digital rights, online privacy and the law

During a hearing to review the Foreign Surveillance Intelligence Act, Congress was told by intelligence official Donald Kerr that, “…it is time people in the United States changed their definition of privacy. Privacy no longer can mean anonymity, says Donald Kerr, the principal deputy director of national intelligence. Instead, it should mean that government and businesses properly safeguards people’s private communications and financial information.” Right, because we all know what a great job businesses are doing keeping our data safe! It is unacceptable for an official to declare that our rights need to be usurped and then have us rely on businesses to keep our records safe; they’ve been failing to do that for years, why would there be any difference now? In fact, if Mr. Kerr’s plan went through, these companies would be bigger targets for exploitation as they’d hold a bigger payout for would be attackers. Come on, no more ‘give up your rights to survive’ rhetoric, we’ve had enough.  There’s more good coverage on this at Wired.

Here’s a good Slashdot story: “A judge in Rochester, New York, has denied an RIAA application for default judgment on the ground that the RIAA’s evidence was insufficient, in that it contained no details of actual downloads or distributions, and no sufficient evidence that defendant was in fact Kazaa user ‘heavyjeffmc@KaZaA.’ The decision concluded that ‘there are significant issues of fact regarding the identification of the defendant from his alleged “online media distribution system” username.’ (In case you’re unfamiliar with the term ‘online media distribution system,’ that’s because it is a term the RIAA coined 4 years ago to describe p2p file sharing accounts in its lawsuits; the term is not known to have been used by anyone else anywhere else.)” So while an IP isn’t good enough to nail down a ‘downloader’ (or in this case someone who used Kazaa, for what we don’t know), here a judge decides that a user name (which anyone can make up) doesn’t truly represent a certain person.

They just keep it up, now its come to light that AT&T has rolled out new Terms of Service for its DSL service that restricts users, while leaving the proof as a rather abstract concept.  Here’s the skinny, “…In section 5 of its legal ToS, AT&T stipulates the following:

AT&T may immediately terminate or suspend all or a portion of your Service, any Member ID, electronic mail address, IP address, Universal Resource Locator or domain name used by you, without notice, for conduct that AT&T believes (a) violates the Acceptable Use Policy; (b) constitutes a violation of any law, regulation or tariff (including, without limitation, copyright and intellectual property laws) or a violation of these TOS, or any applicable policies or guidelines, or (c) tends to damage the name or reputation of AT&T, or its parents, affiliates and subsidiaries.

Translation: “conduct” that AT&T “believes” “tends to damage” its name, or the name of its partners, can get you booted off the service. Note the use of “tends to damage”: the language of the contract does not require any proof of any actual damage.“  Nice, so much for free speech - if you’re an AT&T customer, which I’m not.  Heck, if I were you wouldn’t be reading this!

Update: so someone started a petition on the Apple forums proposing that Apple either build iTunes for Linux, or they ‘unlock’ the locked database they introduced. Want to see the thread? Well it was here, but apparently Apple saw fit to remove it. That, along with their firmware upgrades to the iPhone that would undo (or even brick) previously modified phones, it’s pretty obvious they don’t want to have ‘open’ products. Check Digg for more coverage/commentary.

After being excited about the new iPod’s released by Apple just weeks ago, now we’re hearing that they may contain code to lock people out of their own devices. BoingBoing picks up the story, “The latest iPods have a cryptographic “checksum” in their song databases that prevents third-party applications from synching with the portable music players. This means that iPods can no longer be used with operating systems where iTunes doesn’t exist — like Linux, where gtkpod and Amarok are common free tools used by iPod owners to load their players. Notice that this has nothing to do with piracy – this is about Apple limiting the choices available to people who buy their iPod hardware.” I know that as a Linux user I’m certainly in the minority of computer users, however Linux has been seen as a true alternative to Windows by some of Apple’s biggest competitors, Dell and HP. Additionally, it’s amazing that with the recent momentum towards opening up digital rights in their distribution of (some) DRM free songs from the iTunes store that Apple would choose to limit their customer’s choice by limiting how they can use your device. This is exactly what we’re concerned about when we say Digital Rights. How do you have rights if something you buy has limits on how you can use it? Now some are speculating that the lack of DRM is the reason Apple wants to lock their iPods down, “It’s hard to understand why Apple would do this, but the most likely explanations are that Apple wants to be sure that competitors can’t build their own players to load up iPods — now that half of the major labels have gone DRM free, it’s conceivable that we’d get a Rhapsody or Amazon player that automatically loaded the non-DRM tracks they sold you on your iPod (again, note that this has nothing to do with preventing piracy — this is about preventing competition with the iTunes Store).”

There are reports of what is going on, as far as a technical level, “At the very start of the database, a couple of what appear to be SHA1 hashes have been inserted which appear to lock the iTunes database to one particular iPod and prevent any modification of the database file. If you try to do either of these, the hashes will not match and the iPod will report that it contains “0 songs” when the iTunesDB would otherwise be perfectly adequate.” Of course it’s pretty much assumed that some hackers will be able to get around this, but then any ‘updates’ released by Apple will fill these holes as they appear. So while this is hardly the first time a big company has tried to lock in customers, it comes somewhat unexpected from a company like Apple. I saw a sticker at Defcon that summed up all of the digital rights concern with the simple phrase, “If you can’t open it, you don’t own it” and that’s true on many levels. Here’s hoping that Apple will think about how their new scheme limit’s their users’ digital rights, and has an ‘update’ that returns them to the freedom they deserve. Otherwise I, and I’m sure many more, users will migrate to another audio player.

Just got wind of a great article, How Do Spammers and Online Stalkers Find Me?  From things as simple as online white and yellow pages to filling out forms with too much personal information to chain letters and hoaxes (you know, when the forwarded email has 100s of addresses from all the past forwards).  This is posted on their site as a way to keep kids safe online, but it’s information that everyone needs to know.  When you go online, you need to think about your privacy, as it can effect your security, and the security of others close to you. Also, note the unsettling fact that even though this article was written in August of 2001 it’s still current.

UPDATE: AT&T have responded “Officially, AT&T claims that the act of censorship was the result of a simple mistake made by the content monitor”

“The editing of the Pearl Jam performance on Sunday night was not intended, but rather a mistake by a webcast vendor and contrary to our policy. We have policies in place with respect to editing excessive profanity, but AT&T does not edit or censor performances. We have that policy in place because the blue room is not age-restricted. We regret the mistake and are trying to work with the band to post the song in its entirety.”

A bit of heavy-handed censorship of a Pearl Jam concert by AT&T this weekend led the band to fire off an open letter to fans—a letter in which Pearl Jam railed against media and ISP consolidation and called for readers to support network neutrality. During a recent show by Pearl Jam, they played, “…the melody from Pink Floyd’s “The Wall,” and Eddie Vedder served up a pair of anti-Bush lyrics to the tune. “George Bush, leave this world alone,” he sang. “George Bush, find yourself another home.” which AT&T censored on the webcast of the concert. PJ were obviously unhappy, and made a bid to support net neutrality, something that seems below most people’s radar. From their site:

This, of course, troubles us as artists but also as citizens concerned with the issue of censorship and the increasingly consolidated control of the media. Aspects of censorship, consolidation, and preferential treatment of the internet are now being debated under the umbrella of “NetNeutrality.” Check out The Future of Music or Save the Internet for more information on this issue.

“What happened to us this weekend was a wake-up call, and it’s about something much bigger than the censorship of a rock band.”

Remember, if only a few big companies own the Internet’s bandwidth, the same sort of censorship could take place on any Internet content. Net neutrality is the only fair option, demand it.