Deeplinks
Noteworthy news from around the internet.
Three Ways to Fight Immunity
Posted by Hugh D'AndradeIt’s been two weeks since the Senate’s cowardly vote to pass the FISA Amendments Act (FAA), caving in to the president’s demands. With this vote, Congress gave the president virtually all of the spying powers he has sought for so long, and delivered the one thing he demanded above all else: Immunity for his telecom buddies for their role in his illegal spying program.
EFF fought long and hard to prevent passage of immunity for the telecoms, and this vote was a serious setback for our case seeking to hold AT&T and the other telecoms accountable. But the fight is far from over. As we suggested in the immediate aftermath of the vote, Congress may have caved, but EFF has not. In the coming months and weeks, we will continue the fight against immunity on multiple fronts.
Here is a brief primer on what we are doing now to fight back against this unconstitutional bill:
1. New litigation against the government.
We are bringing our many years of experience fighting illegal spying to bear on a new case – and this time, rather than holding private actors accountable, we will be taking on the government. For the moment we are keeping the details of this litigation to ourselves. But the goal is the same: to stop the wholesale surveillance of millions of Americans and restore our constitutional protections.
2. Constitutional challenges in Federal court.
By interfering with the ongoing deliberations of the judicial branch of the government, the FAA’s immunity provisions violate the Constitution’s insistence on a separation of powers. As Senator Sheldon Whitehouse of Rhode Island said during the Senate debates on the FAA:
If you wish to see a case of legislative interference with private judgment of the courts, look no further than what we are doing today... Congress stepping in to pick winners and losers in ongoing litigation on constitutional rights not only raises separation of powers concerns but it veers near running afoul of the due process and takings clauses [as well]... If I were a litigant, I would challenge the constitutionality of the immunity provisions of this statute, and I would expect a good chance of winning.
EFF will do just that, asking the Federal courts to find the FAA unconstitutional on this and other grounds.
3. Congressional repeal of immunity provisions.
The FAA passed Congress, but not by a wide margin. Key members of Congress actively opposed sections of the bill, including telecom immunity. Majority Leader Reid, Speaker Pelosi, and Presidential candidate Barack Obama have all voiced strenuous opposition to telecom immunity.
More importantly, the public remains opposed to immunity. As EFF members are well aware, the president faced an uphill battle against a rising tide of public opinion in his quest to secure immunity for lawbreaking telecoms. It took almost two full years, with multiple retrenchments, to pass the bill. And it was only by bucking their constituencies that many members of Congress acted to pass the bill.
In 2009, this opposition will only have grown stronger, setting the stage for a congressional repeal of immunity. EFF will be there, working the halls of Congress and coordinating with the many opponents of telecom immunity to strike this unconstitutional bill from the books as soon as possible.
We may have lost the congressional battle on telecom immunity, and we may lose other battles from time to time in the future. But EFF will not stop until the laws are changed, and the surveillance hubs that are illegally sweeping up the communications of millions of innocent Americans are physically removed from the country’s telecom infrastructure. As more revelations continue to appear in the press (see today’s article in Salon — log-in may be required), it is more clear than ever that we must continue our efforts to restore your rights.
You can help us in this fight. If you haven’t joined yet, now is the time. And stay tuned for more updates in the future. The next phase anti-immunity movement is underway, and we need your help.
Salon's New Revelations on Illegal Spying
Posted by Hugh D'AndradeSalon today published a new article in it's series of investigations into the Bush administration's illegal spying programs: Exposing Bush's History Abuse of Power (log-in may be required).
The article describes how some in Washington D.C. are discussing the idea of a new and sweeping investigation into the White House's surveillance programs, one inspired by the famous Church Committee investigations of the 1970s. The Church Committee uncovered the extent of illegal surveillance begun during the McCarthy era and expanded under President Nixon, and lead eventually to the FISA reforms which President Bush has so famously ignored.
The article also makes new claims about the extent of the current spying program, citing the use of a secret database with roots in programs begun under President Reagan in the 1980s:
A prime area of inquiry for a sweeping new investigation would be the Bush administration's alleged use of a top-secret database to guide its domestic surveillance. Dating back to the 1980s and known to government insiders as "Main Core," the database reportedly collects and stores -- without warrants or court orders -- the names and detailed data of Americans considered to be threats to national security.
According to several former U.S. government officials with extensive knowledge of intelligence operations, Main Core in its current incarnation apparently contains a vast amount of personal data on Americans, including NSA intercepts of bank and credit card transactions and the results of surveillance efforts by the FBI, the CIA and other agencies. One former intelligence official described Main Core as "an emergency internal security database system" designed for use by the military in the event of a national catastrophe, a suspension of the Constitution or the imposition of martial law. Its name, he says, is derived from the fact that it contains "copies of the 'main core' or essence of each item of intelligence information on Americans produced by the FBI and the other agencies of the U.S. intelligence community."
EFF has long claimed that the true extent of illegal activity in the Bush administration's spying program has yet to be revealed. With each new revelation of wrong-doing, with each report that the spying was more extensive, more illegal, and more dangerous than anyone thought, it becomes more and more clear that now is not the time to give up. EFF's fight against illegal spying will not end until the full extent of illegal spying is exposed and the illegal programs brought to an end.
EFF Opposes MPAA's Selectable Output Control FCC Petition
Posted by Michael KwunPublic Knowledge, joined by EFF as well as the Consumer Federation of America, the Digital Freedom Campaign, the Media Access Project, the New America Foundation and U.S. PIRG, yesterday filed an opposition [PDF] to the MPAA's FCC petition seeking a waiver of the ban against selectable output controls (SOC) (we have an explanation of what a "selectable output control" is on our Digital Video issue page).
EFF has long opposed selectable output controls. The basic premise of those who back SOC is that content owners should be able to decide not just who can watch their content, but how they can watch it. You want to watch my new movie on that digital TV you bought a few years ago? No, sorry, I don't like your TV (perhaps because I'm afraid of the analog component inputs it uses). You want to space-shift using your Slingbox (which lacks DRM-enabling controls on its outputs)? Oh, no, I don't think that's a good idea. You were hoping to TiVo that show that's on this afternoon so that you can watch it when you get home from work? Hm, not unless you upgrade to a new TiVo, because I won't allow the signal to make it to TiVos that don't have digital outputs. You want to record that program so that you can make a fair use of an excerpt? Dear dear, we can't have that.
Seems kind of crazy, no? That's what the FCC thought, too, which was why the agency forbade use of SOC when it last addressed this issue, in 2003. The FCC concluded that multichannel video programming distributors (MVPDs - companies like cable television providers) can't "attach or embed data or information with commercial audiovisual content . . . so as to prevent its output through any analog or digital output authorized or permitted under license, law or regulation governing such covered product."
Well, the MPAA is taking another crack at the issue, asking the FCC to grant it a permanent waiver from the SOC ban, to allow it to apply SOC to recently released movies that are being distributed to homes via video on demand. The MPAA's goal here seems clear: Increase its members' control over how you choose to watch their material. As the opposition we joined puts it, "Granting the waiver would put MPAA member companies on the path to controlling what types of connections will be used by all U.S. consumers, and to profiting from that control." The opposition offers this example of what this could mean:
A model of how this would work can already be seen. Sony Pictures recently announced it will be offering its new movie, Hancock, to some Sony television owners equipped with Sony’s Internet media connection before release on DVD and other home media. However, the movie will only be available to those who own the Sony box, and will only flow over Sony’s proprietary video connection to a Sony TV. This model could easily be extended to MVPDs by leveraging SOC controls - if the Commission grants this waiver.
Right now, your consumer electronics are designed by the consumer electronics industry, which reacts to consumer market demand in choosing how to innovate. That consumer-focused approach makes sense. But if the MPAA has its way, however, we'll be well on the way to a world in which every new feature to every home theater product has to be pre-approved by the content industry.
U.S. Patent Office Rejects All Ninety-Five NeoMedia Patent Claims
Posted by Michael KwunEFF's Patent Busting Project, continues to march forward, this time with more good news about the petition that EFF, in conjunction with Paul Grewal and James Czaja of Day Casebeer Madrid & Batchelder, filed last April seeking reexamination of the NeoMedia bar-code lookup patent. We're happy to report that the United States Patent and Trademark Office (PTO) recently rejected all ninety-five claims [5.3 MB PDF] of the patent.
The PTO agreed to take another look at the patent last October after EFF filed a petition for ex parte reexamination that called to the PTO's attention a wealth of prior art that the PTO had not previously considered and that showed that the NeoMedia patent claims were not novel. After consideration of the prior art EFF submitted, the PTO found that none of the ninety-five claims in the NeoMedia patent should have been allowed.
Now that the PTO has agreed with us that the patent claims weren't novel, NeoMedia is in the difficult position of trying to explain what was so inventive about its ideas, in light of the prior art that EFF highlighted. Alternatively, NeoMedia can try to amend its claims to narrow them, and argue that the narrower claims were non-obvious, even if the original claims weren't.
(By the way, the PTO's rejection is merely the latest bad news for the NeoMedia patent. After the PTO agreed to reexamine the patent, NeoMedia agreed to put on hold its pending litigation against Scanbuy [PDF], in which NeoMedia is alleging of infringement of the bar-code lookup patent, as well as another patent.)
More ISPs Decide to Filter Usenet Newsgroups
Posted by Jennifer GranickNew York Attorney General Andrew Cuomo recently succeeding in pressuring AOL and AT&T to join the ranks of Verizon, Sprint, and Time Warner Cable in limiting access to many or all of the Usenet newsgroups hosted on their servers. This tactic will hinder free speech and the access to information in Usenet communities, without deterring the child pornographer. But since the ISPs are “voluntarily” bowing to political pressure, rather than obeying a statutory edict, traditional First Amendment court challenges are unlikely to protect these online communities.
Attorney General Cuomo has pressured these companies into censoring enormous amounts of First Amendment-protected material after an investigation found 88 groups containing child pornography, or 0.5% of the active discussion groups in the alt.* hierarchy. Verizon and Sprint are taking down one gigantic subset of groups, the very popular alt.* hierarchy, AT&T will block all alt.binaries.* groups, while Time Warner Cable and AOL are shutting down their Usenet service entirely. (link) California's Governor and Attorney General have jointly called on California's service providers to follow New York's initiative in "removing child pornography from existing servers and blocking channels that disseminate the illegal material."
Usenet is a technology that predates the birth of the World Wide Web. Similar to bulletin boards, it allows for conversation threads on a wide variety of topics. The alt.* hierarchy alone contains nearly 19,000 different groups. (link) Blocking the alt.* hierarchy, which is the largest and most active, predominantly censors innocent discussions in order to stop illicit activity in a handful of them. Examples of some of the groups that will no longer be available are alt.adoption, alt.culture, and even alt.horology (discussing the science of timekeeping). Blocking all of Usenet throws out even more legitimate and useful expressive speech.
Congress and the courts have struggled for more than 10 years to address the issue of "objectionable" Internet content, without a constitutionally permissible result. Two well-known attempts by Congress were the passage of the 1996 Communications Decency Act and the 1998 Child Online Protection Act. Both attempted to punish individuals who transmitted indecent material that was harmful to minors. The U.S. Supreme Court has ruled these provisions unconstitutional because they block speech that would be protected by the First Amendment in contexts outside of the Internet. States have also attempted to preemptively censor material. In 2002, the Pennsylvania legislature attempted to hold ISPs criminally liable for child pornography available on the Internet. The Pennsylvania Attorney General was able to unilaterally and secretly order ISPs to block access to IP addresses suspected of containing child pornography, resulting in the blocking of many innocent sites (particularly when the same IP address was used to host a variety of websites). A state court soon struck down that law as unconstitutional for violating both due process and prior restraint of speech.
The censorship demanded by NY Attorney General Cuomo arbitrarily filters an entire electronic neighborhood due to the activities of a few of its residents. Measures already existed to take down objectionable material from Usenet. The kind of responsive enforcement that has been previously used balances free speech and the need to stop the dissemination of child pornography much better than the arbitrary, blanket ban to which the ISPs have agreed. Even so, the tactic will not stop committed child pornographers. ISPs are only blocking their own internal Usenet servers, access to Usenet groups on remote websites remains unblocked. As a result, these actions will do little to stop the threat they are intended to prevent. (link)
Because imposed online censorship inevitably goes to far and has never been upheld in the courts, it is not surprising that Attorney General Cuomo chose to apply political rather than legal pressure to the ISPs. While Internet users have First Amendment rights to speech and expression online, ISPs also have a First Amendment right not to carry content that they do not want to promote. To the extent the filtering program is “voluntary”, it is not the government censoring Usenet or the ISPs, but the ISPs choosing what speech they want to carry. Still, ISPs offer the critical public service of providing people with access to the prosperity of information available online. They have an obligation to consider the effects of their censorship on innocent material, and not just the political expediency of accommodating the Attorney General’s request. The heavy-handed approach of shutting down an entire online service is the least efficient and effective way to accomplish their legitimate goal. Usenet is a communication protocol, no different from Hypertext Transfer Protocol (HTTP), which makes the Web possible. Although the Web is also plagued by some amount of objectionable material, no one would remotely consider blocking access to the entire internet an appropriate solution. ISPs should not take advantage of the relatively small size of the Usenet community to deny their customers access to the diverse forms that content can take on digital networks.
*Thanks to Nick Jackson, summer intern, for his work on this Deeplink
Library of Congress on DMCA, Copyright Law Troubles
Posted by Hugh D'AndradeThe chorus of voices criticizing the Digital Millenium Copyright Act (DMCA) has just gotten a bit louder with the addition of a new and authoritative voice: The Library of Congress. In a new report, jointly released with the U.K.'s Joint Information Systems Committee, Australia's Open Access to Knowledge (OAK) Law Project, and the Netherlands' SURFfoundation, the Library of Congress' National Digital Information Infrastructure and Preservation Program points out that the work of preserving, documenting and archiving the nation's intellectual output is made unnecessarily difficult by antiquated copyright law exceptions and limitations, and TPM (technological protection measure) laws designed to restrict the making of digital copies.
ArsTechnica has a review of the report, citing the many absurd paradoxes of trying to make archival copies in a legal environment that views copying as a suspicious and possibly illegal act. The DMCA, for example, bans not just the act of circumventing DRM copy restrictions, but also the sale or trafficking in the software or tools that enable circumvention. And while the Librarian of Congress is authorized to craft exemptions under appropriate circumstances to the DMCA's ban on circumvention, there wouldn't be much of a market for tools to accomplish that circumvention, since only those who fall within an exemption could use them. So even if libraries were granted an exemption from the ban on circumvention for the purposes of digital archiving, they might well be unable to obtain the tools to do so — because they would still generally be illegal.
The report was released the day before a WIPO seminar on Digital Preservation and Copyright issues. In the international context, it is worth noting that some countries have adopted a more forward-looking approach to laws regulating technological protection measures than the inflexible DMCA. One example is New Zealand's recently revised Copyright Law (PDF), which permits libraries and archives to access circumvention tools to circumvent TPMs on behalf of end users if the TPMs interfere with non-copyright infringing uses.
ArsTechnica cites these other examples:
...One big issue is the exemption for published works in a library's collection; these can also be copied three times, but only to "replace a work in their collections that is damaged, deteriorating, lost or stolen or whose format has become obsolete." In other words, librarians can't backup or archive such works until destruction is well under way.
In addition, "obsolete" doesn't mean what you or I might mean by the term; the Library notes that LPs still can't be copied into digital archives because record players remain available on the open market and are therefore not "obsolete."
Check out the ArsTechnica article, and the new report is here (PDF).
minilinks for 2008-17-07
Posted by Hugh D'Andrade
- Apple Sues Psystar
The Psystar OpenMac has incurred the wrath of the "Closed Software Movement."- Prosecutor Flagged by US Terror Watch List
Air travel is difficult for Assistant Attorney General Jim Robinson, who has been put on a secret list by mistake.- A Foreign Correspondent Speaks Out About the FISA Amendments Act
Chris Hedges is a long-time reporter on the Middle East and says his ability to report the news will be compromised.- Democrats Who Spoke Out on Immunity
Dailykos has a list of who said what in the telecom immunity debate.- Through the Looking Glass in Wiretapping Case
A lawyer in the Al Haramain wiretapping case describes the surreal world of a lawsuit over an official government "secret." (log-in may be required.)- Presidential Campaigns Getting Web Savvy
The McCain campaign used web spiders to catch revisions on the Obama campaign site.- FCC Chairman Seeks to End Comcast's Delay of File Sharing
The FCC is planning to confront Comcast's practice of slowing Internet access of those sharing large files -- without issuing fines.- "Home Piracy"
A new report finds that a third of residents in the US & UK are ripping copies of DVDs.- Hacker Locks Officials Out of Computer Network
A disgruntled engineer in San Francisco has commandeered the city's network, locking out other administrators.
Why the VPPA Protects YouTube and Viacom Employees
Posted by Kurt OpsahlMonday’s stipulation between YouTube and Viacom did not “extend to records reflecting the business activities of the parties’ employees and agents.” Instead, as we noted yesterday:
The parties will meet and confer within 14 days of the execution of this Stipulation concerning records reflecting the business activities of the parties’ employees and agents. If the parties cannot reach agreement on this issue, any party may submit it to the court.
Today we expand upon why the Video Privacy Protection Act protects the records showing the video viewing habits of Google/Youtube and Viacom employees.
As an initial matter, the VPPA covers the records at issue. As we discussed in our first post on the YouTube data controversy, the Act refers to “prerecorded video cassette tapes or similar audio visual materials.” The legislative history shows that "similar audio visual materials" is broad--the Senate Report noted that the term includes "laser disks, open-reel movies, or CDI technology." See S. Rep. No. 100-599, 100th Cong., 2d Sess, reprinted at 1988 U.S.C.C.A.N. 4342-1. This is not an exhaustive list. As a federal court noted with respect to the civil discovery subsection:
… in construing the scope of the Act, this Court must strive to protect this aspect of an individual's right to privacy in the face of technological innovations that threaten this fundamental right.
Dirkes v. Borough of Runnemede, 936 F.Supp. 235 (D.N.J. 1996). Accordingly, a YouTube video qualifies as audio visual material under the VPPA.
Furthermore, YouTube is a “video tape service provider” under the Act, because it is “engaged in the business [of] delivery of … audio visual materials.” The VPPA protects “personally identifiable information,” which is defined to include “information which identifies a person as having requested or obtained specific video materials or services.” While the parties disputed whether IP numbers or user IDs were PII, the portion of the Logging Database showing the viewing habits of particular employees is doubtless PII under the Act.
The VPPA extends its protections to “any renter, purchaser, or subscriber of goods or services from a video tape service provider.” To the extent that employees have signed up for a YouTube account and received a YouTube user ID, there is no doubt they are subscribers. And even if there are employees without YouTube user IDs, they could well be "renters" or "purchasers" under the Act. The courts instruct us to interpret the VPPA broadly, and courts have, in other contexts, construed similar terms (like "sale") to include free distribution. Indeed, part of Viacom's overall argument is that YouTube received a financial benefit as a result of video views.
As explained by the Senate Report that accompanied the bill, the VPPA:
prohibits video service providers from disclosing personally identifiable information except in certain, limited circumstances. As a general rule, personally identifiable information may only be disclosed with the prior written consent of the individual.
S. Rep. No. 100-599.
One of these “certain, limited circumstances” may be a civil proceeding like the Viacom-Google litigation. However, even this exception is subject to strong protections: the VPPA permits the disclosure of personally identifying information in a civil lawsuit only "upon a showing of compelling need for the information that cannot be accommodated by any other means" and then only if the subscriber has received notice and an opportunity to contest the request. 18 U.S.C. § 2710(b)(2)(F).
The VPPA also provides an exception for disclosure in the ordinary course of business. However, the ordinary course of business is a defined term, and does not include litigation. Under the Act, “the term ‘ordinary course of business’ means only debt collection activities, order fulfillment, request processing, and the transfer of ownership.” 18 U.S.C. § 2710(a)(2) (emphasis added).
Moreover, while the rules of discovery in civil lawsuits are traditionally broad, the VPPA trumps the discovery rules. As explained by the Senate Report:
This requirement for disclosure pursuant to court order in civil proceedings supersedes federal and state rules of discovery and would prevent disclosure pursuant to a court order in discovery proceedings unless that order complied with this subsection of the Act.
S. Rep. No. 100-599.
This is not to say that the VPPA completely forbids accessing information about video viewing records in litigation. Instead, the VPPA protects privacy by requiring a high standard, which must be met before viewing habits can be exposed.
Viacom Letter to EFF re Google/YouTube Data Privacy
Posted by Kurt OpsahlToday Michael Fricklas, Viacom's General Counsel, sent EFF a letter in response to the concerns we raised regarding the user viewing data controversy over the past week. The letter, arriving on the heels of the stipulation entered between Google and Viacom last night, helps assuage a remaining concern: what if the parties changed the stipulation at a later time?
To address this concern, Viacom's letter promises:
that we will notify you [EFF], in advance, if, for some unforeseen reason we believe that these protections need to be modified in a way that reduces the level of public privacy protections so that you have an opportunity to discuss any concerns you may have or lodge any appropriate objections with the court.
As we noted in an earlier post, a stipulation is not as protective as a motion to correct the court's order because it may be modified by another stipulation between the parties. Viacom's promise, however, gives us the opportunity to take action before personally identifiable information is revealed.
In addition, Viacom provided a copy of the protective order that Viacom "anticipates" will cover the anonymized data Google will turn over, under the category of "Highly Confidential" information. It is critical that the data is ultimately protected by this order, because the Protective Order provides that Highly Confidential data is not to be "disclosed in any way to any person ... for use in any other litigation or contemplated litigation or for any purposes extraneous to this litigation." In addition, after the conclusion of the litigation, it "shall be returned to [Google] or shall be destroyed."
You Bought It, But You Don't Own It
Posted by Corynne McSherryIn a devastating blow to user rights, an Arizona federal court has ruled that consumers can be guilty of copyright infringement if they violate the end user license agreement ("EULA") that comes with the software--even where the so-called "violation" is specifically excluded from copyright liability. Why? Because those protections only apply if you own the software you buy--not if you license it. Stunningly, this means that "cheating" while playing a computer game can expose you to potentially huge statutory damages for copyright infringement.
As we noted back in May, Blizzard Entertainment, the company that makes the hugely popular massively multi-player online role-playing game World of Warcraft, sued Michael Donnelly, the developer of Glider, a program that helps WoW users raise their character level to 70 by "playing" for the user. Blizzard said that because the license agreement forbids using Glider with WoW, Glider users are committing copyright infringement when they load copies of WoW into RAM in order to play the game, and Donnelly is illegally contributing to that infringement.
As Public Knowledge explained in its brief, Blizzard's theory confuses a copyright holder's intellectual property rights in the software it develops with a buyer's rights in the actual copy of the software. An owner of software has a right to copy it if that copy is essential to the customer's use of the software. (See Section 117 of the Copyright Act.) This rule helps balance the rights of the copyright holder to manage and benefit from its expressive work, and the rights of the public to use and build on that work.
Blizzard argued that players aren't owners but merely software licensees, so Section 117 doesn't apply. But the question of whether a user is an owner for purposes of Section 117 depends the substance of the transaction, not just how one party wants to describe it. For example, if you buy the software, keep it on your own computer and don't have to return it when you are done, you probably own it.
Sadly, the court in this case found otherwise. It held that because Blizzard says the software is licensed, and because it imposes restrictions on use (including such standard restrictions as a requirement that a user who transfers her copy of the software to another must delete all copies from her computer). And that means that users who violate the EULA could be on the hook for copyright damages--including statutory damages, which start at $750 and rise to as high as $150,000 per infringed work. Most disappointing, the court gave short shrift to the absurd policy consequences of treating users who violate a contract as copyright infringers. The logical implication of the holding is that any time you buy software, be it film editing software, accounting software, iTunes, Skype, etc., software owners can always use license agreements to prevent you from ever having full control over your software and taking advantage of standard copyright limitations (such as the right to sell your copy [Section 109 of the Copyright Act] or the right to make copies necessary for use of the software [Section 117]). You can buy it, but you can’t own it.
But this decision is not the whole story: this is the third holding on the issue by district courts in the Ninth Circuit in the past three months. Given that the recent decisions vary considerably, it’s likely the appellate court will address the issue in the near term.
There's one bright light on the horizon: the court found that WoW Glider does not violate the DMCA anticircumvention provisions by allowing users to evade "Warden," which scans games players' computers for unauthorized software. The DMCA prohibits the manufacture and sale of technology that allows the circumvention of technological measures that control access to a work. The court correctly held that Warden doesn't "control access" to the WoW software already loaded on a user's computer, and, therefore, WoWGlider doesn't circumvent that access. (Though the court did leave some aspects of the claim open for exploration at trial).
