Slashdot Mirror

New submitter kodiaktau writes "A recently presented paper discusses how large data sets can improve learning algorithms, but points out that researchers still need to account for bias and incompleteness before drawing conclusions. The paper also goes into the need for responsible business practices to manage these data sets. 'There's been the emergence of a philosophy that big data is all you need. We would suggest that, actually, numbers don't speak for themselves.' The full paper is available through SSRN. Of particular importance is their assertion that even huge data sets can and will be affected by filters or the analyst who is interpreting it. '[Study co-author Kate Crawford] notes that many big data sets — particularly social data — come from companies that have no obligation to support scientific inquiry. Getting access to the data might mean paying for it, or keeping the company happy by not performing certain types of studies.'"

GNUman writes "A news story in this week's Nature Journal talks about patent trolls attacking biotech companies. They cite a case in which the U.S. federal court of appeals upheld 'a patent that covered the idea of trying to link infant vaccination with later immune disorders.' The news story also references an interesting article from researchers at Boston University School of Law (Bessen, James E. et al, 2011, 'The Private and Social Costs of Patent Trolls'), in which they analyze the effect of litigation on the wealth of the defendants via their stock's value before and after litigation, and given that such loss minimally translates into an increment in the wealth of the inventor, they determine that patent litigation harms society and removes incentives for innovation."

An anonymous reader writes "In a widely circulated American Political Science Association conference paper, Yale scholar Navid Hassanpour argues that shutting down the internet made things difficult for sustaining a centralized revolutionary movement in Egypt. But, he adds, the shutdown actually encouraged the development of smaller revolutionary uprisings at local levels where the face-to-face interaction between activists was more intense and the mobilization of inactive lukewarm dissidents was easier. In other words, closing down the internet made the revolution more diffuse and more difficult for the authorities to contain." As long as we're on the subject, reader lecheiron points out news of research into predicting revolutions by feeding millions of news articles into a supercomputer and using word analysis to chart national sentiment. So far it's pretty good at predicting things that have already happened, but we should probably wait until it finds something new before contacting Hari Seldon.

An anonymous reader writes "In a guest post on the Patently-O blog, Villanova University professor Michael Risch summarizes his detailed study into the methods and efficacy of patent trolls. He writes, 'It turns out that most of what I thought about trolls — good or bad — was wrong.... Perhaps the biggest surprise in the study was the provenance of patents. I thought most patents came from failed startups. While such patents were represented (about 14% of initial assignees were defunct), most came from companies still in business in 2010. Indeed, more than a third of the initial assignees were publicly traded, a subsidiary of a public company, or venture capital recipients. Only 21% were patent assertion entities at the time the patent issued, and many of those were inventor owned companies (like Katz) rather than acquisition entities (like Acacia). ... Another area of surprise was patent quality. While trolls almost never won their cases if they went to judgment (only three cases led to an infringement finding on the merits), the percentage of patents invalidated on the merits was lower than I expected.'"

pieterh writes "Boston University's James Bessen has published a landmark study [abstract; full paper available at the link, free of charge] on a generation of software patents. Looking at almost 20 years of software patents, he finds 'that most software firms still do not patent, most software patents are obtained by a few large firms in the software industry or in other industries, and the risk of litigation from software patents continues to increase dramatically. Given these findings, it is hard to conclude that software patents have provided a net social benefit in the software industry.' Not that this surprises anyone actually innovating in software."

maroberts writes "According to a research paper produced from a collaboration between the University of Texas and the Centre for European Economic Research, violent video games may induce aggressive behavior, but the incapacitation effect outweighs this and produces a genuine reduction in violent crime. This paper was referenced in a BBC news story giving reasons why the US crime rates are falling (at least outside the prisons!)"

decora writes "An SAIC analyst has written a paper [PDF] calling for the 'stigmatization' of the 'unattractive' types who tend to discuss government secrets in public. The plan, described in the Naval Postgraduate School Homeland Security Affairs journal, is to promote self-censorship as a 'civic duty'. Who needs to censor themselves? Amateur enthusiasts who describe satellite orbits, scientists who describe threats to the food supply, graduate students mapping the internet, the Government Accountability Office, which publishes failure reports on the TSA, the US Geologic Survey, which publishes surface water information, newspapers (the New York Times), TV shows, journalism websites, anti-secrecy websites, and even security author Bruce Schneier, to name a few."

peter.hill.1980 writes "Wall Street's money making formulas need to be as explicit as possible for efficiency purposes. An old, existing and famous formula — binomial options pricing formula — has now been scrutinized for theoretical optimality in a forthcoming paper by Evangelos Georgiadis of MIT using Gosper's Algorithm, proving that no general explicit or closed form expression exists for pricing."

Glyn Moody writes "The FSF has funded a new video, 'Patent Absurdity: how software patents broke the system,' freely available (of course) in Ogg Theora format (what else?). It comes at a time when a lot is happening in the world of patents. Recent work from leading academics has called into question their basis: 'The work in this paper, and that of many others, suggests that this traditionally-struck "devil's bargain" may not be beneficial.' We recently discussed how a judge struck down Myriad Genetics's patents on two genes because they involved a law of Nature, and were thus 'improperly granted.' Meanwhile, the imminent Supreme Court ruling In re Bilski is widely expected to have negative knock-on effects for business method and software patents. Is the tide beginning to turn?"

Hugh Pickens writes "Despite all the new fraud alert tools and increased awareness of the perils of identity theft, incidence of the crime remains at 2003 levels, with about 10 million Americans falling victim every year. Now the NY Times reports that there may be a simple reason for the persistence of ID theft: lenders are too willing to extend credit to just about anybody, even when there are big red flags that indicate fraud. Chris Jay Hoofnagle at UC Berkeley worked with a small sample of six ID theft victims and delved into how they were defrauded. Of 16 applications presented by imposters to obtain credit or medical services, almost all were rife with errors that should have suggested fraud — yet in all 16 cases, credit or services were granted anyway. 'Identity theft remains so prevalent because it is less costly to tolerate fraud,' writes Hoofnagle. 'Adopting more aggressive and expensive anti-fraud measures is extremely costly and jeopardizes customer acquisition efforts.' Hoofnagle says business decisions leave individuals and merchants with some of the externalities of identity theft as victims spend their own money, and more often, valuable personal time dealing with the problem. Hoofnagle suggests that lenders contribute to a fund that will compensate victims for the loss of their time in resolving their ID theft problems."

megamerican writes "President Barack Obama's appointee to head the Office of Information and Regulatory Affairs advocated in a recent paper the 'cognitive infiltration' of groups that advocate 'conspiracy theories' like the ones surrounding 9/11 via 'chat rooms, online social networks, or even real-space groups and attempt to undermine' those groups. Sunstein admits that 'some conspiracy theories, under our definition, have turned out to be true' Sunstein has also recently advocated banning websites which post 'right-wing rumors' and bringing back the Fairness Doctrine. You can find a PDF of his paper here. For decades (1956-1971), the FBI under COINTELPRO focused on disrupting, marginalizing and neutralizing political dissidents, most notably the Black Panthers. More recently CENTCOM announced it would be engaging bloggers 'who are posting inaccurate or untrue information, as well as bloggers who are posting incomplete information.' In January 2009 the USAF released a flow-chart for 'counter-bloggers' to 'counter the people out there in the blogosphere who have negative opinions about the US government and the Air Force.'"

An anonymous reader writes "Coming out of Columbia Law School is an article about commercial data brokers and their ability to provide information about individuals to the US government despite Fourth Amendment or statutory protections (abstract, full PDF at Download link). Quoting: 'The Supreme Court has held that the Fourth Amendment does not protect information that has been voluntarily disclosed to a third-party or obtained by means of a private search. Congress reacted to these holdings by creating a patchwork of statutes designed to prevent the government's direct and unfettered access to documents stored with third-parties; thus, the government's access is fettered by various statutory requirements, including, in many cases, notice of the disclosure. Despite these protections, however, third-parties are not restricted from passing the same data to other private companies (fourth-parties), and after the events of September 11, 2001, the government, believing that it needed a greater scope of surveillance, turned to the fourth-parties to access the personal information it could not acquire on its own. As a consequence, the fourth-parties, unrestricted by Fourth Amendment or statutory concerns, delivered — and continue to deliver — personal data en masse to the government.'"

Frequent Slashdot contributor Bennett Haselton writes "A federal judge rules that government can obtain access to a person's inbox contents without any notification to the subscriber. The pros and cons of this are complicated, but the decision hinges on the assertion that ISP customers have lowered privacy interests in e-mail because they 'expose to the ISP's employees in the ordinary course of business the contents of their e-mails.' Fortunately for everybody, this is not true — most ISPs do not allow their employees to read customer e-mails 'in the ordinary course of business' — but then what are the consequences for the rest of the argument?" Read on for the rest of Bennett's analysis.

Federal Judge Michael Mosman has ruled that the government can read your e-mails stored with a third-party provider like GMail, without notifying you that a search warrant has been executed (PDF) against your account. (Actually, the judge ruled that there is no "notice" requirement triggered at all, so that in theory, neither GMail nor the subscriber would have to be notified — but that seems only of theoretical interest, since in practice GMail would have to cooperate in order to execute the warrant, unless the government is planning to have ninjas sneak into their server farm at night. The substantive impact of the ruling is that e-mails can be read without notifying the subscriber.)

Now, as I said when writing about the possibility of undetectable encryption being installed on people's computers, at the risk of incurring the wrath of civil libertarian allies, I am not 100% in favor of limiting governmental power in cases like these. Restraints on governmental power have their pros and cons, and many people who are targeted by government investigations really are evil. There may be cases where the government can only prevent harm from being done, by gaining access to someone's e-mail account, and by preventing the subscriber from finding out that their e-mails are being read. However, all of these arguments are also true when applied to governmental seizure of property from someone's home — and yet we still have Fourth Amendment protections against warrantless searches of your house. So should they, and do they, legally apply to e-mail? And under the "third party doctrine," should the government have to notify the subscriber of the search, or only the ISP?

Law Professor Orin Kerr of George Washington University Law School has written an article [click on the link and then press the download button to download a draft] arguing that the Fourth Amendment does apply to e-mail. But he has also written another article arguing in favor of the third-party doctrine — essentially, that when the government seizes property that is in the possession of a third party, it only has to notify the third party, not the property owner. To the extent that this is relevant to the GMail case, the argument would appear to support Judge Mosman's ruling. However, Kerr's paper also acknowledges that the third party rule has been the subject of scorching criticism of other Fourth Amendment scholars, calling it "dead wrong" and "making a mockery of the Fourth Amendment."

It will probably be a long time before courts are issuing consistent rulings on the third-party rule as it applies to e-mail. In the meantime, though, one statement in Judge Mosman's ruling sticks out in particular:

"[T]he defendants voluntarily conveyed to the ISPs and exposed to the ISP's employees in the ordinary course of business the contents of their e-mails."

This was the basis for further reasoning that the defendants had less of an expectation of privacy in their e-mail contents, and hence that there was a strong case for allowing the government to read the e-mails without notice to the defendants. (In this he was drawing an analogy to a previous ruling in which a court held that a bank's customer has "no legitimate expectation of privacy" in his bank records because they were "voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business.")

But as applied to ISPs, this is a statement of fact, not a statement of law, and as a statement of fact it's simply wrong. ISP employees, even the most highly placed ones, do not have access to customers' e-mails "in the ordinary course of business." And even in the non-ordinary course of business, in the case where e-mails have to be inspected to satisfy a subpoena requirement or to investigate an abuse report, only employees with the proper business justification can read the e-mails. (At the e-mail provider that I use, SpeakEasy, employees can only access accounts with the explicit permission of the customer, and only then by resetting the password or obtaining the password from the customer. When I worked in MSN accounts, most employees didn't have the security clearance to access customer accounts at all.)

This tracks with what customers reasonably expect from banks versus what they reasonably expect from ISPs. If I called my bank to ask about the status of my account, and the customer service representative noted that I had a high number of overseas wire transfers and asked if I wanted to upgrade to a business account with a reduced wire fee, it probably wouldn't even occur to me to be offended that she had looked at my transaction records. On the other hand, if I called SpeakEasy and asked them to add more space in my inbox, and the tech support guy said, "Dude, you could do a lot better than Chloe," I might think he was overdue for a review of their customer privacy policy.

Judge Mosman uses several more analogies in arguing that the third-party doctrine applies to e-mails (beginning on page 12 of the ruling), analogies between e-mail and real-world situations that most of us are familiar with, like leaving documents out in the open at someone else's house. Now, most of us don't have the expertise to comment on the legal technicalities. But in the game of analogies, we're all experts, insofar as we're qualified to comment on whether we feel that one thing is "like" another, or whether our "expectations of privacy" in the two areas are similar. And under the rules of that game, I would disagree with the judge's analogies for several reasons:

1. There is a difference between leaving property in someone else's possession because you don't care very much about keeping it private, and leaving property in someone else's possession because you have no choice. The judge cites precedents in which courts ruled, variously: (a) that when a suspect left documents at his mother's house and the police executed a warrant there, they only had to provide notice to the mother, not the suspect, even though the mother was not the owner of the documents; (b) that a defendant had no grounds to object to the search of another person's purse, when the search turned up drugs belonging to the defendant; and (c) that defendants 'could not make a Fourth Amendment claim regarding a search of someone else's car because they had no "legitimate expectation of privacy in the glove compartment or area under the seat of the car in which they were merely passengers."' But all of those cases involved property that the defendants chose to leave in the possession of someone else, rather than keeping on their person or in their own houses. In all of these cases, the person X who left the property in the possession of person Y, could not have expected that person Y would keep their eyes off of that property, or would shield it from the view of casual acquaintances who happened to see it there. So by allowing the notice only to be served on person Y, these three cases are just specific implementations of a general rule: "If person X leaves property with person Y, with no expectation that person Y would refrain from examining the property, then the notice of warrant only has to be served on person Y."

This rule does not generalize to GMail accounts. If I send and receive messages through a GMail account, I know that they're stored on Google's servers, but that's out of necessity in order for them to provide web-based e-mail that can be accessed from multiple locations. By allowing the e-mails to be stored on their servers, I haven't conveyed that I care any less about their private contents, because I didn't have a choice. Now, if I had printed out an e-mail from GMail and left it lying around at my Mom's house, or in a friend's glove compartment, then that could be interpreted to indicate that I had less interest in keeping that e-mail private, and it would be more analogous to the situations above. In fact if I had sent an e-mail to someone working at Google, I would understand that my expectation of privacy had been lowered significantly, and that the recipient might forward it to their friends or leave a printout on their desk, or that the police might request for him to show it to them without notifying me. Simply having an e-mail stored in a GMail account is not the same thing.

2. E-mails are not like bank records, because you have a greater expectation of privacy for e-mails, even from the institutions that hold them. It's true that bank transactions are more closely analogous to web-based e-mails, because they're both stored on company servers by the nature of the business, so this analogy isn't as badly flawed as the previous ones. But in addition to the fact mentioned above, that ISP employees do not have access to your e-mails "in the ordinary course of business" despite what Judge Mosman wrote, there is the "inside/outside" distinction that Orin Kerr describes in his paper on the Fourth Amendment and e-mail. Essentially, police don't need a warrant to observe what goes on outside your home — whatever is visible from a public street — but they would need a warrant to take their inspection inside. Kerr argues for extending this analogy to the "content/non-content" rule for Internet transactions, so that Fourth Amendment protection would apply to the contents of e-mails, but not necessarily to the "outside" information such as sender, recipient, and transmission time. (Actually that still seems like rather weak privacy protection, to say that the Fourth Amendment doesn't protect information about who we exchange e-mails with, but even this watered-down argument still implies stronger privacy protection for e-mail contents.) Bank transaction records would be more like "outside" information and less deserving of privacy protection, so the analogy doesn't hold.

3. By analogy to the expectation of privacy in people's homes, the expectation of privacy for the contents of e-mail is possibly greater. Judge Mosman writes, "The sanctity of the home is often cited as the central purpose for this notice requirement, but the requirement has not been explicitly limited to searches of homes," and quotes from another court decision: "[t]he mere thought of strangers walking through and visually examining the center of our privacy interest, our home, arouses our passion for freedom as does nothing else." Well, since he brought it up, if it's relevant to compare the "passion" that's "aroused" by the invasion of various spheres of privacy, if I had a choice I would rather have a stranger wander through my house and inspect everything except the computer, than allow them access to my browser history and all the e-mails I'd sent and received in the past year. (And that's not even taking into account the violations of other people's privacy that would be entailed by someone looking through all of my e-mails.) Applying the test of "What would you rather have people see?", most people who make more than casual use of e-mail, seem to care more about the privacy of their e-mail than about the privacy of what's visibly lying around in their house — if a good friend drops by unannounced, you can usually lead them through your house without worrying about what they'd see, but you probably wouldn't give the same person a complete record of all your e-mails in the past year. (Remember, according to the judge's quote, we're comparing "visually examining" your house vs. your e-mail, not actually physically taking anything.)

As I said, I'm not necessarily opposed to the government having the authority to obtain records of people's e-mails if they have an extremely good reason, without necessarily having to notify the subscriber that their e-mails had been read. But the justification should not rest on wrong-headed assumptions like the notion that ISP customers "expose to the ISP's employees in the ordinary course of business the contents of their e-mails." I wonder if even Judge Mosman thinks that's true. If he got a call from his bank offering to upgrade his account based on recent transaction activity, he'd probably just politely get them off the phone like the rest of us. But if he got a call from his ISP tomorrow, saying that his e-mails were starting to sound cranky and they were wondering if there was anything they could do to cheer him up, would he just thank them for their concern and leave it at that?

Frequent Slashdot contributor Bennett Haselton writes "A federal judge rules that government can obtain access to a person's inbox contents without any notification to the subscriber. The pros and cons of this are complicated, but the decision hinges on the assertion that ISP customers have lowered privacy interests in e-mail because they 'expose to the ISP's employees in the ordinary course of business the contents of their e-mails.' Fortunately for everybody, this is not true — most ISPs do not allow their employees to read customer e-mails 'in the ordinary course of business' — but then what are the consequences for the rest of the argument?" Read on for the rest of Bennett's analysis.

Federal Judge Michael Mosman has ruled that the government can read your e-mails stored with a third-party provider like GMail, without notifying you that a search warrant has been executed (PDF) against your account. (Actually, the judge ruled that there is no "notice" requirement triggered at all, so that in theory, neither GMail nor the subscriber would have to be notified — but that seems only of theoretical interest, since in practice GMail would have to cooperate in order to execute the warrant, unless the government is planning to have ninjas sneak into their server farm at night. The substantive impact of the ruling is that e-mails can be read without notifying the subscriber.)

Now, as I said when writing about the possibility of undetectable encryption being installed on people's computers, at the risk of incurring the wrath of civil libertarian allies, I am not 100% in favor of limiting governmental power in cases like these. Restraints on governmental power have their pros and cons, and many people who are targeted by government investigations really are evil. There may be cases where the government can only prevent harm from being done, by gaining access to someone's e-mail account, and by preventing the subscriber from finding out that their e-mails are being read. However, all of these arguments are also true when applied to governmental seizure of property from someone's home — and yet we still have Fourth Amendment protections against warrantless searches of your house. So should they, and do they, legally apply to e-mail? And under the "third party doctrine," should the government have to notify the subscriber of the search, or only the ISP?

Law Professor Orin Kerr of George Washington University Law School has written an article [click on the link and then press the download button to download a draft] arguing that the Fourth Amendment does apply to e-mail. But he has also written another article arguing in favor of the third-party doctrine — essentially, that when the government seizes property that is in the possession of a third party, it only has to notify the third party, not the property owner. To the extent that this is relevant to the GMail case, the argument would appear to support Judge Mosman's ruling. However, Kerr's paper also acknowledges that the third party rule has been the subject of scorching criticism of other Fourth Amendment scholars, calling it "dead wrong" and "making a mockery of the Fourth Amendment."

It will probably be a long time before courts are issuing consistent rulings on the third-party rule as it applies to e-mail. In the meantime, though, one statement in Judge Mosman's ruling sticks out in particular:

"[T]he defendants voluntarily conveyed to the ISPs and exposed to the ISP's employees in the ordinary course of business the contents of their e-mails."

This was the basis for further reasoning that the defendants had less of an expectation of privacy in their e-mail contents, and hence that there was a strong case for allowing the government to read the e-mails without notice to the defendants. (In this he was drawing an analogy to a previous ruling in which a court held that a bank's customer has "no legitimate expectation of privacy" in his bank records because they were "voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business.")

But as applied to ISPs, this is a statement of fact, not a statement of law, and as a statement of fact it's simply wrong. ISP employees, even the most highly placed ones, do not have access to customers' e-mails "in the ordinary course of business." And even in the non-ordinary course of business, in the case where e-mails have to be inspected to satisfy a subpoena requirement or to investigate an abuse report, only employees with the proper business justification can read the e-mails. (At the e-mail provider that I use, SpeakEasy, employees can only access accounts with the explicit permission of the customer, and only then by resetting the password or obtaining the password from the customer. When I worked in MSN accounts, most employees didn't have the security clearance to access customer accounts at all.)

This tracks with what customers reasonably expect from banks versus what they reasonably expect from ISPs. If I called my bank to ask about the status of my account, and the customer service representative noted that I had a high number of overseas wire transfers and asked if I wanted to upgrade to a business account with a reduced wire fee, it probably wouldn't even occur to me to be offended that she had looked at my transaction records. On the other hand, if I called SpeakEasy and asked them to add more space in my inbox, and the tech support guy said, "Dude, you could do a lot better than Chloe," I might think he was overdue for a review of their customer privacy policy.

Judge Mosman uses several more analogies in arguing that the third-party doctrine applies to e-mails (beginning on page 12 of the ruling), analogies between e-mail and real-world situations that most of us are familiar with, like leaving documents out in the open at someone else's house. Now, most of us don't have the expertise to comment on the legal technicalities. But in the game of analogies, we're all experts, insofar as we're qualified to comment on whether we feel that one thing is "like" another, or whether our "expectations of privacy" in the two areas are similar. And under the rules of that game, I would disagree with the judge's analogies for several reasons:

1. There is a difference between leaving property in someone else's possession because you don't care very much about keeping it private, and leaving property in someone else's possession because you have no choice. The judge cites precedents in which courts ruled, variously: (a) that when a suspect left documents at his mother's house and the police executed a warrant there, they only had to provide notice to the mother, not the suspect, even though the mother was not the owner of the documents; (b) that a defendant had no grounds to object to the search of another person's purse, when the search turned up drugs belonging to the defendant; and (c) that defendants 'could not make a Fourth Amendment claim regarding a search of someone else's car because they had no "legitimate expectation of privacy in the glove compartment or area under the seat of the car in which they were merely passengers."' But all of those cases involved property that the defendants chose to leave in the possession of someone else, rather than keeping on their person or in their own houses. In all of these cases, the person X who left the property in the possession of person Y, could not have expected that person Y would keep their eyes off of that property, or would shield it from the view of casual acquaintances who happened to see it there. So by allowing the notice only to be served on person Y, these three cases are just specific implementations of a general rule: "If person X leaves property with person Y, with no expectation that person Y would refrain from examining the property, then the notice of warrant only has to be served on person Y."

This rule does not generalize to GMail accounts. If I send and receive messages through a GMail account, I know that they're stored on Google's servers, but that's out of necessity in order for them to provide web-based e-mail that can be accessed from multiple locations. By allowing the e-mails to be stored on their servers, I haven't conveyed that I care any less about their private contents, because I didn't have a choice. Now, if I had printed out an e-mail from GMail and left it lying around at my Mom's house, or in a friend's glove compartment, then that could be interpreted to indicate that I had less interest in keeping that e-mail private, and it would be more analogous to the situations above. In fact if I had sent an e-mail to someone working at Google, I would understand that my expectation of privacy had been lowered significantly, and that the recipient might forward it to their friends or leave a printout on their desk, or that the police might request for him to show it to them without notifying me. Simply having an e-mail stored in a GMail account is not the same thing.

2. E-mails are not like bank records, because you have a greater expectation of privacy for e-mails, even from the institutions that hold them. It's true that bank transactions are more closely analogous to web-based e-mails, because they're both stored on company servers by the nature of the business, so this analogy isn't as badly flawed as the previous ones. But in addition to the fact mentioned above, that ISP employees do not have access to your e-mails "in the ordinary course of business" despite what Judge Mosman wrote, there is the "inside/outside" distinction that Orin Kerr describes in his paper on the Fourth Amendment and e-mail. Essentially, police don't need a warrant to observe what goes on outside your home — whatever is visible from a public street — but they would need a warrant to take their inspection inside. Kerr argues for extending this analogy to the "content/non-content" rule for Internet transactions, so that Fourth Amendment protection would apply to the contents of e-mails, but not necessarily to the "outside" information such as sender, recipient, and transmission time. (Actually that still seems like rather weak privacy protection, to say that the Fourth Amendment doesn't protect information about who we exchange e-mails with, but even this watered-down argument still implies stronger privacy protection for e-mail contents.) Bank transaction records would be more like "outside" information and less deserving of privacy protection, so the analogy doesn't hold.

3. By analogy to the expectation of privacy in people's homes, the expectation of privacy for the contents of e-mail is possibly greater. Judge Mosman writes, "The sanctity of the home is often cited as the central purpose for this notice requirement, but the requirement has not been explicitly limited to searches of homes," and quotes from another court decision: "[t]he mere thought of strangers walking through and visually examining the center of our privacy interest, our home, arouses our passion for freedom as does nothing else." Well, since he brought it up, if it's relevant to compare the "passion" that's "aroused" by the invasion of various spheres of privacy, if I had a choice I would rather have a stranger wander through my house and inspect everything except the computer, than allow them access to my browser history and all the e-mails I'd sent and received in the past year. (And that's not even taking into account the violations of other people's privacy that would be entailed by someone looking through all of my e-mails.) Applying the test of "What would you rather have people see?", most people who make more than casual use of e-mail, seem to care more about the privacy of their e-mail than about the privacy of what's visibly lying around in their house — if a good friend drops by unannounced, you can usually lead them through your house without worrying about what they'd see, but you probably wouldn't give the same person a complete record of all your e-mails in the past year. (Remember, according to the judge's quote, we're comparing "visually examining" your house vs. your e-mail, not actually physically taking anything.)

As I said, I'm not necessarily opposed to the government having the authority to obtain records of people's e-mails if they have an extremely good reason, without necessarily having to notify the subscriber that their e-mails had been read. But the justification should not rest on wrong-headed assumptions like the notion that ISP customers "expose to the ISP's employees in the ordinary course of business the contents of their e-mails." I wonder if even Judge Mosman thinks that's true. If he got a call from his bank offering to upgrade his account based on recent transaction activity, he'd probably just politely get them off the phone like the rest of us. But if he got a call from his ISP tomorrow, saying that his e-mails were starting to sound cranky and they were wondering if there was anything they could do to cheer him up, would he just thank them for their concern and leave it at that?

Frequent Slashdot contributor Bennett Haselton writes "A federal judge rules that government can obtain access to a person's inbox contents without any notification to the subscriber. The pros and cons of this are complicated, but the decision hinges on the assertion that ISP customers have lowered privacy interests in e-mail because they 'expose to the ISP's employees in the ordinary course of business the contents of their e-mails.' Fortunately for everybody, this is not true — most ISPs do not allow their employees to read customer e-mails 'in the ordinary course of business' — but then what are the consequences for the rest of the argument?" Read on for the rest of Bennett's analysis.

Federal Judge Michael Mosman has ruled that the government can read your e-mails stored with a third-party provider like GMail, without notifying you that a search warrant has been executed (PDF) against your account. (Actually, the judge ruled that there is no "notice" requirement triggered at all, so that in theory, neither GMail nor the subscriber would have to be notified — but that seems only of theoretical interest, since in practice GMail would have to cooperate in order to execute the warrant, unless the government is planning to have ninjas sneak into their server farm at night. The substantive impact of the ruling is that e-mails can be read without notifying the subscriber.)

Now, as I said when writing about the possibility of undetectable encryption being installed on people's computers, at the risk of incurring the wrath of civil libertarian allies, I am not 100% in favor of limiting governmental power in cases like these. Restraints on governmental power have their pros and cons, and many people who are targeted by government investigations really are evil. There may be cases where the government can only prevent harm from being done, by gaining access to someone's e-mail account, and by preventing the subscriber from finding out that their e-mails are being read. However, all of these arguments are also true when applied to governmental seizure of property from someone's home — and yet we still have Fourth Amendment protections against warrantless searches of your house. So should they, and do they, legally apply to e-mail? And under the "third party doctrine," should the government have to notify the subscriber of the search, or only the ISP?

Law Professor Orin Kerr of George Washington University Law School has written an article [click on the link and then press the download button to download a draft] arguing that the Fourth Amendment does apply to e-mail. But he has also written another article arguing in favor of the third-party doctrine — essentially, that when the government seizes property that is in the possession of a third party, it only has to notify the third party, not the property owner. To the extent that this is relevant to the GMail case, the argument would appear to support Judge Mosman's ruling. However, Kerr's paper also acknowledges that the third party rule has been the subject of scorching criticism of other Fourth Amendment scholars, calling it "dead wrong" and "making a mockery of the Fourth Amendment."

It will probably be a long time before courts are issuing consistent rulings on the third-party rule as it applies to e-mail. In the meantime, though, one statement in Judge Mosman's ruling sticks out in particular:

"[T]he defendants voluntarily conveyed to the ISPs and exposed to the ISP's employees in the ordinary course of business the contents of their e-mails."

This was the basis for further reasoning that the defendants had less of an expectation of privacy in their e-mail contents, and hence that there was a strong case for allowing the government to read the e-mails without notice to the defendants. (In this he was drawing an analogy to a previous ruling in which a court held that a bank's customer has "no legitimate expectation of privacy" in his bank records because they were "voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business.")

But as applied to ISPs, this is a statement of fact, not a statement of law, and as a statement of fact it's simply wrong. ISP employees, even the most highly placed ones, do not have access to customers' e-mails "in the ordinary course of business." And even in the non-ordinary course of business, in the case where e-mails have to be inspected to satisfy a subpoena requirement or to investigate an abuse report, only employees with the proper business justification can read the e-mails. (At the e-mail provider that I use, SpeakEasy, employees can only access accounts with the explicit permission of the customer, and only then by resetting the password or obtaining the password from the customer. When I worked in MSN accounts, most employees didn't have the security clearance to access customer accounts at all.)

This tracks with what customers reasonably expect from banks versus what they reasonably expect from ISPs. If I called my bank to ask about the status of my account, and the customer service representative noted that I had a high number of overseas wire transfers and asked if I wanted to upgrade to a business account with a reduced wire fee, it probably wouldn't even occur to me to be offended that she had looked at my transaction records. On the other hand, if I called SpeakEasy and asked them to add more space in my inbox, and the tech support guy said, "Dude, you could do a lot better than Chloe," I might think he was overdue for a review of their customer privacy policy.

Judge Mosman uses several more analogies in arguing that the third-party doctrine applies to e-mails (beginning on page 12 of the ruling), analogies between e-mail and real-world situations that most of us are familiar with, like leaving documents out in the open at someone else's house. Now, most of us don't have the expertise to comment on the legal technicalities. But in the game of analogies, we're all experts, insofar as we're qualified to comment on whether we feel that one thing is "like" another, or whether our "expectations of privacy" in the two areas are similar. And under the rules of that game, I would disagree with the judge's analogies for several reasons:

1. There is a difference between leaving property in someone else's possession because you don't care very much about keeping it private, and leaving property in someone else's possession because you have no choice. The judge cites precedents in which courts ruled, variously: (a) that when a suspect left documents at his mother's house and the police executed a warrant there, they only had to provide notice to the mother, not the suspect, even though the mother was not the owner of the documents; (b) that a defendant had no grounds to object to the search of another person's purse, when the search turned up drugs belonging to the defendant; and (c) that defendants 'could not make a Fourth Amendment claim regarding a search of someone else's car because they had no "legitimate expectation of privacy in the glove compartment or area under the seat of the car in which they were merely passengers."' But all of those cases involved property that the defendants chose to leave in the possession of someone else, rather than keeping on their person or in their own houses. In all of these cases, the person X who left the property in the possession of person Y, could not have expected that person Y would keep their eyes off of that property, or would shield it from the view of casual acquaintances who happened to see it there. So by allowing the notice only to be served on person Y, these three cases are just specific implementations of a general rule: "If person X leaves property with person Y, with no expectation that person Y would refrain from examining the property, then the notice of warrant only has to be served on person Y."

This rule does not generalize to GMail accounts. If I send and receive messages through a GMail account, I know that they're stored on Google's servers, but that's out of necessity in order for them to provide web-based e-mail that can be accessed from multiple locations. By allowing the e-mails to be stored on their servers, I haven't conveyed that I care any less about their private contents, because I didn't have a choice. Now, if I had printed out an e-mail from GMail and left it lying around at my Mom's house, or in a friend's glove compartment, then that could be interpreted to indicate that I had less interest in keeping that e-mail private, and it would be more analogous to the situations above. In fact if I had sent an e-mail to someone working at Google, I would understand that my expectation of privacy had been lowered significantly, and that the recipient might forward it to their friends or leave a printout on their desk, or that the police might request for him to show it to them without notifying me. Simply having an e-mail stored in a GMail account is not the same thing.

2. E-mails are not like bank records, because you have a greater expectation of privacy for e-mails, even from the institutions that hold them. It's true that bank transactions are more closely analogous to web-based e-mails, because they're both stored on company servers by the nature of the business, so this analogy isn't as badly flawed as the previous ones. But in addition to the fact mentioned above, that ISP employees do not have access to your e-mails "in the ordinary course of business" despite what Judge Mosman wrote, there is the "inside/outside" distinction that Orin Kerr describes in his paper on the Fourth Amendment and e-mail. Essentially, police don't need a warrant to observe what goes on outside your home — whatever is visible from a public street — but they would need a warrant to take their inspection inside. Kerr argues for extending this analogy to the "content/non-content" rule for Internet transactions, so that Fourth Amendment protection would apply to the contents of e-mails, but not necessarily to the "outside" information such as sender, recipient, and transmission time. (Actually that still seems like rather weak privacy protection, to say that the Fourth Amendment doesn't protect information about who we exchange e-mails with, but even this watered-down argument still implies stronger privacy protection for e-mail contents.) Bank transaction records would be more like "outside" information and less deserving of privacy protection, so the analogy doesn't hold.

3. By analogy to the expectation of privacy in people's homes, the expectation of privacy for the contents of e-mail is possibly greater. Judge Mosman writes, "The sanctity of the home is often cited as the central purpose for this notice requirement, but the requirement has not been explicitly limited to searches of homes," and quotes from another court decision: "[t]he mere thought of strangers walking through and visually examining the center of our privacy interest, our home, arouses our passion for freedom as does nothing else." Well, since he brought it up, if it's relevant to compare the "passion" that's "aroused" by the invasion of various spheres of privacy, if I had a choice I would rather have a stranger wander through my house and inspect everything except the computer, than allow them access to my browser history and all the e-mails I'd sent and received in the past year. (And that's not even taking into account the violations of other people's privacy that would be entailed by someone looking through all of my e-mails.) Applying the test of "What would you rather have people see?", most people who make more than casual use of e-mail, seem to care more about the privacy of their e-mail than about the privacy of what's visibly lying around in their house — if a good friend drops by unannounced, you can usually lead them through your house without worrying about what they'd see, but you probably wouldn't give the same person a complete record of all your e-mails in the past year. (Remember, according to the judge's quote, we're comparing "visually examining" your house vs. your e-mail, not actually physically taking anything.)

As I said, I'm not necessarily opposed to the government having the authority to obtain records of people's e-mails if they have an extremely good reason, without necessarily having to notify the subscriber that their e-mails had been read. But the justification should not rest on wrong-headed assumptions like the notion that ISP customers "expose to the ISP's employees in the ordinary course of business the contents of their e-mails." I wonder if even Judge Mosman thinks that's true. If he got a call from his bank offering to upgrade his account based on recent transaction activity, he'd probably just politely get them off the phone like the rest of us. But if he got a call from his ISP tomorrow, saying that his e-mails were starting to sound cranky and they were wondering if there was anything they could do to cheer him up, would he just thank them for their concern and leave it at that?

itwbennett writes "A survey by the Berkeley Center for Law and Technology at the University of California Berkeley School of Law and the Annenberg School for Communication at the University of Pennsylvania finds that US residents do not want to receive Web advertising tailored to their interests. 66% of those surveyed said they don't want tailored, or targeted, online ads and when asked if online ad vendors should deliver targeted ads by tracking customers' behavior across multiple Web sites, 86% of the 1,000 respondents said no. 35% of respondents said executives of companies that use personal information illegally should face jail time, and 18% said those companies should be put out of business. 'While privacy advocates have lambasted behavioral targeting for tracking and labeling people in ways they do not know or understand, marketers have defended the practice by insisting it gives Americans what they want: advertisements and other forms of content that are as relevant to their lives as possible,' the study said. 'In high percentages, [US residents] stand on the side of privacy advocates.'"

Ars has a review of recent research, and a summary of the history, in the field of reidentification — identifying people from anonymized data. Paul Ohm's recent paper is an elaboration of what Ohm terms a central reality of data collection: "Data can either be useful or perfectly anonymous but never both." "...in 2000, [researcher Latanya Sweeney] showed that 87 percent of all Americans could be uniquely identified using only three bits of information: ZIP code, birthdate, and sex. ... For almost every person on earth, there is at least one fact about them stored in a computer database that an adversary could use to blackmail, discriminate against, harass, or steal the identity of him or her. I mean more than mere embarrassment or inconvenience; I mean legally cognizable harm. ... Reidentification science disrupts the privacy policy landscape by undermining the faith that we have placed in anonymization."

pacergh writes "Many legal commentaries on virtual property argue that it should exist. Others argue why it can exist. None seem to explicitly spell out what virtual property will look like or how it will affect online worlds. Lost in the technology love-fest are the problems virtual property might bring. The Virtual Property Problem lays out a model for what virtual property might look like and then applies it to various scenarios. This highlights the problems of carving virtual property out of a game developer's rights in his creation. From the abstract: '"Virtual property" is a solution looking for a problem.' The article explains the 'failure of property rights to benefit the users, developers, and virtual resources of virtual worlds.'"

pacergh writes "Many legal commentaries on virtual property argue that it should exist. Others argue why it can exist. None seem to explicitly spell out what virtual property will look like or how it will affect online worlds. Lost in the technology love-fest are the problems virtual property might bring. The Virtual Property Problem lays out a model for what virtual property might look like and then applies it to various scenarios. This highlights the problems of carving virtual property out of a game developer's rights in his creation. From the abstract: '"Virtual property" is a solution looking for a problem.' The article explains the 'failure of property rights to benefit the users, developers, and virtual resources of virtual worlds.'"

Nearly a year after we discussed the privacy implications of Flash cookies, they are in the news again as the US government considers revising its cookie policy. Wired covers a study out of UC Berkeley exposing questionable practices used by many of the Internet's most-visited Web sites (abstract). The most questionable activity the report exposes is known as "respawning": after a user has deleted browser tracking cookies, some sites will use information in Flash cookies to recreate them. The report names two companies, Clearspring and QuantCast, whose technologies reinstate cookies for other Web sites. "Federal websites have traditionally been banned from using tracking cookies, despite being common around the web — a situation the Obama administration is proposing to change as part of an attempt to modernize government websites. But the debate shouldn't be about allowing browser cookies or not, according Ashkan Soltani, a UC Berkeley graduate student who helped lead the study. 'If users don't want to be tracked and there is a problem with tracking, then we should regulate tracking, not regulate cookies,' Soltani said."

malkavian writes "This community has complained long and loudly about the very one-sided approach to copyright, and the not-so-slow erosion of the public domain. On top of the corporate lobbying to remove increasingly larger parts of the public domain, there is now an growing pattern whereby works are directly taken from the public domain and effectively stolen by a single company leveraging protections provided under copyright law. The Register's article is based on a paper by Jason Mazzone at the Brooklyn Law School, which starkly details the problems that are now becoming evident as entities grab control over public domain works. The paper proposes some possible solutions, such as amending the Copyright Act. From the abstract: 'Copyright law itself creates strong incentives for copyfraud. The Copyright Act provides for no civil penalty for falsely claiming ownership of public domain materials. There is also no remedy under the Act for individuals who wrongly refrain from legal copying or who make payment for permission to copy something they are in fact entitled to use for free. While falsely claiming copyright is technically a criminal offense under the Act, prosecutions are extremely rare. These circumstances have produced fraud on an untold scale, with millions of works in the public domain deemed copyrighted, and countless dollars paid out every year in licensing fees to make copies that could be made for free.'"

lousyd writes "Volokh has hosted a paper by George Mason University law professor Adam Mossoff on the patent fracas a century and a half ago surrounding the sewing machine. A Stitch in Time: The Rise and Fall of the Sewing Machine Patent Thicket challenges assumptions by courts and scholars today about the alleged efficiency-choking complexities of the modern patent system. Mossoff says that complementary inventions, extensive patent litigation, so-called 'patent trolls,' patent thickets, and privately formed patent pools have long been features of the American patent system reaching back to the antebellum era."

Techdirt has an interesting look back at some of the more interesting predictions on copyright. The article looks at two different pre-DMCA papers and compares them to what has happened in the world of copyright. "The second paper is by Pamela Samuelson, and it discusses (again, quite accurately) the coming power grab by "copyright maximalists" via the DMCA, entitled The Copyright Grab. It clearly saw the intention of the DMCA to remove user rights, and grant highly questionable additional rights and powers to copyright holders in an online world. Samuelson lays out many concerns about where this is headed -- including how these proposals appear to trample certain fair use rights -- and in retrospect, her fears seem to have been backed up by history. Samuelson, by the way, has just written a new paper that is also worth reading pointing out how ridiculous current copyright statutory rates are -- an issue of key importance in the ongoing Tenebaum lawsuit, which (thankfully) the judge in the case is going to consider."

olddotter writes "A 24-page paper on a reverse brain drain from the US back to home countries (PDF) is getting news coverage. Quoting: 'Our new paper, "America's Loss Is the World's Gain," finds that the vast majority of these returnees were relatively young. The average age was 30 for Indian returnees, and 33 for Chinese. They were highly educated, with degrees in management, technology, or science. Fifty-one percent of the Chinese held master's degrees and 41% had PhDs. Sixty-six percent of the Indians held a master's and 12.1% had PhDs. They were at very top of the educational distribution for these highly educated immigrant groups — precisely the kind of people who make the greatest contribution to the US economy and to business and job growth." Adding to the brain drain is a problem with slow US visa processing, since last November or so, that has been driving desirable students and scientists out of the country.

dcblogs writes "The federal government's data-sharing efforts are a mess, and if Barack Obama really wants a useful 'Google for government,' he would have to set the government's vast amount of data free by exposing it and ensuring it complies to standards. Once that happens, commercial sites, aggregators, bloggers and everyone else will be able to access it, use it and transform it, argue a group of Princeton researchers (follow Download link for full PDF)."

smellsofbikes writes "This week's New Yorker magazine has a financial article, 'The Permission Problem,' discussing the hidden cost of patent, trademark and copyright laws. It's a subject anyone here already knows well, but he brings up two interesting points: 1) He uses the term 'tragedy of the anticommons.' Instead of depletion of a shared resource, this describes under-use of hoarded resources: areas that can't be explored because they're encumbered by patent/copyright issues. As he points out, the result of this is an invisible loss: drugs not made, software not written. The loss is impossible to quantify and difficult to see. I like the term 'tragedy of the anticommons' because it encapsulates a long-winded explanation into a pithy, memorable phrase that will stick with people unfamiliar with the topic. 2) He also cites a study by Ben Depoorter and Sven Vanneste that discusses why anticommons effects are seen, beyond mere competition. Individual right holders value their contribution to the overall project as a significant fraction of the project value, so if there are more than three or four right holders, their perceived value can far exceed the total value of the project, making it uneconomical."

privacyprof writes "Slashdot readers familiar with Professor Daniel J. Solove's essay, 'I've Got Nothing to Hide and Other Misunderstandings of Privacy,' might be interested in his new book, Understanding Privacy, which develops many of the ideas in that essay. As rapidly changing technology makes information increasingly available, there has been a great struggle to define privacy, with many conceding that the task is virtually impossible. The book argues there are multiple forms of privacy, related to one another by 'family resemblances.' It explains the framework for understanding privacy which was briefly discussed in the 'Nothing to Hide' essay. The book covers the framework in greater depth and explores how it applies to a wide array of privacy issues, such as data mining, surveillance, data security, and consumer privacy. Chapter 1 is available for free download."

I Don't Believe in Imaginary Property writes "The Pro-IP Act has passed the Judiciary Committee unanimously, thanks to the support of committee chairman Rep. John Conyers (D-MI). We've discussed this before — it's the same bill which would create copyright cops with the power to seize computers, when powers like that have been systematically abused in other areas. But, apparently, they think the bill is just wonderful now, simply because they cut the provision that would've increased statutory damages while keeping the rest. This is the same bill that William Patry called the 'most outrageously gluttonous IP bill ever introduced in the US.'" While we're on the subject of intellectual property, Canadian law professor Michael Geist gave a talk on Monday about "copyright myths."

background image writes "According to Alan M Gershowitz, the doctrine of "search incident to arrest" may allow devices such as mobile phones, PDAs and laptops to be thoroughly searched without either probable cause or warrants [PDF download below abstract]. Incriminating evidence found in such searches may be used against you whether or not it is germane to the reason for the original arrest. He notes, 'Obviously, the framers of the Fourth Amendment could not have conceived of a handheld technological device like the iPhone, and courts have not yet been called upon to answer most of the difficult questions posed by such devices.' We've discussed similar search issues recently, as well as other privacy concerns related to modern technology.

belmolis writes "If the CIA is right to attribute recent blackouts to cyberwarfare, cyberwarfare is no longer science fiction but reality. In a recent op-ed piece and a detailed scholarly paper, legal scholar Duncan Hollis raises the question of whether existing international law is adequate for regulating cyberwarfare. He concludes that it is not: 'Translating existing rules into the IO context produces extensive uncertainty, risking unintentional escalations of conflict where forces have differing interpretations of what is permissible. Alternatively, such uncertainty may discourage the use of IO even if it might produce less harm than traditional means of warfare. Beyond uncertainty, the existing legal framework is insufficient and overly complex. Existing rules have little to say about the non-state actors that will be at the center of future conflicts. And where the laws of war do not apply, even by analogy, an overwhelmingly complex set of other international and foreign law rules purport to govern IO.'"

YIAAL writes "Two lawyers from the Berkeley Center for Law and Technology look at the Sony BMG Rootkit debacle: 'The Article first addresses the market-based rationales that likely influenced Sony BMG's deployment of these DRM systems and reveals that even the most charitable interpretation of Sony BMG's internal strategizing demonstrates a failure to adequately value security and privacy. After taking stock of the then-existing technological environment that both encouraged and enabled the distribution of these protection measures, the Article examines law, the third vector of influence on Sony BMG's decision to release flawed protection measures into the wild, and argues that existing doctrine in the fields of contract, intellectual property, and consumer protection law fails to adequately counter the technological and market forces that allowed a self-interested actor to inflict these harms on the public.' Yes, under 'even the most charitable interpretation' it was a lousy idea. The article also suggests some changes to the DMCA to protect consumers from this sort of intrusive, and security-undermining, technique in the future."

FreetoCopy writes "Teenagers downloading music may not be the worst copyright offenders. See this item (available for download in PDF file with free registration) about the growing problem of copyfraud — in which publishers, archives, and distributors make false claims of copyright to shut down free expression. From the paper: 'Copyfraud is everywhere. False copyright notices appear on modern reprints of Shakespeare's plays, Beethoven's piano scores, greeting card versions of Monet's Water Lilies, and even the US Constitution. Archives claim blanket copyright in everything in their collections. Vendors of microfilmed versions of historical newspapers assert copyright ownership. These false copyright claims, which are often accompanied by threatened litigation for reproducing a work without the owner's permission, result in users seeking licenses and paying fees to reproduce works that are free for everyone to use...'"

privacyprof writes "One of the most common responses of those unconcerned about government surveillance or privacy invasions is 'I've got nothing to hide.' According to the 'nothing to hide' argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The 'nothing to hide' argument is quite prevalent. Is there a way to respond to this argument that would really register with people in the general public? In a short essay, 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy, Professor Daniel Solove takes on the 'nothing to hide' argument and exposes its faulty underpinnings." At the base of the fallacy, as Bruce Schneier has noted, is the "faulty premise that privacy is about hiding a wrong."

Several readers wrote to tell us about a groundbreaking study reported in Computerworld. Researchers at Boston University and MIT analyzed how IT makes people more productive at an individual level. They gathered more than 125,000 email messages, 5 years of project data, and survey responses to see what factors predicted revenue generation and completed projects. Abstracts for the original articles are available. Among the surprises: IT didn't necessarily make projects faster but it did dramatically increase productivity by facilitating multitasking; and IT-supported social networks predicted productivity better than experience did.

Several readers wrote to tell us about a groundbreaking study reported in Computerworld. Researchers at Boston University and MIT analyzed how IT makes people more productive at an individual level. They gathered more than 125,000 email messages, 5 years of project data, and survey responses to see what factors predicted revenue generation and completed projects. Abstracts for the original articles are available. Among the surprises: IT didn't necessarily make projects faster but it did dramatically increase productivity by facilitating multitasking; and IT-supported social networks predicted productivity better than experience did.

giorgiofr writes "Laura Frieder and Jonathan Zittrain have analyzed pump n' dump spam activity in their paper 'Spam Works: Evidence from Stock Touts and Corresponding Market Activity'. Unbelievably, it appears that spammers are able to achieve a 5% gain on pumped stock before dumping it, along with a dramatic increase in transaction volume of the stock. From the synopsis: ' We suggest that the effectiveness of spammed stock touting calls into question prevailing models of securities regulation that rely principally on the proper labeling of information and disclosure of conflicts of interest to protect consumers, and we propose several regulatory and industry interventions. Based on a large sample of touted stocks listed on the Pink Sheets quotation system, we find that stocks experience a significantly positive return on days prior to heavy touting via spam. Volume of trading responds positively and significantly to heavy touting.'"

An anonymous reader writes "A recent study on spam has revealed that spammers see a return between 4.9% and 6% when selling stocks they have bought low and spammed the world with." From the article: "The researchers say that approximately 730 million spam e-mails are sent every week, 15% of which tout stocks. Other estimates of spam volumes are far higher. The study, by Professor Laura Frieder of Purdue University in the US and Professor Jonathan Zittrain from Oxford University's Internet Institute in the UK, analysed more than 75,000 unsolicited e-mails. All of the messages touting stocks and shares were sent between January 2004 and July 2005."

An anonymous reader writes "While Firefox broke the 50,000,000 barrier today, the RIAA broke a more dubious barrier this week: It has now sued over 10,000 file sharers for copyright infringement, making it a good time to ask if the RIAA will ever throw in the towel. Taking an academic look at what's best for the industry, this economics article shows the financial upside to P2P file sharing. And on the flip side, this legal article argues that file swappers have a constitutional right to pay much smaller penalties than the millions of dollars they can be liable for under copyright law, making the RIAA's lawsuits much less profitable."

An anonymous reader writes "While Firefox broke the 50,000,000 barrier today, the RIAA broke a more dubious barrier this week: It has now sued over 10,000 file sharers for copyright infringement, making it a good time to ask if the RIAA will ever throw in the towel. Taking an academic look at what's best for the industry, this economics article shows the financial upside to P2P file sharing. And on the flip side, this legal article argues that file swappers have a constitutional right to pay much smaller penalties than the millions of dollars they can be liable for under copyright law, making the RIAA's lawsuits much less profitable."

sakul writes "Came across an article in the Stanford Law Journal that proposes 'marking' patented software to make the patents obvious to the public and to force large companies patenting software "to play by the same rules as holders of other kinds of patents." Interesting but technical read. Could this be a solution to some of the ever growing problems with software patents?" (Stephen Lindholm, the author of the paper, has provided a link to the paper itself, as well.) On the same topic, karvind writes "Gavin Hill, a film graduate, has produced and directed an interesting animated film on How Software Patents Actually Work. It's explaining the dangers of software patents and how they affect you and your business."

We posted earlier this week that the FBI has officially dropped Carnivore, its "privacy respecting" eavesdropping program. Now reader Throtex writes "Professor Orin Kerr at the George Washington University Law School, a member of the Volokh Conspiracy discusses why Carnivore came to be in the first place and why it really was terminated (about two years ago). Essentially, the media (as usual) got a bit carried away with a non-story: Carnivore was designed to protect your rights from being invaded while sniffing only suspect data. Carnivore was dropped because, as of two years ago, the available tools met the necessary privacy standards, as Prof. Kerr noted in his article about the PATRIOT Act published at the time."

An anonymous reader writes "In a recent article, Stanford Law Professor Mark Lemley argues that intellectual property is not 'property' in the traditional sense. According to Lemley, while 'free riding' off of someone else's land or other physical property rights is always undesirable, freely benefitting from someone else's intellectual property rights is often the best way to form a free and creative society. Lemley's distinction also points to the unusual fact that in IP, traditional liberals are often calling for less and less government, while conservatives demand regulation in order to protect their exclusive right to use their intellectual creations."

Kurt writes "A team from the University of Michigan is proposing an economic solution to spam. Instead of relying on technical solutions or government regulations, they use a sender warranty system. In some cases, they argue, it can even be superior to a perfect filter with zero cost, and no errors. Their working paper is available at SSRN. With the caveat that some infrastructure is necessary (isn't it always?), they also claim their approach restores control to the recipient, halts spam, and creates a marketplace for valuable information exchange."

Cranial writes "Sony Interactive expressly forbids the selling of Everqest or Everquest II ingame items or characters for money, but why? Imagine Massively Multiplayer Games where you can actually cash out your loot in the real world. What if that jewel in the dragon hoard was actually a digital title for the Hope Diamond or a real ancient artifact? This article on Programmers Heaven proposes a new economic model for MM games allowing free exchange of game money and items in the real world. Essentially it is a hybridization between online gaming (casino) and MM roleplaying games. Fascinating concept."

scubacuda writes "Cal State Fullerton's Edward Castronova (who recently wrote an excellent analysis of gender inequality between male and female Everquest avatars) has just updated his notes on 'Hacker Court', a mock trial held at Vegas' Black Hat Conference on whether virtual items destroyed during the hack of an online video game constituted real loss. 'No verdict was reached, but the jury and audience agreed that the damages were real,' says Castronova."

Obscure Economist writes "The Social Science Research Network has just posted a new paper of mine that follows up on some issues from a previous paper I wrote about MMORPG Everquest's economy. The new paper asks: If two equivalent avatars were being offered for sale, and the only difference was that one was male and the other female, which one would have the higher price? As it turns out, female avatars sell for about 10 percent less than male avatars, holding all other characteristics equal. Most gamers are men, so this seems to suggest that men do not like being treated like women. Of course, just why that is, and what it might mean in a broader context, is open to debate."

Obscure Economist writes "The Social Science Research Network has just posted a new paper of mine that follows up on some issues from a previous paper I wrote about MMORPG Everquest's economy. The new paper asks: If two equivalent avatars were being offered for sale, and the only difference was that one was male and the other female, which one would have the higher price? As it turns out, female avatars sell for about 10 percent less than male avatars, holding all other characteristics equal. Most gamers are men, so this seems to suggest that men do not like being treated like women. Of course, just why that is, and what it might mean in a broader context, is open to debate."

Greg Lastowka writes "In light of yesterday's spirited discussion of the Shadowbane hack, I thought folks might be interested in this forthcoming article about the laws of virtual worlds. The article has three parts: 1) a history of virtual worlds (e.g. Space War --> MMORPGs), 2) a theoretical analysis of whether virtual world "property" can/should be treated as legal property, and 3) an analysis of whether virtual worlds can/should give rise to any other legal rights, i.e. rights of avatars -- an idea first floated by Raph Koster. I realize there are plenty of strongly-held and divergent opinions on this, so hopefully this might add to the ongoing conversation. Also, we're revising this for publication over the summer, so we will be reading the comments for any corrections/insights/humor that we can incorporate into our revisions."

SDuane writes "Orin S. Kerr, Associate Professor at George Washington University Law School, has written an article trying to answer the question "what does it mean to 'access' a computer? And when is access 'unauthorized'?" It's long, but interesting and he's looking for feedback."

gummint writes "After contemplating the blogsphere and pondering whether "diversity plus freedom of choice creates inequality", consider an old-media domain name: the one your parents gave you. How did they choose it? How many other persons have the same one? Get some facts, or a lot of facts. Or just comment anyway. The good news is that the extent of inequality can change massively over time: the popularity of the most popular given names has decreased dramatically since the Industrial Revolution."