EFF and Sony BMG Reach Preliminary Settlement over Flawed DRM

Deeplink by Cindy Cohn

"The proposed settlement will provide significant benefits for consumers who bought the flawed CDs," said EFF Legal Director Cindy Cohn. "Under the terms, those consumers will get what they thought they were buying--music that will play on their computers without restriction or security risk. EFF is continuing discussions with Sony BMG, however, and believes that there is more they can do to protect music lovers in the future."

"Sony agreed to stop production of these flawed and ineffective DRM technologies," noted EFF Staff Attorney Kurt Opsahl. "We hope that other record labels will learn from Sony's hard experience and focus more on the carrot of quality music and less on the stick of copy protection."

[Read the entire post]

With Nowhere Left to Hide, Diebold Pulls Out of North Carolina

Deeplink by Matt Zimmerman

Following a flurry of litigation that found EFF fighting both alongside and against the state Board of Elections, Diebold on Thursday withdrew from the North Carolina procurement process, ceding the state's voting machine business to rival ES&S.

In November, Diebold filed suit against the North Carolina Board of Elections in an effort to be exempted from a state requirement that vendors place into escrow (among other things) all source code "that is relevant to functionality, setup, configuration, and operation of the voting system." The code would be available to the Board of Elections and the chairs of the state political parties for review so that they could look for security vulnerabilities, to the extent they wanted to make such an effort. Diebold argued to the Superior Court that it simply couldn't meet that requirement, at least in part because they relied so extensively on third party software for critical system functions. EFF intervened in the case on behalf of local voter integrity advocate Joyce McCloy and succeeded in convincing the judge to dismiss the case, leaving Diebold on the hook for criminal and civil penalties if they failed to comply.

Undaunted, and despite Diebold's admission that it could not meet these requirements, the Board of Elections agreed three days later to certify Diebold.

EFF filed suit against the Board of Elections the next week, arguing that the Board had violated its own obligations to perform extensive security-related tests of all of the code on all certified systems prior to certification. The Board of Elections argued that even though the statute refers to a mandatory pre-certification review of "all" source code, third party software should for some reason be exempted from this process. The court, faced with conceding that the Board of Elections had bungled their certification obligations from the start of the process, denied EFF's motion. But for Diebold, the damage was already done.

[Read the entire post]

Congress (Finally) Agrees on PATRIOT Extension Deal

Deeplink by Kevin Bankston

The suspense is over. After a weeks-long game of brinksmanship, the Senate and House have agreed to extend the sunsetting provisions of PATRIOT--which were scheduled to expire on December 31st--until February 3rd. The President plans on signing the bill.

We'd prefer that these PATRIOT provisions not be extended at all, but this is still a major victory for those who want Congress to add new checks and balances against abuse of the broad PATRIOT surveillance powers. The Administration and the DOJ, despite their best efforts, could not garner enough support for the sham "compromise" bill that would have renewed everything with mostly cosmetic reforms. As Senator Feingold said in a statement this evening, right before the Senate vote: "No one should make the mistake of thinking that a shorter extension will make it possible to jam the unacceptable conference report through the Congress. That bill is dead and cannot be revived."

[Permalink]

Take Action: Demand that Congress Investigate the Bush Administration's Illegal Wiretapping

Deeplink by Kevin Bankston

Last week, the New York Times reported that President Bush personally authorized the National Security Agency (NSA) to wiretap the international phone and email communications of people within the U.S., all without getting search warrants. We've gotten several inquiries from people wondering what EFF thinks about it, and whether we plan on suing anyone.

The short answer is that we think the newly-revealed NSA wiretapping is completely illegal, violating both the Fourth Amendment and criminal statutes that prohibit unauthorized electronic surveillance. However, without a client who has actually been spied on as part of the NSA program, it is possible that neither we nor anyone else will be able to bring a civil lawsuit. There's still the possibility of a criminal prosecution, but the Attorney General has argued that the wiretapping is legal and clearly doesn't plan on pursuing a criminal investigation, and the White House has made clear that it intends to continue the wiretapping program. So what can be done?

The most important step now is to make sure that Congress holds full hearings on the matter and gets to the bottom of this illegal scheme to invade Americans' privacy. Such hearings may generate enough political pressure to force Attorney General Gonzales to appoint a special prosecutor, who would be authorized to conduct an independent investigation and bring criminal charges against those who violated the law. There's already some bipartisan support in Congress for hearings after the holiday recess, but we could use your help to ensure that those hearings actually happen. So visit our Action Center today to send a message to Congress showing your support for hearings and your opposition to illegal eavesdropping by the NSA.

After you've done that, pop on over to Bruce Schneier's blog. In addition to providing his own insights, he's been collecting links to all the best news reports and blogger commentary, along with links to relevant legal authorities. Also keep an eye on Deep Links, as we'll be blogging more on the NSA scandal after the holiday.

[Permalink]

House Votes to Extend PATRIOT one month (updated: five weeks)

Deeplink by Kevin Bankston

On the heels of the Senate's vote for a six-month PATRIOT extension, here's the latest from the Associated Press:

The House passed a one-month extension of the Patriot Act on Thursday and sent it to the Senate for final action as Congress scrambled to prevent expiration of anti-terror law enforcement provisions on Dec. 31.

Approval came on a voice vote in a nearly empty chamber, after Rep. James Sensenbrenner, R-Wis., chairman of the House Judiciary Committee, refused to agree to a six-month extension the Senate cleared several hours earlier....

It was not clear when the Senate would act on the one-month bill, but approval was possible by evening.

We'll let you know what the Senate ends up doing.

UPDATE: Turns out it was a five-week extension. Still waiting on Senate action.

[Permalink]

Six More Months to Fight PATRIOT?

Deeplink by Kevin Bankston

CNN is reporting breaking news that the Senate has ended its impasse over USA PATRIOT Act renewal. As we told you previously, pro-PATRIOT lawmakers have been unable to end a filibuster by senators demanding that new protections for civil liberties be added to the renewal bill. With the "sunsetting" provisions of PATRIOT set to expire on December 31st and the holiday recess fast approaching, the Administration and its supporters in the Senate have now chosen to cut a deal: the sunsetting provisions will be extended for another six months, allowing more time for debate on what reforms must be added to the PATRIOT Act before complete renewal. It's not yet clear how the House of Representatives will respond, but we think it's likely to accept the deal tomorrow (knock on wood).

EFF opposes PATRIOT renewal in any form, but this is still an encouraging development: it provides us an extra six months to push for new checks and balances and limit the damage done by the original PATRIOT. Given how the frightening new revelations of this administration's abuse of its surveillance powers are piling up, the momentum for change can only build in the new year.

UPDATE: The administration has admitted defeat. President Bush apparently won't veto the six-month renewal (or try using a veto threat to sway the House), even though in a Wednesday morning statement he accused the senators proposing the short extension of "inexcusable" obstructionism. The L.A. Times reports that in a written statement late Wednesday, Bush said that he appreciated the Senate's work "to keep the existing Patriot Act in law" but that "the work of Congress on the Patriot Act is not finished.... The act will expire next summer, but the terrorist threat to America will not expire on that schedule." Clearly, there's still unfinished work for us PATRIOT opponents as well--and we're looking forward to it.

[Permalink]

Bad Ruling on Cell Phone Tracking: What a Difference a G Makes

Deeplink by Kevin Bankston

Yesterday, Magistrate Judge Gorenstein of the federal court for the Southern District of New York issued an opinion permitting the government to use cell site data to track a cell phone's physical location, without the government having to obtain a search warrant based on probable cause.

Judge Gorenstein's flawed legal analysis is in sharp contrast to three other federal court opinions strongly rejecting the government's legal arguments, including a decision by Magistrate Judge Orenstein in the Eastern District of New York. While Judge Orenstein referred to the government's legal arguments variously as "unsupported," "misleading," and "contrived," and a Texas court called the convolutions of the government's theory "perverse" and likened its twists and turns to a "three-rail bank shot," Judge Gorenstein bought the government's arguments hook, line and sinker.

Unfortunately, this dangerous new opinion falls into a procedural black hole. Because the DOJ is the only party in these surveillance cases, there's no one left to appeal the decision. Meanwhile, the DOJ has refused to appeal all three times it has lost, despite emphatic requests by the Texas and Eastern District magistrates. The result is that other magistrates across the country won't get clear guidance from the appeals courts on this issue.

That's why EFF will continue to follow this issue closely, and continue to urge other magistrates who face this question to follow the clear and convincing logic of the three courageous judges who stood up for civil liberties and said no to warrantless cell phone tracking.

P.S. The DOJ's practice of monitoring cell phone location without probable cause previously inspired us to ask: "What other new surveillance powers has the government been creating out of whole cloth and how long have they been getting away with it?" Recent revelations about President Bush authorizing warrantless wiretaps of Americans by the National Security Agency have given us the beginnings of an answer. Let's hope that's not just the tip of the surveillance iceberg.

[Permalink]

Don't Mess With Texas Part II

Deeplink by Kurt Opsahl

The Texas Attorney General announced today that Texas is expanding its lawsuit against Sony BMG to include the SunnComm MediaMax CDs, which are also part of EFF's lawsuit against Sony BMG. The Texas AG's press release explained:

The Attorney General alleges the company's "MediaMax" technology for copy protection violates the state's spyware and deceptive trade practices laws in that consumers who use these CDs are offered a license agreement, but even if consumers reject that agreement, files are secretly installed on their computers that pose additional security risks to those systems.

In addition, today the Texas AG sent a letter to retailers, warning them against continuing to sell Sony BMG's CDs with the XCP technology. This comes on top of the Illinois Attorney General's Consumer Alert about XCP and MediaMax CDs released last week.

[Permalink]

Summary of Claims Against Sony-BMG

Deeplink by Fred von Lohmann

My most recent column at Law.com, "Sony-BMG's Copy-Protection Quagmire", describes the various legal theories that have been brought against Sony-BMG over the CD copy-protection debacle. The quick summary: more than a dozen class action suits filed around the country, based on a mix of state anti-spyware statutes, the federal Computer Fraud and Abuse Act, common law trespass to chattels claims, and state law consumer protection and deceptive advertisting statutes.

Complete text of the article after the jump.

[Read the entire post]

A Lump of Coal for Consumers: Analog Hole Bill Introduced

Deeplink by Danny O'Brien

While the Senate was standing up for civil liberties, the House was handing out a Christmas gift to Hollywood. For digital consumers and innovators, however, it looks to be a nasty stocking-filler.

Representatives Sensenbrenner and Conyers have introduced H.R. 4569, the "Digital Transition Content Security Act of 2005," a.k.a. the return of the MPAA's "Plugging the Analog Hole" scheme, which is itself just a variant on the dreaded "Hollings Bill" introduced back in 2002.

The new bill is a rehash of the one we first mentioned on Halloween. It would impose strict legal controls on any video analog to digital (A/D) convertors "manufacture[d], imported or otherwise traffic[ed]" in the United States.

Digitizers and digital media devices that won't jump through the specified outrageous regulatory hoops - automatically deleting protected analog content after ninety minutes; outputting only "down-rezzed" images, and satisfying "robustness criteria" that weld the hood shut against user modification and open source developers - are expected to simply turn off and refuse to convert watermark-protected analog video.

And how is this analog video protected? Using an old broadcast-flag like technology called CGMS-A and a new watermarking system called VEIL.

Mandating the VEIL watermark on all video A/D devices is particularly remarkable, as VEIL has had no independent testing as a copy protection technology. In fact, VEIL's main use until now has been in a series of Warner-licensed Bat-Toys!

Yet, if H.R. 4569 becomes law, technology companies would be bound by law to support this Bat-Toy technology in their products. Anyone who creates a new device that cannot pass on the VEIL watermark, or somehow overrides it, is breaking the law. If he does it for "purposes of commercial advantage or private financial gain", he's a bona-fide criminal.

And if VEIL is so widely broken as to be deemed unusable (couldn't happen to a Bat-Toy technology, could it?), the U.S. government, in the form of the U.S. Patent and Trademark Office (PTO), will be expected to devise and enforce a new solution. So the Bat-Toy is only the nose under the technology mandates tent - if VEIL doesn't work out, government bureaucrats get to replace it with whatever strikes them as a good idea at the time.

The Analog Hole law is just the first of the MPAA/RIAA's Horror Triple Feature to be introduced into Congress. The others are the Broadcast Flag and technology mandate for digital radio. Perhaps they think that Congress will "compromise" by passing one of the three. Or perhaps they're hoping for a troika of victories in 2006 in their endless campaign against their own customers.

Whatever the MPAA's plan, however, your representatives need to understand that their constituents are not eager for a world of more DRM, more tech mandates, and less innovation. Write to them now.

[Permalink]