Slashdot Mirror

hillct writes: "The ACLU has a very good comparison chart of anti-terrorism provisions in legislation currently being considered by congress. It covers the Combating Terrorism Act of 2001, the House Bill (PATRIOT Act) and the Senate Bill (USA Act), comparing it all to current law. We've all seen pieces of this information but the ACLU staffers did a great job consolidating it all." CDT also has a very good pdf guide to these about-to-be-passed laws. But the Onion has the best commentary.

hillct writes: "The ACLU has a very good comparison chart of anti-terrorism provisions in legislation currently being considered by congress. It covers the Combating Terrorism Act of 2001, the House Bill (PATRIOT Act) and the Senate Bill (USA Act), comparing it all to current law. We've all seen pieces of this information but the ACLU staffers did a great job consolidating it all." CDT also has a very good pdf guide to these about-to-be-passed laws. But the Onion has the best commentary.

dragons_flight writes: "The US Supreme Court is starting their next session, and on the docket are two cases that pit internet controls vs free speech as applied to porn. The first case will decide whether the government can force online providers to use age verification systems before allowing access to material deemed 'harmful to minors.' The second case deals with whether computer generated imitation porn can be treated with the same laws as porn involving real people (the particular case deals with child pornography). This news article discusses these and other issues before the court. Also ACLU commentary on the upcoming docket." The second of these cases was discussed before, in "Virtual Child Porn: Is It Illegal?"

Masem writes: "Following shortly after the EFF's call to action, the ACLU has now issued an Action Alert regarding much of the recent buzz in Congress after the terrorist actions last week. As with most ACLU Alerts, there's a form which you can use which will allow you to fax, email, or snailmail your Rep. and 2 Senators, either with a default message, or with a message that you can customize. Getting in touch with your elected representatives couldn't be any easier."

Masem writes: "Following shortly after the EFF's call to action, the ACLU has now issued an Action Alert regarding much of the recent buzz in Congress after the terrorist actions last week. As with most ACLU Alerts, there's a form which you can use which will allow you to fax, email, or snailmail your Rep. and 2 Senators, either with a default message, or with a message that you can customize. Getting in touch with your elected representatives couldn't be any easier."

loosenut writes: "The American Civil Liberties Union has purchased an ad to appear in the New York Times on April 15th and April 16th, as reported on their web page. The ad reads "Now equipped with 3-way calling. You, whoever you're dialing, and the government." Will the threat of having cell phones tapped be enough to mobilize people against Echelon?" I doubt it. But it's a good effort.

loosenut writes: "The American Civil Liberties Union has purchased an ad to appear in the New York Times on April 15th and April 16th, as reported on their web page. The ad reads "Now equipped with 3-way calling. You, whoever you're dialing, and the government." Will the threat of having cell phones tapped be enough to mobilize people against Echelon?" I doubt it. But it's a good effort.

geekotourist writes: " The NYTimes reports that the Tech Law Journal's emailed newsletter started misspelling words to get around filters at "law firms, universities or government agencies." Good to know that this well-informed audience (given the newsletter's content) knows the best reaction to mindless censorship: "...accepted the misspellings as a necessary evil." In future news on how to live with badly designed filters, identity theft victims will be asked to adopt new names ('cause it's a little too hard for credit card reporting agencies to provide authentication and privacy. Just ask Oprah.) And people who can't handle being pulled over for looking different will now be given blond wigs and white makeup to prevent it." (And censorware.net scooped The Times, too.)

argentus was one of many to write in regarding the Children's Internet Protection Act, challenged today in Philadelphia. Read the ACLU and American Library Association press releases, or perhaps the complaint filed by the ALA or complaint filed by the ACLU. Here's a story about the case, but there's a bit more information below.

In a nutshell: a few years ago, Congress got the bright idea that libraries and schools ought to have internet connections and computers. You may be aware that for many years, there has been a tax levied on telephone service which goes to the "universal service" fund - this money is supposed to be used to fund telephone service in remote areas of the United States, to ensure that all U.S. citizens have access to a telephone. Alaska is a major beneficiary.

The universal service fund was the natural place to tap to provide funds for discounted internet access to libraries and schools, and it was. Under the new programs, schools and libraries could receives funds to purchase computers and ongoing discounts on internet access charges. The new program was called "E-Rate", and about $5.5 billion has been spent so far, and up to $2.25 billion may be spent each year. My phone bill says that I am being taxed $0.43/month/line for universal service - I'm not certain if this is constant across the United States or not. You can check your local school or library to see if they are receiving funding here.

However, the Federal Government giveth and the Federal Government taketh away. For several years running, conservatives in Congress attempted to add language which would require recipients of this funding to censor their internet access. So, internet=GOOD, uncensored internet=BAD. Senator John McCain spearheaded the drive to impose internet censorship in any institution which accepted the funds or discounts. In December 2000, the language was added to the 2001 omnibus spending bill, which was ten inches thick when Congress finally voted to approve it - thick enough that no one on earth could claim to know what actually was in the spending bill and what was not.

Although there were attempts to make the bill apply only to terminals used by minors, the final bill applies to all terminals used by anyone. The institutions receiving funding are required to block access to (at a minimum) obscene materal, child pornography, and material harmful to minors (when minors are using the terminals). Given the technical limitations of the software, it's impossible for blocking to be limited to those areas listed. Some schools and libraries will choose to reject the funding and find some other way to budget for internet access. Some will accept the funding and the conditions. Talk to your library and find out.

And here we are. The plaintiffs -- libraries and library associations, library patrons, and people who publish content likely to be blocked -- are asserting that Congress has violated several Constitutional rights with the passage of this law. Read the last few pages of either complaint for an explicit listing of their claims. These are hard claims to make - the court system has often upheld Congress' power to put conditions on funding, since after all, the libraries do have the option of declining the funds - perhaps eliminating their internet access - and in that case, they wouldn't be bound by the law's requirement to censor their internet access. Funding for the interstate highway system has been tied to a national speed limit and to a national drinking age, for example.

In other words, this legal challenge is no slam dunk. This is more like a shot from half court with Michael Jordan in your face. The remedy with the greatest chance of success is pushing Congress to reverse itself and make the E-rate funds restriction-free.

argentus was one of many to write in regarding the Children's Internet Protection Act, challenged today in Philadelphia. Read the ACLU and American Library Association press releases, or perhaps the complaint filed by the ALA or complaint filed by the ACLU. Here's a story about the case, but there's a bit more information below.

In a nutshell: a few years ago, Congress got the bright idea that libraries and schools ought to have internet connections and computers. You may be aware that for many years, there has been a tax levied on telephone service which goes to the "universal service" fund - this money is supposed to be used to fund telephone service in remote areas of the United States, to ensure that all U.S. citizens have access to a telephone. Alaska is a major beneficiary.

The universal service fund was the natural place to tap to provide funds for discounted internet access to libraries and schools, and it was. Under the new programs, schools and libraries could receives funds to purchase computers and ongoing discounts on internet access charges. The new program was called "E-Rate", and about $5.5 billion has been spent so far, and up to $2.25 billion may be spent each year. My phone bill says that I am being taxed $0.43/month/line for universal service - I'm not certain if this is constant across the United States or not. You can check your local school or library to see if they are receiving funding here.

However, the Federal Government giveth and the Federal Government taketh away. For several years running, conservatives in Congress attempted to add language which would require recipients of this funding to censor their internet access. So, internet=GOOD, uncensored internet=BAD. Senator John McCain spearheaded the drive to impose internet censorship in any institution which accepted the funds or discounts. In December 2000, the language was added to the 2001 omnibus spending bill, which was ten inches thick when Congress finally voted to approve it - thick enough that no one on earth could claim to know what actually was in the spending bill and what was not.

Although there were attempts to make the bill apply only to terminals used by minors, the final bill applies to all terminals used by anyone. The institutions receiving funding are required to block access to (at a minimum) obscene materal, child pornography, and material harmful to minors (when minors are using the terminals). Given the technical limitations of the software, it's impossible for blocking to be limited to those areas listed. Some schools and libraries will choose to reject the funding and find some other way to budget for internet access. Some will accept the funding and the conditions. Talk to your library and find out.

And here we are. The plaintiffs -- libraries and library associations, library patrons, and people who publish content likely to be blocked -- are asserting that Congress has violated several Constitutional rights with the passage of this law. Read the last few pages of either complaint for an explicit listing of their claims. These are hard claims to make - the court system has often upheld Congress' power to put conditions on funding, since after all, the libraries do have the option of declining the funds - perhaps eliminating their internet access - and in that case, they wouldn't be bound by the law's requirement to censor their internet access. Funding for the interstate highway system has been tied to a national speed limit and to a national drinking age, for example.

In other words, this legal challenge is no slam dunk. This is more like a shot from half court with Michael Jordan in your face. The remedy with the greatest chance of success is pushing Congress to reverse itself and make the E-rate funds restriction-free.

Last Saturday a comment was posted here by an anonymous reader that contained text that was copyrighted by the Church of Scientology. They have since followed the DMCA and demanded that we remove the comment. While Slashdot is an open forum and we encourage free discussion and sharing of ideas, our lawyers have advised us that, considering all the details of this case, the comment should come down. Read on to understand what this means.

This is the first time since we instituted our moderation system that a comment has had to be removed because of its content, and believe me nobody is more broken hearted about it than me. It's a bad precedent, and a blow for the freedom of speech that we all share in this forum. But this simply doesn't look like a case we can win. Our lawyers tell us that it appears to be a violation of Copyright law, and under the terms of the DMCA, we must remove it. Else we risk legal action that would at best be expensive, and potentially cause Slashdot to go down temporarily or even permanently. At the worst, court orders could jeporadize your privacy, and we would be helpless to stop it.

We need to choose our battles and this isn't one we want to have. We want Slashdot to be a forum where you can say what's in your heart, but we simply can't defend an anonymous poster who violates copyright law. Keep that in mind when you post in both this discussion, and in others in the future. Post your ideas. Post your thoughts. And most of all, post your links. We need to play by the rules or it's game over.

Now there is the matter of this specific comment. It contained a text called "OT III", part of what is known as the Fishman Affidavit. This text is Copyrighted by the Church of Scientology. In compliance with the DMCA, we are removing it from Slashdot. In its place we are putting non-copyrighted text: Links to websites about the church of Scientology, as well as links to how you can contact your congressman about the DMCA. Thanks a lot to Jamie for putting this together.

First of all, we would like to point out that the text of OT III is available at many other places on the web. To many to list here in fact. Instead, try a Google search on "OT III" and "Fishman", which as of this writing (March 2001) returns over 250 pages. A broader search on AltaVista returns over 2,000 webpages.

Operating in the jurisdiction of the Dutch courts, Karin Spaink's Fishman Affidavit webpage has fended off two lawsuits from Scientology, one in 1996 and one in 1999. The latter suit, according to the page, is still being appealed. >From the link listed just above, you can click through to the Fishman Affidavit, which contains links to not only to an annotated copy of OT III, but to the documents on the other OT levels as well, number one through the disputed number eight.

If you would like a plain English explanation of OT III, see OT III Rewritten For Beginners, by Jon Atack. Its author is a former Scientologist who himself completed level OT III. The webpage contains nothing copyrighted by a Scientology organization. It is an explanation of what OT III says and what that means, along with commentary by the author. Jon Atack is also the author of A Piece of Blue Sky, which is a history of Scientology from before its founding to after L. Ron Hubbard's death. At the above link, you can either purchase it, or read it in its entirety online.

If you are interested in Scientology, you will want to visit Operation Clambake, at xenu.net. It seems to be the most important central resource for information on the organization.

You may also want to visit the Lisa McPherson Memorial Page, which claims that "Lisa died needlessly at the hands of Scientology." Her case is truly a tragic one and she deserves to be remembered. The site has a great deal of information on her death. Related is The Lisa McPherson Trust, which has not only information about Lisa, but a very large archive of interviews, court transcripts, news reports, testimonials, and videos about Scientology.

Here's a Slashdot story last year on eBay removing auctions for e-meters based on the Church of Scientology DMCA copyright allegations, which is odd because Copyright law doesn't cover a physical device.

If there's anything else about Scientology you want to know, you will want to see AltReligionScientology.org, which contains a huge list of links to all the sites I don't have room to list here.

The DMCA is actually five separate modifications to copyright law. Its Title I is known for providing legal protection for "technological measures" (typically encryption) which prevent copying; this is the part that empowered the MPAA to sue over DeCSS, to name the best-known example.

That's not the part that concerns us here; Title II is its other major modification of copyright law and that's what we're dealing with. Title II created 17 U.S.C. Section 512, and we're specifically looking at our liability under paragraphs (c)(1)(A), which says we have to act "expeditiously to remove or disable access to the [infringing] material." Here's the U.S. Copyright Office's 18-page summary of the DMCA as a whole. If 18 pages is too long for you, here's the American Library Association's much quicker summary

Here's a list of resources on the DMCA, including the DMCA itself in PDF format. The EFF page on the DCMA seems to relate mostly to Title I, the anti-encryption-circumvention portion, but it's too good not to mention anyway.

Don't know who your Congressperson or Senators are? That's OK, now's as good a time as any to learn. Finding your Senators is easy, just go to Senate.gov. To find your Representative, you just need your zip code. You can use the form on the website to write them if you're lazy, but if you want your message to have more impact, print it out and send it in a real envelope. Anything's better than nothing, though.

When you write, you'll want to write something they'll read. Here are the ACLU's tips for writing to your Congressperson or Senators.

Sarcasmo writes: "Apparently, the ACLU and EPIC plan to file suit in order to challenge the legality of the Children's Online Protection Act." While the link in there leads to a privacy.org, here's a direct link to the article. Either one will tell you that the groups will "attempt to have the new law struck down on First Amendment and due-process grounds." Best of luck to them.

Carl Kadie has returned his responses to our interview questions. He covers a wide array of topics regarding computers and academic freedom - my guess is that this interview will answer about 5% of all questions submitted to Ask Slashdot. :)

With Power comes responsibility... (Score:5, Interesting)
by Zachary DeAquila on 02-14-01 02:41 PM EST (#28)

What responsibilities do universiies incur when they have such overbroad AUPs and reserve such powers for themselves? What if, in their browsing through my data, they delete or destroy important information (thesis data or papers or somesuch)? Are they liable for it? What if they 'leak' damaging data either unknowingly or through misunderstanding? Can they be held responsible?

I'm afraid that I know the answers to all these questions and am even more afraid of those answers. So what can be done about it beyond the standard SSH and PGP rhetoric ? Is there a way to make them take responsibility for these actions, preferably a heavy enough responsibility to discourage them from wanting to take these actions in the first place?

Let me start with disclaimers. I'm not a lawyer. The legal matters I discuss are merely my understanding of the law, not real legal advice. Also, I speak for myself, not for the Electronic Frontier Foundation or my employer. For more on these issues look at the Computers and Academic Freedom Archive.

As a practical matter, no rule, regulation, or liability could ever compensate you for something like lost thesis data. Hopefully, the terror you feel just thinking about losing something irreplaceable will motivate you to make multiple backups.

For privacy, however, federal law does offer some protections. The Family Educational Rights and Privacy Act applies to any U.S. school, even high schools, both public and private, that accepts federal money. This is the law that stops schools from announcing your social security number and grades to the world. Schools that disclose personally identifiable information, beyond directory information, can lose their federal funding. Schools generally take this law very seriously. The only common problem is school staff who need to be educated about the law.

Another useful law is the Electronic Communications Privacy Act. This is the law that stops AOL from disclosing your grandma's email. It can also be reasonably interpreted as stopping universities from disclosing student email. It may also protect staff email.

Finally, public universities have obligations beyond federal law. As a government institution, they are bound by the federal constitution and their state constitution. A U.S. government task force says that [Email] monitoring [of government employees] of actual communications and communicators may impinge on the Constitutional rights of freedom of speech (1st Amendment), against unreasonable search and seizure (4th Amendment), and against self-incrimination (5th amendment), as well as on the right to privacy, specifically as set forth in both the Privacy Act and the ECPA. Students are presumably protected at least as much.


University policy (Score:5, Interesting)
by Pacer on 02-14-01 02:43 PM EST (#31)

I lived for two years in University residence and, frankly, my college didn't seem to have much respect for the privacy of students in any regard: all mail came through University-owned mailboxes, and packages had to be picked up at the dormitory desk, staffed by hall RAs -- students with a significant disciplinary function. All telephone service went through the university switchboard. Your room could be searched, by university staff or by police, without your permission and without any sort of warrant. Most tenant rights were violated (for instance, eviction with two weeks' notice any time of year), and now the university informs students' parents of on-campus alcohol or disciplinary violations (these are adults whose academic transcripts cannot be released to parents without a signed waiver).

It is not any surprise to me that fascist user agreements are in place concerning electronic media in light of the general control-oriented attitude of many universities towards their on-campus student populations. Perhaps the problem runs deeper than simple technophobia?

I'm optimistic about the trend. I once looked up the student regulations for my school from 1904 to present. (I've since graduated). Students were once literally treated as children. Now the policies generally respect students as scholars with academic freedom. Academic freedom (which includes freedom of expression, privacy, and due process) for students is guaranteed in the student code of many schools. It is advocated by dozen of important academic organizations. I believe academic freedom principles can be straight forwardly applied to computers and networks. For example, here is what our Draft Statement on Computers and Academic Freedom says about privacy:

"Privacy Principle: Personal files on university's computers (for example, files in a user's home directory) should have the same privacy protection as personal files in university-assigned space in an office, lab, or dormitory (for example, files in a graduate student's desk). Private communications via computer should have the same protections as private communications via telephone."

So, all is wonderful everywhere except for a few aberrations that your free ACLU lawyer can quickly take care of, right? Sadly, no. The struggle for civil liberties and academic freedom never ends. As you suggest, some in authority will always try to assert more and more control. They may never have heard the idea that students should have academic freedom. They may not realize public universities in the U.S. are constrained by the U.S. constitution. They may erroneously believe that federal law doesn't apply if you make students sign a waiver.

So what can you do? Organize and fight! It won't be easy. You'll never win completely. But, you'll likely find friends and allies everywhere from student to faculty to staff. You may find your most important allies among the computer services staff. Many computer staff folks see themselves as true professionals with a professional responsibility to what's morally and legally right, not just what the boss thinks is expedient.

If you are in high school looking at colleges, please read their student code and computer rules before you decide. This will be part of your contract with the university. If you decide not to attend a school because of bad policies, tell them and tell the world.


Linux acceptability (Score:5, Interesting)
by dwbryson on 02-14-01 02:45 PM EST (#42)

Carl- I have fought a battle at my college over Linux being on the network. I told the UTS( Univeristy Technology Services ) that I was a big advocate of Linux and was starting up a Linux User Group on campus. But first I wanted their approval. They swiftly told me that, "You can absolutly not encourage the use of Linux on OUR network, and you should be lucky that we don't ban it on campus." I was completely uphauled by this, and so promptly turned around and tried to get as many people interested as I could in Linux. And eventually started my own LUG. Do they have a right to tell me what OS I can use on their network? They of course support windows, and allow Mac's, but flat out tell me I can't have linux on their network. Do you have any suggestions on what rights I as a user have?

Let me break this into two questions. First, can a university department ban clubs or speech because it doesn't like what they advocate? Generally not. At most schools, the student code protects freedom of speech. At public universities, student speech is also protected by the 1^st amendment. To take one example, the U. of Illinois has student organizations ranging from the International Socialists to the College Republicans. Linux really shouldn't be a problem.

Second, can a University Technology Services group ban a program/OS from the Network? The difficulty is that while it might be legitimate to ban, say, a packet sniffer, it shouldn't be legitimate to stop Scientology students who want to filter their own Internet access on their own PC. How do we distinguish these cases? Legally, at state schools you could try to make a 1^st amendment argument. You could also use freedom of information requests (if applicable) to see if a rule was made for legitimate reasons. These legal battles, however, would be expensive and uncertain.

More effective than a legal approach is a good policy approach. How is good policy made? By getting everyone (students, faculty, and staff) involved in making decisions. And, if that doesn't work, by protesting and publicizing bad decisions. Here is what the Joint Statement on Rights and Freedoms of Students says about students and policy making:

"As constituents of the academic community, students should be free, individually and collectively, to express their views on issues of institutional policy and on matters of general interest to the student body. The student body should have clearly defined means to participate in the formulation and application of institutional policy affecting academic and student affairs. The role of the student government and both its general and specific responsibilities should be made explicit, and the actions of the student government within the areas of its jurisdiction should be reviewed only through orderly and prescribed procedures."

Legal Recourse? (Score:5, Interesting)
by CU-Ballistic (rogersj@SPAMSUCKSclemson.edu) on 02-14-01 02:46 PM EST (#45)

I attend a rather well-known University in the South. Of course, they have the requisite "we own you and your data" policy. They state in very explicit terms that they have the right, at any time, to search and confiscate my computer, hard drives, and other media. They say that they also have the right to monitor network traffic, and disable any account which is exhibiting "unusual or excessive" activity. This all seems incredibly arbitrary to me, and worries me very much. My question to you is: Do I have any legal recourse? My main quarrel is that as a first-year student, I am forced to live on campus, and many classes require work to be submitted electronically. Since I am unable to "opt-out" of their heavy-handed policy, do I have any legal recourse if I were to encounter a search-and-seizure situation with the Administration here?

I think I found policy in question. It has both good points and bad points. The good is that it provides for due process via the university's regular channels. Also, it lays out proscribed behavior pretty clearly. Now, to the bad:

• It doesn't say how the policy was formulated and under what authority. Were students involved? Did the university senate give approval? Was there a committee? As far as we can tell from the policy itself, it could be the work of one person without any input from the university community.
• The policy contradicts itself on privacy. It tries to use magic words to make federal law and constitutional requirements disappear. It says: "Students have no expectation of privacy when utilizing university computing resources, even if the use is for personal purposes." The policy for staff says the same thing: "Employees have no expectation of privacy ..." but a few lines before that it correctly acknowledges that "[...] Federal and State statutes protect the privacy of much of the information available on University computer systems." As a general rules, a policy should not contradict itself. (I wonder if researchers are really prohibited from storing human subject and other sensitive data on these computers?) [Editorial note: Federal laws concerning research on human subjects requires that data about such studies be stored securely, with a number of explicit security requirements. If Clemson faculty have no expectation of privacy when using Clemson computers, Clemson is breaking those laws if it conducts any research on human subjects (which it does) and stores the data on Clemson machines.]
• Finally, the policy conflates invading-policy-because-of-an-emergency and invading-it-to-gather-evidence-of-wrong-doing. Any public university and any university that respects academic freedom should distinguish these cases. Here is how the Joint Statement puts it:
  
  "Except under extreme emergency circumstances, premises occupied by students and the personal possessions of students should not be searched unless appropriate authorization has been obtained. For premises such as residence halls controlled by the institution, an appropriate and responsible authority should be designated to whom application should be made before a search is conducted. The application should specify the reasons for he search and the objects or information sought. The student should be present, if possible, during the search. For premises not controlled by the institution, the ordinary requirements for lawful search should be followed."

Finding Balance? (Score:5, Informative)
by PapaZit on 02-14-01 03:59 PM EST (#161)

Here's a shot from "the other side."

I work in Computing Services for a tech-oriented private university. Our usage policies aren't as bad as some, but they definitely give us broad priviledges. We've been through many, many proposed revisions that keep being killed by some combination of faculty, staff or lawyers. The basic problems:

There doesn't seem to be a concise legal way to say "Don't be an asshole and don't break the law," which is all we really want.

It's occasionally necessary for staff to look at private information for technical reasons (reconstructing mail spool after disk crashed, making sure the nifty new backup program actually worked, etc.). We have a huge infrastructure, and if we had to stop and check every time we might accidentally see something, we'd never get anything done unless we made our staff size much larger. We don't have the budget to do that.

Occasionally, the sysadmins will find something really bad during the course of routine work. "Spending a long time in federal prison" kind of bad. We try to keep these sort of events quiet to avoid publicity for the user in case it's not their fault (someone cracked their account, etc). We don't want our users on the evening news, but this'll happen with most "notify lots of people before doing anything" plans.

There are two opposing viewpoints that are both vocal in our community. One says "privacy over all" while the other says "learning and sharing over all". We have quite a few people who make their home directories publicly readable as a sort of protest against the "privacy freaks" (their words). Finding a policy that makes both happy is very difficult.

In light of these constraints (financial and social), how do we give more rights to our users without seriously impeding our ability to do our jobs?

First, I commend you for taking your professional responsibilities seriously. As you know, incidental and emergency exposure of information is a fact of life. Your computers likely contain everything from medical information, to love letters, to evidence of criminal activity. After much debate at the U. of Illinois, with input from all of campus, the University adopted a policy that says in part:

"Network and system administrators are expected to treat the contents of electronic files as private and confidential. Any inspection of electronic files, and any action based upon such inspection, will be governed by all applicable U. S. and Illinois laws and by University policies."

Other schools also respect the privacy of email and files. You can see examples here. For some general tips on making good policy, look here.


I am violating my school's policy by posting this. (Score:4, Interesting)
by SkyIce (dangelo(a)ntplx.net) on 02-14-01 03:47 PM EST (#144)

Take a look at my school's AUP at http://www.exeter.edu/publications/ebook/datavoice video.html . Some interesting quotes:

"No pseudonymous or anonymous messages may be sent. Students should be careful not to give out personal information over the Internet."

"Accessing the accounts and files of others is prohibited."

"Students may be held accountable for their actions while off-campus and thus for messages posted from off-campus accounts."

Academy network resources, including all telephone and data lines, are the property of the Academy. The Academy will, to the extent possible, respect privacy of all account holders on the network. However, the Academy is responsible for investigating possible violations of and enforcing all Academy rules governing the network. Academy network users should, therefore, keep in mind that the Academy reserves the right to access any information stored or transmitted over the network.

But nowhere in it does it mention the search of a personal computer. Somehow, last week, on mere suspicion, my and three other kids' computers were seized and held for a few days while the network administrator attempted to track down the source of network troubles. He ultimately failed, but in the process noticed that I was using a different IP address and hostname other than the one I had been assigned. The case was sent to the discipline committee under "Theft of IP address" and I am now on probation for eight weeks. My dorm room's port was activated "with restrictions" yesterday, and they now want me to e-mail them a list of every program I want to download so that they can verify it. Was this even legal? What can I do to stop something like this from happening in the future?

As a student in a private high school that likely doesn't take any government money, you have few legal protections. As long as they follow their own rules, they can do almost anything they want. Sorry.

Again, I strongly encourage you to read the student code and computer policies of any colleges you are looking at. You'll find critiques of several dozen policies Computers and Academic Freedom Policy Archive. (Hopefully, most of the bad policies in the archive have since been improved.)


Colleges vs Corporations (Score:3, Interesting)
by Chris Brewer (chrisbrewer@paradise.net.nzSPAMBEGONE(TM)) on 02-14-01 02:44 PM EST (#39)

In your opinion, is there any difference between what a student does on the campus network using college owned computers and an employee using the corporate network using the company's computers with regard to who owns the data?

In the U.S., there is a world of difference between employees and students. (I don't know about the law in New Zealand). The work employees do on company equipment generally belongs to the company. Moreover, at work Americans have little privacy protection. (The ACLU has a project on workplace civil liberties.)

Students, on the other hand, are customers of the university, not its agents or employees. Although your grandmother might store a document on AOL's computers, that does not give AOL ownership of the document's copyright. Likewise, while you might research a paper in the University library and store it on a University computer, they gain no ownership rights.


WPI's Acceptible Use Policy (Score:3, Interesting)
by Saint Nobody on 02-14-01 02:50 PM EST (#55)

Personally, i think that WPI has a pretty good AUP, (which is not to say i haven't had problems with netops regarding a few violations, only one of which i was actually responsible for.) it doesn't say that they can read our email personal files and other miscellany, and it requires us not to go poking around.

However, it doesn't say that they can't.

how do you feel about policies like that? It doesn't guarantee our privacy, but it doesn't infringe on it either. Is lack of a guarantee an implicit infringement?

The Joint Statement says that academic freedom "requires" policies that clearly define possible offenses and that are enforced though fair due-process procedures. As you point out, WPI, a private technical institute, leaves a lot unsaid in its computer policy especially about policy enforcement. Are such vague policies OK because we can trust the wisdom of the university staff to do what's right? As much as I respect the professionalism of many computer staff folks, we can't know that the good ones will always be there. To be safe, we must capture some wisdom in policy.

So, what could go wrong? Imagine this nightmare: The WPI computer organization decides to ignore the Institute's regular judicial system with its system of check and balances. The computer org decides to impose punishments on students itself. It guarantees no notice of charges, no hearing, and no appeal procedure.

How likely is this nightmare? IT HAS ALREADY HAPPENED!

Read another WPI policy, the Residential AUP Policy. This policy reminds me of a line from Lewis Carroll's Alice in Wonderland: "No, no," said the Queen: "The sentence first -- the verdict afterwards." Except they don't even bother with the verdict.


Is it because of lawyers? (Score:3, Interesting)
by Wariac on 02-14-01 03:06 PM EST (#83)

Do you think that Schools do this in practice, or is this just a CYA (cover your ass) scenario in case a student does something stupid/illegal. It seems to me in this lawsuit-happy world full of sleazy lawyers that this could be the only way that Schools (or anyone) can avoid being sued into bankruptcy.

In a nutshell, Do the schools implement these policies on thier own accord, or are they usualy done at the request of thier insurer?

Because students are customers of a school and not employees/agents schools generally aren't responsible for their actions. So, if it's not insurers who ask for bad policies where to they come from? It often works like this:

• A student does something obnoxious, but not against any written rules.
• The student is investigated and punished.
• The department that punished the student creates very broad and very vague rules to justify, after the fact, the procedure and punishment already imposed. (For example, see the case of the NCSA.)
• The new policy is run by University legal counsel. Legal counsel checks that it doesn't make any promises or guarantees to students. Counsel doesn't think to check for consistency with other policies or Constitutional requirements.
• Some students, faculty, or staff members finally get to read the policy. Using email, web sites, netnews, newspaper stories, and sometimes even demonstrations on on the Quad/Green, they educate themselves and the University community about legal and academic standards. Everyone starts to see the problems in the first policy.
• A committee is formed of students, faculty, staff, and librarians. They work for a while and create a much better policy.
• The new policy is adopted by the University and replaces the old. (For example, the UIUC privacy policy that grew out of the NCSA policy.)
• Everyone lives happily ever after. (Until the next time a student does something obnoxious but not against any written rules.)

How do you handle bandwidth issues? (Score:2, Interesting)
by Shook (shook@iname.com) on 02-14-01 10:34 PM EST (#261)

I go to a fairly devout Christian U., that has very aggressive censor ware against sex, porn, illegal activities, but that isn't the focus of my question. Unlike many schools, my U. did nothing to block Napster use, and I always found this a little surprising.

When we came back from X-Mas break, Napster was blocked. People moaned and groaned, but it turns out it wasn't even our school's call (though they might have had a say in it) Our school gets its access from a state-wide government-run ISP for educational institutions, and the ISP decided to block Napster, Gnutella, and probably others.

Rather than copyright issues, they cited bandwidth problems. Although, I miss my Napster, I find this hard to argue with. (Theoretically) the network is for educaitonal purposes, and my average dorm-connection speed has doubled since Napster was blocked. But this could easily become a slippery slope, what is to keep them from blocking things like FTP, or Real Audio, both of which I have used for research, but can present bandwidth problems.

How would you suggest balancing to need to reserve bandwidth for serious school-related purposes, and still provide a useful Internet service?

Ten years ago, some schools thought it necessary to ban all games from their computers and networks. (Here is a critique of one such policy.) Now the computer game industry is as big as the movie industry. And, just as you can take film classes in college, so you can take computer game classes. This illustrates the wisdom of a tenet of academic freedom: no authority knows everything that will be important in the future. Therefore, every professor and every student should be free to examine and discuss all questions of interest to them. Schools should do their best to accommodate these explorations. Peer-to-peer systems could be the next big thing. It sounds like the students and professors in your state won't be part of it.

Could there ever be a legitimate reason to ban ALL recreational use of the network? Sure, just as I can imagine a college so resource-poor that it banned all recreational reading in the library, I can imagine a college so resource-poor that it banned all recreational network use. But I won't want to attend such a school.

But, how should needs be balanced when resources require it? I advocate following the model of librarians. They are experts at selecting books based on professional standards and respect for intellectual freedom.

In closing, let me list some resources and ask for some possible help:

• American Civil Liberties Union
• Electronic Frontier Foundation, civil liberties group which works to protect privacy, free expression, and access to new media sources.
• The Foundation for Individual Rights in Education (FIRE), a nonprofit educational foundation devoted to free speech, individual liberty, religious freedom, the rights of conscience, legal equality, due process, and academic freedom on our nation's campuses.
• Peacefire, a nonprofit organization representing the interests of people under 18 in the debate over freedom of speech on the Internet. Peacefire focuses mostly on censorware (Internet content filtering software) in libraries and schools.
• Student Press Law Center, a nonprofit organization provides legal advice to media students and educators on issues related to freedom of the press. Includes advice and news.
• American Association of University Professors, focuses on issues of academic freedom and tenure and campus governance by faculty. Details its programs and policies.
• American Library Association - Office for Intellectual Freedom

Finally, if you go to the Computers and Academic Freedom Archive, my web site, you'll notice it has not been updated for a while. With a job, a family, and new interests, I haven't given the site and issue the attention it deserves. I'd love to get ideas and/or proposals from folks on how to get the Computers and Academic Freedom Project restarted. Thanks.

Carl Kadie
kadie@eff.org
p.s. I'll be on vacation from the 4th to the 11th.

Carl Kadie has returned his responses to our interview questions. He covers a wide array of topics regarding computers and academic freedom - my guess is that this interview will answer about 5% of all questions submitted to Ask Slashdot. :)

With Power comes responsibility... (Score:5, Interesting)
by Zachary DeAquila on 02-14-01 02:41 PM EST (#28)

What responsibilities do universiies incur when they have such overbroad AUPs and reserve such powers for themselves? What if, in their browsing through my data, they delete or destroy important information (thesis data or papers or somesuch)? Are they liable for it? What if they 'leak' damaging data either unknowingly or through misunderstanding? Can they be held responsible?

I'm afraid that I know the answers to all these questions and am even more afraid of those answers. So what can be done about it beyond the standard SSH and PGP rhetoric ? Is there a way to make them take responsibility for these actions, preferably a heavy enough responsibility to discourage them from wanting to take these actions in the first place?

Let me start with disclaimers. I'm not a lawyer. The legal matters I discuss are merely my understanding of the law, not real legal advice. Also, I speak for myself, not for the Electronic Frontier Foundation or my employer. For more on these issues look at the Computers and Academic Freedom Archive.

As a practical matter, no rule, regulation, or liability could ever compensate you for something like lost thesis data. Hopefully, the terror you feel just thinking about losing something irreplaceable will motivate you to make multiple backups.

For privacy, however, federal law does offer some protections. The Family Educational Rights and Privacy Act applies to any U.S. school, even high schools, both public and private, that accepts federal money. This is the law that stops schools from announcing your social security number and grades to the world. Schools that disclose personally identifiable information, beyond directory information, can lose their federal funding. Schools generally take this law very seriously. The only common problem is school staff who need to be educated about the law.

Another useful law is the Electronic Communications Privacy Act. This is the law that stops AOL from disclosing your grandma's email. It can also be reasonably interpreted as stopping universities from disclosing student email. It may also protect staff email.

Finally, public universities have obligations beyond federal law. As a government institution, they are bound by the federal constitution and their state constitution. A U.S. government task force says that [Email] monitoring [of government employees] of actual communications and communicators may impinge on the Constitutional rights of freedom of speech (1st Amendment), against unreasonable search and seizure (4th Amendment), and against self-incrimination (5th amendment), as well as on the right to privacy, specifically as set forth in both the Privacy Act and the ECPA. Students are presumably protected at least as much.


University policy (Score:5, Interesting)
by Pacer on 02-14-01 02:43 PM EST (#31)

I lived for two years in University residence and, frankly, my college didn't seem to have much respect for the privacy of students in any regard: all mail came through University-owned mailboxes, and packages had to be picked up at the dormitory desk, staffed by hall RAs -- students with a significant disciplinary function. All telephone service went through the university switchboard. Your room could be searched, by university staff or by police, without your permission and without any sort of warrant. Most tenant rights were violated (for instance, eviction with two weeks' notice any time of year), and now the university informs students' parents of on-campus alcohol or disciplinary violations (these are adults whose academic transcripts cannot be released to parents without a signed waiver).

It is not any surprise to me that fascist user agreements are in place concerning electronic media in light of the general control-oriented attitude of many universities towards their on-campus student populations. Perhaps the problem runs deeper than simple technophobia?

I'm optimistic about the trend. I once looked up the student regulations for my school from 1904 to present. (I've since graduated). Students were once literally treated as children. Now the policies generally respect students as scholars with academic freedom. Academic freedom (which includes freedom of expression, privacy, and due process) for students is guaranteed in the student code of many schools. It is advocated by dozen of important academic organizations. I believe academic freedom principles can be straight forwardly applied to computers and networks. For example, here is what our Draft Statement on Computers and Academic Freedom says about privacy:

"Privacy Principle: Personal files on university's computers (for example, files in a user's home directory) should have the same privacy protection as personal files in university-assigned space in an office, lab, or dormitory (for example, files in a graduate student's desk). Private communications via computer should have the same protections as private communications via telephone."

So, all is wonderful everywhere except for a few aberrations that your free ACLU lawyer can quickly take care of, right? Sadly, no. The struggle for civil liberties and academic freedom never ends. As you suggest, some in authority will always try to assert more and more control. They may never have heard the idea that students should have academic freedom. They may not realize public universities in the U.S. are constrained by the U.S. constitution. They may erroneously believe that federal law doesn't apply if you make students sign a waiver.

So what can you do? Organize and fight! It won't be easy. You'll never win completely. But, you'll likely find friends and allies everywhere from student to faculty to staff. You may find your most important allies among the computer services staff. Many computer staff folks see themselves as true professionals with a professional responsibility to what's morally and legally right, not just what the boss thinks is expedient.

If you are in high school looking at colleges, please read their student code and computer rules before you decide. This will be part of your contract with the university. If you decide not to attend a school because of bad policies, tell them and tell the world.


Linux acceptability (Score:5, Interesting)
by dwbryson on 02-14-01 02:45 PM EST (#42)

Carl- I have fought a battle at my college over Linux being on the network. I told the UTS( Univeristy Technology Services ) that I was a big advocate of Linux and was starting up a Linux User Group on campus. But first I wanted their approval. They swiftly told me that, "You can absolutly not encourage the use of Linux on OUR network, and you should be lucky that we don't ban it on campus." I was completely uphauled by this, and so promptly turned around and tried to get as many people interested as I could in Linux. And eventually started my own LUG. Do they have a right to tell me what OS I can use on their network? They of course support windows, and allow Mac's, but flat out tell me I can't have linux on their network. Do you have any suggestions on what rights I as a user have?

Let me break this into two questions. First, can a university department ban clubs or speech because it doesn't like what they advocate? Generally not. At most schools, the student code protects freedom of speech. At public universities, student speech is also protected by the 1^st amendment. To take one example, the U. of Illinois has student organizations ranging from the International Socialists to the College Republicans. Linux really shouldn't be a problem.

Second, can a University Technology Services group ban a program/OS from the Network? The difficulty is that while it might be legitimate to ban, say, a packet sniffer, it shouldn't be legitimate to stop Scientology students who want to filter their own Internet access on their own PC. How do we distinguish these cases? Legally, at state schools you could try to make a 1^st amendment argument. You could also use freedom of information requests (if applicable) to see if a rule was made for legitimate reasons. These legal battles, however, would be expensive and uncertain.

More effective than a legal approach is a good policy approach. How is good policy made? By getting everyone (students, faculty, and staff) involved in making decisions. And, if that doesn't work, by protesting and publicizing bad decisions. Here is what the Joint Statement on Rights and Freedoms of Students says about students and policy making:

"As constituents of the academic community, students should be free, individually and collectively, to express their views on issues of institutional policy and on matters of general interest to the student body. The student body should have clearly defined means to participate in the formulation and application of institutional policy affecting academic and student affairs. The role of the student government and both its general and specific responsibilities should be made explicit, and the actions of the student government within the areas of its jurisdiction should be reviewed only through orderly and prescribed procedures."

Legal Recourse? (Score:5, Interesting)
by CU-Ballistic (rogersj@SPAMSUCKSclemson.edu) on 02-14-01 02:46 PM EST (#45)

I attend a rather well-known University in the South. Of course, they have the requisite "we own you and your data" policy. They state in very explicit terms that they have the right, at any time, to search and confiscate my computer, hard drives, and other media. They say that they also have the right to monitor network traffic, and disable any account which is exhibiting "unusual or excessive" activity. This all seems incredibly arbitrary to me, and worries me very much. My question to you is: Do I have any legal recourse? My main quarrel is that as a first-year student, I am forced to live on campus, and many classes require work to be submitted electronically. Since I am unable to "opt-out" of their heavy-handed policy, do I have any legal recourse if I were to encounter a search-and-seizure situation with the Administration here?

I think I found policy in question. It has both good points and bad points. The good is that it provides for due process via the university's regular channels. Also, it lays out proscribed behavior pretty clearly. Now, to the bad:

• It doesn't say how the policy was formulated and under what authority. Were students involved? Did the university senate give approval? Was there a committee? As far as we can tell from the policy itself, it could be the work of one person without any input from the university community.
• The policy contradicts itself on privacy. It tries to use magic words to make federal law and constitutional requirements disappear. It says: "Students have no expectation of privacy when utilizing university computing resources, even if the use is for personal purposes." The policy for staff says the same thing: "Employees have no expectation of privacy ..." but a few lines before that it correctly acknowledges that "[...] Federal and State statutes protect the privacy of much of the information available on University computer systems." As a general rules, a policy should not contradict itself. (I wonder if researchers are really prohibited from storing human subject and other sensitive data on these computers?) [Editorial note: Federal laws concerning research on human subjects requires that data about such studies be stored securely, with a number of explicit security requirements. If Clemson faculty have no expectation of privacy when using Clemson computers, Clemson is breaking those laws if it conducts any research on human subjects (which it does) and stores the data on Clemson machines.]
• Finally, the policy conflates invading-policy-because-of-an-emergency and invading-it-to-gather-evidence-of-wrong-doing. Any public university and any university that respects academic freedom should distinguish these cases. Here is how the Joint Statement puts it:
  
  "Except under extreme emergency circumstances, premises occupied by students and the personal possessions of students should not be searched unless appropriate authorization has been obtained. For premises such as residence halls controlled by the institution, an appropriate and responsible authority should be designated to whom application should be made before a search is conducted. The application should specify the reasons for he search and the objects or information sought. The student should be present, if possible, during the search. For premises not controlled by the institution, the ordinary requirements for lawful search should be followed."

Finding Balance? (Score:5, Informative)
by PapaZit on 02-14-01 03:59 PM EST (#161)

Here's a shot from "the other side."

I work in Computing Services for a tech-oriented private university. Our usage policies aren't as bad as some, but they definitely give us broad priviledges. We've been through many, many proposed revisions that keep being killed by some combination of faculty, staff or lawyers. The basic problems:

There doesn't seem to be a concise legal way to say "Don't be an asshole and don't break the law," which is all we really want.

It's occasionally necessary for staff to look at private information for technical reasons (reconstructing mail spool after disk crashed, making sure the nifty new backup program actually worked, etc.). We have a huge infrastructure, and if we had to stop and check every time we might accidentally see something, we'd never get anything done unless we made our staff size much larger. We don't have the budget to do that.

Occasionally, the sysadmins will find something really bad during the course of routine work. "Spending a long time in federal prison" kind of bad. We try to keep these sort of events quiet to avoid publicity for the user in case it's not their fault (someone cracked their account, etc). We don't want our users on the evening news, but this'll happen with most "notify lots of people before doing anything" plans.

There are two opposing viewpoints that are both vocal in our community. One says "privacy over all" while the other says "learning and sharing over all". We have quite a few people who make their home directories publicly readable as a sort of protest against the "privacy freaks" (their words). Finding a policy that makes both happy is very difficult.

In light of these constraints (financial and social), how do we give more rights to our users without seriously impeding our ability to do our jobs?

First, I commend you for taking your professional responsibilities seriously. As you know, incidental and emergency exposure of information is a fact of life. Your computers likely contain everything from medical information, to love letters, to evidence of criminal activity. After much debate at the U. of Illinois, with input from all of campus, the University adopted a policy that says in part:

"Network and system administrators are expected to treat the contents of electronic files as private and confidential. Any inspection of electronic files, and any action based upon such inspection, will be governed by all applicable U. S. and Illinois laws and by University policies."

Other schools also respect the privacy of email and files. You can see examples here. For some general tips on making good policy, look here.


I am violating my school's policy by posting this. (Score:4, Interesting)
by SkyIce (dangelo(a)ntplx.net) on 02-14-01 03:47 PM EST (#144)

Take a look at my school's AUP at http://www.exeter.edu/publications/ebook/datavoice video.html . Some interesting quotes:

"No pseudonymous or anonymous messages may be sent. Students should be careful not to give out personal information over the Internet."

"Accessing the accounts and files of others is prohibited."

"Students may be held accountable for their actions while off-campus and thus for messages posted from off-campus accounts."

Academy network resources, including all telephone and data lines, are the property of the Academy. The Academy will, to the extent possible, respect privacy of all account holders on the network. However, the Academy is responsible for investigating possible violations of and enforcing all Academy rules governing the network. Academy network users should, therefore, keep in mind that the Academy reserves the right to access any information stored or transmitted over the network.

But nowhere in it does it mention the search of a personal computer. Somehow, last week, on mere suspicion, my and three other kids' computers were seized and held for a few days while the network administrator attempted to track down the source of network troubles. He ultimately failed, but in the process noticed that I was using a different IP address and hostname other than the one I had been assigned. The case was sent to the discipline committee under "Theft of IP address" and I am now on probation for eight weeks. My dorm room's port was activated "with restrictions" yesterday, and they now want me to e-mail them a list of every program I want to download so that they can verify it. Was this even legal? What can I do to stop something like this from happening in the future?

As a student in a private high school that likely doesn't take any government money, you have few legal protections. As long as they follow their own rules, they can do almost anything they want. Sorry.

Again, I strongly encourage you to read the student code and computer policies of any colleges you are looking at. You'll find critiques of several dozen policies Computers and Academic Freedom Policy Archive. (Hopefully, most of the bad policies in the archive have since been improved.)


Colleges vs Corporations (Score:3, Interesting)
by Chris Brewer (chrisbrewer@paradise.net.nzSPAMBEGONE(TM)) on 02-14-01 02:44 PM EST (#39)

In your opinion, is there any difference between what a student does on the campus network using college owned computers and an employee using the corporate network using the company's computers with regard to who owns the data?

In the U.S., there is a world of difference between employees and students. (I don't know about the law in New Zealand). The work employees do on company equipment generally belongs to the company. Moreover, at work Americans have little privacy protection. (The ACLU has a project on workplace civil liberties.)

Students, on the other hand, are customers of the university, not its agents or employees. Although your grandmother might store a document on AOL's computers, that does not give AOL ownership of the document's copyright. Likewise, while you might research a paper in the University library and store it on a University computer, they gain no ownership rights.


WPI's Acceptible Use Policy (Score:3, Interesting)
by Saint Nobody on 02-14-01 02:50 PM EST (#55)

Personally, i think that WPI has a pretty good AUP, (which is not to say i haven't had problems with netops regarding a few violations, only one of which i was actually responsible for.) it doesn't say that they can read our email personal files and other miscellany, and it requires us not to go poking around.

However, it doesn't say that they can't.

how do you feel about policies like that? It doesn't guarantee our privacy, but it doesn't infringe on it either. Is lack of a guarantee an implicit infringement?

The Joint Statement says that academic freedom "requires" policies that clearly define possible offenses and that are enforced though fair due-process procedures. As you point out, WPI, a private technical institute, leaves a lot unsaid in its computer policy especially about policy enforcement. Are such vague policies OK because we can trust the wisdom of the university staff to do what's right? As much as I respect the professionalism of many computer staff folks, we can't know that the good ones will always be there. To be safe, we must capture some wisdom in policy.

So, what could go wrong? Imagine this nightmare: The WPI computer organization decides to ignore the Institute's regular judicial system with its system of check and balances. The computer org decides to impose punishments on students itself. It guarantees no notice of charges, no hearing, and no appeal procedure.

How likely is this nightmare? IT HAS ALREADY HAPPENED!

Read another WPI policy, the Residential AUP Policy. This policy reminds me of a line from Lewis Carroll's Alice in Wonderland: "No, no," said the Queen: "The sentence first -- the verdict afterwards." Except they don't even bother with the verdict.


Is it because of lawyers? (Score:3, Interesting)
by Wariac on 02-14-01 03:06 PM EST (#83)

Do you think that Schools do this in practice, or is this just a CYA (cover your ass) scenario in case a student does something stupid/illegal. It seems to me in this lawsuit-happy world full of sleazy lawyers that this could be the only way that Schools (or anyone) can avoid being sued into bankruptcy.

In a nutshell, Do the schools implement these policies on thier own accord, or are they usualy done at the request of thier insurer?

Because students are customers of a school and not employees/agents schools generally aren't responsible for their actions. So, if it's not insurers who ask for bad policies where to they come from? It often works like this:

• A student does something obnoxious, but not against any written rules.
• The student is investigated and punished.
• The department that punished the student creates very broad and very vague rules to justify, after the fact, the procedure and punishment already imposed. (For example, see the case of the NCSA.)
• The new policy is run by University legal counsel. Legal counsel checks that it doesn't make any promises or guarantees to students. Counsel doesn't think to check for consistency with other policies or Constitutional requirements.
• Some students, faculty, or staff members finally get to read the policy. Using email, web sites, netnews, newspaper stories, and sometimes even demonstrations on on the Quad/Green, they educate themselves and the University community about legal and academic standards. Everyone starts to see the problems in the first policy.
• A committee is formed of students, faculty, staff, and librarians. They work for a while and create a much better policy.
• The new policy is adopted by the University and replaces the old. (For example, the UIUC privacy policy that grew out of the NCSA policy.)
• Everyone lives happily ever after. (Until the next time a student does something obnoxious but not against any written rules.)

How do you handle bandwidth issues? (Score:2, Interesting)
by Shook (shook@iname.com) on 02-14-01 10:34 PM EST (#261)

I go to a fairly devout Christian U., that has very aggressive censor ware against sex, porn, illegal activities, but that isn't the focus of my question. Unlike many schools, my U. did nothing to block Napster use, and I always found this a little surprising.

When we came back from X-Mas break, Napster was blocked. People moaned and groaned, but it turns out it wasn't even our school's call (though they might have had a say in it) Our school gets its access from a state-wide government-run ISP for educational institutions, and the ISP decided to block Napster, Gnutella, and probably others.

Rather than copyright issues, they cited bandwidth problems. Although, I miss my Napster, I find this hard to argue with. (Theoretically) the network is for educaitonal purposes, and my average dorm-connection speed has doubled since Napster was blocked. But this could easily become a slippery slope, what is to keep them from blocking things like FTP, or Real Audio, both of which I have used for research, but can present bandwidth problems.

How would you suggest balancing to need to reserve bandwidth for serious school-related purposes, and still provide a useful Internet service?

Ten years ago, some schools thought it necessary to ban all games from their computers and networks. (Here is a critique of one such policy.) Now the computer game industry is as big as the movie industry. And, just as you can take film classes in college, so you can take computer game classes. This illustrates the wisdom of a tenet of academic freedom: no authority knows everything that will be important in the future. Therefore, every professor and every student should be free to examine and discuss all questions of interest to them. Schools should do their best to accommodate these explorations. Peer-to-peer systems could be the next big thing. It sounds like the students and professors in your state won't be part of it.

Could there ever be a legitimate reason to ban ALL recreational use of the network? Sure, just as I can imagine a college so resource-poor that it banned all recreational reading in the library, I can imagine a college so resource-poor that it banned all recreational network use. But I won't want to attend such a school.

But, how should needs be balanced when resources require it? I advocate following the model of librarians. They are experts at selecting books based on professional standards and respect for intellectual freedom.

In closing, let me list some resources and ask for some possible help:

• American Civil Liberties Union
• Electronic Frontier Foundation, civil liberties group which works to protect privacy, free expression, and access to new media sources.
• The Foundation for Individual Rights in Education (FIRE), a nonprofit educational foundation devoted to free speech, individual liberty, religious freedom, the rights of conscience, legal equality, due process, and academic freedom on our nation's campuses.
• Peacefire, a nonprofit organization representing the interests of people under 18 in the debate over freedom of speech on the Internet. Peacefire focuses mostly on censorware (Internet content filtering software) in libraries and schools.
• Student Press Law Center, a nonprofit organization provides legal advice to media students and educators on issues related to freedom of the press. Includes advice and news.
• American Association of University Professors, focuses on issues of academic freedom and tenure and campus governance by faculty. Details its programs and policies.
• American Library Association - Office for Intellectual Freedom

Finally, if you go to the Computers and Academic Freedom Archive, my web site, you'll notice it has not been updated for a while. With a job, a family, and new interests, I haven't given the site and issue the attention it deserves. I'd love to get ideas and/or proposals from folks on how to get the Computers and Academic Freedom Project restarted. Thanks.

Carl Kadie
kadie@eff.org
p.s. I'll be on vacation from the 4th to the 11th.

Carl Kadie has returned his responses to our interview questions. He covers a wide array of topics regarding computers and academic freedom - my guess is that this interview will answer about 5% of all questions submitted to Ask Slashdot. :)

With Power comes responsibility... (Score:5, Interesting)
by Zachary DeAquila on 02-14-01 02:41 PM EST (#28)

What responsibilities do universiies incur when they have such overbroad AUPs and reserve such powers for themselves? What if, in their browsing through my data, they delete or destroy important information (thesis data or papers or somesuch)? Are they liable for it? What if they 'leak' damaging data either unknowingly or through misunderstanding? Can they be held responsible?

I'm afraid that I know the answers to all these questions and am even more afraid of those answers. So what can be done about it beyond the standard SSH and PGP rhetoric ? Is there a way to make them take responsibility for these actions, preferably a heavy enough responsibility to discourage them from wanting to take these actions in the first place?

Let me start with disclaimers. I'm not a lawyer. The legal matters I discuss are merely my understanding of the law, not real legal advice. Also, I speak for myself, not for the Electronic Frontier Foundation or my employer. For more on these issues look at the Computers and Academic Freedom Archive.

As a practical matter, no rule, regulation, or liability could ever compensate you for something like lost thesis data. Hopefully, the terror you feel just thinking about losing something irreplaceable will motivate you to make multiple backups.

For privacy, however, federal law does offer some protections. The Family Educational Rights and Privacy Act applies to any U.S. school, even high schools, both public and private, that accepts federal money. This is the law that stops schools from announcing your social security number and grades to the world. Schools that disclose personally identifiable information, beyond directory information, can lose their federal funding. Schools generally take this law very seriously. The only common problem is school staff who need to be educated about the law.

Another useful law is the Electronic Communications Privacy Act. This is the law that stops AOL from disclosing your grandma's email. It can also be reasonably interpreted as stopping universities from disclosing student email. It may also protect staff email.

Finally, public universities have obligations beyond federal law. As a government institution, they are bound by the federal constitution and their state constitution. A U.S. government task force says that [Email] monitoring [of government employees] of actual communications and communicators may impinge on the Constitutional rights of freedom of speech (1st Amendment), against unreasonable search and seizure (4th Amendment), and against self-incrimination (5th amendment), as well as on the right to privacy, specifically as set forth in both the Privacy Act and the ECPA. Students are presumably protected at least as much.


University policy (Score:5, Interesting)
by Pacer on 02-14-01 02:43 PM EST (#31)

I lived for two years in University residence and, frankly, my college didn't seem to have much respect for the privacy of students in any regard: all mail came through University-owned mailboxes, and packages had to be picked up at the dormitory desk, staffed by hall RAs -- students with a significant disciplinary function. All telephone service went through the university switchboard. Your room could be searched, by university staff or by police, without your permission and without any sort of warrant. Most tenant rights were violated (for instance, eviction with two weeks' notice any time of year), and now the university informs students' parents of on-campus alcohol or disciplinary violations (these are adults whose academic transcripts cannot be released to parents without a signed waiver).

It is not any surprise to me that fascist user agreements are in place concerning electronic media in light of the general control-oriented attitude of many universities towards their on-campus student populations. Perhaps the problem runs deeper than simple technophobia?

I'm optimistic about the trend. I once looked up the student regulations for my school from 1904 to present. (I've since graduated). Students were once literally treated as children. Now the policies generally respect students as scholars with academic freedom. Academic freedom (which includes freedom of expression, privacy, and due process) for students is guaranteed in the student code of many schools. It is advocated by dozen of important academic organizations. I believe academic freedom principles can be straight forwardly applied to computers and networks. For example, here is what our Draft Statement on Computers and Academic Freedom says about privacy:

"Privacy Principle: Personal files on university's computers (for example, files in a user's home directory) should have the same privacy protection as personal files in university-assigned space in an office, lab, or dormitory (for example, files in a graduate student's desk). Private communications via computer should have the same protections as private communications via telephone."

So, all is wonderful everywhere except for a few aberrations that your free ACLU lawyer can quickly take care of, right? Sadly, no. The struggle for civil liberties and academic freedom never ends. As you suggest, some in authority will always try to assert more and more control. They may never have heard the idea that students should have academic freedom. They may not realize public universities in the U.S. are constrained by the U.S. constitution. They may erroneously believe that federal law doesn't apply if you make students sign a waiver.

So what can you do? Organize and fight! It won't be easy. You'll never win completely. But, you'll likely find friends and allies everywhere from student to faculty to staff. You may find your most important allies among the computer services staff. Many computer staff folks see themselves as true professionals with a professional responsibility to what's morally and legally right, not just what the boss thinks is expedient.

If you are in high school looking at colleges, please read their student code and computer rules before you decide. This will be part of your contract with the university. If you decide not to attend a school because of bad policies, tell them and tell the world.


Linux acceptability (Score:5, Interesting)
by dwbryson on 02-14-01 02:45 PM EST (#42)

Carl- I have fought a battle at my college over Linux being on the network. I told the UTS( Univeristy Technology Services ) that I was a big advocate of Linux and was starting up a Linux User Group on campus. But first I wanted their approval. They swiftly told me that, "You can absolutly not encourage the use of Linux on OUR network, and you should be lucky that we don't ban it on campus." I was completely uphauled by this, and so promptly turned around and tried to get as many people interested as I could in Linux. And eventually started my own LUG. Do they have a right to tell me what OS I can use on their network? They of course support windows, and allow Mac's, but flat out tell me I can't have linux on their network. Do you have any suggestions on what rights I as a user have?

Let me break this into two questions. First, can a university department ban clubs or speech because it doesn't like what they advocate? Generally not. At most schools, the student code protects freedom of speech. At public universities, student speech is also protected by the 1^st amendment. To take one example, the U. of Illinois has student organizations ranging from the International Socialists to the College Republicans. Linux really shouldn't be a problem.

Second, can a University Technology Services group ban a program/OS from the Network? The difficulty is that while it might be legitimate to ban, say, a packet sniffer, it shouldn't be legitimate to stop Scientology students who want to filter their own Internet access on their own PC. How do we distinguish these cases? Legally, at state schools you could try to make a 1^st amendment argument. You could also use freedom of information requests (if applicable) to see if a rule was made for legitimate reasons. These legal battles, however, would be expensive and uncertain.

More effective than a legal approach is a good policy approach. How is good policy made? By getting everyone (students, faculty, and staff) involved in making decisions. And, if that doesn't work, by protesting and publicizing bad decisions. Here is what the Joint Statement on Rights and Freedoms of Students says about students and policy making:

"As constituents of the academic community, students should be free, individually and collectively, to express their views on issues of institutional policy and on matters of general interest to the student body. The student body should have clearly defined means to participate in the formulation and application of institutional policy affecting academic and student affairs. The role of the student government and both its general and specific responsibilities should be made explicit, and the actions of the student government within the areas of its jurisdiction should be reviewed only through orderly and prescribed procedures."

Legal Recourse? (Score:5, Interesting)
by CU-Ballistic (rogersj@SPAMSUCKSclemson.edu) on 02-14-01 02:46 PM EST (#45)

I attend a rather well-known University in the South. Of course, they have the requisite "we own you and your data" policy. They state in very explicit terms that they have the right, at any time, to search and confiscate my computer, hard drives, and other media. They say that they also have the right to monitor network traffic, and disable any account which is exhibiting "unusual or excessive" activity. This all seems incredibly arbitrary to me, and worries me very much. My question to you is: Do I have any legal recourse? My main quarrel is that as a first-year student, I am forced to live on campus, and many classes require work to be submitted electronically. Since I am unable to "opt-out" of their heavy-handed policy, do I have any legal recourse if I were to encounter a search-and-seizure situation with the Administration here?

I think I found policy in question. It has both good points and bad points. The good is that it provides for due process via the university's regular channels. Also, it lays out proscribed behavior pretty clearly. Now, to the bad:

• It doesn't say how the policy was formulated and under what authority. Were students involved? Did the university senate give approval? Was there a committee? As far as we can tell from the policy itself, it could be the work of one person without any input from the university community.
• The policy contradicts itself on privacy. It tries to use magic words to make federal law and constitutional requirements disappear. It says: "Students have no expectation of privacy when utilizing university computing resources, even if the use is for personal purposes." The policy for staff says the same thing: "Employees have no expectation of privacy ..." but a few lines before that it correctly acknowledges that "[...] Federal and State statutes protect the privacy of much of the information available on University computer systems." As a general rules, a policy should not contradict itself. (I wonder if researchers are really prohibited from storing human subject and other sensitive data on these computers?) [Editorial note: Federal laws concerning research on human subjects requires that data about such studies be stored securely, with a number of explicit security requirements. If Clemson faculty have no expectation of privacy when using Clemson computers, Clemson is breaking those laws if it conducts any research on human subjects (which it does) and stores the data on Clemson machines.]
• Finally, the policy conflates invading-policy-because-of-an-emergency and invading-it-to-gather-evidence-of-wrong-doing. Any public university and any university that respects academic freedom should distinguish these cases. Here is how the Joint Statement puts it:
  
  "Except under extreme emergency circumstances, premises occupied by students and the personal possessions of students should not be searched unless appropriate authorization has been obtained. For premises such as residence halls controlled by the institution, an appropriate and responsible authority should be designated to whom application should be made before a search is conducted. The application should specify the reasons for he search and the objects or information sought. The student should be present, if possible, during the search. For premises not controlled by the institution, the ordinary requirements for lawful search should be followed."

Finding Balance? (Score:5, Informative)
by PapaZit on 02-14-01 03:59 PM EST (#161)

Here's a shot from "the other side."

I work in Computing Services for a tech-oriented private university. Our usage policies aren't as bad as some, but they definitely give us broad priviledges. We've been through many, many proposed revisions that keep being killed by some combination of faculty, staff or lawyers. The basic problems:

There doesn't seem to be a concise legal way to say "Don't be an asshole and don't break the law," which is all we really want.

It's occasionally necessary for staff to look at private information for technical reasons (reconstructing mail spool after disk crashed, making sure the nifty new backup program actually worked, etc.). We have a huge infrastructure, and if we had to stop and check every time we might accidentally see something, we'd never get anything done unless we made our staff size much larger. We don't have the budget to do that.

Occasionally, the sysadmins will find something really bad during the course of routine work. "Spending a long time in federal prison" kind of bad. We try to keep these sort of events quiet to avoid publicity for the user in case it's not their fault (someone cracked their account, etc). We don't want our users on the evening news, but this'll happen with most "notify lots of people before doing anything" plans.

There are two opposing viewpoints that are both vocal in our community. One says "privacy over all" while the other says "learning and sharing over all". We have quite a few people who make their home directories publicly readable as a sort of protest against the "privacy freaks" (their words). Finding a policy that makes both happy is very difficult.

In light of these constraints (financial and social), how do we give more rights to our users without seriously impeding our ability to do our jobs?

First, I commend you for taking your professional responsibilities seriously. As you know, incidental and emergency exposure of information is a fact of life. Your computers likely contain everything from medical information, to love letters, to evidence of criminal activity. After much debate at the U. of Illinois, with input from all of campus, the University adopted a policy that says in part:

"Network and system administrators are expected to treat the contents of electronic files as private and confidential. Any inspection of electronic files, and any action based upon such inspection, will be governed by all applicable U. S. and Illinois laws and by University policies."

Other schools also respect the privacy of email and files. You can see examples here. For some general tips on making good policy, look here.


I am violating my school's policy by posting this. (Score:4, Interesting)
by SkyIce (dangelo(a)ntplx.net) on 02-14-01 03:47 PM EST (#144)

Take a look at my school's AUP at http://www.exeter.edu/publications/ebook/datavoice video.html . Some interesting quotes:

"No pseudonymous or anonymous messages may be sent. Students should be careful not to give out personal information over the Internet."

"Accessing the accounts and files of others is prohibited."

"Students may be held accountable for their actions while off-campus and thus for messages posted from off-campus accounts."

Academy network resources, including all telephone and data lines, are the property of the Academy. The Academy will, to the extent possible, respect privacy of all account holders on the network. However, the Academy is responsible for investigating possible violations of and enforcing all Academy rules governing the network. Academy network users should, therefore, keep in mind that the Academy reserves the right to access any information stored or transmitted over the network.

But nowhere in it does it mention the search of a personal computer. Somehow, last week, on mere suspicion, my and three other kids' computers were seized and held for a few days while the network administrator attempted to track down the source of network troubles. He ultimately failed, but in the process noticed that I was using a different IP address and hostname other than the one I had been assigned. The case was sent to the discipline committee under "Theft of IP address" and I am now on probation for eight weeks. My dorm room's port was activated "with restrictions" yesterday, and they now want me to e-mail them a list of every program I want to download so that they can verify it. Was this even legal? What can I do to stop something like this from happening in the future?

As a student in a private high school that likely doesn't take any government money, you have few legal protections. As long as they follow their own rules, they can do almost anything they want. Sorry.

Again, I strongly encourage you to read the student code and computer policies of any colleges you are looking at. You'll find critiques of several dozen policies Computers and Academic Freedom Policy Archive. (Hopefully, most of the bad policies in the archive have since been improved.)


Colleges vs Corporations (Score:3, Interesting)
by Chris Brewer (chrisbrewer@paradise.net.nzSPAMBEGONE(TM)) on 02-14-01 02:44 PM EST (#39)

In your opinion, is there any difference between what a student does on the campus network using college owned computers and an employee using the corporate network using the company's computers with regard to who owns the data?

In the U.S., there is a world of difference between employees and students. (I don't know about the law in New Zealand). The work employees do on company equipment generally belongs to the company. Moreover, at work Americans have little privacy protection. (The ACLU has a project on workplace civil liberties.)

Students, on the other hand, are customers of the university, not its agents or employees. Although your grandmother might store a document on AOL's computers, that does not give AOL ownership of the document's copyright. Likewise, while you might research a paper in the University library and store it on a University computer, they gain no ownership rights.


WPI's Acceptible Use Policy (Score:3, Interesting)
by Saint Nobody on 02-14-01 02:50 PM EST (#55)

Personally, i think that WPI has a pretty good AUP, (which is not to say i haven't had problems with netops regarding a few violations, only one of which i was actually responsible for.) it doesn't say that they can read our email personal files and other miscellany, and it requires us not to go poking around.

However, it doesn't say that they can't.

how do you feel about policies like that? It doesn't guarantee our privacy, but it doesn't infringe on it either. Is lack of a guarantee an implicit infringement?

The Joint Statement says that academic freedom "requires" policies that clearly define possible offenses and that are enforced though fair due-process procedures. As you point out, WPI, a private technical institute, leaves a lot unsaid in its computer policy especially about policy enforcement. Are such vague policies OK because we can trust the wisdom of the university staff to do what's right? As much as I respect the professionalism of many computer staff folks, we can't know that the good ones will always be there. To be safe, we must capture some wisdom in policy.

So, what could go wrong? Imagine this nightmare: The WPI computer organization decides to ignore the Institute's regular judicial system with its system of check and balances. The computer org decides to impose punishments on students itself. It guarantees no notice of charges, no hearing, and no appeal procedure.

How likely is this nightmare? IT HAS ALREADY HAPPENED!

Read another WPI policy, the Residential AUP Policy. This policy reminds me of a line from Lewis Carroll's Alice in Wonderland: "No, no," said the Queen: "The sentence first -- the verdict afterwards." Except they don't even bother with the verdict.


Is it because of lawyers? (Score:3, Interesting)
by Wariac on 02-14-01 03:06 PM EST (#83)

Do you think that Schools do this in practice, or is this just a CYA (cover your ass) scenario in case a student does something stupid/illegal. It seems to me in this lawsuit-happy world full of sleazy lawyers that this could be the only way that Schools (or anyone) can avoid being sued into bankruptcy.

In a nutshell, Do the schools implement these policies on thier own accord, or are they usualy done at the request of thier insurer?

Because students are customers of a school and not employees/agents schools generally aren't responsible for their actions. So, if it's not insurers who ask for bad policies where to they come from? It often works like this:

• A student does something obnoxious, but not against any written rules.
• The student is investigated and punished.
• The department that punished the student creates very broad and very vague rules to justify, after the fact, the procedure and punishment already imposed. (For example, see the case of the NCSA.)
• The new policy is run by University legal counsel. Legal counsel checks that it doesn't make any promises or guarantees to students. Counsel doesn't think to check for consistency with other policies or Constitutional requirements.
• Some students, faculty, or staff members finally get to read the policy. Using email, web sites, netnews, newspaper stories, and sometimes even demonstrations on on the Quad/Green, they educate themselves and the University community about legal and academic standards. Everyone starts to see the problems in the first policy.
• A committee is formed of students, faculty, staff, and librarians. They work for a while and create a much better policy.
• The new policy is adopted by the University and replaces the old. (For example, the UIUC privacy policy that grew out of the NCSA policy.)
• Everyone lives happily ever after. (Until the next time a student does something obnoxious but not against any written rules.)

How do you handle bandwidth issues? (Score:2, Interesting)
by Shook (shook@iname.com) on 02-14-01 10:34 PM EST (#261)

I go to a fairly devout Christian U., that has very aggressive censor ware against sex, porn, illegal activities, but that isn't the focus of my question. Unlike many schools, my U. did nothing to block Napster use, and I always found this a little surprising.

When we came back from X-Mas break, Napster was blocked. People moaned and groaned, but it turns out it wasn't even our school's call (though they might have had a say in it) Our school gets its access from a state-wide government-run ISP for educational institutions, and the ISP decided to block Napster, Gnutella, and probably others.

Rather than copyright issues, they cited bandwidth problems. Although, I miss my Napster, I find this hard to argue with. (Theoretically) the network is for educaitonal purposes, and my average dorm-connection speed has doubled since Napster was blocked. But this could easily become a slippery slope, what is to keep them from blocking things like FTP, or Real Audio, both of which I have used for research, but can present bandwidth problems.

How would you suggest balancing to need to reserve bandwidth for serious school-related purposes, and still provide a useful Internet service?

Ten years ago, some schools thought it necessary to ban all games from their computers and networks. (Here is a critique of one such policy.) Now the computer game industry is as big as the movie industry. And, just as you can take film classes in college, so you can take computer game classes. This illustrates the wisdom of a tenet of academic freedom: no authority knows everything that will be important in the future. Therefore, every professor and every student should be free to examine and discuss all questions of interest to them. Schools should do their best to accommodate these explorations. Peer-to-peer systems could be the next big thing. It sounds like the students and professors in your state won't be part of it.

Could there ever be a legitimate reason to ban ALL recreational use of the network? Sure, just as I can imagine a college so resource-poor that it banned all recreational reading in the library, I can imagine a college so resource-poor that it banned all recreational network use. But I won't want to attend such a school.

But, how should needs be balanced when resources require it? I advocate following the model of librarians. They are experts at selecting books based on professional standards and respect for intellectual freedom.

In closing, let me list some resources and ask for some possible help:

• American Civil Liberties Union
• Electronic Frontier Foundation, civil liberties group which works to protect privacy, free expression, and access to new media sources.
• The Foundation for Individual Rights in Education (FIRE), a nonprofit educational foundation devoted to free speech, individual liberty, religious freedom, the rights of conscience, legal equality, due process, and academic freedom on our nation's campuses.
• Peacefire, a nonprofit organization representing the interests of people under 18 in the debate over freedom of speech on the Internet. Peacefire focuses mostly on censorware (Internet content filtering software) in libraries and schools.
• Student Press Law Center, a nonprofit organization provides legal advice to media students and educators on issues related to freedom of the press. Includes advice and news.
• American Association of University Professors, focuses on issues of academic freedom and tenure and campus governance by faculty. Details its programs and policies.
• American Library Association - Office for Intellectual Freedom

Finally, if you go to the Computers and Academic Freedom Archive, my web site, you'll notice it has not been updated for a while. With a job, a family, and new interests, I haven't given the site and issue the attention it deserves. I'd love to get ideas and/or proposals from folks on how to get the Computers and Academic Freedom Project restarted. Thanks.

Carl Kadie
kadie@eff.org
p.s. I'll be on vacation from the 4th to the 11th.

sirhan writes "The ACLU made a court brief today concerning the DVD CCA case. The release can be found here." There were actually a number of amicus briefs filed at the same time for this case, and now I think most of them are online. Journalists and publishers, law professors, law professors II, the Association for Computing Machinery, programmers and academics, library and public interest, cryptographers, and Arnold Reinhold. These are all in support of the EFF's appeal in the case, of course. The briefs make good reading because they attempt to convey, in a very direct and concise manner, the arguments of these various groups against the DMCA.

sirhan writes "The ACLU made a court brief today concerning the DVD CCA case. The release can be found here." There were actually a number of amicus briefs filed at the same time for this case, and now I think most of them are online. Journalists and publishers, law professors, law professors II, the Association for Computing Machinery, programmers and academics, library and public interest, cryptographers, and Arnold Reinhold. These are all in support of the EFF's appeal in the case, of course. The briefs make good reading because they attempt to convey, in a very direct and concise manner, the arguments of these various groups against the DMCA.

c_honcho writes "Now the ACLU (and friends) is taking on the ICANN group for limiting our 'Net freedoms. I suppose it was only a matter of time." See the ACLU's letter for their concerns about ICANN's addition of new TLDs.

zookie writes "According to this Reuters article, the U.S. Supreme Court has essentially upheld a Virginia law that says public employees can't access sexually explicit material from state computers. The challenge to the law was from several professors saying that the law prevented them from doing their research. I'm curious what Slashdot readers think about the effects of this ruling from the highest court in the land -- does this bode poorly for future challenges to laws censoring the Internet?" Keep in mind that Virginia already has the usual abilities to fire someone goofing off at work - the only thing this law affects is employees who have legitimate reasons to view sexually explicit art, poetry, etc. as a part of their job. If you have a sexual disorder and plan on going to a Virginia university hospital, perhaps you should reconsider - your doctor is barred by law from researching your disorder online. The first decision in the case, that was favorable to the ACLU et al., is available.

Thank you, Sen. Orrin Hatch (R-Ut.). You've taken the inoffensive "Public Safety Medal of Valor" bill and quietly tacked on an amendment that does oh-so-much more. Wiretapping to record email and phone conversations of people suspected of computer crime (who needs that Fourth Amendment anyway?). Forfeiture (before you are convicted or even charged) of "devices used in ... intellectual property theft." And extra penalties for using crypto, nice way to stigmatize an entire industry there. Dave Kopel's analysis is at Cryptome, along with the bill text, etc.

It was supposed to be done by September 30, but Congress finally finished its budget for this year. Because it works best with our sometimes-bizarre legislative system, this year, like every year, hundreds of unrelated measures were rolled up into one massive package and crammed through the door. Your grandchildren may look up at you with a puzzled expression, fifty years from now, and say "grampa" (or gramma), "did you really use an unfiltered internet, back in the olden days? Wasn't that scary? How did you ever survive with all that porn jumping out at you?" If that happens, just sigh, and think back to the olden days -- December2000 -- before censorware became mandatory in public institutions nationwide.

The massive spending bill has been passed by the House and Senate, and President Clinton is expected to sign it soon. Despite some noises from the Clinton administration mildly protesting censorware, the small amendment making it mandatory is not considered to be an important enough issue to veto an entire appropriations bill.

Sen. John McCain (R-Ariz.), a longtime proponent of censorware, introduced the amendment.

As the ACLU says,

Earlier this year, an 18-member commission appointed by Congress rejected the idea of mandating the use of blocking software, which is notoriously clumsy and inevitably restricts access to valuable, protected speech. A wide spectrum of organizations have opposed blocking software mandates, including the American Library Association, the Society of Professional Journalists, the conservative Free Congress Foundation and state chapters of the Eagle Forum and the American Family Association.

"There was an Alice in Wonderland quality to this debate," said Marvin Johnson, a Legislative Counsel with the ACLU's Washington National Office. "With its vote, Congress rejected the advice it asked for from the panel it appointed."

The "wide spectrum of organizations" extends from educators to The New York Times to strongly conservative political/religious groups. For more on the COPA Commission and its recommendations, see our stories from July and August.

Essentially it says that any school or library which receives federal funds to build its network must install censorware. Since these funds are the chief way that poor and middle-income areas bring the internet into public institutions, effectively this means that only rich counties will have the option of an uncensored internet.

The text of the self-declared "Children's Internet Protection Act" is available from CDT. It uses the term "technology protection measure" to describe the software.

In related news, Peacefire, an advocacy group for youth free-speech rights, released a tool to provide one-click disabling of some popular censorware programs.

Meanwhile, the ACLU will be suing to stop this bill from taking effect. This is not a slam-dunk like the CDA was. They're in for a tough fight. Here are three reasons why:

1. The CDA's language was very broad. This bill targets its material precisely: obscenity, child pornography, and "harmful to minors" material. Of course there is no "technology protection measure" in existence which can censor only this material, or even claim to censor only this material.

2. The CDA covered speech. This bill addresses the right to read that speech in a public institution.

3. This bill regulates institutions which are taking public money and how they may use it. Legally, and also in many people's minds, it is more permissable to enact regulations which go against the grain of the Constitution if they are tied to acceptance of public funds.

(The classic example is that the Fourth Amendment protects our homes from unreasonable search and seizure, but when the government provides public housing, it sometimes tries to say that the 4th Amendment does not apply. Same situation, different Amendment.)

Brock Meeks is more optimistic, saying the bill is "doomed." The key issue, I think, will be whether censorware can work. If it does not work, if it cannot work, then the language of the bill is irrelevant; our Congress might as well have demanded a "technology protection measure" to give all our kids 200 IQs and an lifetime supply of free donuts.

When I get in the mood to be optimistic, I think about all the stories we hear from students who are already forced to use this software. It seems like everyone has an anecdote about how they were blocked from doing legitimate research for school.

So maybe if this legislation survives, in ten years, all the kids who grew up with first-hand experience with censorware will start to vote. That's about the only bright side I can see.

For now, Brown v. Board of Education is the example I'm keeping in mind. The Supreme Court, after a half-century of segregated schools, decided that "separate educational facilities are inherently unequal" -- the theory might be OK, but it had failed in practice.

The courts should evaluate the "technology protection measures" by what they do, not by what the law demands they do. The theory might be OK, but in practice, all the technology that I've looked at blocks much more than it should. I'll be hoping for a verdict that reads: "technology protection measures are inherently censorship."

And, hopefully, now -- not after a half-century.

Would you imprison beautiful new computers in a rack? Does every mention of a Gnome application leave you twitching to see what related KDE programs are doing with themselves? Have you been gathering quarters to put into the Buy Iridium pot? Read on, pilgrim. But first, some good news about recent legislation!

Legislators cut down crack intake, film at 11. In this article about strange privacy-invading provisions of H.R. 2987, the Bankruptcy Reform Act of 2000; you'll be pleased to note that many of its more odious portions have been erased. From the article: "[P]roponents of the bill -- known as the Methamphetamine Anti-Proliferation Act, (HR 2987) -- have steadily dropped some of its most controversial pieces, including a provision that would have made it illegal for news Web sites to link to Webpages about topics like medical marijuana. ... Another provision that was removed would have forced Internet Service Providers to remove users' Web pages without due process on the basis of mere allegations by the government." Hmmm -- laws and sausages.

Letting sleeping white elephants lie, or something. cetan writes "The Chicago Sun Times is reporting that "Motorola's request [to pull the plug on Iridium] follows a determination by Castle Harlan Inc., the New York investment bank that planned to buy Iridium's assets for just $50 million, that the business is too weak to save." Who knows though, maybe the system will get a last-minute breath of life yet..." The pool of possible saviors is pretty small now, eh?

A serious-stuff-only-station. gfxnrrd writes: "I just heard a talk by a researcher from Sony KARC about the GS cube. recently exhibited at SIGGRAPH. The cube contains 16 upgraded PS/2 chipsets; that is, 16 Emotion Engines (with 128 MB of main memory, instead of the measly 64 that the PS/2 has) and 16 Graphics Synthesizers with 32 MB of DRAM each, up from 4 from the PS/2). It can sustain 2024x1028 frames (in 32 bit color, natch) at 60 frames per second. It's connected to the world via a Linux box, which is responsible for both network and controller I/O. On the down side, the processors (at least in this prototype) are connected only via the bus, so no hypercube MP architecture or anything.

I should also mention that the earlier Slashdot article about the GS cube was misleading, in that Sony has no plans to sell this box (for any purpose) any time in the near future. It's not a "graphics workstation" nor can it be unless some radical changes are made (like adding a disk drive, to name only one thing). It's purely a research prototype at this point."

Speaking of cubes, MattTC writes: "These guys have some neat ideas on using the Mac Cube as a rackmountable server." It's also cool to see the G4 Cube without its clothes on.

First-class mail? navindra writes: "The legions of KMail fans may be interested in this progress review by Don Sanders. The last stable release of KMail was way back in September 1999 but development has far from halted." It may not look as slick as Evolution 0.3 does, but it sure looks like a nice clean mail experience!

There's a boatload of censorware news today, enough for two or three Slashdot stories -- but to conserve electrons, we're bringing it to you all in one easy-to-download package. First, Peacefire has a report on the accuracy of intelligent skin-tone-scanning software, one month after its company said they'd have it working in a month. And since the CEO of ClickSafe spoke at the COPA Commission meeting yesterday, Peacefire ran a check to see how many COPA-related sites its AI blocks. Finally, Waldo Jaquith has a report from the meeting itself which should be sobering but cracked me up anyway. Pay attention, everyone, these are the folks who are going to censor your Internet.

The Child Online Protection Act, passed late last year and then struck down early this year, is still under appeal. Colloquially it's known as "CDAII." Part of what the Act does is establish a Commission that meets every so often -- the Commission's website has details on its mandate and so on.

(Update, a few minutes later: make that "injunctified," or whatever one says for a law against which an injunction has been applied, instead of "struck down." Sorry; IANAL.)

Speaking at the Commission meeting yesterday and today were the CEOs of several major censorware companies. Among them was Michael Stephani, whose company Exotrope makes a product called BAIR.

BAIR

BAIR checks images as they download onto your computer, and claims to be able to tell the difference between pornography and other types of images. The "AI" in its acronym stands for artificial intelligence, running on supercomputers.

When the Wired story on BAIR came out last month (a story "borrowed" from Peacefire -- I'm not going to get into it), Wired quoted the company as saying "they plan to fix the errors within the next month." What errors?

"BAIR incorrectly blocked photographs of Yellowstone, the Baltimore waterfront, Snoopy, boats, sunsets, dogs, vegetables and even a Wired News staff meeting.

"It rated as acceptable for minors -- even on the most restrictive setting -- explicit images of oral sex, anal sex, group sex, masturbation, and ejaculation."

That was one month ago. How's BAIR doing now?

Peacefire retested the same 50 pornographic images that they'd used last month (which presumably BAIR's programmers would have paid extra-special attention to). Their new report finds that, instead of zero, the number of blocked images is now: 34. I've got a great slogan for them: "now your children can only see 32% of the web's oral sex, anal sex, group sex, masturbation, and ejaculation."

One's respect for these programmers is dampened a little, though, because there's more to Peacefire's report. It seems, in a random sample of 50 photos of people's faces, BAIR blocked ... how many? ... 34.

Maybe that slogan should be: "now your children can only see 32% of the web," period.

It's wonderful to live in a world where artificial intelligence offers limitless possibilities. Its website suggests that "Because Artificial Intelligence can be taught to recognize a variety of patterns," -- oh, OK -- "our BAIR can be taught to evaluate other categories such as violence or illegal activities. The BAIR is currently undergoing training in these areas to provide additional filtration selections."

ClickSafe

Richard Schwartz, CEO of ClickSafe, also spoke yesterday at the COPA Commission meeting. Just for kicks, Peacefire decided to try out their spiffy AI software too.

Insert marketblurb here: "...by combining cutting-edge graphic, word and phrase-recognition technology, ClickSafe has achieved accuracy rates of over 99% (according to recent sample tests). ClickSafe can precisely distinguish between appropriate and inappropriate sites (e.g. sites related to issues such as breast cancer will not be blocked)."

What Peacefire did was test this software against the website of the COPA Commission itself, and related sites such as those of speakers or Commission members. They found that blocked pages included:

• The Child Online Protection Act itself, in original and amended form;
• The COPA Commission FAQ;
• Biographies of Commission members Stephen Balkam and John Bastian;
• Bio of Commission member and famed anti-porn crusader Donna Rice Hughes, as well as AppendixA from her book Kids Online: Protecting Your Children in Cyberspace;
• A list of technologies the Commission examines;
• The scope of what the Commission is called upon to do;
• A service agreement from a little company called Network Solutions, whose rep chairs COPA's meetings;
• "About the ICRA" (the makers of RSACi, "a simple, yet effective rating system for web sites which both protected children and protected the rights of free speech");
• Bible study tools: "We hope these free resources foster a desire for Christians to learn more about the Bible, deepening their relationship with God" unless they're using censorware;
• The American Family Association (a conservative Christian group that is trying to force censorware into public libraries, including those surrounding the Slashdot Geek Compound);
• The ACLU, the EFF, and the Center for Democracy and Technology;

and so on.

When I spoke with Bennett about this, he commented that the strange thing was that these flaws are so easy to find; you'd think someone would have run these simple tests already. If anyone reading wants to get their name in Slashdot (and other news media too), censorware is a gold mine of untested misinformation. Buy a product, design a solid unbiased test for it, run the test, and send us what you find. Repeat until the whole world has a clue.

The COPA Commission Meeting

The following is an account of yesterday's COPA Commission meeting, by Waldo Jaquith. Keep in mind that this meeting's purpose, according to the Scope & Timeline Proposal which is blocked by ClickSafe, is to study filtering and blocking software to learn what to recommend in its report to Congress late this year.

Folks,

For more information on the COPA Commission, see http://www.copacommission.org/. (Unless your network has ClickSafe installed, in which case you shouldn't bother.) There is an agenda for this meeting, and there are bios for most people, as well as the prepared speeches for many of the below folks. I've tried to be objective.

Oh, screw that. There's nothing objective about it. But I've tried to give useful facts, quote accurately, etc.

The whole affair, which was scheduled to start at 9:30am, didn't actually start until 10:15am. Which was good, because I didn't get there until 9:45. Although the event was being held at the University of Richmond's Jepson Alumni Center, the room felt like your basic hotel meeting room. Bad carpet, ugly chairs, poor lighting. There were enough chairs to seat about 100 people, but only 35 people were in attendance. Directly in front of the two columns of chairs was a table with chairs, facing away from the audience. This table was for people asked to testify before the COPA Commission. On the other side of that table was a long table, at which was seated the commission, all sixteen members. The result was that the people testifying, who did most of the talking, could only be recognized by the backs of their heads by the audience.

Chairman Donald Telage called the meeting to order and introduced the first panel, who was to speak for approximately 45 minutes on the topic of client-side filters. This panel included Gordon Ross, the President and CEO of Net Nanny, Mark Smith, the President of BrowseSafe, Susan Getgood, the VP and General Manager of Cyber Patrol, and Richard Schwartz, the CEO of Opportunity-America (ClickSafe.com).

Gordon Ross kicked things off with a tremendously boring ten minute speech about how client-side filters work. The only interesting comment that he made was his belief that "consumers should have the ability to analyze each and every site in the database..." [...because his product Net Nanny is the only one of the 150 censorware packages on the market that allows oversight of its blacklist. -ed] He also kicked off the First Amendment references, which nearly every speaker throughout the day would spend some time talking about, but not really saying very much.

Mark Smith from BrowseSafe occupied the next few minutes, giving a rambling speech in which he discussed censorware as if it were some far-off and idyllic concept.

"Most products focus on either client-side- or server-side-based technology. What would happen if the benefits of each could be brought together to provide the user with a new, more flexible and powerful way of surfing the web? What if every sub domain of every site had been categorized and classified by its content? Wouldn't you agree that everyone could benefit from that combination of technology? Of course you would? Now let's walk across the street to the front porch of the family of the home and try to view it from the parent's perspective. What if parents were able to determine what the child sees? What would it be like if e-mail, instant messaging, chat and other computer tools could be also controlled?"

Then, although the topic was client-side filters, he rambled on for several minutes about PlanetGood, a website that was probably unfamiliar to many in the room. He used the site's name in every single sentence for several minutes. And, naturally, he closed talking about "our forefathers" and "these inalienable rights that our forefathers entrusted to us and many of them died for."

Susan Getgood from Cyber Patrol kept things short and sweet, and took the "I'm a new mother and want to protect my children" approach. She muddled the definition of censorship somewhat, saying that "[s]ome critics confuse censorship, which is imposed by the government, with technology that a family or school can choose to use and then set to implement an individual policy." Our school system isn't a part of the government?

Richard Schwartz of ClickSafe.com touted his product nearly as much as Mark Smith promoted the mysterious "PlanetGood." He also described a system that his company has developed that sounds very much like Exotrope's BAIR. "Fleshtone has a very unique set of features [...] Through a combination?of a set of sophisticated algorithms it can establish if something is pornographic. [...] Justice Potter Stewart lives within our system, because he knows it when he sees it. It works, it's been tested out, it's over 99% effective." "We can distinguish between chicken breast and sexy breast." "A consortium of Portuguese and Australian pornographers had been hijacking people off of different sites, including the Harvard Law Review site into their pornographic sites. And then you have to reboot your computer in order to get out."

After the four had testified, we moved into the commission Q&A session. (No questions would be allowed from the audience.) A few interesting questions, answers, and comments cropped up during this portion.

Richard Schwartz, only half kidding, proposed a tax on Internet pornography.

Commissioner Gregory L. Rohde asked Richard Schwartz if his image filter could tell the difference between art and pornography. Astoundingly, Schwartz replied that it could.

Commissioner Jerry Berman asked if there were any plans to create an organization that could provide objective reviews of censorware products to help parents decide what to buy. Gordon Ross said that this had been tried a few years back with SIFT (?), and that it didn't work out.

After a short break, we began the second panel, which addressed server side filtering. Testifying was Kevin Fink, N2H2's CTO; Sunil Paul, Chairman of Brightmail; Stephen Boyles of Library Guardian (Swifteye); Michael Stephani, President and CEO of Exotrope; Ginny Wydler, Director of Standards and Policy at AOL; and Tim Robertson, CEO of FamilyClick.

The first person to say anything interesting was Michael Stephani, who made some fairly interesting claims. He said that their blacklist of sites included four million sites, and that their image-recognition software, BAIR, is 99.8% percent effective. Stephani bragged that it blocked 1 out of 6 general images and 96 out of 100 pornographic images. He pointed out (perhaps rightly) that image filtering is the only real way to filter out pornography, and also that client-side filtering would so go the way of the dodo, given the proliferation of Internet appliances. It wasn't long before he got all 'God bless America' and 'think of the children,' and eyeballs could be heard rolling throughout the room.

As Commissioners asked questions of the panel, Chairman Donald Telage admitted that he wasn't aware that client-side filters were able to use a blacklist. He was under the impression that they could only filter. I had flashbacks from the Napster hearings last week ("Can't you track their intellectual property address?")

Out of the blue, Karen Talbert asked the panel for a show of hands regarding their respective products' ability to work with high-speed connections. Obviously, everybody's hands went up.

How do these people get on the commission?

When given half a chance, Stephani got all "think of the children, my god, won't somebody think of the children?" again. He also bragged that Exotrope has a new, not-yet-released product that filters IM [AOL Instant Messaging -ed.] and even detects innuendo. Stephani said that they just got a contract to install this program on 30,000 school servers. Continuing his spectacular Old Faithful of shit, he cheerfully envisioned a time in the future when there would be "photonic switches" that would maintain a complete blueprint of everything that every user had ever done on-line. Christ, that's frightening. Stephani said that they'd spent $6.5MUS developing BAIR, and went on to point out the coincidence that Peacefire released the report showing that BAIR was 0% effective on the same day that their servers went down. Perhaps he was implying that Peacefire members hacked the server, perhaps that we were taking advantage of them, or perhaps he was just laughing at the circumstances.

There was no promised audience Q&A. That's probably because the whole event ran well over when it was supposed to end. Lacking a better approach, I rushed up to the ebullient Stephani with a copy of the newest BAIR report in hand. Although he was already talking to a reporter, he stopped when he saw my nametag ("Waldo L. Jaquith, Peacefire") and looked a little surprised. He, as well as his sidekick PR guy, enthusiastically introduced themselves. We talked for a few minutes, during which time I said that BAIR appears to suck less than many other censorware programs. But I was still fundamentally opposed to all of them. Between this and the revised report, Stephani was my new best friend. Several other people came forward to read nametags and shake hands, but I continued to talk to Stephani and the reporter, Drew Clark from Technology Daily.

Ten minutes later, when I walked out, I felt a little baffled. Stephani behaved towards me as if Peacefire had just given him the most glowing review that BAIR had ever gotten. This, despite my repeatedly pointing out that Peacefire is fundamentally opposed to filters, always will be, and BAIR is simply rather effective at performing the task that we hate.

I was disappointed that a few major points were never brought up during the discussions:

• Server-side censorware (especially that which is housed with each website) will always be a severe privacy violation, because it needs data on the user in order to establish what information to provide.
• Client-side censorware is doomed to fail because children know more about computers than their parents. The parent has to trust that little Suzy won't uninstall Cyber Patrol. But if Suzy can be trusted, why bother with Cyber Patrol?
• Internet censorship is impossible. The Internet is so large that it's a waste of time, so let's all stop. Gated community models, like AOL, Compuserve and such, are a far better way to provide a "safe" experience for kids.
• The concerns about children's wellbeing presented during the meeting mirror those that parents, since the beginning of time, have always had for their children. How can I keep my child safe when I'm not watching him? How do I know what my child is doing if I'm not around? How do I keep my children from hearing / seeing / saying bad things? Censorware makes no more sense than installing a v-chip in little Suzy's head. Get over it.

In a nutshell, I'm not sure what, if anything, was established at this meeting. It's clear that most of the Commissioners knew every little to start off with, and their opinions are being formed on what amounts to a series of sales pitch sprinkled with god-and-country references, a la mega blowout carpet sales around Independence Day. I'm glad COPA was struck down. Let's get on with our lives.

Best,
Waldo

CharlieG points out this story at ABCNews.com. The White House wants to make law enforcement jump through the same hoops to intercept e-mail as it currently must to intercept phone calls. CDT approves of the plan. The ACLU is understandably focused on Carnivore (FBI: "trust us") and is "disappointed" that Clinton didn't take the opportunity to put the kibosh on it. I can't tell from the news reports whether the proposed legislation would only affect law enforcement, or whether the private sector would also be held to the same standard.

CharlieG points out this story at ABCNews.com. The White House wants to make law enforcement jump through the same hoops to intercept e-mail as it currently must to intercept phone calls. CDT approves of the plan. The ACLU is understandably focused on Carnivore (FBI: "trust us") and is "disappointed" that Clinton didn't take the opportunity to put the kibosh on it. I can't tell from the news reports whether the proposed legislation would only affect law enforcement, or whether the private sector would also be held to the same standard.

Robert J. Berger writes: "A press release from the ACLU says they are using the Freedom of Information Act to seek all of the codes, records, letters and memorandums related to the FBI programs dubbed 'Carnivore', 'Omnivore' and 'Etherpeek.' "The FBI is saying 'trust us, we're not violating anybody's privacy,"' said Barry Steinhardt, associate director of the ACLU. "With all due respect, we'd like to determine that for ourselves.""

Robert J. Berger writes: "A press release from the ACLU says they are using the Freedom of Information Act to seek all of the codes, records, letters and memorandums related to the FBI programs dubbed 'Carnivore', 'Omnivore' and 'Etherpeek.' "The FBI is saying 'trust us, we're not violating anybody's privacy,"' said Barry Steinhardt, associate director of the ACLU. "With all due respect, we'd like to determine that for ourselves.""

We keep getting submissions about bills in Congress to ban the distribution of any information on how to manufacture illegal drugs. The story of this is kind of humorous. The bill was having trouble on its own, so it's been grafted onto a bill called the "Bankruptcy Reform Act of 2000" -- this bill goes on for 50 pages about modifications to bankruptcy laws (to make it harder for consumers to declare bankruptcy, naturally), then suddenly has a whole section on illegal drugs, then goes back to bankruptcy. It's the censorship law that won't die. Even more disturbing, a tiny little rider in the bill alters the general requirements for search warrants so that you need never be informed of a search -- notification can be delayed indefinitely, which is a fundamental violation of the Fourth Amendment. In any case, it's in real danger of passing, so it's something you ought to pay attention to. We've done some grafting ourselves of some of the submissions related to this ...

First, as always, you can read the bills yourself by going to Thomas. Key in "methamphetamine" or "bankruptcy." Here's a direct link to the Bankruptcy Reform Act, and there's a link to HR 2987 in a submission below. Places like DRCNet aren't too happy about the bill, but neither are civil liberties groups -- the EFF has a nice overview of the whole situation in their last newsletter as well.

Vince Beiser writes: "New story from MotherJones.com: Speed Limit: A bill banning Internet sites that publish or even link to drug-making information looks set to sail through Congress -- to the dismay of free-speech advocates. Read the story." Mother Jones has also recently published an update to this story. If you only read one link off this story, it should be this one.

wrenling writes: "Right now HR 2987 is before the House Judiciary Committee. The bill is marked as an anti-methamphetamine proliferation bill. Without getting into discussions of whether or not drugs should be legal, attention needs to be drawn to the rider that is attached to the bill which according to the ACLU would allow the following:

Free Speech is at Risk. H.R. 2987 would also allow the government to order Web sites censored and shut down without any due process of law and without any notice given to the website's owner. One provision of the bill would allow agencies like the FBI to make judgment calls on the intent of online statements regarding drug use -- a power usually reserved for the courts. Internet service providers would then be ordered by law enforcement to take down any of these statements within 48 hours -- without notifying the Web site owner -- or be considered in violation of the law.

It's not only things like DMCA we have to watch out for, but for little riders on other legislation that, if enacted, could be used to further grant the United States government censorship powers."

Eric the .5b writes "Do we geeks really care, and do we geeks really matter?

The Methamphetamine Anti-Proliferation Act, described here and here, is still in committee in the House as we speak. A similar bill sailed through the Senate last year, and if this goes through, the two should be very easy to reconcile into a final version and get made into law.

• This bill,
• HR 2987, would:
• Allow police to search your home or business without so much as notifying you that you are under investigation or that such searches have taken place for as long as six months,
• Allow investigators to make copies of your documents and computer files without ever notifying you,
• And make it illegal to distribute information about how to make any controlled substance, to merely link to Web pages giving information on that or drug paraphenalia, or to even just describe how to find such information.

If we want to do something about this, we have an excellent opportunity. Both the Committee on Commerce and the Committee on the Judiciary (members listed here) are working on this legislative abomination. If you see your House representative (if you don't know your representative, like most of us, use the look-up) on either of these lists, contact him or her. E-mail or snailmail them if you like, but faxes and phonecalls will probably make the best impression. Be polite and very nonthreatening, but make it clear that you vote, and that you don't like this bill. Be sure to mention the title and number (The Methamphetamine Anti-Proliferation Act and HR 2987). Even if you don't see your representative on the lists, it couldn't hurt to bug the chairpersons of the committees. Lastly, pass this info around to anyone you know who might care. The more displeasure the representatives hear, the less attractive doing anything but killing this bill will be."

In this episode of slashback, there's more on NanoStuff, censorship in various forms and venues, and further proof that the word "upstart" uttered or tapped in computer journalism regarding Linux is ever so much twaddle. You have been warned.

Sorry, but the print doesn't get any smaller. If the recent release of the Foresight Institute's nanotech guidelines intriguing to you, you might want to check out the new forum for nanotech advances and issues. bento writes: "From the press release: "I'm happy to report that one of Foresight's long-term goals -- to have a way to meet online that truly works -- is now a reality at http://nanodot.org. We think of this site as our daily newspaper -- all the news that's fit to "print" -- combined with a continual Nanoschmooze discussion. No login is needed to read the site." For those who are interested in nanotechnology's social and technological implications, this site should prove a great resource in finding out what's up in the field of nanotechnology."

One man's trash is other people's trash, too. psxndc writes: "FGNOnline has the scoop about the Interactive Entertainment Merchants Association unveiling new packaging options for PC Games at their annual conference. It brings up the point about games with large documentation not fitting into smaller DVD-type Keep Cases, but wasn't the digital revolution supposed to cut down if not eliminate the need for paper in the first place?? Most game-box contents are a jewel-cased CD, some docs, some ads, and a whole lot of unused space? Why?" Well, in the bad old days of the CD longbox (which are not that long ago), the most commonly cited reasons for the box of mostly-air were 1) the space is helpful for marketing purposes (pictures and blurbs and artwork, oh my!) and 2) everyone's favorite eupehmism for shoplifting, "shrinkage." Probably the same rules apply; game makers want to "stand out on the shelf." But if CDs can handle the switch, I bet games can, too.

How will the children survive? CuriousGeorge113 writes: "In a major decision today, a Federal Appeals Court has struck down COPA (The Children's Online Protection Act). According to this ACLU Press Release, a federal appeals court has deemed the law unconstitutional in nature and 'impossible to establish one "community standard" by which Internet speech could be governed.' You can also see the official court case here."

And in news that can only be called related ... Rude Turnip writes: "It looks like Mattel, one of the most despised toy companies discussed on Slashdot, is sellling off its notorious Cyber Patrol censorware. Cyber Patrol's parent company, The Learning Co., which is also owned by Mattel, is being sold off separately. Mattel said they would like to concentrate on their "core competency" of toys. The lucky buyer of Cyber Patrol is the British firm, JSB Software Technologies, PLC, who paid $100 million. With people like Jamie McCarthy out there fighting these purveyours of censorship and great sites like peacefire.org, I bet JSB will soon realize they paid just a little too much :-)" Maybe it's just not a sellers market; the article indicating that Cyber Patrol was to be sold went up a few months ago.

In six years, Tux will be driving. xannax writes: "I just bought a new IWILL VD133 motherboard, and after the usual setup and such, popped in the configuration cdrom - and was suprised to see a Linux kernel boot up on the monitor. When the cd boots, it gives users without an fdisk'ed partition a chance to make disks for board and chipset config; but the neat thing is the use of Linux for the cd. I mean, two years ago, when I wore my "Penguin Power" t-shirt, most of the attention I got was from hockey fans. But just as the logo on the shirt has faded from repeated washing, the exact opposite has happened to the visibility of the Linux OS; it's gone from hackers and nerds only to mainstream. Great to see a company with a reputation like IWILL use Linux in this fashion."

Come sirrah Jack Straw! MrM writes: "An IDG.net story on CNN says that in the face of increasing pressure from privacy groups, business groups and Internet service providers (ISPs), the U.K. government is backing away from some of the more controversial aspects of its e-mail surveillance bill currently under consideration in the House of Lords." The controversy is mostly over little things like, oh, (from the article) "Under the provisions of the RIP bill, the U.K. government -- specifically the Home Office and its head, the Home Secretary -- can demand encryption keys to any and all data communications with a prison sentence of two years for those who do not comply with the order."

In this episode of slashback, there's more on NanoStuff, censorship in various forms and venues, and further proof that the word "upstart" uttered or tapped in computer journalism regarding Linux is ever so much twaddle. You have been warned.

Sorry, but the print doesn't get any smaller. If the recent release of the Foresight Institute's nanotech guidelines intriguing to you, you might want to check out the new forum for nanotech advances and issues. bento writes: "From the press release: "I'm happy to report that one of Foresight's long-term goals -- to have a way to meet online that truly works -- is now a reality at http://nanodot.org. We think of this site as our daily newspaper -- all the news that's fit to "print" -- combined with a continual Nanoschmooze discussion. No login is needed to read the site." For those who are interested in nanotechnology's social and technological implications, this site should prove a great resource in finding out what's up in the field of nanotechnology."

One man's trash is other people's trash, too. psxndc writes: "FGNOnline has the scoop about the Interactive Entertainment Merchants Association unveiling new packaging options for PC Games at their annual conference. It brings up the point about games with large documentation not fitting into smaller DVD-type Keep Cases, but wasn't the digital revolution supposed to cut down if not eliminate the need for paper in the first place?? Most game-box contents are a jewel-cased CD, some docs, some ads, and a whole lot of unused space? Why?" Well, in the bad old days of the CD longbox (which are not that long ago), the most commonly cited reasons for the box of mostly-air were 1) the space is helpful for marketing purposes (pictures and blurbs and artwork, oh my!) and 2) everyone's favorite eupehmism for shoplifting, "shrinkage." Probably the same rules apply; game makers want to "stand out on the shelf." But if CDs can handle the switch, I bet games can, too.

How will the children survive? CuriousGeorge113 writes: "In a major decision today, a Federal Appeals Court has struck down COPA (The Children's Online Protection Act). According to this ACLU Press Release, a federal appeals court has deemed the law unconstitutional in nature and 'impossible to establish one "community standard" by which Internet speech could be governed.' You can also see the official court case here."

And in news that can only be called related ... Rude Turnip writes: "It looks like Mattel, one of the most despised toy companies discussed on Slashdot, is sellling off its notorious Cyber Patrol censorware. Cyber Patrol's parent company, The Learning Co., which is also owned by Mattel, is being sold off separately. Mattel said they would like to concentrate on their "core competency" of toys. The lucky buyer of Cyber Patrol is the British firm, JSB Software Technologies, PLC, who paid $100 million. With people like Jamie McCarthy out there fighting these purveyours of censorship and great sites like peacefire.org, I bet JSB will soon realize they paid just a little too much :-)" Maybe it's just not a sellers market; the article indicating that Cyber Patrol was to be sold went up a few months ago.

In six years, Tux will be driving. xannax writes: "I just bought a new IWILL VD133 motherboard, and after the usual setup and such, popped in the configuration cdrom - and was suprised to see a Linux kernel boot up on the monitor. When the cd boots, it gives users without an fdisk'ed partition a chance to make disks for board and chipset config; but the neat thing is the use of Linux for the cd. I mean, two years ago, when I wore my "Penguin Power" t-shirt, most of the attention I got was from hockey fans. But just as the logo on the shirt has faded from repeated washing, the exact opposite has happened to the visibility of the Linux OS; it's gone from hackers and nerds only to mainstream. Great to see a company with a reputation like IWILL use Linux in this fashion."

Come sirrah Jack Straw! MrM writes: "An IDG.net story on CNN says that in the face of increasing pressure from privacy groups, business groups and Internet service providers (ISPs), the U.K. government is backing away from some of the more controversial aspects of its e-mail surveillance bill currently under consideration in the House of Lords." The controversy is mostly over little things like, oh, (from the article) "Under the provisions of the RIP bill, the U.K. government -- specifically the Home Office and its head, the Home Secretary -- can demand encryption keys to any and all data communications with a prison sentence of two years for those who do not comply with the order."

sconeu writes: "Wired News is reporting that the Third Circuit Court of Appeals has struck down the Child Online Protection Act (COPA). The government's next move is to either appeal to the Supremes or ask for a full trial (IANAL - I don't understand why the radically different options)." The full decision is available on PACER. The appellate court was only affirming the temporary injunction against enforcement of the law that was issued earlier by the district court, there hasn't been a full trial of the law yet. Here's the ACLU press release.

Both the Washington Post and the New York Times have stories about the FTC's decision to ask Congress for the authority to regulate online privacy. The FTC had recently completed yet another privacy survey that showed companies were doing little to protect privacy on the Internet, even after several years of dire warnings. In other news, Doubleclick named a "No-Privacy Board" -- errr, a "Privacy Board." Its members are listed below, along with my notes on their backgrounds.

It is important to keep in mind what this is being billed as: Doubleclick calls this, in their press release, a "Consumer Privacy Advocacy Board." Supposedly this board is set up to, you know, advocate consumer privacy. So, let's take a look at its composition.

Robert Abrams, former attorney general of New York: hired because of his connections in New York State, which threatened to file suit against Doubleclick. His role will be to lobby his buddies in various government agencies to prevent privacy lawsuits.

Robert Litan, vice president and director of economic studies at the Brookings Institution: supports "opt-out" marketing and notification of privacy policies, as opposed to actual privacy. (Which is exactly Doubleclick's position, of course.)

Harriet Pearson, director of public affairs at International Business Machines Corp.: Pearson is one of the people behind the Online Privacy Alliance, a corporate front group working to attack privacy on the Internet. Pearson has moderated seminars on how to profile users without seeming to be Big Brother; her job is to make you feel good about not having any privacy. Every group needs a PR flack.

Lori Fena, chairman of Web privacy organization TrustE: Fena is an advertising executive by trade. And obviously, having her on board means that TrustE won't exactly be cracking down on any of Doubleclick's practices.

Daniel Weitzner, an executive at the World Wide Web Consortium: Weitzner's main job at W3C is promoting P3P, a protocol designed to automatically give out your name, address, phone number, credit card information, Social Security number, and other personal data to Web sites as you browse -- a sort of hyper-invasive universal cookie. Need I say more?

Elizabeth Lascoutx, a director and vice president at the Council of Better Business Bureaus: Lascoutx's work at the BBB used to center around children's advertising -- she sought to have commercial messages on children's Web sites set off from the rest of the content in the same manner as television advertising ("after these messages, we'll be right back").

David Stazer, vice president and co-founder of PlanetOut.com: I don't know of any qualifications Stazer might have with regard to privacy.

Stewart Baker, a partner at the law firm of Steptoe & Johnson: Baker used to be the general counsel of the National Security Agency, probably not the first people you'd think of when you think "privacy"; he's an influential Washington lobbyist now. Baker publicly attacked the efforts to boycott Intel and Microsoft over the Pentium-III processor ID and the GUID embedded in MSOffice documents -- he stated that if all machines on the Internet were authenticated and identified, things like denial of service attacks could be prevented (which is true enough, if you don't mind a total loss of privacy).

No one from EPIC? No one from the ACLU? You can draw your own conclusions about whether this "Consumer Privacy Protection Board" (sic) is intended to actually help Doubleclick change its ways, or whether it is merely intended to help protect the company from lawsuits and adverse governmental action, like, say, the FTC wanting the authority to force companies to respect privacy concerns.

testcase writes: "From the ACLU press release 'The suit, filed against Yahoo! by a user of the service's popular financial message boards, challenges the company's practice of disclosing a user's personal information to third parties without prior notice to the user. The full text of the suit is here "

www.sorehands.com writes, "CNet News reports that the ACLU is appealing the CPHack ruling. It should be quite interesting. Especially in the light of the ruling in federal court that makes source code free speech. It is possible that the court may rule that the source code can be posted, but not the executable code. It will be very difficult for Mattel to show damage or harm from publication now. Mattel changed the code, so CPHack is obsolete and will not work on the current version."

Brian Ristuccia writes, "It looks like the ACLU has decided to help Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, three folks who were running mirror sites of the recently released Cyber Patrol paper and decoding software, respond to the subpoena and confusing e-service messages that have been sent to them via e-mail by Cyber Patrol's law firm."

Links:

• Declan McCullagh's Archive of Case Related Documents
• ACLU Press Release

Text of the ACLU's Press Release:

FOR IMMEDIATE RELEASE
Friday, March 24, 2000

NEW YORK -- The American Civil Liberties Union will enter a Boston court this Monday to argue that a ban on a program allowing users to decode the Internet blocking software Cyber Patrol constitutes a "classic prior restraint on speech" in violation of the U.S. Constitution.

The Cyber Patrol controversy is but the latest round in a heated debate over flaws in so-called filtering software that both "overblocks" non-pornographic Web sites on subjects like Super Bowl XXX and fails to block many sites parents may not deem appropriate for their children.

In legal papers filed with the court today, the ACLU said that Cyber Patrol's lawsuit is unnecessary because the company can easily block their customers from accessing any Web site or page on which the decoding program appears, whereas some of the Web sites may be out of the jurisdiction of the court.

Acting on behalf of three U.S. Web site operators who posted "mirror" copies of the decoding program, the ACLU said their free speech rights would be violated if the court granted the company's request for a preliminary injunction against the Swedish and Canadian creators of the program.

"Under Cyber Patrol's logic, I'd be breaking the law if I bought a Ford Mustang and looked under the hood," said Chris Hansen, a senior ACLU staff attorney and lead counsel in the case. "I don't think it is asking too much for Cyber Patrol and other software companies to tell the American public exactly what their software blocks, especially when Congress wants to force both children and adults to use it."

Last Friday, March 17, U.S. District Judge Edward F. Harrington granted a 10-day temporary restraining order against the creators of the program. Cyber Patrol then sent subpoenas to the ACLU's clients, suggesting that they would be bound by that order and any future court bans.

In addition, at least one American reporter has confirmed receipt of subpoena from Cyber Patrol ordering him to reveal the name of "each and every person who produced, received, viewed, downloaded or accessed" the decoding program from his site.

The Web site operators, Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, each said that they posted the decoding program as a form of political protest against Cyber Patrol's legal actions and against "censorware" in general. Their Web sites can be found at: www.peacefire.org (Haselton), www.fmp.com (Haisley) and www.waldo.net (Jasquith).

"We thought it would be educational for some politicians, who are recommending blocking software for use in every school in the country, to see the mistakes that the codebreakers found in Cyber Patrol's list," said Haselton, 21, operator of Peacefire.org, a Web site he founded specifically to defend the free-speech interests of people under 18 on the Internet.

Haselton said that Peacefire recently decrypted the lists of sites blocked by two other programs -- I-Gear and X-Stop -- and found that they had error rates between 68 and 76 percent for blocking pages in the educational ".edu" domain.

Haselton, Jasquith, and Haisley are represented as "nonparties" to the Cyber Patrol lawsuit by Hansen of the national ACLU, Sarah Wunsch, an attorney with the ACLU of Massachusetts, David Sobel, general counsel for the Electronic Privacy Information Center based in Washington, and Jessica Littman, a visiting professor of law at New York University.

In 1998, a federal district judge said that forcing adults to use blocking software like Cyber Patrol in public libraries "offends the guarantee of free speech." Last month, a proposal aimed at forcing a Michigan public library to install Web filtering software on computers was defeated by voters.

"With Congress renewing efforts to mandate use of such flawed software in public schools and libraries, the Cyber Patrol battle only serves to emphasize that information on what is blocked must be made available to consumers, let alone libraries and schools," Hansen said.

The hearing in Microsystems Software, Inc. V. Scandinavia Online, IslandNet.com, Eddy L.O. Jansson and Matthew Skala, Civil Action No.00-10488-EFH, will take place on Monday, March 27, at 2:00 p.m. in U.S. District Court in Boston.

The ACLU's opposition to motion for preliminary injunction in the case is online at http://www.aclu.org/court/cyberpatrol_motion.html. The motion to quash subpoenas is online at http://www.aclu.org/court/cyberpatrol_quash.html.

Cyber Patrol is a subsidiary of toy company giant Mattel Inc., which is publicly traded on the New York Stock Exchange.

Brian Ristuccia writes, "It looks like the ACLU has decided to help Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, three folks who were running mirror sites of the recently released Cyber Patrol paper and decoding software, respond to the subpoena and confusing e-service messages that have been sent to them via e-mail by Cyber Patrol's law firm."

Links:

• Declan McCullagh's Archive of Case Related Documents
• ACLU Press Release

Text of the ACLU's Press Release:

FOR IMMEDIATE RELEASE
Friday, March 24, 2000

NEW YORK -- The American Civil Liberties Union will enter a Boston court this Monday to argue that a ban on a program allowing users to decode the Internet blocking software Cyber Patrol constitutes a "classic prior restraint on speech" in violation of the U.S. Constitution.

The Cyber Patrol controversy is but the latest round in a heated debate over flaws in so-called filtering software that both "overblocks" non-pornographic Web sites on subjects like Super Bowl XXX and fails to block many sites parents may not deem appropriate for their children.

In legal papers filed with the court today, the ACLU said that Cyber Patrol's lawsuit is unnecessary because the company can easily block their customers from accessing any Web site or page on which the decoding program appears, whereas some of the Web sites may be out of the jurisdiction of the court.

Acting on behalf of three U.S. Web site operators who posted "mirror" copies of the decoding program, the ACLU said their free speech rights would be violated if the court granted the company's request for a preliminary injunction against the Swedish and Canadian creators of the program.

"Under Cyber Patrol's logic, I'd be breaking the law if I bought a Ford Mustang and looked under the hood," said Chris Hansen, a senior ACLU staff attorney and lead counsel in the case. "I don't think it is asking too much for Cyber Patrol and other software companies to tell the American public exactly what their software blocks, especially when Congress wants to force both children and adults to use it."

Last Friday, March 17, U.S. District Judge Edward F. Harrington granted a 10-day temporary restraining order against the creators of the program. Cyber Patrol then sent subpoenas to the ACLU's clients, suggesting that they would be bound by that order and any future court bans.

In addition, at least one American reporter has confirmed receipt of subpoena from Cyber Patrol ordering him to reveal the name of "each and every person who produced, received, viewed, downloaded or accessed" the decoding program from his site.

The Web site operators, Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, each said that they posted the decoding program as a form of political protest against Cyber Patrol's legal actions and against "censorware" in general. Their Web sites can be found at: www.peacefire.org (Haselton), www.fmp.com (Haisley) and www.waldo.net (Jasquith).

"We thought it would be educational for some politicians, who are recommending blocking software for use in every school in the country, to see the mistakes that the codebreakers found in Cyber Patrol's list," said Haselton, 21, operator of Peacefire.org, a Web site he founded specifically to defend the free-speech interests of people under 18 on the Internet.

Haselton said that Peacefire recently decrypted the lists of sites blocked by two other programs -- I-Gear and X-Stop -- and found that they had error rates between 68 and 76 percent for blocking pages in the educational ".edu" domain.

Haselton, Jasquith, and Haisley are represented as "nonparties" to the Cyber Patrol lawsuit by Hansen of the national ACLU, Sarah Wunsch, an attorney with the ACLU of Massachusetts, David Sobel, general counsel for the Electronic Privacy Information Center based in Washington, and Jessica Littman, a visiting professor of law at New York University.

In 1998, a federal district judge said that forcing adults to use blocking software like Cyber Patrol in public libraries "offends the guarantee of free speech." Last month, a proposal aimed at forcing a Michigan public library to install Web filtering software on computers was defeated by voters.

"With Congress renewing efforts to mandate use of such flawed software in public schools and libraries, the Cyber Patrol battle only serves to emphasize that information on what is blocked must be made available to consumers, let alone libraries and schools," Hansen said.

The hearing in Microsystems Software, Inc. V. Scandinavia Online, IslandNet.com, Eddy L.O. Jansson and Matthew Skala, Civil Action No.00-10488-EFH, will take place on Monday, March 27, at 2:00 p.m. in U.S. District Court in Boston.

The ACLU's opposition to motion for preliminary injunction in the case is online at http://www.aclu.org/court/cyberpatrol_motion.html. The motion to quash subpoenas is online at http://www.aclu.org/court/cyberpatrol_quash.html.

Cyber Patrol is a subsidiary of toy company giant Mattel Inc., which is publicly traded on the New York Stock Exchange.

Brian Ristuccia writes, "It looks like the ACLU has decided to help Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, three folks who were running mirror sites of the recently released Cyber Patrol paper and decoding software, respond to the subpoena and confusing e-service messages that have been sent to them via e-mail by Cyber Patrol's law firm."

Links:

• Declan McCullagh's Archive of Case Related Documents
• ACLU Press Release

Text of the ACLU's Press Release:

FOR IMMEDIATE RELEASE
Friday, March 24, 2000

NEW YORK -- The American Civil Liberties Union will enter a Boston court this Monday to argue that a ban on a program allowing users to decode the Internet blocking software Cyber Patrol constitutes a "classic prior restraint on speech" in violation of the U.S. Constitution.

The Cyber Patrol controversy is but the latest round in a heated debate over flaws in so-called filtering software that both "overblocks" non-pornographic Web sites on subjects like Super Bowl XXX and fails to block many sites parents may not deem appropriate for their children.

In legal papers filed with the court today, the ACLU said that Cyber Patrol's lawsuit is unnecessary because the company can easily block their customers from accessing any Web site or page on which the decoding program appears, whereas some of the Web sites may be out of the jurisdiction of the court.

Acting on behalf of three U.S. Web site operators who posted "mirror" copies of the decoding program, the ACLU said their free speech rights would be violated if the court granted the company's request for a preliminary injunction against the Swedish and Canadian creators of the program.

"Under Cyber Patrol's logic, I'd be breaking the law if I bought a Ford Mustang and looked under the hood," said Chris Hansen, a senior ACLU staff attorney and lead counsel in the case. "I don't think it is asking too much for Cyber Patrol and other software companies to tell the American public exactly what their software blocks, especially when Congress wants to force both children and adults to use it."

Last Friday, March 17, U.S. District Judge Edward F. Harrington granted a 10-day temporary restraining order against the creators of the program. Cyber Patrol then sent subpoenas to the ACLU's clients, suggesting that they would be bound by that order and any future court bans.

In addition, at least one American reporter has confirmed receipt of subpoena from Cyber Patrol ordering him to reveal the name of "each and every person who produced, received, viewed, downloaded or accessed" the decoding program from his site.

The Web site operators, Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, each said that they posted the decoding program as a form of political protest against Cyber Patrol's legal actions and against "censorware" in general. Their Web sites can be found at: www.peacefire.org (Haselton), www.fmp.com (Haisley) and www.waldo.net (Jasquith).

"We thought it would be educational for some politicians, who are recommending blocking software for use in every school in the country, to see the mistakes that the codebreakers found in Cyber Patrol's list," said Haselton, 21, operator of Peacefire.org, a Web site he founded specifically to defend the free-speech interests of people under 18 on the Internet.

Haselton said that Peacefire recently decrypted the lists of sites blocked by two other programs -- I-Gear and X-Stop -- and found that they had error rates between 68 and 76 percent for blocking pages in the educational ".edu" domain.

Haselton, Jasquith, and Haisley are represented as "nonparties" to the Cyber Patrol lawsuit by Hansen of the national ACLU, Sarah Wunsch, an attorney with the ACLU of Massachusetts, David Sobel, general counsel for the Electronic Privacy Information Center based in Washington, and Jessica Littman, a visiting professor of law at New York University.

In 1998, a federal district judge said that forcing adults to use blocking software like Cyber Patrol in public libraries "offends the guarantee of free speech." Last month, a proposal aimed at forcing a Michigan public library to install Web filtering software on computers was defeated by voters.

"With Congress renewing efforts to mandate use of such flawed software in public schools and libraries, the Cyber Patrol battle only serves to emphasize that information on what is blocked must be made available to consumers, let alone libraries and schools," Hansen said.

The hearing in Microsystems Software, Inc. V. Scandinavia Online, IslandNet.com, Eddy L.O. Jansson and Matthew Skala, Civil Action No.00-10488-EFH, will take place on Monday, March 27, at 2:00 p.m. in U.S. District Court in Boston.

The ACLU's opposition to motion for preliminary injunction in the case is online at http://www.aclu.org/court/cyberpatrol_motion.html. The motion to quash subpoenas is online at http://www.aclu.org/court/cyberpatrol_quash.html.

Cyber Patrol is a subsidiary of toy company giant Mattel Inc., which is publicly traded on the New York Stock Exchange.

Brian Ristuccia writes, "It looks like the ACLU has decided to help Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, three folks who were running mirror sites of the recently released Cyber Patrol paper and decoding software, respond to the subpoena and confusing e-service messages that have been sent to them via e-mail by Cyber Patrol's law firm."

Links:

• Declan McCullagh's Archive of Case Related Documents
• ACLU Press Release

Text of the ACLU's Press Release:

FOR IMMEDIATE RELEASE
Friday, March 24, 2000

NEW YORK -- The American Civil Liberties Union will enter a Boston court this Monday to argue that a ban on a program allowing users to decode the Internet blocking software Cyber Patrol constitutes a "classic prior restraint on speech" in violation of the U.S. Constitution.

The Cyber Patrol controversy is but the latest round in a heated debate over flaws in so-called filtering software that both "overblocks" non-pornographic Web sites on subjects like Super Bowl XXX and fails to block many sites parents may not deem appropriate for their children.

In legal papers filed with the court today, the ACLU said that Cyber Patrol's lawsuit is unnecessary because the company can easily block their customers from accessing any Web site or page on which the decoding program appears, whereas some of the Web sites may be out of the jurisdiction of the court.

Acting on behalf of three U.S. Web site operators who posted "mirror" copies of the decoding program, the ACLU said their free speech rights would be violated if the court granted the company's request for a preliminary injunction against the Swedish and Canadian creators of the program.

"Under Cyber Patrol's logic, I'd be breaking the law if I bought a Ford Mustang and looked under the hood," said Chris Hansen, a senior ACLU staff attorney and lead counsel in the case. "I don't think it is asking too much for Cyber Patrol and other software companies to tell the American public exactly what their software blocks, especially when Congress wants to force both children and adults to use it."

Last Friday, March 17, U.S. District Judge Edward F. Harrington granted a 10-day temporary restraining order against the creators of the program. Cyber Patrol then sent subpoenas to the ACLU's clients, suggesting that they would be bound by that order and any future court bans.

In addition, at least one American reporter has confirmed receipt of subpoena from Cyber Patrol ordering him to reveal the name of "each and every person who produced, received, viewed, downloaded or accessed" the decoding program from his site.

The Web site operators, Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, each said that they posted the decoding program as a form of political protest against Cyber Patrol's legal actions and against "censorware" in general. Their Web sites can be found at: www.peacefire.org (Haselton), www.fmp.com (Haisley) and www.waldo.net (Jasquith).

"We thought it would be educational for some politicians, who are recommending blocking software for use in every school in the country, to see the mistakes that the codebreakers found in Cyber Patrol's list," said Haselton, 21, operator of Peacefire.org, a Web site he founded specifically to defend the free-speech interests of people under 18 on the Internet.

Haselton said that Peacefire recently decrypted the lists of sites blocked by two other programs -- I-Gear and X-Stop -- and found that they had error rates between 68 and 76 percent for blocking pages in the educational ".edu" domain.

Haselton, Jasquith, and Haisley are represented as "nonparties" to the Cyber Patrol lawsuit by Hansen of the national ACLU, Sarah Wunsch, an attorney with the ACLU of Massachusetts, David Sobel, general counsel for the Electronic Privacy Information Center based in Washington, and Jessica Littman, a visiting professor of law at New York University.

In 1998, a federal district judge said that forcing adults to use blocking software like Cyber Patrol in public libraries "offends the guarantee of free speech." Last month, a proposal aimed at forcing a Michigan public library to install Web filtering software on computers was defeated by voters.

"With Congress renewing efforts to mandate use of such flawed software in public schools and libraries, the Cyber Patrol battle only serves to emphasize that information on what is blocked must be made available to consumers, let alone libraries and schools," Hansen said.

The hearing in Microsystems Software, Inc. V. Scandinavia Online, IslandNet.com, Eddy L.O. Jansson and Matthew Skala, Civil Action No.00-10488-EFH, will take place on Monday, March 27, at 2:00 p.m. in U.S. District Court in Boston.

The ACLU's opposition to motion for preliminary injunction in the case is online at http://www.aclu.org/court/cyberpatrol_motion.html. The motion to quash subpoenas is online at http://www.aclu.org/court/cyberpatrol_quash.html.

Cyber Patrol is a subsidiary of toy company giant Mattel Inc., which is publicly traded on the New York Stock Exchange.

Brian Ristuccia writes, "It looks like the ACLU has decided to help Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, three folks who were running mirror sites of the recently released Cyber Patrol paper and decoding software, respond to the subpoena and confusing e-service messages that have been sent to them via e-mail by Cyber Patrol's law firm."

Links:

• Declan McCullagh's Archive of Case Related Documents
• ACLU Press Release

Text of the ACLU's Press Release:

FOR IMMEDIATE RELEASE
Friday, March 24, 2000

NEW YORK -- The American Civil Liberties Union will enter a Boston court this Monday to argue that a ban on a program allowing users to decode the Internet blocking software Cyber Patrol constitutes a "classic prior restraint on speech" in violation of the U.S. Constitution.

The Cyber Patrol controversy is but the latest round in a heated debate over flaws in so-called filtering software that both "overblocks" non-pornographic Web sites on subjects like Super Bowl XXX and fails to block many sites parents may not deem appropriate for their children.

In legal papers filed with the court today, the ACLU said that Cyber Patrol's lawsuit is unnecessary because the company can easily block their customers from accessing any Web site or page on which the decoding program appears, whereas some of the Web sites may be out of the jurisdiction of the court.

Acting on behalf of three U.S. Web site operators who posted "mirror" copies of the decoding program, the ACLU said their free speech rights would be violated if the court granted the company's request for a preliminary injunction against the Swedish and Canadian creators of the program.

"Under Cyber Patrol's logic, I'd be breaking the law if I bought a Ford Mustang and looked under the hood," said Chris Hansen, a senior ACLU staff attorney and lead counsel in the case. "I don't think it is asking too much for Cyber Patrol and other software companies to tell the American public exactly what their software blocks, especially when Congress wants to force both children and adults to use it."

Last Friday, March 17, U.S. District Judge Edward F. Harrington granted a 10-day temporary restraining order against the creators of the program. Cyber Patrol then sent subpoenas to the ACLU's clients, suggesting that they would be bound by that order and any future court bans.

In addition, at least one American reporter has confirmed receipt of subpoena from Cyber Patrol ordering him to reveal the name of "each and every person who produced, received, viewed, downloaded or accessed" the decoding program from his site.

The Web site operators, Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, each said that they posted the decoding program as a form of political protest against Cyber Patrol's legal actions and against "censorware" in general. Their Web sites can be found at: www.peacefire.org (Haselton), www.fmp.com (Haisley) and www.waldo.net (Jasquith).

"We thought it would be educational for some politicians, who are recommending blocking software for use in every school in the country, to see the mistakes that the codebreakers found in Cyber Patrol's list," said Haselton, 21, operator of Peacefire.org, a Web site he founded specifically to defend the free-speech interests of people under 18 on the Internet.

Haselton said that Peacefire recently decrypted the lists of sites blocked by two other programs -- I-Gear and X-Stop -- and found that they had error rates between 68 and 76 percent for blocking pages in the educational ".edu" domain.

Haselton, Jasquith, and Haisley are represented as "nonparties" to the Cyber Patrol lawsuit by Hansen of the national ACLU, Sarah Wunsch, an attorney with the ACLU of Massachusetts, David Sobel, general counsel for the Electronic Privacy Information Center based in Washington, and Jessica Littman, a visiting professor of law at New York University.

In 1998, a federal district judge said that forcing adults to use blocking software like Cyber Patrol in public libraries "offends the guarantee of free speech." Last month, a proposal aimed at forcing a Michigan public library to install Web filtering software on computers was defeated by voters.

"With Congress renewing efforts to mandate use of such flawed software in public schools and libraries, the Cyber Patrol battle only serves to emphasize that information on what is blocked must be made available to consumers, let alone libraries and schools," Hansen said.

The hearing in Microsystems Software, Inc. V. Scandinavia Online, IslandNet.com, Eddy L.O. Jansson and Matthew Skala, Civil Action No.00-10488-EFH, will take place on Monday, March 27, at 2:00 p.m. in U.S. District Court in Boston.

The ACLU's opposition to motion for preliminary injunction in the case is online at http://www.aclu.org/court/cyberpatrol_motion.html. The motion to quash subpoenas is online at http://www.aclu.org/court/cyberpatrol_quash.html.

Cyber Patrol is a subsidiary of toy company giant Mattel Inc., which is publicly traded on the New York Stock Exchange.

Brian Ristuccia writes, "It looks like the ACLU has decided to help Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, three folks who were running mirror sites of the recently released Cyber Patrol paper and decoding software, respond to the subpoena and confusing e-service messages that have been sent to them via e-mail by Cyber Patrol's law firm."

Links:

• Declan McCullagh's Archive of Case Related Documents
• ACLU Press Release

Text of the ACLU's Press Release:

FOR IMMEDIATE RELEASE
Friday, March 24, 2000

NEW YORK -- The American Civil Liberties Union will enter a Boston court this Monday to argue that a ban on a program allowing users to decode the Internet blocking software Cyber Patrol constitutes a "classic prior restraint on speech" in violation of the U.S. Constitution.

The Cyber Patrol controversy is but the latest round in a heated debate over flaws in so-called filtering software that both "overblocks" non-pornographic Web sites on subjects like Super Bowl XXX and fails to block many sites parents may not deem appropriate for their children.

In legal papers filed with the court today, the ACLU said that Cyber Patrol's lawsuit is unnecessary because the company can easily block their customers from accessing any Web site or page on which the decoding program appears, whereas some of the Web sites may be out of the jurisdiction of the court.

Acting on behalf of three U.S. Web site operators who posted "mirror" copies of the decoding program, the ACLU said their free speech rights would be violated if the court granted the company's request for a preliminary injunction against the Swedish and Canadian creators of the program.

"Under Cyber Patrol's logic, I'd be breaking the law if I bought a Ford Mustang and looked under the hood," said Chris Hansen, a senior ACLU staff attorney and lead counsel in the case. "I don't think it is asking too much for Cyber Patrol and other software companies to tell the American public exactly what their software blocks, especially when Congress wants to force both children and adults to use it."

Last Friday, March 17, U.S. District Judge Edward F. Harrington granted a 10-day temporary restraining order against the creators of the program. Cyber Patrol then sent subpoenas to the ACLU's clients, suggesting that they would be bound by that order and any future court bans.

In addition, at least one American reporter has confirmed receipt of subpoena from Cyber Patrol ordering him to reveal the name of "each and every person who produced, received, viewed, downloaded or accessed" the decoding program from his site.

The Web site operators, Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, each said that they posted the decoding program as a form of political protest against Cyber Patrol's legal actions and against "censorware" in general. Their Web sites can be found at: www.peacefire.org (Haselton), www.fmp.com (Haisley) and www.waldo.net (Jasquith).

"We thought it would be educational for some politicians, who are recommending blocking software for use in every school in the country, to see the mistakes that the codebreakers found in Cyber Patrol's list," said Haselton, 21, operator of Peacefire.org, a Web site he founded specifically to defend the free-speech interests of people under 18 on the Internet.

Haselton said that Peacefire recently decrypted the lists of sites blocked by two other programs -- I-Gear and X-Stop -- and found that they had error rates between 68 and 76 percent for blocking pages in the educational ".edu" domain.

Haselton, Jasquith, and Haisley are represented as "nonparties" to the Cyber Patrol lawsuit by Hansen of the national ACLU, Sarah Wunsch, an attorney with the ACLU of Massachusetts, David Sobel, general counsel for the Electronic Privacy Information Center based in Washington, and Jessica Littman, a visiting professor of law at New York University.

In 1998, a federal district judge said that forcing adults to use blocking software like Cyber Patrol in public libraries "offends the guarantee of free speech." Last month, a proposal aimed at forcing a Michigan public library to install Web filtering software on computers was defeated by voters.

"With Congress renewing efforts to mandate use of such flawed software in public schools and libraries, the Cyber Patrol battle only serves to emphasize that information on what is blocked must be made available to consumers, let alone libraries and schools," Hansen said.

The hearing in Microsystems Software, Inc. V. Scandinavia Online, IslandNet.com, Eddy L.O. Jansson and Matthew Skala, Civil Action No.00-10488-EFH, will take place on Monday, March 27, at 2:00 p.m. in U.S. District Court in Boston.

The ACLU's opposition to motion for preliminary injunction in the case is online at http://www.aclu.org/court/cyberpatrol_motion.html. The motion to quash subpoenas is online at http://www.aclu.org/court/cyberpatrol_quash.html.

Cyber Patrol is a subsidiary of toy company giant Mattel Inc., which is publicly traded on the New York Stock Exchange.

An AC writes " BetaNews reported that on Wednesday, the American Civil Liberties Union (ACLU) made good on its plan to file a lawsuit against the FBI and the Justice Department for allegedly suppressing a Web-based film that predicts a riot in Times Square on New Year's Eve." The ACLU's Complaint is online, and see the original slashdot story and the followup. The ACLU complaint gives a great deal of information about what the FBI actually did, errr, is alleged to have done. The ACLU also makes an interesting claim that this action was related to Project Megiddo, the FBI's plan to suppress any disorder around the millennium.

The Australian Government has hastily enacted several measures overnight that should send a shiver down the collective spines of all Net users. Firstly, it passed major legislation that enables the Australian Security and Intelligence Organisation (ASIO), similar to the CIA, to remotely tap into and alter data on any Australian's computer. APC Newswire has the story. Secondly, the Government minister responsible for IT, Senator Richard Alston, has appointed an Internet content censorship advisory board stacked with representatives who support his heavy-handed approach, critics say. Critics of Alston's agenda in the past have included the ACLU and the EFF-affiliated Australian Net-users' group, Electronic Frontiers Australia. Again, APC has the story and a commentary.
If they can do it Down Under, how long do you think it will be before similar measures come to a town near you?

The New York Times has a story on the ACLU and EPIC filing suit in the U.S. Court of Appeals to block the wiretapping provisions in CALEA. Go get 'em.

MacRonin writes "ACLU Press Release: 11-18-99 -- Groups Initiate Court Challenge to FBI Wiretap Standards; Say FCC Decision Threatens Communications Privacy." The FCC was granted powers to decide just how CALEA was to be implemented; unfortunately, they granted law enforcement powers which go well beyond the scope of the law. The ACLU and EPIC are now challenging that decision.

MacRonin writes "ACLU Press Release: 11-18-99 -- Groups Initiate Court Challenge to FBI Wiretap Standards; Say FCC Decision Threatens Communications Privacy." The FCC was granted powers to decide just how CALEA was to be implemented; unfortunately, they granted law enforcement powers which go well beyond the scope of the law. The ACLU and EPIC are now challenging that decision.

coldfusion writes "The American Civil Liberties Union in conjunction with EPIC and others has just launched Echelon Watch, a site which tracks developments about the intelligence gathering organization. The site does a good job of collating all of the information that has spread in the last few months. It also contains a 'write to Congress' component." Update: 11/17 09:30 by J : Baccus just informed us that the NSA has applied for a patent on Echelon-related (tapping) technology.

According to this SF Chronicle story, AOL prohibits members' profiles from describing how they like to have sex with gay men, but allows descriptions of how they like to kill gay men. Hmmm. Something seems wrong here. The ACLU, NationalGayLobby.org, and HateWatch are looking into it.

at0m writes "According to this story by the Providence Journal, a 15 year old set up a fake teacher's account at SchoolNotes.com, a site where teachers can leave class notes, homework assignments and links to educational web sites for their students, which "depicted the teacher as an unpopular homosexual who molests children and dogs." A representitive of SchoolNotes.com said that they do not use the passcodes system because "the Internet was meant to be open, and with every layer of security, it just causes less openness." Maybe SchoolNotes can take some of the blame. The article concludes, "no matter what you do, somebody can track it."" Sounds like he needs to contact the Rhode Island CLU. Emailing "it's sunny today" when it's raining is a misdemeanor in Rhode Island?

tristan writes "According to the Federal Election Commission expressing your political views on a personal web site constitutes a campaign contribution. How big a contribution? You can start tallying it up by adding up the cost of the server hardware and software. If it's over $1,000, you need to register as a political action committee! The ACLU has a story here. "

The ACLU's solution to the campaign finance mess is to advocate more public funding of elections. Are there other solutions? I'm interested to hear what slashdot readers have to say.

EraseMe writes "Sucks. A quick whois shows that a whole slew of offensive domain names are owned by the Central District of California US District Court. Is this an attempt at using our tax dollars towards lucrative purchases, or simply a censorship of our global freedom?" The second, but not in the way that you think. The court holds the domains because there's an ongoing suit which is challenging Network Solutions' refusal to register domains based on the Pacifica "seven dirty words" case. It was covered a few months ago in various news outlets.

Even more interesting is NSI's practice of refusing registrations to some registrants but granting them to others. Various registrants tried to register "nigger.com", and were refused, before NSI permitted the NAACP to register it (although why the NAACP wants to be associated with nigger.com is hard for me to grasp). Why do some organizations get special treatment for registering domain names?