Slashdot Mirror

The EU Data Protection Directive has a rather diametral stand then you on this is issue. In essence: Your data belongs to you; period!

This is like you selling me a book and then trying to dictate what tone of voice I use while reading it aloud because it's your poetry.

There are a lot of hilarious, if not rediculous analogies on /., but this one is a sure contester for first price.

There is no need to thank me.

Ah, you beat me to it -- I used this phone number two years ago to stop pre-approved credit offers, and have been extremely satisfied with the results. Some more information on opting out of credit offers, insurance offers, and other annoyances that arrive in your mailbox:

https://www.optoutprescreen.com/?rf=t

http://opt-out.cdt.org/

So... exactly what information is these representatives of the US Government after? The fact that people search for porn? If they remove any identification of who, and thus what, the person is... what's going to tell them that any given search conducted by a wide-eyed innocent (queue Bush jokes) vs. a consenting adult?

IANAL, but.

The government has tried repeatedly to censor the Internet over the past decade. The stated intention is to prevent minors from accessing material deemed harmful to minors, and whenever the issue comes up, elected officials of both parties fall all over themselves to make it look like they're doing all they can to protect the children (won't somebody please think of the children?!?)

The Child Online Protection Act (COPA) passed about 7-1/2 years ago; it set a penalty of $50,000 and/or six months imprisonment on anyone who, for commercial purposes, makes information available online deemed harmful to children, without performing adequate checks on a user's age (e.g. credit card verification or user certificate). The Supreme Court blocked enforcement of the act because it intruded on protected First Amendment speech and because the government had failed to prove that the intent of the law could not be achieved through less intrusive means than, say, commercial filtering products that parents can buy and install on their own computers.

I expect that the government's intention here is two-fold.

First, they want to demonstrate that the problem of material "harmful to minors" is so widespread that no filtering product can be effective in blocking access, thus reopening the door to punishments levied against Web publishers. They don't have evidence of that themselves, so they're trying to force Google to make the case for them.

Second, they're trying to shove the camel's nose into Google's tent--to set a precedent for future demands. If they can demand information on legal, constitutionally protected searches, they can demand it for anything. Google will become just another input into Bush's Orwellian data mining universe.

For an article on "administrative subpoenas," see here (linked to from here). I have not read the entire article, so I don't know if it's biased or not in its facts, but it does discuss some situations in which there doesn't need to be a trial to have subpoenas.

Here's a blog related to this ACLU Vs NSA lawsuit.

And from that blog, there's a great site with all the documents which raise concern. There's a lot of info on there if you're really serious about reading up on what resources the ACLU is using to run this case.

And let's not forget, long before the Patriot Act, there was the Omnibus Antiterrorism and Effective Death Penalty Act of 1996, which sailed through Congress in the wake of Oklahoma City, and contained many restrictions on privacy and civil liberties in the name of fighting terrorism. I like the Clintonistas better than the current crop of imbeciles too, but let's not paint his administration as some kind of bastion of civil liberties.

Communications Decency Act of 1996, in section 230 part C paragraph 1:

"TREATMENT OF PUBLISHER OR SPEAKER. No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. "

Basically the act said the authors or the ISP (Wikipedia or Wikipedia's ISP) are not liable for any libel information which may be posted since they are not actual publishers or speakers in per se.

So to answer your question, it is not illegal to post libel information on the internet.

Really? What examples do you have exactly?

Let's see. The interstate highway system, the TVA, the Air Traffic Control system, the Federal Reserve, and (assuming, as I mentioned, decent management, which we are unlikely to see anytime soon) the railway system and space research. I could go on. As I mentioned, the above examples perform more or less well proportinally to the intelligence of management.

I believe the interstate can be justified as constitutional for the defense of the country. I might even agree with Air Traffic, (although there are a number of contracted companies running atc towers). I am amused about your example of the federal reserve. That to me is the very WORST of the federal abuse of power, and unconstitutional to boot. Institutionalized inflation (which is what we have) hurts the poor worst of all. The wealthy can invest as a hedge against inflation, while the poor typically "invest" in a bank account if they can manage to save at all. With the current environment they will at best break even with purchasing power by doing so. This is why I believe both the democrats and the republicans clearly do no give a shit about the poor, as the system is currently set up to penalize those that are frugal and try to save.

Amtrak sucks, and has been running in the red for years. Spaceship one showed that private enterprise can reach space cheaply.

I hate to be rude, but I'm afraid that this is the piece of libertarian dogma I find most repugnant. I was born in Russia. I know what a _real_ unaccountable central authority looks like. Please get a clue.

Well, you may get to see one again, right here. Lets check how much of our constitution is still valid :

Artile III, section II

The Trial of all Crimes, except in Cases of Impeachment, shall be by Jury; and such Trial shall be held in the State where the said Crimes shall have been committed

AND

Amendment VI - Right to speedy trial, confrontation of witnesses. Ratified 12/15/1791.

In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the Assistance of Counsel for his defence.

The above is no longer true if the penalty for EACH charge you face carries less than 6 months per charge. So important they put that in there twice. Funny how ALL doesn't mean ALL dont you think?

right to a speedy and public trial,and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor

Yeah tell that to the guys in gitmo (whoever they may be??) for going on 4 years now.

Amendment VIII - Cruel and Unusual punishment. Ratified 12/15/1791.

Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted. Hmmm sounds like that should cover the torture question don't ya think?

Amendment IV - Search and seizure. Ratified 12/15/1791.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

I say this clearly violates that whole probable cause thing.

Amendment II - Right to bear arms. Ratified 12/15/1791

CDT takes "opt-out" seriously, so why should I take them seriously?

Your second quote does not show favor or approval by EPIC. Snakes mature with age. Indeed, from your fine article,

Hoofnagle cautioned, noting that Microsoft's statement of principles says the company supports "consumer opt-in" -- the consumer's advance permission would be required -- for sharing of sensitive (e.g., financial or medical) data but supports "opt-out" -- data can be shared unless the consumer explicitly says "no" -- for every other kind of information.

Your third quote should go further in it's statement of mistrust of Microsoft by the ACLU. Again, from the FA:

ACLU legislative counsel Timothy Sparapani also praised Microsoft's move, but cautioned that any federal privacy law would need to include safeguards for data gathered by commercial data brokers.

But we don't need experts misquoted to help us rip Microsoft a new one when it comes to anything customer friendly. Microsoft is anything but subtle about what it does. We can look at their own BS to see what they want to do. From their own nonsensical web page, followed by plain English translation:

Create a baseline standard across all organizations and industries for offline and online data collection and storage. This federal standard should pre-empt state laws and, as much as possible, be consistent with privacy laws around the world.

The Microsoft way or the Highway, once again.

Increase transparency regarding the collection, use and disclosure of personal information. This would include a range of notification and access functions, such as simplified, consumer-friendly privacy notices and features that permit individuals to access and manage their personal information collected online.

A notice of vile activity is not a prohibition of vile activity. A promise of sharing from Microsoft is worth about as much as a shared source license.

Provide meaningful levels of control over the use and disclosure of personal information. This approach should balance a requirement for organizations to obtain individuals consent before using and disclosing information with the need to make the requirements flexible for businesses, while avoiding bombarding consumers with excessive and unnecessary levels of choice.

Microsoft's idea of balanced is well known as is what they consider a reasonable level of trust.

Ensure a minimum level of security for personal information in storage and transit. A federal standard should require organizations to take reasonable steps to secure and protect critical data against unauthorized access, use, disclosure modification and loss of personal information.

Oh yeah, a certification process approved by an industry follower like Microsoft. Anything that would pass Microsoft for security or privacy is crooked enough to outlaw anything else.

I'll believe Microsoft gives a shit about anything but spamming their users when their OS has a half life better than 20 minutes on any network.

As others have mentioned here, assuming that the Internet is confidential is dangerous and naive. With the rise of cable modem networks and Wifi networks, the zone of trust is even smaller.

I don't have a problem with the general idea of governments being able to tap the Internet in the same way as they tap phones, if and only if the system is secure and regulated at least as rigorously as phone taps. In fact, given the choice I'd rather they tap the Internet than phones (where things like encryption are expensive/difficult to employ).

While the general idea of a net tap isn't so bad, the implications are more distressing. Once they get their mitts on the first few layers of the network stack, they'll naturally work their way up. The next logical step is key escrow for encryption. For an old yet relevant paper on this, see:

http://www.cdt.org/crypto/risks98/ [html]

Among the risks and problems cited in that paper are things that will also be relevant in any sort of network tap, including higher costs pushed onto end users, inherent insecurity in having extra access vectors, and difficulty in preventing abuse of the system.

In the end the idea of a network tap isn't so bad. What bothers me is the difficulty (impossibility?) of doing it right, and the other things that this will set a precedent for.

Normally EFF(http://www.eff.org/) and CDT(http://www.cdt.org/) send out alerts. As close as this legislation was with only a two vote passage in the House, it's a real shame they fell down on the job. I think they would have been able to make a difference on this vote.

Hopefully we can start a new trend of linking to relevant CRS reports on OpenCRS so we can all see what our congresscrooks in DC are being told about a particular topic. I'll start.

CRS Report 31260, "Digital Televsion: An Overview", June 22, 2005

no, this isn't going to cost the taxpayers more to make these reports available for free. opencrs is apparently being funded by CDT- http://www.cdt.org/. all the additional costs incurred by the taxpayers is from any negligible costs for congressional staffers to disseminate these reports.

As such an "in touch" person who sees what's really going on - you do realize that most of the powers the Patriot Act gave to the FBI to fight terrorists, it's had to fight the drug war since 1982? And to fight Medicare fraud since 1997? And have been used by federal agencies from OSHA to the SEC in the verification of their regulations? That, in fact, the only thing that's kept the FBI from using these powers against you for the past twenty years is that they're either basically honest or just don't give a damn about you?

The war on drugs did far more to trample the rights of the citizens of the US than the war on terrorism ever has (or will). People whining about this stuff now have been asleep at the switch for a very long time. You want to crusade for freedom - don't start trying to block minor enhancements to FBI power like this. Start by trying to roll back all the laws and court decisions over the past twenty years that have rolled back your 4th and 5th amendment rights, that have elimninated any expectation of privacy in financial transactions, that have made it very difficult to do anything significant in cash. Undo law enforcement's ridiculous powers to sieze your property without trial and sell it for their profit. End racial profile stops that result in drug searches.

It's not some Bush or Republican plot. They're just trying to do to terrorists what we've been doing to drug users and dealers for a really long time. The elimination of our rights has come from both parties, as they've both controlled Congress and the White House over the time this has occurred. If you're mad at Bush personally about the Patriot Act, you're blinding yourself to the fact that it passed the Senate 98-1. No party or president has a monopoly on favoring expedience over principle. While Brave Democratic Senators stand up against these largely meaningless provisions of the Patriot Act, no person in any party is making any move to restore the rights we've already had stolen from us.

This Patriot Act crap is mouse nuts compared to what Congress and the courts have done to our rights in order to stop demon weed over the past two decades. I'll be impressed with your clarity of vision when you start being mad about the stuff that's important.

I just went to a very interesting panel discussion about just this very subject, hosted by hosted by the Center for American Progress (http://www.americanprogress.org). It featured some very insightful comments from the very knowledgeable James X. Dempsey of the Center for Democracy and Technology.

Video transcripts are also available (here)

I just went to a very interesting panel discussion about just this very subject, hosted by hosted by the Center for American Progress (http://www.americanprogress.org). It featured some very insightful comments from the very knowledgeable James X. Dempsey of the Center for Democracy and Technology.

Video transcripts are also available (here)

My research is currently looking into approaches to related areas (as a user, not necessarily as a cryptographer), you may wish to look into "secret sharing", where given a secret (e.g. a private key), a set of participants, and what the literature calls an access structure which is a collection of subsets of participants that you wish to be able to easily recover the secret (called a qualified subset), establishes a two stage protocol:

1. Share - a trusted entity called the dealer takes the secret and encodes it into a set of shares, securely awarding each participant a unique share.
2. Reconstruct - some subset of the participants presents their shares, if the shares are valid and the subset is a qualified subset, the secret is recovered and securely distributed to that subset of participants, otherwise the secret should not be revealed.

There are proactive variants that periodically recut the shares to prevent accumulated leaking of shares over time from forming a qualified subset.

Also there are verified secret sharing schemes which support a verify operation, where a share can be checked for correctness without trying to reconstruct the secret (so that bad dealers can be caught and that at reconstruct time invalid shares can be found prior to reconstruction).

Finally there are "cheating immune" schemes. A cheater is a participant who gives a bogus share at reconstruct time. If they know something about the reconstruction step and can assume the other participants are giving valid shares, some schemes may allow the cheaters to learn something about the secret. In cheating immune schemes, this is prevented.

Finally there are schemes that use verifiable threshold schemes and verifiable secret sharing for digital signatures.

If you are interested in some references, Doug Stinson's bibliography on Secret Sharing (he has some recent work too). Tal Rabin has done some good work, as has Markus Stadler. Recent work by Stanislaw Jarecki has caught my eye.

Here it is with the link fixed

While this is certainly a disturbing development the constitutionality of it is unclear and quite interesting.

On the one hand the first ammendment certainly does not require libraries to provide pornographic magazines or otherwise provide some unbiased representation of viewpoints. In general the first ammendment does not restrict the government from providing some content but not others (except when this infringes on the establishment clause).

However, while library filtering has been deemed constitional (link here) the supreme court has also ruled that libraries must allow adults to bypass the filters. In other words apparently the supreme court has recognized that internet filtering is significantly different than buying library books. The library has legitimate financial constraints in what books it provides but does not in internet filtering.

So the question becomes very unclear in the case of truck stops. Since these are entierly automated they can't very well demand a librarian turn the filtering off. Still, since one does need to be at least 16 to drive and because of the real possibility that by providing enough government internet access filtering could stifle free speech I imagine it would be declared unconstitutional but it is a tough call.

While this is certainly a disturbing development the constitutionality of it is unclear and quite interesting.

On the one hand the first ammendment certainly does not require libraries to provide pornographic magazines or otherwise provide some unbiased representation of viewpoints. In general the first ammendment does not restrict the government from providing some content but not others (except when this infringes on the establishment clause).

However, while library filtering has been deemed constitional the supreme court has also ruled that libraries must allow adults to bypass the filters. In other words apparently the supreme court has recognized that internet filtering is significantly different than buying library books. The library has legitimate financial constraints in what books it provides but does not in internet filtering.

So the question becomes very unclear in the case of truck stops. Since these are entierly automated they can't very well demand a librarian turn the filtering off. Still, since one does need to be at least 16 to drive and because of the real possibility that by providing enough government internet access filtering could stifle free speech I imagine it would be declared unconstitutional but it is a tough call.

You may want to use the EU Personal Data Directive (95/46/EC) as a starting point. But even the Directive has its weaknesses...

(or at least, I think so) because I had my name removed from list months ago. I did it to cut back on junk mail, but I guess avoiding identity theft is an even better reason. I recommend that everyone opt out of every list they can!

The 1996 order is obsolete. Under pressure from various fronts, including Congressmen, the Clinton Administration later pushed through, in 2000, an extremely permissive encryption policy that essentially made any consumer-oriented encryption software freely available to anyone who doesn't live in a country that the US has sanctions against. The amount of regulations regarding encryption products was also substantially decreased, which has made possible freely-available strong encryption, where before even browsers had US and international versions with weaker encryption for the latter.

(Less than perfect) source: http://www.cdt.org/crypto/admin/ (Also read Steven Levy's book, "Crypto", for a good overview of the history of these regulations and Clinton's relaxing of the rules)

The restrictions on crypto export were relaxed in early 2000

As the article summary notes, this isn't a problem for dual-tuner PVRs.

Most PVRs offered by cable and satellite providers, such as Charter's Motorola BMC9012 offering, are just that. And, adding another tuner (or several tuners) to media PCs, such as those running MythTV or the surprisingly good Windows XP Media Center Edition 2005, is a simple task (for a person so inclined to have a media PC in the first place).

So, yes, it's interesting to see this acknowledged, but the tactic does show up in the guides (e.g., ER starting at 8:59PM CT), and for multi-tuner PVRs it is not at all an issue.

What will be far more interesting to me is the networks' and content providers' handling and usage of the Broadcast Flag (more, more, more), which will probably be utilized to prevent digital and/or HD recording, and thus prevent (easy) skipping of ad content, of some "high value" shows altogether, as well as allowing the placement (force feeding?) of new shows to piggyback on existing "popular" shows.

Interesting that while the invention of the VCR has been recently lauded as releasing people from the prison of having to watch "prime time" TV in prime time, the Broadcast Flag may essentially shoot us back 20 years. And most consumers don't understand or know the rights that have already been granted them enough to know the difference.

(And why don't content providers understand that: 1. this won't stop pirates from pirating TV, and that 2. this only makes it harder on ordinary consumers?)

Let's just figure out a way to use software like this for a use like http://www.akamai.com/ [akamai.com].. Mirroring the web and all of its content (legal or illegal) on the web would make all of our lives easier :-)

Sounds great, but one big problem I see is that bandwidth (real, robust, guaranteed bandwidth) costs money. A lot of money.

I spent over a year working as a sys-admin for a company (since gone bust) that was doing the same thing as Akamai (and according to third-party performance measurements, doing it better). Our bandwidth costs were outrageous. Granted, that was 2000-2001, and prices have gone down since then for bandwidth, but the cost is still high.

I'd rather see us develop a BitTorrent that was completely anonymous, with encrypted traffic. I'm not sure how this would work...I'm thinking that in addition to spreading out the actual content over many computers, you would do the same thing for the .torrent files, but in such a way that it would be impossible to point to any particular IP address and say "this IP address distributed this torrent".

They would be able to see the traffic, but it would be encrypted. Much like using an anonymizer proxy with SSL for HTTP traffic.

Maybe similar in some ways to the Publius project http://publius.cdt.org/publius.html

This is not entirely true. According to the EU Data Protection Directive, in order for data to be transferred out of the EU/EEA to third countries, the country in question has to have "adequate level of protection," cf article 25. Adequacy is determined by various factors such as existing data protection legislation and professional rules and security measures in relation to the type and sensitivity of the data being transferred.

...the CDT, EPIC, and the ALA. Here's their brief (in PDF).

After having researched a spyware infection recently, I disagree.

The folks at the CTD filed a complaint [warning: PDF] with the FTC that explains pretty clearly how the crapware can be installed without explicit user approval, and how difficult it is to remove.

And Tom Liston might make a nice expert witness: Follow the Bouncing Malware

And FYI, the million+ innocent sites were blocked in an effort to block 400 porn sites. Look at http://www.cdt.org/publications/pp_10.14.shtml .... not such a great batting average....

I don't see any links here to CDT's information on the case. All of our information on the lawsuit is posted at http://www.cdt.org/speech/pennwebblock/. Disclaimer: I was involved in the case, and testified before the Court.

I am all for free wireless internet. I expected more governments to provide internet access as a standard community service. The bureacracy moves slow enough that the technology has improved before it became standard.

But government-controlled internet access allows easy censorship by the government. Check how China deals with the internet. Remember that Pennsylvania, the State that contains Philadelphia, has already tried to censor the internet by forcing commercial ISPs to block websites. That had a happy ending, but what if the government is the ISP? How long would the site-blocking remain secret? How long before the government ISP stops once it becomes known? The commercial ISPs did not want to block because of the expense, and possible loss of customers. (Actual cost does not matter; it cost more than not doing it.)

The Internet is becoming the only media. It can provide phone service, television shows, movies, news, weather reports, dictionaries, encyclopedias, and much more. It will become the primary method of distribution for all information. Do you want the government to control your access to all media? Do you want it to track what you are reading?

Do you want the government to track your internet usage? Commercial ISPs delete their usage records to avoid privacy issues. Comcast, the Philadelphia cable company, got vilified because they were caching websites. How will the privacy contingent react when the government controls internet access?

That said, the convenience of ubiquitous wireless service will probably override any privacy concerns. This is the place where the public will allow their purchases to be tracked in exchange for a minor discount, or just a chance to win a few dollars.

(I live in the Philadelphia suburbs, but that is not relevant to this post.)

And with a burden shared equivalently by all carriers in this age of record corporate profits, who is going to pay for that? You will, but there will be no line-item on your bill letting you know. Just an across-the-board price hike.

The PATRIOT Act was signed into law a mere 5 weeks after the Administration's draft was first circulated - lightning speed for legislation. And on the House side, the version approved by the Judiciary Committee with some changes prompted by civil liberties concerns was replaced by a different version in the middle of the night, and a vote was taken just hours later - leaving members and their staff with literally not enough time to read what was in the lengthy bill.

2. Data Quality Principle
Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.

How does the government separate the junk data from what may actually be worth looking at?

This is called the collection limitation principle - There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject., cf. OECD Guidelines for privacy/data protection.

Here is the EU Personal Data Directive (95/46/EC), which is the basis/minimum for the data protection laws of each EU and EEA country. The Norwegian Personal Data Act is supposedly the toughest of them all. It's interesting to compare the nuances.

According to the EU Personal Data Directive article 25, personal data cannot be transferred to "third countries" that don't provide an adequate level of protection of personal data (via legislation); the United States is one of these countries. Unfortunately, in article 26, you find a lot of exceptions. And even if the original European and American parties have an agreement about how personal data is to be treated, the American company contracts, and subcontracts, and subsubcontracts the work until finally, well, the work ends up in a country like India or Pakistan where an opportunistic worker can profit from databases full of sensitive personal data, without any chance of seeing a day in court.

A detailed study by the Center for Democracy & Technology concluded "CDT received the most e-mails when an address was placed visibly on a public Web site. Spammers use software harvesting programs such as robots or spiders to record e-mail addresses listed on Web sites, including both personal Web pages and institutional (corporate or non-profit) Web pages." It has very little to do with the mailing lists you're on, and is driven by where your address has been published on the Web.

Apparently in the US, "anything goes." Companies promise to keep data private, only to sell or transfer it to third parties, as in the case of several airlines. Sensitive personal data is outsourced to countries like India and Pakistan for processing. What happens? The natives can threaten to release this data if they're not paid a certain amount of money.

In Europe, EU and individual national laws dictate that this data can among other things only be used for a specific purpose determined before data collection, not be used for other purposes, and not be released to third parties without the consent of the data subject. Furthermore, personal data cannot be transferred to countries that do not have privacy laws equivalent to or stronger than the Directive.

The EU Directive is the rule; countries in the EU and EEA are required to have national privacy laws based on the Directive.

and the responsiblility for accuracy should rest on the provider, not on the poor slob being tracked

For example, this is already the case according to Norwegian Personal Data Act, which is based on the EU Personal Data Directive. The data controller has the burden of responsibility for the quality and integrity of the personal data being collected. Furthermore, if personal data finds its way to a third party, it is the responsibility of the data controller of this third party to inform each and every data subject about this transfer. Data subjects have the right to access to information on themselves, as well as to be removed from databases (except for certain government databases) and they have the right to have wrong information corrected, at the expense of the data controller.

And there should be severe restrictions on the uses that can be made of the information.

This is the principle of use limitation (tied in with purpose specification): personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with except with the consent of the data subject or by authority of law.

I disagree with the requirement of government sponsored databases. This violates the principle of use limitation where the data would be used for purposes other than what they were collected for. You would also create a very unpleasant situation if the database were to be hacked, inside or out.

A study by the Center for Democracy & Technology in 2002 concluded that by either replacing email addresses with the HTML equivalent or human-readable equivalents like "example at domain dot com" signficantly cut down on spam. From their Major Findings: "E-mail addresses posted to Web sites using these conventions did not receive any spam." While, yes, it's relativley easy to write a script that would recombine the addresses, apparenlty most harvesters for whatever reason just aren't. My email address, which is posted online, is 'hidden' in HTML and I get very little spam after many years of having it up.

1. How to identify a spam (People are proven to be far better at pattern recognition than Bayesian models).
2. How not to click on a spam.
3. How to delete a spam.

Add to that 4. How not to give your email address to spammers.

We have to protect our email addresses. The email-obscuring feature on Slashdot is one way to do so. Another is to teach users that not all websites which request your email aren't going to use it to send spam.

For further reading, "Why Am I Getting All This Spam?"

Obviously, you weren't paying attention to this previous discussion about what's wrong with the Patriot Act.

There's been some research on what methods work best. The CDT put out a paper in March detailing their experiment and its results. It was also covered on Slashdot.

What makes them think that they would somehow be responsible if they were to do something simple and straightforward like a discussion forum? The high court has already ruled on several of these kind of cases and free speech won. For example, they struck down the CDA and they also said that Yahoo didn't have to rat out an anonymous Yahoo Groups poster.

Why use an obscure technology? That will have more of a chilling effect on active participation than any other factor.

I would be surprised if there were any common law country where the identify of users of an IP address were NOT subject to subpoena in a civil suit.

In most civilised countries in Europe a judge actually has to decide wheter the company can give out the identity of a user.
DCMA gives an assistant/clerk(?) the authority to allow identification based on a subpoena.

Here are two controlled studies of which activities attract spam, and how much:

"Why Am I Getting All This Spam? Unsolicited Email Six-month Report"
"The Great CNET Spam-off"

This report from the Center for Democracy and Technology pretty much addresses how to get spam:
http://www.cdt.org/speech/spam/030319spamreport.sh tml titled "Why Am I Getting All This Spam?"

The report was covered by slashdot quite a few times...
http://slashdot.org/article.pl?sid=03/04 /22/135421 5
http://slashdot.org/article.pl?sid=03/04/12/144 220 6
http://slashdot.org/article.pl?sid=03/03/19/173 624 9

... from the Center for Democracy and Technology website.

http://www.cdt.org/testimony/030917davidson.shtml

A quick google on todays event turns up surpisingly little. It is shameful how the media conglomerates are sweeping DMCA related stories under the rug.

The other good news from that study is that they show that spam does decrease after you remove your email address from websites... in other words, they don't keep the addresses as much as we generally believe. You aren't on every spammers list forever just because they get your address once.