Slashdot Mirror

← Back to Domains

Domain: eff.org

Stories and comments across the archive that link to eff.org.

Stories · 1,385

  1. EFF Pioneer Awards

    Yro · Censorship · · posted by michael · from the fighting-the-good-fight dept. · 1 comment
    The Electronic Frontier Foundation gives out a set of awards annually to people who've made "a substantial contribution to the health, growth, accessibility, or freedom of computer-based communications". This year's awards went to: "Librarians Everywhere", which was accepted by Karen Schneider, a librarian who has opposed efforts to install censorware in libraries; Phil Agre, computer scientist and professor at UCLA; and Tim Berners-Lee of MIT, director of W3C. Dan Gillmor has a story, and sooner or later EFF will update their awards page with the text of this year's award.

  2. Copyright Office Needs Comments On DMCA By March 31

    Announcements · · posted by ryuzaki0 · from the calm-collected-rational-and-persuasive dept. · 100 comments
    mdonaghy writes: "The EFF and the U.S. Copyright Office are looking for [further] public comments on the DMCA, as stated in this EFF alert. The deadline for comments is Friday, March 31. This should be a good place to voice our concerns about copyrights that several readers have previously voiced in Slashdot forums." (more)

    Though the DMCA was signed into law in 1998, the rules of engagement are still being debated. This is your chance to make "reply comments," and address the arguments raised by the entertainment giants. The EFF link above sorts important previous comments straightforwardly into "pro-freedom" and "anti-freedom," for obvious reasons.

    If you haven't yet added your voice, you now have nearly two weeks to do so. You might want to read the thread about the last round of comments on the same issue, and emulate the comments you find most persuasive.

  3. Copyright Office Needs Comments On DMCA By March 31

    Announcements · · posted by ryuzaki0 · from the calm-collected-rational-and-persuasive dept. · 100 comments
    mdonaghy writes: "The EFF and the U.S. Copyright Office are looking for [further] public comments on the DMCA, as stated in this EFF alert. The deadline for comments is Friday, March 31. This should be a good place to voice our concerns about copyrights that several readers have previously voiced in Slashdot forums." (more)

    Though the DMCA was signed into law in 1998, the rules of engagement are still being debated. This is your chance to make "reply comments," and address the arguments raised by the entertainment giants. The EFF link above sorts important previous comments straightforwardly into "pro-freedom" and "anti-freedom," for obvious reasons.

    If you haven't yet added your voice, you now have nearly two weeks to do so. You might want to read the thread about the last round of comments on the same issue, and emulate the comments you find most persuasive.

  4. Analysis: The Digital Millennium Copyright Act

    Features · Internet · · posted by JonKatz · from the corporatism-vs.-the-geeks:-first-blood dept. · 285 comments
    Note: This is part one of a two-part series.

    The Digital Millennium Copyright Act (DMCA) was passed by Congress and signed into law more than a year ago, but its true impact is only beginning to be felt. Corporatism squared off brazenly against the geeks, and handily won Round One. If you're wondering where your Napster really went, read more below.

    The Digital Millennium Copyright Act is an especially devious title for one of the most significant pieces of Internet legislation yet passed. If you're looking for insight into how corporatism and politics work together to control software and technology -- and to potentially stifle free speech and individual choice -- you can't do better. Nor will you find a more textbook-perfect example of dubious, perhaps even unconstitutional, Internet law.

    This is how the struggle over who owns ideas, software and intellectual property on the Internet will be waged; Round One in the battle that is pitting corporatism against the geeks. They won.

    The DMCA -- largely the fruit of massive lobbying by the entertainment industry, including companies like Time Warner, Disney and other giants of recording and movie industry -- was passed quietly 16 months ago by a normally acrimonious Congress, and immediately signed by the President. Despite the law's profound and far-reaching implications, Clinton's signing of the measure drew little media attention, online or off, and only in the last few months has its impact begun to be felt.

    Central to the law is a clause making it illegal to thwart copyright protection methods through the use of software or hardware. Without that power, argued the lobbyists for record labels, traditional publishers and film studios, their industries would be run out of business by the newly empowered Net generation. This is a generation, mostly young, who've discovered that they could create their own culture on the Net, and get the music they wanted rather than pick only from the choices preselected for them by the music industry. And for free, no less. Thousands of artists who wouldn't have gotten through the record industry's artist-selection machine suddenly had channels to distribute their work and find new audiences. Music software is a powerful example of how the Net gave individuals -- especially ones far removed from corporate models of culture and creativity -- a chance to be seen and heard. And it gave music lovers a chance to hear them as well.

    And although the law passed more than a year ago (despite opposition to DMCA by the Electronic Frontier Foundation and other online free-speech activists, the Act's proponents and their lawyers took their time strategizing about exactly how to enforce and implement it.

    This year, the gloves came off -- and suddenly people at colleges all over the country are wondering what happened to their Napster sites. Despite what many schools are telling their students -- often that downloading music simply takes up too much bandwidth -- the real reason for their actions is the DCMA.

    Pointedly high-profile lawsuits have been filed recently, as the entertainment industry takes the lead in the war against free culture and the spread of forums for artists to disseminate their work -- at least artists the industry doesn't control. The industry has obviously done its homework, studying how software really works and how information moves, and is using the Digital Millennial Copyright Act as its primary weapon against infringement by people using the Net and the Web.

    As a result, with little political opposition or discussion, the DMCA is already beginning to redefine entertainment on the Net, and regain control of popular culture, as corporatists move against free music and movie users. As someone who's been writing about First Amendment issues for years, it's hard to imagine a piece of legislation with greater implications for free speech as well as corporate control of intellectual content. This legislation seems to have anti-trust implications as well: how could any law more actively discourage creativity and competition?

    If there is a silver lining in the use of the DMCA to dominate entertainment, it's that day by day, the political issues become clearer. Even though many open source advocates see themselves as technologically centered, rather than politically, the DMCA pits the free software movement, squarely against the commercialist threat to the free nature of the Internet. The corporatists grasp what many young programmers don't: Open source is a powerful political idea, and it's antithetical to the way many modern corporations have always worked.

    "The anti-circumvention clauses fundamentally change the balance of copyright," Alex Fowlier of the EFF told USA Today's Bruce Haring earlier this week. "Now we're not just talking about rights to the work, but about tying it to the system it is displayed on, or plays on, or is distributed by. That's one level deeper into control than copyright has been associated with." Tying the distribution, display or performance of a work to a system "affects the users in ways we can't even imagine," says Fowler. "It really hampers the future growth of the Internet." It doesn't do much for the present either.

    One reason free music sources proliferated so rapidly was that they often piggy-backed on educational and other sites where music seekers congregated. College students could download music on their schools' sites, in part because the schools believed they were simply neutral, non-liable carriers of content. Since there was no Internet law governing content on Web sites, nobody knew if that was true or not. But it certainly isn't true anymore.

    The music industry and its lawyers understood that colleges and universities are powerful channels for commercial music, places where artists, bands and even musical genres are discovered and become popular. They realized they didn't have to shut down every free music site on the Net -- those on instant messaging services like ICQ or AIM, for example -- in order to sharply curb the spread of free music. They could use the DMCA as a way to focus on a smaller number of sites, and on universities and colleges. For an industry that garnered $15 billion in revenues last year, the cost of that focused effort is chump change.

    Rather than targeting music distributors or downloaders, they lobbied successfully to get a law passed that made it illegal to thwart copyright protection methods in software and hardware. Music industry lawyers then began notifying colleges and universities that they might be in violation of federal copyright protection laws if they tolerated the existence of Napster and other means of music dissemination. Free music users, accustomed for years to downloading what they wanted, were caught unawares.

    The DMCA went a step further, in a legally ingenious way. The law decrees that Internet service providers won't be liable for copyright infringement by their users if the providers remove offending material once they're made aware of it. It's that provision that gains entertainment companies so many powerful new allies in their war against "pirates" -- recruiting, in effect, all the institutions and sites that allow content redistribution, and turning them into culture cops. If they block free music, they're off the hook legally. If they don't, they're liable.

    Some colleges seem to think they have a far greater stake in avoiding lawsuits than they do in confronting the real issues involved -- like promoting free expression and diversity in culture. And college students are selective in political issues. There is, for example, a broad-based anti-sweatshop movement on many U.S. campuses, but no equivalently passionate and nationally-organized movement to keep culture free.

    (Personal note: As an author who writes online and on paper, I am well aware of the complexity of intellectual content and copyright issues. Writing online, especially for this Web site, means relinquishing reprint, royalty and subsidiary rights that used to provide revenue to writers and artists. The work of me and other writers here and elsewhere on the Web is widely distributed, linked and even printed in paper form without permission or payment. But I've also come to believe that the free (open source, if you like) distribution of content -- even opinions -- offers creators new opportunities: broader audiences, greater impact, road-tested ideas, thus eventually, perhaps even more income.)

    While the sweatshop issue (students accuse colleges as well as fashion retailers of buying merchandise produced by sweatshop labor) is perfectly valid, one could argue that the effort by corporatism to attack information software and control entertainment is ultimately of equal importance.

    Before the DMCA, for example, a university -- or even a commercial Web site -- could look the other way as people presented, distributed and downloaded music. The legal issue was left between the record company and the so-called "pirates." But in recent months the DMCA has sparked legal actions like these:

    • Jon Johansen, a 16-year-old Norwegian student who allegedly wrote software allowing DVDs to be played on Linux-based computers, was arrested at the behest of the Motion Picture Association of America. The MPAA claimed the code illegally circumvented DVD copy protection, and sent cease-and-desist orders to hundreds, perhaps thousands of Web sites, including this one, that had allegedly posted the source code or linked to it. The MPAA filed lawsuits against several sites, as well as charges against Johansen and other software developers, and announced it would pursue other offenders.

    • RealNetworks obtained an injunction against a portion of software created by Streambox, designed to allow users to capture or record streaming media sent via Real's copy-protected format.

    • The Recording Industry Association of America (RIAA) filed suit against Napster, which allows music seekers to trade song files directly from machine to machine without having to post them on the Net. Following the suit, Napster was removed from scores of college and other Web sites.
    Tomorrow: The political issue is as simple as it is significant. Do individuals have the right to define their own cultural and entertainment experiences? Or must they depend on content and products sold by a handful of corporations?

  5. Keep It Legal To Embarrass Big Companies

    Features · Censorship · · posted by jamie · from the safe-legal-and-rare dept. · 148 comments
    Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

    Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

    The feature below was written by Mr.Haselton.

    X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

    X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

    So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

    The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

    The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

    This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

    [up][the,his,her,your,my][ass,cunt,twat][,hole]
    [wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
    [,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
    [,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
    [gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
    [gay,queer,homosexual,lesbian,bisexual][society,culture]
    [you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

    If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

    Reverse Engineering Prohibited
    Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

    Non-Disclosure
    Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

    So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

    At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

  6. Keep It Legal To Embarrass Big Companies

    Features · Censorship · · posted by jamie · from the safe-legal-and-rare dept. · 148 comments
    Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

    Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

    The feature below was written by Mr.Haselton.

    X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

    X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

    So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

    The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

    The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

    This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

    [up][the,his,her,your,my][ass,cunt,twat][,hole]
    [wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
    [,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
    [,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
    [gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
    [gay,queer,homosexual,lesbian,bisexual][society,culture]
    [you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

    If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

    Reverse Engineering Prohibited
    Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

    Non-Disclosure
    Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

    So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

    At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

  7. Keep It Legal To Embarrass Big Companies

    Features · Censorship · · posted by jamie · from the safe-legal-and-rare dept. · 148 comments
    Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

    Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

    The feature below was written by Mr.Haselton.

    X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

    X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

    So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

    The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

    The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

    This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

    [up][the,his,her,your,my][ass,cunt,twat][,hole]
    [wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
    [,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
    [,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
    [gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
    [gay,queer,homosexual,lesbian,bisexual][society,culture]
    [you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

    If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

    Reverse Engineering Prohibited
    Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

    Non-Disclosure
    Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

    So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

    At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

  8. Keep It Legal To Embarrass Big Companies

    Features · Censorship · · posted by jamie · from the safe-legal-and-rare dept. · 148 comments
    Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

    Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

    The feature below was written by Mr.Haselton.

    X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

    X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

    So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

    The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

    The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

    This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

    [up][the,his,her,your,my][ass,cunt,twat][,hole]
    [wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
    [,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
    [,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
    [gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
    [gay,queer,homosexual,lesbian,bisexual][society,culture]
    [you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

    If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

    Reverse Engineering Prohibited
    Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

    Non-Disclosure
    Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

    So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

    At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

  9. Lightning Crashes, An Old Freedom Dies (Updated)

    Yro · Censorship · · posted by jamie · from the vs.-lightning-bug dept. · 500 comments
    Last week, I gave a presentation on SurfWatch, and blocking software in general, in downtown Holland, Mich. Preparing for it was an interesting experience, mostly in annoyance, hard work, and dealing with getting seriously sick two days before. Read on for the story of recovering, preparing, talking, giving away $100, a bolt of lightning, and why nothing anyone does is going to stop fundamentalists from bringing issues like this to America's ballots.

    I'm not a public speaker, and I hadn't stood before an audience in quite a while. The feedback I'd gotten from my first presentation on SurfWatch was that I talked too fast and too much. At the time, I'd wanted to communicate as much as possible of what the Censorware Project had learned over the last two years, in a half hour. An impossible task, and I shouldn't have tried.

    But I felt I could do better, so I wanted to try again. That's the effort that ended up becoming Thursday's presentation.

    My main problem is that the subject is complicated. Many computer professionals have this problem when trying to communicate computer-related ideas to nonprofessionals. If these things were simple, we wouldn't need computers. But trying to get across too much information in a half hour didn't work.

    The other thing I'd tried that didn't work was borrowing the computers of the Family Research Council. The FRC had two computers set up, one filtered and one not, run by two volunteers. I'd thought it would be a clever coup to use their own computers to show their software failing.

    But it wasn't impressive for one reason: when I showed an innocent Web site blocked, all that showed up was the "Blocked by SurfWatch" screen. I was using the FRC's filtered computer and their other one was turned off. Nobody had any idea that valuable information was being blocked, except me.

    Kind of the way the censorship works in the library. But not an effective demo.

    For my second go at it, I rented a ballroom in downtown Holland, advertised it in the paper, and brought my own computers. I purchased SurfWatch and installed it on one of them. And I spent some time thinking over which issues were important enough to hit and which were just too technical to mention.

    Setting up was great fun, if by "fun" I mean wrestling with a network under a deadline. The 10baseT jack didn't seem to be connected, one of the extension cords didn't work, a projector wouldn't turn on, and finally I was faced with Windows' endless dialog boxes of options just to use DHCP. But it all worked out with time to spare.

    I began my talk by explaining out why I was there and why blocking software was wrong. Currently, Holland's opposition to the software is being waged largely on political issues: chiefly, the fact that three-fourths of library taxpayers cannot vote on the ballot. To many, what the blocking software actually does is a non-issue.

    But these are mere procedural concerns. Every community is going to have to face the core problem squarely, sooner or later; it might as well be now. So I began my talk by laying out, from the beginning, my belief that blocking software inherently violates the First Amendment.

    After talking about some of the myths put forth in the community's debate, my next step was to display some pornography on the big screens. The local Family Research Council has been trotting out a presentation that focuses on some of the most graphic stuff available on the web: bestiality, fisting, etc. I'd decided to try not offending my audience quite as much. I chose some milder Web pages, mostly softcore, though several of the sites I chose also contained harder material.

    And, of course, unlike the Family Research Council's, my demonstration showed the pornography appearing on both screens: filtered and un-.

    I think I'll not reveal here which porn sites I showed. I want to see how long SurfWatch goes without finding them. So far it's been about two weeks, but of course revealing them here would get them blocked immediately for PR purposes.

    I will say that I chose six sites that all begin with the letter "A". This was to make the point that there is plenty of unblocked pornography - there being 25 other letters in the alphabet. As if to make my point, a Tennessee paper ran that same day a story about a schoolteacher who was fired for accessing over a hundred porn sites - right through the school's "filter."

    After all, if the software fails only a tiny fraction of the time, it still allows through - dozens? hundreds? thousands? - of porn sites. How many porn sites does the average person need? What's the point in blocking 99% of it, if the remaining sites are more than enough to keep anyone busy?

    The next step in my talk was the flip side: showing protected Web pages unfairly blocked. Finding a plethora of wrongly-blocked pages was easy. SurfWatch uses URL keyword blocking, so, for example, the complete text of the classic book Of Human Bondage is blocked because of "bondage" in the URL. The hard part was narrowing the list down to 10 to demonstrate.

    (If you're interested, here are the ten blocked pages I used: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10.)

    Next, I pointed out that these sorts of errors were not often corrected. What data there is suggests that most errors go unfixed. In our analysis of Web logs in the State of Utah, we found about 300 wrongly blocked sites, of which only six were overridden. Also, in the Family Research Council's $7,000 canned demo, they tried to show how easy it was to fix errors by unblocking The Onion. Since they couldn't even do their prepared site correctly (they left graphics.theonion.com blocked), how could the staff be expected to do the job on real sites, in a busy library?

    I explained that the errors I'd found were intrinsic to blocking software, because of the growth of the Web. In my first talk, I spent 10 minutes talking about exponential growth; this time, I just gave the impressive figure that, during just the course of my talk, a million Web pages were created or changed. Much quicker and I'm sure it made the same point.

    There seemed to be concern, in Holland, that pornography just "popsup" at any time, for no reason. I debunked that myth by pointing out that typos almost never lead to offensive Web sites. I read this quote from the Supreme Court's ruling on the Communications Decency Act, where they affirmed a lower court's conclusions:

    "Communications over the Internet do not 'invade' an individual's home or appear on one's computer screen unbidden. Users seldom encounter content 'by accident.' ... Almost all sexually explicit images are preceded by warnings as to the content. Even the Government's witness ... testified that the 'odds are slim' that a user would come across a sexually explicit site by accident."

    All the incidents of "verified pornography" in the Holland press seem to boil down to the same two cases over and over. In the first, a woman was reading Hotmail and, when she was done, closed the browser window. Behind it was porn that another user had left up as a prank.

    There are programs that can be run between users' sessions to shut down Netscape and clear its history - my local library is using one with much success - so blocking software isn't necessary to solve this problem. I've explained this to the woman, but she continues to use her incident as an argument for blocking software.

    The second incident involved a teenage girl. It seems she was at the library computer and stumbled across naked women purely by accident while doing an innocent search for chocolate chip cookie recipes. Interestingly, she didn't report this to her mother, apparently out of embarrassment, until weeks later. I'd like to speak with her as well but the local pro-filtering groups refuse to put her in touch with me.

    I haven't been able to replicate this event, and neither have other people who have tried. And I know a lot about search engines. Now, I'm not saying it didn't happen. Maybe it was a misunderstanding.

    What I did in my speech was hold up a $100 bill and offer it to the first person who could show me how it was done. I'll make the same offer to Slashdot readers. Let's see whether this is an urban legend or not. See the bottom of this story for the rules.

    I spoke briefly about the legal issues. The Holland area has been hearing suggestions that it will be legally safer to use blocking software. In fact, though the case law is by no means definitive, the experiences of Livermore and Loudoun point toward the opposite conclusion.

    Next was the fun part, where I brought up some quotes from the two organizations pushing filters in Holland to illustrate the folly of relying on unaccountable third parties for censorship. In a 1996 legal brief, the Family Research Council had mentioned Cyber Patrol by name as a product that families and libraries "should make use of." But just two years later, in a bulletin called "Filtering Out Decency," they were warning parents away from using the same software.

    Why? Because Cyber Patrol had stuck to its guidelines for what constituted hate speech. They had reviewed the American Family Association, the other organization pushing filters in Holland, and found them to be espousing intolerance of homosexuals. The entire AFA site now found itself censored, by the same type of software it had been pushing. In a bulletin called "Filtering Out Morality," the AFA warned parents to think twice before using any blocking software:

    "In a secularist culture, both filtering software and federal regulations may well be used to filter out Christianity along with other undesirable elements.

    "Another kind of software simply informs parents what sites their children have visited. Instead of making it impossible for children to see certain sites, this approach puts parental discipline at the center. Children, realizing that their parents are looking over their shoulders, are thus taught to internalize the restraints and to develop a conscience of their own.

    "As Christians get involved in these debates - before they get filtered altogether - they should keep in mind the warning of the great Puritan poet John Milton ... 'If it come to prohibiting, there is not aught more likely to be prohibited than truth itself.'"

    Teaching children to develop a moral conscience of their own? There's a radical idea. Why did it take censorship backfiring before anyone thought of that?

    I wrapped things up by talking for a bit about the importance of teaching these moral lessons to children. The children of today are growing up in the 21st century. The Internet will be available to them on every street corner and desk, and mostly unfiltered. What they need is not a temporary and leaky set of blinders strapped on. They need to be given an ethical foundation and the self-reliance to make good decisions about their own lives.

    Somewhere in there I called up the AFA's Web site and showed that their discussion about pornography was blocked by SurfWatch as if it were pornography. That got a chuckle from the audience and made the point: it isn't just one product that backfires. The very product that has been pushed in their community blocks the very organization that has spent $35,000 pushing it.

    As I wrote in an earlier article, I'm not sure any of this will make any difference to most people. For most, the issue is and will always be pornography: to be against pornography is to support filters.

    And the opposition to sexually explicit material is, at heart, an emotional one. It's a primal one. Sex and fear are two of the gut instincts that we humans carry with us from our earliest days.

    The day after my talk, the Holland Sentinel carried a powerfulinterview with the man who is behind the city's ballot initiative. IrvBos is the head of the Holland Area Family Association, a branch of the American Family Association.

    It seems his aversion to pornography began when he was a boy, in a dramatic incident. At the age of 12, he found a book by the side of the road - a book with stories about "pretty graphic things," a book that the young boy secreted away in his parents' barn.

    When "lightning struck the barn, burning it to the ground," it must have been a frightening demonstration of God's power to the guilty child, the child who associated that barn with sneaking behind his parents' back to do evil things, to read evil words.

    I think I put together a pretty good presentation Thursday night, but it couldn't have compared to a bolt from the sky striking down a house of evil - like "Sodom and Gomorra," according to Mr.Bos's recollections.

    That's hard to top. I can talk about the Internet equivalents of electrons and lightning rods all I want. But I don't think anyone can get through to people who believe this battle to be an epic one, a battle of good and evil. There is something primal there.

    We'll see Tuesday night how the vote comes out.

    Rules for the $100 offer are as follows. Find a search result URL that shows naked people, for a search on "chocolate chip cookies" or "chocolate chip cookie recipes." I'll accept any variant that an inexperienced Web-surfer might search for. Your result must appear on one of the first five pages of results returned (typically the first 50 results). I'll accept any major search engine. Send me the exact query you used; I will only accept queries I can verify to work as claimed. You aren't allowed to put up a cookie page, submit it, then change its content; to prevent this, you have until 11:59PMEST, Wednesday the 23rd. Only the first person gets the money; order is determined by timestamp of Received: headers at my server. I'll mail you a check or donate it to your favorite charity. This offer is made by me personally, not Slashdot, Andover.net, or VALinux. Notify me at jamie@mccarthy.org.

    Update: 02/22 9:30 PM EST by J : I'm getting a lot of submissions that underscore the importance of properly spelling queries. Since I said I'd allow variants, I'll allow these and pick the most reasonable-sounding to give the $100 to. Some of the better ones so far: "chocchipcooky," "chocolateecipe," and the amusing "chocolatecoochie." If you can't beat those, don't bother emailing me.

    But what I'm really looking for is a search engine result that looks innocent - that a 16-year-old girl might click on without suspecting pornography at the other end. See the CNN story:

    "She typed in 'Chocolate Chip Cookies,' hit the search button and immediately there appeared before her eyes a picture of a nude woman."

    The issue is whether pornography appears unexpectedly, from clicking on an innocent-looking link. If no one finds one of those, the other Slashdot authors and I will just decide on the most reasonable-sounding of the other submissions (first entries win ties).

  10. Jon Johansen on ABC World News Tonight

    News · News · · posted by Roblimo · from the spreading-the-word dept. · 413 comments
    Egil Kvaleberg writes "According to the newspaper VG [in Norwegian], a film crew is apparently on its way to Jon Johansen to shoot some footage which most likely will appear in tonight's edition of ABC's World News Tonight. The DVD-case has created a bit of a stir, and some important principles that it raises have already been raised in the Storting (Norwegian parliament). The EFF has offered Jon and his father support by offering to pay for a lawyer." If you miss the story on ABC, don't worry. Jon will be Slashdot's featured interview guest next week - and we don't confine our guests' answers to "sound bite" length.

  11. Preliminary Injunction Issued in DVD CCA Case

    Yro · Court · · posted by emmett · from the sad-news-for-open-source dept. · 345 comments
    jlj writes "Judge Elfving has just issued the preliminary injunction. We're having the opinion faxed over now and we'll have it up on www.opendvd.org ASAP. This has truly been a sad week... but we will keep fighting!" In the word of EFF Attorney Robin Gross, "We're going to need some bigger guns." The judge's official opinion can be found here. This story will be updated as we get information.

  12. DVD CCA Part II - Waiting For The Judge

    Yro · Court · · posted by emmett · from the waiting-and-waiting-and-waiting dept. · 320 comments
    When the DVD Copy Control Association's preliminary restaining order was rejected in court on December 29th, a second hearing was called to establish a preliminary injunction to stop websites from displaying or linking to the DeCSS source code. Today, the attorneys brought their cases to light, once again under the watchful eye of Judge William J. Elfving. No decision has yet been reached. Update: 01/20 12:05 by E : Andrew Bunner, defendant and courtroom observer, sent us his thoughts and opinions on yesterday's hearing; they're appended to the bottom.

    I got a chance to speak to Tom McGuire, Vice-President of Marketing and Communications for the EFF, who provided part of the pro bono team of attorneys at court today.

    "As I understand it, both sides presented arguments, and it sounds like both sides did a good job, although I'm hoping we did a much better job than they did. As far as I understand it, the Judge is going to review the arguments and written briefs that were submitted and hand over a decision in the next few days."

    I also got to speak to Matthew Pavlovich, Defendant #13 in the case.

    "I think we put together a solid defense. I don't think we're in the wrong. Most of these people are not under the jurisdiction of the California court. There's 15 year olds in Europe. There are real inconsistencies in the way that the prosecuring attorneys have handled this. We really appreciate the support from the computing community. Most of these people really understand what's going on, and their support has been really helpful. This is step one. There are two more cases, and these are federal cases. The fight's not over."

    Today's hearing was a much-anticipated event in the Open Source community, but it was just another drop in the DVD encryption bucket. The MPAA filed two federal lawsuits on January 14th, promising that the legal debate over DVD encryption will go on for a very long time.

    UPDATE by Andrew Bunner, defendant and courtroom observer:

    On the implications of this case:

    It would be a tragic blow to consumers and the constitution if the DVD CCA is allowed to win this case.

    Consumers want to be able to watch DVDs on their Linux computers. The DVD CCA wants you to only watch DVDs through one of their pre-approved players.

    The first amendment will be seriously eroded if Judge Elfving sets a precedent restricting our freedom to distribute the CSS algorithm. I'm wearing a T-shirt that has printed on it a copy of the decryption source code. If this injunction is granted, it will be illegal for me to wear this T-shirt. It will be illegal for you to photograph me wearing this T-shirt. In fact, it will be illegal for you to link to a photograph of me wearing this T-shirt.

    On the trade secret argument:

    Last night, I found 245 sites that make the supposed "trade secrets" available for download. At the Temporary Restraining Order hearing, one individual handed out printed copies of the "trade secrets". Another had the same material available on floppy diskettes that he was giving away. The algorithm and how to obtain the master keys has been widely discussed on mailing lists, in class rooms and in court.

    It's not much of a secret anymore.

    A list of mirror sites can be found at http://www.humpin.org/decss/. Be careful, though. By including that link in your story, are you making yourself a defendant?

    (*) As we understand it, the phrase "trade secrets" in the plaintiff's filings refers to the master keys and the CSS algorithm.

    On the misappropriation of trade secrets:

    Yesterday, the counsel for the defense claimed that I should know that the Linux DVD player was based on stolen trade secrets. I don't believe anything was stolen. The DVD CCA underestimates the skill of the software development community. I know that these programmers are capable of reverse engineering and decrypting DVDs without resorting to theft.

    On how I think the case will go:

    There's only one way Judge Elfving can rule without re-interpreting the First Amemendment.

    On copyrights:

    Movies are already protected under copyright law. No one disputes that it's illegal to duplicate and redistribute movies... in any format. That's not what we're trying to do. By making the decrypting algorithm available we want to let consumers play their legitimately purchased movies on their Linux computers.

    On the hopelessness of the MPAA's situation:

    It's impossible to restrict consumers from making private copies of their legitimately purchased movies through any technical means. If you can play a movie, you can capture it and copy it. And as long as that copy is for personal use only, this is perfectly legal. We think the MPAA will eventually come around and recognize this truth.

    On piracy:

    It would take about 16 days to download a full-length DVD over a modem. I'd rather just buy the disk.

    (*) The math... 4.7 GB * 1024 MB/GB * 1024 KB/MB / 3.5 KB/sec = 1,408,087 seconds to download a 4.7 GB movie over a 28.8 phone line that gets 3.5KB/sec. That works out to over 16 days of continuos downloading.

    How I felt after the hearing:

    We had a fantastic showing of support from the Linux community, cryptography experts and free speech advocates.

    Our defense team did an excellent job outlining the absurdity of the plaintiff's position.

  13. New DVD Lawsuits Filed by the MPAA (UPDATED)

    Yro · Court · · posted by emmett · from the when-will-they-learn dept. · 602 comments
    This afternoon, Robin Gross from the EFF called me with some disturbing new information for anyone interested in DVD litigation. The MPAA has filed two lawsuits against three defendants in two separate states for the "illegal hacking of the DVD encryption system 'CSS'." The plaintiffs in the case are Buena Vista Pictures Distribution, MGM, Paramount, Sony Pictures, 20th Century Fox, Universal, and Warner Bros.. UPDATE: The complaints are available online. See below.

    In the words of MPAA CEO and President Jack Valenti in a press release from the MPAA:

    "The MPAA is striking a blow today in defense of the future of American movies. We have filed suit in federal court to stop internet hackers from distributing the software designed to circumvent the encryption technology that prevents the unlawful copying of DVDs."

    "This is a case of theft. The posting of the de-encryption formula is no different than making and then distributing unauthorized keys to a department store. The keys have no real purpose except to circumvent the locks that stand between the thief and the goods he or she targets."

    Later in the press release, he goes on to state:

    "The U.S. movie industry intends to defeat anyone who steals our intellectual property. We are determined to defend the technology that protects artists and intellectual property holder rights... If you can't protect that which you own, then you don't own anything."

    Robin offered her comments on this new litigation:

    "Clearly, this is how they're trying to portray this. Piracy is their story, and they're sticking to it. Of course, this is a sneaky underhanded attempt to undermine the litigation that they've already filed in California, most likely because they lost at the temporary restraining order hearing. They realize the weaknesses in their trade secrets claim, an so they've decided to file under federal copyright, the Digital Millenium Copyright Act. This is also an inappropriate harassing lawsuit, because although the DMCA does provide for a general ban on circumventing technological protection, there are explicit exceptions to that general prohibition for the purposes of facilitating interoperability and computer security, among other exceptions. They've realized that their trade secret claim is not going to prevail, so this in Plan B. Quite frankly, this is what we were anticipating the first time around. We were not anticipating a trade secret claim, because it was so weak."

    For those following the news about the DVD CCA lawsuit, this new litigation shows us that this matter will take a very, very long time to work itself out, currently with no end in sight. It appears that in this case, the MPAA intends to blur the line between hacking for interoperability and the intent to distribute until it's no longer recognizable.

    This is all rather puzzling. From a Showbiz Today segment aired on CNN on January 11th, Jim Cardwell from Warner Home Video said:

    "We expected the source code to be broken. We were surprised it wasn't broken earlier. We believe there is no economic incentive to hack this product. The cost of the blank is more expensive than the cost of the finished product, and the amount of time it takes to download is several hours. There's no real economic incentive for anyone to hack this product."

    When the topic of DVD writers came up, went on to say:

    "Certainly, all the copyright holders, all of the studios, all the rights holders, are not going to sit still to see that -- to allow this to become rampant. We are going to continue to protect our products."

    The issues of interoperability and the right to distribute free software are key issues in the Open Source community, and they always will be. How far will the MPAA and the DVD CCA go? One thing is for sure; no matter how long or hard they're willing to fight, the Open Source community will be there to meet them every step of the way.

    Update: 01/15 21:31 by michael : John Gilmore adds that the complaints are available online at http://www.mpaa.org/dvd/content.htm. The links are slightly wrong, though, so you'll need to encode the spaces in the URLs:

    ...and even after you've done that, you'll still need to View Source on the New York page, since they didn't close a TABLE tag. Anyone named in these suits as a DEFENDANT should contact the EFF (Robin Gross, above) as soon as possible.

    And while I'm at it, adric submitted that Copyleft now has t-shirts with the CSS-descrambling code on them. Part of the shirt's price gets donated to the EFF! Buy one now, it's the most painless donation you'll ever make.

  14. DVD CCA Battle Continues Next Week

    Yro · Court · · posted by emmett · from the so-we-meet-again-at-last dept. · 153 comments
    When Judge Elfving handed down the rejection of the DVD Copy Control Association's temporary restraining order on December 29th, the Open Source community knew that they had won a battle in the war. The preliminary injunction hearing on the DVD Copy Control Association case that was originally scheduled for this Friday has been pushed back to next Tuesday, January 18th, and the Free Software community will be there with bells on.

    I recently had the opportunity to speak to Robin Gross, an attorney for the Electronic Frontier Foundation working on this case.

    Slashdot : Come on, we're geeks, not lawyers. What does this hearing mean?

    Robin Gross : It's important to note that in preliminary injunction hearings, this is pretty much where the game is played. This hearing is crucial in cases like this. Since we've got all these people in town for the RSA encryption conference, we're really calling upon the technical community to support this case and show up at court to educate the media there. Right now, the media focus is on piracy, and we need to turn that around. These folks are not trying to pirate movies, but rather watch the movies that they've already purchased, and continue research on DVD encryption. We're relying to a large extent on experts like cryptologists and programmers in the Linux community to educate their friends and family about encryption, and turn this around so people understand what the defendants are trying to accomplish.

    This case is really important for a couple reasons. First, protecting the first amendment and free speech on the Internet. These defendants are engaging in activities that are completely legal in the US as well as in Norway where the plaintiffs are complaining the original sin occurred. A lot of these people are encryption scientists and computer programmers who are simply trying to learn how to play DVDs on their non-Windows boxes. Another reason is that it's really important that people are allowed to reverse engineer computer software. The law in this country, as well as Norway, allows people to reverse engineer software, letting them try to pick it apart, figure out how it works, and then use that knowledge to innovate and build new technology, products and services, and in this case, extending the DVD industry's market.

    In a lot of ways, these people want to be DVD customers. They want to be able to buy DVDs and watch them on the computers they already have. So, their choice is either not buying DVDs, or watching them using this patch.

    The EFF has their brief and other documents available at http://www.eff.org/pub/Intellectual_property/DVD/.

    There are, of course, at least two sides to every story. This afternoon I spoke to Jeffrey Kessler, an attorney for Weil, Gotshal & Manges LLP, the law firm representing the DVD Copy Control Association.

    Jeffrey Kessler : I hope that we prevail. That's all I'm going to say at this point.

    Since they weren't talking, I decided to pull on the ear of Douglas Winslow, one of the defendants named in the case. Douglas still has the DeCSS code posted on his site, and he is one of the many defendants that cannot appear in court due to distance and time constraints.

    Slashdot: So, the preliminary injunction hearing is next Tuesday. Any feelings?

    Douglas Winslow : I feel we have a strong case. It'll be interesting to see what kind of precedent is set.

    Slashdot: Are you going to party if the defendants are victorious?

    Douglas Winslow : I plan to party either way. I'll either end up watching or burning part of my DVD collection to celebrate the outcome of the hearing.

    To be continued by Robin "roblimo" Miller on the 18th...

  15. DVD CCA Battle Continues Next Week

    Yro · Court · · posted by emmett · from the so-we-meet-again-at-last dept. · 153 comments
    When Judge Elfving handed down the rejection of the DVD Copy Control Association's temporary restraining order on December 29th, the Open Source community knew that they had won a battle in the war. The preliminary injunction hearing on the DVD Copy Control Association case that was originally scheduled for this Friday has been pushed back to next Tuesday, January 18th, and the Free Software community will be there with bells on.

    I recently had the opportunity to speak to Robin Gross, an attorney for the Electronic Frontier Foundation working on this case.

    Slashdot : Come on, we're geeks, not lawyers. What does this hearing mean?

    Robin Gross : It's important to note that in preliminary injunction hearings, this is pretty much where the game is played. This hearing is crucial in cases like this. Since we've got all these people in town for the RSA encryption conference, we're really calling upon the technical community to support this case and show up at court to educate the media there. Right now, the media focus is on piracy, and we need to turn that around. These folks are not trying to pirate movies, but rather watch the movies that they've already purchased, and continue research on DVD encryption. We're relying to a large extent on experts like cryptologists and programmers in the Linux community to educate their friends and family about encryption, and turn this around so people understand what the defendants are trying to accomplish.

    This case is really important for a couple reasons. First, protecting the first amendment and free speech on the Internet. These defendants are engaging in activities that are completely legal in the US as well as in Norway where the plaintiffs are complaining the original sin occurred. A lot of these people are encryption scientists and computer programmers who are simply trying to learn how to play DVDs on their non-Windows boxes. Another reason is that it's really important that people are allowed to reverse engineer computer software. The law in this country, as well as Norway, allows people to reverse engineer software, letting them try to pick it apart, figure out how it works, and then use that knowledge to innovate and build new technology, products and services, and in this case, extending the DVD industry's market.

    In a lot of ways, these people want to be DVD customers. They want to be able to buy DVDs and watch them on the computers they already have. So, their choice is either not buying DVDs, or watching them using this patch.

    The EFF has their brief and other documents available at http://www.eff.org/pub/Intellectual_property/DVD/.

    There are, of course, at least two sides to every story. This afternoon I spoke to Jeffrey Kessler, an attorney for Weil, Gotshal & Manges LLP, the law firm representing the DVD Copy Control Association.

    Jeffrey Kessler : I hope that we prevail. That's all I'm going to say at this point.

    Since they weren't talking, I decided to pull on the ear of Douglas Winslow, one of the defendants named in the case. Douglas still has the DeCSS code posted on his site, and he is one of the many defendants that cannot appear in court due to distance and time constraints.

    Slashdot: So, the preliminary injunction hearing is next Tuesday. Any feelings?

    Douglas Winslow : I feel we have a strong case. It'll be interesting to see what kind of precedent is set.

    Slashdot: Are you going to party if the defendants are victorious?

    Douglas Winslow : I plan to party either way. I'll either end up watching or burning part of my DVD collection to celebrate the outcome of the hearing.

    To be continued by Robin "roblimo" Miller on the 18th...

  16. DVD Hearing Victory: We Won - For Now

    News · News · · posted by emmett · from the I-love-it-when-the-good-guys-win dept. · 443 comments
    Open Source community members breathed a sigh of relief at 4:50 PST today when Santa Clara County Judge William J. Elfving rejected the DVD Copy Control Association's request for a temporary restraining order that would keep Web Sites from linking to information about DeCSS.

    Open Source community members breathed a sigh of relief at 4:50 PST today, as Santa Clara Judge William J. Elfving rejected DVD Copy Control Association, Inc.'s request for a restraining order.

    Robert Jones was Defendant #15 in the filing, and he shared his thoughts after hearing the decision:

    "It's good to hear that some sort of sanity won today. I'm sure we're all very appreciative to the EFF and everyone else who showed up to help and advise. I wish to personally thank, especially, all the lawyers who volunteered their advice and services pro bono to the defendants. There is still the hearing on the 14th, so the war is far from over, but the first battle has been won."

    In the middle of the day, SVLUG President Chris DiBona called in, letting us know what happened after the courtroom's doors opened this morning:

    "The courtroom opened up, we all filed in. we had about 50 people in there, two reporters inside, two waiting outside. [The Plaintiffs are] claiming it's a trade secret thing. They're claiming that to get the Z-key, they had to click on a license agreement. There's no reason why that's true. They inserted their arguments and they said that the hacker in Norway had to use the player, sign the agreement, and therefore it's an illegal thing. There's a law on the books in California that says if you publish a trade secret that is known to be stolen, or could only become available through theft, you have an obligation not to continue with the distribution of the trade secret."

    Daniel Silveira, a student at San Jose State University, was also in the courtroom. He said:

    "The expression on the judge's face looked rather enlightened when the point was made that you don't need the encryption key in order to make illegal copies of movies or DVD discs."

    According to an E-mail we received from Defendant Andrew Bunner, there is no question that Allon Levy, Robin Gross and the rest of the team from the Electronic Frontier Foundation made major contributions to the good fight, but this was a strong community effort. Some of the characteristic playfulness of the community came through during the plaintiff's testimony; when the plaintiff's attorney tried to assert that DeCSS's only purpose was to promote piracy, the gallery laughed out loud.

    Hopefully, the community will be able to stage yet another fantastic show on January 14th, the day slated for the hearing during which the DVD CCA will try to get a permanent restraining order preventing Web sites from publishing information about DeCSS.

    The time between the recess and the judgment trudged on, as concerned Open Source community members everywhere waited impatiently. Many were hoping for a decision earlier in the afternoon, especially those in Europe who were staying up late to hear the decision.

    Fortunately, those who went to sleep before the Judge made his decision will wake up to good news tomorrow. The never-ending war for the recognition of free speech in source code has won a battle today, while championing the efforts of Open Source aficionados the world over.

    To be continued January 14th...

  17. DVD Hearing Today - Are You Ready to Rumble?

    News · News · · posted by Roblimo · from the pulling-together dept. · 652 comments
    You've almost certainly heard that the DVD CCA [Copyright Control Association] is trying to get a restraining order that would force hundreds of Web sites to remove all links to information about DeCSS. Slashdot is one of the named sites. The hearing is today, in San Jose, California. If you can get there, we urge you to go and help "show the flag." You won't be alone. If you can't make it in person, stay tuned. We'll have updates throughout the day. Meanwhile, click below now for news, opinions from various members of the Slashdot crew, and a long list of links to other resources and stories elsewhere about the DVD CCA's attempt to not only stop DeCSS, but to stifle anyone who publishes or links to information about DeCSS. Update at 1:20 p.m. EST. (Please see bottom of the story.)

    Leading up to Today's Hearing
    - by Emmett Plant
    Emmett Plant is Slashdot's newest author.

    Monday, DVD Copy Control Association, Inc. filed for a restraining order in a California court. The targets of this cease-and-desist order were individuals and organizations who had made DVD decryption source code freely available on the net, by hosting the code themselves or linking to a website that did. Commmunity response has been fast and furious, with a deluge of Slashdot comments and submissions, and the immediate organization of Open Source community members to attend the hearing this morning.

    Technically, the argument boils down to the issue of reverse engineering. Ideologically, the argument challenges the ideals of free speech, freedom of information, and the ability to innovate on behalf of computer users, hardware engineers and software developers all over the planet.

    On Monday night, I spoke to a gentleman who had received the order just minutes prior, and although he didn't want his name mentioned, he provided with me with his thoughts.

    "It should be legal when you've got people reverse engineering this kind of stuff. But a small minority in the business community want to lock down the information, citing that it's a trade secret. It's sort of like being busted in math class for passing answers around. [The code] is basically a mathematical equation that decrypts poorly encrypted DVD data. I support the free human right to freedom of thought. That's how civilization has gotten to where it is today, without lawyers heading innovators off at the pass."

    Would he be willing to go to court to defend himself?

    "Probably not. There are a lot of sites that are mirroring [the code], and they'll keep the program alive. I'll sleep easy at night knowing I did my part."

    In many ways, the cease-and-desist only made it easier for people to get their hands on the code. As soon as the community heard about the order, many people posted the code on their websites as a sign of protest. Many community members have made the code available on overseas servers that don't face the possible legal repercussions associated with sites located in the United States.

    Another interesting point of this case is that anyone who linked to a site that contained the information is also being held liable in the case. This is particularly frightening. This means that in the spirit of the cease-and-desist order, almost everyone on the web with a site that links to anywhere else falls into the legal maelstrom, as long as it eventually leads to a site with the code posted on it.

    The legal ramifications of the case are extremely influential. The DVD CCA lawyers are fighting a battle against reverse engineering, an engineering process that enables the computer industry to utilize powerful tools like the IBM-compatible personal computer and countless hardware device drivers.

    The hearing will take place this morning at 8:30 a.m. Pacific Standard Time in the Superior Court of Santa Clara County, California.

    ----------

    Funny and Sad at the Same Time
    - by Hemos

    The particularly humorous section of the lawsuit, at least for me, is that what they are trying to do is make linking illegal. That's right. Linking. Is. Illegal. Once we cross the the bridge of dictating what can and cannot be linked to, than we open ourselves up to a world of people being able to sue whenever something they don't want linked is linked. Without linking, the Web is dead.

    ----------

    Shaky Legal Grounds
    - by Michael Sims

    The legal standing for the DVD companies is so shaky it's not even funny. The danger is that they can effectively paint the opposition as a bunch of crooks and the judge will feel that *justice* requires a ruling in their favor despite the law - that can be averted if the defense makes a strong competent showing tomorrow, presumably. The second danger is that they will inflict sufficient costs on the defendants that others will be dissuaded from doing even perfectly legal things. That can't be prevented.

    ----------

    Planning to Join the Protest in Person?

    The best source of information on how to help out at the Santa Clara County Courthouse is this page from Chris DiBona's Web site. It tells you where and when to be, what to wear, and what to expect. Worth reading even if you can't make it. Nice to know that Chris and others, including the Electronic Frontier Foundation, are doing a great job for all of us on this!

    ----------

    Update by Emmett @ 1:20 p.m. EST:

    Chris DiBona called me at 8:30 a.m. PST from right outside the courtroom, letting me in on the scene. The Open Source community has about 25 people there, as well as a lawyer or two of their own. The community members present are busy distributing the DeCSS source code on floppy disk as well as leaflet hard copy. No pictures will be taken of the interior of the courtroom, and there wasn't enough time to apply for the permit to record what happens inside.

    Chris will be calling me as soon as they let out with up-to-the-minute information and notes from the community members inside the courtroom.

    ----------

    Links to Other DVD CCA Stories and Sites

    Boston Globe
    Washington Post
    Wired News
    ZDNet
    siliconvalley.com
    Chris DiBona's excellent page
    PZ Communications DeCSS Resource Site
    CNN.com
    Lemuria.org DeCSS Defense page
    Dan Gillmor (SV.com columnist)
    Santa Clara County Superior Court info
    OpenDVD.org
    EFF to the Rescue!

    ----------

    Please send additional links to roblimo@slashdot.org so we can add them to the list. Thanks.

  18. DVD Hearing Today - Are You Ready to Rumble?

    News · News · · posted by Roblimo · from the pulling-together dept. · 652 comments
    You've almost certainly heard that the DVD CCA [Copyright Control Association] is trying to get a restraining order that would force hundreds of Web sites to remove all links to information about DeCSS. Slashdot is one of the named sites. The hearing is today, in San Jose, California. If you can get there, we urge you to go and help "show the flag." You won't be alone. If you can't make it in person, stay tuned. We'll have updates throughout the day. Meanwhile, click below now for news, opinions from various members of the Slashdot crew, and a long list of links to other resources and stories elsewhere about the DVD CCA's attempt to not only stop DeCSS, but to stifle anyone who publishes or links to information about DeCSS. Update at 1:20 p.m. EST. (Please see bottom of the story.)

    Leading up to Today's Hearing
    - by Emmett Plant
    Emmett Plant is Slashdot's newest author.

    Monday, DVD Copy Control Association, Inc. filed for a restraining order in a California court. The targets of this cease-and-desist order were individuals and organizations who had made DVD decryption source code freely available on the net, by hosting the code themselves or linking to a website that did. Commmunity response has been fast and furious, with a deluge of Slashdot comments and submissions, and the immediate organization of Open Source community members to attend the hearing this morning.

    Technically, the argument boils down to the issue of reverse engineering. Ideologically, the argument challenges the ideals of free speech, freedom of information, and the ability to innovate on behalf of computer users, hardware engineers and software developers all over the planet.

    On Monday night, I spoke to a gentleman who had received the order just minutes prior, and although he didn't want his name mentioned, he provided with me with his thoughts.

    "It should be legal when you've got people reverse engineering this kind of stuff. But a small minority in the business community want to lock down the information, citing that it's a trade secret. It's sort of like being busted in math class for passing answers around. [The code] is basically a mathematical equation that decrypts poorly encrypted DVD data. I support the free human right to freedom of thought. That's how civilization has gotten to where it is today, without lawyers heading innovators off at the pass."

    Would he be willing to go to court to defend himself?

    "Probably not. There are a lot of sites that are mirroring [the code], and they'll keep the program alive. I'll sleep easy at night knowing I did my part."

    In many ways, the cease-and-desist only made it easier for people to get their hands on the code. As soon as the community heard about the order, many people posted the code on their websites as a sign of protest. Many community members have made the code available on overseas servers that don't face the possible legal repercussions associated with sites located in the United States.

    Another interesting point of this case is that anyone who linked to a site that contained the information is also being held liable in the case. This is particularly frightening. This means that in the spirit of the cease-and-desist order, almost everyone on the web with a site that links to anywhere else falls into the legal maelstrom, as long as it eventually leads to a site with the code posted on it.

    The legal ramifications of the case are extremely influential. The DVD CCA lawyers are fighting a battle against reverse engineering, an engineering process that enables the computer industry to utilize powerful tools like the IBM-compatible personal computer and countless hardware device drivers.

    The hearing will take place this morning at 8:30 a.m. Pacific Standard Time in the Superior Court of Santa Clara County, California.

    ----------

    Funny and Sad at the Same Time
    - by Hemos

    The particularly humorous section of the lawsuit, at least for me, is that what they are trying to do is make linking illegal. That's right. Linking. Is. Illegal. Once we cross the the bridge of dictating what can and cannot be linked to, than we open ourselves up to a world of people being able to sue whenever something they don't want linked is linked. Without linking, the Web is dead.

    ----------

    Shaky Legal Grounds
    - by Michael Sims

    The legal standing for the DVD companies is so shaky it's not even funny. The danger is that they can effectively paint the opposition as a bunch of crooks and the judge will feel that *justice* requires a ruling in their favor despite the law - that can be averted if the defense makes a strong competent showing tomorrow, presumably. The second danger is that they will inflict sufficient costs on the defendants that others will be dissuaded from doing even perfectly legal things. That can't be prevented.

    ----------

    Planning to Join the Protest in Person?

    The best source of information on how to help out at the Santa Clara County Courthouse is this page from Chris DiBona's Web site. It tells you where and when to be, what to wear, and what to expect. Worth reading even if you can't make it. Nice to know that Chris and others, including the Electronic Frontier Foundation, are doing a great job for all of us on this!

    ----------

    Update by Emmett @ 1:20 p.m. EST:

    Chris DiBona called me at 8:30 a.m. PST from right outside the courtroom, letting me in on the scene. The Open Source community has about 25 people there, as well as a lawyer or two of their own. The community members present are busy distributing the DeCSS source code on floppy disk as well as leaflet hard copy. No pictures will be taken of the interior of the courtroom, and there wasn't enough time to apply for the permit to record what happens inside.

    Chris will be calling me as soon as they let out with up-to-the-minute information and notes from the community members inside the courtroom.

    ----------

    Links to Other DVD CCA Stories and Sites

    Boston Globe
    Washington Post
    Wired News
    ZDNet
    siliconvalley.com
    Chris DiBona's excellent page
    PZ Communications DeCSS Resource Site
    CNN.com
    Lemuria.org DeCSS Defense page
    Dan Gillmor (SV.com columnist)
    Santa Clara County Superior Court info
    OpenDVD.org
    EFF to the Rescue!

    ----------

    Please send additional links to roblimo@slashdot.org so we can add them to the list. Thanks.

  19. Interview: Two Censorware Experts

    Yro · Censorship · · posted by Roblimo · from the fighting-the-good-fight dept. · 116 comments
    This week's interview topic might almost be called "Censorware: Threat or Menace." Our guests are both experienced anti-censorship activists; Jim Tyre is a founding member of the U.S.-based group , The Censorware Project and is also closely allied with Peacefire.org; Irene Graham is a Board Member of Electronic Frontiers Australia (EFA), an on-line civil liberties group (not related to EFF) who also maintains this site. Chosen questions will be forwarded to Jim and Irene Tuesday. Their answers will be posted Friday.

  20. Code and Other Laws of Cyberspace

    News · Internet · · posted by michael · from the 1984 dept. · 0 comments
    Lawrence Lessig - the name may be familiar from the Microsoft trial - has written an excellent book, which I've taken my time reviewing because I felt I had to read it twice to grasp the full import. Code and Other Laws of Cyberspace covers the real future of your liberties on the internet, and it is not a happy book. Code and Other Laws of Cyberspace author Lawrence Lessig pages 297 publisher Basic Books rating 10/10 reviewer Michael Sims ISBN 0-465-03912-X summary A gloomy look at the forces which shape the internet.

    Slashdot isn't the first to review this book. Declan McCullagh (Wired), Andy Oram, and Carl Kaplan (NY Times) have all taken a look at it, he's been interviewed, there's an audio debate (mp3 format) between Lessig and McCullagh, and at least a couple of other places have all mentioned it and it is, at this writing, 134 on Amazon.com's best-seller list. I was privileged enough to receive a review copy of the book some time ago, but my review has been delayed because the book is too deep to easily sum up. It's a book about law, and about policy, and about the internet, which doesn't require any grounding in any of the above, but it seems like it would be appropriate for people at almost any level of knowledge - if you know more, you'll get deeper insights, and if you know less, you'll get the basics. A fractal book, in other words. An almost philosophical work, disguised as a law book.

    To start with, Lessig's book is a counter to John Perry Barlow's Declaration of the Independence of Cyberspace. Barlow had a good idea, a good goal, but he was totally and completely wrong about how to achieve it, and his declaration and the mindset it embodies has and will do great harm to the future of civil liberties on the internet.

    Cyberspace is not and has never been independent of real life, or of government. What it has been is a place where the rules of real life were hard to enforce. That doesn't mean that the rules don't exist - just that it has been hard to make people obey them. The problem for people, like me, who like this state of affairs, this lack of enforcement, is that there's no reason cyberspace has to remain in its current state.

    Cyberspace wasn't designed to enforce real-world rules. Such enforcement wasn't built in to the code that runs the internet, was consciously avoided in the early internet designs, and therefore regulators have been working in an environment unfriendly to them. Copying of digital works is easy. Transmitting and receiving content, even forbidden content, is easy. Etc.

    But just because it was designed that way once, does not mean that it need be that way in the future. There are tremendous forces (business and government) that would prefer an internet which is friendly and cooperative to regulators. The people building the internet of tomorrow are not professors and geeks, they're CEO's and to a lesser extent, bureaucrats. If the architecture of the internet is "adjusted" to favor regulation instead of disfavor it - and the current internet builders all have reasons to favor regulability - regulating behavior on the internet is not impossible, it's trivial. Lessig has a short chapter on "is-ism", the belief that just because something is, so must it always be. Applied to the internet, this is "We are free, and will always be so." Wrong, wrong! The internet is totally man-made, and what man has made, man can change.

    It is hard for me (or Lessig) to emphasize this point too much: the people who claim that we should keep our hands off the internet are completely playing into the hands of government and business. While the net-libertarians have buried their heads in the sand, the net is being changed, constantly, to favor regulation by business and by government.

    Lessig takes a look at the infrastructure of the internet and how it is changing for the worse. There's another terrible flaw in thinking about the internet, which runs roughly: "whatever restrictions are placed, someone of technical competence can get around them". This is not true, not if the architecture is designed to support those restrictions rather than oppose them.

    The internet, says Lessig, is about to "flip" from "unregulable" to "totally regulable". When that occurs (neither Lessig nor I think there's an "If" involved), who will be regulating the place? Currently corporations, with guidance from government - guidance coming in the form of regulations like CALEA, which make demands not on individuals, but on the code. Once the code is altered to be conducive to regulation, regulation follows naturally.

    Lessig makes a great point about open source software. Closed source code which incorporates regulation (censorware is the easiest example, but there are many others) means that the people who are regulated can't even tell exactly what regulation is occuring. When the source code is available, you can at least tell exactly what you can and cannot do, or exactly how your privacy is being infringed. Open source code is inherently less suited to enforcing regulation on users.

    I can't do justice to the book without rewriting it. Lessig is deeply skeptical about the ability of the U.S. government to initiate policies which promote, rather than denigrate, the civil liberties we have come to take for granted in cyberspace. Government is busy selling off our freedom to corporations through mechanisms such as ICANN. But no one else is going to do it - and with a government actively hostile to liberties or even one that adopts a hands-off approach, freedom in cyberspace is headed downhill at a tremendous pace.

    I recommend this book to almost anyone who cares about the future of the internet. It's well-written - he's a good teacher. It's got some awesome examples - like how Communist Vietnam is more effectively libertarian than the U.S., because it doesn't have the infrastructure of control that we do. It is a scholarly work, but the footnotes are pushed off to the end - they alone are worth the price of the book to a serious student, but someone looking to just read can skip them without problems. It's a deep and thus far unmatched view of what will shape the net of tomorrow, the most inspiring book I've read this year.

    Some of Lessig's other papers and articles are available on his home page. The book has a promotional website as well, available at code-is-law.org or what-declan-doesnt-get.com.

    Pick this book up at fatbrain.com.

  21. Australian Government Cracks Down on Net Users

    News · News · · posted by Nathan · from the Big-Brother dept. · 332 comments
    The Australian Government has hastily enacted several measures overnight that should send a shiver down the collective spines of all Net users. Firstly, it passed major legislation that enables the Australian Security and Intelligence Organisation (ASIO), similar to the CIA, to remotely tap into and alter data on any Australian's computer. APC Newswire has the story. Secondly, the Government minister responsible for IT, Senator Richard Alston, has appointed an Internet content censorship advisory board stacked with representatives who support his heavy-handed approach, critics say. Critics of Alston's agenda in the past have included the ACLU and the EFF-affiliated Australian Net-users' group, Electronic Frontiers Australia. Again, APC has the story and a commentary.
    If they can do it Down Under, how long do you think it will be before similar measures come to a town near you?

  22. TRUSTe Decides Its Own Fate Today

    Yro · Internet · · posted by jamie · from the two-roads-diverged dept. · 128 comments
    TRUSTe, the steward of the most visible symbol on the internet, is making a tough decision today. Today, it reveals what it intends to do about its client Real Networks. At stake is whatever's left of its credibility. (Update: 11/08 02:55: Real got off on a technicality: "because the transmission of user data ... did not involve collection of data on the RealNetworks Web site, the privacy incident was outside of the scope of TRUSTe's current privacy seal program.")

    Unquestionably TRUSTe is the leader in third-party privacy assurance. Its only alternative is BBBOnline, which can boast only 100 members to TRUSTe's 750. But it's having a hard time living up to its motto, "Building a web you can believe in": sometimes it's hard to know what to believe.

    TRUSTe's original idea was to allow a website to display one of three icons, indicating whether its privacy policy was good, ok, or bad. There turned out to be problems with this - strangely enough, no site wanted to post an icon saying that their privacy sucked - and the icons looked too similar anyway. So they went with one icon, a "badge" that every member site posts.

    All the badge means is that the site has a privacy policy, and that, as far as TRUSTe knows, they haven't violated it.

    If you think this is a questionable basis for a consumer advocacy group, you're right. But the real question is how it plays out in practice. Let's take a look at TRUSTe's track record.

    Round I: TRUSTe and GeoCities. In June 1998, the FTC announced - to everyone's surprise - that it and GeoCities had come to a settlement regarding violations of consumer privacy.

    Everyone was surprised because this was the first anyone had heard of it. Where was TRUSTe?

    Caught flat-footed, TRUSTe scrambled for a few days, then made its own announcement. It pointed out that GeoCities had begun the alleged privacy violations before applying to become a member (in April) and being accepted (in May). Therefore, TRUSTe claimed, the violations were technically not under the scope of their investigation.

    But turn that around and put it another way - it was able to become a TRUSTe member even while under investigation by the FTC, and TRUSTe said nothing.

    It gets worse. The FTC and GeoCities issued conflicting releases about what the settlement actually meant. The FTC said that GeoCities had "misrepresented the purposes for which it was collecting personal identifying information" (including children's). GeoCities denied the charges.

    So who was right? We still don't know. Despite this being precisely the issue that TRUSTe was set up to resolve, TRUSTe refused to confirm or deny the FTC's allegations.

    In a 1998 open letter, I asked whether TRUSTe's initial review of GeoCities had included any really tough questions such as "are you currently under investigation by the Federal Trade Commission?" No answer. In fact, mention of the GeoCities incident seems to have been removed from TRUSTe's website.

    The organization that wanted to make the FTC obsolete was not off to a good start.

    Round II: TRUSTe and Microsoft. March 1999. This was the "Global User ID" case. It turned out Microsoft had been embedding a user ID into every document you created with their software. Since they put that ID on file when you registered their software, they have been capable for years of tracking authorship of even supposedly-anonymous documents.

    And don't think it's just a theoretical concern. Just weeks later, the Melissa macro virus was unleashed, and its author was tracked down using this same ID. Any technology that can lead the cops to your door is potentially dangerous technology.

    TRUSTe announced that this "compromises consumer trust and privacy" (duh), but said that since the Global User ID does not, strictly speaking, involve the Microsoft.com website, it had no jurisdiction. Their conclusion: "TRUSTe has determined that Microsoft.com was in compliance with all TRUSTe principles."

    In reality, Microsoft's privacy page (prominently labeled with the TRUSTe seal) also discusses online registration of software products, and notes that the "personal profile" from their software registration appears on the website and is editable from the website. And that page claims that registration is covered by the TRUSTe guidelines. For TRUSTe to claim it's not requires some Clintonesque redefinitions.

    CNET's headline was exactly right: "TRUSTe Clears Microsoft on Technicality."

    Round III: TRUSTe and Deja News. April 1999. Again TRUSTe is taken by surprise when a computer sleuth discovers that Deja News has been collecting data on email sent by its users. When a reader clicked on an email link in a discussion posting, the destination email address was recorded, along with the presumable topic of discussion, the sender's IP number, and if registered, the sender's personal data.

    This is not what one expects when sending private email! And this clearly involved Deja's website, so there was no question of another technicality.

    TRUSTe's analysis of this situation was only two paragraphs long; here's all that happened:

    "TRUSTe specified certain clarifying language to be included in the privacy statement. Deja News, independent of TRUSTe, then decided to discontinue the practice of tracking IP addresses in conjunction with the mail-to feature."

    In fact, the situation was resolved long before TRUSTe even bothered to issue that statement. TRUSTe's suggestion of "clarifying language" had been obviated long before by Deja's indepedent action. See ZDNet's story of May 4th, which hopes that TRUSTe "will likely issue some sort of statement...this week." But TRUSTe stayed silent for four weeks.

    Round IV: TRUSTe and Microsoft (again). A wide-open security hole in Microsoft's Hotmail is breached, and for a few hours everyone's inboxes are public domain. (If you don't think this is a serious privacy violation, read the stunning anonymous tale of cracking into an enemy's email, published on Salon.com the next day.)

    TRUSTe's response is to call in an independent accounting firm to talk with Hotmail's programmers and security people, look over the source code, and generally try to make sure such a problem won't happen again. This isn't a bad idea - it just wasn't much of anything that Microsoft wouldn't have done on its own. Locking the barn door after the horse is gone doesn't help the people whose privacy has been lost. Microsoft is out of pocket a few bucks for the audit, and gets more than its money's worth by being able to say that TRUSTe still gives them a clean bill of health.

    How can all these incidents have passed by without punishment of any kind? It's because of what TRUSTe is actually guaranteeing. Not that any company will actually keep its data private - but that the company is not lying in its privacy assurance.

    That's right. You know those privacy promises you never read, the ones that are different on every website and all seem ten pages long? What TRUSTe does is promise you that, if you had read them, you'd know your rights.

    If it wanted, a company could have its lawyers dress up "we will spam your email every day and sell your name and address to anyone who asks for them" in legalese, and get a TRUSTe badge on their homepage. Would you know you were being screwed? Not unless you speak fluent lawyer.

    Is the FTC such a bogeyman that we really need to sell our privacy so cheap?

    When Ralph Nader was pressing the government to impose strict safety standards on the auto industry, Henry Ford II complained that they were "unreasonable, arbitrary and technically unfeasible." After the laws were enacted anyway, a decade later he conceded: "We wouldn't have [these] kinds of safety ... unless there had been a federal law."

    Imagine if our only automotive safety regulations were that Detroit must abide by its lawyers' fine print!

    The usual argument is that requiring an actual guarantee of privacy would stifle business. The purpose in forming TRUSTe was to keep the internet corporation-friendly, by keeping the government out. TRUSTe was well-intentioned, no question. It was a noble experiment.

    But, according to some influential people and groups, it has failed.

    Forrester Research studies topics related to the internet and made privacy its concern in its September 1999 report, "Privacy Wake-Up Call." Its conclusions should not be surprising:

    "Most privacy policies are a joke." Forrester says corporate privacy policies are legalese set up mostly to protect the corporations.

    "Few companies meet key privacy protection principles." About 10%.

    "Third-party programs show little traction." Hundreds of TRUSTe licensees don't amount to much on the billion-page net.

    And, "third-party privacy firms...like TRUSTe...become more of a privacy advocate for industry rather than for consumers."

    (Slashdot has more on this study.)

    Even the Electronic Frontier Foundation, after years of straddling the fence on the issue, has finally recognized that self-policing just doesn't work. The EFF is not just the best-recognized internet rights advocacy group; it created TRUSTe.

    Yet, in an October letter to the FTC, the EFF laid down its cards:

    "Creation of TRUSTe and its seal program was one such early innovation of EFF. TRUSTe was successful in several areas. ... We now must move out of this awareness-raising mode and into an action mode where real protection can be achieved. Legislation is needed in order to achieve that goal. ... we think it is time to move away from a strict self-regulation approach to protecting privacy online."

    The latest nail in the coffin came on November 1, when EFF Program Director Stanton McCandlish laid out the facts on the fight-censorship mailing list:

    "Our stance has basically been that industry self-reg would be worth trying, but might or might not be enough. We did the 'proof of concept' ourselves, by launching and spinning off TRUSTe. But TRUSTe was intended to be and is a separate, independent entity, and was created as an experiment. The experiment is in many ways a failure..."

    (McCandlish's personal opinion is even more scathing. Follow the link to read it.)

    You wouldn't know this if you read the TRUSTe website. Their homepage proudly tells you about the six-month-old Georgetown study, but makes no mention of the Forrester Research report. It tells you that the FTC supports self-regulation (based on Georgetown), but won't tell you that its own parent, the EFF, thinks the ride is over.

    If TRUSTe is a consumer rights and advocacy group, why are they only feeding us the feel-good stories? Aren't consumer groups supposed to be the ones that dig up dirt and tell us about potential problems?

    The money trail leads to the answer. TRUSTe isn't a consumer advocacy group. TRUSTe doesn't get its money from consumers. Its money comes from corporate sponsors, and nobody wants to bite the hand that feeds them. Besides, those corporations want the message to be one of constant calm. Concerned customers are not good for sales.

    Remember the GeoCities FTC findings that TRUSTe wouldn't comment on? GeoCities had just done an IPO and millions of dollars were at stake. GeoCities' sister corporation Engage Technologies (they are both subsidiaries of CMG Industries) was a Contributing Corporate Sponsor of TRUSTe. That conflict of interest was never mentioned.

    (GeoCities has since been purchased by Yahoo.)

    Remember the Microsoft incidents that TRUSTe waffled on? Microsoft is not just a member, but also a Premier Corporate Sponsor of TRUSTe. That conflict of interest totals $100,000 per year.

    Round V. By now you've guessed that this is leading up to the current furor over Real Networks. Real is a TRUSTe member. Do I need to mention that it's also a Contributing Corporate Sponsor?

    TRUSTe said that it would render judgement on Real Networks by the end of last week. Now it's saying today.

    And it's making noises like they're actually going to do something this time:

    "We could take the company to court for breach of contract, since they do have an agreement with us. Or, we can forward the case to the FTC... I guarantee that the damage to the reputation of the first company that we do that to will be big."

    For its own sake, it had better. We're talking about a company whose product is a Trojan Horse that secretly scans your hard drive for valuable personal data. If TRUSTe doesn't unload with both barrels, its credibility will be negative zero.

    Anything TRUSTe does may have a negligable effect in any case. Corporations only understand the bottom line, and RealNetworks stock shot up 25% in the five days following the privacy debacle. With the company's market cap $1.9 billion higher than it was a week ago, how much are they really going to care about some nonprofit gnat?

    We can hope. Real.com today unveiled its new website, a music portal, which investors will be watching carefully. Also happening today is a conference held by the FTC and Commerce Department for data-profilers to announce what they're going to do to protect privacy. So if TRUSTe were trying to maximize the effect of their announcement, today would be the day they'd pick. It could be that the gnat will have a nasty bite that surprises everyone.

    Still - you can dress an organization up in not-for-profit clothes, but that doesn't change that it's beholden to its revenue stream. TRUSTe says we can trust them to be objective, on the theory that their revenue stream will dry up if they don't do right by consumers. So far, there doesn't seem to be much truth to that. They haven't been doing us right, but their number of contributors and members just keeps growing.

    I enjoy reading about the future envisioned by people like Gibson and Stephenson, where the net is totally unregulated and a "right to privacy" is a dim memory, or a joke. That doesn't mean I want to live in that future. Europe has consumer protection laws that are, from an American perspective, astonishingly strong. Maybe we should take a look at other countries' solutions, to see if there's something we could learn.

    So far, all we've learned is what fails.

    - Jamie McCarthy

  23. TRUSTe Decides Its Own Fate Today

    Yro · Internet · · posted by jamie · from the two-roads-diverged dept. · 128 comments
    TRUSTe, the steward of the most visible symbol on the internet, is making a tough decision today. Today, it reveals what it intends to do about its client Real Networks. At stake is whatever's left of its credibility. (Update: 11/08 02:55: Real got off on a technicality: "because the transmission of user data ... did not involve collection of data on the RealNetworks Web site, the privacy incident was outside of the scope of TRUSTe's current privacy seal program.")

    Unquestionably TRUSTe is the leader in third-party privacy assurance. Its only alternative is BBBOnline, which can boast only 100 members to TRUSTe's 750. But it's having a hard time living up to its motto, "Building a web you can believe in": sometimes it's hard to know what to believe.

    TRUSTe's original idea was to allow a website to display one of three icons, indicating whether its privacy policy was good, ok, or bad. There turned out to be problems with this - strangely enough, no site wanted to post an icon saying that their privacy sucked - and the icons looked too similar anyway. So they went with one icon, a "badge" that every member site posts.

    All the badge means is that the site has a privacy policy, and that, as far as TRUSTe knows, they haven't violated it.

    If you think this is a questionable basis for a consumer advocacy group, you're right. But the real question is how it plays out in practice. Let's take a look at TRUSTe's track record.

    Round I: TRUSTe and GeoCities. In June 1998, the FTC announced - to everyone's surprise - that it and GeoCities had come to a settlement regarding violations of consumer privacy.

    Everyone was surprised because this was the first anyone had heard of it. Where was TRUSTe?

    Caught flat-footed, TRUSTe scrambled for a few days, then made its own announcement. It pointed out that GeoCities had begun the alleged privacy violations before applying to become a member (in April) and being accepted (in May). Therefore, TRUSTe claimed, the violations were technically not under the scope of their investigation.

    But turn that around and put it another way - it was able to become a TRUSTe member even while under investigation by the FTC, and TRUSTe said nothing.

    It gets worse. The FTC and GeoCities issued conflicting releases about what the settlement actually meant. The FTC said that GeoCities had "misrepresented the purposes for which it was collecting personal identifying information" (including children's). GeoCities denied the charges.

    So who was right? We still don't know. Despite this being precisely the issue that TRUSTe was set up to resolve, TRUSTe refused to confirm or deny the FTC's allegations.

    In a 1998 open letter, I asked whether TRUSTe's initial review of GeoCities had included any really tough questions such as "are you currently under investigation by the Federal Trade Commission?" No answer. In fact, mention of the GeoCities incident seems to have been removed from TRUSTe's website.

    The organization that wanted to make the FTC obsolete was not off to a good start.

    Round II: TRUSTe and Microsoft. March 1999. This was the "Global User ID" case. It turned out Microsoft had been embedding a user ID into every document you created with their software. Since they put that ID on file when you registered their software, they have been capable for years of tracking authorship of even supposedly-anonymous documents.

    And don't think it's just a theoretical concern. Just weeks later, the Melissa macro virus was unleashed, and its author was tracked down using this same ID. Any technology that can lead the cops to your door is potentially dangerous technology.

    TRUSTe announced that this "compromises consumer trust and privacy" (duh), but said that since the Global User ID does not, strictly speaking, involve the Microsoft.com website, it had no jurisdiction. Their conclusion: "TRUSTe has determined that Microsoft.com was in compliance with all TRUSTe principles."

    In reality, Microsoft's privacy page (prominently labeled with the TRUSTe seal) also discusses online registration of software products, and notes that the "personal profile" from their software registration appears on the website and is editable from the website. And that page claims that registration is covered by the TRUSTe guidelines. For TRUSTe to claim it's not requires some Clintonesque redefinitions.

    CNET's headline was exactly right: "TRUSTe Clears Microsoft on Technicality."

    Round III: TRUSTe and Deja News. April 1999. Again TRUSTe is taken by surprise when a computer sleuth discovers that Deja News has been collecting data on email sent by its users. When a reader clicked on an email link in a discussion posting, the destination email address was recorded, along with the presumable topic of discussion, the sender's IP number, and if registered, the sender's personal data.

    This is not what one expects when sending private email! And this clearly involved Deja's website, so there was no question of another technicality.

    TRUSTe's analysis of this situation was only two paragraphs long; here's all that happened:

    "TRUSTe specified certain clarifying language to be included in the privacy statement. Deja News, independent of TRUSTe, then decided to discontinue the practice of tracking IP addresses in conjunction with the mail-to feature."

    In fact, the situation was resolved long before TRUSTe even bothered to issue that statement. TRUSTe's suggestion of "clarifying language" had been obviated long before by Deja's indepedent action. See ZDNet's story of May 4th, which hopes that TRUSTe "will likely issue some sort of statement...this week." But TRUSTe stayed silent for four weeks.

    Round IV: TRUSTe and Microsoft (again). A wide-open security hole in Microsoft's Hotmail is breached, and for a few hours everyone's inboxes are public domain. (If you don't think this is a serious privacy violation, read the stunning anonymous tale of cracking into an enemy's email, published on Salon.com the next day.)

    TRUSTe's response is to call in an independent accounting firm to talk with Hotmail's programmers and security people, look over the source code, and generally try to make sure such a problem won't happen again. This isn't a bad idea - it just wasn't much of anything that Microsoft wouldn't have done on its own. Locking the barn door after the horse is gone doesn't help the people whose privacy has been lost. Microsoft is out of pocket a few bucks for the audit, and gets more than its money's worth by being able to say that TRUSTe still gives them a clean bill of health.

    How can all these incidents have passed by without punishment of any kind? It's because of what TRUSTe is actually guaranteeing. Not that any company will actually keep its data private - but that the company is not lying in its privacy assurance.

    That's right. You know those privacy promises you never read, the ones that are different on every website and all seem ten pages long? What TRUSTe does is promise you that, if you had read them, you'd know your rights.

    If it wanted, a company could have its lawyers dress up "we will spam your email every day and sell your name and address to anyone who asks for them" in legalese, and get a TRUSTe badge on their homepage. Would you know you were being screwed? Not unless you speak fluent lawyer.

    Is the FTC such a bogeyman that we really need to sell our privacy so cheap?

    When Ralph Nader was pressing the government to impose strict safety standards on the auto industry, Henry Ford II complained that they were "unreasonable, arbitrary and technically unfeasible." After the laws were enacted anyway, a decade later he conceded: "We wouldn't have [these] kinds of safety ... unless there had been a federal law."

    Imagine if our only automotive safety regulations were that Detroit must abide by its lawyers' fine print!

    The usual argument is that requiring an actual guarantee of privacy would stifle business. The purpose in forming TRUSTe was to keep the internet corporation-friendly, by keeping the government out. TRUSTe was well-intentioned, no question. It was a noble experiment.

    But, according to some influential people and groups, it has failed.

    Forrester Research studies topics related to the internet and made privacy its concern in its September 1999 report, "Privacy Wake-Up Call." Its conclusions should not be surprising:

    "Most privacy policies are a joke." Forrester says corporate privacy policies are legalese set up mostly to protect the corporations.

    "Few companies meet key privacy protection principles." About 10%.

    "Third-party programs show little traction." Hundreds of TRUSTe licensees don't amount to much on the billion-page net.

    And, "third-party privacy firms...like TRUSTe...become more of a privacy advocate for industry rather than for consumers."

    (Slashdot has more on this study.)

    Even the Electronic Frontier Foundation, after years of straddling the fence on the issue, has finally recognized that self-policing just doesn't work. The EFF is not just the best-recognized internet rights advocacy group; it created TRUSTe.

    Yet, in an October letter to the FTC, the EFF laid down its cards:

    "Creation of TRUSTe and its seal program was one such early innovation of EFF. TRUSTe was successful in several areas. ... We now must move out of this awareness-raising mode and into an action mode where real protection can be achieved. Legislation is needed in order to achieve that goal. ... we think it is time to move away from a strict self-regulation approach to protecting privacy online."

    The latest nail in the coffin came on November 1, when EFF Program Director Stanton McCandlish laid out the facts on the fight-censorship mailing list:

    "Our stance has basically been that industry self-reg would be worth trying, but might or might not be enough. We did the 'proof of concept' ourselves, by launching and spinning off TRUSTe. But TRUSTe was intended to be and is a separate, independent entity, and was created as an experiment. The experiment is in many ways a failure..."

    (McCandlish's personal opinion is even more scathing. Follow the link to read it.)

    You wouldn't know this if you read the TRUSTe website. Their homepage proudly tells you about the six-month-old Georgetown study, but makes no mention of the Forrester Research report. It tells you that the FTC supports self-regulation (based on Georgetown), but won't tell you that its own parent, the EFF, thinks the ride is over.

    If TRUSTe is a consumer rights and advocacy group, why are they only feeding us the feel-good stories? Aren't consumer groups supposed to be the ones that dig up dirt and tell us about potential problems?

    The money trail leads to the answer. TRUSTe isn't a consumer advocacy group. TRUSTe doesn't get its money from consumers. Its money comes from corporate sponsors, and nobody wants to bite the hand that feeds them. Besides, those corporations want the message to be one of constant calm. Concerned customers are not good for sales.

    Remember the GeoCities FTC findings that TRUSTe wouldn't comment on? GeoCities had just done an IPO and millions of dollars were at stake. GeoCities' sister corporation Engage Technologies (they are both subsidiaries of CMG Industries) was a Contributing Corporate Sponsor of TRUSTe. That conflict of interest was never mentioned.

    (GeoCities has since been purchased by Yahoo.)

    Remember the Microsoft incidents that TRUSTe waffled on? Microsoft is not just a member, but also a Premier Corporate Sponsor of TRUSTe. That conflict of interest totals $100,000 per year.

    Round V. By now you've guessed that this is leading up to the current furor over Real Networks. Real is a TRUSTe member. Do I need to mention that it's also a Contributing Corporate Sponsor?

    TRUSTe said that it would render judgement on Real Networks by the end of last week. Now it's saying today.

    And it's making noises like they're actually going to do something this time:

    "We could take the company to court for breach of contract, since they do have an agreement with us. Or, we can forward the case to the FTC... I guarantee that the damage to the reputation of the first company that we do that to will be big."

    For its own sake, it had better. We're talking about a company whose product is a Trojan Horse that secretly scans your hard drive for valuable personal data. If TRUSTe doesn't unload with both barrels, its credibility will be negative zero.

    Anything TRUSTe does may have a negligable effect in any case. Corporations only understand the bottom line, and RealNetworks stock shot up 25% in the five days following the privacy debacle. With the company's market cap $1.9 billion higher than it was a week ago, how much are they really going to care about some nonprofit gnat?

    We can hope. Real.com today unveiled its new website, a music portal, which investors will be watching carefully. Also happening today is a conference held by the FTC and Commerce Department for data-profilers to announce what they're going to do to protect privacy. So if TRUSTe were trying to maximize the effect of their announcement, today would be the day they'd pick. It could be that the gnat will have a nasty bite that surprises everyone.

    Still - you can dress an organization up in not-for-profit clothes, but that doesn't change that it's beholden to its revenue stream. TRUSTe says we can trust them to be objective, on the theory that their revenue stream will dry up if they don't do right by consumers. So far, there doesn't seem to be much truth to that. They haven't been doing us right, but their number of contributors and members just keeps growing.

    I enjoy reading about the future envisioned by people like Gibson and Stephenson, where the net is totally unregulated and a "right to privacy" is a dim memory, or a joke. That doesn't mean I want to live in that future. Europe has consumer protection laws that are, from an American perspective, astonishingly strong. Maybe we should take a look at other countries' solutions, to see if there's something we could learn.

    So far, all we've learned is what fails.

    - Jamie McCarthy

  24. Lotus Says: The Industry Supports Censorship

    News · News · · posted by jamie · from the speak-for-yourself dept. · 220 comments
    According to an Australian official, the CEO of Lotus Development Corporation believes:

    Industry has no issue with online content regulation. The industry endorses content regulation.

    The context is Australia's new system of dumbing the net down for children; here, the words "content regulation" mean simply: "censorship." An excerpt follows.

    Senator Alston, Australia's Minister for Communications, is still working to sell Australia's censorship law, which was passed in June and takes effect on January 1st. Essentially the entire continent's internet will be rated like movies, with teeth. Unless something is done before January - which looks unlikely - it will be the worst trampling of net liberties by a Western democratic nation.

    One of the compelling arguments against Australia's plan is that it will slow or halt the technology industry - halting progress means losing venture capital and slowing an entire nation's economy; nobody wants that. So Senator Alston has been looking for evidence to the contrary, and in particular he hopes to convince people that the industry itself supports the plan.

    In the excerpted speech below, given on September 30, he recalls a conversation with Jeff Papows, CEO of Lotus, and claims Papows voiced support for the plan. (Note that Alston also claims support from Yahoo. Yahoo denies this, but Lotus has not, and had no comment at press time).

    The industry itself accepts that there should be these codes of practice and this form of regulation. We have been trying to negotiate it for the last three years with the Internet Industry Association. Their problem is that there are these maniacs - these electronic frontiers outfits - running around stirring up trouble, using quaint expressions and feeding lines to that woman from the Civil Liberties Union [Nadine Strossen] who then gets out there, gets a good run and says that we are global village idiots. This is just a low-grade political campaign. I do not find industry opposing this approach.

    I was fascinated when I was in Silicon Valley about two months ago. I waited for industry to raise it, because it was at the height of the furore. It was just after the legislation had gone through and I was doing the rounds of all the IT companies in the valley. I waited for them to raise it with me. The only people who ever raised it with me were journalists who were saying, 'Isn't this a big problem?' I replied, 'Why it is a big problem?' They said, 'It is because it is getting media coverage. It is coming out of Australia. Your Senator Lundy is faxing the New York Times and saying, "Isn't it disgraceful?" and Electronic Frontiers Australia is calling for the minister's resignation. Isn't this an issue?' It is an issue for the media, because it is new, exciting and a lot of fun, but it was not an issue for the industry.

    The only people who raised it with me on that visit were Yahoo who thought it was a good idea. I recently saw the president and CEO of Lotus, which is a major player. He was out visiting Australia. Again, I waited for him to raise it with me and he did not. Over the years I have seen a lot of these people and none of them have ever raised it. I thought I might as well ask him what he thinks. His answer was, 'Industry has no issue with online content regulation. The industry endorses content regulation.' In other words, all of the responsible players - and most of these people have kids of their own - do not for a moment want to see the anarchy that is prevailing at the moment.

    Lotus' support for this plan comes as a surprise to those who remember that the company was founded by Mitch Kapor, later a co-founder of the Electronic Frontier Foundation.

  25. Ask Bruce Sterling

    News · News · · posted by Roblimo · from the our-favorite-authors dept. · 111 comments
    This week's interview subject is author Bruce Sterling. If you've never heard of him (shame on you!) learn a little about him here or type his name into any search engine. He's an interesting dude and one of my personal favorite contemporary writers, and I feel privileged to have him with us this week. Post your questions below, as usual, and, as usual, Slashdot moderators and editors will select 10 - 15 of them, and (again as usual) Bruce's answers will appear Friday and, if he has time, he might jump into the discussion that follows the posting of his answers.

  26. Banned Books Week

    Yro · News · · posted by jamie · from the your-rights-offline dept. · 4 comments
    We try to stick to online speech issues, but Banned Books Week is too important to skip. Libraries get as much flak from the internet as any book, so feel free to celebrate the week by visiting a banned website. And while CNN softballs the issue by sticking to Judy Blume and Anne Frank, the important question is who will stand up for the really controversial material. Thanks to Stradivarius for bringing this up.

  27. Munich, The Censors' Convention

    Yro · News · · posted by michael · from the censorship-is-freedom dept. · 284 comments
    As promised last Friday, here's more on the Munich conference. Pay attention or wait to be forced to label your internet content. It's your choice.

    A number of articles have appeared in the online press about Munich. Half of them are just rehashes of press releases - nothing very useful there. Some of them are fairly in-depth (we think CNET and the NY Times had the best coverage), but none of them really give you the big picture. We're going to try to. Let us know how we do.

    The first thing that the press is missing is that there are (well, were) two meetings in Munich, not one. The first is the one you heard about: a meeting called by the Bertelsmann Foundation, part of the huge Bertelsmann publishing empire, which sponsored the Internet Content Summit. They're getting together to have a little feel-good session about "self-regulation" of internet content. By self-regulation they don't mean that end-users regulate their own behavior; they mean that ISPs regulate users instead of government doing so directly. Users will still be regulated, of course. And the regulation will be driven by what the national government wants. It's just that government will lay their heavy hands upon the ISPs, and the ISPs will act as the enforcers rather than law enforcement. Think of it as a distributed system - government assumes the role of a second-line rather than first-line manager. At a previous internet content summit, this type of regulation was described as "soft law" versus "hard law", and we think that's a good way to think about it. They are not talking about voluntary, individual actions of corporations - they are talking about imposing laws and restraints on the citizenry through another means. Self-regulation = soft law, but law nonetheless.

    The first meeting is interesting for a number of reasons, but not terribly ominous - the people meeting were not previously working together, and all that will come out of it is thoughts and ideas. The second meeting is rather more dangerous.

    The second meeting, scheduled in conjunction with the first, was of the principals of INCORE, Internet Content Rating for Europe. This group consists of a number of European corporations and protect-the-children groups and their sole goal is to establish a single rating system for use across Europe (they're also coordinating with Australia). Of course, the members of this group overlap significantly with the first - for example, Jens Waltermann, director of the Bertelsmann Foundation and sponsor of the first meeting, is also one of the prime movers in INCORE - which ought to tell you why the Bertelsmann conference is so slanted towards ratings systems as the sole means of protecting the children.

    But why is this going forward? As at least one slashdot poster pointed out in the discussions of last week's article, rating systems have been discussed before, and haven't come to anything yet.

    What happened is the government (the European Commission, in this case) decided to get serious. They buckled down, and at the end of 1998, allocated funds to be spent on the development of a global rating system. About $11 million is allocated to be spent on developing this system, so the corporate participants can be reasonably assured of being reimbursed for all their plane fares and hotel costs. (Question: if it's so voluntary, how come the government is paying people to develop it?)

    The European Commission's plan runs from January 1999 to December 2002, four years. 1999 is scheduled for development and meetings. 2000 is scheduled for rollout and beta testing. 2001 and 2002 are allocated for the encouragement process and tweaking - making sure everyone is toeing the line. There's plenty of time allocated because it's important to make sure that the resulting rating system aligns with national laws - for instance, since Germany outlaws hate speech, one of the rating categories will involve hate speech, and Germany will outlaw the transmission of any content rated in this category into the country. Laws can be "hung" off the rating categories, if they're set up properly.

    The rating system will be based off the American Recreational Software Advisory Council's system, that they originally developed for video games and then, when threatened by Congress with the CDA, transformed for internet content. (The funny thing is, for the first year that RSACi was being promoted for use on webpages, it still had all the original references to video games. Pretty sad.) RSAC was recently folded into the Internet Content Rating Association, basically so they can revamp the RSACi system and submit it to the European Commission for approval and funding. Who is the chairman of ICRA's board of directors? Jens Waltermann again. Are you beginning to see a pattern?

    Civil liberties groups world-wide have finally recognized the threat that government-mandated rating systems pose to the internet. The ACLU was the first major group to speak out against them, in their 1997 paper Fahrenheit 451.2: Is Cyberspace Burning?. But for this Munich conference, the chorus was loud and close to unanimous - the Global Internet Liberty Coalition condemned it, the ACLU condemned it, Electronic Frontiers Australia condemned it, Internet Freedom (UK civil liberties group) condemned it.

    Several civil liberties groups managed to wrangle themselves invitations to the conference. The Electronic Privacy Information Center is attending and distributing a book free of charge to all participants (besides the attack on free speech, EPIC is irritated because the European Commission has also recommended that online anonymity be strictly prohibited for all European Union residents - after all, if they're anonymous, it's harder to make them obey the law). Nadine Strossen of the ACLU published the statement she's making to the Conference, harshly opposing the labeling requirements; even Esther Dyson, a tremendous supporter of rating systems, expressed her unease at the slant of the conference.

    Strossen's comments above neatly summarize the civil liberties community's objections to so-called self-rating systems, and we urge all readers to take a look at that link above. She makes several points:

    1. Self-Rating Schemes Will Cause Controversial Speech To Be Censored
    2. Self-Rating Is Burdensome, Unwieldy, and Costly
    3. Conversation Can't Be Rated
    4. Self-Ratings Will Only Encourage, Not Prevent, Government Regulation
    5. Self-Ratings Schemes Will Turn the Internet into a Homogenized Medium Dominated by Commercial Speakers

    Strossen is far more eloquent than we are, and she makes the points extremely well. Take a look, it's worth your time.

    But back to the conference. The main document to come out of the conference is their Memorandum on Self-Regulation (538K), released yesterday. A number of "internet experts" contributed to the report - mostly these same people we've been seeing, representatives of the companies that want the Net to be kid-friendly (increase profits!) and protect-the-children groups from throughout Europe, and representatives from various governmental agencies. They lay out their censorship proposal in some detail. The basics are laid out in a single phrase: "Content providers worldwide must be mobilized to label their content...".

    Prepare to get mobilized.

    "It is in the best interest of industry," they say, to take the steps necessary to "enhance consumer confidence" and meet "business objectives." The suits invited must all have nodded their heads to this one: if only they could get the obnoxious people off the net, then all the soccer moms and grandpas would feel safe enough to fire up a browser and finally type in their credit card numbers.

    So, problem: naughty stuff on the net. Answer? Open source! <spit>

    On p. 59 of the 60-page memo is a neat diagram that looks almost like an API to a multi-layer code library. Except in this case, the bottom slice is the underlying technology of censorship (PICS), and the top slice is the user's experience of censorship (at the browser).

    Sitting on top of PICS is Layer 1, in which the content creators - that's you, me, and everyone else who makes anything public on the internet - label our data with a "basic vocabulary" of keywords. If we write porn, we call it porn. Simple enough so far?

    Next comes Layer 2, which is where the fun stuff starts to happen. Here, third parties can invent "template profiles." These combine the keywords in interesting ways. The idea is that in one country, the ratings systems will typically rate porn as bad but violence as OK; in another, perhaps the opposite; someone else will invent a profile for use in schools that blocks everything noneducational; a profile for your company's router might block all sports but let profanity through; a national profile for Australia might block all sex but let stupid political grandstanding through; and so on.

    These template profiles should be, according to Bertelsmann, "open source."

    How are they going to do this? They can't rely on a NetNanny or SurfWatch to rate the net: censorware has been a dismal failure in practice, the software just doesn't work because there's too much of the net and too few censorware employees to evaluate it all.

    What they need instead is for you, the author, to do their work for them. Remember that "basic vocabulary" of keywords? It turns out you're not just going to pick porn vs. non-porn. Oh no. After all, you have to provide enough information for the profiles to work with.

    That means you're going to be rating everything you publish according to:

    "e.g.: gratuitous violence,
    frontal nudity,
    explicit sexual acts,
    crude language,
    vulgar language,
    sports,
    extreme hate speech,
    arts,
    aggressive violence,
    death to humans,
    medicine,
    non-explicit sexual acts,
    strong language,
    history, ..."

    E.g.? E.g.!? There's more?

    Well, there has to be more. In fact, Bertelsmann has only scratched the surface. In order for there to be enough "template profiles" to be worth mentioning, the variety of keywords has to be extreme.

    Be ready to run down a checklist for everything you write and decide whether it contains gratuitous or non-gratuitous violence, explicit or non-explicit sex acts. Please rate from 1 to 10 how much art and history was in that last post of yours. Don't think you'll have a choice about doing it - your ISP will be enforcing it upon you, as a condition of service.

    And the "template profiles" that are provided for the end user? These profiles are just simple sets that group the predefined keywords together. If I'm the CEO of NetSitterPatrol, I group keywords 1, 3, 5, and 12 together and call it "NetSitterPatrol Profile."

    And if I'm a national government that's cracking down on porn, violence, hate speech, or vulgar language (your government wouldn't do anything like that, would it?), I'll just add the keywords for indecency, abortion information, hate speech, racism, or whatever else I want to censor, and give the list to the backbone providers in my country to filter out and protect the delicate citizens. Hey look, I'm an open source programmer!

    by Michael Sims and Jamie McCarthy

  28. Notes From the 30th Internet Anniversary at UCLA

    Features · Internet · · posted by Roblimo · from the more-than-you-thought-there-was-to-know dept. · 34 comments
    mathowie writes "Here's my notes from the 30th Internet anniversary event that took place at UCLA on Thursday. This is a very long, very detailed piece, but worth your time to read if you're interested in learning where the Internet might be heading in the next 5 - 10 years. A Recap of the 30th Anniversary of the Internet Celebration at UCLA September 2, 1999 by Matthew Haughey

    Thirty years ago today, the first communication between the Interface Message Processor (IMP) and a host computer took place in a Computer Science Lab at UCLA. The ARPAnet was born, with four nodes by the end of 1969. Today amid the current explosion of Internet growth, the pioneers gathered along with the forerunners of the internet revolution to commemorate that first event and talk about where we are today and where we go from here.

    As I walked in, I caught Leonard Kleinrock in the lobby being mobbed by reporters doing interviews in front of the original IMP. As you can see in the photo, several local news and radio outlets covered the event. I had hoped to see some of the footage on the 11 o'clock news, but as I write this, it's just after 11:30, and I only saw a few seconds and quick mention on one of the network news shows.

    After 20 minutes of mulling around past the original start time, The Chancellor started off the event with a quick welcome and general speech about how the internet has spread and enriched our lives. The Chair of the Engineering School at UCLA spoke next for about 15 minutes, discussing the impact of Leonard Kleinrock's achievements and Len's great rapport with his former students.

    Len Kleinrock took the stage and recounted the 20th Anniversary event, which was a symposium held at UCLA, the 25th Anniversary event, which was held in Cambridge, Massachusetts, and a recent gathering just a few days ago up in Stanford. Those events, he said, focused on the rich history of how the ARPAnet was built and how it eventually lead up what we call The Internet today. Rather than delve into the past, he went on, today's event was going to center around where the Internet will lead us into the future. I was a bit surprised at first, but relieved that I wasn't going to see a rehash of the history, but a refreshing dialogue between the brilliant set of panelists of what they felt was to come.

    Dr. Kleinrock then laid down the ground rules for the day. There would be four panels, and he would act as chair of the event, introducing each moderator. He introduced the first panel, titled "Gorillas", which was supposed to represent the proverbial 900 lb. gorillas of the Internet industry. Joining the moderator, Kipling Hagopian of Brentwood Venture Capital were Christine Hemrick of Cisco, Daniel Rosen of Microsoft, George Vradenburg of AOL, and Ronald Whittier of Intel.

    Everyone on the panel was in good spirits and took some gentle jabs from the moderator. When the moderator made a joke about the justice department's crackdown on Microsoft, the representatives of Microsoft and AOL both praised the low regulation of the industry thus far and accredited their rapid and extreme growth with the "hands off" policy of the U.S. government. They also stated their support for ICANN and the deregulation of the Internet's domain namespace.

    In response to a question about the growth of Cisco, Christine Hemrick praised openness and non-ownership of industry standards like TCP/IP. Since no one owned TCP/IP, she said, anyone could start a company that based their communications on that protocol. The moderator asked several questions about bringing broadband into the home, and whether cable or DSL would be the key technology. Ms. Hemrick stressed that wireless technologies might surpass the capabilities and availability of cable and DSL very soon, which was a good thing to hear.

    The panelists were a sharp group of people. Whenever a question about upcoming technology was posed, they acknowledged the fact that the industry moves so fast that no one knows what we will be using in 5 years for any specific technology. They pointed to the audience several times and said that someone among us could start a new company tomorrow with technology that could blow away anything their corporations had done before. When the panel was asked about the longevity of their large corporations, they agreed that scalability was important, to grow with the industry, but trying to stay as close as possible to customers and continuing to address their needs was also important.

    All the panelists talked about how hard it was to stay ahead of everyone, to continue as industry leaders with so many competitors on their heels. When asked about the future, one panelist commented that soon the term "e-commerce" would be meaningless, due to a blurring between conventional commerce and commerce done over the Internet. Someday soon, they said, every business would have some aspect of it that would be Internet related. All in all, the four panelists were charismatic, well-spoken, and a hip bunch, making a few jokes about Al Gore inventing the Internet.

    The second panel was for the people behind recent industry successes, titled "Netpreneurs." It was moderated by Willem Mesdag of Goldman Sachs and the panelists were David Bohnett, founder of GeoCities, Eric Brewer, co-founder of Inktomi, Sky Dayton, founder of EarthLink, John Payne, CEO of Stamps.com, and Henry Sameueli, co-founder of Broadcom.

    It was amazing that no company represented on the panel was created before 1991, with most of them formed in either 1995 or 1996, yet they all had market caps of at least a billion dollars each. Overall, the second panel wasn't as interesting as the first bunch of panelists, some of their answers sounded like a press release. This was especially true for Sky Dayton, who sounded like he was repeating his radio commercials in response to every question he was asked. When asked how they became successful, each panelist talked about how their company filled a void not covered by a larger company, and how they could move faster than a large corporation. Sky Dayton stressed this, the size of your company compared to your competitors was unimportant. What mattered most was the speed at which you could respond to changes in the industry, economy, and customer base. He said that if you were starting a new company, focus on one specific area of the market, and stick to it. Don't try to be monolithic agencies that can do everything like Microsoft tries to be, he said, just do one thing really well and you can emerge as a market leader. He also pitched his new company eCompanies.com for budding entrepreneurs, they are setting up a clearinghouse of new ideas, and intend to fund business plans that catch their eye. When asked about the potential for new companies Dayton said something interesting, he estimated that the development of the Internet as a "thing" was about 20% done at most. That even in 1999, we were just barely scratching the surface of what is possible, he said. Overall the session was enlightening and I came away with a new found enthusiasm to get my ideas out the door.

    The third panel was perhaps the most interesting. It was titled "eConsumers" and was moderated by Patt Morrison of the LA Times, who was joined by John Barlow, co-founder of the Electronic Frontier Foundation, Jeffrey Cole, director of UCLA's Center for Communication Policy, Alan Kay, VP of Imagineering at Disney, and Dan Lynch, founder of Cybercash.

    Although the panel was supposed to focus only on consumer issues, the topics discussed ran the gamut, from personal privacy issues to numerous "what if" scenarios of our future ultra-wired world, and the social implications of each. Patt Morrison moderated as a sort of devil's advocate, asking for the panel's reaction to several cynical questions like trusting e-commerce vendors, internet rumors becoming news, and how our lives may be hindered by the burden of technology. Surprisingly, the panel, which had varied opinions on most topics, all found something positive in each question and future scenario. An ebay deal gone bad meant a user could learn to be more careful of sellers, news could not be trusted and should be approached with skepticism, and our lives could be made much better by an increased use of technology by saving us time spent on mundane tasks like paying bills or waiting in lines while shopping.

    Intellectual property and copyright issues were discussed, where John Barlow and Alan Kay agreed that intellectual property was dead, and that ideas should be given away freely. Mr. Barlow talked about how every article he's written is freely available online, which allows him to generate revenue from unwritten works. Publishers can see all his writing, he went on, and they pay for new pieces to be written. He said he didn't worry about copyright, because his most valuable ideas were the ones he hasn't had yet. John said it was the philosophy behind the Grateful Dead (whom he wrote songs for); they allowed their shows to be freely taped and exchanged, and they derived revenue from people wanting to see them perform live.

    Alan and John also talked about how a lot of intellectual property is meaningless to much of the population, that a technical idea is so complex that few people understand it, regardless of whether or not it is in the public domain. Dr. Kay used Linux as an example of this, the kernel is so complex that one in a million people can understand it all and contribute programming expertise. But with the advent of the Internet, he added, finding that one in a million is easy, and 100 or more people can be brought together to work on it. He praised the development of the ARPAnet because it was open, allowing researchers from all over to contribute to a greater good, and said in today's climate a large corporation would probably try to make much of it proprietary and hinder its development.

    When asked how Linux can generate revenue, Alan said that like the Grateful Dead example, giving away Linux meant that large fees could be found in consulting, helping companies use the technology to their advantage. He then mentioned something that dropped just about everyone's jaw: he said that the company with the biggest revenue in the computer industry was not Microsoft, but IBM's consulting business, which he said brings in double the revenue that Microsoft does selling software, just by showing companies how to use technology in their business (which Linux is a part of). Alan Kay stood out as an extremely articulate guy with numerous enlightened answers, and everyone on the panel had great things to say about what the future might be like.

    The fourth and final panel, titled "Beyond Today's Internet" was moderated by Stephen Segaller of WNET, the PBS station behind the Triumph of the Nerds series. He was joined by the four pioneers of the original ARAPnet, Vinton Cerf, now with MCI, Robert Kahn, now with the Corporation for National Research Initiatives, Leonard Kleinrock, of the UCLA Computer Science Department, and Lawrence Roberts, now of Packetcom

    Along with the theme of the day's event, the forefathers of today's Internet focused solely on the future. Since they all have networking backgrounds, the first question was whether or not the network could keep up with client demands. The four panelists unanimously agreed that the capacity of the network would continue to expand at a rate greater than our immediate needs. They acknowledged the limits of the current IP naming system, and that IPv6 would expand the limit of addresses to near 10^38. Len Kleinrock had a problem with these imposed limits and Vint Cerf joked that 10^38 IP addresses would mean enough for "a web page for every molecule on earth." Len clarified his protest and stated that we should instead design variable length solutions to the problem, solutions that offer unlimited means. When asked about limits of physical devices like routers handling packet switching, they agreed that packet switching would probably be replaced by an unknown technology, and that physical capacities of networks would increase with the increased use of fiber. Len said instead of digital packets traveling through copper wire, in the future, it would just be pulses of light traveling along fiber. They all spoke of the proposed growth of the Internet, to surpass one billion people online in the next decade, and they mentioned something that was discussed briefly on an earlier panel; that someday soon, anything you buy over a certain price, say $25, would offer connectivity to the internet for a specific reason. Not a toaster that checks email, but each appliance would use the Internet for communication purposes.

    This was another reason Len used to support unlimited IP addressing, due to the fact that billions of devices would need to access the internet. Questions asked by the moderator were mostly big picture, and the panel discussed them at that level. They talked about distant futures, when billions of people would be interacting with billions of devices, we would see drastic changes in Human-Computer interaction. They even alluded to the similarities between an enormous interconnected network of people and machines approaching the complexity of organic beings. The panel agreed with earlier panels that what were are witnessing is bigger than the industrial revolution. The knowledge explosion, as many called it, was going to fundamentally change how we do everything in the future.

    Overall, it was an amazing experience. Among all the speakers and panelists, there were several messages that came across. The mood of everyone thinking about the future was one of optimism and opportunity. The interconnecting of everyone person on earth will trigger a knowledge revolution that will have deep, drastic changes on our lives and those around us. But if these future developments are met with some skepticism, and intelligence, it will undoubtedly be a good thing.

    Matthew Haughey September 3, 1999

    My photos from the event can be seen here

    "

  29. Chad Davis May Be the Next Kevin Mitnick

    Yro · Court · · posted by Roblimo · from the busted-on-the-front-page dept. · 281 comments
    19-year-old Chad Davis, of Green Bay, Wisconsin, made the front page of The Washington Post today. The story that features him says, "During [a] June 2 search, Davis admitted that he belonged to a notorious hacking gang that calls itself Global Hell, and the FBI agents let him know they were cracking down on the group. On June 28, Davis allegedly struck back: He replaced the Army's Internet home page with the message: 'Global Hell is alive. Global Hell will not die.'" The article reads like a chapter from The Hacker Crackdown, and it looks like Chad Davis may be used as an example of what the feds can do to crackers who mess with government sites. Mainstream news stories about Global Hell started appearing in May. I expect to see many more in upcoming months. Mitnick redux? Could be.

  30. FBI wants to wiretap phones without court order

    Yro · Cda · · posted by sengan · from the time-to-speak-out dept. · 0 comments
    Tino Dai wrote to tell us that a bill has been added by a House/Senate Conference Committee giving the FBI sweeping powers of wiretapping without court approval for any home, business, or other dwellings. Note that Congress explicitely voted against this. Speak up before the Senate approves this bill, or forever hold your peace.

  31. CDA II passes House Subcommittee

    Yro · Cda · · posted by Hemos · from the son-of-sam-er-cda dept. · 0 comments
    BOredAtWork writes "CDA II passed the House subcommittee. I can't help but notice that these are the same reps who happily posted the Monica and the Cigar saga all over the web. Can we say "hypocritical" boys and girls? " True enough-and for those who have not contacted your legislators, do so now.

  32. More legal nonsense

    Yro · Cda · · posted by sengan · from the there-should-be-a-constitutional-limit-on-the-number-of-laws dept. · 0 comments
    Trepidity informed us that the Senate unamimously passed a spending bill with the "CDA II" amendments attached to it. These would make allowing children to view "harmful" material a crime. The amendments would also require schools and libraries to install censorware on all computers accessible to minors. If the bill were to pass the House and be signed into law, the American Civil Liberties Union and Electronic Frontier Foundation have vowed to have it overturned like they did with the first CDA. Click below to read more... But the cool thing about this, is that it apparently contradicts WIPO. Now some of you may know that Einstein had great difficulties persuading his friend Goedel to swear that he would abide by the American constitution (necessary to become a US citizen) because it was logically inconsistent. If 2 contradictory laws are passed, are both invalidated? Or does it become a lawyer free-for-all?

    All in all, both measures are quite amazing: WIPO can even render cookie managing software such as Junkbusters illegal, and CDA reduces the freedoms of those who cannot afford their own internet connection, instead of ensuring that children learn to think critically about what they encounter.

  33. DES Cracked in 56 hours, by a $250K machine

    It · Encryption · · posted by CmdrTaco · from the killer-machines dept. · 0 comments
    Keith Moore was the first reader to write in and announce that Des-2-II has officially been broken. And not by distributed.net. The winner was a custom $250k box. The controlling box supposedly ran Linux too. You can read an article at eff.org or The NY Times .

  34. More WIPO Links

    News · News · · posted by CmdrTaco · from the stuff-to-read dept. · 0 comments
    Kevin writes "To make all the slashdot readers more informed on the WIPO bill, here are some links. This is the bill being voted on in the House, H.R. 2281 This is the treaty as proposed by WIPO. This is the EFF info page about the WIPO bill. And the bill EFF supports in place of H.R 2281 "

  35. Linus and Richard awarded.

    · posted by ryuzaki0 · from the fame-not-money dept. · 0 comments
    news.com reports on its front page that the Electronic Frontier Foundation has given Pioneer Awards to Linus Torvalds and Richard Stallman. Please post any other references to this you may find. I couldn't find any on EFF's site.