EFFector Vol. 20, No. 12 March 21, 2007 [email protected] A Publication of the Electronic Frontier Foundation ISSN 1062-9424 In the 418th Issue of EFFector:
- Action Alert - Tell Congress to Update the Freedom of Information Act!
- DMCA Abuser Apologizes for Takedown Campaign
- "Free Speech Ain't Free" Benefit in San Francisco on Thursday, March 22
- EFF's Pioneer Awards and More at ETech Next Week
- Google's New Plan to "Anonymize" Search Logs: A Good First Step, But More Is Needed
- RIAA to Universities: Help Us Threaten Your Students
- PATRIOT Act Apologist Site Didn't Get the Memo
- GoDaddy, Get a Backbone and Protect Your Users' Rights!
- Students Coders: Get Paid to Improve Tor and Protect Privacy Online!
- At ShmooCon? Play the Hacker Arcade and Donate to EFF
- miniLinks (11): Deutsche Telecom Ditches DRM
- Administrivia
For more information on EFF activities & alerts: http://www.eff.org/ Make a donation and become an EFF member today! http://eff.org/support/ Tell a friend about EFF: http://action.eff.org/site/Ecard?ecard_id=1061 effector: n, Computer Sci. A device for producing a desired change. : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * Action Alert - Tell Congress to Update the Freedom of Information Act! The Freedom of Information Act (FOIA) helps protect the public's right to know, and new legislation would provide some much-needed updates to this crucial law. One open government bill has already passed the House -- make sure a similar one passes in the Senate: http://action.eff.org/site/Advocacy?id=285 H.R. 1309 and S. 849 give federal agencies, like the FBI and the FCC, greater incentive to follow the law and make it easier for all FOIA requesters to access government documents. Among other reforms, the bills will help government watchdogs keep track of FOIA requests they've sent and ensure that more journalist requesters get preferred treatment under the law. The bills will also penalize agencies that don't respond to requests within the time limits set by the FOIA. Revelations about the secret NSA spying program, the FBI's misuse of a key PATRIOT Act power, and other privacy- invasive initiatives clearly demonstrate the importance of government transparency. EFF's FOIA Litigation for Accountable Government (FLAG) project relies on FOIA to expose the government's expanding use of new technologies that invade Americans' privacy, and these bills would greatly help in our and other organizations' efforts to protect your rights. Take action now: http://action.eff.org/site/Advocacy?id=285 Line Noise, EFF's occasional podcast, is back with a new edition featuring David Sobel, EFF Senior Attorney and director of our FLAG project. He talks about uncovering the secrets behind National Security Letters, government data mining, and exactly how big the FBI's file on the CIA is. You can find download and RSS links here: http://www.eff.org/deeplinks/archives/005166.php : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * DMCA Abuser Apologizes for Takedown Campaign Michael Crook Agrees to Stop Attacks on Free Speech San Francisco - Michael Crook, the man behind a string of meritless online copyright complaints, has agreed to withdraw those complaints, take a copyright law course, and apologize for interfering with the free speech rights of his targets. The agreement settles a lawsuit against Crook filed by the Electronic Frontier Foundation (EFF) on behalf of Jeff Diehl, the editor of the Internet magazine 10 Zen Monkeys. Diehl was forced to modify an article posted about Crook's behavior in a fake sex-ad scheme after Crook sent baseless Digital Millennium Copyright Act (DMCA) takedown notices, claiming to be the copyright holder of an image used in the story. In fact, the image was from a Fox News program and legally used as part of commentary on Crook. But Crook repeated his claims and then attempted to use the same process to get the image removed from other websites reporting on his takedown campaign. "Crook's legal threats interfered with legitimate debate about his controversial online behavior," said EFF Staff Attorney Jason Schultz. "Public figures must not be allowed to use bogus copyright claims to squelch speech." In addition to withdrawing current complaints against Diehl and every other target of his takedown campaign and taking a copyright law course, Crook has also agreed to limit any future DMCA notices to works authored or photographed by himself or his wife, or where the copyright was specifically assigned to him. All future notices must also include a link to EFF information on his case, as well as the settlement agreement. Crook has also recorded a video statement to apologize and publicize the dangers of abusing copyright law. "We're pleased that Crook has taken responsibility for his egregious behavior," said EFF Staff Attorney Corynne McSherry. "Hopefully, this will set a precedent to prevent future abuse of the law by those who dislike online news- reporting and criticism." The settlement with Michael Crook is part of EFF's ongoing campaign to protect online free speech from the chilling effects of bogus intellectual property claims. EFF recently filed suit against the man who claims to have created the popular line dance "The Electric Slide" for misusing copyright law to remove an online documentary video that included footage of people trying to do the dance. For the video statement from Michael Crook: http://blip.tv/file/169553 For more on Diehl v. Crook: http://www.eff.org/legal/cases/diehl_v_crook For this press release: http://www.eff.org/news/archives/2007_03.php#005161 : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * "Free Speech Ain't Free" Benefit in San Francisco on Thursday, March 22 If you're in the Bay Area, celebrate your free speech rights and support EFF on Thursday, March 22, at "Free Speech Ain't Free." The event is being thrown at Club Six by 10ZenMonkeys.com, EFF's client in the now-settled suit against Michael Crook. More details here: http://upcoming.org/event/149726/ : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * EFF's Pioneer Awards and More at ETech Next Week Heading to San Diego for the O'Reilly Emerging Technology Conference (ETech) next week? Then join EFF in honoring Yochai Benkler, Cory Doctorow, and Bruce Schneier at the 16th annual Pioneer Awards. The fundraiser will also feature HDNet Chairman and Dallas Mavericks owner Mark Cuban and EFF's own Fred von Lohmann squaring off over copyright, YouTube, and the future of Web 2.0. Awarded every year since 1991, the Pioneer Awards recognize leaders who are extending freedom and innovation on the electronic frontier. This year, the Pioneer Awards ceremony will be held in conjunction with ETech at San Diego's Manchester Grand Hyatt on Tuesday March 27th, 2007. The event begins at 7:30 p.m. Tickets to the Pioneer Awards ceremony and Mark Cuban's keynote address are $35. You can buy your ticket in advance at: http://secure.eff.org/pioneerfundraiser For more information about the 2007 Pioneer Awards: http://www.eff.org/awards/pioneer The 2007 Pioneer Awards ceremony is sponsored by: Gold sponsor Sling Media: http://www.slingmedia.org Silver sponsor: Three Rings http://www.threerings.com Bronze sponsors: Six Apart, JibJab, MOG, Stamen Design. That's not all EFF will be up to at ETech. Come to our Birds of a Feather session, "Is That Even Legal? Tap the EFF," Monday, March 26, from 9:15 p.m. until 10:15 p.m. in room Douglas A. EFF lawyers and activists will be on hand to chat and take your questions about the law's impact on emerging technologies: http://conferences.oreillynet.com/cs/et2007/view/e_sess/13555 EFF will also have a booth in the exhibit hall -- stop by to chat and grab some schwag! Exhibit Hall Hours: Tuesday, March 27, 2007 10:15AM - 11:30AM 12:30PM - 2:15PM 3:30PM - 4:30PM 6:00PM - 7:30PM (Sponsor Reception) Wednesday, March 28, 2007 10:15AM - 11:30AM 12:30PM - 2:15PM 3:30PM - 4:30PM About ETech and O'Reilly Media For the past five years, the O'Reilly Emerging Technology Conference has found new networked innovations before they hit the mainstream. ETech balances pie-in-the-sky theorizing with practical, real-world information and conversation. O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly has been a chronicler and catalyst of leading-edge development, homing in on the technology trends that really matter. For more about ETech: http://conferences.oreillynet.com/ For more information about O'Reilly: http://www.oreilly.com : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * Google's New Plan to "Anonymize" Search Logs: A Good First Step, But More Is Needed After years of criticism from EFF and other privacy advocates, last week Google announced a new policy on how it handles logs of its users' searches: after 18-24 months, it will delete key information in its server logs that could be used to link particular users to records of their search queries. This is a big change from Google's previous policy, which was essentially to keep all of those logs forever in identifiable form, and we're certainly glad to see that Google is starting to limit its retention of such sensitive data. Your Google search history can paint an intimate portrait of your most private interests and concerns. Particularly in light of the disastrous AOL search terms disclosure, recent scandals involving government surveillance, and Google's own recent court fight with the government over a subpoena for search records, it seems that Google has finally realized that limiting the retention of such records is essential to protecting your privacy. Hopefully, Google's change in policy will spur other online service providers to consider how they can minimize the amount of personal data that they store, and perhaps even prompt competition between service providers to offer the most privacy-protective services. However, we hope that this new announcement is only Google's first step in changing its privacy practices, because additional changes would better protect user privacy and set an even better example for the industry: * Google should shorten the retention period for identifiable logs to six months at the outside, and ideally to only thirty days (which is AOL's retention limit for similar logs). Barring this, it should at least justify why it needs such records for up to two years, beyond offering one-sentence platitudes about how such records are used to improve Google's service. * Google should also shorten the retention of the "anonymized" logs, which Google apparently still intends to keep forever. As Google itself admits, the new policy changes still don't guarantee users' anonymity, and holding onto those records indefinitely still poses a serious privacy threat. * Therefore, Google should consider more robust anonymization techniques, up to and including scrubbing entire IP addresses rather than just the last quarter or "octet" of such addresses. * Finally, Google should expand its new anonymization policy to include the search records of users with Google Account log-ins, and to records generated by their myriad other services, rather than limiting the policy change to regular search logs. Beyond making these additional policy changes, there's one more thing that Google should be doing--something we think it actually has a duty to do as a good corporate citizen and as a preeminent Internet powerhouse--and that is using its considerable political clout to fight for better Internet privacy laws on Capitol Hill. Right now, there are significant questions as to whether or how Internet search logs are protected by existing federal privacy laws, and Google owes it to its customers to publicly advocate for updating those laws for the 21st century. For this post and related links: http://www.eff.org/deeplinks/archives/005162.php : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * RIAA to Universities: Help Us Threaten Your Students Not content with wasting universities' resources via their usual tactics -- i.e., flooding them with machine-generated complaints about file sharing -- the major record labels are now demanding that universities help them shake down students. The RIAA has asked universities and colleges to forward "pre-lawsuit" letters to alleged filesharers that promise a "discounted" settlement price if the student agrees to pay up immediately. Forwarding the letters saves the RIAA the trouble and expense of filing a lawsuit to obtain students' contact information -- a savings that may be redirected to more lawsuits. To add insult to injury, the letters advise students to contact the RIAA if they have any questions. It's safe to say that the RIAA is unlikely to give students the full picture. For example, will the RIAA tell students that parents are generally not liable for infringements committed by their kids, or that the record labels sometimes sue the wrong people? Probably not. We think students should seek out less biased sources of information -- and their institutions should assist in that process. Toward that end, we've put together a short FAQ to help students learn more about their options; we hope colleges and universities that forward the RIAA's threat letter will take the additional step of directing students to this FAQ as well as other neutral information sources: http://www.eff.org/IP/P2P/RIAA_v_ThePeople/college_faq.php The University of Wisconsin is refusing to forward the pre- litigation letters to its students. Says Brian Rust of UW's IT department: "These settlement letters are an attempt to short circuit the legal process to rely on universities to be their legal agent." We couldn't have said it better ourselves. Of course, the RIAA should not be putting universities in this perverse position in the first place. Let academic institutions stick with their real mission -- educating students, not helping to threaten them. Take action now to help stop the lawsuit campaign: http://www.eff.org/share/petition For this post and related links: http://www.eff.org/deeplinks/archives/005164.php : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * PATRIOT Act Apologist Site Didn't Get the Memo The Department of Justice (DoJ) Inspector General's office recently released a damning report documenting the FBI abusing its powers under the PATRIOT Act and violating the law to collect Americans' telephone, Internet, financial, credit, and other personal records without judicial approval. It appears that not everyone at the DoJ got the memo. The DoJ's Life and Liberty website, a site dedicated to defending the honor of the PATRIOT Act during the re- authorization process last spring, still reads as if nothing has changed. Particularly in the light of the newly revealed truth, many of the quotes now seem (at best) naive. Under the headline of "Examining the Facts," the DoJ asserts that PATRIOT has a "four-year track record with no verified civil liberties abuses." The site quotes an op-ed by former House Judiciary Committee Chairman James Sensenbrenner: "Zero. That's the number of substantiated USA PATRIOT Act civil liberties violations. Extensive congressional oversight found no violations. Six reports by the Justice Department's independent Inspector General, who is required to solicit and investigate any allegations of abuse, found no violations." Wow, that sure sounds good. Unfortunately, the new report reveals that it is simply not true: the inspector general identifies dozens of instances in which extra-judicial demands for personal information -- known as National Security Letters -- may have violated laws and agency regulations. Read on for some more choice excerpts: http://www.eff.org/deeplinks/archives/005163.php : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * GoDaddy, Get a Backbone and Protect Your Users' Rights! A few weeks back, we wrote about how domain name registrar GoDaddy took Seclists.org offline based merely on an informal request and without providing any meaningful notice to the site's operator. Unfortunately, this isn't the only instance in which GoDaddy has carelessly ignored its users' rights. In February, EFF was contacted by an anonymous owner of a parody and criticism website forum that allegedly exposes the financial corruption and domestic scandal of a local politician in Birmingham, Alabama. As part of a civil case in family court, an attorney representing the politician's girlfriend issued a subpoena to GoDaddy seeking the identity of the website owner, who was not a party to the lawsuit. With the website owner's right to anonymous speech on the line, what did GoDaddy do? It caved without any apparent hesitation, providing its customer with a mere three days to find a lawyer and decide whether to file a challenge. GoDaddy also refused to provide a copy of the subpoena, which included essential information to determine whether and how to respond. GoDaddy promises in its privacy policy to turn over customers' information only if required by law, but its lawyers didn't give this subpoena even a shred of scrutiny. Had they done so, they could have seen it was clearly invalid -- GoDaddy is located in Arizona and Alabama state law doesn't permit a subpoena to be issued on someone out of state. That was the ultimate conclusion of the state judge who eventually quashed the subpoena, no thanks to GoDaddy. Even putting aside this aspect of GoDaddy's casual disregard for its customer's interests, the company's behavior is shameful. The First Amendment limits the ability of litigants to pierce a speaker's anonymity, particularly when that person isn't even being sued. GoDaddy owes its customers meaningful notice, time, and information so that they can fight back and protect their rights. With the help of lawyer Lewis Page, the anonymous website operator did manage to move to quash before it was too late. But GoDaddy's sloppy practices still put an unfair burden on this user and continue to threaten all of its customers' rights. For what online service providers ought to do to protect their users, check out our best practice guide: http://www.eff.org/osp/ For this post and related links: http://www.eff.org/deeplinks/archives/005168.php : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * Students Coders: Get Paid to Improve Tor and Protect Privacy Online! Are you a student who knows how to write code or find security holes? Want to get paid to spend a summer working to defend anonymity online? Thanks to Google's Summer of Code, the Tor Project, in collaboration with EFF, has positions for several students as full-time developers for the summer of 2007. Apply for your spot before March 24, and help improve this anonymous Internet communication tool! More details at: http://wiki.noreply.org/noreply/TheOnionRouter/SummerOfCode : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * At ShmooCon? Play the Hacker Arcade and Donate to EFF ShmooCon is an annual East Coast hacker convention, and if you're heading there next week, check out the Hacker Arcade. It's arcade games just you remember them: play modded consoles, receive cryptographically secure tokens, and obtain prizes. And all proceeds go to EFF. For more details: http://www.shmoocon.org/ : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * miniLinks The week's noteworthy news, compressed. ~ Deutsche Telecom Ditches DRM Musicload, its European music download site says it is in negotiations to develop alternatives to copy restrictions because a whopping 75% of user complaints come from DRM! http://www.heise.de/english/newsticker/news/86968 ~ Lessig: "Make Way for Copyright Chaos" Is the judiciary taking too central a role in copyright law? http://www.nytimes.com/2007/03/18/opinion/18lessig.html?ex=1331870400&en;=51ab73d88d4bcf61&ei;=5090&partner;=rssuserland&emc;=rss ~ The Case Against YouTube, by a Viacom Lawyer "And, above all, copyright law can welcome only those with pure motives," says a lawyer for the infamously pure entertainment industry. http://www.latimes.com/news/opinion/la-oe-lichtman20mar20,0,7632194.story ~ Is the Internet Killing the Piracy Business? Physical pirates suffer challenges to their business model from non-commercial infringers. http://torrentfreak.com/p2p-file-sharing-ruins-physical-piracy-business/ ~ FBI Had Phone Contracts With AT&T;, Verizon and MCI FBI paid the telcos to harvest phone records from American citizens. http://blog.wired.com/27bstroke6/2007/03/fbi_confirms_co.html ~ Europe's Broadcast Flag: Will it Get Government Support? Ars Technica analyzes our report on copy controls in the European digital video standards. http://arstechnica.com/news.ars/post/20070314-dvb-broadcast-flag-will-require-government-support-but-may-not-get-it.html ~ Data Retention Begins its Feature Creep UK plans to check stored phone records after accidents to detect illegal cell phone use while driving. http://www.tjmcintyre.com/2007/02/function-creep-in-action-mobiles-may_27.html#comments ~ Asus Puts the "Analog Hole" to Good Use Its new sound-card will play PC sound internally, and re- record it instantaneously. http://blog.wired.com/gadgets/2007/03/cebit_2007_asus.html ~ Sony Exec: DRM Should Be "Invisible" Like the rootkit was invisible to its unsuspecting hosts? http://rcrnews.com/apps/pbcs.dll/article?AID=/20070314/FREE/70314009/1007 ~ The Smart Card Alliance Thinks Privacy Is Bunk "Privacy concerns are all perception and hype and no substance," says spokesman in response to REAL ID worries. Nice to see industry taking the problems so seriously. http://www.techliberation.com/archives/042151.php ~ Consumer Electronics Association: DRM Is Not the Answer to Piracy The CEA's Gary Shapiro tells SXSW that "innovation is a tide that raises all boats." http://www.statesman.com/opinion/content/editorial/stories/03/15/16othertakes_edit.html : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * Administrivia EFFector is published by: The Electronic Frontier Foundation 454 Shotwell Street San Francisco CA 94110-1914 USA +1 415 436 9333 (voice) +1 415 436 9993 (fax) http://www.eff.org/ Editor: Derek Slater, Activism Coordinator [email protected] Membership & donation queries: [email protected] General EFF, legal, policy, or online resources queries: [email protected] Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements & articles may be reproduced individually at will. Current and back issues of EFFector are available via the Web at: http://www.eff.org/effector/ This newsletter is printed on 100% recycled electrons.