EFFector Vol. 14, No. 31 Oct. 16, 2001 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 In the 191st Issue of EFFector (now with over 29,300 subscribers!): * ALERT UPDATE: "Anti-Terrorism" Surveillance Bill To Pass This Week * Public Interest Postion on Junk Email: Protect Innocent Users * EFF Comments On W3C's Draft Patent Policy * EFF Participates in FMC's Panel Discussion on Digital Music * Announcing the EFF Contest of the Century! * EFF Thanks CoffeeCup Software, Inc. * Administrivia For more information on EFF activities & alerts: http://www.eff.org/ To join EFF or make an additional donation: http://www.eff.org/support/ EFF is a member-supported nonprofit. Please sign up as a member today! _________________________________________________________________ ALERT UPDATE: "Anti-Terrorism" Surveillance Bill To Pass This Week Both the US Senate and House of Representatives have passed slightly different versions of the "Uniting and Stregthening America Act" (USA Act), an ostensibly anti-terrorism bill with many terrorism-unrelated, alarming provisions that erode protection againsts improper government surveillance, among other problems. The House version contains (probably worthless) "sunset" provisions that would expire some of the wiretap-related sections of the bill after several years unless they are re-ratified; but these provisions are not expected to survive the final draft. Final passage, despite our and your activism efforts, is essentially assured, and will be by way of a conference committee and a final vote on the merged version of the bill that results from the committee. However, it would not hurt to contact your legislators once again to express your disapproval of this legislation, and to contact the White House to urge President Bush to refuse to sign the final bill into law (not likely, but you'll be counted among those on record in opposition to the USA Act.) EFF will issue a statement if/when the bill passes, and, with other organizations, will work to monitor implementation of the new law, and examine avenues for legal challenges against its more troubling provisions. To our friends in other countries: You would do well to keep a close eye on what your own government is doing. The US is hardly alone in taking misguided steps toward become a more totalitarian society in the hope of stopping terrorism. For bill texts and analyses, see the EFF Surveillance Archive: http://www.eff.org/Privacy/Surveillance/ - end - _________________________________________________________________ Public Interest Postion on Junk Email: Protect Innocent Users EFF Statement Regarding Anti-Spam Measures Executive Summary: Any measure for stopping spam must ensure that all non-spam messages reach their intended recipients. For the past several years, the Electronic Frontier Foundation (EFF) has watched with great interest the debate regarding what to do about unsolicited bulk email from strangers, or spam. We have been asked to lend our support to bills that have been introduced in Congress, and we have been approached in various other ways to help lead the fight against this annoying intrusion into people's email mailboxes. While members of the EFF staff and board find this unsolicited email to be as annoying as everyone else, we believe that the two most popular strategies for combatting it so far--legislation and anti-spam blacklists--have failed in their fundamental design. Anti-spam bills have been badly written, are unconstitutionally overbroad, and frequently wander into areas where legislators have no expertise, such as the establishment of Internet standards. And anti-spam blacklists, such as the MAPS RBL (Mail Abuse Prevention System Realtime Blackhole List, the most popular), result in a large number of Internet service providers (ISPs) surreptitiously blocking large amounts of non-spam from innocent people. This is because they block all email from entire IP address blocks--even from entire nations. This is done with no notice to the users, who do not even know that their mail is not being delivered. The focus of efforts to stop spam should include protecting end users and should not only consider stopping spammers at all costs. Specifically, any measure for stopping spam must ensure that all non-spam messages reach their intended recipients. Proposed solutions that do not fulfill these minimal goals are themselves a form of Internet abuse and are a direct assault on the health, growth, openness and liberty of the Internet. Email is protected speech. There is a fundamental free speech right to be able to send and receive messages, regardless of medium. Unless that right is being abused by a particular individual, that individual must not be restricted. It is unacceptable, then, for anti-spam policies to limit legitimate rights to send or receive email. To the extent that an anti-spam proposal, whether legal or technical, results in such casualties, that proposal is unacceptable. The Two Extremes of the Current Email Battlefield The legislative proposals that have dominated the anti-spam policy debate for the last several years have failed, and rightly so. The several existing state laws against spam are of questionable constitutionality, too hard to enforce even if they should be enforced, and have done nothing to stem the tide of spam. National legislation will not solve the problem either, while creating a morass of unintended consequences. Serious problems with the anti-spam legislation we have seen to date include: * misdefinitions of key terms and concepts, including "commercial," "list," and "spam" itself; * technology-specific requirements that will be rapidly obsolete; * a focus on punishing expression rather than protecting privacy; * the giving of broad power or obligation to ISPs to control the private email of their customers; * jurisdictional problems; * unnecessary and excessive criminalization of private, civil disputes; * requirements with which senders will find it impossible to comply; * and a clear pattern of providing a defense for ISPs in the form of immunity from the simple realities and responsibilities of the marketplace, rather than one of enabling individuals to protect themselves. But poorly-focused legislation is not the only failing proposal here. Many groups of often well-meaning people have worked on ways to avoid the various annoyances and problems caused by unsolicited bulk email. Anti-spam blacklisting groups, such as MAPS and ORBs, put heavy pressure on ISPs to conform to a set of restrictive anti-spam policies and to virally pressure other ISPs to adopt the same policies. It is estimated that over 50% of US-based ISPs and up to one third of global ISPs already participate in the blacklisting. But blacklisting is interfering with the delivery of a significant amount of non-spam email. Systems administrators who will not adopt the suggested anti-spam policies find themselves unable to deliver their non-spamming users' mail to recipients who are on systems that participate in blacklisting. This blocking is being done at too high a cost. Ultimately, civil rights and the ability of non-spammers to communicate cannot be sacrificed to serve the goal of blocking unsolicited bulk email. The search for a nonexistent, and ultimately impossible, legislative or ISP-level blacklist "magic bullet" solution has actually distracted the Internet community for the last five years from the real solution: better voluntary user-end filtering and/or voluntary, informed and flexible ISP-level filtering. Only an end user-controlled solution will uphold the rights of the end users while serving to deter spam by removing most of the audience and making it unprofitable to continue junk emailing. The Right Way to Look at Spam Until we include the free speech rights of all end-users instead of trying to stop a few wrongdoers at the cost of innocent users, any solution for dealing with spam will be fundamentally flawed. End users, known as "customers" to ISPs, should demand that none of their wanted email be censored in attempts to filter out unwanted messages. In addition, Netizens should express their dismay at spam by boycotting products advertised with spam. On a larger scale, EFF supports combatting spam by providing end-users with adequate tools to filter unwanted messages on the receiving end. We also support the development of more robust and subtle technology for this purpose. Brightmail, for example, has created a system that does a good, if still imperfect, job. Others that attempt to do this are listed at http://spam.abuse.net/tools/mailblock.html. From a technical standpoint, we would like to see the development of better filtration software on servers, something that could work interactively with the mail recipient in defining what he or she regards as spam using pattern recognition. That is, every time somebody gets a message of a sort he or she does not want, s/he could send it to the filter, thereby making that filter smarter over time, as well as giving it the ability to "learn" as spam techniques develop. The rights of users to send and receive email must not be compromised for quick and dirty ways to limit unsolicited bulk email. Neither misguided and ignorant legislation, nor collusive, high pressure protection schemes, have a legitimate function or place in our online future. The Constitution, and the promise of a free, open Internet that exists for and is controlled by its participants, requires us to do better. - end - _________________________________________________________________ EFF Comments On W3C's Draft Patent Policy Staff Technologist's Letter to Patent Policy Working Group Dear W3C Patent Policy Working Group Members: The Electronic Frontier Foundation (EFF), the leading civil liberties organization working to protect rights in the digital world, submits the following comments on the PPWG's draft patent policy. In general, the draft policy of August 16 makes progress in addressing the thorny patent issues standards groups may encounter. We join other commentators, for example, in supporting the proposed Disclosure Obligations in Section 7 of the draft. We focus our attention on the most controversial provision, Section 5.2, which creates a RAND ("reasonable-and-non-discriminatory") licensing mode for W3C Working Groups. Adopting this policy would mean that, for the first time, W3C would have a formal mechanism for promoting some patent-encumbered web standards -- with the knowledge that these standards could not be implemented by everybody. As WWW inventor Tim Berners-Lee observes in _Weaving the Web_, "patents ... are a great stumbling block for Web development. ... Small companies may be terrified to enter the business [in the face of patent claims]." Because of its harmful effects on smaller organizations, and the resulting risks to openness and interoperability on the web, we urge W3C to reconsider its support for a RAND licensing mode. The draft policy notes that participants in a standards body will be unwilling and unable to work collaboratively if, at the end of the process, the jointly-developed standard can only be implemented by meeting licensing terms that are unduly burdensome, unknown at the beginning or even the end of the design process, or considered unreasonable. This uncertainty is a significant risk to standards development, but participants are not the only beneficiaries of the process (nor the only parties whose support is called for). Where a standards body undertakes to develop public standards for general use -- clearly the aim of W3C standards work -- the larger community of prospective users and implementors also has a deep interest in standards' licensing terms. As the policy continues, this community has a "longstanding preference for Recommendations that can be implemented on a royalty-free (RF) basis". This "preference" must not be treated lightly; it has been essential to the success of the World Wide Web and the Internet as a whole, and one of the key features setting the Web apart from closed, proprietary content-delivery systems. Royalty-free web standards have provided the raw material for an explosion of creativity and the development of diverse but interoperable implementations. For many members of the web community, the RF licensing tradition is not merely a "preference", but a requirement. Royalty-based technology licensing, whether "discriminatory" or "non-discriminatory", grew up amidst large commercial players, who could typically afford a sizable licensing fee, accepting it as a cost of doing business. As you know, the World Wide Web community is much more diversified. It includes tiny startups, multinational corporations, individuals, non-profit organizations, consortia, libraries and archives, among other kinds of entities. Many of these participants are ill-equipped to cope with the one-size-fits-all world of RAND licensing, and have very different notions of what is "reasonable" or even "non-discriminatory". Much of the software which runs today's web is open source, like the W3C's own reference implementations. The world's most popular HTTP server package, Apache, is a leading example; W3C's own web site is using it, as is EFF's. But although a flat royalty structure might seem perfectly "reasonable" to a large corporation, the Apache Software Foundation -- and Apache licensees -- might well see things otherwise. Prospective implementors are all different, but when any implementor is left behind by a patent licensing system, everyone suffers. The draft policy attempts to distinguish between high-level and low-level web standards, in a largely informal way. Section 2.2, reporting on consensus within the Patent Policy Working Group, draws this distinction: [I]t is especially important that the Recommendations covering lower-layer infrastructure be implementable on an RF basis. Recommendations addressing higher-level services toward the application layer may have a higher tolerance for RAND terms. We agree that openness of infrastructure is particularly important. However, the distinction between infrastructure and higher-level services does not seem to be clearly drawn (nor does the policy appear to implement this consensus view in any specific way, e.g. by categorically forbidding the RAND licensing mode for certain Working Groups deemed "architectural"). Experience has shown that this distinction can be unstable; services once optional often become indispensable. We cannot stress enough that services originally conceived of as applications may eventually -- even rapidly -- come to be seen as infrastructural. For example, HTTP is often used as an example of an extremely high-level network protocol, yet it serves an infrastructural role, in turn, for other protocols like SOAP. We recognize that W3C cannot guarantee that none of its Recommendations will ever be encumbered by patent claims. W3C has no control over third party patent holders who are not W3C members, and there is no way to be absolutely certain that an encumbrance will not appear after a Recommendation has been issued or even implemented. (A troubling example is BT's hyperlink patent, which was definitely not foreseen as a risk to implementors of WWW user agents.) However, this does not mean that W3C should allow its members to use the W3C Recommendation process to knowingly promote encumbered technologies as public standards! W3C does have the ability to decline to endorse a standard where it is already aware of licensing problems (e.g. through the proposed disclosure requirements). It seems that the community strongly expects W3C to use that ability, and to preserve the existing RF tradition in the eventual W3C Patent Policy. EFF thanks W3C for extending the comment period and for the opportunity to comment on this draft. Please do not hesitate to contact us for any further information or clarification. Sincerely, Seth Schoen EFF Staff Technologist - end - _________________________________________________________________ EFF Participates in FMC's Panel Discussion on Digital Music Future of Music Coalition to Conduct Discussion/Music Program in Berkeley - Wednesday, October 24th WHO: ~Jenny Toomey - Executive Director, Future of Music Coalition and performing artist ~Brian Zisk - Serial entrepreneur focusing on digital music, open source, and distribution technologies. ~Fred von Lohmann - Senior Staff Attorney, EFF WHAT: Panel discussion of issues related to digital music on the net, including copyright law, royalty collection in the digital realm, the protection of copyrighted work through encryption and watermarking, and the use of legislation and lawsuits to protect established business models. These issues, which are often reported in the media as centralized struggles between isolated business interests, need to be understood in the light of their larger impact on creators and citizens. Following the discussion portion of the program, there will be a live musical performance by Jenny Toomey. WHEN: Wednesday, October 24, 2001, 12:30 pm - 4:00 pm WHERE: Boalt Hall Law School, UC Berkeley Campus Room: Booth Auditorium Corner of Bancroft Way and Piedmont Ave., Berkeley, CA 94720 Tel: 510-642-8073 email: ltrask@law.berkeley.edu SPONSORED BY: Electronic Frontier Foundation, Berkeley Center for Law & Technology, and School of Information Management and Systems This event is free and open to the general public. For more information, contact Larry Trask as the Berkeley Center for Law & Technology (510-642-8073, ltrask@law.berkeley.edu) - end - _________________________________________________________________ Announcing the EFF Contest of the Century! You've been diligently reading all of those EFFectors and scouring the EFF website for those gems of information about topics such as online free speech, privacy, and intellectual property. Well, here is your chance to test your knowledge and have some fun trying to win a prize! A few lucky winners will receive recognition on the EFF contest web page and a vintage EFF T-shirt as a prize for being the first few to deliver the correct answers to the contest questions displayed at http://www.eff.org/cgi-bin/contest/contest.html Please note that those under 13 years of age and anyone employed by EFF are not eligible to participate. EFF thanks DMH for coding the contest Perl scripts. The contest will run for one week or until the next EFFector announcing the contest winners, whichever comes first. It's a great way to learn about the work EFF does and a chance to win - end - _________________________________________________________________ EFF Thanks CoffeeCup Software, Inc. The Electronic Frontier Foundation gives a warm thank you to Angel Chavez and CoffeeCup Software ( http://www.coffeecup.com ) for their kind donation of the CoffeeCup HTML Editor To EFF. CoffeeCup Software, Inc. was founded in 1996, and has many software web products including HTML editors for both the Linux and MS platforms. The software uses no proprietary coding. - end - _________________________________________________________________ Administrivia EFFector is published by: The Electronic Frontier Foundation 454 Shotwell Street San Francisco CA 94110-1914 USA +1 415 436 9333 (voice) +1 415 436 9993 (fax) http://www.eff.org/ Editors: Katina Bishop, EFF Education & Offline Activism Director Stanton McCandlish, EFF Technical Director/Webmaster editors@eff.org To Join EFF online, or make an additional donation, go to: http://www.eff.org/support/ Membership & donation queries: membership@eff.org General EFF, legal, policy or online resources queries: ask@eff.org Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements & articles may be reproduced individually at will. To subscribe to or unsubscribe from EFFector via the Web, go to: http://www.eff.org/signup/mailserv.html To subscribe to EFFector via e-mail, send to majordomo@eff.org a message BODY (not subject) of: subscribe effector The list server will send you a confirmation code and then add you to a subscription list for EFFector (after you return the confirmation code; instructions will be in the confirmation e-mail). To unsubscribe, send a similar message body to the same address, like so: unsubscribe effector (Please ask listmaster@eff.org to manually remove you from the list if this does not work for you for some reason.) To change your address, send both commands at once, one per line (i.e., unsubscribe your old address, and subscribe your new address). Back issues are available at: http://www.eff.org/effector To get the latest issue, send any message to effector-reflector@eff.org (or er@eff.org), and it will be mailed to you automatically. You can also get, via the Web: http://www.eff.org/pub/EFF/Newsletters/EFFector/current.html _________________________________________________________________