EFF: EFFector Vol. 20, No. 12, March 21, 2007

EFFector Vol. 20, No. 12 March 21, 2007 editor@eff.org

A Publication of the Electronic Frontier Foundation
ISSN 1062-9424

In the 418th Issue of EFFector:

Action Alert - Tell Congress to Update the Freedom of Information Act!
DMCA Abuser Apologizes for Takedown Campaign
"Free Speech Ain't Free" Benefit in San Francisco on Thursday, March 22
EFF's Pioneer Awards and More at ETech Next Week
Google's New Plan to "Anonymize" Search Logs: A Good First Step, But More Is Needed
RIAA to Universities: Help Us Threaten Your Students
PATRIOT Act Apologist Site Didn't Get the Memo
GoDaddy, Get a Backbone and Protect Your Users' Rights!
Students Coders: Get Paid to Improve Tor and Protect Privacy Online!
At ShmooCon? Play the Hacker Arcade and Donate to EFF
miniLinks (11): Deutsche Telecom Ditches DRM
Administrivia

For more information on EFF activities & alerts:
http://www.eff.org/

Make a donation and become an EFF member today!
http://eff.org/support/

Tell a friend about EFF:
http://action.eff.org/site/Ecard?ecard_id=1061

effector: n, Computer Sci. A device for producing a desired
change.

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Action Alert - Tell Congress to Update the Freedom of
Information Act!

The Freedom of Information Act (FOIA) helps protect the
public's right to know, and new legislation would provide
some much-needed updates to this crucial law. One open
government bill has already passed the House -- make sure a
similar one passes in the Senate:
http://action.eff.org/site/Advocacy?id=285

H.R. 1309 and S. 849 give federal agencies, like the FBI
and the FCC, greater incentive to follow the law and make
it easier for all FOIA requesters to access government
documents. Among other reforms, the bills will help
government watchdogs keep track of FOIA requests they've
sent and ensure that more journalist requesters get
preferred treatment under the law. The bills will also
penalize agencies that don't respond to requests within the
time limits set by the FOIA.

Revelations about the secret NSA spying program, the FBI's
misuse of a key PATRIOT Act power, and other privacy-
invasive initiatives clearly demonstrate the importance of
government transparency. EFF's FOIA Litigation for
Accountable Government (FLAG) project relies on FOIA to
expose the government's expanding use of new technologies
that invade Americans' privacy, and these bills would
greatly help in our and other organizations' efforts to
protect your rights.

Take action now:
http://action.eff.org/site/Advocacy?id=285

Line Noise, EFF's occasional podcast, is back with a new
edition featuring David Sobel, EFF Senior Attorney and
director of our FLAG project. He talks about uncovering the
secrets behind National Security Letters, government data
mining, and exactly how big the FBI's file on the CIA is.
You can find download and RSS links here:
http://www.eff.org/deeplinks/archives/005166.php

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* DMCA Abuser Apologizes for Takedown Campaign

Michael Crook Agrees to Stop Attacks on Free Speech

San Francisco - Michael Crook, the man behind a string of
meritless online copyright complaints, has agreed to
withdraw those complaints, take a copyright law course, and
apologize for interfering with the free speech rights of
his targets.

The agreement settles a lawsuit against Crook filed by the
Electronic Frontier Foundation (EFF) on behalf of Jeff
Diehl, the editor of the Internet magazine 10 Zen Monkeys.
Diehl was forced to modify an article posted about Crook's
behavior in a fake sex-ad scheme after Crook sent baseless
Digital Millennium Copyright Act (DMCA) takedown notices,
claiming to be the copyright holder of an image used in the
story. In fact, the image was from a Fox News program and
legally used as part of commentary on Crook. But Crook
repeated his claims and then attempted to use the same
process to get the image removed from other websites
reporting on his takedown campaign.

"Crook's legal threats interfered with legitimate debate
about his controversial online behavior," said EFF Staff
Attorney Jason Schultz. "Public figures must not be allowed
to use bogus copyright claims to squelch speech."

In addition to withdrawing current complaints against Diehl
and every other target of his takedown campaign and taking
a copyright law course, Crook has also agreed to limit any
future DMCA notices to works authored or photographed by
himself or his wife, or where the copyright was
specifically assigned to him. All future notices must also
include a link to EFF information on his case, as well as
the settlement agreement. Crook has also recorded a video
statement to apologize and publicize the dangers of abusing
copyright law.

"We're pleased that Crook has taken responsibility for his
egregious behavior," said EFF Staff Attorney Corynne
McSherry. "Hopefully, this will set a precedent to prevent
future abuse of the law by those who dislike online news-
reporting and criticism."

The settlement with Michael Crook is part of EFF's ongoing
campaign to protect online free speech from the chilling
effects of bogus intellectual property claims. EFF recently
filed suit against the man who claims to have created the
popular line dance "The Electric Slide" for misusing
copyright law to remove an online documentary video that
included footage of people trying to do the dance.

For the video statement from Michael Crook:
http://blip.tv/file/169553

For more on Diehl v. Crook:
http://www.eff.org/legal/cases/diehl_v_crook

For this press release:
http://www.eff.org/news/archives/2007_03.php#005161

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* "Free Speech Ain't Free" Benefit in San Francisco on
Thursday, March 22

If you're in the Bay Area, celebrate your free speech
rights and support EFF on Thursday, March 22, at "Free
Speech Ain't Free." The event is being thrown at Club Six
by 10ZenMonkeys.com, EFF's client in the now-settled suit
against Michael Crook. More details here:
http://upcoming.org/event/149726/

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* EFF's Pioneer Awards and More at ETech Next Week

Heading to San Diego for the O'Reilly Emerging Technology
Conference (ETech) next week? Then join EFF in honoring
Yochai Benkler, Cory Doctorow, and Bruce Schneier at the
16th annual Pioneer Awards. The fundraiser will also
feature HDNet Chairman and Dallas Mavericks owner Mark
Cuban and EFF's own Fred von Lohmann squaring off over
copyright, YouTube, and the future of Web 2.0.

Awarded every year since 1991, the Pioneer Awards recognize
leaders who are extending freedom and innovation on the
electronic frontier.

This year, the Pioneer Awards ceremony will be held in
conjunction with ETech at San Diego's Manchester Grand
Hyatt on Tuesday March 27th, 2007. The event begins at 7:30
p.m.

Tickets to the Pioneer Awards ceremony and Mark Cuban's
keynote address are $35. You can buy your ticket in advance
at:
http://secure.eff.org/pioneerfundraiser

For more information about the 2007 Pioneer Awards:
http://www.eff.org/awards/pioneer

The 2007 Pioneer Awards ceremony is sponsored by:

Gold sponsor Sling Media:
http://www.slingmedia.org

Silver sponsor: Three Rings
http://www.threerings.com

Bronze sponsors: Six Apart, JibJab, MOG, Stamen Design.

That's not all EFF will be up to at ETech. Come to our
Birds of a Feather session, "Is That Even Legal? Tap the
EFF," Monday, March 26, from 9:15 p.m. until 10:15 p.m. in
room Douglas A. EFF lawyers and activists will be on hand
to chat and take your questions about the law's impact on
emerging technologies:
http://conferences.oreillynet.com/cs/et2007/view/e_sess/13555

EFF will also have a booth in the exhibit hall -- stop by
to chat and grab some schwag!

Exhibit Hall Hours:

Tuesday, March 27, 2007
10:15AM - 11:30AM
12:30PM - 2:15PM
3:30PM - 4:30PM
6:00PM - 7:30PM (Sponsor Reception)

Wednesday, March 28, 2007
10:15AM - 11:30AM
12:30PM - 2:15PM
3:30PM - 4:30PM

About ETech and O'Reilly Media

For the past five years, the O'Reilly Emerging Technology
Conference has found new networked innovations before they
hit the mainstream. ETech balances pie-in-the-sky
theorizing with practical, real-world information and
conversation. O'Reilly Media spreads the knowledge of
innovators through its books, online services, magazines,
and conferences. Since 1978, O'Reilly has been a chronicler
and catalyst of leading-edge development, homing in on the
technology trends that really matter.

For more about ETech:
http://conferences.oreillynet.com/

For more information about O'Reilly:
http://www.oreilly.com

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Google's New Plan to "Anonymize" Search Logs: A Good
First Step, But More Is Needed

After years of criticism from EFF and other privacy
advocates, last week Google announced a new policy on how
it handles logs of its users' searches: after 18-24 months,
it will delete key information in its server logs that
could be used to link particular users to records of their
search queries.

This is a big change from Google's previous policy, which
was essentially to keep all of those logs forever in
identifiable form, and we're certainly glad to see that
Google is starting to limit its retention of such sensitive
data. Your Google search history can paint an intimate
portrait of your most private interests and concerns.
Particularly in light of the disastrous AOL search terms
disclosure, recent scandals involving government
surveillance, and Google's own recent court fight with the
government over a subpoena for search records, it seems
that Google has finally realized that limiting the
retention of such records is essential to protecting your
privacy.

Hopefully, Google's change in policy will spur other online
service providers to consider how they can minimize the
amount of personal data that they store, and perhaps even
prompt competition between service providers to offer the
most privacy-protective services. However, we hope that
this new announcement is only Google's first step in
changing its privacy practices, because additional changes
would better protect user privacy and set an even better
example for the industry:

* Google should shorten the retention period for
identifiable logs to six months at the outside, and ideally
to only thirty days (which is AOL's retention limit for
similar logs). Barring this, it should at least justify why
it needs such records for up to two years, beyond offering
one-sentence platitudes about how such records are used to
improve Google's service.
* Google should also shorten the retention of the
"anonymized" logs, which Google apparently still intends to
keep forever. As Google itself admits, the new policy
changes still don't guarantee users' anonymity, and holding
onto those records indefinitely still poses a serious
privacy threat.
* Therefore, Google should consider more robust
anonymization techniques, up to and including scrubbing
entire IP addresses rather than just the last quarter or
"octet" of such addresses.
* Finally, Google should expand its new anonymization
policy to include the search records of users with Google
Account log-ins, and to records generated by their myriad
other services, rather than limiting the policy change to
regular search logs.

Beyond making these additional policy changes, there's one
more thing that Google should be doing--something we think
it actually has a duty to do as a good corporate citizen
and as a preeminent Internet powerhouse--and that is using
its considerable political clout to fight for better
Internet privacy laws on Capitol Hill. Right now, there are
significant questions as to whether or how Internet search
logs are protected by existing federal privacy laws, and
Google owes it to its customers to publicly advocate for
updating those laws for the 21st century.

For this post and related links:
http://www.eff.org/deeplinks/archives/005162.php

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* RIAA to Universities: Help Us Threaten Your Students

Not content with wasting universities' resources via their
usual tactics -- i.e., flooding them with machine-generated
complaints about file sharing -- the major record labels
are now demanding that universities help them shake down
students.

The RIAA has asked universities and colleges to forward
"pre-lawsuit" letters to alleged filesharers that promise a
"discounted" settlement price if the student agrees to pay
up immediately. Forwarding the letters saves the RIAA the
trouble and expense of filing a lawsuit to obtain students'
contact information -- a savings that may be redirected to
more lawsuits.

To add insult to injury, the letters advise students to
contact the RIAA if they have any questions. It's safe to
say that the RIAA is unlikely to give students the full
picture. For example, will the RIAA tell students that
parents are generally not liable for infringements
committed by their kids, or that the record labels
sometimes sue the wrong people? Probably not.

We think students should seek out less biased sources of
information -- and their institutions should assist in that
process. Toward that end, we've put together a short FAQ to
help students learn more about their options; we hope
colleges and universities that forward the RIAA's threat
letter will take the additional step of directing students
to this FAQ as well as other neutral information sources:
http://www.eff.org/IP/P2P/RIAA_v_ThePeople/college_faq.php

The University of Wisconsin is refusing to forward the pre-
litigation letters to its students. Says Brian Rust of UW's
IT department: "These settlement letters are an attempt to
short circuit the legal process to rely on universities to
be their legal agent." We couldn't have said it better
ourselves.

Of course, the RIAA should not be putting universities in
this perverse position in the first place. Let academic
institutions stick with their real mission -- educating
students, not helping to threaten them.

Take action now to help stop the lawsuit campaign:
http://www.eff.org/share/petition

For this post and related links:
http://www.eff.org/deeplinks/archives/005164.php

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* PATRIOT Act Apologist Site Didn't Get the Memo

The Department of Justice (DoJ) Inspector General's office
recently released a damning report documenting the FBI
abusing its powers under the PATRIOT Act and violating the
law to collect Americans' telephone, Internet, financial,
credit, and other personal records without judicial
approval.

It appears that not everyone at the DoJ got the memo. The
DoJ's Life and Liberty website, a site dedicated to
defending the honor of the PATRIOT Act during the re-
authorization process last spring, still reads as if
nothing has changed. Particularly in the light of the newly
revealed truth, many of the quotes now seem (at best)
naive.

Under the headline of "Examining the Facts," the DoJ
asserts that PATRIOT has a "four-year track record with no
verified civil liberties abuses." The site quotes an op-ed
by former House Judiciary Committee Chairman James
Sensenbrenner:

"Zero. That's the number of substantiated USA PATRIOT Act
civil liberties violations. Extensive congressional
oversight found no violations. Six reports by the Justice
Department's independent Inspector General, who is required
to solicit and investigate any allegations of abuse, found
no violations."

Wow, that sure sounds good. Unfortunately, the new report
reveals that it is simply not true: the inspector general
identifies dozens of instances in which extra-judicial
demands for personal information -- known as National
Security Letters -- may have violated laws and agency
regulations.

Read on for some more choice excerpts:
http://www.eff.org/deeplinks/archives/005163.php

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* GoDaddy, Get a Backbone and Protect Your Users' Rights!

A few weeks back, we wrote about how domain name registrar
GoDaddy took Seclists.org offline based merely on an
informal request and without providing any meaningful
notice to the site's operator. Unfortunately, this isn't
the only instance in which GoDaddy has carelessly ignored
its users' rights.

In February, EFF was contacted by an anonymous owner of a
parody and criticism website forum that allegedly exposes
the financial corruption and domestic scandal of a local
politician in Birmingham, Alabama. As part of a civil case
in family court, an attorney representing the politician's
girlfriend issued a subpoena to GoDaddy seeking the
identity of the website owner, who was not a party to the
lawsuit.

With the website owner's right to anonymous speech on the
line, what did GoDaddy do? It caved without any apparent
hesitation, providing its customer with a mere three days
to find a lawyer and decide whether to file a challenge.
GoDaddy also refused to provide a copy of the subpoena,
which included essential information to determine whether
and how to respond.

GoDaddy promises in its privacy policy to turn over
customers' information only if required by law, but its
lawyers didn't give this subpoena even a shred of scrutiny.
Had they done so, they could have seen it was clearly
invalid -- GoDaddy is located in Arizona and Alabama state
law doesn't permit a subpoena to be issued on someone out
of state. That was the ultimate conclusion of the state
judge who eventually quashed the subpoena, no thanks to
GoDaddy.

Even putting aside this aspect of GoDaddy's casual
disregard for its customer's interests, the company's
behavior is shameful. The First Amendment limits the
ability of litigants to pierce a speaker's anonymity,
particularly when that person isn't even being sued.
GoDaddy owes its customers meaningful notice, time, and
information so that they can fight back and protect their
rights.

With the help of lawyer Lewis Page, the anonymous website
operator did manage to move to quash before it was too
late. But GoDaddy's sloppy practices still put an unfair
burden on this user and continue to threaten all of its
customers' rights.

For what online service providers ought to do to protect
their users, check out our best practice guide:
http://www.eff.org/osp/

For this post and related links:
http://www.eff.org/deeplinks/archives/005168.php

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Students Coders: Get Paid to Improve Tor and Protect
Privacy Online!

Are you a student who knows how to write code or find
security holes? Want to get paid to spend a summer working
to defend anonymity online? Thanks to Google's Summer of
Code, the Tor Project, in collaboration with EFF, has
positions for several students as full-time developers for
the summer of 2007. Apply for your spot before March 24,
and help improve this anonymous Internet communication
tool! More details at:
http://wiki.noreply.org/noreply/TheOnionRouter/SummerOfCode

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* At ShmooCon? Play the Hacker Arcade and Donate to EFF

ShmooCon is an annual East Coast hacker convention, and if
you're heading there next week, check out the Hacker
Arcade. It's arcade games just you remember them: play
modded consoles, receive cryptographically secure tokens,
and obtain prizes. And all proceeds go to EFF.

For more details:
http://www.shmoocon.org/

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* miniLinks
The week's noteworthy news, compressed.

~ Deutsche Telecom Ditches DRM
Musicload, its European music download site says it is in
negotiations to develop alternatives to copy restrictions
because a whopping 75% of user complaints come from DRM!
http://www.heise.de/english/newsticker/news/86968

~ Lessig: "Make Way for Copyright Chaos"
Is the judiciary taking too central a role in copyright
law?
http://www.nytimes.com/2007/03/18/opinion/18lessig.html?ex=1331870400&en=51ab73d88d4bcf61&ei=5090&partner=rssuserland&emc=rss

~ The Case Against YouTube, by a Viacom Lawyer
"And, above all, copyright law can welcome only those with
pure motives," says a lawyer for the infamously pure
entertainment industry.
http://www.latimes.com/news/opinion/la-oe-lichtman20mar20,0,7632194.story

~ Is the Internet Killing the Piracy Business?
Physical pirates suffer challenges to their business model
from non-commercial infringers.
http://torrentfreak.com/p2p-file-sharing-ruins-physical-piracy-business/

~ FBI Had Phone Contracts With AT&T, Verizon and MCI
FBI paid the telcos to harvest phone records from American
citizens.
http://blog.wired.com/27bstroke6/2007/03/fbi_confirms_co.html

~ Europe's Broadcast Flag: Will it Get Government Support?
Ars Technica analyzes our report on copy controls in the
European digital video standards.
http://arstechnica.com/news.ars/post/20070314-dvb-broadcast-flag-will-require-government-support-but-may-not-get-it.html

~ Data Retention Begins its Feature Creep
UK plans to check stored phone records after accidents to
detect illegal cell phone use while driving.
http://www.tjmcintyre.com/2007/02/function-creep-in-action-mobiles-may_27.html#comments

~ Asus Puts the "Analog Hole" to Good Use
Its new sound-card will play PC sound internally, and re-
record it instantaneously.
http://blog.wired.com/gadgets/2007/03/cebit_2007_asus.html

~ Sony Exec: DRM Should Be "Invisible"
Like the rootkit was invisible to its unsuspecting hosts?
http://rcrnews.com/apps/pbcs.dll/article?AID=/20070314/FREE/70314009/1007

~ The Smart Card Alliance Thinks Privacy Is Bunk
"Privacy concerns are all perception and hype and no
substance," says spokesman in response to REAL ID worries.
Nice to see industry taking the problems so seriously.
http://www.techliberation.com/archives/042151.php

~ Consumer Electronics Association: DRM Is Not the Answer
to Piracy
The CEA's Gary Shapiro tells SXSW that "innovation is a
tide that raises all boats."
http://www.statesman.com/opinion/content/editorial/stories/03/15/16othertakes_edit.html

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Administrivia

EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
http://www.eff.org/

Editor:
Derek Slater, Activism Coordinator
derek@eff.org

Membership & donation queries:
membership@eff.org

General EFF, legal, policy, or online resources queries:
information@eff.org

Reproduction of this publication in electronic media is
encouraged. Signed articles do not necessarily represent
the views of EFF. To reproduce signed articles
individually, please contact the authors for their express
permission.
Press releases and EFF announcements & articles may be
reproduced individually at will.

Current and back issues of EFFector are available via the
Web at:
http://www.eff.org/effector/

This newsletter is printed on 100% recycled electrons.

Archives: