EFFector       Vol. 16, No. 26       October 5, 2003

A Publication of the Electronic Frontier Foundation     ISSN 1062-9424

In the 265th Issue of EFFector:

• Who Controls Your Computer?: EFF Reports on Trusted Computing
• Passenger Profiling Violates Rights, Doesn't Improve Safety
• Plan for Library Book Tagging Generates Privacy Concerns
• Total/Terrorism Information Awareness: Is It Truly Dead?
• Digital Copyright Law Still Damaging After All These Years
• Unsafe Harbors: Abusive DMCA Subpoenas and Takedown Demands
• Australia's "DMCA": EFF Comments on Australian Digital Agenda
• Charity.com Names EFF "Charity of the Month"
• Deep Links (14): We're a Record Label. But We're Not Evil.
• Staff Calendar: 10.08.03 - Seth Schoen debates Mike Wolff (Microsoft) on Palladium/NGSCB at the SDForum, Mountain View, CA.
• Administrivia

---

Who Controls Your Computer?

EFF Reports on Trusted Computing

San Francisco - The Electronic Frontier Foundation (EFF) on Thursday published a
landmark report on trusted computing, a technology designed to improve security
through hardware changes to the personal computer.

The report, entitled "Trusted Computing: Promise and Risk," maintains that
computer owners themselves, rather than the companies that provide software and
data for use on the computer, should retain control over the security measures
installedhon their computers. Any other approach, says the report's author Seth
Schoen, carries the risk of anti-competitive behavior by which software
providers may enforce "security measures" that prevent interoperability when
using a competitor's software.

" Helping computer owners defend their computers against attacks is progress in
computer security, but treating computer owners themselves as the bad guys is
not," said Schoen. "Security architectures must be designed to put the computer
owner's interests first, not to lock the owner into the plans of others."

Links:

• For the full press release
• EFF report: "Trusted Computing: Promise and Risk"
• EFF companion commentary: "Meditations on Trusted Computing"
• CNET story about the EFF report

---

Passenger Profiling Violates Rights, Doesn't Improve Safety

Electronic Frontier Foundation Urges Privacy in Air Security

San Francisco - The Electronic Frontier Foundation (EFF), along with
PrivacyActivism, Privacy Rights Clearinghouse, C.A.S.P.I.A.N., and others,
submitted formal comments on September 30th to the Privacy Office of the U.S.
Department of Homeland Security (DHS), urging it to stop development of a
proposed airline passenger screening program administered by the Transportation
Security Administration (TSA).

"We're concerned that the Homeland Security Department's CAPPS II plan
sacrifices the privacy and civil liberties of travelers without a logical
connection to safety and security," said EFF Attorney Kevin Bankston, an Equal
Justice Works / Bruce J. Ennis Fellow. "The CAPPS II passenger profiling scheme
should not proceed until its proponents address serious questions about privacy,
due process, accuracy, and effectiveness, as Congress recognized last week when
it halted implementation of CAPPS II pending further review."

Links:

• For the full press release
• EFF comments on CAPPS II
• EFF backgrounder on CAPPS II

---

Total/Terrorism Information Awareness: Is It Truly Dead?

EFF: It's Too Early to Tell

Late in September, Congress ended funding for Terrorism Information Awareness
(TIA) by passing HR 2658, a fiscal 2004 Defense appropriations bill that has yet
to be signed by the President. But is TIA truly dead? EFF believes that it is
too early to tell.

Congress eliminated funding for the Office for Information Awareness, but it has
allowed the Defense Advanced Research Projects Agency (DARPA) to continue to
research and develop "dataveillance" tools, so long as they are not used within
the United States. While EFF is pleased that these tools will not be developed
specifically for domestic use, we are concerned that their development for
foreign intelligence purposes continues to pose civil liberties risks -
especially since it appears that they are to be developed under a classified
" black budget" with little, if any, public accountability.

In addition, Congress has also expressly allowed several former TIA programs to
continue, including the Bio-Event Advanced Leading Indicator Recognition
Technology (Bio-ALIRT), Rapid Analytic Wargaming, Wargaming the Asymmetric
Environment, and Automated Speech and Text Exploitation in Multiple Languages
(including Babylon and Symphony).

Finally, TIA was never the only domestic dataveillance program. EFF is
campaigning to stop implementation of the Computer Assisted Passenger
Pre-Screening System (CAPPS II), which gathers personal information about each
airline passenger from unidentified government databases as well as commercial
data sources. But CAPPS II is only one domestic surveillance initiative, and
neither it nor the other programs in development is subject to the TIA
"overseas-only" provision.

In light of these ongoing threats to citizens' privacy and civil liberties, EFF
concludes that even if TIA is "dead," the need for continued Congressional
oversight and a strong regulatory framework remains great. We ask for a status
report on the tools being developed for foreign surveillance, as well as on TIA
biometric programs. We also strongly support Senator Russ Feingold's (D-WI)
Data Mining Moratorium Act (S. 188) and Senator Ron Wyden's (D-OR) Citizens'
Protection in Federal Databases Act of 2003 (S. 1484), and we urge constituents
to join us in this support.

Links:

• EFF commentary: Total/Terrorism Information Awareness: Is It Truly Dead?

---

Plan for Library Book Tagging Generates Privacy Concerns

Electronic Frontier Foundation Advises Public Library

San Francisco - The Electronic Frontier Foundation (EFF) sent a letter on
Wednesday to the San Francisco Public Library Commission (SFPLC) warning of
privacy concerns in the use of radio frequency identification (RFID) tagging of
library books.

The SFPLC is considering a budget for RFID technology for the library system
starting in 2004 with implementation in 2005. Under the plan, San Francisco
libraries would place a computer chip in library books and other materials to
facilitate tracking of the books through the library system as well as on loan
to patrons. Library staff, as well as potentially other persons, could use RFID
sensor devices to determine the location, title, and potentially other
information about the library materials.

"RFID technology raises great privacy concerns because insecure RFID tags permit
inventorying of people's possessions and tracking of people via their
possessions," explained EFF Senior Staff Attorney Lee Tien in the letter.
" Libraries have long been very protective of library patron privacy given that
surveillance of reading and borrowing records chills the exercise of First
Amendment rights."

Links:

• For the full advisory
• EFF letter on RFIDs to San Francisco Public Library Commission

---

Digital Copyright Law Still Damaging After All These Years

Electronic Frontier Foundation Updates Landmark Report

San Francisco - The Electronic Frontier Foundation (EFF) on Friday released an
update of its landmark report on problems with digital copyright law entitled
"Unintended Consequences: Five Years Under the Digital Millennium Copyright Act"
(DMCA).

"Congress intended the DMCA to target criminals who pick digital locks to engage
in mass piracy," said EFF Staff Attorney Gwen Hinze. "Yet in practice the DMCA's
anti-circumvention provisions have stifled the legitimate activities of
scientists, scholars, business competitors, journalists, publishers, consumers,
and the general public."

Additions to the report include sections that explore:

• Chilling effects on scientific research and freedom of expression, including
  discussion of Andrew "Bunnie" Huang's book on X-box security vulnerabilities,
  which was dropped by publisher John Wiley
• Anti-competitive uses of the DMCA and the stifling of technological
  innovation, including a briefing on the Chamberlain v. Skylink garage door
  opener case
• New use of section 1201 as broad, general-purpose ban on accessing a computer
  system, including the story of a contract programmer held liable for accessing
  an ex-employer's computer system through a server via a virtual public network

"The DMCA has emerged over the past five years as a significant threat to a
number of important public policy principles," added Hinze. "Congress should
amend copyright law to preserve the constitutionally-mandated balance between
private incentives and public rights."

Links:

• For the full advisory
• EFF report: "Unintended Consequences: Five Years Under the Digital Millennium
  Copyright Act"

---

Unsafe Harbors: Abusive DMCA Subpoenas and Takedown Demands

DMCA 512 Horror Stories

The Electronic Frontier Foundation (EFF) on Friday published "Unsafe Harbors:
Abusive DMCA Subpoenas and Takedown Demands," a report tracking abuse of the
safe harbor provisions in the Digital Millennium Copyright Act (DMCA).

"Section 512 of the DMCA has often been used to invade the privacy of Internet
users, harass Internet service providers, and chill online speech - yet the
abuses tend to fall below the national radar," said EFF Staff Attorney Wendy
Seltzer. "We hope to alert the public to the danger of giving copyright
claimants such sweeping powers."

The report includes examples garnered from the Chilling Effects Clearinghouse,
which maintains a database of cease-and-desist demands.

Links:

• EFF report: "Unsafe Harbors: Abusive DMCA Subpoenas and Takedown Demands"
• Chilling Effects Clearinghouse

---

Australia's "DMCA" Under Review

Electronic Frontier Foundation Comments on Australian Digital Agenda

The Electronic Frontier Foundation (EFF) has filed comments in Australia's
review of its own "DMCA" - the technological protection measures in the
Australian Copyright Act. EFF's comments are in response to an issues paper
released by law firm Phillips Fox, which is conducting a review of Australian
digital copyright law on behalf of the Australian Attorney General's Department.
EFF outlines the unintended consequences and misuses of the DMCA
anti-circumvention provisions in the United States, and recommends narrowing the
scope of the analogous section of the Australian Copyright Act in order to:

* Protect consumers' rights in digital media that they have purchased
* Provide leeway for scientists and computer researchers to conduct research and
engage in reverse-engineering
* Restore the balance in Australian copyright law between the rights of
copyright holders and those of the public

EFF also addresses ISP regulation, stressing the importance of procedural
safeguards and judicial oversight in any process adopted to identify ISP
subscribers, whether by subpoena or otherwise, as a safeguard to privacy. EFF
points out the deficiencies in the DMCA subpoena process, making note of
the recent erroneous and unjustified disclosures of subscribers' identities.

The Digital Agenda Review is the first review of the impact and operation of the
Australian anti-circumvention provisions, ISP liability, the interaction of
technology and copyright, and the impact of digital copyright law on libraries
and archives. A final report on the review process is expected in early 2004.

Electronic Frontiers Australia (EFA), an Australian organization dedicated to
protecting the rights and freedoms of Internet users, also filed comments in
response to the issues paper.

Links:

• EFF comments on Australia's Digital Agenda Review
• EFA comments

---

Charity.com Names EFF "Charity of the Month."

Charity.com has chosen EFF as its "Charity of the Month." EFF is a member-supported nonprofit. Take the time now to join us or renew your membership!

Links:

• Charity.com: EFF Named Charity of the Month
• Become an EFF member today

---

Deep Links

Deep Links features noteworthy news items from around the Internet.

• ACLU Files Suit to Stop RIAA from Obtaining Student Name (Free Registration Required)
  A second challenge to the RIAA's use of the DMCA roll-your-own-subpoena provisions
• Zimbabwe's Daily News Battles On - Online
  The country's only independent newspaper has been banned. It's defecting to the
  Internet
• The Subpoenas Are Coming!
  " Citing a provision of the Patriot Act, the FBI is sending letters to
  journalists telling them to secretly prepare to turn over their notes, emails
  and sources to the bureau"
• Compulsory Licenses for Music?
  USA Today with a forward-looking piece on the file sharing debate
• MPEG Founder Seeks Copy-Protection Accord
  The Digital Media Project is "aimed at ending what members say has been a
  technological civil war." By imposing technological marshal law?
• Revived Hopes for Open Development Discussions with WIPO
  Despite protests from the U.S. proprietary software lobby, WIPO may yet look
  into development models that directly benefit the public
• File-Swapping Hearing Stars Dueling Rappers
  Mr. D and Mr. Cool J Go to Washington
• Parley with Powell
  The Chairman of the FCC on the agency's role in a world it doesn't regulate - yet
• KaZaA Website Visits Decline
  The KaZaA website received 41% less traffic this month. No stats yet
  available on the network's actual traffic or number of users
• Madonna Sued for Copyright Infringement
  What the heck did she think she was doing?
• The Crazy-Quilt of Electronic Privacy (Registration required)
  Cool article on the ad-hoc nature of the electronic privacy protections
  assembled over the years
• Senator Seeks Lower Downloading Penalties
  Senator Coleman wants lower penalties for downloaders. It's a start. But why
  not remove liability for music lovers *and* get artists paid?
• We're a Record Label. But We're Not Evil.
  You heard it here first: Magnatune is in no way affiliated with the people who
  made "Gigli"
• VeriSign's SiteFinder Dead for Now
  ICANN: "Shut down SiteFinder, or else."
  VeriSign: "Okay."

---

Staff Calendar

For a complete listing of EFF speaking engagements (with locations and times), please visit the calendar.

• October 8 -
  Seth Schoen will debate Mike Wolff (Microsoft) at the SDForum
  Mountain View, CA.
  - 6:30 - 7:30 p.m. "Palladium: The Future of Windows Security"

---

Administrivia

EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
 http://www.eff.org/

Editor:
Donna Wentworth, Web Writer/Activist
  donna@eff.org

To Join EFF online, or make an additional donation, go to:
  https://secure.eff.org/

Membership and donation queries: membership@eff.org
General EFF, legal, policy or online resources queries: ask@eff.org

Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements and articles may be reproduced individually at will.

To change your address or other information, please visit: http://action.eff.org/subscribe/

If you have already subscribed to the EFF Action Center, please visit: http://action.eff.org/login.asp/

To unsubscribe from the EFFector mailing list, send an email to alerts@action.eff.org with the word "Remove" in the subject.

(Please ask donna@eff.org to manually remove you from the list if this does not work for you for some reason.)

Back issues are available at:
  http://www.eff.org/effector/

You can also get the latest issue of EFFector via the Web at:
  http://www.eff.org/effector/current.php

Back to table of contents

Return to EFFector Newsletters Index

---

Please send any questions or comments to webmaster@eff.org