EFFector Vol. 21, No. 02 January 15, 2008 editor@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 In the 455th Issue of EFFector: * "Attempted Distribution" Not a Crime * Scrutinizing Comcast's Apologists * Troubling "Digital Theft Prevention" Requirements Remain in Higher Education Bill * Are Personal Copies of Digital Music Files "Unauthorized"? * House Committee Issues Report on TSA's Website Security Flaws * Visit EFF at Macworld * Come See EFF at the O'Reilly Emerging Technology Conference! * Nominate a Pioneer for EFF's 2008 Pioneer Awards! * miniLinks (5): Director of National Intelligence planning more spying * Administrivia For more information on EFF activities & alerts: http://www.eff.org/ Make a donation and become an EFF member today! http://eff.org/support/ Tell a friend about EFF: http://action.eff.org/site/Ecard?ecard_id=1061 effector: n, Computer Sci. A device for producing a desired change. : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * "Attempted Distribution" Not a Crime EFF Files Brief in Atlantic v. Howell Challenging RIAA's Bogus Theory Last Friday, EFF filed an amicus brief in Atlantic v. Howell, an Arizona lawsuit brought as part of the Recording Industry Association of America's (RIAA) national campaign against individuals for file-sharing. Although the case has received attention recently over the issue of whether CD ripping is legal, EFF believes the most important issue in the case is about something different: can the RIAA sue people for *attempted* copyright infringement? EFF says no. As in more than 20,000 other lawsuits, the recording industry claims that Mr. and Mrs. Howell committed copyright infringement by using P2P file sharing software. But rather than attempting to prove infringing copying or infringing distributions, the record labels argue that simply having a song in a shared folder, even if no one ever downloaded it from you (i.e., "making available"), infringes the music industry's distribution right. This essentially amounts to suing someone for attempted distribution, something the Copyright Act has never recognized. Sure, it would make it quite a bit easier for the RIAA if it could go to court and simply say, "This person had our artists' songs in her shared folder, we win." But that's not the law. If the RIAA wants to bring tens of thousands of lawsuits against individuals, it has to play by the rules and prove its cases. That means proving that actual infringing copies were made or that actual infringing distributions took place. It's not enough to prove that they could have taken place. For EFF's amicus brief in Atlantic v. Howell: http://www.eff.org/files/EFF%20amicus%20brief.pdf For the complete post by EFF Senior Staff Attorney Fred von Lohmann: http://www.eff.org/deeplinks/2008/01/eff-files-brief-atlantic-v-howell-resisting-riaas-attempted-distribution-theory : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * Scrutinizing Comcast's Apologists EFF is continuing its research into Comcast's use of forged RST packets to interfere with its customers' BitTorrent connections. (Apparently, the FCC is investigating, as well.) While Comcast has remained conspicuously silent about the technical details of its activities, a few networking engineers have tried to defend Comcast by proposing technical justifications for Comcast's interference activities. One of the most energetic of these pundits is Richard Bennett, who has argued that Comcast deserves a "pat on the back and a gold star," not criticism, for injecting spoofed RST packets into its users' traffic. In this post, we're going to examine and rebut his arguments. For information about EFF's "Test Your ISP" Project: http://www.eff.org/testyourisp/ For the complete post by EFF Staff Technologist Peter Eckersley: http://www.eff.org/deeplinks/2008/01/scrutinizing-comcasts-apologists : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * Troubling "Digital Theft Prevention" Requirements Remain in Higher Education Bill Last November, we posted about H.R. 4137, the College Opportunity and Affordability Act of 2007, which includes misguided anti-piracy requirements for universities. For the most part, the massive bill refreshes existing legislation about federal financial aid. But the bill also includes a section with a title that sounds as if it were dreamt up by an entertainment industry lobbyist: "Campus-based Digital Theft Prevention." It says that universities shall "develop a plan for offering alternatives to illegal downloading or peer-to-peer distribution of intellectual property as well as a plan to explore technology-based deterrents to prevent such illegal activity." Advocates of the bill stress that the language stops short of demanding implementation, but this argument misses the point entirely. The passage of this bill will unambiguously lead universities into costly dead-ends -- the industry-sanctioned online music services are laden with DRM, and network detection/filtering programs present privacy risks and are inevitably rendered obsolete by technological countermeasures. The requirements are another ill-conceived salvo in the entertainment industry's higher education agenda. For this complete post: http://www.eff.org/deeplinks/2008/01/digital-theft-prevention-requirements-remain-higher-education-bill : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * Are Personal Copies of Digital Music Files "Unauthorized" or Not? Is it illegal to make copies of legally purchased digital music for personal use? Millions of people do this every day when they rip CDs to their hard drives, copy audio files to their iPods, or burn backups onto CDs; but as a recent Washington Post article pointed out, the Recording Industry Association of America (RIAA) doesn't necessarily approve. The article noted that the RIAA case against Arizona resident Jeffrey Howell refers to copies Howell made of his legally purchased music as "unauthorized copies." However, after allegations that the article mischaracterized the RIAA's claims, the Washington Post issued a correction a few days later, to make clear that the RIAA sued Howell over his "unauthorized" copies because he allegedly placed them in his "shared folder" for distribution over a peer-to-peer network. But the RIAA subsequently refuses to clarify its stance on personal copying, and many have since presented evidence that the RIAA simply won't acknowledge the right of fans to make personal copies, nor will it rule out the possibility of lawsuits on these grounds at some point in the future. For the original Washington Post article: http://www.washingtonpost.com/wp-dyn/content/article/2007/12/28/AR2007122800693.html For Wired blogger Ryan Singel's post "What It Looks Like Trying to Get A Straight Answer From the RIAA": http://blog.wired.com/27bstroke6/2008/01/what-it-looks-l.html For this complete post: http://www.eff.org/deeplinks/2008/01/are-personal-copies-digital-music-files-unauthorized-or-not : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * House Committee Issues Report on TSA's Website Security Flaws Last Friday, the Committee on Oversight and Goverment Reform of the House of Representatives published a report about the launch of a Transportation Security Administration (TSA) website that had egregious security vulnerabilities that "exposed thousands of American travelers to potential identity theft." The "Traveler Redress" website was intended to allow travelers erroneously listed on airline watch lists to get help from the government. The report faults a no-bid contract process that benefited a single company with close ties to the TSA employee in charge of the project. The report also demonstrates that the site would have continued putting travelers' personal information at risk if it hadn't been exposed by blogger and security researcher Chris Soghoian. For the House Committee on Oversight and Government Reform release: http://oversight.house.gov/story.asp?ID=1680 For this post: http://www.eff.org/deeplinks/2008/01/house-committee-issues-report-tsas-website-security-flaws : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * Visit EFF at Macworld The Macworld organizers have generously donated booth space to EFF -- so come visit EFF at the Macworld Conference & Expo, going on now (January 14 to 18) in San Francisco. Macworld is a week-long experience for everyone who uses Apple Macintosh computers. For more about the Macworld Conference & Expo: http://www.macworldexpo.com : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * Come See EFF at the O'Reilly Emerging Technology Conference! Heading to San Diego for the O'Reilly Emerging Technology Conference (ETech) in March? Plan to catch "EFF's "On A Brighter Note..." panel, where EFF lawyers and activists will put on their rose-tinted spectacles and describe our best case scenarios: near-future technology that will help you defend your rights, real world policy initiatives that could help save the Net, and techniques and tricks that you can bake into your work now that will help preserve all our freedoms, for now and for good. Also, don't forget to come to EFF's Pioneer Awards ceremony on March 4. (See below for details on how to nominate a Pioneer.) And don't forget to visit our booth and grab some EFF schwag during exhibit hours. The O'Reilly Emerging Technology Conference (ETech) takes place March 3-6 in San Diego, CA. ETech hones in on the ideas, projects, and technologies that the alpha geeks are thinking about, hacking on, and inventing right now. From robotics, health care, and space travel to gaming, finance, and art, ETech explores promising technologies that are influence everyday life and inspiring the future. The good folks at O'Reilly are offering a discount to EFFector readers; enter code "et08eff" when you register online to save 20%! http://www.oreilly.com/go/et3cheff For more about ETech: http://conferences.oreillynet.com/ For more information about O'Reilly: http://www.oreilly.com : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * Nominate a Pioneer for EFF's 2008 Pioneer Awards! EFF established the Pioneer Awards to recognize leaders on the electronic frontier who are extending freedom and innovation in the realm of information technology. This is your opportunity to nominate a deserving individual or group to receive a Pioneer Award for 2008. The International Pioneer Awards nominations are open both to individuals and organizations from any country. Nominations are reviewed by a panel of judges chosen for their knowledge of the technical, legal, and social issues associated with information technology. How to Nominate Someone for a 2008 Pioneer Award: You may send as many nominations as you wish, but please use one email per nomination. Please submit your entries via email to pioneer@eff.org. We will accept nominations until January 31, 2008. Simply tell us: 1. The name of the nominee, 2. The phone number, email address or website by which the nominee can be reached, and, most importantly, 3. Why you feel the nominee deserves the award. Nominee Criteria: There are no specific categories for the EFF Pioneer Awards, but the following guidelines apply: 1. The nominees must have contributed substantially to the health, growth, accessibility, or freedom of computer-based communications. 2. To be valid, all nominations must contain your reason, however brief, for nominating the individual or organization and a means of contacting the nominee. In addition, while anonymous nominations will be accepted, ideally we'd like to contact the nominating parties in case we need further information. 3. The contribution may be technical, social, economic, or cultural. 4. Nominations may be of individuals, systems, or organizations in the private or public sectors. 5. Nominations are open to all (other than current members of EFF's staff and operating board or this year's award judges), and you may nominate more than one recipient. You may also nominate yourself or your organization. 6. Persons or representatives of organizations receiving an EFF Pioneer Award will be invited to attend the ceremony at EFF's expense. More on the EFF Pioneer Awards: http://www.eff.org/awards/pioneer/ : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * miniLinks The week's noteworthy news, compressed. ~ Director of National Intelligence planning more spying A New Yorker profile on Mike McConnell says the US is drafting plans that will give it access to any email or web search. http://blog.wired.com/27bstroke6/2008/01/feds-must-exami.html ~ New Yorker reporter was wiretapped Pulitzer prize-winner Lawrence Wright says his calls were monitored by the government. http://news.yahoo.com/s/ap/20080113/ap_on_go_ca_st_pe/terrorist_interrogation ~ DRM is dead, but watermarks are back Record labels are experimenting with the use of watermarking for copyright protection. http://www.wired.com/entertainment/music/news/2008/01/sony_music ~ Will ISPs become copyright traffic cops? AT&T has been in talks with the RIAA and the MPAA to discuss filtering traffic for copyrighted material. http://www.engadget.com/2008/01/09/atandt-microsoft-nbc-working-on-solutions-to-filter-copyrighted/ ~ Wiretap this! Send cryptic messages to anyone who may be illegally reading your email with this website. http://www.wiretapthis.com/ : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * Administrivia EFFector is published by: The Electronic Frontier Foundation 454 Shotwell Street San Francisco CA 94110-1914 USA +1 415 436 9333 (voice) +1 415 436 9993 (fax) http://www.eff.org/ Editor: Richard Esguerra, EFF Activist richard@eff.org Membership & donation queries: membership@eff.org General EFF, legal, policy, or online resources queries: information@eff.org Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements & articles may be reproduced individually at will. Current and back issues of EFFector are available via the Web at: http://www.eff.org/effector/