MPAA Asks Obama for More Copyright Surveillance of the Internet

Legislative Analysis by Tim Jones

As part of their commitment to transparent and open government, the Obama Transition Team is posting the lobbying agendas of the groups it meets with for public review and comment. One of the more interesting documents to be found there is the Motion Picture Association of America's "international trade" agenda.

Some of the MPAA's agenda is reasonable, such as cracking down on commercial optical disc piracy. But much of it, if adopted, would result in a substantially less free and safe internet, at little or no actual benefit to the artists and workers the MPAA claims to represent.

Of course, this may not be immediately clear when reading the document, since it's all couched in DC lobbyist-speak. Here, then, is a guide to understanding what's really being talked about.

First:

"Achieving inter-industry cooperation in the fight against online piracy, including through automated detection and removal of infringing content is imperative to curb the theft of online content...

This kind of automated-detection technology has long been a favorite fantasy of the MPAA and affiliates. They've pushed for it on US campuses, in US states, in US trade law [PDF], and in Europe, so it's hardly surprising to see them pushing for country-wide requirements at the federal level.

The MPAA's faith in "filtering" is pure magical thinking. It presupposes invading the privacy of innocents and pirates alike by monitoring every packet on the Internet (which is bad enough when the NSA does it). And it ignores the reality of strong encryption, which will utterly defeat network filtering techniques (thus necessitating more intrusive alternatives — how about a copyright surveillance rootkit on every PC?). Sacrificing our privacy for the pipe-dreams of one industry is a bad idea.

These reasons and more were outlined by EFF in a 2005 white paper, and again last January in a memo to European lawmakers [PDF].

Next up:

"MPAA views recent efforts by the Governments of France and the United Kingdom to protect content on-line and facilitate inter-industry cooperation as useful models.

Here, the MPAA is advocating for a number of things, the most problematic of which is a "three strikes" internet termination policy. This would require ISPs to terminate customers' internet accounts upon a rights-holder's repeat allegation of copyright ingfringement. This could be done potentially without any due process or judicial review. A three-strikes policy was recently adopted by the French Senate, and may become the law if adopted by the French National Assembly next year.

Because three-strikes policies do not guarantee due process or judicial oversight of whether the accusations of copyright infringement are valid, they effectively grant the content industry the ability to exile any individual they want from the internet. Lest we forget, there is a history of innocents getting caught up in these anti-piracy dragnets. (Copyfighter Cory Doctorow has wondered what would happen if the MPAA's erroneous notices were subject to a similar three-strikes law.)

Thankfully, members of the European Parliament vehemently rejected these measures, resolving that "The cut of Internet access is a disproportionate measure regarding the objectives. It is a sanction with powerful effects, which could have profound repercussions in a society where access to the Internet is an imperative right for social inclusion." Let's hope the US government's decisions on this are as wise.

EFF outlined these concerns and more in our September 2008 comments to the US Trade Representative [PDF].

And, finally:

"MPAA has identified the following countries for priority trade policy attention in 2009: Canada, China, India, Mexico, Russia and Spain.

Translation: Not satisfied with wrecking the internet for US citizens alone, the MPAA would like the US government to pressure foreign governments to adopt the same harmful measures. This is made explicit by a look at, for instance, the International Intellectual Property Association's 2008 one-sheets on Canada [PDF] and Spain [PDF]: The MPAA wants these governments to institute mandatory internet filtering and three-strikes laws. Canada is being singled out by the MPAA because of its sensible rejection of the Canadian version of the US's deeply flawed Digital Millenium Copyright Act. In Spain, the MPAA is frustrated with rulings in 2006 that failed to punish Spanish citizens sufficiently harshly for file-sharing.

This week in the San Jose Mercury News, Ed Black, CEO of the Computer & Communications Industry Association, described how adoption of the MPAA's international trade demands would deeply set back US innovation and foreign policy.

---

How the Obama administration will react to these demands remains to be seen. The adoption of a Creative Commons license for Change.gov content indicates that there just might at long last be a seat at the table in the White House for smart thinking on copyright issues. Hopefully the Obama Administration will prove strong enough to stand up to the MPAA's lobbying, and instead institute positive reforms of US copyright law.

If you'd like to share your thoughts on this matter with the Obama Transition Team, the MPAA's agenda is open to public review and comment on Change.gov.

Updated Dec 15: The original post mistakenly indicated that France's three-strikes law had already gone into effect.

[Permalink]

global minilinks for 2008-12-02

miniLinks by Danny O'Brien

• Citizen Safeguards Struck Out in EU Council
  La Quadrature Du Net analyse the latest moves in Europe's telecoms package - still a mixed bag for protecting rights online.
• Inside Italy's Net Filters
  An overview of the "P-Box" - the bespoke Debian install intended to filter content at Italian ISPs.
• Google's Gatekeepers
  The New York Times investigates who decides when Google is told to block content.
• Internet Users to Expect "Remote Searches" from EU Police?
  The EU's five year cybercrime plan include proposals for government-permitted trojan software and "joint investigation teams" (rightsholders and police working together).
• Nokia Wants Law to Allow Snooping on Finnish Employees
  After lobbying by the phone giant, Finland considers allowing businesses to examine the email logs of workers suspected of leaking secrets.
• Michael Geist - Why Copyright?
  Canadian thinkers, artists and businesspeople speak out on copyright in this film by Michael Geist and Daniel Albahary.
• Studying Chinese Blog Censorship
  Rebecca Mackinnon takes a closer look at what goes on when private companies aid in domestic censorship.
• Anger at Indonesian Tagging Plan
  Country plans to plant RFIDs in "sexually aggressive" HIV positive citizens.
• Obama and IP
  Senior Phillippines IP Attorney hopes Obama will bring change to the international intellectual property policies of the United States.
• Four Google Officials Face Italian Trial for Third-Party Video
  Video upload prompts unknown charges against the employees of the company hosting it.

[Permalink]

global minilinks for 2008-11-06

miniLinks by Danny O'Brien

• French Senate Votes for Three Strikes
  The bill still has to pass the National Assembly, however — and faces a clash with developing European law.
• No Clean Feed - Stop Internet Censorship in Australia
  The battle against the Australian goverment's plans to install compulsory filters on all Internet traffic grows in strength. Electronic Frontiers Australia offers action items for worried Aussie Net users.
• Circumvention in New Zealand
  Content Agenda summarizes what's been happening in NZ copyright law.
• Join the Public Domain Calculators
  The Open Knowledge Foundation is working on a system to determine whether works are in the public domain in your country or not. Join volunteers in Argentina, Belgium, Canada, Chile, Italy, Norway, Philippines, Sweden, Switzerland, United Kingdom, United States and add your country to the calculator.
• Internet and Freedom in Egypt
  Egyptian bloggers talk about how the Net and free speech fare in Turkey.
• UK Net Users Wrongly Accused of File-sharing Infringements
  British games companies are sending threatening letters to Internet users who have never touched a computer game.
• Linking Alone is Not Defamation in Canada, Court Declares
  The British Columbia Supreme Court asserts that websites linking to a document are not "publishing" the document for purposes of libel law. One of the defendants, p2pnet, comments.

[Permalink]

Human Rights and Internet Companies: Google, Yahoo and Microsoft Agree to Principles

Announcement by Danny O'Brien

For almost two years, EFF has been a participant in negotiations between human rights groups, investors, academics and Internet companies -- including Yahoo!, Google, and Microsoft -- aimed at improving how those businesses deal with free expression and privacy issues around the world.

Today, the results of that discussion have been announced. The Global Network Initiative is a set of principles on free expression and privacy that the companies have agreed to follow in all countries they do business within, together with a set of implementation guidelines and a skeleton for an independent watchdog body that will monitor companies for compliance with these principles.

Before now, Internet companies' first reaction to revelations of complicity in human rights abuses has been to deny that they can do anything at all. When Yahoo's involvement in the Shi Tao case in China was first revealed in 2005, Yahoo stated that it was obligated to "operate within the laws, regulations and customs" of countries.

The Global Network Initiative demonstrates that there is far more that companies can and will commit to do. They can train their employees to recognize requests that may violate international agreements. They can structure ways to evaluate requests and challenge them in the local courts. They can ensure that board-level executives are kept aware of potential human rights issues, and can acknowledge their responsibilities. They can build human rights requirements into contracts they sign with third-parties. They can, as they have done in this initiative, consult with their competitors, civil liberties experts, socially-conscious investment funds and academics to learn and improve how they behave in situations that might threaten the rights of users. The Initiative is a significant indication of the importance of accountability for better human rights practices online.

It's not a perfect set of documents. EFF continues to work in the Initiative, but we do have concerns with the limits of this initial agreement:

• There is no obligation to inform Internet users of the storage location of personal data, and from where it is accessible.
• There is no commitment to inform users when they hand over their information to agents of government and law enforcement.
• There is no binding requirement to develop privacy and anti-censorship technologies and include them in new products.
• GNI assessors are selected by the companies themselves from a list of neutral groups, and do not have untrammeled access to all relevant company documents.

When it comes to addressing their involvement in worldwide human rights abuses, the first step for Internet companies had been admitting that there is a problem. With the Global Network Initiative, Microsoft, Yahoo, and Google have gone further, and begun to embed human rights assessments into their own company structure. We hope many other companies will join them.

[Permalink]

global minilinks for 2008-10-11

miniLinks by Danny O'Brien

• A Contentious Meeting with New Zealand's Copyright Minister
  Colin Jackson hits a brick wall when he and others talk to New Zealand ministers about the new copyright act.
• Former Pink Floyd Manager: End the P2P Lawsuits
  Peter Jenner continues to advocate for collective licensing, this time in Berlin.
• EuroISPA on the Recent "Three Strikes" EU Battle
  The ISP association attempts to unpick what Sarkozy thinks he's doing in the EU.
• The Third COMMUNIA Workshop in Amsterdam, Oct 20-21
  European workshop on fair dealing, fair use and its global equivalents.
• Ad-Powered Surveillance: Okay For Citizens, Too Prying for Parliament?
  Is the UK's House of Commons blocking Phorm's prying eyes?
• Malaysian Blogger Goes On Trial
  A "frail" Raja Petra is charged with sedition.
• Hong Kong Consults on Internet Filtering
  The Chinese administrative region is considering blocking sites under the country's obscenity laws.
• Key US Senators Warn Bush Administration On ACTA
  The Judiciary committee is displeased with the secrecy on the anti-counterfeiting trade agreement, especially on liability for internet intermediaries (like ISPs).
• When Wikipedia Met The Great Firewall
  Jimmy Wales meets with China's censorship body.
• Echo in the Dark
  The New Yorker looks at censorship in Russia.
• Does Web Censorship Affect International Trade?
  Nart Villeneuve sees if the Great Firewall of China messes with connections to Western commerce websites.
• Australian Councils use Google to Monitor Citizens
  Using Google Earth and Google Maps to look for planning violations.

[Permalink]

Freedom Not Fear 2008

Call To Action by Danny O'Brien

Freedom Not Fear is the world's ongoing demonstration against the encroachment of civil liberties by anti-terrorist laws -- particularly in the online world. This year the protests take place this Saturday, October 11th in nearly thirty countries, including the very first events in the Americas.

The origin of the campaign comes from Europeans' anger at the EU's 2006 data retention directive, a pan-European law that requires ISPs to log email and web traffic data for a minimum of six months, and often more. Terabytes of personal data on millions of innocent Europeans are now being collated, paid for by customers and taxpayers, and open for access by any criminal or civil investigation, no matter how trivial.

Freedom Not Fear has since evolved into a more general warning: showing how fundamental freedoms like privacy, freedom of expression, and democratic participation lose when reactionary surveillance systems penetrate our open networks, justified by a hyperbolic rhetoric of fear.

The range of groups and countries that have joined Freedom Not Fear has shown that just how wide the offensive front against your privacy has become, and how many are keen to join the defence. This Sunday, Freedom Not Fear events will take place in 22 European cities, as well as (thanks to the Electronic Privacy Information Center, IP Justice, EFF and others), in Washington, D.C. In South America, protests are planned in Buenos Aires, Argentina, and Manta in Ecuador, and other countries are preparing to join.

For those countries without substantial privacy legislation, this year's Freedom Not Fear demonstrations are calling for the adoption of Data Protection laws in their countries. Strong privacy laws should finally affirm freedoms guaranteed by the fundamental rights of privacy in the International Covenant on Civil and Political Rights, the Universal Declaration of Human Rights, and in many other international and regional human rights treaties.

If you'd like to join the demonstrations in your own country, reach out to your national contact listed here, and add the banner to your own web page.

[Permalink]

Chinese Skype Client Hands Confidential Communications to Eavesdroppers

News Update by Danny O'Brien

This Wednesday, Information Warfare Monitor published damning evidence showing that TOM-Skype, the version of the voice and chat program distributed in China not only blocks keywords from chat conversations, but also spies on and remotely reports the contents of Skype users' private text conversations. This directly contradicts Skype's previous assurances that "full end-to-end security is preserved and there is no compromise of people’s privacy", even on the customized Chinese client.

This special breached version of Skype, distributed by the Chinese portal company TOM Online, has long been known to block certain contentious phrases from instant message conversations. IWM's Nart Villeneuve's research shows that when these keywords are mentioned in conversations, the client software also sends an encrypted message to one of eight remote servers hosted in China.

Due to poor security on these servers, Villeneuve was able to uncover what was being sent: extensive logs on user activity, including archives of more than 166,000 censored messages from 44,000 users.

The TOM-Skype client was introduced as part of a business deal between Skype's parent company, eBay, and the Chinese Internet company. Skype has denied involvement in TOM's additions to their core client software, but it was well aware that TOM had introduced censorship features into the Chinese Skype client. At that time it asserted that its users' privacy was nonetheless secure. We now know that Skype is in no position to make that assurance.

This breach is not an isolated Chinese problem. All Skype users are affected; conversations will be monitored even if only one side of a coversation is using the Chinese client. As of June 2007, there were 42 million registered users of TOM's compromised client, increasing at a rate of 70,000 new users per day. Anyone communicating with those millions will find their communications monitored and potentially reported to an unknown third-party - even if they are not using the TOM client themselves.

What can Skype do? While it might disclaim responsibility, arguing that this political spyware was not directly written by its own coders, the company is directly implicated by its close relationship with TOM. When Chinese visitors go to the Skype homepage, they are redirected to a page offering a download of TOM's compromised client version. TOM's Skype page in turn indicates that TOM's version is an authorized Skype product for Chinese users. Skype does not warn its visitors of the differences between the non-Chinese client and TOM's client, and has made no effort to pro-actively monitor what differences there are, or convey the implications of those differences to users.

Villeneuve spent many hours decoding the extra packets to understand what was going on: Skype's own engineers could surely have spotted this behavior in seconds. Instead, an eBay spokesman said that the software's behaviour was "changed without [its] knowledge or consent and [it is] extremely concerned."

At a minimum, eBay can show its commitment to "the security and privacy of [its ] users" by terminating its relationship with TOM and withdrawing TOM's permission to use eBay trademarks. It should no longer redirect to TOM, instead presenting an eBay-developed Chinese-localized version of Skype. It should also prominently warn its own users of the dangers of talking to those using the compromised client. It should attempt to obtain binding assurances from TOM that all copies of the logged data have been destroyed, and should advise all affected users whether this has taken place.

In the meantime, if you want to chat securely, consider using Off the Record Messaging (OTR) on another instant messaging network. OTR is a publicly audited security protocol that does not depend on a third-party. It can run on a number of different instant messaging networks, and is implemented by a range of software products on MacOS, Windows, and Linux. For more peace of mind, use OT in conjunction with open source products like Pidgin, Miranda or Adium. The code of open source software is available for examination by anyone, which minimizes the possibility of a government trojan being inserted into the final downloadable version. OTR will not prevent governments from monitoring the destination of instant messages, but it will protect the contents of your messages.

(Villeneuve also found logs containing information about user's Skype voice calls, including times and destination usernames and numbers. There is no indication that the contents of Skype voice calls themselves were recorded or transmitted. Because Skype's audio encryption protocol remains secret, however, we only have eBay's assurances on its invulnerability to external surveillance. From now on, users may have less reason to trust the company's word on matters of privacy or security without external confirmation.)

[Permalink]

global minilinks for 2008-09-23

miniLinks by Danny O'Brien

• South Korean Government Seeks to End Anonymity, Allow Arbitrary Content Takedown
  All forum and chat room users will be required to make verifiable registrations using their real names; Web sites can be taken down for 30 days if they receive complaints of fraud or slander.
• Confidential Data on Millions of Norwegians Sent to Media
  CD containing all Norway's tax records (which are public) also included ID numbers (which are not).
• France Scales Back Big Brother Database, But Protests Continue
  The "Evige File" will not contain every French citizen active in politics, just those who "pose a security risk."
• ...Has It Killed Three Strikes Too?
  No sign of the Olivennes proposal on the French Senate schedule; rumor is that the Edvige protests have delayed it indefinitely (Google translation).
• British Police Decline to Investigate Phorm
  Says there was no "criminal intent" in unauthorised scanning of British Telecom subscribers' web traffic.
• Is the ITU Undermining Internet Anonymity?
  Declan McCullough reports on a proposal to more directly track the source of IP traffic, edited by, among others, Cisco, a Chinese ministry, and the NSA.
• Turkey bans biologist Richard Dawkins' Website
  Due to "defamatory" review of Turkish creationist book.
• Tech Companies: Why Doesn't US Champion Fair Use Abroad?
  CCIA points out that US trade negotiators are happy to include strong copyright requirements in trade agreements, but never include fair trade or liability protection for intermediaries.

[Permalink]

Secret Counterfeiting Treaty Must be Made Public

News Update by Rebecca Jeschke

EFF and more than 100 public interest organizations from around the world are calling for answers about the Anti-Counterfeiting Trade Agreement (ACTA) today.

Based on leaked documents and industry comments about ACTA, we believe the treaty could require Internet service providers to monitor all consumers' Internet communications, interfere with fair use of copyrighted materials, and criminalize peer-to-peer electronic file sharing. However, the full text of the treaty and other relevant documents remain secret. That's why the coalition today is demanding the immediate release of the ACTA draft.

Time is running out: ACTA proponents want this secret treaty signed before the end of the year. Contact your senator now and urge them to make this process public.

[Permalink]

global minilinks for 2008-09-11

miniLinks by Danny O'Brien

• Bloggers Less Well-Defended than Press in Morocco
  The arrest and two-year sentence of Mohammed Raji marks the first time anyone has been punished for a blog post in Morocco.
• EDVIGE and the Angry French
  Opposition to a massive new "Big Sister" database has been boosted by a member of President Sarkozy's own cabinet.
• Brussels Says Blogs Scuppered Lisbon Treaty
  A secret European Commission report has come out strongly against the "anti-establishment activity" of blogging as part of an analysis of the internet and "its implications for public opinion about the EU".
• Google Says EU Data Laws do not Apply
  Even though Google has data servers in the EU, it is too American a company to have to obey data privacy laws, it claims.
• The End of "the American Internet" and the Future of Content Controls
  Will traffic moving through more countries affect free speech online?
• Xavier Niel, France's ISP Billionaire, Hates the Olivennes Law
  "Will filter everything and listen to all" (Google Translation)
• Feminist Bloggers in Iran Sentenced to Six Months in Jail
  Reporters Without Borders writes on the cases of Parvin Ardalan, Jelveh Javaheri, Maryam Hosseinkhah and Nahid Keshavarz.

[Permalink]