a Digital Millenium Copyright Act takedown notice. The MPAA had violated copyright law by failing to adhere to the General Public License under which Ubuntu is distributed.

The MPAA's high-tech anti-piracy solution

The RIAA and MPAA have vigorously lobbied for a legislative solution at both the state and federal levels. Pressure from the content industry compelled Congress to begin investigating the issue.

The lobbying efforts eventually resulted in the addition of anti-piracy provisions in the College Opportunity and Affordability Act in the House, which passed by a wide margin in February. The Senate version of this bill passed today with bipartisan support.

A statement issued by the joint House and Senate committees responsible for harmonizing the two versions of the bill explains that universities will have to begin authoring formal piracy deterrence plans. The statement also recommends several commercial anti-P2P technologies including Audible Magic's CopySense Network Appliance and Red Lambda's Integrity filtering tool.

"[The amendment includes] language requiring institutions to make available the development of plans to detect and prevent unauthorized distribution of copyrighted material on the institution of higher education's information technology system," the statement says. "The Conferees have combined elements from both bills to require institutions to advise students about this issue and to certify that all institutions have plans to combat and reduce illegal peer to peer file sharing."

The MPAA hailed the bill's passage. "We work closely with leaders in the higher education community because we both have a stake in ensuring that intellectual property continues to be a strong, vibrant part of our nation's economy," said MPAA president Dan Glickman. "By including these important provisions in the Higher Education Act, Congress is sending a strong message that intellectual property is worth protecting."

The MPAA will shortly begin sending out what it describes as "campus briefing books" that contain information on the anti-piracy provisions of the new law and what schools need to do in order to be in compliance. The books will also offer hints on how to clamp down on P2P traffic and detect infringement.

There are presently no penalties for failing to comply with the requirement, but Educause and many in the academic community fear that the new provisions are a trojan horse that will open the door for Congress to add penalties in future iterations. If this happens, universities could potentially be denied funding if they don't agree to play copyright cop.
http://arstechnica.com/news.ars/post...ns-intact.html





Tufts Tells Judge, We Can't Tie IP To MAC Addresses
NewYorkCountryLawyer writes

"Protesting that Tufts University's DHCP-based systems 'were not designed to facilitate forensic examinations,' but rather to ensure 'smooth operations and to manage capacity issues,' the IT Office at Tufts University has responded to the subpoena in an RIAA case, Zomba v. Does 1-11, by submitting a report to the judge explaining why it cannot cross-match IP addresses and MAC addresses, or identify users accurately. The IT office explained that the system identifies machines, not users; that some MAC addresses have multiple users; that only the Address Resolution Protocol system has even the potential to match IP addresses with MAC addresses, but that system could not do so accurately. For reasons which are unclear, the IT department then suggested that the RIAA next time send them 'notices to preserve information,' in response to which they would preserve, rather than overwrite, the DHCP data, for the RIAA's forensic benefit."
http://news.slashdot.org/news/08/08/06/0224238.shtml





Green Party Condemns 'File-Sharing' Deal
Mark Watts

The Green party has condemned a deal struck by six UK internet service providers with the record industry to clamp down on illegal file sharing.

The party has warned that "draconian measures" in the government-brokered deal threaten internet access for vulnerable people.

Under the "memorandum of understanding" unveiled last week, the ISPs have agreed with the BPI, the body formerly known as the British Phonographic Industry that represents the British record industry, to collaborate on a voluntary code of practice on illegal file-sharing.

They will take part in a test to write to customers to tell them that rights holders, such as music or film companies, allege that there has been illegal file sharing on their broadband connection.

Rights holders will pass IP addresses to the ISPs, who will match them with users and send the letters to them.

The ISPs are to meet the government to draw up a code of practice on how to tackle repeat infringers, such as blocking content to certain users or limiting the download speed of their internet connection.

The BPI says that the steps are necessary to stop what amounts to theft and to enable new, legal digital music service models to "flourish", while ensuring that "creativity and copyright are respected."

Tom Chance, the Green party's intellectual property spokesman, said, "Net users everywhere should be worried by this memorandum of understanding between the BPI and the six largest ISPs in the UK. Faults exist at every level.

"The first stage gives the BPI the right to track file-sharers, and pass their details onto ISPs. That's an attack on civil liberties in itself, but the true folly of the scheme rests in what those ISPs can do next.

"Their new powers run in two halves. Initially, they merely send warning letters to suspected file-sharers. If these fail to deter them, the ISPs threaten to slow or cut off their internet connections. This is a hugely disproportionate response.

"It would not matter who had done the sharing. It would not matter if it was someone else in the building. It would not matter if your machine had been assaulted by malware and used without your knowledge. The ISPs will target suspects, which means that many people on shared internet connections will be cut off under these rules."

He said that this risks "cutting many vulnerable people off from their livelihoods and their means for engaging as a citizen."
http://www.computerweekly.com/Articl...aring-deal.htm





E-Mail Hacking Case Could Redefine Online Privacy
Ellen Nakashima

A federal appeals court in California is reviewing a lower court's definition of "interception" in the digital age, in a case that some legal experts say could weaken consumer privacy protections online.

The case, Bunnell v. Motion Picture Association of America, involves a hacker who in 2005 broke into a file-sharing company's server and obtained copies of company e-mails as they were being transmitted. He then e-mailed 34 pages of the documents to an MPAA executive, who paid the hacker $15,000 for the job, according to court documents.

The issue boils down to the judicial definition of an intercept in the electronic age, in which packets of data move from server to server, alighting for milliseconds before speeding onward. The ruling applies only to the 9th District, which includes California and other Western states, but could influence other courts around the country.

In August 2007, Judge Florence-Marie Cooper, in the Central District of California, ruled that the alleged hacker, Rob Anderson, had not intercepted the e-mails in violation of the 1968 Wiretap Act because they were technically in storage, if only for a few instants, instead of in transmission.

"Anderson did not stop or seize any of the messages that were forwarded to him," Cooper said in her decision, which was appealed by Valence Media, a company incorporated in the Caribbean island of Nevis but whose officers live in California. "Anderson's actions did not halt the transmission of the messages to their intended recipients. As such, under well-settled case law, as well as a reading of the statute and the ordinary meaning of the word 'intercept,' Anderson's acquisitions of the e-mails did not violate the Wiretap Act."

Anderson was a former business associate of an officer for Valence Media, which developed TorrentSpy, a search engine that helped users find "torrents," or special data files on the Internet that can be used to help download free audio, software, video and text. According to court documents, Anderson configured the "copy and forward" function of Valence Media's server so that he could receive copies of company e-mail in his Google mail account. He then forwarded a subset to an MPAA executive.

The documents sent to the MPAA included financial statements and spreadsheets, according to court papers. "The information was obtained in a legal manner from a confidential informant who we believe obtained the information legally," MPAA spokeswoman Elizabeth Kaltman said.

Valence Media alleged that the MPAA wanted those documents to gain an advantage in a copyright infringement lawsuit against the company and its officers.

"The case is alarming because its implications will reach far beyond a single civil case," wrote Kevin Bankston, a senior attorney for the Electronic Frontier Foundation in a friend-of-the-court brief filed Friday. If upheld, the foundation argued, "law enforcement officers could engage in the contemporaneous acquisition of e-mails just as Anderson did, without having to comply with the Wiretap Act's requirements." Those requirements are strict, including a warrant based on probable cause as well as high-level government approvals and proof alternatives would not work.

Cooper's ruling also has implications for non-government access to e-mail, wrote Bankston and University of Colorado law professor Paul Ohm in EFF's brief. "Without the threat of liability under the Wiretap Act," they wrote, "Internet service providers could intercept and use the private communications of their customers, with no concern about liability" under the Stored Communications Act, which grants blanket immunity to communications service providers where they authorize the access.

Individuals could monitor others' e-mail for criminal or corporate espionage "without running afoul of the Wiretap Act," they wrote.

"It could really gut the wiretapping laws," said Orin S. Kerr, a George Washington University law professor and expert on surveillance law. "The government could go to your Internet service provider and say, 'Copy all of your e-mail, but make the copy a millisecond after the email arrives,' and it would not be a wiretap."

In August, 2007, Valence Media shut down TorrentSpy access to the United States due in part to concern that U.S. law was not sufficiently protective of people's privacy, according to its attorney, Ira Rothken.

The Electronic Privacy Information Center also filed a friend-of-the-court brief Friday, arguing that Congress intended to cover the sort of e-mail acquisition Anderson engaged in.
http://www.washingtonpost.com/wp-dyn...080503421.html





RIAA ‘MediaSentry’ Owner Hired by China
p2pnet

It seems somehow fitting that SafeNet, a leader in digital wrongs and owner of seriously discredited RIAA ‘private eye’ MediaSentry, has been hired by the People’s Republic of China.

SafeNet is to provide DRM (Digital Restrictions Management) for in-country live and on-demand online video footage of the 2008 Summer Olympic Games, it boasts.

DRM consumer controls are meant to stop copying. However, companies in all sectors have long been abandoning it as expensive, impractical, unworkable —- and unethical.

However, in regimes such as China, whose citizens live under rigid control, DRM offers many interesting possibilities for suppression and repression.

“CCTV.com … owns exclusive rights to the broadcast of all audio and video content via online and mobile distribution channels across Mainland China and Macau,” says the company.

“CCTV has committed to protect the intellectual property of the IOC against piracy. They are following the China Broadcasting Copyright Protection standard.”

The copyright of the Olympic Games is, “too important to us as it affects the economic interest to the International Olympic Committee, the authorized broadcasting operators and the branding of the Olympic Games”.

So says CCTV.com boss Wang Wenbin.

‘Branding’ of the Olympic Games?

Aren’t they supposed to be held in the spirit of freedom and openness?

Not in China.

“We strongly believe that SafeNet’s DRM solution is reliable and could securely protect the intellectual property for the new media video and voice broadcasting,” says Wang.

But it’s really simple.

Anything which can be seen and/or heard can be copied
http://p2pnet.net/story/16645





Web Chips Away at China's Grip on Information
Ellen Lee

Just days after David Wang produced a mock newscast criticizing Taiwanese officials and uploaded the clip to Tudou, a popular video sharing site in China, it disappeared. What's surprising is not that it was censored - but that it remained online as long as it did.

His experience illustrates how the Internet is challenging China's status quo.

Blogs, forums, social networking, video sharing and other community-oriented sites - known as Web 2.0 - depend on users expressing their opinions. Meanwhile, peer-to-peer services make it easier to share information, from a bootleg copy of the latest Hollywood film to a documentary about Tiananmen Square.

The result is the chipping away of what's referred to as the Great Firewall of China, by which the government tries to control online content even as the country is lured to nurture Internet development for economic reasons.

"You could not see such things happen before in China because of the controlled media," said Isaac Mao, an Internet entrepreneur in Shanghai. Now, he said, "You can see grassroots-based technology helping people become empowered."

For instance, bloggers and citizen journalists armed with cell phones and Internet access have posted photos and videos about everything from a neighborhood traffic accident to the recent Sichuan earthquake. In some cases, they challenge government and corporate actions.

Guo Liang, an associate professor at the Chinese Academy of Social Sciences, uses this analogy to describe the Sisyphean attempts to block the flood of information on the Internet:

"If something happened in the world and there are 10 sources of information on this event, even if I block nine, you can get one. That's enough for you. You don't need the other nine resources. ... Once you get that information, you can forward that to others.

"This is the digital age," he said. "I don't think it will work to block or filter something."

Revisionist history

One 27-year-old information technology employee from Shanghai, who asked that his name not be used for fear of retaliation, said that through the Internet, he discovered different versions of what happened during China's Cultural Revolution and World War II. A friend shared a documentary about the 1989 Tiananmen Square protest that had been downloaded from an overseas file-sharing service.

"It was completely different from what I learned in school," he said. "It's hard to believe the first time you see a different edition of history. At first I felt it's unbelievable. Then I felt angry because I was deceived for such a long time."

Indeed, tech-savvy Internet users have learned how to circumvent the Chinese government's attempts to shield certain information. In online forums, they substitute certain words, such as using a character that sounds like the actual word. They use peer-to-peer services to download otherwise inaccessible information. And they use tools such as Tor, which lets them surf the Internet anonymously and visit blocked Web sites.

A strong critic

Hong Bu, better known as Keso, a popular pony-tailed blogger in his 40s in Beijing, has openly criticized the Chinese government for blocking sites and censoring content.

"It is not like I want to knock down the government or rise in rebellion against government officials," he said. "It is just a shame that there are many good tools and information that we cannot access and use."

But not all Chinese users believe that the Internet should be completely open. Some entrepreneurs and consumers challenged what they described as the foreign media's biased and overly zealous interest in the country's censorship policies. Much more information is available in China than ever, they said.

A recent survey by the Chinese Academy of Social Sciences found that more than 80 percent of Chinese Internet users said they believe the Internet needs to be managed, with 85 percent believing the government should be responsible and 79 percent saying the Internet companies should be in control. Increasingly, the study also found, Chinese Internet users - 41 percent - believe that politics should be controlled online.

Guo, the author, said in reviewing their responses that people are worried not so much about political control as they are about maintaining social stability among China's 1.3 billion people and curbing social ills such as pornography and violence.

Societal gains

Xiao Qiang, director of the China Internet Project and an adjunct professor at UC Berkeley's journalism school, said that despite the continuing game between the government and China's Internet users, the shift toward more user participation and self-expression benefits Chinese society, particularly as it becomes part of the daily fabric of life for China's young Internet users.

"It empowers people," he said. "It changes the configuration of the social structure and fabric. We've only seen the beginning."
http://www.sfgate.com/cgi-bin/articl....DTL&type=tech





If You Run a Red Light, Will Everyone Know?
Brad Stone

WANT to vet a baby sitter? Need to peek into the background of a prospective employee? Curious about the past of a potential date?

Last month, PeopleFinders, a 20-year-old company based in Sacramento, introduced CriminalSearches.com, a free service to satisfy those common impulses. The site, which is supported by ads, lets people search by name through criminal archives of all 50 states and 3,500 counties in the United States. In the process, it just might upset a sensitive social balance once preserved by the difficulty of obtaining public documents like criminal records.

Academics have a term for the old inaccessibility of records like those for criminal convictions: “practical obscurity.” Once upon a time, people in search of this data had to hire private investigators to navigate byzantine courthouses and rudimentary filing or computer systems, and to deal with often grim-faced legal clerks. In a way, the obstacles to getting criminal information maintained a valuable, ignorance-fueled civil peace. Convicts could start fresh after serving their time without strangers knowing their pasts, and there was little risk that unsophisticated researchers could confuse people with identical names.

Well, not anymore. The information on CriminalSearches.com is available to all comers. “Do you really know who people are?” the site blares in large script at the top of the page.

Databases of criminal convictions first moved online several years ago. But users of pay sites like Intelius.com and PeopleScanner.com had to enter their credit card numbers for access — often enough of an obstacle to discourage casual or improper inquiries.

According to Bryce Lane, president of PeopleFinders, the new site draws data directly from local courthouses and offers records of arrests and convictions in connection with everything from murder to minor infractions like blowing past a stop sign — at least for jurisdictions that include traffic violations in their criminal data. It also lets users view a map showing addresses and names of all those arrested or convicted of a crime in a specific neighborhood, and to place alerts that prompt e-mail when someone in their life gets busted or someone with a record moves in nearby.

“We are just trying to provide what’s already out there in an easier fashion, for free,” Mr. Lane said. “We think it’s pretty helpful to families.”

PeopleFinders, originally called Confi-Check, was founded in 1988 by Rob Miller, a former investigator for Intel. PeopleFinders has been selling records to consumers for the last decade and recently acquired a large public-records firm — Mr. Lane declines to say which one because the transaction was private — that allowed it to introduce the expanded free service.

Mr. Lane concedes that his site contains some mistakes. Every locale has its own computer system, he notes, and some are digitizing and updating records faster than others.

A quick check of the database confirms that it is indeed imperfect. Some records are incomplete, and there is often no way to distinguish between people with the same names if you don’t know their birthdays (and even that date is often missing).

To further test the site, I vetted some of my colleagues at The New York Times. One, who shall remain nameless, had a recent tangle with the law that the site labeled a “criminal offense,” while adding no other information. Curious, I called my colleague with the date and city of the now very public ignominy. The person was stunned to know that the infraction — a speeding ticket — was easily accessible and described as criminal.

“I went to traffic school so this wouldn’t appear on my record. I’m in shock. This blows me away,” my colleague said, demanding that I ask PeopleFinders how to have the record removed. “I don’t necessarily want you all knowing that I’m a fast driver.”

PeopleFinders’ response: take it up with the authorities. When they update their records, the change will automatically appear on CriminalSearches.com.

My colleague’s quandary illustrates why privacy advocates work themselves into knots about this kind of site. In the past, Congress carefully considered how the public should use criminal records. Amendments to the Fair Credit Reporting Act in 1997 required that employers who hire investigators to obtain criminal records from consumer reporting agencies advise prospective employees of the search in advance, and disregard some types of convictions that are older than seven years.

“I don’t think Congress stuck that in there randomly,” says Daniel J. Solove, a professor of law at the George Washington University Law School and author of “Understanding Privacy.” “Congress made the judgment that after a certain period of time, people shouldn’t be harmed by having convictions stick with them forever and ever.”

BUT now, of course, none of the old restrictions apply. The information is available from a variety of sources, and now free. Jurors can and almost certainly will be tempted to look up criminal pasts of defendants in their cases. And employers can conduct searches themselves without hiring investigators. Mr. Lane of PeopleFinders says that employers cannot legally use the database in making hiring decisions — but there is nothing to stop them.

A recent investigation at the Justice Department demonstrates how once-obscure, now easily accessible public information can be abused in egregious ways. The investigative report by the department’s inspector general and internal ethics office said government lawyers mined sites like Tray.com and OpenSecrets.org, which report on individual political contributions, to discover political affiliations of job candidates.

But the Internet entrepreneurs who are making public records accessible have little patience for the privacy worrywarts who are getting in the way of their business goals.

“I think people generally understand the 21st-century reality that this type of public information is going to be widely available,” said Nick Matzorkis, the chief executive of ZabaSearch, a search engine that provides people’s addresses and phone numbers, culled from public records. CriminalSearches.com “is another indication of the inevitability of the democratization of public information online,” Mr. Matzorkis said.

Mr. Lane of PeopleFinders concurs and compares his site to the seat belt, saying it will make everyone safer.

Of course, that is easy for them to say. According to CriminalSearches.com, they are both clean.
http://www.nytimes.com/2008/08/03/te...y/03essay.html





Hail to the Twitterer
Mark Leibovich

Washington — Big surprise: a lot of smarty-pants computer types have been snickering at John McCain lately.

The self-described “Neanderthal” of the Grand Old Party (emphasis, old) has been catching flack for admitting that he is no techno-geek. He not only did not invent the Internet, he can barely use it.

“I don’t expect to set up my own blog,” he told the New York Times reporters Adam Nagourney and Michael Cooper. The Times has learned that Mr. McCain does not text, Treo or Twitter, either.

How would he possibly spend his time in the White House?

We joke, but the serious question — and one that has occupied many of the blogs and discussion groups that Mr. McCain does not partake of — is whether the computing habits of the presumptive Republican nominee should have any bearing at all on his fitness to be commander in chief.

While 73 percent of American adults use the Internet (only 35 percent 65 or older), according to a survey by the Pew Internet and American Life Project, it’s likely that many of them would rather have a president who can get Osama bin Laden than get online. And there is a common belief that says being president should be more a “vision” job than a “management” job, and that the clutter of a digital life can only distract from the Big Picture and Deep Thoughts a leader should be concerned with. In other words, would we really want a president “friending” from the Oval Office, scouring Wikipedia for information on Iran’s nuclear program or fielding e-mail from someone claiming to be “Nigerian general” seeking an American bank account for embezzled millions?

As a practical matter, probably not. Presidents can avoid using computers if they want to. That’s one of the privileges of the office. They are surrounded by a staff entrusted with keeping them plugged in, day and night.

So why have Mr. McCain’s admissions of digital illiteracy sparked such ridicule in wiseguy circles?

Computers have become something of a cultural marker — in politics and in the real world. Proficiency with them suggests a basic familiarity with the day-to-day experience of most Americans — just as ignorance to them can suggest someone is “out of touch,” or “old.”

“We’re not asking for a president to answer his own e-mail,” said Paul Saffo, a Silicon Valley futurist who teaches at Stanford. “We’re asking for a president who understands the context of what e-mail means.”

The “user experience,” Mr. Saffo said, brings with it an implicit understanding of how the country lives, and where it might be heading. As Mr. McCain would lack this, he would also be deficient in this broader appreciation for how technology affects lives.

There will always be people who take great delight in the powerful betraying cluelessness over technology. When Senator Ted Stevens, Republican of Alaska, was indicted last week on charges of filing false financial disclosures, the news was met with reminders that he once referred to the Internet as a “series of tubes.” Some mocked President Bush, too, when he referred to his using “the Google” and “the Internets.” Mr. Bush used to e-mail but gave it up when he became president because of concerns about security and a paper trail — the same things, presumably, a successor would consider.

In the rarefied context of the Oval Office, however, there can be great value in having a president who has an intuitive sense of how a technology works, said Tom Wheeler, a telecommunications entrepreneur and investor who wrote the recent book “Mr. Lincoln’s T-Mails: The Untold Story of how Abraham Lincoln Used the Telegraph to Win the Civil War.”

“I don’t think it’s so much a question of what a president is doing today,” Mr. Wheeler said. “It’s a question of how responsive are you to the fact that there will be continuing technological change during your term.”

Mr. Wheeler, a supporter and fundraiser for Mr. McCain’s Democratic rival, Senator Barack Obama, said that Lincoln was the model of a president who embraced technology. Lincoln’s mastery of the telegraph machine not only put him well ahead of most of his constituents on the technology curve but also allowed him to speak directly to his generals and track their actions.

Lincoln gave a speech in 1860 that said the United States’ responsiveness to new technology was the chief virtue separating it from Europe. The speech begins, “All creation is a mine, and every man a miner.”

It’s no surprise that Mr. McCain — standard-bearer of the party of Lincoln — has moved to press delete on the notion that he is a Luddite.

“I do understand the importance of the computer,” Mr. McCain reassured in The San Francisco Chronicle last week. “I understand the importance of the blogs.” He said, “I am forcing myself — let me put it this way, I am using the computer more and more every day.” But keeping up with technology “doesn’t mean that I have to e-mail people,” he said. “Now, I read e-mails.” The staff is “constantly showing them to me as the news breaks during the day.”

This was a decidedly different Mr. McCain from the one who said in South Carolina last year that it was important for leaders to communicate with bloggers, “as painful as that might be.”

Or the Mr. McCain who in an interview with Fortune magazine two years ago called himself a “Neanderthal” about computers, in contrast to his wife, Cindy, whom he called a “wizard.”

“She even does my boarding passes — people can do that now,” Mr. McCain marveled. “When we go to the movies, she gets the tickets ahead of time. It’s incredible.”

Mr. McCain’s sense of wonder evoked the episode in the early 1990s when George H. W. Bush became overly impressed upon seeing a price scanner at a supermarket check-out counter. It suggested to some people that the president, who had spent four years in the White House after spending eight years as vice president, was out of touch with the lives of average Americans.

The McCain campaign is sensitive to the notion that his limited knowledge of computing could be taken as a signal that he is blind to technology.

“You don’t actually have to use a computer to understand how it shapes the country,” said Mark Soohoo, a McCain aide for online matters, at a conference on politics and technology. “You actually do,” interrupted Tracy Russo, a former blogger for John Edwards.

Not knowing how to use a computer could reinforce a notion that Mr. McCain subscribes to the old-way-of-thinking, said Michael Feldman, a veteran of the Clinton White House and a top aide to former Vice President Al Gore. It creates a problematic “optic” for the McCain campaign, Mr. Feldman said, especially when juxtaposed with the younger Mr. Obama, frequently photographed with BlackBerry on his belt clip.

“There’s a certain tempo to the thinking of someone who uses all kinds of new media,” said Mr. Saffo, who said he would anoint Mr. Obama, if elected, “the first cybergenic president,” just as John F. Kennedy was considered the first telegenic president.

McCain supporters point out that his ranking position on the Senate Commerce Committee has steeped him in issues important to the technology sector.

“If John McCain needs to rely on a young staffer to set up his Facebook page, then so be it,” said Ed Kutler, a Republican lobbyist and former aide to the cybersavvy former House Speaker Newt Gingrich. “I can live with that.”
http://www.nytimes.com/2008/08/03/we...leibovich.html





Facebook: Children Evade Social Websites' Age Limits
John Carvel

Nearly a quarter of children between the ages of eight and 12 are evading the age restrictions imposed by social networking sites Facebook, Bebo and MySpace, a poll of young people revealed last night.

The results suggest that more than 750,000 children are illicitly using the sites - which are supposed to be limited to teenagers and adults - potentially exposing them to risky communications with strangers.

The poll of 1,000 children was commissioned by Garlik, an online information company, which said parents are responding by secretly logging on to their children's social networking pages to detect any reckless online behaviour.

A parallel poll of 1,000 parents found 72% try to protect their children by monitoring the contacts they make online. It found 26% of parents have set up their own social networking page from which they can spy on the children's activities.

Tom Ilube, chief executive of Garlik, said: "The fact that parents feel compelled to monitor their children on this scale should send a powerful message to the big social networking sites.

"With three quarters of a million underage users in the UK, Facebook, MySpace and Bebo need to take their own age restriction policies far more seriously to help allay parents' real fears."

Facebook and Bebo set a minimum age limit of 13 for users to register online and Myspace sets the limit at 14.

The poll found children spend an average of one hour a day on social networking sites. About a quarter of eight- to 15-year-olds admitted having strangers as friends on their social networking page. A fifth claimed to have met strangers they had encountered online. Two-thirds said they posted personal information on their pages, including their school and their mobile phone number.

Ilube added: "Children are at the vanguard of the social networking phenomenon, using sites such as Facebook and Bebo in the same way other generations used the telephone. With the summer holidays upon us and kids spending hours on the internet, busy parents can't be expected to monitor their children's activities all the time."

The poll of parents found 58% said they had become more diligent than a year ago at monitoring their children's use of social networking sites, and 89% said they had spoken to their children about the dangers involved.
http://www.guardian.co.uk/technology...rking.facebook





Craigslist Troll Gets Sued
Lou Cabron

Nearly two years ago, Jason Fortuny placed a fake sex ad on Craigslist pretending to be a woman seeking casual sex, and then published the photographs of anyone who responded. Now one of his victims has filed a $75,000 lawsuit against Fortuny in U.S. District Court, and this summer (after four months of effort) finally obtained a valid address for Fortuny and issued a summons.

Two weeks ago — as the New York Times was preparing their article — Fortuny was writing an eight-page letter to the judge finally defending his "Craigslist experiment" against the legal charges, and offering his own testimony about the event. "I take it back," Fortuny wrote recently on his blog. "You might get sued if you do a Craigslist Experiment..."

But it's still very complicated.

According to the suit Fortuny "acted with actual malice to harm and deceive the individuals responding to the Craigslist ad." The suit demands a jury trial and seeks a full slate of damages — compensatory, statutory, and punitive, plus attorney's fees and costs.

"Plaintiff has suffered, and continues to suffer, harm arising from the foregoing wrongful conduct by Mr. Fortuny," the lawsuit complains, identifying the victim as John Doe and arguing that the incident affected his private life "and the manner in which he is viewed among family, friends, and colleagues."

Fortuny's prank traumatized John Doe, it argues, causing him to "suffer and continue to suffer from humiliation, embarrassment, lost opportunity of keeping his family together, and emotional distress."

John Doe is asking that Fortuny be enjoined from publishing the photo, that Fortuny destroy his copy of the photo (and sexy email), and to "cooperate in the removal...from any cached sites."

The specific charges?

Count one: Violation of copyright act
Count two: Public disclosure of private facts
Count three: Intrusion upon seclusion
Count four: Injunctive relief

http://www.10zenmonkeys.com/2008/08/...oll-gets-sued/





EFF Urges Judge to Dismiss MySpace Case
Holly Jackson

The Electronic Frontier Foundation is opposing the prosecution of a Missouri mom who allegedly created a fake MySpace account to harass a teenage neighbor, saying the prosecutors' misuse of a federal law that targets computer fraud could turn millions of Americans into criminals.

The civil liberties organization filed an amicus brief Friday, urging a Los Angeles federal judge to dismiss the indictment of Lori Drew. She was charged in May with felony conspiracy and three counts of intentionally accessing a protected computer without authorization when she violated MySpace's terms of service.

The EFF, a prominent voice in Web advocacy, said in a release Monday that "criminal charges for a 'terms of service' violation is a dramatic misapplication of the CFAA (Computer Fraud and Abuse Act), with far-ranging consequences for American computer users." The organization adds--in theory at least--that users who don't read the terms of service on Web sites they visit would be accused of a federal crime.

The CFAA is usually used to prosecute hackers and identity thieves. But the EFF argues that citing the law for a terms of service violation would mean, for example, that anyone under the age of 18 who uses the Google search engine would face criminal charges.

According to police, Drew created a fake MySpace account and posed as a teenager named "Josh Evans" to befriend and verbally attack 13-year-old Megan Meier, a former friend of Drew's daughter. It was reported that after a particularly hurtful conversation with "Josh" in October 2006, Megan committed suicide in her O'Fallon, Mo., home.

The case drew national attention after a local newspaper reported the story, but Missouri prosecutors could not prove that Drew broke any laws. Instead, charges were brought in a Los Angeles federal court, utilizing the CFAA to indict Drew for violating MySpace's terms of service.

According to those terms, users agree that: "By using the MySpace Services, you represent and warrant that all registration information you submit is truthful and accurate and you will maintain the accuracy of such information." Members also acknowledge that harassment is prohibited.

The argument now being made by the EFF was advanced by Drew's attorney in late July. He said the law being used to prosecute Drew is flawed, unconstitutionally vague, and tries to criminalize behavior committed by millions online every day. Drew faces 20 years in prison; she has pleaded not guilty.

Although the EFF is campaigning against the indictment of Drew, it nonetheless called Meier's suicide "tragic."
http://news.cnet.com/8301-1023_3-10006165-93.html





Fair Use Prevails Over Michael Savage's Copyright Claims
Kurt Opsahl

On Friday, a U.S. District Court granted the motion for judgment on the pleadings we and our co-counsel Tom Burke of Davis Wright Tremaine LLP filed in a copyright infringement suit brought by talk show host Michael Savage against the Council on American-Islamic Relations. Savage had sued CAIR back in December 2007, alleging that CAIR infringed the copyright in his show when it posted on its web site brief excerpts from Savage's radio program in order to criticize Savage's remarks. Savage also added a federal racketeering claim stemming from that alleged copyright infringement.

Judge Susan Illston recognized that CAIR's use of four minutes from one of Savage's two hour radio programs to criticize Savage is protected under the fair use doctrine. The Copyright Act specifically makes clear that third parties may utilize copyrighted works for purposes of commentary or criticism, as CAIR did in this case. For purposes of the motion, the Court assumed all the allegations in the complaint were true, and still found that CAIR's use of the excerpts was protected. As the Court noted:

The complaint affirmatively asserts that the purpose and character of [CAIR's] use of the limited excerpts from the radio show was to criticize publicly the anti-Muslim message of those excerpts. To comment on [Savage's] statements without reference or citation to them would not only render [CAIR's] criticism less reliable, but be unfair to [Savage]. Further, it was not unreasonable for [CAIR] to provide the actual audio excerpts, since they reaffirmed the authenticity of the criticized statements and provided the audience with the tone and manner in which [Savage] made the statements.

Savage was also unable to show any copyright damages from the criticism. As the Court noted,

plaintiff fails to allege or suggest an impact on the actual or potential sale, marketability, or demand for the original, copyrighted work. ... Plaintiff instead alleges that defendants caused him financial loss in advertising revenue. Assuming the truth of this allegation, it relates only to the economic impact on future shows, and has no impact on the market for the original, copyrighted show on October 29, 2007.

Copyright law protects the market for the the copyrighted work, but was never designed to protect the author against having to face critics, or the consequences of criticism. Even if Savage's advertisers choose to pull their ads because of a compelling critique, his free speech rights have not been violated. Savage, who has his own daily radio program with millions of listeners, remains free to compete in the marketplace of ideas, even though he is now prevented from using the legal process to silence critics.

After carefully analyzing Savage's copyright claim, the Court concluded "that the defects of plaintiff’s Second Amended Complaint will not be cured by amendment, [and therefore] plaintiff’s copyright claim is dismissed without leave to amend."

The Court also addressed Savage's racketeering claim. Finding numerous flaws in the complaint, including a failure to comply with the Federal Rules of Civil Procedure, the Court dismissed the claim with leave to amend.

According to the San Francisco Chronicle, Savage's attorney Daniel Horowitz acknowledged that the opinion was "very carefully thought-out," but promised to file a revised complaint on the racketeering charges. Savage's own website, however, was soliciting donations to "Help me file an appeal."
http://www.eff.org/deeplinks/2008/07...es-copyright-c





Applications Spur Carriers to Relax Grip on Cellphones
Laura M. Holson

In the first 10 days after Apple opened its App Store for the iPhone, consumers downloaded more than 25 million applications, ranging from games like Super Monkey Ball to tools like New York City subway maps. It was nothing short of revolutionary, not only because the number was so high but also because iPhone users could do it at all.

Consumers have long been frustrated with how much control carriers — AT&T, Verizon Wireless, Sprint and the like — have exerted over what they could download to their mobile phones. But in the last nine months, carriers, software developers and cellphone makers have embraced a new attitude of openness toward consumers.

Verizon Wireless, which said in November that it would open its network to any device maker that could create a mobile phone compatible with its network, has already welcomed a few business-oriented devices. It hopes to announce new consumer phones in the coming months. When the world’s largest cellphone maker, Nokia, recently took full ownership of Symbian, which owns a popular mobile operating system, it agreed to share the software with other phone makers.

And on Monday, the LiMo Foundation, an alliance of companies promoting a rival operating system open to makers of all wireless devices, is announcing that seven new mobile phones would use that system, bringing the number to 21.

AT&T, like Verizon, has followed suit with a promise to also open its networks.

But the pressure on AT&T is also coming from another direction: Apple, its iPhone partner. AT&T has no control over the applications downloaded to the iPhones, which AT&T offers exclusively. But the proliferation of new applications and the realization that they only make cellphones more popular has convinced executives there that they need to give consumers more freedom.

The industry, of course, has selfish reasons for promoting openness. Applications spur the use of higher-priced wireless data plans and the purchase of more expensive smartphones. “What is most important for us is to have a customer sign up for a plan," said Ralph de la Vega, who is in charge of AT&T’s wireless unit. “We think we can have multiple ways to make money.”

Silicon Valley’s venture capitalists are already salivating over the enthusiasm for cellphone applications. Their investments in this category rose 90 percent in the first half of 2008, to $383 million, from the second half of 2007, according to Rutberg & Company, a technology research firm based in San Francisco.

Analysts and industry executives agree that Apple, a new entrant to the cellphone market, deserves credit for spurring the carriers and cellphone makers to change.

But there is something bigger at play, too. The market for smartphones, which are really handheld computers, has quickly expanded beyond business users. They have gone mainstream, with teenagers and women finding novel uses for them — texting snippets of their lives to friends or tracking friends on maps. The carriers and the handset makers realize they have to make the phones adaptable to those new customers.

“What is happening is inevitable,” said Walter Piecyk, a communications analyst at the research firm Pali Research who studies the mobile phone market. “Companies can’t really stop it. They might as well embrace it. Consumers are demanding these types of devices, which is good for everyone.”

Of course, consumers should be careful what they wish for. Already there are at least six major operating systems for cellphones — Linux, Symbian and BlackBerry, as well as those made by Microsoft, Palm and Apple. And more are coming. Google expects the first phones in its Open Handset Alliance, which will use its Google Mobile operating system, to be out this fall. Consumers may find it confusing that some applications work only for certain phones because developers do not have the time or money to adapt projects to every operating system.

Consumers will also come to realize that “open” comes with an asterisk. The word means what the carriers, handset makers and software developers want it to mean. For example, Verizon’s open system is “open” only to phones it has certified. IPhone users can download only the applications Apple has approved.

Still, many developers agree that Apple is less restrictive than AT&T or Verizon.

“While the iPhone is closed, it does have the openness characteristics, which are unique,” said Kevin J. Martin, chairman of the Federal Communications Commission and a proponent of more open networks.

If consumers are curious about what the mobile phone of the future might look like, they have to look no farther than OpenMoko, a Taiwanese cellphone maker that began selling the Neo Freerunner in July. The Freerunner, a six-ounce phone that sells for $400 and works on the T-Mobile and AT&T networks, has a three-inch touch screen and data storage, like many other smartphones. But what makes it unusual is that technologically savvy buyers can create or download personalized programs.

“What we want to do is bring the openness of the personal computer to the phone,” said Michael Shiloh, who is in charge of developer relations at OpenMoko. “We want people to be able to play around. You can’t do that now on a mobile phone.”

For now, Neo Freerunner is not a mainstream device. But a group of archeologists, Mr. Shiloh said, have developed a program that allowed them to create maps using Global Positioning System technology that more precisely catalog finds at their archeological sites. And he envisioned a day when creative programmers could combine different tools, like Wikipedia, directories and G.P.S., to create uniquely personalized phone applications.

Mr. Shiloh said his 13-year-old daughter told him recently that she wanted to create her own mobile games. “To some extent, it may sound geeky,” Mr. Shiloh said. “But considering we have a population of people who have grown up creating their own Web pages, it’s not unfathomable.”

With independence, consumers develop a relationship not with their carrier but with the phone or the applications on the phone. Google, one of the most strident proponents of the move to openness, is certainly aware of that as it builds an operating system that could allow anyone to add applications to any phone using Google Mobile software — without going through a carrier.

“If I’m a developer, my job is to surprise and delight as many people as I can,” said Matt Waddell, a product manager for Google Mobile. “That’s hard right now because of this fragmentation. We want that to go away for very selfish reasons. We can tell people to go to Google.”

He added: “The Internet is not owned by any one company.”
http://www.nytimes.com/2008/08/04/te...gy/04open.html





Air Force Cracks Software, Carpet Bombs DMCA
John Timmer

Last week, a US Court of Appeals upheld a ruling on software piracy. The organization doing the piracy, however, happened to be a branch of the US government, and the decision highlights the significant limits to the application of copyright law to the government charged with enforcing it. Most significantly, perhaps, the court found that because the DMCA is written in a way that targets individual infringers, the government cannot be liable for claims made under the statute.

The backstory on the case involved, Blueport v. United States, borders on the absurd. It started when Sergeant Mark Davenport went to work in the group within the US Air Force that ran its manpower database. Finding the existing system inefficient, Davenport requested training in computer programming so that he could improve it; the request was denied. Showing the sort of personal initiative that only gets people into trouble, Davenport then taught himself the needed skills and went to work redesigning the system.

Although Davenport did his development on a personal system at home, he began to bring beta versions of his code in for testing, and eventually started distributing his improved system within his unit, giving the software a timed expiration. A demonstration to higher-ups led to a recommendation for his immediate promotion, but that was followed by demands that the code for his software be turned over to the USAF.

Davenport responded by selling his code to Blueport, which attempted to negotiate a license with the Air Force, which responded by hiring a company to hack the compiled version by deleting the code that enforced the expiration date. Blueport then sued, citing copyright law and the DMCA.

DMCA: We'll enforce it, but won't abide by it

The Court of Federal Claims that first heard the case threw it out, and the new Appellate ruling upholds that decision. The reasoning behind the decisions focuses on the US government's sovereign immunity, which the court describes thusly: "The United States, as [a] sovereign, 'is immune from suit save as it consents to be sued . . . and the terms of its consent to be sued in any court define that court’s jurisdiction to entertain the suit.'"

In the case of copyright law, the US has given up much of its immunity, but the government retains a few noteworthy exceptions. The one most relevant to this case says that when a government employee is in a position to induce the use of the copyrighted material, "[the provision] does not provide a Government employee a right of action 'where he was in a position to order, influence, or induce use of the copyrighted work by the Government.'" Given that Davenport used his position as part of the relevant Air Force office to get his peers to use his software, the case fails this test.

But the court also addressed the DMCA claims made by Blueport, and its decision here is quite striking. "The DMCA itself contains no express waiver of sovereign immunity," the judge wrote, "Indeed, the substantive prohibitions of the DMCA refer to individual persons, not the Government." Thus, because sovereign immunity is not explicitly eliminated, and the phrasing of the statute does not mention organizations, the DMCA cannot be applied to the US government, even in cases where the more general immunity to copyright claims does not apply.

It appears that Congress took a "do as we say, not as we need to do" approach to strengthening digital copyrights.

A sad footnote to this story is that we became aware of it through the blog of copyright lawyer William Patry, only to see Patry shut down the blog late last week. Patry says that a major factor in his decision was frustration with the current state of copyright law and with the aggressive stupidity that he felt typified a number of responses to his musings on the law.

But Patry also cites the inability of many to separate his personal thoughts on copyright from those he voices through his duties as Google's Senior Copyright Counsel. Given that Google (and many other companies) offer many significant announcements through their blogs, and Patry is notable in part due to his employer, this sort of confusion seems inevitable; still, it's unfortunate that it has brought a (temporary?) end to such a learned and public voice on copyright issues.
http://arstechnica.com/news.ars/post...ombs-dmca.html





FISA and Border Searches of Laptops
Steven Bellovin

There's been a lot of attention paid recently to the issue of laptop searches at borders, including a congressional hearing and a New York Times editorial. I've seen articles with advice on how to protect your data under such circumstances; generally speaking, the advice boils down to "delete what you can, encrypt the rest, hope that Customs officials don't compel production of your key, and securely clean up the deleted files". If you need sensitive information while you're traveling, the usual suggestion is to download it over a secure connection, per the EFF:

Quote:

Another option is to bring a clean laptop and get the information you need over the internet once you arrive at your destination, send your work product back, and then delete the data before returning to the United States. Historically, the Foreign Intelligence Surveillance Act (FISA) generally prohibited warrantless interception of this information exchange. However, the Protect America Act amended FISA so that surveillance of people reasonably believed to be located outside the United States no longer requires a warrant. Your email or telnet session can now be intercepted without a warrant. If all you are concerned about is keeping border agents from rummaging through your revealing vacation photos, you may not care. If you are dealing with trade secrets or confidential client data, an encrypted VPN is a better solution.

But is it?

When a laptop is searched, the customs agents are not looking for drugs embedded in the batteries or for whether or not the connectors have too much gold on the contacts. Rather, they're looking for information.

In that sense, it would seem to make little difference if the information is "imported" into the US via a physical laptop or via a VPN, or for that matter by a web connection. The right to search a laptop for information, then, is equivalent to the right to tap any and all international connections, without a warrant or probable cause. (More precisely, one always has a constitutional protection against "unreasonable" search and seizure; the issue is what the definition of "unreasonable" is.)

According to an analysis of the revisions to FISA, "the bill affirmatively permits electronic surveillance without any warrant for Americans' international communications when the NSA is "targeting" a foreigner or group abroad." By contrast, a border search targets a particular individual entering the country, rather than some foreign group. But if warrantless searches for information are legal, does this provide a non-statutory extension to FISA, a way to justify warrantless wiretapping beyond what FISA already permits?

It gets worse. In general, one has no right to hide contraband from customs agents when crossing the border. Is hiding imported information — that is to say, using an encrypted international connection — improper? Put another way, is using encryption on an international connection the equivalent of hiding physical objects in a false-bottomed suitcase? If so, it is saying that the government must have access to all keys, a notion that was quite thoroughly discredited (and rejected by the American public) during the debate over the Clipper chip in the 1990s.

What about a court order compelling disclosure of a key or passphrase? The legal situation is quite unclear. In in re Boucher, a judge ruled that the Fifth Amendment protection against self-incrimination could be used to deflect a request for a passphrase. While the judge's reasoning is suspect based on the facts of this particular case, his reasoning struck me as sound. Also note that Boucher was a criminal case; the situation in a civil case is more less clear, since the protection against self-incrimination would not apply.

There's one more philosophical point to consider. Restricting the public's access to "foreign" information is antithetical to the basic principles of the First Amendment, and of Freedom of Thought. Trying to restrict access to information in this way is the moral equivalent of the practice of denying visitor visas to Communists (imagined or real) during the 1950s.

Perhaps I'm carrying my arguments too far. Perhaps the slope isn't as slippery as I've portrayed it, though Kerr seems to agree that the Constitution would permit warrantless searches of international connections. At the least, we need a clear statement of what the rules are for government access to imported information, whether carried in physically or electronically.
http://www.cs.columbia.edu/~smb/blog...008-07-10.html