Friday, July 04, 2008
A new business model for the music industry
Highly recommended and it should be read in conjunction with Fred Von Lohmann's A Better Way Forward: Voluntary Collective Licensing of Music File Sharing.
Thursday, July 03, 2008
3 strikes amendments to EU telecoms proposals
"Over in France, President Nicolas Sarkozy (who also took over the European presidency yesterday) has put his weight behind legislation proposed by the Olivennes report. The bill, which has been delayed until the Autumn, will mandate termination of internet connections. It goes without saying that it is the subject of much controversy across the Channel.
La Quadrature du Net - a French pressure group - have been actively campaigning on the issue. They’re also tracking the progress of the Telecoms Package, a review of European telecoms law currently in the European Parliament. Ordinarily this bill would deal with network infrastructure, universal service and other purely telecoms matters.
But as La Quadrature du Net announced yesterday:
“One week before a key vote in the reform of European law on electronic communications (”Telecom Package”), La Quadrature du Net (Squaring the Net) denounces a series of amendments aimed at closing the open architecture of the Internet for more control and surveillance of users..
…this set of amendments creates the unprecedented mechanism known as graduated response in European law; judicial authority and law courts are vacated in favour of private actors and “technical measures” of surveillance and filtering. According to rules set forth by administrative authorities and rights holders, intermediaries will be forced to cooperate in monitoring and filtering their subscribers, or they will be exposed to administrative sanctions”
If you want to voice your concerns about 3 strikes legislation brought in through the backdoor in Brussels, you have until 7 July, the date of the vote in IMCO and ITRE committees, to contact your MEP and inform them that the “Telecoms Package” amendments could bring in disproportionate and ineffective law.
You can find details of your MEPs here. Suggestions for topics to raise in your letters are here and analysis and commented amendments with other resources about the Telecoms Package are also available."
Lilian Edwards has pointed out in great detail why a 3 strikes approach to tackling copyright infringement on the Net is inappropriate from all kinds of legal perspectives, so I won't repeat her lessons here. This is just the latest example of how the EU can be used and abused as a policy laundering mechanism for proposals which have been categorically rejected at member state level. It's also the kind of thing which simultaneously undermines the ideals of the EU and the sovereignty of member states and I guess reinforces the wisdom of my fellow countrymen and women in the recent referendum on the Lisbon treaty.Update: If you'd like the whole story in one gulp, a relatively large gulp, then there's nothing to beat Lilian's latest blog post on the subject. Essential reading. And btw the vote on the complex telecoms legislation, which will mandate a 3 strikes rule across the EU as one of many major side effects, is tomorrow, Monday 7th July.
Judge orders Google to hand over IP addresses of all YouTube users
"(1) The cross-motion for a protective order
barring disclosure of the source code for the
YouTube.com search function is granted, and the
motion to compel production of that search code is
denied;
(2) The motion to compel production of the
source code for the Video ID program is denied;
(3) The motion to compel production of all
removed videos is granted;
(4) The motion to compel production of all data
from the Logging database concerning each time a
YouTube video has been viewed on the YouTube website
or through embedding on a third-party website is
granted;
(5) The motion to compel production of those
data fields which defendants have agreed t o produce
for works-in-suit, for all videos that have been posted
to the YouTube website is denied;
(6) The motion t o compel production of the
schema for the Google Advertising database is
denied ;
(7) The motion to compel production of the
schema for the Google Video Content database is
granted; and
(8) The motion to compel production of the
private videos and data related to them is denied at
this time except to the extent it seeks production
of specified non-content data about such videos ."
The EFF are appalled at the ruling, particularly item (4) and are claiming it:
"erroneously ignores the protections of the federal Video Privacy Protection Act (VPPA), and threatens to expose deeply private information about what videos are watched by YouTube users. The VPPA passed after a newspaper disclosed Supreme Court nominee Robert Bork's video rental records. As Congress recognized, your selection of videos to watch is deeply personal and deserves the strongest protection...
The VPPA protects “personally identifiable information,” which is defined to include “information which identifies a person as having requested or obtained specific video materials or services.” This is exactly what is in the Logging database.
Accordingly, pursuant to this federal law, the Court may not order the production of “personally identifiable information”:
in a civil proceeding [except] upon a showing of compelling need for the information that cannot be accommodated by any other means, if—
(i) the consumer is given reasonable notice, by the person seeking the disclosure, of the court proceeding relevant to the issuance of the court order; and
(ii) the consumer is afforded the opportunity to appear and contest the claim of the person seeking the disclosure.
Today’s court order made no finding that Viacom could not be accommodated by any other means, nor were the YouTube users provided with notice and an opportunity to contest the claim...
In any event, the court ordered production of not just IP addresses, but also all the associated information in the Logging database. Whatever might be said about 'an IP address without additional information,' the the AOL search history leak fiasco shows that the material viewed by a user alone can be sufficient to identify the user, even with neither a login nor an IP address.
The Court's erroneous ruling is a set-back to privacy rights, and will allow Viacom to see what you are watching on YouTube. We urge Viacom to back off this overbroad request and Google to take all steps necessary to challenge this order and protect the rights of its users."
Thanks to Glyn at ORG for the alert via the Wired blog.
University asserts downloading texts is fair use
The argument is in response to a copyright infringement lawsuit brought by Oxford University Press, Cambridge University Press and Sage Publications.
"The outcome of the lawsuit could have consequences for how colleges throughout the country distribute course material online. Publishers and colleges have been tussling for years about whether and under what circumstances colleges can make publishers' electronic material available to students."
Wednesday, July 02, 2008
ORG report on London elections published
"Question 4 Do you think that greater access to remote voting (whether through traditional postal voting or by electronic means) should be made available alongside weekend voting? Should such arrangements be explored even if polling day were not moved to the weekend? Please explain why.
Question 5 What do you perceive to be the benefits and the drawbacks of remote e-voting?"
The ORG report on London is a clinical indictment of the reality of using evoting in a live election, even when the project managers of that election do a commendable job within the constraints that they are operating to, and it concludes that:
"There is insufficient evidence available to let independent observers reliably state whether the results declared in the May 2008 elections for the Mayor of London and the London Assembly are an accurate representation of voters‘ intentions."
The good folks at ORG also make a number of recommendations:
"Recommendations
ORG‘s position is that e-counting obscures the workings of elections from voters and candidates. Mitigating this risk in order to sufficiently enhance the transparency of e-counts could well be more expensive than sticking with manual methods. ORG has received comments that suggest that e-counting is inevitable and that opposing these technologies is a Luddite view. ORG disagrees, and considers it telling that a significant proportion of those concerned about voting and counting technologies are computer scientists and professionals, who are normally the most enthusiastic adopters of new technology.
The political climate is still in the shadows of the chaotic May 2007 e-count in Scotland, and the electoral timetable is likely to preclude the deployment of computers in elections for the next two years. For the moment, therefore, ORG recognises that elections administrators may be turning away from experimenting with e-counting technologies in statutory elections. However, ORG suspects that in two years' time these deterrents may have faded and legislators may feel eager to experiment with e-counting again. ORG therefore makes the following recommendations for improved practice in e-counting below, and refers any legislators tempted to reopen the Pandora‘s box of e-voting to the conclusions and recommendations of ORG‘s May 2007 elections report.
Recommendation 1: A full cost-benefit analysis of electronic counting at the London elections in May 2008 should be performed by London Elects. The analysis should be set against a properly-costed manual count of similar scope. London Elects should also cost the following recommended enhancements to the electronic count, including:
o A statistically significant live manual audit on count day, or some other effective means, accessible to the layperson, of monitoring votes that are counted as valid
o A comprehensive, independent audit of all source code deployed on e-counting systems, made publicly available before the elections
o Improved record-keeping facilities at the ballot box verification stage
o Improved transparency around the contractor‘s service management desk
o System-designed assurance that the voter‘s paper ballot remains the ballot of record so that, for example, paper ballots can easily be retrieved by CROs wishing to ascertain the intention of a voter where this is not clear from the scanned image of a ballot.
Recommendation 2: Time should be given for formal consultation — at national and local levels — prior to the approval of e-counting being used in an election.
Recommendation 3: Administrators should remain committed to long lead-in times for procurement and implementation of election technology. Based on the experience of London Elects, ORG revises this figure upwards from one year (as recommended in ORG‘s May 2007 report) to 18 months as a suitable application and implementation timetable."
ECHR: UK phone tap practices illegal
I wonder what the court would make of the mass unconstitutional wiretapping programme sanctioned by the Bush administration and facilitated by the telcos in the US and the fact that both the main candidates for the presidential election in November are now committed to giving retroactive immunity to the organisations involved?
Extract from the court's decision yesterday:
"I. ALLEGED VIOLATION OF ARTICLE 8 OF THE CONVENTION
41. The applicants complained about the interception of their communications, contrary to Article 8 of the Convention:
“1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”
A. The parties’ submissions
1. The applicants
42. The applicants complained that, between 1990 and 1997, telephone, facsimile, e-mail and data communications between them were intercepted by the Capenhurst facility, including legally privileged and confidential material.
43. Through the statements of Mr Duncan Campbell, a telecommunications expert, they alleged that the process applying to external warrants under section 3(2) of the 1985 Act embodied five stages...
44. The applicants contended that since the section 3(2) procedure permitted the interception of all communications falling within the large category set out in each warrant, the only protection afforded to those whose communications were intercepted was that the Secretary of State, under section 6(1) of the Act, had to “make such arrangements as he considers necessary for the purpose of securing that ... so much of the intercepted material as is not certified by the certificate is not read, looked at or listened to by any person” unless the requirements of section 6(2) were met. However, the precise nature of these “arrangements” were not, at the relevant time, made known to the public, nor was there any procedure available to permit an individual to satisfy him or herself that the “arrangements” had been followed. The Tribunal did not have jurisdiction to examine such compliance, and although the Commissioner was authorised under section 8 to review the adequacy of the “arrangements” in general, he had no power to review whether they had been met in an individual case.
45. It was plain that the alleged interception of communications constituted an interference with the applicants’ rights under Article 8 § 1. Any such interception, to comply with Article 8 § 2, had to be “in accordance with the law”, and thus have a basis in domestic law that was adequately accessible and formulated with sufficient precision as to be foreseeable. They contended that the United Kingdom legislation breached the requirements of foreseeability...A. Admissibility
55. The Court notes that this complaint is not manifestly ill-founded within the meaning of Article 35 § 3 of the Convention. It further notes that it is not inadmissible on any other grounds. It must therefore be declared admissible.
B. Merits
1. Whether there was an interference
56. Telephone, facsimile and e-mail communications are covered by the notions of “private life” and “correspondence” within the meaning of Article 8 (see Weber and Saravia v. Germany (dec.), no. 54934/00, § 77, 29 June 2006, and the cases cited therein). The Court recalls its findings in previous cases to the effect that the mere existence of legislation which allows a system for the secret monitoring of communications entails a threat of surveillance for all those to whom the legislation may be applied. This threat necessarily strikes at freedom of communication between users of the telecommunications services and thereby amounts in itself to an interference with the exercise of the applicants’ rights under Article 8, irrespective of any measures actually taken against them (see Weber and Saravia, cited above, § 78).
57. The Court notes that the Government are prepared to proceed, for the purposes of the present application, on the basis that the applicants can claim to be victims of an interference with their communications sent to or from their offices in the United Kingdom and Ireland... The Court considers that the existence of these powers, particularly those permitting the examination, use and storage of intercepted communications constituted an interference with the Article 8 rights of the applicants, since they were persons to whom these powers might have been applied (see Weber and Saravia, cited above, §§ 78-79).
2. Whether the interference was justified
58. Such an interference is justified by the terms of paragraph 2 of Article 8 only if it is “in accordance with the law”, pursues one or more of the legitimate aims referred to in paragraph 2 and is “necessary in a democratic society” in order to achieve the aim or aims (see Weber and Saravia, cited above, § 80)...
69. In conclusion, the Court does not consider that the domestic law at the relevant time indicated with sufficient clarity, so as to provide adequate protection against abuse of power, the scope or manner of exercise of the very wide discretion conferred on the State to intercept and examine external communications. In particular, it did not, as required by the Court’s case-law, set out in a form accessible to the public any indication of the procedure to be followed for selecting for examination, sharing, storing and destroying intercepted material. The interference with the applicants’ rights under Article 8 was not, therefore, “in accordance with the law”.
70. It follows that there has been a violation of Article 8 in this case."The court also awarded legal costs against the UK government. There's a brief report on the case in the Guardian. The other mainstream news outlets seem to have missed the decision for the moment.
Update: RTE have picked it up now, as have Reuters. Also possibly more accessible to ordinary mortals than the judgment itself is the press release related to it issued by the Court Registrar.
Update 2: I recommend the articles written by Richard Lamont, who deduced the real purpose of the 'Capenhurst Tower' interception facility at the centre of this case in 1999, available here and here. Thanks to Richard Lamont himself for the alert via the ukcrypto list.
Tuesday, July 01, 2008
d Data Control and Social Networking: Irreconcilable Ideas?
Abstract:
" The future of both law and technology will require reconciling users' desire to self-disclose information with their simultaneous desire that this information be protected. Security of personal information and user privacy are potentially irreconcilable with the conflicting set of user preferences regarding information sharing behaviours and the convenience of using technology to do so. Social networking sites (SNSs) provide the latest and perhaps most complicated case study to date of these technologies where consumers' desire for data security and control conflict with their desire to self-disclose. Although the law may provide some data control protections, aspects of the code itself provide equally important means of achieving a delicate balance between users' expectations of data security and privacy and their desire to share information."
They raise serious concerns about the almost universal ignorance of the users of social networking sites about the uses of their sensitive private data by the owners of these sites and other third parties. They also suggest some ways forward, including privacy enhanced software/code architectures for such sites, as the abstract above notes.
The main value of this work though is in the clear and comprehensive analysis of the issues and their clarion call for an urgent review of how social networking sites might be regulated, through law and/or code, in a way which builds in a default respect for the privacy of their users and, in addition, recognises the wider value of privacy to society as a whole. Policymakers in government and industry please take note.
Programmed for control
"Rights, liberties and the liberty instinct are evaporating in this country, partly through ignorance of the historic struggle to win our freedoms - and the civilising effect this had on the world - and partly from selfishness and fear that has been remorselessly encouraged by the tabloid press. Into this gap have stepped sinister forces in the Civil Service and a government programmed to think of governance as no more than control.
We may be at the stage where we should coldly ask what is the point of personal freedom in our society? Russia has democracy without liberty and China has capitalism without democracy or liberty. Does the 21st century need to bother with the thing that tied up so much effort in the previous 250 years? Have personal freedom and rights become redundant...
Do we sacrifice the freedom to bring up children as best we can, to assembly, to protest, to free speech and privacy of communication and movement for the - unguaranteed - freedom from terror, crime and antisocial behaviour?...
Justice Secretary Jack Straw declared: 'Yes, the sun does rise in the East. And yes, we have deepened and extended civil liberties for all', sentences which should earn him a pelting with soft fruit whenever he appears in public...
Last week, the Poynter review on the loss of 25 million records from HM Revenue & Customs was published. The culprits - Gordon Brown, Dawn Primarolo MP and David Varney, the former head of the HRMC - have all moved on to other jobs, in Varney's case to the Transformational Government project that will oversee the merger of all government databases in a monstrous implement of surveillance. Forget privacy, let's just think about the appalling, and expensive, mess that this is likely to result in. And while we're about it, the waste of public funds in local government surveillance operations and CCTV systems which Detective Chief Inspector Mike Neville, Scotland Yard's CCTV expert, declared an 'utter fiasco'...
Parliament had better begin to address these issues soon or a chimpanzee living in Spain will have more rights than you and me."
Obama u-turn on telecomms immunity for mass wire-tapping
During the Democratic primary campaign he made repeated commitments not to support retroactive immunity. Now he is apparently in favour of immunity for those companies.
From last Friday's Washington Post:
""To be clear: Barack will support a filibuster of any bill that includes retroactive immunity for telecommunications companies."
-- Obama spokesman Bill Burton, Oct. 24, 2007
That was then: Democratic primaries to be won, netroot lefties to be seduced. With all that (and Hillary Clinton) out of the way, Obama now says he'll vote in favor of the new FISA bill that gives the telecom companies blanket immunity for post-Sept. 11 eavesdropping...
Remember his pledge to stick to public financing? Now flush with cash, he is the first general-election candidate since Watergate to opt out. Some goo-goo clean-government types chided him, but the mainstream editorialists who for years had been railing against private financing as hopelessly corrupt and corrupting evinced only the mildest of disappointment.
Indeed, the New York Times expressed a sympathetic understanding of Obama's about-face by buying his preposterous claim that it was a preemptive attack on McCain's 527 independent expenditure groups -- notwithstanding the fact that (a) as Politico's Jonathan Martin notes, "there are no serious anti-Obama 527s in existence nor are there any immediate plans to create such a group" and (b) the only independent ad of any consequence now running in the entire country is an AFSCME-MoveOn.org co-production savaging McCain."
Dominic Lawson in the Independent is not impressed either but then he's never been an Obama fan. And sadly people have to realise that Obama is not bringing a new dawn. He's just a politcian and he does what modern politicians do - bend in the breeze and tell their various interests what they want to hear.I would be interested to hear what Larry Lessig makes of Obama's opting out of the public campaign financing system though. Larry, after all, is committed to changing Congress. Not that McCain will be short of funds with lots of "independent" groups apparently spending significant funds campaigning on his behalf. Just don't go expecting massive change in US politics whichever of the two men succeeds in achieving the highest office in November's election. The paymasters will still be looking for their pound of flesh.
Just as Obama has dropped his commitment to dealing with illegal wiretapping, we can expect that David Cameron, should the Tories ever get elected this side of the pond, will drop his opposition to ID cards and other illiberal hi tech surveillance systems brought in by Nu Labour; and for the very same reason - fear of being accused of being soft on terror and despite the fact that the deployment of these systems make dealing with terror much more difficult.
Update: Jack Balkan's and Marty Lederman's posts on the substance of the new FISA amendments are essential reading for anyone interested in the subject.
NHS sinking in administrative drivel
There will be "An increasing focus for GPs" on "improving the health of individuals". Hmmm. Ok. That's not exactly new but credit where credit is due.
They are committed to an improvement in the "Quality and Outcomes Framework" through the mechanism of a "clinical dashboard", annual "Quality Accounts" and "an unwavering, unrelenting, unprecedented focus on quality".
They plan "to bring clarity to quality", a "strong clinical voice elevated through the Review", "new expectations of professionalism" to "redefine their roles as practitioners" and a set of "rights and responsibilities of a newly-enhanced accountability".
We've been burdened with "quality assessment" in the education system for as long as I can remember and before that similarly during my time in industry there was an obsession with gaining external quality awards like ISO 9001 and the BSA equivalent, British Quality Awards etc. etc. An aspiration towards providing quality products and services is commendable. Unfortunately in practice the management of quality rapidly degenerates into a hugely complex box ticking paper chase, where the incentives to pretend the organisation is doing better than it is become overwhelming; and the resources expended on feeding the organisation's "quality" administrative system grow exponentially and have been known to overtake the resources spent on the core business, as sustaining the quality monster becomes an end in itself.
Monday, June 30, 2008
U.S. and Europe Near Agreement on Private Data
"The United States and the European Union are nearing completion of an agreement allowing law enforcement and security agencies to obtain private information — like credit card transactions, travel histories and Internet browsing habits — about people on the other side of the Atlantic Ocean.
The potential agreement, as outlined in an internal report obtained by The New York Times, would represent a diplomatic breakthrough for American counterterrorism officials, who have clashed with the European Union over demands for personal data. Europe generally has more stringent laws restricting how governments and businesses can collect and transfer such information.
Negotiators, who have been meeting since February 2007, have largely agreed on draft language for 12 major issues central to a “binding international agreement,” the report said. The pact would make clear that it is lawful for European governments and companies to transfer personal information to the United States, and vice versa."
PM's claims about DNA database false
"
1. The Prime Minister’s claim is false;"
2. Ministers are well aware that this claim is false;
3. This figure is misleading to members of the public who are concerned about the
implications of retaining innocent people’s records indefinitely on the National
DNA Database...
It is not possible – let alone probable - that 114 murderers would have walked away if
DNA profiles from innocent people were not kept on the NDNAD, because the number of
convictions is always considerably less than the number of DNA matches. In addition,
suspects in murder cases are often identified by means other than a ‘cold hit’ on the
Database: claiming that they would “walk away” if they did not have a record on the
Database is therefore highly misleading. Since the law changed, the Government has
provided no examples of murders that have been solved as a result of retaining the DNA
of innocent people beyond the period necessary to investigate whether they have
committed a past offence...
The British Academy of Forensic Sciences has noted that “in reality there are a number
of disadvantages” with profiling everyone at birth, which it lists as24:
• The scale of the operation would be disproportionate, since only a minority commit
crimes
• It would increase anxieties about ‘big brother’, already evoked by widespread CCTV
coverage and proposed biometric identity cards
• It might be seen to imply that we are all guilty until proven innocent
• There have, and will be, mistakes, chance matches and false matches with close
relatives, made even more likely where profiles are incomplete
• Links will be established all the time between the scene and innocent individuals,
leading to false inferences
• It would render every member of the population vulnerable to attack, by for example
having their DNA planted at a crime scene
• In future it is possible that profiles could also reveal confidential information about the
health of an individual
• It would be impossible to control for the large numbers of people who enter and leave
the country, both legally and illegally...
The NDNAD is a useful tool in criminal investigations, but the permanent retention on it
of everyone who has been arrested for a recordable offence raises important concerns
about privacy and rights, including:
· the potential threat to ‘genetic privacy’ if information is revealed about health or
family relationships, not just identity;
· the creation of a permanent ‘list of suspects’ that could be misused by governments
or others;
· the potential for unauthorised access, abuses and/or misuses and mistakes:
including the tracking of individuals and their relatives, and the implications of false
matches;
· the exacerbation of discrimination in the criminal justice system.
GeneWatch UK is not opposed to the existence of the DNA Database, or the use of DNA
in criminal investigations, but has questioned the benefits of its rapid expansion.
Overall, analysis of Home Office data shows that collecting more DNA from crime
scenes has made a significant difference to the number of crimes detected using DNA,
but keeping DNA from increasing numbers of individuals has not...
Examination of the evidence shows that:
· The figures cited by the Prime Minister refer to an estimate of DNA matches, not
solved crimes;
· The reported matches are not actual matches obtained with individuals’ profiles
retained on the NDNAD following acquittal or charges being dropped, but are an
estimate based on a number of unverifiable assumptions;
· DNA matches are not successful prosecutions and many matches occur with the
DNA of individuals who are not the perpetrator of the crime, including victims and
passers-by, or are false matches;
· The retention of DNA samples has not contributed to the detection and prosecution
of serious crime – only the retention of computerised DNA profiles on the NDNAD is
necessary to obtain a match. The DNA samples are stored by the commercial
laboratories which analyse them for an annual fee, and raise additional privacy
concerns because they contain unlimited genetic information.
· Misinformation about the impact of DNA retention on solved crimes is likely to
mislead the public about the recent massive expansion of the National DNA
Database. Retaining innocent individuals’ DNA is costly but has delivered no
detectable improvement in solving crimes: this contrasts with the improved collection
and analysis of crime scene DNA.
GeneWatch UK concludes that:
1.The Prime Minister’s claim that “in all probability” 114 murderers would have
walked away had innocent people’s records not been retained on the National
DNA Database is false.
2. Ministers are well aware that this claim is false;
3. This figure is seriously misleading to members of the public who are concerned
about the implications of retaining innocent people’s records indefinitely on the
National DNA Database.
Thanks to Glyn at ORG for the link. Sorry about the formating.
Fear of cameras
As the star of the film says, there are no restrictions on filming in public places in the UK of the type that the CSOs in the film seemed to think. There are a few specific exceptions and if you're interested in the smallprint, Linda Macpherson, a law lecturer at Heriot Watt University, has written a guide to photographers' rights in the UK.
Bert Krages' guide to photographers' rights in the US is also available on the Web.
Landmark US Supreme Court privacy decision turns 50
It is almost hard to believe that the National Association for the Advancement of Colored People, the NAACP, was considered a dangerous radical group, particularly in the southern states of the US, for a large part of the 20th century, when all they were asking for was equal rights. The state of Alabama tried to expel the group on the legal technicality of not complying with corporate registration laws. There followed a series of legal proceedings which culminated in the state demanding the details of all NAACP members. The NAACP rightly refused to comply - as members faced risk of serious injury, damage to property and even death - and got fined the huge sum of $100,000 by the state courts. At this point the NAACP appealed to the US Supreme Court and the rest, as they say, is history.
From Professor Allen's esasy:
"The United States Supreme Court’s decision in NAACP v. Alabama ex. Rel. Patterson, 357 U.S. 449 (1958) turns 50 this year. For those who value privacy it is a birthday worth remembering.
In NAACP v. Alabama, the Court affirmed that the constitutional rights of speech and assembly include a right of private group association. The idea that Americans are free to join private groups was not new in 1958. However, the Court’s decision to allow private groups to keep membership information confidential was an important constitutional milestone.
In 1956, the state of Alabama demanded a copy of the NAACP’s membership list, as part of its effort to expel the group from the state for allegedly violating a state business law. But the Supreme Court held that the civil rights group had a right to keep its members’ identities secret, whether or not a technical business law had been broken. Revealing the group’s membership, argued the Court, “is likely to affect adversely the ability of [the NAACP] and its members to pursue their collective effort to foster beliefs which they admittedly have the right to advocate, in that it may induce members to withdraw from the Association and dissuade others from joining it because of fear of exposure of their beliefs shown through their associations and of the consequences of this exposure.” NAACP at 462-63.
Whether handwritten on lined paper or stored electronically in a computer system, membership data is constitutionally protected from mandatory disclosure.
Individuals who join forces with others can sleep comfortably knowing they have a constitutional right to privacy that minimizes the risk of reprisal flowing from group membership. Any peaceful religious, social or political organization with a sensitive or unpopular mission can promise meaningful confidentiality and anonymity to members.