Slashdot Mirror

Anonymity must not be equated with privacy. As citizens, we have a right to privacy. We have no such right to anonymity.

I simply can not believe that depths to which some people will lie. Perhaps Seagrams is just ignorant of this, but as a US Citizen you do have a right to be anonymous. To speak anonymously, to buy things anonymously and yes, to even walk around, all day if you want, with a ski mask on to remain anonymous. You do have a right to anonymity. My guess is that Seagrams is saying this as part of a larger straw man argument to equate anonymity with criminal activity and hence to be able to dismiss it out of hand. Whatever the case, Edgar Bronfman, Jr., is totally and completely wrong. However, its this kind of thinking that is not only incorrect but its dangerous for us as citizens to dismiss his argument out of hand. Alot of people think this way, and alot of those people, like Mr. Bronfman, have tremendous power to change the laws so that anonymity can be restricted and to try and take that right away.

Here are some references to back my assertions on anonymity:

McIntyre v. Ohio
Flood Control on the Information Ocean: Living With Anonymity, Digital Cash, and Distributed Databases
Talley v. California
--
Python

It's pretty easy to say that free speech should not be anonymous so as not to avoid responsibility when one's life and property aren't at stake. For that and other good reasons, the U.S. Supreme Court has acknowledged humans' right to anonymous speech, particularly in the form of anonymous pamphleteering: McIntyre v. Ohio Elections Commission .

Michael. I appreciate your cynicism. Industry has done little to gain the public trust as a caretaker of personal information or defender of privacy. Without critical perspectives, you are liable to wind up with self-serving, public relations-oriented efforts like the Personalization Consortium. However, I do not believe that the evolution of privacy protection in the digital age is served by perpetuating fear. Doubleclick is responding to market pressure. While I like knowing the composition of the council, I'm not apt to immediately consider the effort suspect. Doubleclick has a business goal. I don't begrudge them that. But I also think the first line of defense is the responsibility of the individual.

Cookies? I want 'em. The Web works a lot better with them. Your opinion may vary, but we all would probably like more control and visibility over them. For the Slashdot audience, setting cookie defenses is a trivial exercise. But for the "unclean masses", cookies are a mystery. If all they hear are the dangers to privacy that cookies represent, then they will base their opinions on FUD.

I support the advocacy efforts of the CDT, EPIC, and EFF. But I also fear the clumsy hammer of regulation. The pressure (driven by public relations, market demand and the fear of government regulation) on Doubleclick is a good thing, but let's educate and not spread hysteria.

Posted, wondering if there's life in these old threads once they drop off the main page.

I always find it at least peculiar, if not downright weird, that the Internet generation feels that it's somehow your RIGHT to be anonymous in this world; because it isn't, and it never has been.

The United States Supreme Court disagrees with you. The Court ruled in Talley v. California (1960), and reiterated in McIntyre v. Ohio (1995), that the First Amendment protects the right to anonymity. I think that the first ruling was well in advance of the "Internet generation".

I always find it at least peculiar, if not downright weird, that the Internet generation feels that it's somehow your RIGHT to be anonymous in this world; because it isn't, and it never has been.

The United States Supreme Court disagrees with you. The Court ruled in Talley v. California (1960), and reiterated in McIntyre v. Ohio (1995), that the First Amendment protects the right to anonymity. I think that the first ruling was well in advance of the "Internet generation".

The Supreme Court has struck down laws that prohibit anonymous speech. See Talley v. California for an example. Anonymous speech has a long history in the United States. Anonymous political pamplets were widely distributed before the Revolutionary War.

Well now...lets assume that *everyone* on Slashdot boycotted DVDs to support DeCSS. Do you think that would make a difference? Would the DeCSS lawsuits be dropped? Of course not! The entire membership of Slashdot would be a mere drop in the ocean compared to the amount of people buying DVDs.

Since boycotting DVDs won't change anything, why suffer needlessly? Obviously you feel that anyone who buys a DVD is supporting an evil organization. But not everyone has such fantacism about it. Rather than chasting fellow /.'ers about not boycotting DVDs, perhaps you should make aware more realistic and effective options.

For example, Slashdotters could donate money to Epic.org or EFF.org. Write a letter to the editor of your local newspaper or a periodical. Some TV stations will let community members appear on their newsshows to give feedback. Has anyone considered doing this (in an educational, polite, non-flaming way, of course.)

There are a lot more effective ways to help bring about the end of this ridiculous lawsuit than boycotting DVDs.

I'll get off my soapbox now! =)

Secondly, there is the little matter of...da-dum... DMCA. I'm pretty sure it makes DeCSS illegal

Yes but as I'm sure you're aware, the constitution hasq a precedence over any laws passed, including the DMCA. I'm sure you remember the Communications Decency Act or whatever it was called. It was a big deal when it was passed, but slowly the courts cought up with it and eventually the Supreme Court struck it down. I believe the same thing will happen here, we just haven't had the cases yet.
Link to CDA Info

According to an old salon.com story referenced from the current one being discussed, "David Sobel, general counsel for the Electronic Privacy Information Center (EPIC), thinks that the government -- the Federal Trade Commission, to be specific -- is a more appropriate monitor for the Net."

Would that be better or worse? Technically, that is what the government is for but unfortunately, more often than not, the government goes too far. The other public sector route is a non-profit charitable organization like Epic that relies mainly on donations from private foundations and individual donors which means they have to constantly raise money to maintain their research and legal battles. When it comes down to it, I don't see how a private company could make a real profit by not catering to their members as eTrust does. I'm not saying its excusable, just that I don't think there is any 3rd party privacy/security group that could be objective and profitable.

- tokengeekgrrl
"The spirit of resistance to government is so valuable on certain occasions

can be found at http://www.epic.org/open_gov/ foia/nsa_suit_12_99.html

EFF, the Electronic Freedom Foundation, is one of the most respected advocates of "electronic civil liberties" in the United States. This includes the freedom to communicate, and the freedom to protect your communications from unwanted interlopers. You can suppport your continuing right to use data protection tools-- which Administration oficials are working to remove-- by supporting the EFF.

EPIC, the Electronic Privacy Information Center, concerns itself with publicity, lobbying, and court challenges, in the continuing battle over personal privacy in the Information Age. How much of your private business and personal habits do you want to be freely available to corporate and government busybodies? If your answer is anything less than "I don't care, let them have it all," you probably want to support EPIC.

You probably mean the EPIC report "Cryptography and Liberty 1999 - An International Survey of Encryption Policy".

Germany is rated GREEN for 1998 and 1999 which "signifies that the country promotes or has expressed support for a policy that allows for unhindered legal use of cryptography, such as adopting the OECD Guidelines." The US ratings, for comparison, are YELLOW/RED (1998) and YELLOW (1999).

You probably mean the EPIC report "Cryptography and Liberty 1999 - An International Survey of Encryption Policy".

Germany is rated GREEN for 1998 and 1999 which "signifies that the country promotes or has expressed support for a policy that allows for unhindered legal use of cryptography, such as adopting the OECD Guidelines." The US ratings, for comparison, are YELLOW/RED (1998) and YELLOW (1999).

You probably mean the EPIC report "Cryptography and Liberty 1999 - An International Survey of Encryption Policy".

Germany is rated GREEN for 1998 and 1999 which "signifies that the country promotes or has expressed support for a policy that allows for unhindered legal use of cryptography, such as adopting the OECD Guidelines." The US ratings, for comparison, are YELLOW/RED (1998) and YELLOW (1999).

Ok, so now they've submitted a patch that will fix things - that's nice. All it does is close (we hope) the hole we know about.

With a closed source package like this, which is not subjected to peer review, we have no way of knowing what else is in there and what kind of data it is sending.All sorts of other interesting things could be hidden in there.

This is not to say that each customer is going to take the time to audit the code of every pacakge they use and make sure that it doesn't infringe their privacy. But I for one feel a lot more comfortable knowing the code for software I am using is available and can be looked at.

Perhaps places like EPIC could start auditing open source packages and endorsing them as meeting certian privacy standards.

-Al

You can find the full text of the bill itself and an analysis here:

http://www.epic.org/crypto/legislation/cesa/

It appears that 64 bit encryption will be allowed, and 128 `may be' allowed if it is designed for `end users' and does not require very much tech support, and is not being exported to the 7 `terrorist' countries.

I also read in a transcipt of a White House briefing that Wassenaar will be modified to reflect this somehow, but it was somewhat vague...

Something else interesting is this so called 3rd party key repository which people can optionaly deposit thier private keys for `backup' purposes. The Government of course can get access to any key this 3rd party has after getting proper `judicial authorization'. I am sure we will see alot of Government BS to try and convince people to deposit thier keys...

--He who gives up liberty for security ends up with neither. --Benjamin Franklin

The Electronic Privacy Information Center has released "Filters & Freedom: Free Speech Perspectives on Internet Content Controls". The report is a collection of articles from anti-censorship organizations such as Peacefire, the ACLU, and the Internet Free Expression Alliance. The report is available from Amazon.

Methods of "soft-regulation" can be more dangerous than direct!

Reagle. Why the Internet is Good: Community governance that works well.

The US Constitution is an adept instrument of constraining direct legal regulation, "Congress shall make no law ...." However, modern regulation often is indirect, it sets incentives and disincentives for others (usually the market) to implement and enforce policies more effectively than the government ever could. Whereas Reidenberg suggests that governments should shift the "focus of government action away from direct regulation and towards indirect influence;" I find this trend to be frightening because he makes an assumption that I am unwilling to make: "The shift can, nevertheless, still preserve strong attributes of public oversight." [Reid97, 588] The US Constitution is poorly equipped to constrain indirect regulation.

Consider the following mechanisms of cyberspace regulation:

• direct: threat of violence, monetary penalties, and imprisonment by a centralized authority. Applies if you have a locatable physical presence or assets.
• indirect: direct methods are applied to third parties to create incentives or disincentives against the governed. (My ontology is similar to but differs from Reidenberg's [Reid97, 588])
• link : associate the resolution of a contentious proposal to one for which there is greater support. The US Government's Clipper III proposal linked the government's contested desire to access citizens' private encryption keys to the government's ability to grant much needed legal legitimacy to digital signatures.
• choke : regulate those that are easy to go after. Bavarian authorities prosecuted the head of the German Compuserve division for providing access to Internet materials including pornography and games that were violent or had Nazi imagery.
• gouge : regulate those that have deep pockets, often used with choke. A US Government copyright proposal criminalized the contributory infringement of copyright and made Internet Service Providers fiscally liable for the actions of their users.
• browbeat :threaten further regulatory action. US privacy policy has to date been predicated on the - rather weak - threat that if the "industry" doesn't self regulate, the government will get involved.
• herd : selectively place and remove liability to channel policy towards a goal without overtly setting the direction. "Mandatory self regulation" and safe harbor provisions are frequently proposed solutions to Internet issues.

These are the principal methods by which real world governments would like to regulate the Internet. Let us now turn to the methods the Internet has developed to regulate itself.

See Matt Blaze's My Life as an International Arms Courier for more on this.

I don't think your advice on 3DES is terribly clearly thought out, but that's an article for another time: 3DES is perfectly good as you say.
--

That's the Electronic Communications Privacy Act. (I'm assuming a US Company here). According to this, basically you have a right to private email UNLESS your company has an explicit policy otherwise (GROSSLY simplified...) Check it out and other great privacy resources at EPIC's Website. No one in this whole discussion appears to be a legal expert (I'm certainly not one!!) so I would advise the original person to consult one. The issue isn't whether one is downloading porn (though that's the company's hot button), but whether OTHER stuff -- extramarital affairs, HIV status, whether you like plain or crunchy -- will be uncovered that doesn't need to be.

Actually, a lot of different non-profit types monitor this sort of thing. On the subject of encryption, check out "Cryptography & Liberty 1999", a report published by the Electronic Privacy Information Center. It's a country-by-country analysis of crypto policy. Countries are rated as "Red" for most restrictive, "Yellow" for somewhat restrected or likely to restrict in the future, and "Green" for having no restrictions on encryption technology. This is the second year they've published the report, and they discuss progress and changes in policy during the past year.

Amnesty International and Human Rights Watch keep an eye on the more general issues of freedom and human rights, and have hundreds of reports on this sort of thing.

Actually, a lot of different non-profit types monitor this sort of thing. On the subject of encryption, check out "Cryptography & Liberty 1999", a report published by the Electronic Privacy Information Center. It's a country-by-country analysis of crypto policy. Countries are rated as "Red" for most restrictive, "Yellow" for somewhat restrected or likely to restrict in the future, and "Green" for having no restrictions on encryption technology. This is the second year they've published the report, and they discuss progress and changes in policy during the past year.

Amnesty International and Human Rights Watch keep an eye on the more general issues of freedom and human rights, and have hundreds of reports on this sort of thing.

This means that on the latest crypto-list, the French have progressed from "YELLOW/RED" (1998) to "GREEN/YELLOW" (1999). (Warning: Page is 272 Kb)

Note also all the other European countries who have gone from "GREEN" to "GREEN/YELLOW" by supporting the Wassenaar agreement.

Some useful Links:

Global Internet Liberty Campaign www.gilc.org

Electonic Frontiers Australia, www.efa.org.au

and of course
The Electronic Frontier Foundation, www.eff.org

The Electronic Privacy Information Center

And here's an idea: this sounds like a PERFECT reason to boycott the Sydney 2000 Olympics. After all, it always works best to get a country by the short-and-curlies if you REALLY want its' attention. . . .

After reading the decision on the Bernstein case (see the /. article for a refresher), the typo in Stephenson's book struck me as a perfect defense.

The decision refers to the Government's claim that the functional aspects of crypto override any First-Amendment issues. (See pp. 4235, 4236, 4238n., and the dissent on pp. 4246ff.) Thus, we can export the first edition of Cryptonomicon in machine-readable form, free of obnoxious restraints, precisely because it doesn't function. A comment on the code would be nice, or a pointer to the errata, but if the code don't work, the Government can't claim it's crypto!

Any takers? :-)

IANAL, but from reading the opinion of the court online, it seems that the question is essentially whether or not source code is considered "expression" under the Constitution (and thus entitled to full 1st Amendment protections) or if it is to be considered "conduct" (from what I could tell this seems to mean something which has expressive properties but is mainly functional in nature, and thus entitled to a lesser 1st Amendment protection).

Two of the three appellate judges (Fletcher and Bright)in this case decided that source code, since it was designed to be read by humans, and often used to communicate ideas, should be considered "expression". The dissenting member (Nelson) of the panel considered it to be "conduct", since he believed its primary purpose was to be run through a compiler to generate machine code.

A brief excerpt (from Fletcher):

We emphasize the narrowness of our First Amendment holding. We do not hold that all software is expressive. Much of it surely is not. Nor need we resolve whether the challenged regulations constitute content-based restrictions, subject to the strictest constitutional scrutiny, or whether they are, instead, content-neutral restrictions meriting less exacting scrutiny. We hold merely that because the prepublication licensing regime challenged here applies directly to scientific expression, vests boundless discretion in government officials, and lacks adequate procedural safeguards, it constitutes an impermissible prior restraint on speech.

However, the fight may not be over yet. Bright states:

I join Judge Fletcher's opinion. I do so because the speech aspects of encryption source code represent communication between computer programmers. I do, however, recognize the validity of Judge Nelson's view that encryption source code also has the functional purpose of controlling computers and in that regard does not command protection under the First Amendment. The importance of this case suggests that it may be appropriate for review by the United States Supreme Court.

So the Supreme Court may end up reviewing this one. Especially since in a similar case (Junger vs government) a different district court had ruled the opposite of in this case. In fact, the dissenting judge in this case cites the Junger ruling in his commentary.

"We emphasize the narrowness of our First Amendment holding. We do not hold that all software is expressive. Much of it surely is not. Nor need we resolve whether the challenged regulations constitute content-based restrictions, sub-ject to the strictest constitutional scrutiny, or whether they are, instead, content-neutral restrictions meriting less exacting scrutiny. We hold merely that because the prepublication licensing regime challenged here applies directly to scientific expression, vests boundless discretion in government officials, and lacks adequate procedural safeguards, it constitutes
an impermissible prior restraint on speech."

This is an important point to consider - the core contention of this case wasn't so much the encryption issue - it was the fact that the professor wasn't able to publish his findings in a scientific journal - his right to literary expression was abridged.

In fact, the Court specifically defers making a general ruling on the constitutionality of controlling crypto software in general.

Second, we note that the government's efforts to regulate
and control the spread of knowledge relating to encryption
may implicate more than the First Amendment rights of cryp-
tographers....

Whether we are surveilled by our government, by crimi-
nals, or by our neighbors, it is fair to say that never has our
ability to shield our affairs from prying eyes been at such a
low ebb. The availability and use of secure encryption may
offer an opportunity to reclaim some portion of the privacy
we have lost. Government efforts to control encryption thus
may well implicate not only the First Amendment rights of
cryptographers intent on pushing the boundaries of their sci-
ence, but also the constitutional rights of each of us as poten-
tial recipients of encryption's bounty. Viewed from this
perspective, the government's efforts to retard progress in
cryptography may implicate the Fourth Amendment, as well
as the right to speak anonymously, see McIntyre v. Ohio Elec-
tions Comm'n, 115 S. Ct. 1511, 1524 (1995) , the right against
compelled speech, see Wooley v. Maynard, 430 U.S. 705, 714
(1977), and the right to informational privacy, see Whalen v.
Roe, 429 U.S. 589, 599-600 (1977). While we leave for
another day the resolution of these difficult issues, it is impor-
tant to point out that Bernstein's is a suit not merely concern-
ing a small group of scientists laboring in an esoteric field, but
also touches on the public interest broadly defined."

The right to anonymous communication is gaurenteed by the first ammendment . See McIntyre v. Ohio Election Commission(1995) and Talley v. California, 362 U.S. 60, 65 (1960).


--Dante (who is afraid of cookies)

The right to anonymous communication is gaurenteed by the first ammendment . See McIntyre v. Ohio Election Commission(1995) and Talley v. California, 362 U.S. 60, 65 (1960).


--Dante (who is afraid of cookies)