PTO: P2P threatens national security

The U.S. Patent & Trademark Office apparently thought it wasn't in the headlines enough this month. On March 5, it issued a press release announcing a November 2006 report (1.22mb) which claims that P2P networks threaten national security. The logic is, at best, bad and, at worst, intentionally deceptive.

Information Week reports:

The report, which the patent office recently forwarded to the U.S. Department of Justice, states that peer-to-peer networks could manipulate sites so children violate copyright laws more frequently than adults. That could make children the target in most copyright lawsuits and, in turn, make those protecting their material appear antagonistic, according to the report.

Conclusion: Software is to blame when record companies act without social responsibility. The article continues:

File-sharing software also could be to blame for government workers who expose sensitive data and jeopardize national security after downloading free music on the job, the report states.

"There are documented incidents of P2P file sharing where Department of Defense sensitive documents have been found on non-U.S. computers with no protection against hostile intelligence," the Patent and Trademark Office explained in a statement.

The basis for this last statement is apparently a bullet point on page 22 of the report, which quotes an unnamed and undocumented source within the Department of Homeland Security as stating: "There are documented incidents of P2P file sharing where Department of Defense (DoD) sensitive documents have been found on non-US computers with no protection against hostile intelligence services." No documentation (or even a footnote) is provided in this report, however. The PTO report does not even state who within DHS made this claim or in what context.

Email me if you're interested in the betting pool on whether this "fact" was made up by DHS or by the PTO.

Via Bruce Schneier.

Government Document Generator

Sunlight Labs has an amusing toy called the Government Document Generator. (Via Technology Liberation Front)

iRack

MadTV spoofs Apple's iEverything. Funny!

Bombs, Bombs Everywhere?

After the dust settled in Boston, Bruce Schneier took a look around. (Not until after he blasted the Boston authorities, however.) Here's what he wrote:

In New Mexico, a bomb squad blows up two CD players, duct-taped to the bottoms of church pews, that played pornographic messages during Mass. This is a pretty funny high school prank and I hope the kids that did it get suitably punished. But they're not terrorists. And I have a hard time believing that the police actually thought CD players were bombs.

Meanwhile, Irish police blew up a tape dispenser left outside a police station.

And not to be outdone, the Dutch police mistook one of their own transmitters for a bomb. At least they didn't blow anything up.

Okay, everyone. We need some ideas, here. If we're going to think everything weird is a bomb, then the false alarms are going to kill any hope of security.

Photo ID required to eat pancakes

An IHOP restaurant in Massachusetts required a photo ID before it would seat hungry people — until an outcry caused it to change that policy.

QUINCY, Mass. — John Russo has been a victim of identity theft. So when he was asked to fork over a photo ID just to be seated at an IHOP pancake restaurant, he flipped. "'You want my license? I'm going for pancakes, I'm not buying the Hope diamond,' and they refused to seat us," Russo said, recounting his experience this week at the Quincy IHOP.

Via Bruce Schneier

Depublishing the war continues

Here is a somewhat clever exercise in depublishing by President George W. Bush — more sophisticated than the last one I commented on, two years ago.

The White House published a subtly-doctored video of his May 1, 2003 speech on the deck of the USS Abraham Lincoln. His contemporaneous press release touted the end of combat operations. When it became clear that the combat was continuing, the White House altered its release to refer only to major combat operations (whatever that means). The video that now accompanies the release has been subtly altered to crop out the "Mission Accomplished" banner that was the President's backdrop. Paul -V- at Brainshrub.com has the explanation on video: link.

Misguided Balance

Matthew Nisbet asks an important question over at his new blog, Framing Science. The post in question is "MISGUIDED BALANCE: The Question of the Day." His question and the articles he links to are highly recommended reading.

If Judge John E. Jones III, a conservative, a lifelong Republican activist, an assistant Scout Master, appointed by George W. Bush, close friends with Rick Santorum, and with aspirations to be Governor of Pennsylvania, can weigh the evidence for and against intelligent design and conclude that it is perhaps the most one-sided policy debate in history, a "slam dunk," why couldn't many political reporters do the same in their coverage leading up to the trial?

In other words, why did reporters in so many cases resort to an artificial "he said, she said" balancing in their coverage of intelligent design when there was an *OVERWHELMINGLY* clear basis by which to evaluate claims?

Sorry Everybody (or not?)

There was much talk of the polarization of America this year; I thought this might subside after the election, but I was obviously wrong. At least now we are getting something funny out of this mess. The rise of apology and anti-apology web sites has been quite entertaining. I especially recommend the panda photo.

Chilling Juxtaposition

This evening a chilling juxtaposition was brought to my attention. The national red/blue map from this week's Presidential election looks strikingly like this 1860 map of state & territory alignments prior to the Civil War. If ever we needed our President not to make a mockery of reaching out and inclusion, it is now.

Election 2004 Results

Source: USA Today

Free States and Slave States, before the Civil War

Source: Annenberg/CPB Learner.org

Grand Canyon: A Questionless Inquiry

Last year, the National Park Service began distributing a book by Tom Vail, a veteran tour guide at Grand Canyon National Park and head of Canyon Ministries. The book, Grand Canyon: A Different View (available online at the Institute for Creation Research) argues that the eponymous gorge was formed quickly — Diluvially, in the Noachian flood — and not gradually, by millennia of erosion.

After a (relatively anemic) public outcry, President Bush promised that his administration would "review" the sale of the book at national park gift shops. According to Public Employees for Environmental Responsibility (PEER), the review was discarded the moment the public had turned its attention elsewhere. The book is still on sale at the park, where the administration has also reinstalled bronze plaques bearing bible verses at scenic overlooks (from which they had previously been removed, on the advice of Interior Department lawyers). PEER's press release has more details. PEER also claims to have compiled numerous other examples of what it has dubbed Bush's "faith-based parks" agenda.

Political Science II

Anyone who reads DTM :<| knows what I think about President Bush's manipulation of science for political and religious ends (see, e.g., 1, 2, 3) and John Marburger's sale of his professional soul. (To be fair, there have been occassional, but unfortunately small, bright spots.) In this week's e-Skeptic, the editors of Skeptic Magazine have put together a summary of major events in this saga. See: "The Politicization Of Science in the Bush Administration: Science-As-Public Relations" and "'Political' Science."

Die Wende in New York?

Jonah Langenbeck, the blogger behind Spastic Robot, posted an noteworthy article an hour ago: "A Wende for Our Times; NYC, the GOP and hundreds of thousands of techno-protestors."

The Bruce Sterling short story "Deep Eddy" is about the events surrounding a massive cataclysmic event called a Wende in Düsseldorf in the year 2035. Sterling's Wende is a massive confluence of various protests, electronic disturbances and random anarchic actions that combine to create an event so chaotic that it crashes every system in the urban infrastructure that it occurs within. It starts with small plans by numerous and varied groups of activists, artists, and other assorted troublemakers who then multiply into a heterogeneous body of critical mass. Sterling describes the Wende as, "rumor, boosted by electronic and digital media, in a feedback-loop with crowd dynamics and modern mass transportation. A non-linear networking phenomena". […]

In German wende literally means "climactic period", "turning point", "rebound", "reversal" and about 14 other things related to a period of sweeping change. In the common German parlance die Wende describes the era surrounding the falling of the Berlin Wall and the period preceding reunification. It was a time of anarchic jubilation and intense political uprising, which led to massive transformative social changes. Die Wende was all about the multitude coming together to fight against a repressive political apparatus that had miserably failed the citizenry both in a moral and economic sense. […]

That this event will be anything less than similar to Sterling's description of the Wende is doubtful. At the very least a very large number of protestors will participate in one of the most varied, vocal and interesting political protests in American history. At the most extreme, the massive disturbance will awaken a number of American citizens to what the Bush administration is really up to and set off a sequence of events that will alter our political landscape.

(Links added) Via BoingBoing

Olympic-sized trouble

The International Olympic Committee claims that President Bush has violated its trademark rules by using Olympic trademarks in his campaign messages. I have not seen the accused TV ad, but a still image at the Minneapolis Star Tribune site clearly shows a caption visible during at least some of the commercial: "Approved by President Bush and paid for by Bush Cheney '04, Inc." Says the Tribune: "The TV ad doesn't feature the five Olympic rings -- one of the world's most recognizable images -- but an announcer tells viewers that at "this Olympics, there will be two more free nations," referring to the U.S.- led invasions of Afghanistan and Iraq."

The mainstream American press also reports that the Iraqi soccer team is furious at being made pawns. The LA Times (free reg.) headline: "Iraq Olympians Say Bush Is Not on Their Team." The team made its feelings public a few days ago in a Sports Illustrated interview. Since then, the world press has picked up this story, too. The reader comments at Al Jezeera are as interesting as the journalists' coverage.

This post would hardly be complete without an unauthorized link to the official Athens 2004 Olympics site. Oh...and a deep link to its asinine hyperlink policy, which I am trying to violate in as many ways as possible. I have not followed the press or blog coverage of this issue very closely, but I will make a brief comment anyway. Rule #1 in the policy is, "Use the term ATHENS 2004 only, and no other term as the text referent" (emphasis original). This rule seems specifically designed to avoid the type of Googlehacking that branded President Bush a "miserable failure."

Empiricism and Public Policy

I have long been a critic of public policy of any ideological persuasion that ignores (or worse, misrepresents) empirical data. My friends will vouch that I have changed my views a handful of times — sometimes quite radically — when presented with solid evidence that I was wrong. Unfortunately, criticism on these grounds directed at anyone currently in power is too easily portrayed as partisan screeding. Just look at the Bush apologists' response to the ever-growing cadre of critics. I admit, however, looking back at some of my own comments in recent months (e.g., 1, 2, 3, 4, 5, 6) that I have focused perhaps too much on President Bush, because he is a convenient target. (Never mind that he has painted that target on himself a dozen times over.)

I have been a Robert Cringely fan for nearly as long. Two days ago he published a column ("Fred Nold's Legacy") that really struck a cord. The best part is, he based it on an episode from 22 ago that continues to haunt us today, in ways we scarcely understand.

Cringely tells the story of the Department of Justice's commissioning of a study on the U.S. Sentencing Guidelines by two Hoover Institution economists, Michael Block and Fred Nold. When the DoJ realized their report would criticize the Guidelines instead of rubberstamping them, it pulled the plug and implemented revisions that went against the weight of the evidence.

It is one thing to make what turns out to have been a mistake and another thing altogether to make what you have reason to believe will be a mistake. Why would the DoJ, having good reason to believe that the new sentencing guidelines would create the very prison explosion we've seen in the last 20 years, go ahead with the new guidelines? My view is that they went ahead because they were more interested in punishment than deterrence. They went ahead because they didn't perceive those in prison as being constituents. They went ahead because it enabled the building of larger organizations with more power. They went ahead because the idea of a society with less crime is itself a threat to the prestige of those in law enforcement.

CBO releases report: "Copyright Issues in Digital Media"

The Congressional Budget Office (CBO) released a report today which analyzes digital copyright issues from an economic perspective: "Copyright Issues in Digital Media." (Via C|Net)

I have not had time to read the whole thing yet. Having only skimmed the summary and the first few sections, it seems that it could provide a good starting point for debates over new legislation. It is not as heavily laden with economic or legal terms as other analyses have been.

Oh, yeah...and I like the frame it created for the debate. From the summary:

• Property rights and other elements of a regulatory regime for creative works should be regarded as instruments for allocating creative resources. Hence, existing copyright law should not be viewed as an absolute, inviolable set of rights to which either creators or consumers are entitled.
  
• Revisions to copyright law should be made without regard to the vested interests of particular business and consumer groups. Instead, they should be assessed with regard to their consequences for efficiency in markets for creative works and other products.
  
• Property rights are not free. For a system of property rights to be accepted and upheld, the costs of establishing and enforcing that regime must not exceed the eventual benefits from it.

VoIP regulation debate brewing

The debate over VoIP regulation has been brewing for several years, and it can be a confusing cacophony for anyone tuning in late. The New York Times was kind enough to run a feature article by Stephen Labaton and Matt Richtel on the subject this week ("Battle Brews Over Rules for Phones on Internet"). The article does a nice job of summarizing the points raised by Uncle Fed, the States, the relatively young "pure VoIP" companies, and the established telecommunications behemoths.

Arlo uppercuts Jib Jab

The latest Flash cartoon floating around is a hilarious parody of the U.S. Presidential campaign. The animated creation of Jib Jab stars President Bush and John Kerry, dancing to the tune of Arlo Guthrie's classic "This Land Is Your Land" and calling each other names like "right-wing nutjob" and "liberal sissy."

Despite the dangers (see: Idiot's guide to combatting satire), the company that owns the rights to Arlo's song has sicced its lawyers on Jib Jab. (See this CNN report.) President Bush learned first-hand in the last election that nearly any attempt to suppress Internet-based satire will fail spectacularly. Even if you have forgotten the incident, you probably remember Bush's (in)famous quote: "There ought to be limits to freedom."

---

CORRECTION (28 Aug.): Two days after posting this, I realized that Woody Guthrie — not his son, Arlo — wrote "This Land Is Your Land." I meant to post a correction but, unfortunately, managed to leave it in "save as draft" limbo. Yesterday, a concerned neighbor of Arlo's emailed me to set me straight on the facts. She also said that Arlo was unhappy with the record company's actions and that he thought his father would be, too. Then she pointed me to this link. I appreciate it when people constructively (and politely!) point out my mistakes.

Will Florida be the next Florida?

The New York Times reports on one Florida county's inability to keep proper election records after installing expensive new evoting machines. The money quote: "This shows that unless we do something now — or it may very well be too late — Florida is headed toward being the next Florida."

The records disappeared after two computer system crashes last year, county elections officials said, leaving no audit trail for the 2002 gubernatorial primary. A citizens group uncovered the loss this month after requesting all audit data from that election.

Political Science

How often does a soundbite elegantly summarize a complex problem? Rarely. But Dr. Kurt Gottfried, an emeritus professor of physics at Cornell University, did just that in a recent interview (as reported in the New York Times).

Speaking of President Bush's manhandling of the scientific method, Dr. Gottfried said, "You can destroy that in a matter of years and then it can take another generation or two to get back to where you were in the first place."

Supreme Court dismisses Newdow's action on standing grounds

Time for me to live up to a promise made last October: "If the Supreme Court decides [Newdow v. Elk Grove Unified School District] on Article III (standing) grounds, I will be the first person to leap to its defense." I now leap to its defense.

News coverage: Christian Science Monitor, First Amendment Center.

Hasta la vista, bobble

The governor's goon squad (his film company, actually) filed suit today against Ohio Discount Merchandise, the company that created the collectible Arnold Schwarzenegger bobbing head doll. I have little time to write about this tonight, but I will predict right now that this will be this decade's landmark publicity/free speech case. I just hope Judge Kozinski has a chance to stretch before he goes to the mat.

As a bodybuilder and movie star (i.e., a member of the private sector), Arnold had a strong claim that his persona and likeness were worth millions and protectible. As a governor, however, the First Amendment demands that he relinquish most of the control he used to enjoy. The doll at issue is obviously a parody, and it is part of a series that depicts public figures — from Tom Daschle to Abraham Lincoln to Al Capone to Jesus. This lies somewhere between a Three Stooges T-shirt and Vanna White, circa 2012.

For ongoing news coverage, Google is your best bet. For the earliest round of stories, see the Business Wire, New York Times, and LA Times (editorial).

Stem Cell Halfspeak

The Bush administration has started an interesting tango on the issue of therapeutic stem cell research. Since announcing his initial policy decision on 9 August 2001, Bush has clung to the false premise that already-existing stem cell lines are sufficiently numerous to support appropriate levels of scientific research. Until now.

Yesterday, Reuters reported that Dr. Elias Zerhouni, Director of the National Institutes of Health (NIH) penned a letter to members of Congress, responding to a letter signed by 206 Congressmen last month. (Links: letter, news coverage) According to Reuters, Zerhouni wrote that "the president's position is still predicated on his belief that taxpayer funds should not 'sanction or encourage further destruction of human embryos that have at least the potential for life.'" However, Zerhouni admitted that "it is fair to say that from a purely scientific perspective more cell lines may well speed some areas of human embryonic stem cell research."

The New York Times reports today that proponents of loosening the Bush policy are saying that this does not portend a policy shift but that it does indicate Bush's willingness to begin discussing the issue again. I am not so sure of Zerhouni's message. If they are right, this development may be the ticket for John Marburger to save his soul (to borrow from Bush's moralistic rhetoric).

I think this letter represents a shift in the articulation of Bush's position, but I do not see where it says anything about openness to change. It is refreshing, however, to see Bush move away from scientific doublespeak — even if it is to equally incomprehensible halfspeak.

Would-be Marburger critic

I am just getting back into blogging after taking a few weeks off. I set aside two hours this evening to write a long post on John Marburger's testament to dogma, only to find that someone had already made my argument for me. I speak, of course, of Marburger's now-infamous "rebuttal" to the increasingly-frequent charge that President Bush has beaten science to a bloody pulp. Specifically, he purported to respond to a report released by the Union of Concerned Scientists.

Chris Mooney did such a good job stealing my thunder in his April "Doubt and About" column over at CSICOP that I cannot do the same to him. And since I now have a free hour and fifty minutes, I think I'll go watch TV.

FBI proposes expansive broadband "wiretap" rules

Declan McCullaugh and Ben Charny report on C|Net that Uncle Fed issued a proposal for expedited rulemaking [pdf] which would grant him new and expansive "wiretapping" powers for broadband Internet services. In this case, Uncle Fed is backed by the Federal Bureau of Investigations (FBI), Department of Justice (DOJ) and the Drug Enforcement Agency (DEA).

Two months ago, Uncle Fed asked the Federal Communications Commission (FCC) to do this dirty work for him. FCC Chairman Michael Powell paid some lip service to security concerns at the time, but he has apparently let the request languish. (At least, I have not seen the media report any subsequent FCC actions.) Around that time, I blogged on the word wiretap and complained that it makes a poor analogy to surveillance of digital communications ("Wiretapping & VoIP"). I would like to make the same comment again now and point out that Uncle Fed's newest proposal supports my point even more clearly.

I promise to write more on this in the near future. Unfortunately, I do not have time today to write a multi-volume treatise on the dangers these regulations would pose to civil liberties.

Blundering through security

It appears the U.S. Patent & Trademark Office (PTO) has removed the infamous ricin patent (No. 3,060,165) from its online database. The PTO boasts that it provides all patents since 1976 in searchable text and images of patent pages from 1790. Obviously, this is now false. (Via Ernest, via Dan Gillmor, via Bruce Schneier.)

Half the developed world's patent offices make this patent available over the Internet. Considering that the patent was granted in 1965, I think a few paper copies might also exist. Therefore, this is about as effective a security measure as requiring travelers to show a driver's license before they board an airplane — that is to say, wholly ineffective. All this does is inconvenience the law-abiding American public when it tries to do research.

Ernest makes the important point that the fundamental principal underlying our patent system is that inventors get exclusive rights to their inventions in exchange for full disclosure of the invention to the public. This is hardly the first case where the public has been shortchanged in the name of security. Ernest also has the best summary comment thus far (hyperlink original):

Rest assured Senator, the lack of the patent in the US database means that terrorists will never be able to figure out how to make ricin because even web-savvy bloggers can't get the information very easily .... ooops. Never mind.

Satan, meet Lucifer. Lucifer, Satan.

"Yes, Microsoft did introduce BayStar to SCO." So admits a representative of BayStar. The tech world was abuzz for a week after a leaked memo linked the two Linux enemies. After SCO denied the then-rumor, BayStar now apparently admits the link.

IP practitioners and the public interest

This past month — my first as an IP attorney — has uncovered many wonderful things for me. The most wonderful has been the attitude of several attorneys that it has been my pleasure to work with. Although none of them have ever (to my knowledge) been an activist or "copyfighter," they seem genuinely concerned for the public interest in the area of IP law.

Like all good patent litigators, they avidly watch the Federal Circuit for interesting decisions. However, these folks occassionally cheer when the court limits the scope of patent law in ways that limit the rights of patent holders and expand the public domain. They cheer notwithstanding that such decisions may ultimately mean less money in their own pockets. When I described the size of statutory damges authorized by the Copyright Act, one partner refused to believe me until I showed him a copy of § 504. Even then, his reaction was, "Hmmm...what did Disney pay to get that?"

There are many good reasons why I chose to join this firm.

Lessig on ePolitics

Lawrence Lessig blogged this morning on MoveOn's announcement of the winners of its "Bush in 30 Seconds" contest. He took the opportunity to comment on the "big picture" of participation in politics via electronic media. It was nice to see that he basically agrees with the thesis I put out there in my college thesis paper, "The Futures of ePolitics: Assessing Predictions of Political Discourse on the Internet."

Congressional spam

The New York Times points out, rather amusingly, that most members of Congress were engaged in sending a massive wave of unsolicited email to their constituents this weekend — barely ten days after unanimously approving the CAN-SPAM Act. Article: "We Hate Spam, Congress Says (Except Ours)."

"They are regulating commercial spam, and at the same time they are using the franking privilege to send unsolicited bulk communications which aren't commercial," David Sorkin, a professor at the John Marshall Law School in Chicago, said. "When we are talking about constituents who haven't opted in, it's spam."

Commence lobbying

Evan Hansen writes on C|Net: "Will DVD acquittal mean tougher copyright laws?" His answer is yes.

Even before [Norway's prosecution of DVD-Jon] was filed, however, entertainment industry lobbyists had been pressing lawmakers in that country and elsewhere to enact tougher copyright laws, modeled on controversial U.S. legislation that makes it easier for authorities to win prison terms for people who crack encryption schemes or distribute cracking tools. If enacted, proposed legislation in Europe, Canada, Australia and Central and South America would soon hand entertainment companies similar weapons against people caught tinkering with anticopying software.
[…]
In some ways, the Johansen ruling offers a simple reminder that different countries have different laws, and companies can't rely on protections established in one region to protect them elsewhere. But the case also points to an aggressive drive in the entertainment industry to win greater global conformity in copyright law, modeled on the DMCA.
[…]
As Norway illustrates, however, the process can move slowly, leaving the entertainment industry exposed to weaker copyright rules in regions where DMCA-like laws have not yet been passed.

Via Furdlog.

Napster Runs for President in '04

Frank Rich wrote a fascinating and entertaining editorial for the New York Times a few days ago ("Napster Runs for President in '04"). Between his attempts to be vogue by dissing the mainstream candidates and media for not "getting" the Howard Dean campaign's various uses of the Internet, Rich makes a few novel points. Among them, that we should view Dean more like FDR and JFK than George McGovern and Barry Goldwater. His conclusion:

Should Dr. Dean actually end up running against President Bush next year, an utterly asymmetrical battle will be joined. The Bush-Cheney machine is a centralized hierarchy reflecting its pre-digital C.E.O. ethos (and the political training of Karl Rove); it is accustomed to broadcasting to voters from on high rather than drawing most of its grass-roots power from what bubbles up from insurgents below.

For all sorts of real-world reasons, stretching from Baghdad to Wall Street, Mr. Bush could squish Dr. Dean like a bug next November. But just as anything can happen in politics, anything can happen on the Internet. The music industry thought tough talk, hard-knuckle litigation and lobbying Congress could stop the forces unleashed by Shawn Fanning, the teenager behind Napster. Today the record business is in meltdown, and more Americans use file-sharing software than voted for Mr. Bush in the last presidential election. The luckiest thing that could happen to the Dean campaign is that its opponents remain oblivious to recent digital history and keep focusing on analog analogies to McGovern and Goldwater instead.

Thanks to Mary Hodder of Napsterization for the heads up.

DC Circuit stumps RIAA

By now the world has heard of the D.C. Circuit decision in RIAA v. Verizon. Previously, the D.C. District Court ruled that Verizon must comply with RIAA's subpoenas, issued under § 512 of the Digital Millennium Copyright Act (DMCA). Those subpoenas are designed to force ISPs to disclose the identities of users whom RIAA suspects of illegally making copyrighted music available for others to download. RIAA can trace users by itself as far as their IP addresses (the sets of numbers that uniquely identifies every computer on the Internet), but it needs the cooperation of ISPs to connect an IP address with an individual's name and address. Once it has that information, it can send a cease & desist letter or file a lawsuit.

Yesterday's Circuit decision reverses the District Court's interpretation of the statute. The appeals court gave the statute an extremely close reading in rendering its decision. The relevant section has a complex sentence structure and many cross references, so it is no wonder that the parties (and two different courts) disagreed as to its meaning. Derek Slater makes a few interesting points, including: "I find it fascinating when opinions contrast in this way — when they see the same issue clearly, unambiguously, but oppositely. [District] Judge Bates, just like [Circuit Judge] Ginsburg, claims to stick to the statute's text and go no further, yet their opinions are night and day."

I think Donna's headline over at Copyfight goes too far: "Verizon Wins Victory for Privacy." I am in Ernest's camp on this one:

The decision is a victory for privacy, but not a victory for privacy as such. The result was reached on a technical reading of the statute, and turned on the fact that a subpoena can only be sent if a DMCA notice-and-takedown letter can also be sent. […] The constitutional issues that would have made this a victory for privacy as such, or for freedom of expression, were not addressed by the court.

The Circuit panel adopted most of Verizon's statutory argument — that § 512(h) authorizes subpoenas only in cases where the plaintiff alleges that the infringing material is stored on media controlled by the ISP. However, when the ISP is a mere conduit for data stored on media controlled by a third party (the ISP's subscriber, in this case), § 512(h) does not permit subpoenas outside of the context of a lawsuit.

This line of reasoning rests on the cross references between § 512(h) and § 512(c). Subsection (h) permits a copyright owner to apply to the Clerk of the court for a subpoena so long as the application contains "a copy of a notification [of claimed copyright infringement, as] described in [§ 512](c)(3)(A)." The relevant language in § 512(c)(3)(A) is: "To be effective under this subsection, a notification of claimed infringement must be a written communication … that includes substantially the following" six elements. The third enumerated element is "(iii) Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the service provider to locate the material." (Emphasis added)

The court agreed with Verizon that this language requires the subpoena application to assert that the ISP has the ability to remove or disable access to the allegedly infringing material. However, most current P2P applications use a decentralized architecture. This means that all shared data is stored on users' computers, not on any central server — except for temporary copies incidental to transmission, which the DMCA permits. Therefore, the ISP has no legal right to remove or disable access to the material shared on the P2P network:

No matter what information the copyright owner may provide [in its subpoena application], the ISP can neither "remove" nor "disable access to" the infringing material because that material is not stored on the ISP's servers. Verizon can not remove or disable one user's access to infringing material resident on another user's computer because Verizon does not control the content on its subscribers' computers.

This holding does have some privacy implications, but they are small compared to Verizon's alternative argument. Having decided this case on statutory grounds, the court ducked the larger First Amendment questions.

So what implications does it have? Dozens of people predict that RIAA will lobby Congress to close what it surely sees as a loophole in the DMCA. Ernest quipped, "[T]he RIAA has nearly hosed itself." The trade group has been trying to consolidate all its DMCA subpoena litigation in Washington, D.C. for administrative convenience. Now, however, it cannot be happy with its "success" in transferring the SBC case to the D.C. District from the Northern District of California in San Francisco — because the Verizon decision is now binding precedent in the nation's capital. This will not stop RIAA from getting users' information, however. It will only make the process slower and more expensive. Instead of paying its lawyers simply to draft subpoena applications, it now has to pay them to draft and file complaints and motions in addition to subpoena applications. These costs will be passed on to consumers in the form of higher average settlements.

John Palfrey sees a broader trend: "Add this development to the Grokster opinion, and the trend of the law in favor of digital rights holders is at least in a holding pattern." The trend may be even broader than Palfrey recognizes — this was a banner week for civil liberties everywhere. (It could, however, be just a blip on the post-9/11 radar screen.) The Dutch supreme court ruled that the makers of Kazaa are not liable under Dutch law for copyright infringement committed by the software's users. A day earlier, the Second Circuit ruled that the U.S. government may not classify Jose Padilla as an enemy combatant — which should assure that his constitutional rights are no longer suspended. Just a few hours later, the Ninth Circuit wrote "that the [Bush] administration's policy of imprisoning about 660 non-citizens on a naval base in Guantanamo Bay, Cuba, without access to U.S. legal protections 'raises the gravest concerns under both American and international law'" (source).

If nothing else, we live in interesting times.

Park on NMD

Bob Park has a particularly funny item in this week's What's New:

Missile Defense: Deployment is Still Scheduled for Late 2004
It was just one year ago that President Bush ordered deployment of a limited system of interceptor missiles in California and Alaska by the end of 2004 (WN 20 Dec 02). But in the meantime, according to a story this week in Space News, the test schedule has fallen behind by about six months. "Tough break," I said to my friend General Persiflage at the Missile Defense Agency, "how much will postponing the tests delay deployment?" He was clearly amused: "Not one day; it's all part of the plan. The Commander-in-Chief ordered us to deploy in 2004, and deploy we will. The only thing that could get in our way is to blow a test. So why ask for trouble?" He chuckled, "You scientists always think you have to do experiments. This is a faith-based initiative."

CAN-SPAM coauthors respond to criticism

The two coauthors of the CAN-SPAM Act, U.S. Senators Ron Wyden (D-Ore.) and Conrad Burns (R-Mont.), published an essay yesterday in response to criticism of their bill. They state in no uncertain terms what I have been saying all along — that CAN-SPAM is not a silver bullet but that it is a good first step. The money line: "Big-time spammers will inevitably violate the Can-Spam Act because it strikes at the heart of how their sleazy businesses work." (Thanks to GrepLaw for the heads up.)

Also, I did not mention yesterday that President Bush signed the Act.

Tough day for John Ashcroft

For most people, getting caught for two unrelated crimes on the same day would be disconcerting. Yet that is what happened to U.S. Attorney General John Ashcroft yesterday. First, the Washington Post reports that Federal Election Commission (FEC) has fined Ashcroft's PACs for accepting illegal campaign contributions during his failed 2000 Senate race. Second, the Post reports that U.S. District Judge Gerald Rosen publicly rebuked Ashcroft for twice violating gag orders in the first criminal trials related to the 9/11 attacks — but stopped short of holding him in criminal contempt.

Nightmare on Portability Street

Mary over at bIPlog relates the horrifying tale of her experience trying to port her cell phone number from AT&T Wireless to Cingular ("My Nightmare With AT&T Wireless"). A summary could never do it justice, so suffice it to say that AT&T made numerous gross factual errors and flagrantly broke the law in repeated attempts to prevent her from leaving. Still, this episode highlights less about AT&T than it does about the harm that consumers can suffer at the hands of hucksters — even when the hucksters know what they are doing is illegal because the consumer has pointed it out. I suppose Mary could sue AT&T to force the release of its high-tech hostage, but who has the time and money for litigation over a phone number?

My law school roommate and I had a similar experience when we tried to buy DSL service in Boston. Despite being Verizon dialtone customers, we tried to hire a company called eConnects (a reseller of Verizon DSL connectivity) for Internet service. At the time, Verizon was required to permit access to its "last mile" network for others to offer competitively-priced residential DSL service. For months, eConnects tried to get us online, but Verizon dragged its feet when it came time to change certain physical settings on our line — which it claimed could only be done inside our apartment. Verizon repeatedly failed to show up for appointments or showed up on the wrong day or at the wrong time, and it refused to schedule any appointment within two weeks of any call we made to their customer service department. Finally, we caved in and bought DSL service from Verizon — at a higher monthly price than eConnects had offered us. Magically, Verizon had an appointment slot available four days later, and we were online ten minutes after that.

Abusable Technologies

Ed Felton (of Freedom to Tinker) wrote yesterday that he is involved with a new venture called the Abusable Technologies Awareness Center. This looks like a great project.

I would like to comment briefly on one post in ATAC's weblog, "Face Recognition and False Positives." This post raises the point of "a classic security mistake: ignoring the false positive problem." I addressed this issue in "Static Measurements & Moving Targets," my law-school thesis paper on biometrics and privacy in the context of consumer banking. In that paper, I looked at the problem from a perspective opposite Ed's. He describes facial recognition in an identification application, where its goals are substantially different from what its goals would be in an authentication application.

The designer of an application that flags passers-by as registered sex offenders has an incentive to overinclude suspects for security reasons — that is, to err on the side of false positives. The designer of an ATM authentication application, on the other hand, has the opposite incentive — to err on the side of false negatives, to prevent fraud. The point is that false positives are not solely a privacy issue: they also represent a security risk, depending on the context.

That said, I do agree with Ed's basic point, as I wrote back in October ("Terrified of Terror Profiling?"). I supported the point there with links to articles by computer security expert Bruce Schneier and mathematician John Allen Paulos.

Cringely, part 2

Robert Cringely has released part 2 of his column on e-voting. His analysis of e-voting problems from an IT project management perspective is refreshing; it is a perspective that has been sorely lacking in the debate thus far. Links: part 1 and part 2.

Nevada demands e-vote paper trail; Gamblers reject Diebold's voting machines

Nevada Secretary of State Dean Heller announced yesterday that his state was the first in the country to demand that e-voting machines produce voter-verifiable paper receipts. The state's Gaming Control Board gave Diebold's products a harsh denunciation, writing that they "represented a legitimate threat to the integrity of the election process." After rejecting Diebold equipment, Heller settled on a system from Sequoia Voting Systems. "A paper trail is an intrinsic component of voter confidence," Heller said. Printers make e-voting systems cost more, he acknowledged, but "money takes a back seat to accuracy, security and voter confidence."

The Reno Gazette-Journal has the story: "Nevada decides on new voting machines." Thanks go to LawGeek for the heads up.

Update: More on the Election Technology Council

Earlier today I mentioned the new trade group formed by the major electronic voting machine manufacturers when I had read only one media article about it. There is much more "out there" now. C|Net News has better coverage than the Washington Post article I linked to before. Additionally, the new Election Technology Council (under the umbrella of the Information Technology Association of America) has released a press kit with much more information.

eWeek Editorial Board denounces DMCA abuse

The Editorial Board of eWeek Magazine published an editorial this week ("Copyright and Fair Use"), denouncing the rampant abuse of the Digital Millennium Copyright Act (DMCA). Civil libertarians have not been surprised by DMCA abuse, but eWeek's board apparently was. However, they make up for it with definitive language: "Repeated abuse of a statute is a sign that the law itself is defective." Their prime examples? The Skylink/Chamberlain and SCC/Lexmark cases.

Thanks go to Copyfight for the heads up.

E-voting companies collude to counter bad press

The recent wave of criticism — and especially its press coverage — has prompted several major e-voting machine manufacturers to work together to counter the negative publicity. The Washington Post has the story: "Voting-Machine Makers To Fight Security Criticism."

Something about this (although I am sure exactly what) compels me to mention PR Watch.

Robert Cringely on the e-vote paper trail

Robert Cringely, the venerable PBS columnist, wrote an interesting column on the lack of a paper trail in e-voting machines ("No Confidence Vote: Why the Current Touch Screen Voting Fiasco Was Pretty Much Inevitable").

Now here's the really interesting part. Forgetting for a moment Diebold's voting machines, let's look at the other equipment they make. Diebold makes a lot of ATM machines. They make machines that sell tickets for trains and subways. They make store checkout scanners, including self- service scanners. They make machines that allow access to buildings for people with magnetic cards. They make machines that use magnetic cards for payment in closed systems like university dining rooms. All of these are machines that involve data input that results in a transaction, just like a voting machine. But unlike a voting machine, every one of these other kinds of Diebold machines — every one — creates a paper trail and can be audited. ould Citibank have it any other way? Would Home Depot? Would the CIA? Of course not. These machines affect the livelihood of their owners. If they can't be audited they can't be trusted. If they can't be trusted they won't be used.

Now back to those voting machines. If every other kind of machine you make includes an auditable paper trail, wouldn't it seem logical to include such a capability in the voting machines, too? Given that what you are doing is adapting existing technology to a new purpose, wouldn't it be logical to carry over to voting machines this capability that is so important in every other kind of transaction device?

Thanks go to LawGeek for the heads up.

CNet summarizes e-voting developments

C|Net News summarizes developments in electronic voting since 2000: "States scrutinize e-voting as primaries near." This is a nice, short read for anyone coming late to e-voting controversies.

Congress approves CAN-SPAM

Yesterday the House of Representatives unanimously approved the minor changes made to the CAN-SPAM bill by the Senate two weeks ago. Meanwhile, President Bush has said that he will sign the bill.

See press coverage in the New York Times and at Internet.com.

Lessig highlights Bush's depublishing — but misses the real story

Here is a new entry for the annals of "depublishing" — the practice of removing or altering electronic articles after publication. (For background, see Greg Ritter's now-classic blog post on Dave Winer's depublishing in Scripting News, "The Ethics of De-Publishing.") This time, depublishing has lived up to its Orwellian promise, as political activists and the media have swallowed the altered version of history.

Lawrence Lessig reports a find from the Way Back Machine, a side project of the Internet Archive ("speaking of new speak, a report from the Archives"):

On May 1, 2003, the Whitehouse's Office of the Press Secretary released this press release, announcing "President Bush Announces Combat Operations in Iraq Have Ended." But then, with airbrush magic, now the same press release has been changed to this, which reports "President Bush Announces Major Combat Operations in Iraq Have Ended." No update on the page, no indication of when the change occurred, indeed, no indication that any change occurred at all. Instead, there is robots.txt file disallowing all sorts of activities that might verify the government. (Why does any government agency believe it has the power to post a robots.txt file?)

Why would you need to check up on the Whitehouse, you might ask? Who would be so unAmerican as to doubt the veracity of the Press Office? Great question for these queered times. And if you obey the code of the robots.txt file, you’ll never need to worry.

The rub, of course, is in the word major. The original press release implies that combat operations are, well, ended. The silently doctored version makes the President seem better acquainted with the situation and prescient. The motives behind this are as old as politics itself, so the only thing that would seem to be new is the technology. However, something deeper is going on here.

The mainstream press, and even some Bush bashers, have swallowed the altered version of history. A Google News search for "major combat operations" & Iraq yields over 1,100 hits. Keep in mind that Google News indexes only mainstream sources, that its index only lasts a week or two, and that a comprehensive Lexis-Nexis search would probably yield tens or hundreds of thousands of hits. Here is a sampling of the first few Google hits. Note how each one treats the depublished ("afterpublished," really) word major as an historical fact:

• Washington Post ("Eight months after President Bush declared major combat operations over….")
• Reuters, via Yahoo ("…recalling the president's May 1 landing on the flight deck of a Navy aircraft carrier when he declared an end to major combat operations in Iraq…")
• Herald Sun of Australia ("Four police officers have been killed in Kirkuk since May 1, when US President George W. Bush announced an end to major combat operations in Iraq.")
• Voice of America ("Secretary of Defense Donald Rumsfeld [describes] an important transformation that has occurred since the end of major combat operations.")
• Oakland Tribune ("Rumsfeld said the drop-off in attacks since November, in which more American troops were killed than in any other month, including during major combat operations, was encouraging — but he warned that its meaning was unclear. ")
• Muslim American Society ("Do you remember that great deck of playing cards that the Bush Administration came up with at the end of 'major combat operations' in Iraq?")
• Update: New York Times (on Saddam Hussein's capture: "Some senior Bush administration officials had suspected that Mr. Hussein was not only still alive but inspiring, if not leading, the guerrilla-style insurgency that has left more than 190 American soldiers dead since President Bush declared an end to major combat operations on May. 1.")
  
• Update:Washington Post ("From Sept. 1 through Friday, 145 service members were killed in action in Iraq, compared with 65 from May 1 to Aug. 30. The two four-month intervals cover counterinsurgency operations, far costlier than major combat operations, which President Bush declared over on May 1.)

Mexico threatens 3 with treason charges for data sale

The government of Mexico is threatening to charge three of its citizens with treason. They are executives of a company called Soluciones Mercadologicas en Bases de Datos, which sold a database private information on 65 million Mexican voters to ChoicePoint, an Atlanta-based database company. ChoicePoint bought the data at the behest of the U.S. government shortly after 11 Sept. 2001 to help bolster Uncle Sam's investigation of terrorism.

The database contained such private information as the number of cars owned in households and unlisted phone numbers. If nothing else, this episode highlights the incumbent dangers when a government — any government — collects massive amounts of data on its citizens without a compelling and clearly articulated purpose. What, for example, does voter registration have to do with the number of cars one owns?

The Macon Telegraph has the story: "Mexican company officials may face treason charges."

Ohio moves to block e-voting

The State of Ohio moved to block deployment of e-voting machines last week. The move follows the release of a report [pdf] commissioned by the Secretary of State that revealed serious security flaws. Wired News reports ("Ohio Halts E-Voting Machines") that "some of Ohio's 88 counties still will be using punch-card systems for the 2004 election." Unfortunately, there seems to be no viable alternative.

Borland on P2P

John Borland of C|Net wrote an interesting column last Thursday, asking whether RIAA's lawsuits against P2P users were having the desired deterrant effect ("RIAA lawsuits yield mixed results"). "At the core of the RIAA's strategy has been the attempt to persuade as many people as possible to stop trading copyrighted files online. This appears to be working in at least some groups, but the evidence is mixed at best." That same day, he also wrote a good summary of the compulsory licensing discussion in Canada: "Should ISP subscribers pay for P2P?"

Johns Hopkins still bars publication of Diebold memos

Derek Slater reports the tribulations of Asheesh Laroia, a student at Johns Hopkins University. Despite never having received a cease & desist letter, JHU cut off access to the memoranda. Even after Laroia informed JHU that Diebold had retreated (1, 2), the university persisted, writing that it "cannot allow its resources to be used in violation of copyright law, whether or not the holder of the copyright (in this case Diebold) plans to prosecute."

All I can say is I am glad I am not a student there.

Mechanics of the CAN-SPAM registry

There have been many questions about how a do-not-spam registry should be implemented. This proposal suggests a regime for funding for the registry and the highest level logical operation of its database. My plan would allow consumers to choose (through market forces) an opt-in system while still adhering to the overall opt-out structure of the CAN-SPAM Act. For that reason, I believe it solves some of the nagging First Amendment problems that come with a government-madated opt-in system.

If you have not already seen my summary of the CAN-SPAM Act, I suggest you check it out before reading this.

The registry should not necessarily be funded by taxes, because that would require people without email accounts to share the burden a system that carries no direct benefit for them. ISPs stand to benefit the most (in financial terms, at least), because a successful registry will reduce their bandwidth and other costs substantially. I would hesitate to levy mandatory fees on ISPs because they would look too much like the fees imposed on bell companies to fund rural telephone lines and the 911 system. I would prefer to leave ISPs as unregulated as possible while still having them share in the cost of the registry. I would not be averse to paying a few dollars to get myself into the registry, but ISPs should not have a free ride while consumers fund the entire thing.

My proposal is to make ISPs intermediaries between the FTC, which would manage the registry, and consumers, who will have ultimate control over the status of their addresses.

First, charge ISPs a monthly fee for having their domains listed in the registry. This fee would be assessed according to the number of email addresses at each domain, and those addresses would be automatically opted out of receiving spam. If a user wants to change that status, he would ask his ISP, which would relay the request to the FTC. An ISP would be charged a small transaction fee for each username it changes from its default status, as an incentive to "guess" what most customers will prefer. Individuals whose ISPs do not list their domains in the registry would have the option of opting out individually, paying the same transaction fee directly to the FTC. This option would be available to anyone in the U.S. with an email address, even those who maintain email addresses at their own personal domains and do not use an email address provided by an ISP.

To keep the size of the database's output manageable, it would need to spit out three separate lists. The first list would contain all the domains listed in the registry. The second list would contain all the individual email addresses