Friday, May 16, 2008

Judge may have erred in Jammie Thomas $222,000 file sharing award

The judge in the Jammie Thomas trial has found a precedent which indicates he may have mistakenly directed the jury to conclude that Ms Thomas had infringed the copyright in the 24 songs she was found to have made available on Kazaa, merely by making those songs available. He suggested in summation for the jury that no prove that these 24 songs had actually been copied from Ms Thomas's computer was actually required.

"A Minnesota woman ordered to pay $222,000 in the nation's first music download trial may get another chance with a jury.

The issue is whether record companies have to prove anyone else actually downloaded their copyrighted songs, or whether it's enough to argue that a defendant made copyrighted music available for copying.

The recording industry has sued thousands of people who shared music online, and has argued that all they have to prove is that the defendant made the music available. They compared it to someone displaying pirated DVDs for sale on a table.

Music-sharers have argued that the only proven downloaders of their music were investigators working for the record companies themselves.

That was the case in the trial last fall of Jammie Thomas of Brainerd. U.S. District Court Judge Michael J. Davis instructed jurors that making sound recordings available without permission violates record company copyrights "regardless of whether actual distribution has been shown."

On Thursday Davis said that may have been a mistake...

The question of how much the record companies must prove to win their lawsuits seems destined for more dates with appeals court judges.

Different judges have ruled different ways on the matter. Last month a federal judge at a pretrial ruling in Boston said that merely making the songs available online is not copyright infringement. But a ruling by a New York judge took the opposite position.

Ray Beckerman, an attorney who has represented other downloading defendants and runs a blog tracking the most prominent cases, said the Recording Industry Association of America has been using the Thomas verdict to support its side.

"We've been saying all along that it was submitted to the jury on an improper theory, and now the judge recognizes his error and he realizes he was misled by record industry lawyers," Beckerman said."

The Anti-Counterfeiting Trade Agreement (ACTA)... the wha...?

Few people other than intellectual property geeks and stakeholders will be aware of the Anti-Counterfeiting Trade Agreement, ACTA. And why should they? It is an abstract proposal about a complicated area of law, the very mention of which induces a glazed-eyed stupor in the listener's demeanor.

Nevertheless, ACTA, should it ever come to pass, will become a hugely important global instrument governing the flow of information and information-based products around the world. Aaron Shaw, writing for the Knowledge Ecology Studies journal, provides a critical perspective of what he sees as this latest information feudalist's charter, as well as an emotive call to arms to oppose said charter. Though severely critical, it is, nevertheless, the most comprehensive and accessible analysis of the still scarcely available details of ACTA that I've come across. Thoroughly recommended for those who support and oppose ACTA, in addition to the wider general public, who really should be aware of initiatives likely to have a fundamental impact on downstream access to information.
"In mid-February 2008, the Office of the United States Trade Representative (USTR) issued a request for public comments on the proposed “Anti-Counterfeiting Trade Agreement” (ACTA). However, with the exception of a handful of press releases, information about the proposal itself remains scarce. Mainstream media outlets have printed USTR officials' talking points about the importance of winning “the fight against fakes,” but have failed to analyze either the origins or the nature of the ACTA in any detail. What is ACTA? Where did it come from? How would it affect the trade and governance of the knowledge-based economy? In what follows, I provide preliminary answers to these questions and argue that ACTA would impose a narrow trade agenda at the expense of global cooperation and evidence-based policies.

ACTA is a proposed “plurilateral” agreement that would apply new, stricter legal and enforcement standards to the trade in informational goods. These new standards would extend far beyond those required by the WTO TRIPS Agreement. In addition, some of the proposals for the ACTA include sweeping provisions to criminalize information use practices currently allowed under U.S., European, and international law. In these proposals, the agreement would be obligate states, law enforcement officials, and private firms to intrude on the privacy of “alleged” infringers without sufficient legal due process.[1] A small coalition of powerful states supports ACTA, led by the trade representatives of the United States, Japan, Switzerland and the 27 member states of the European Union, represented by the European Commission. These states have also invited representatives from Canada, New Zealand, Mexico, Australia and South Korea to participate in the negotiations. Although ACTA remains in pre-negotiation stages, the signatories would likely seek to impose the terms of the agreement onto developing countries in subsequent bilateral negotiations...

So why is ACTA such a big deal? If signed, the agreement would constitute a diplomatic putsch by a handful of wealthy states and corporations against the rest of the world. Already, it signals an overt and troubling rejection of multilateralism. The so-called “plurilateral” approach represents an outdated model of international treaty-making whereby the unelected representatives of Northern states and a few corporate lobbyists dictate the rules of global markets. Such arrangements were commonplace during the 1990s under the neo-liberal “Washington Consensus” and prior to the Doha Round of negotiations in the WTO. Today, however, this kind of blatant disregard for global consensus and the needs of developing regions poses a threat to the world's prosperity, security and health.

ACTA would create unduly harsh legal standards that do not reflect contemporary principles of democratic government, free market exchange, or civil liberties. Even though the precise terms of ACTA remain undecided, the negotiants' preliminary documents reveal many troubling aspects of the proposed agreement.[6] For example, ACTA advocates intend to further criminalize non-commercial copyright and trademark infringements. They also aim to reinforce so-called “Digital Rights Management” (DRM) technologies that currently prevent the personal, legal reproduction of optical discs like DVDs and trample on “fair use” rights. In addition, rights owner lobby groups want the agreement to undermine legal safeguards that protect Internet Service Providers (ISPs) from liability for the actions of their subscribers. It would also facilitate privacy violations by trademark and copyright holders against private citizens suspected of infringement activities without any sort of legal due process...

ACTA would require signatories to undertake an unprecedented expansion of customs and law enforcement officials' abilities to police goods and information.[9] It would also create a dispute settlement system outside of existing multilateral institutions such as the WTO Tribunal or TRIPS Council to enforce these new powers. Rather than promote cooperation, ACTA signatories would seek to impose a one-sided vision of the knowledge-based economy on the rest of the world. They do so with no regard for the costs of their actions.

In the absence of widespread support for their position, the states behind the ACTA proposals have restricted participation to those organizations that already share their views... Much recent research in economics, law, sociology, business, and political science examine the claim that strict IP-rights regimes promote growth, innovation, and well-being.[10] Several of these empirical studies suggest that alternative regulatory and enforcement practices allocate public goods more efficiently.[11] Of course, other studies contradict the claims of these authors. The point, however, is precisely that such disagreement exists; the prospective ACTA signatories appear to have ignored any findings that do not reflect their ideological agenda."

Indictment sought in MySpace suidcide case

From AP via Findlaw: "Indictment sought in MySpace cyberbullying case"

Federal prosecutors are reportedly going to pursue a mother who allegedly helped her daughter set up a MySpace account to victimise another girl. Tragically th victim committed suicide.

There are no details available yet as to the legal grounds for the prosecution.

Update from SiliconValley:

" Lori Drew of suburban St. Louis, who allegedly helped create a MySpace account in the name of someone who didn't exist to convince Megan Meier she was chatting with a 16-year-old boy named Josh Evans, was charged with conspiracy and fraudulently gaining access to someone else's computer... Drew was charged with one count of conspiracy and three counts of accessing protected computers without authorization to get information used to inflict emotional distress on the girl."

Thursday, May 15, 2008

RIAA explain to the Chronicle how to track file sharers

The RIAA has outlined to the Chronicle of Higher Education how it tracks files sharers.
"To catch college students trading copyrighted songs online, the Recording Industry Association of America uses the same file-sharing software that online pirates love, an RIAA representative told The Chronicle at the organization's offices during a private demonstration of how it catches alleged music pirates. He also said the group does not single out specific colleges in its investigations.

The demonstration was given by an RIAA employee who would speak only on condition of anonymity because of concern that he would receive hate e-mail.

The official explained that one way the RIAA identifies pirates is by using LimeWire, a popular peer-to-peer file-sharing program that is free online and used by many college students (there is also a more-robust version of the program sold for a small fee).

Here's how the process works: The RIAA maintains a list of songs whose distribution rights are owned by the RIAA's member organizations. It has given that list to Media Sentry, a company it hired to search for online pirates. That company runs copies of the LimeWire program and performs searches for those copyrighted song titles, one by one, to see if any are being offered by people whose computers are connected to the LimeWire network. For popular songs, the search can turn up dozens, if not hundreds, of hits. A search on Madonna's latest release, "4 Minutes," turned up more than a hundred users trading various copies of the song.

The LimeWire software allows users who right-click on any song entry and choose "browse host" to see all of the songs that a given file sharer is offering to others for download. The software also lists the IP address of active file sharers. (An IP address is a unique number, assigned by Internet-service providers, that identifies every connection to the Internet.) While the names of the people associated with particular IP addresses are not public, it is easy to find out which IP addresses are registered to each Internet-service provider. Using public, online databases (such as those at arin.net or samspade.org), Media Sentry locates the name of the Internet-service provider and determines which traders are located at colleges or universities."

BECTA complain to EU about OOXML

Apparently the British Educational Communications and Technology Agency (BECTA) are complaining to the EU Commission about Microsoft's OOXML. I've never been a big fan of Becta but they are claiming that Microsoft's lack of interoperability is costing the UK education system a fortune.

"The British commission has asserted that because of Microsoft products’ lack of interoperability, the British Educational System is paying more money on software products than it should. In 2005, the same commission published a study according to which British primary schools could save up to half their costs if they would choose open source software products, and give up the proprietary ones.

Another issue raised by the commission is the way Microsoft licenses its products to the schools. The company’s policy is that all computers in a campus must have Microsoft license. BECTA has considered this an anticompetitive practice.

According to the Associated Press, Microsoft’s spokeswoman Anne-Sophie de Brancion stated that “Microsoft is deeply committed to education and interoperability”, and that the company has started to develop tools that will enable Office to work better with files in ODF."

Thanks to Manon Ress via the A2K list for the pointer.

Tuesday, May 13, 2008

NJ Voting Machine Tape Shows Phantom Obama Vote

Also from Freedom to Tinker, this time from Ed Felten: NJ Voting Machine Tape Shows Phantom Obama Vote.

"I’ve written before (1, 2, 3) about discrepancies in the election results from New Jersey’s February 5 presidential primary. Yesterday we received yet another set of voting machine result tapes. They show a new kind of discrepancy which we haven’t seen before — and which contradicts the story told by Sequoia (the vendor) and the NJ Secretary of State about what went wrong in the election.

The new records are from three voting machines in Pennsauken, District 6. We have the result tapes printed out by all three voting machines in that district (1, 2, 3). As usual, each result tape has a “Candidate Totals” section giving the vote count for each candidate, and a separate “Option Switch Totals” section giving the voter turnout in each party. We also have the Democratic vote totals reported by the county clerk for that district (and some others), which were apparently calculated from the memory cartridges used in the three machines.

The county clerk’s totals show 279 votes in Pennsauken District 6. The per-candidate counts are Clinton 181, Obama 94, Richardson 2, Edwards 1, Kucinich 0, Biden 1, which adds up correctly to 279. The turnout sections of the three result tapes also show a total Democratic turnout of 279 (133+126+20).

But the Candidate Totals sections of the tapes tell a different story. Adding up the three tapes, the totals are Clinton 181, Obama 95, Richardson 2, Edwards 1, Kucinich 0, Biden 1, which adds up to 280. The Candidate Totals on the tapes show an extra Obama vote that doesn’t appear anywhere else.

(Everything seems to add up on the Republican side.)

The State claimed, in response to some (but not all) of the discrepancies I pointed out previously, that I had misread the tapes. This time the tapes are absolutely clear."

Ed provides scanned images of the tapes in his blog entry and the conclusion as he suggests is inescapable:

"It is inconsistent with Sequoia’s explanation for the previously-noticed discrepancies. It is inconsistent with the State’s theory of what went wrong in the election.

It’s time for an independent investigation."

F.B.I. Says the Military Had Bogus Computer Gear

From the NYT: F.B.I. Says the Military Had Bogus Computer Gear
"Counterfeit products are a routine threat for the electronics industry. However, the more sinister specter of an electronic Trojan horse, lurking in the circuitry of a computer or a network router and allowing attackers clandestine access or control, was raised again recently by the F.B.I. and the Pentagon.

The new law enforcement and national security concerns were prompted by Operation Cisco Raider, which has led to 15 criminal cases involving counterfeit products bought in part by military agencies, military contractors and electric power companies in the United States. Over the two-year operation, 36 search warrants have been executed, resulting in the discovery of 3,500 counterfeit Cisco network components with an estimated retail value of more than $3.5 million, the F.B.I. said in a statement.

The F.B.I. is still not certain whether the ring’s actions were for profit or part of a state-sponsored intelligence effort. The potential threat, according to the F.B.I. agents who gave a briefing at the Office of Management and Budget on Jan. 11, includes the remote jamming of supposedly secure computer networks and gaining access to supposedly highly secure systems. Contents of the briefing were contained in a PowerPoint presentation leaked to a Web site, Above Top Secret."

Dan Wallach makes the point over at Freedom to Tinker that the key story here is the integrity of the supply chain.
"The really interesting story is all about the supply chain. Consider how you might buy yourself a new Mac. You could go to your local Apple store. Or you could get it from any of a variety of other stores, who in turn may have gotten it from Apple directly or may have gone through a distributor. Apparently, for Cisco gear, it’s much more complicated than that. The U.S. government buys from “approved” vendors, who might then buy from multiple tiers of sub-contractors. In one case, one person bought shady gear from eBay and resold it to the government, moving a total of $1M in gear before he was caught. In a more complicated case, Lockheed Martin won a bid for a U.S. Navy project. They contracted with an unauthorized Cisco reseller who in turn contracted with somebody else, who used a sub-contractor, who then directly shipped the counterfeit gear to the Navy. (The slides say that $250K worth of counterfeit gear was sold; duplicate serial numbers were discovered.)

Why is this happening? The Government wants to save money, so they look for contractors who can give them the best price, and their contracts allow for subcontracts, direct third-party shipping, and so forth. There is no serious vetting of this supply chain by either Cisco or the government. Apparently, Cisco doesn’t do direct sales except for high-end, specialized gear. You’d think Cisco would follow the lead of the airline industry, among others, and cut out the distributors to keep the profit for themselves.

Okay, on to the speculation. Both the New York Times and the FBI presentation concern themselves with Trojan Horses. Even though there’s no evidence that any of this counterfeit gear was actually malicious, the weak controls in the supply chain make it awfully easy for such compromised gear to be sold into sensitive parts of the government, raising all the obvious concerns.

Consider a recent paper by U. Illinois’s Sam King et al. where they built a “malicious processor”. The idea is pretty clever. You send along a “secret knock” (e.g., a network packet with a particular header) which triggers a sensor that enables “shadow code” to start running alongside the real operating system. The Illinois team built shadow code that compromised the Linux login program, adding a backdoor password. After the backdoor was tripped, it would disable the shadow code, thus going back to “normal” operation.

The military is awfully worried about this sort of threat, as well they should be. For that matter, so are voting machine critics. It’s awfully easy for “stealth” malicious behavior to exist in legitimate systems, regardless of how carefully you might analyze or test it. Ken Thompson’s classic paper, Reflections on Trusting Trust, shows how he designed a clever Trojan Horse for Unix. [Edit: it's unclear that it ever got released into the wild.]

[...]

In summary, it’s probably a good thing, from the perspective of the U.S. military, to discover that their supply chain is allowing counterfeit gear into production. This will help them clean up the supply chain, and will also provide an extra push to consider just how much they trust the sources of their equipment to ship clean software and hardware."

Bell accused of privacy invasion

From CBC news (thanks to Michael Geist for the pointer):
"The Canadian Internet Policy and Public Interest Clinic, a University of Ottawa legal clinic specializing in internet- and other technology-related law, has joined the assault on Bell Canada Inc. and its traffic-shaping practices, urging an investigation by the country's privacy commissioner.

The group says Bell has failed to obtain the consent of its retail and wholesale internet customers in applying its deep-packet inspection technology, which tells the company what subscribers are using their connections for. Bell is using DPI to find and limit the use of peer-to-peer applications such as BitTorrent, which it says are congesting its network.

The CIPPIC, which is made up mainly of lawyers and law students from the University of Ottawa, says Bell has not only failed to show that its network is congested and that its actions are necessary, but it has also run afoul of the Personal Information Protection and Electronic Documents Act (PIPEDA) in doing so.

"Practices [such as] those involving the collection and use of personal information are not necessary to ensure network integrity and quality of service," wrote CIPPIC director Philippa Lawson in a letter to the commissioner dated May 9."

The CIPPIC's news release and a copy of their letter to Canadian Privacy Commissioner Jennifer Stoddart, are available on their website.
"Large ISPs including Bell Canada and Rogers Communications Inc. may be monitoring internet
subscribers’ online activities contrary to Canada’s privacy legislation, and the Canadian Internet
Policy and Public Interest Clinic has asked Canada’s Privacy Commissioner to investigate.
The Canadian Internet Policy and Public Interest Clinic (CIPPIC) today filed a complaint with
Canada’s Privacy Commissioner about Bell Canada’s alleged practice of monitoring internet
subscribers’ internet activities without their knowledge or consent. Bell began to apply “deep
packet inspection” to its own Sympatico retail customers late in October 2007, but only admitted
this practice late in March 2008, after it began applying the same practice to subscribers of other,
independent internet service providers.
Bell claims it is respecting the privacy of ISP subscribers, but has refused to describe just what its
deep packet inspection of subscribers’ activities really uncovers. “Millions of Canadians use the
Internet every day,” said Philippa Lawson, Executive Director of the Clinic. “How can they
know if their privacy is being respected, if Bell won’t disclose what it is actually doing?”
There is evidence that other large ISPs such as Rogers, Shaw, and Cogeco may be engaging in
similar practices, said Lawson. “Our complaint focuses on Bell, but we are asking the
Commissioner to investigate all ISPs who engage in traffic-shaping practices.”
“Canada has privacy legislation that Bell and other ISPs must follow,” Ms. Lawson pointed out.
“We’re asking the Privacy Commissioner to investigate just what Bell’s use of deep packet
inspection involves. Canadians have a right to know who is looking over their shoulders, and
why.”
CIPPIC is based at the University of Ottawa, Faculty of Law. The clinic seeks to ensure balance
in policy and law-making processes on issues that arise as a result of new technologies."

Monday, May 12, 2008

French 3 strikes bill struggling to get on the statute books

According to Danny O'Brien of the EFF, the process of getting a file sharing 3 strikes law on the statute books in France is proving to be slightly more problematic than supporters of the move had hoped, despite the signing of a memorandum of understanding by the French government, the ISPs and the music industry earlier in the year.
"Six months on from the original Olivennes report, with growing objections across Europe, collapsing support for Sarkozy's administration at home, and still no "three strikes" law on any statute books, the entertainment industry is getting a little antsy. Last week, the French RIAA, le Syndicat national de l'édition phonographique (SNEP), announced a deadline to Sarkozy's ministers. Hervé Rony, SNEP spokesman, said "it would not be acceptable" for the three strikes law to miss the French Parliament's Summer schedule.

It looks like SNEP's demands are not going to be met. Before the "Loi Olivennes" can even reach parliament, it has to be examined by the French Counseil d'Etat, the senior jurists that advise the French executive and acts as France's supreme court.

They are not rushing their analysis. Just why might be gleaned from the leaked copy of the law sent to them for consideration (provided by Squaring the Net in French). Even after being moderated from earlier drafts, the document still describes a stunning shift in judicial and enforcement, both offline and on."

Thanks to Glyn at ORG for the pointer.

ISAP report on UK ID card scheme

Jamie Doward in the Observer has picked up on the recent ISAP report criticising the government's plans for their ID card scheme.
"A government-appointed panel of experts is warning that the new ID cards system will be open to fraud by the people running it.

In a potentially damaging revelation, which undermines claims that the scheme will enhance national security, the group has concluded that it will be prone to corruption.

A new report by the Independent Scheme Assurance Panel (Isap), set up to advise the government on the implementation of ID cards, states: 'Based on the likelihood that the scheme will aggregate a lot of valuable data, there is the risk that its trusted administrators will make improper use of this data.' It adds: 'The scheme will be subject to data errors and errors in decisions made.'

The acknowledgements come as the government has admitted it is to contract out the taking of fingerprints and photographs of ID card applicants to the private sector to save money."

Sunday, May 11, 2008

Lessig TED talk

Just because I haven't mentioned him in a while, here's Larry Lessig's talk at TED last year.