The only troubling thing here--and it is quite troubling--is that they conducted inspections "at the order of" the RIAA.
I believe the article explicitely said, "...at the behest of..." This is hardly the same thing. From the article, it appears that the RIAA sent a blanket letter to several dozen universities about the ongoing problems of illegal MP3 distribution. CMU, upon receiving this, decided to stop turning a blind eye to it and start enforcing their school policies against violating copyright laws.
We don't know the contents of those letters, but it surely wasn't anything specific. It probably outlined the RIAA's concern over MP3's and how common it was to find these things distributed from university ethernet hosts. CMU took the next logical step.
If I were a university, I would be more concerned with my image of harboring a bunch of l33t MP3/warez-trading kids in my dorms than being overzealous in my *internal* conflict/legal resolution methods.
You expect your university to cover for you when you do illegal things? There's no reason CMU would *not* want to accomodate the RIAA here. If I were running a university, and I was told a bunch of my students were breaking the law, I would naturally try to help locate and bring them to justice. I wouldn't go off and say "OK, we'll look into it," and then snicker quietly as I let my students continue breaking copyright law.
Universities tend to turn a blind eye to this sort of thing, much to the charign of developers and other copyright holders, but I would *certainly* expect a university to follow up and do something about a legitimate and explicit complaint.
Where did you hear this? As far as I can tell, the only "guessing" that was done was by a human, and for trivial things like a password of "mp3". This is hardly as evil as you seem to want to make it out to be.
If I put a password on it, of any kind, be it easy or hard, I'm denying that permission. For a school to come into my system, basically hack it (guessing passwords is the oldest form of hacking), then they are breaking the law. Period. Criminal Trespass. Illegal Search (possibly). Definitly a rights violation.
Not quite.
Intent to restrict access is a vital point in any 'password-protected' defense against CMU's actions. By using a password of 'mp3' (which most people recognize as the password to use when attempting to access MP3 resources) or by placing the password in a README file, you are making it clear that you have no intention to restrict access to your MP3 files. For that reason, the data can be legally classified as 'public'.
see above, if i can guess it, so can the hackers and the RIAA... but i believe this is tresspassing, and akin to picking a lot and saying 'it was a crappy lock', which is clearly illegal... CMU went too far here...
Just because somebody puts a password of 'mp3' on their share does *not* mean it's classified as private/password-protected. This is a very typical and normal way of setting up MP3 shares on anonymous FTP sites or Windows shares and, in my opinion, is essentially the same as "public access."
Don't think of it as a crappy lock, think of it as a code-word required for entry that's general knowledge. If the students really were protecting their files, they'd have used a real password. Their intent was to set it up for public access, which tips the scales against them. I believe there is a legal definition for 'password protected', and the intent of the owner to restrict access is a requirement. This is not the case here.
like some other schools, this email should have been sent out before the event, so that the kids would not have publicly shared the stuff!
At my previous university, in order to get campus ethernet, you had to agree to terms and conditions that required, in part, compliance with copyright laws. This should have been adequate warning. Just because some of your l33t hax0r mp3 friends are doing it and not getting caught doesn't mean you won't get caught either. You will have a hard time finding any of those students that didn't know what they were doing was illegal.
Not to sound evil here, but the university can do whatever the hell they like with their network connections. They don't *have* to have any proof of wrong-doing to nuke a connection. If they were in fact overzealous in their efforts, they were no doubt trying to send a "message" to the rest of the student body that these things won't be tolerated. The students in question will probably have their connections restored in short order.
I don't know what it is, but most every major "standard" differs between EU and the US, and to be honest, it tends to seem like the EU versions are much better than what we've come up with.
We have so little ability to determine with any accuracy exactly how and where which nerves are stimulated to trigger muscle movement in all the different ways, and these are pretty much unique between different people, so one person's "recording", not only would only work for that one person, but only at that one moment. It'd be nearly impossible to reconnect the equipment so as to stimulate each of the neurons in precisely the same way they were stimulated last time. You'd have to re-do the recording.
In it's current form I can't see it being particularly useful, but if his work is successful, it could open quite a lot of doors for experimenters to more accurately determine how to effectively stimulate nerves so as to produce a desired movement.
Or act as a "circuit breaker" of sorts to, for example, domestic abusers. Whenever they became enraged, the chip could immobilize their limbs, preventing them from harming another human.
Of course if the guy gets into a fight, this is a sure bet he's going to lose it. What if he were attacked? Robbed? Got a bit of road rage? Immobilized limbs in the middle of rush hour traffic probably isn't a good thing.:)
there is then an emotional attachment that permeates our perspective.
Speak for yourself.. I'm aware of what our constitution is for, our Bill of Rights, and exactly what the First Amendment was meant for. None of this holds any sort of "emotional" attachment for me. I would fight any attempt to rescind them, but I hardly swell up with teary pride when I hear the national anthem.
"Freedom of Speech" applies to the government. Everything else is simply a business decision.
By choosing to regulate some of the posts, Yahoo! is now legally responsible for all of them.
This is inaccurate. An information provider can regulate content upon being made aware of potential illegalities without making them instantly liable for all content they provide. So long as they respond in good faith and in a reasonable amount of time to complaints about certain posts, they're fine. This doesn't change a thing for Yahoo.
This is also hardly "new." Most (all?) message boards like this regulate their content in precisely the same way. Some may only remove stuff after an official request. Some may remove even potentially illegal material, and other may just remove everything they don't like. These are simply business decisions. They're perfectly aware that some policies will favor some people will making them look bad to others. This is hardly a free speech or ethics issue.
The only made up statement in this thread is the contention that they don't store the data. First, they have to store the data in order to analyze it, unless they are doing it in real-time.
And what's so hard to believe about that? Read the data from the client, figure out aggregates from that data, store said aggregates. It's efficient, and precisely how I'd have designed it. And I'm not trying to speak for RealNetworks by saying they're not storing it, I'm saying the assertion that they *do* store all of this relatively private information *was* made up by Slashdot posters. This simply does not fit the facts in the article or by RealNetworks' statements.
Second, why chance losing valuable customer data to system failure, when they can easily keep a back-up copy.
What does this have to do with anything? I agree, database backups of customer information is probably a good thing.
Third, how almost immeasurably profitable is individualized data on music preferences as a marketing tool?
How much more valuable is a person's name and a list of CD's and MP3's than aggregate statistics about a given user? If it's just marketing reasons you want this data, aggregate statistics will suffice quite nicely, pointing the service to a given user's preferred musical tastes. That's all you need to market to that user effectively.
With RN's history of aggressive product spamming...
Looks like you've been reading Slashdot comments instead of the articles. THIS is precisely what I'm trying to combat here.
RealNetworks was added to the RBL because they refused (or did not act in good faith) to add an authentication layer in their e-mail address collection methods. So people signing up for a RealNetworks product would put in some bogus e-mail address, and leave the checkbox marked "Send me e-mail from RealNetworks and advertisers" checked. Unfortunately, quite a few of those "bogus" e-mail addresses turned out to be in use by real people, who didn't appreciate the e-mail. "Aggressive product spamming" this is not. RealNetworks was simply sending out advertisements to people that had explicitely requested them. It's hardly their fault that other people were putting in somebody else's address, but I do understand the stance that the RBL took because RealNetworks wouldn't implement a method of checking the validity of messages before adding that address to their mailing lists.
As the article says, every time RealJukebox is started it sends
Sends, not stores. Please read a bit more carefully. Nowhere did the article state in any sort of factual manner that the data sent by the client was being archived at RealNetworks. According to repeated statements by RealNetworks, this information is analyzed in an aggregate form, which is consistent with all of the information we have.
Again, the entire bit about archiving all of this information was MADE UP by posters on Slashdot, and you bought it like a loyal Slashdot sheep.
For some reason it is custom for posters on Slashdot to automatically assume that just because a technology is available to a company, that company will exploit said technology to its fullest, regardless of the potential PR mess it would cause, regardless of the laws they would be breaking in the process, and regardless of the monetary loss it would incur because it's just not FEASIBLE to do it. This automatic assumption is what I'm trying to combat here, because it truly depresses me. I would really hate to work in PR or in an executive branch of any corporation, simply because of this type of FUD that I would have to regularly combat.
If a company as big as RealNetworks were TRULY doing something as evil as this, don't you think their employees would think of it as evil too? Don't you think one or two of them might step up anonymously and mention that yes, RealNetworks is doing evil things? Or do you just assume that RealNetworks picks loyal employees very carefully?
In fact, they have blatently and I'm sure even you'd agree deliberately denied that they were doing so until they got caught red-handed
In order to deny something, they'd have to have been approached with it. This is the first I've heard of it, and the only response on RealNetworks' part is that the data is being used only in an aggregate fashion. Are they trying to "save face" and lie to everyone (at the risk of being caught by said ethical employees and exposed), or are they trying to desperately clean up their own mess because they weren't expecting the kind of response to something they considered relatively benign?
How you could trust a single word they say after they deliberately left the little bit about the spying out of both their privacy statement and the EULA for RealJukebox boggles the mind.
Probably because I don't think of this as spying in the least. Posted privacy statements tend to talk about how information is collected and stored. The absense of details concerning information that's analyzed "on-the-fly" and discarded (as seems to be the case here) wouldn't necessarily appear in a privacy statement, and it makes no sense at all to have it in the EULA, so I fail to see the cause of your enormous distrust here.
Again (and I thought I had made this clear), I'm not trying to say RealNetworks isn't in the "right" here. I think they should have most certainly informed the users that this information was being analyzed, explained just how it was being used, and given users the option to back out of it (or sign up for it to begin with).
What *I*'m trying to object to is the ENORMOUS anti-corporate bias that exists in these YRO threads. It truly saddens me that whenever a company is "caught" doing something even *potentially* privacy-invading, all of the privacy wackos come out of the Slashdot woodwork and suddenly that corporation is the most evil entity on the planet. Everyone assumes that they're doing the worst and proceeds to bash them on that basis. I am simply trying to point out what is fact here and what is sheer paranoia/conspiracy theory on the part of Slashdot kids.
Contrary to what you may think, there *are* companies out there run by honest folks that DO have quite a lot of integrity, and I pity the day when somebody finds something mildly "interesting" about something they're doing and they end up having to fight an uphill PR battle (with the burdon of proof on them) to explain how benign that thing really is.
Let's say you have a hypothetical company. This company wishes to distribute free software and collect statistics about the nature of each user so you can target banner advertisements at them and generally give them good music selections when they ask for recommendations. So they come to you, ask you to design the system (disregarding any 'ethical' issues that you may have about collecting this sort of thing). Everyone knows that it'd be a big violation of privacy if they monitored and stored information about each MP3 and CD, and the resulting PR mess would be horrendous indeed, so you're instructed not to save this information and just try to make some associations about the genres and related music.
So you go off and implement it. A while later, somebody discovers that this information is being sent back to your back-end system and starts throwing privacy fits.
1. How would you explain to them in a believable way that you DID make every effort to ensure their privacy?
2. Since they didn't believe your answer in #1, what would you do to try and get your clients' trust back?
3. Would you have done any differently when implementing this system? (The cop-out answer of, "I wouldn't have agreed to do it," is not valid.)
Answers:
1. Try to put out statements and/or press releases that explained exactly how the data was used and how the company has had consumer privacy in perfect mind during the entire design process.
2. Release a software update that would disable the collection of statistics.
3. ?
It's a lose-lose situation. Even if RealNetworks had no evil intentions to begin with, none of you are going to even acknowledge the fact that this might be a possibility. In your mind, they're just another evil corporation, and that's truly sad.
Hmmm, perhaps to compute top 10 CD lists by various demographics
You don't need to store the association of a preference for a particular CD with a particular user. When a user plays a certain MP3 or CD, if it's a popular one, it would likely just increment a popularity counter. No sensitive data would need to be stored in this case.
To be able to perform this retroactively when they have a new demographic they want to check.
Perhaps. I won't deny that this is a potential use, but it seems to me that there would have to be a tremendous amount of work building such a database for gain such as this. Plus, it runs counter to their posted privacy policy and is precisely the PR attention they'd rather avoid (see current issue).
Having all the specific data is lots more useful than just having some aggregate numbers.
I disagree in this case, not that it isn't useful, but for 95% of their marketing needs, aggregate statistics suffice perfectly. It doesn't seem logical for them to take such a huge PR risk and devote so much time and money to creating a database so as to squeeze out that last bit of information.
There is every reason to believe that companies will keep as much data as they can, simply because it's cheap and it could come in useful someday. Why not keep it?
Precisely because of the issue this thread is bringing up. People don't like it. Companies like RealNetworks can afford to hire lots of legal and PR folks. If the company is steering towards a policy that, if made public, would make the company look INCREDIBLY bad (as all of the examples you indicate would do), these paid people would step up and say, "Umm, no that's probably not a good idea."
Not only do they have to avoid doing stuff like that, but now they have to worry about the impression everything leaves on people. You can bet the PR folks at RealNetworks are smacking their heads. They simply did not anticipate the public outcry against what they were doing, and don't know how to get the public to understand precisely what it is they were doing with that information without the public saying, "Well, you could be lying! We never trust evil corporations, and if everyone says you're evil, then you must be evil!" The privacy activists have made up their mind that RealNetworks is storing every little detail about the stuff you listen to, are planning on selling that data to people like RIAA and are generally trying to wreck your life like every other company they've shouted "Boycott!" every few weeks at, and RealNetworks is stuck with the burdon of proof. It's truly a sad state of affairs, and it's precisely this sort of knee-jerk reactionism and total faith in the mass media and your fellow privacy activists that causes it.
And your ISP is probably logging all of your web IP packets so they can compile lists of your favorite porn sites so they can sell that to X-rated marketers, cause that's pretty valuable information..
And your local supermarket is compiling a list of the types of condoms and personal lubricants you buy so they can run it through a neural network processor and figure out which of its customers are gay so they can sell the list to marketers who specialize in homosexual literature and products.
Theoretically these things can happen, but they don't.
BTW, if it wasn't interesting, why would Real bother collecting it? So they could see how many people liked country? Come on...
Yep. I assert this is precisely why the information is useful to RealNetworks. If client #341481234 signs on and requests a new advertisement from RealNetworks to show in that nifty little advertisement banner, RealNetworks looks up client 341481234 and discovered that there's a huge preference for country music, so they're a lot more likely to select a country music-related advertisement than a techno one. This falls totally within the logical framework of RealNetworks and their posted privacy policy, their repeated statements about this entire issue, and their past behavior. The whole storing of personal information stuff was all made up by Slashdot posters and is in no way based on the facts.
egregiously does NOT mention the fact that they log every CD and mp3 you play from your own computer--we can pretty easily conclude that this is a deliberate secret.
Did you ever stop to consider that this isn't listed on their privacy notice because they DO NOT, IN FACT, DO THIS?
This whole bit about logging every CD and MP3 played was MADE UP BY UNINFORMED SLASHDOT KIDDIES in this thread. There is absolutely no basis in fact for this assumption that I have read. In fact, RealNetworks goes so far as to point out that this information is NOT stored. It is simply sent, analyzed, and whatever aggregate information (genre, for instance) is gleamed from it.
What possible motive would they have for logging every single CD and MP3 you download and listen to? It doesn't serve them a single bit, except to waste VOLUMES of hard disk space. The only thing useful out of this information is the aggregate information such as the type/genre of music people listen to, which is most likely what they use it for. Now, whether or not this in itself is a violation of privacy is an entirely different debate, and one I'm not going to get into.
A)Automatically trust him to be telling the truth and B)Say "ah, that's all right then" and wander away without even wondering WHY they were practicing, and more importantly, why on you?
I would do neither. I'd investigate, certainly, but I'd hold short of trying to beat the crap out of him or call my local legislature and ask them to pass laws that forbids people from taking photographs of me in public. If I asked him and he said he was a photographer for the Daily News, and was just out checking how popular the new restaurant that just opened was, I'd believe him, certainly.
we have something at the same level as MS's "UID" namestamp from Office97, and most people agree that that was beyond the allowable.
I guess this is just a difference of opinion here. I agree that this is somewhat similar to the Office GUID thing, but I disagree that either issue merits the attention.
Companies keep clients by keeping the client's trust. If they abuse that trust, or do something pretty stupid (as seems to be the case here), they lose clients. It's not good business sense to act in a way that alienates your very clients, and it *certainly* doesn't pay to do so with evil motives, because things like this always get exposed in the long run (by faithful privacy "activists"). THIS is why I give companies the benefit of the doubt in these cases. Yes, I agree that RealNetworks should have somehow disclosed the fact that this data were being sent back for the purposes of aggregation and analysis, but I do NOT agree that RealNetworks was acting with malicious intent. It was probably just a communications problem or poor decision-making between their various departments.
There isn't some dark room back in the basement of the RealNetworks headquarters with a dozen executives sitting at a table saying to themselves, "Drats! Foiled again by the privacy activists! We must find another way to invade the privacy of our 'loyal' customers so we can continue to be an evil company!" More likely, people are being scolded for not having mentioned this "feature" of the software to consumers. It's a PR mess, certainly, and I can only hope that RealNetworks and similar companies will learn from their mistake.
So it seems to me that if you guys want this issue resolved, inform RealNetworks of your opinion (though I imagine they're already aware of it), and wait for RealNetworks to respond.
You make some fair points, but I feel I should respond to this bit:
"David Banisar, a lawyer...who specializes in internet law, said that RealNetworks' surveilance practices could violate various state and federal statutes..."
That's not lack of courtesy, that's lawbreaking.
No, it's not. It's one lawyer mentioning that there was the *possibility* of a violation of law. That's the job of a lawyer, to find possibilities and to take that to trial. Of course a lawyer's going to say that, especially if he knows his name will be in the papers. For all you know, the conversation could have gone like this:
reporter: So tell us: are they breaking the law? lawyer: I doubt it, but I don't have all of the facts, so I suppose there's certainly something illegal about what they're doing. reporter: Gotcha!
I would be quite surprised if this was actually the case here, and I would be very interested in how they came to that conclusion. Companies all-too-frequently collect information like this, without informing consumers, yet they are typically found to be operating within the boundaries of law. I don't see the difference here...
When you get it, but not ask for it, it is NOT fine. Period.
I was talking about ads via their software (equivalent to banner ads), not e-mail. "Period."
I did not ask for Real Network mailings of any kind (which it says so many places but one).
Neither did I, and I never get them.
The articles you quote all talk about how people keep putting bogus e-mails in their RealNetworks registration, and real live people that receive mail at those bogus e-mail addresses are complaining. If nothing else, you should be blaming the people that are putting YOUR e-mail address in the box instead of their own. THEY'RE the ones that are signing you up for e-mail from RealNetworks. RealNetworks has a little checkbox that I always uncheck that says "Send me mail about stuff." Rather than uncheck this box, they leave it checked and just put in somebody else's e-mail address.
I'm afraid I'm going to have to side with RealNetworks on this case, though I do think (as the article suggests) that they should adopt a better policy of validating e-mail addresses. I hardly think it's fair to bash them because people are putting in other people's e-mail addresses. It's clear that people feel more strongly about pushing RealNetworks into adopting this policy, to the point of using the RBL to declare them spammers, and that's fine. I don't disagree with that stance, and I hope they're successful. But I don't think RealNetworks is particularly evil one way or the other. It's all about buying into the mass media.
Nope. Everyone is pissed because the information is being gathered without your consent!
I'm not disputing this, and it doesn't have anything to do with the message I was responding to.
I totally agree with you that RealNetworks should have provided more disclosure about what it's collecting from you, but I'm seeing posts that are unfairly bashing RealNetworks because they are assuming that this information is automatically being stored in its full, verbose complete form and tied directly to your name and address, which isn't necessarily the case at all.
I'm not saying RealNetworks isn't the bad guy in this case, but they aren't acting quite as evilly as some people are saying, and it distresses me when people jump on the anti-something slashdot issue-of-the-week without doing any research on their own.
A pre-checked checkbox is kind of like a "pre-signed contract", giving you the _option_ to tear it up
By signing said contract, you are explicitely acknowledging its contents in their entirety. This is a horrible analogy to make, since legally, you can't just say, "Well, I signed it, but they shouldn't have had that clause in there from the start!" and try to back out.
I can't believe people are arguing about what the default state of the checkbox should be. They're in no way obligated to provide that checkbox. It's the same as web sites that ask you the same thing. They're doing you a favor in an effort to keep people's trust and avoid bad feelings when people start getting e-mailed crap from them when they never wanted it in the first place. They would certainly like you to check the checkbox, so they leave it checked. If you're too braindead to notice this checkbox, then you deserve what you get.
Something like RealPlayer, web pages, checkout counters, etc. No. I don't believe there is any "right to privacy" either implied or expressed.
Agreed. If you're that concerned with your privacy, it's up to you to protect it. Don't give private or confidential information to people you do not trust. Period.
I'm choosing conciously to use their product.
I think the crux of the issue is that you are choosing to use the product, yes, but you aren't making the concious choice to consent to their "monitoring".
What people fail to realize is that, in all likelyhood, this "monitoring" only ends up adjusting small numerical values that represent your aggregate interest in the various musical genres. The specifics about what albums and artists you listen to are likely forgotten immediately.
The point? I'm convinced that the whole "privacy" issue is getting blown way out of proportion especially in areas where it shouldn't really apply. YRO articles like this add to media congestion and hype, and only cloud the real issues: things like encryption laws, misuse of wiretaps and warrants, things that truly matter.
Exactly. These YRO pieces are frequented by privacy "activists" (a.k.a. whackos), and the authors themselves tend to throw in an IMMSENSELY heavy bias in their introductory description of the issue, so it is only natural to expect that the entire tone of the comments will follow that bias to a T.
Unfortunately, this has made my life a bit harder, as I am compelled by some unknown forces to try and keep things rational, based on the unbiased facts and not on the rabid reactions of people without knowledge of actual facts. It's tough work in YRO articles.
Slashdot Mirror
The only troubling thing here--and it is quite troubling--is that they conducted inspections "at the order of" the RIAA.
I believe the article explicitely said, "...at the behest of..." This is hardly the same thing. From the article, it appears that the RIAA sent a blanket letter to several dozen universities about the ongoing problems of illegal MP3 distribution. CMU, upon receiving this, decided to stop turning a blind eye to it and start enforcing their school policies against violating copyright laws.
We don't know the contents of those letters, but it surely wasn't anything specific. It probably outlined the RIAA's concern over MP3's and how common it was to find these things distributed from university ethernet hosts. CMU took the next logical step.
If I were a university, I would be more concerned with my image of harboring a bunch of l33t MP3/warez-trading kids in my dorms than being overzealous in my *internal* conflict/legal resolution methods.
You expect your university to cover for you when you do illegal things? There's no reason CMU would *not* want to accomodate the RIAA here. If I were running a university, and I was told a bunch of my students were breaking the law, I would naturally try to help locate and bring them to justice. I wouldn't go off and say "OK, we'll look into it," and then snicker quietly as I let my students continue breaking copyright law.
Universities tend to turn a blind eye to this sort of thing, much to the charign of developers and other copyright holders, but I would *certainly* expect a university to follow up and do something about a legitimate and explicit complaint.
CMU ran a password guesser to break in.
Where did you hear this? As far as I can tell, the only "guessing" that was done was by a human, and for trivial things like a password of "mp3". This is hardly as evil as you seem to want to make it out to be.
If I put a password on it, of any kind, be it easy or hard, I'm denying that permission. For a school to come into my system, basically hack it (guessing passwords is the oldest form of hacking), then they are breaking the law. Period. Criminal Trespass. Illegal Search (possibly). Definitly a rights violation.
Not quite.
Intent to restrict access is a vital point in any 'password-protected' defense against CMU's actions. By using a password of 'mp3' (which most people recognize as the password to use when attempting to access MP3 resources) or by placing the password in a README file, you are making it clear that you have no intention to restrict access to your MP3 files. For that reason, the data can be legally classified as 'public'.
As you say, "Period."
see above, if i can guess it, so can the hackers and the RIAA... but i believe this is tresspassing, and akin to picking a lot and saying 'it was a crappy lock', which is clearly illegal... CMU went too far here...
Just because somebody puts a password of 'mp3' on their share does *not* mean it's classified as private/password-protected. This is a very typical and normal way of setting up MP3 shares on anonymous FTP sites or Windows shares and, in my opinion, is essentially the same as "public access."
Don't think of it as a crappy lock, think of it as a code-word required for entry that's general knowledge. If the students really were protecting their files, they'd have used a real password. Their intent was to set it up for public access, which tips the scales against them. I believe there is a legal definition for 'password protected', and the intent of the owner to restrict access is a requirement. This is not the case here.
like some other schools, this email should have been sent out before the event, so that the kids would not have publicly shared the stuff!
At my previous university, in order to get campus ethernet, you had to agree to terms and conditions that required, in part, compliance with copyright laws. This should have been adequate warning. Just because some of your l33t hax0r mp3 friends are doing it and not getting caught doesn't mean you won't get caught either. You will have a hard time finding any of those students that didn't know what they were doing was illegal.
Not to sound evil here, but the university can do whatever the hell they like with their network connections. They don't *have* to have any proof of wrong-doing to nuke a connection. If they were in fact overzealous in their efforts, they were no doubt trying to send a "message" to the rest of the student body that these things won't be tolerated. The students in question will probably have their connections restored in short order.
I don't know what it is, but most every major "standard" differs between EU and the US, and to be honest, it tends to seem like the EU versions are much better than what we've come up with.
We have so little ability to determine with any accuracy exactly how and where which nerves are stimulated to trigger muscle movement in all the different ways, and these are pretty much unique between different people, so one person's "recording", not only would only work for that one person, but only at that one moment. It'd be nearly impossible to reconnect the equipment so as to stimulate each of the neurons in precisely the same way they were stimulated last time. You'd have to re-do the recording.
In it's current form I can't see it being particularly useful, but if his work is successful, it could open quite a lot of doors for experimenters to more accurately determine how to effectively stimulate nerves so as to produce a desired movement.
Or act as a "circuit breaker" of sorts to, for example, domestic abusers. Whenever they became enraged, the chip could immobilize their limbs, preventing them from harming another human.
:)
Of course if the guy gets into a fight, this is a sure bet he's going to lose it. What if he were attacked? Robbed? Got a bit of road rage? Immobilized limbs in the middle of rush hour traffic probably isn't a good thing.
there is then an emotional attachment that permeates our perspective.
Speak for yourself.. I'm aware of what our constitution is for, our Bill of Rights, and exactly what the First Amendment was meant for. None of this holds any sort of "emotional" attachment for me. I would fight any attempt to rescind them, but I hardly swell up with teary pride when I hear the national anthem.
"Freedom of Speech" applies to the government. Everything else is simply a business decision.
By choosing to regulate some of the posts, Yahoo! is now legally responsible for all of them.
This is inaccurate. An information provider can regulate content upon being made aware of potential illegalities without making them instantly liable for all content they provide. So long as they respond in good faith and in a reasonable amount of time to complaints about certain posts, they're fine. This doesn't change a thing for Yahoo.
This is also hardly "new." Most (all?) message boards like this regulate their content in precisely the same way. Some may only remove stuff after an official request. Some may remove even potentially illegal material, and other may just remove everything they don't like. These are simply business decisions. They're perfectly aware that some policies will favor some people will making them look bad to others. This is hardly a free speech or ethics issue.
The only made up statement in this thread is the contention that they don't store the data. First, they have to store the data in order to analyze it, unless they are doing it in real-time.
And what's so hard to believe about that? Read the data from the client, figure out aggregates from that data, store said aggregates. It's efficient, and precisely how I'd have designed it. And I'm not trying to speak for RealNetworks by saying they're not storing it, I'm saying the assertion that they *do* store all of this relatively private information *was* made up by Slashdot posters. This simply does not fit the facts in the article or by RealNetworks' statements.
Second, why chance losing valuable customer data to system failure, when they can easily keep a back-up copy.
What does this have to do with anything? I agree, database backups of customer information is probably a good thing.
Third, how almost immeasurably profitable is individualized data on music preferences as a marketing tool?
How much more valuable is a person's name and a list of CD's and MP3's than aggregate statistics about a given user? If it's just marketing reasons you want this data, aggregate statistics will suffice quite nicely, pointing the service to a given user's preferred musical tastes. That's all you need to market to that user effectively.
With RN's history of aggressive product spamming...
Looks like you've been reading Slashdot comments instead of the articles. THIS is precisely what I'm trying to combat here.
RealNetworks was added to the RBL because they refused (or did not act in good faith) to add an authentication layer in their e-mail address collection methods. So people signing up for a RealNetworks product would put in some bogus e-mail address, and leave the checkbox marked "Send me e-mail from RealNetworks and advertisers" checked. Unfortunately, quite a few of those "bogus" e-mail addresses turned out to be in use by real people, who didn't appreciate the e-mail. "Aggressive product spamming" this is not. RealNetworks was simply sending out advertisements to people that had explicitely requested them. It's hardly their fault that other people were putting in somebody else's address, but I do understand the stance that the RBL took because RealNetworks wouldn't implement a method of checking the validity of messages before adding that address to their mailing lists.
...I'm not trying to say RealNetworks isn't in the "right" here.
Err.. you know what I mean.
As the article says, every time RealJukebox is started it sends
Sends, not stores. Please read a bit more carefully. Nowhere did the article state in any sort of factual manner that the data sent by the client was being archived at RealNetworks. According to repeated statements by RealNetworks, this information is analyzed in an aggregate form, which is consistent with all of the information we have.
Again, the entire bit about archiving all of this information was MADE UP by posters on Slashdot, and you bought it like a loyal Slashdot sheep.
For some reason it is custom for posters on Slashdot to automatically assume that just because a technology is available to a company, that company will exploit said technology to its fullest, regardless of the potential PR mess it would cause, regardless of the laws they would be breaking in the process, and regardless of the monetary loss it would incur because it's just not FEASIBLE to do it. This automatic assumption is what I'm trying to combat here, because it truly depresses me. I would really hate to work in PR or in an executive branch of any corporation, simply because of this type of FUD that I would have to regularly combat.
If a company as big as RealNetworks were TRULY doing something as evil as this, don't you think their employees would think of it as evil too? Don't you think one or two of them might step up anonymously and mention that yes, RealNetworks is doing evil things? Or do you just assume that RealNetworks picks loyal employees very carefully?
In fact, they have blatently and I'm sure even you'd agree deliberately denied that they were doing so until they got caught red-handed
In order to deny something, they'd have to have been approached with it. This is the first I've heard of it, and the only response on RealNetworks' part is that the data is being used only in an aggregate fashion. Are they trying to "save face" and lie to everyone (at the risk of being caught by said ethical employees and exposed), or are they trying to desperately clean up their own mess because they weren't expecting the kind of response to something they considered relatively benign?
How you could trust a single word they say after they deliberately left the little bit about the spying out of both their privacy statement and the EULA for RealJukebox boggles the mind.
Probably because I don't think of this as spying in the least. Posted privacy statements tend to talk about how information is collected and stored. The absense of details concerning information that's analyzed "on-the-fly" and discarded (as seems to be the case here) wouldn't necessarily appear in a privacy statement, and it makes no sense at all to have it in the EULA, so I fail to see the cause of your enormous distrust here.
Again (and I thought I had made this clear), I'm not trying to say RealNetworks isn't in the "right" here. I think they should have most certainly informed the users that this information was being analyzed, explained just how it was being used, and given users the option to back out of it (or sign up for it to begin with).
What *I*'m trying to object to is the ENORMOUS anti-corporate bias that exists in these YRO threads. It truly saddens me that whenever a company is "caught" doing something even *potentially* privacy-invading, all of the privacy wackos come out of the Slashdot woodwork and suddenly that corporation is the most evil entity on the planet. Everyone assumes that they're doing the worst and proceeds to bash them on that basis. I am simply trying to point out what is fact here and what is sheer paranoia/conspiracy theory on the part of Slashdot kids.
Contrary to what you may think, there *are* companies out there run by honest folks that DO have quite a lot of integrity, and I pity the day when somebody finds something mildly "interesting" about something they're doing and they end up having to fight an uphill PR battle (with the burdon of proof on them) to explain how benign that thing really is.
Let's say you have a hypothetical company. This company wishes to distribute free software and collect statistics about the nature of each user so you can target banner advertisements at them and generally give them good music selections when they ask for recommendations. So they come to you, ask you to design the system (disregarding any 'ethical' issues that you may have about collecting this sort of thing). Everyone knows that it'd be a big violation of privacy if they monitored and stored information about each MP3 and CD, and the resulting PR mess would be horrendous indeed, so you're instructed not to save this information and just try to make some associations about the genres and related music.
So you go off and implement it. A while later, somebody discovers that this information is being sent back to your back-end system and starts throwing privacy fits.
1. How would you explain to them in a believable way that you DID make every effort to ensure their privacy?
2. Since they didn't believe your answer in #1, what would you do to try and get your clients' trust back?
3. Would you have done any differently when implementing this system? (The cop-out answer of, "I wouldn't have agreed to do it," is not valid.)
Answers:
1. Try to put out statements and/or press releases that explained exactly how the data was used and how the company has had consumer privacy in perfect mind during the entire design process.
2. Release a software update that would disable the collection of statistics.
3. ?
It's a lose-lose situation. Even if RealNetworks had no evil intentions to begin with, none of you are going to even acknowledge the fact that this might be a possibility. In your mind, they're just another evil corporation, and that's truly sad.
I wasn't talking about Hemos at all.. I just meant that the YRO section was frequented by a disproportionately large number of right-wing extremists.
Hmmm, perhaps to compute top 10 CD lists by various demographics
You don't need to store the association of a preference for a particular CD with a particular user. When a user plays a certain MP3 or CD, if it's a popular one, it would likely just increment a popularity counter. No sensitive data would need to be stored in this case.
To be able to perform this retroactively when they have a new demographic they want to check.
Perhaps. I won't deny that this is a potential use, but it seems to me that there would have to be a tremendous amount of work building such a database for gain such as this. Plus, it runs counter to their posted privacy policy and is precisely the PR attention they'd rather avoid (see current issue).
Having all the specific data is lots more useful than just having some aggregate numbers.
I disagree in this case, not that it isn't useful, but for 95% of their marketing needs, aggregate statistics suffice perfectly. It doesn't seem logical for them to take such a huge PR risk and devote so much time and money to creating a database so as to squeeze out that last bit of information.
There is every reason to believe that companies will keep as much data as they can, simply because it's cheap and it could come in useful someday. Why not keep it?
Precisely because of the issue this thread is bringing up. People don't like it. Companies like RealNetworks can afford to hire lots of legal and PR folks. If the company is steering towards a policy that, if made public, would make the company look INCREDIBLY bad (as all of the examples you indicate would do), these paid people would step up and say, "Umm, no that's probably not a good idea."
Not only do they have to avoid doing stuff like that, but now they have to worry about the impression everything leaves on people. You can bet the PR folks at RealNetworks are smacking their heads. They simply did not anticipate the public outcry against what they were doing, and don't know how to get the public to understand precisely what it is they were doing with that information without the public saying, "Well, you could be lying! We never trust evil corporations, and if everyone says you're evil, then you must be evil!" The privacy activists have made up their mind that RealNetworks is storing every little detail about the stuff you listen to, are planning on selling that data to people like RIAA and are generally trying to wreck your life like every other company they've shouted "Boycott!" every few weeks at, and RealNetworks is stuck with the burdon of proof. It's truly a sad state of affairs, and it's precisely this sort of knee-jerk reactionism and total faith in the mass media and your fellow privacy activists that causes it.
Wow, you're right.
And your ISP is probably logging all of your web IP packets so they can compile lists of your favorite porn sites so they can sell that to X-rated marketers, cause that's pretty valuable information..
And your local supermarket is compiling a list of the types of condoms and personal lubricants you buy so they can run it through a neural network processor and figure out which of its customers are gay so they can sell the list to marketers who specialize in homosexual literature and products.
Theoretically these things can happen, but they don't.
BTW, if it wasn't interesting, why would Real bother collecting it? So they could see how many people liked country? Come on...
Yep. I assert this is precisely why the information is useful to RealNetworks. If client #341481234 signs on and requests a new advertisement from RealNetworks to show in that nifty little advertisement banner, RealNetworks looks up client 341481234 and discovered that there's a huge preference for country music, so they're a lot more likely to select a country music-related advertisement than a techno one. This falls totally within the logical framework of RealNetworks and their posted privacy policy, their repeated statements about this entire issue, and their past behavior. The whole storing of personal information stuff was all made up by Slashdot posters and is in no way based on the facts.
egregiously does NOT mention the fact that they log every CD and mp3 you play from your own computer--we can pretty easily conclude that this is a deliberate secret.
Did you ever stop to consider that this isn't listed on their privacy notice because they DO NOT, IN FACT, DO THIS?
This whole bit about logging every CD and MP3 played was MADE UP BY UNINFORMED SLASHDOT KIDDIES in this thread. There is absolutely no basis in fact for this assumption that I have read. In fact, RealNetworks goes so far as to point out that this information is NOT stored. It is simply sent, analyzed, and whatever aggregate information (genre, for instance) is gleamed from it.
What possible motive would they have for logging every single CD and MP3 you download and listen to? It doesn't serve them a single bit, except to waste VOLUMES of hard disk space. The only thing useful out of this information is the aggregate information such as the type/genre of music people listen to, which is most likely what they use it for. Now, whether or not this in itself is a violation of privacy is an entirely different debate, and one I'm not going to get into.
A)Automatically trust him to be telling the truth and
B)Say "ah, that's all right then" and wander away without even wondering WHY they were practicing, and more importantly, why on you?
I would do neither. I'd investigate, certainly, but I'd hold short of trying to beat the crap out of him or call my local legislature and ask them to pass laws that forbids people from taking photographs of me in public. If I asked him and he said he was a photographer for the Daily News, and was just out checking how popular the new restaurant that just opened was, I'd believe him, certainly.
we have something at the same level as MS's "UID" namestamp from Office97, and most people agree that that was beyond the allowable.
I guess this is just a difference of opinion here. I agree that this is somewhat similar to the Office GUID thing, but I disagree that either issue merits the attention.
Companies keep clients by keeping the client's trust. If they abuse that trust, or do something pretty stupid (as seems to be the case here), they lose clients. It's not good business sense to act in a way that alienates your very clients, and it *certainly* doesn't pay to do so with evil motives, because things like this always get exposed in the long run (by faithful privacy "activists"). THIS is why I give companies the benefit of the doubt in these cases. Yes, I agree that RealNetworks should have somehow disclosed the fact that this data were being sent back for the purposes of aggregation and analysis, but I do NOT agree that RealNetworks was acting with malicious intent. It was probably just a communications problem or poor decision-making between their various departments.
There isn't some dark room back in the basement of the RealNetworks headquarters with a dozen executives sitting at a table saying to themselves, "Drats! Foiled again by the privacy activists! We must find another way to invade the privacy of our 'loyal' customers so we can continue to be an evil company!" More likely, people are being scolded for not having mentioned this "feature" of the software to consumers. It's a PR mess, certainly, and I can only hope that RealNetworks and similar companies will learn from their mistake.
So it seems to me that if you guys want this issue resolved, inform RealNetworks of your opinion (though I imagine they're already aware of it), and wait for RealNetworks to respond.
And if I fail to mention that I use monosodium glutumate in my Gumbo, am I committing fraud?
Am I negligent by not disclosing the fact that the toilet paper in my office restroom is made from less-than-100% recycled material?
Is it illegal for me to forget to mention that there are security cameras in my department store?
Let's keep the analogies sane, please.
You make some fair points, but I feel I should respond to this bit:
"David Banisar, a lawyer...who specializes in internet law, said that RealNetworks' surveilance practices could violate various state and federal statutes..."
That's not lack of courtesy, that's lawbreaking.
No, it's not. It's one lawyer mentioning that there was the *possibility* of a violation of law. That's the job of a lawyer, to find possibilities and to take that to trial. Of course a lawyer's going to say that, especially if he knows his name will be in the papers. For all you know, the conversation could have gone like this:
reporter: So tell us: are they breaking the law?
lawyer: I doubt it, but I don't have all of the facts, so I suppose there's certainly something illegal about what they're doing.
reporter: Gotcha!
I would be quite surprised if this was actually the case here, and I would be very interested in how they came to that conclusion. Companies all-too-frequently collect information like this, without informing consumers, yet they are typically found to be operating within the boundaries of law. I don't see the difference here...
Yes, you're right.. I missed the phrase "pre-signed" in the original comment.
When you get it, but not ask for it, it is NOT fine. Period.
I was talking about ads via their software (equivalent to banner ads), not e-mail. "Period."
I did not ask for Real Network mailings of any kind (which it says so many places but one).
Neither did I, and I never get them.
The articles you quote all talk about how people keep putting bogus e-mails in their RealNetworks registration, and real live people that receive mail at those bogus e-mail addresses are complaining. If nothing else, you should be blaming the people that are putting YOUR e-mail address in the box instead of their own. THEY'RE the ones that are signing you up for e-mail from RealNetworks. RealNetworks has a little checkbox that I always uncheck that says "Send me mail about stuff." Rather than uncheck this box, they leave it checked and just put in somebody else's e-mail address.
I'm afraid I'm going to have to side with RealNetworks on this case, though I do think (as the article suggests) that they should adopt a better policy of validating e-mail addresses. I hardly think it's fair to bash them because people are putting in other people's e-mail addresses. It's clear that people feel more strongly about pushing RealNetworks into adopting this policy, to the point of using the RBL to declare them spammers, and that's fine. I don't disagree with that stance, and I hope they're successful. But I don't think RealNetworks is particularly evil one way or the other. It's all about buying into the mass media.
Nope. Everyone is pissed because the information is being gathered without your consent!
I'm not disputing this, and it doesn't have anything to do with the message I was responding to.
I totally agree with you that RealNetworks should have provided more disclosure about what it's collecting from you, but I'm seeing posts that are unfairly bashing RealNetworks because they are assuming that this information is automatically being stored in its full, verbose complete form and tied directly to your name and address, which isn't necessarily the case at all.
I'm not saying RealNetworks isn't the bad guy in this case, but they aren't acting quite as evilly as some people are saying, and it distresses me when people jump on the anti-something slashdot issue-of-the-week without doing any research on their own.
A pre-checked checkbox is kind of like a "pre-signed contract", giving you the _option_ to tear it up
By signing said contract, you are explicitely acknowledging its contents in their entirety. This is a horrible analogy to make, since legally, you can't just say, "Well, I signed it, but they shouldn't have had that clause in there from the start!" and try to back out.
I can't believe people are arguing about what the default state of the checkbox should be. They're in no way obligated to provide that checkbox. It's the same as web sites that ask you the same thing. They're doing you a favor in an effort to keep people's trust and avoid bad feelings when people start getting e-mailed crap from them when they never wanted it in the first place. They would certainly like you to check the checkbox, so they leave it checked. If you're too braindead to notice this checkbox, then you deserve what you get.
Something like RealPlayer, web pages, checkout counters, etc. No. I don't believe there is any "right to privacy" either implied or expressed.
Agreed. If you're that concerned with your privacy, it's up to you to protect it. Don't give private or confidential information to people you do not trust. Period.
I'm choosing conciously to use their product.
I think the crux of the issue is that you are choosing to use the product, yes, but you aren't making the concious choice to consent to their "monitoring".
What people fail to realize is that, in all likelyhood, this "monitoring" only ends up adjusting small numerical values that represent your aggregate interest in the various musical genres. The specifics about what albums and artists you listen to are likely forgotten immediately.
The point? I'm convinced that the whole "privacy" issue is getting blown way out of proportion especially in areas where it shouldn't really apply. YRO articles like this add to media congestion and hype, and only cloud the real issues: things like encryption laws, misuse of wiretaps and warrants, things that truly matter.
Exactly. These YRO pieces are frequented by privacy "activists" (a.k.a. whackos), and the authors themselves tend to throw in an IMMSENSELY heavy bias in their introductory description of the issue, so it is only natural to expect that the entire tone of the comments will follow that bias to a T.
Unfortunately, this has made my life a bit harder, as I am compelled by some unknown forces to try and keep things rational, based on the unbiased facts and not on the rabid reactions of people without knowledge of actual facts. It's tough work in YRO articles.