July 2018 - cypherpunks-legacy

EDRi-gram newsletter - Number 10.23, 5 December 2012
by EDRi-gram 06 Jul '18

06 Jul '18

====================================================================== EDRi-gram biweekly newsletter about digital civil rights in Europe Number 10.23, 5 December 2012 ======================================================================= Contents ======================================================================= 1. European domain names under siege 2. International coalition calls for withdrawal of Dutch hacking plans 3. Lobbying DP Regulation: European Banking Federation as an example 4. Chisugate: Copyright blackmail in Finland 5. Russia: Pussy Riot's videos declared illegal on the Internet 6. Netherlands: legislation for forced decryption announced 7. German government proposes extended tracking of Internet users 8. Danish opposition wants to abandon the illegal medicine site blocking 9. ENDitorial: What could possibly go wrong? 10. Recommended Reading 11. Agenda 12. About ======================================================================= 1. European domain names under siege ======================================================================= On 26 November 2012, 132 or 133 domain names were seized by the U.S. Immigration and Customs Enforcement's Homeland Security Investigations (ICE) in collaboration with the Europol and national law enforcement authorities. The seized domains were supposed to have illegally sold counterfeit products on the Internet online. The common press release of the ICE and Europol not only does not agree on the correct number of the domain names seized (132 on the ICE website or 133 on the Europol website), but also does not seem to know the difference between trademark and copyright ("the copyright holders confirmed that the purchased products were counterfeit" or "banner that (...) educates them about the federal crime of willful copyright infringement.") The US law enforcement authorities have seized domains before but this is the first time that European ccTLDs such as .be, .eu, .dk, .fr, .ro, or .uk. have been involved. The authorities have not released the list of the 31 European domain names involved in the action, but Torrentfreak already identified some of those sites, such as: chaussuresfoot.be, chaussurevogue.eu or eshopreplica.eu. The official press release talks about "a great example of the tremendous cooperation" that "enables us to go after criminals who are duping unsuspecting shoppers all over the world." But there is no information if the domain name holders were actually identified and accused of an IPR infringement in a penal case. Or, if a court order was required to shut down the website. Or, if the website was actually targeting the US Market, so that the US authorities be involved. Just a few days later, on 30 November 2012, several BitTorrent sites including Torrentz.eu, Fenopy.eu and BTscene.eu found their .EU domains put on hold by EURid, the European Registry of Internet Domain Names. b This domain name has been registered and is on hold. It is active but may not be traded or transferred pending the outcome of legal activity,b say EURidbs notes. EURid has made no further public comments, but informed the domain names holders that the action was made "upon request of the Belgian Public Prosecutor following notification of pending legal proceedings in respect of the website" without wanting to give any details regarding the legal proceedings involved. DDL linking sites Sceper.eu and Downextra.eu, torrent site RealTorrentz.eu, and streaming links sites WatchSeries.eu and ChannelCut.eu are also in a similar situation. All these sites appear in the first few pages of Googlebs Transparency Report which means that they are associated with a rather high number of takedown requests. It seems that now, only three sites on Googlebs report have not, at least not yet, been put on hold. In another news on torrent domain names, Torrentreactor.net and Torrents.net domain names and IP-addresses are to be blocked by all ISPs in Italy following a local court injunction. Websites selling counterfeit merchandise taken down by authorities in Europe and the USA (26.11.2012) https://www.europol.europa.eu/content/press/websites-selling-counterfeit-me… BitTorrent Site Owners Fear European Domain Name Seizures (27.11.2012) http://torrentfreak.com/bittorrent-site-owners-fear-european-domain-seizure… Top BitTorrent Sites Have Domains Put On Hold Pending Legal Action (1.12.2012) https://torrentfreak.com/top-bittorrent-sites-have-domains-put-on-hold-pend… Italian Court Orders Nationwide Block of TorrentReactor and Torrents.net (4.12.2012) http://torrentfreak.com/italian-court-orders-nationwide-block-of-torrentrea… ======================================================================= 2. International coalition calls for withdrawal of Dutch hacking plans ======================================================================= An international coalition of more than 40 civil rights organizations and security experts have expressed their b grave concernsb about a Dutch proposal to break into foreign computers and search and delete data. In a letter handed over to the Dutch minister of Security and Justice by Dutch digital rights organization Bits of Freedom on Monday 3 December 2012, the coalition urgently calls upon the minister to withdraw his proposal. According to the international coalition, the proposal poses serious risks to the human rights and cybersecurity of individuals worldwide. This is aggravated by the fact that countries will likely follow the initiative of the Netherlands. This will lead to a situation where countries will enforce their local laws on foreign computers. These local laws would not solely address cybercrime, but also issues deemed illegal in other countries, such as blasphemy and political criticism. The coalition therefore strongly urges the minister to withdraw his proposal. The letter is signed by more than 40 members of the civil society. These include civil rights organizations such as the Electronic Frontier Foundation (US), Privacy International (UK), the Chaos Computer Club (Germany) or EDRi. In addition, renowned security-experts and software developers Bruce Schneier (US), Richard Stallman (US) and Ron Deibert (Canada) signed the letter. The proposal will be debated in the Dutch parliament on Thursday, 6 December 2012. The letter is then likely to be discussed, as it received broad media coverage. If you are interested in the outcome, please mail directly to simone.halink(a)bof.nl. EDRi-gram: Dutch proposal to search and destroy foreign computers (24.10.2012) http://www.edri.org/edrigram/number10.20/dutch-proposal-state-spyware Dutch plans to remotely conduct searches and delete data on foreign computers (30.11.2012) https://www.bof.nl/live/wp-content/uploads/20121203-Sign-on_proposal_Opstel… (Contribution by Simone Halink - EDRi member Bits of Freedom, Netherlands) ======================================================================= 3. Lobbying DP Regulation: European Banking Federation as an example ======================================================================= With the discussions on the proposed General Data Protection Regulation moving forward, lobbyists in Brussels are working overtime. One example is the European Banking Federation (EBF), which submitted a letter outlining its position and proposed changes to the text to MEPs. A public version is available on the EBF's website. EDRi has also seen the complete version with proposed amendments ready for copy&paste. Quite a few of these amendments have been tabled word-for-word in the IMCO Committee. In short, the EBF wants weaker obligations on data breach notification, implicit consent, lower fines, more profiling and more grounds for lawful processing: a) processing of data taken from publicly available lists or documents which should always be lawful; b) processing "necessary to defend an interest, collecting evidences as judicial proofs or file an action". In a bit more detail, the EBF wants controllers to be able to use "implicit" consent b no specific reasons are given for their unwillingness or inability to ask for explicit consent for processing personal data. Likewise, it wants to remove the provisions saying that consent is required in situations where there is a significant imbalance between the controller and data subject. Here, at least a reason is given, namely that this could apply to banks. Another proposal is to cut the fines data protection authorities can impose on controllers who break the law b the Commission proposal had 1 million Euro or 2% of global annual turnover for companies as the upper limit for the most egregious breaches. The EBF proposes to remove the second part, claiming that such fees would be disproportionate. Additionally, the EBF wants to make it easier to allow profiling. Their arguments are that sometimes profiling customers is imposed by anti-money-laundering laws, sometimes it makes sense for the banks to do it, e.g. before approving real-estate loans, and finally, they argue, it can sometimes be in the customer's interest. So, looking at the Commission's proposal, when would profiling be allowed? If it is expressly authorised by law; when it is carried out in the course of entering into a contract; when it is based on the data subject's consent b which would be easily obtainable for profiling measures that are supposedly in their interest. So, while legitimate cases would already be allowed, the EBF wants to push it further, to allow profiling when neither the customer nor the law have approved it. In some cases, the proposed changes also stem from a simple misunderstanding of the proposal. For example, the EBF proposes excluding the right to erasure, if there is a legal obligation for the controller to keep the data. Sounds sensible. So sensible in fact, that the Commission proposal contains a provision doing exactly this, just two paragraphs below in the same Article! There are more examples of such proposed changes duplicating rules that are already in the proposal. Such changes would not help the text's clarity, and could cause further misunderstanding when it will be applied in practice. One would imagine that industrial lobbyists would be lobbying for more legal clarity and not less. The bottom line is that some of the proposed amendments seriously weaken consumer protection, while others are based on a faulty understanding of the text, introducing provisions that are not needed and undermining the clarity of the Regulation. One would hope that this would not get the EBF far, especially in the European Parliament Committee charged with consumer protection. Think again. Many of its proposals on reasons for lawfulness, consent, profiling, data subject rights, and fees have simply been copied and pasted by several MEPs into their amendments. Whether these amendments will be carried remains to be seen. But already the fact that they were tabled shows how easily lobbies b even with proposed changes that sometimes simply do not make sense b can influence the political process. This was just one lobby group. There are many, many more. Brussels is awash with data b protectionb lobbying, misunderstandings and misinformation. Whether the fundamental right to privacy of 500 million Europeans will survive this onslaught is anyone's guess. As usual, EDRi is chasing around the corridors trying to redress the balance. EBU lobbying letter http://www.ebf-fbe.eu/uploads/D1391E-2012%20-%20EBF%20letter%20to%20Members… EDRi's website on the Regulation http://protectmydata.eu (Contribution by EDRi intern - Owe Langfeldt) ======================================================================= 4. Chisugate: Copyright blackmail in Finland ======================================================================= In the spring of 2012, in Finland, the father of a young girl received what amounted to a blackmail letter from a copyright lawyer. The letter demanded the payment of 600 Euros as damages for having distributed copyright-protected music recordings. The letter also demanded that the father sign a non-disclosure agreement regarding the matter. The father contacted the lawyer and denied having distributed any copyrighted material. He explained that his daughter, who had been nine years old at the time of the so-called crimes, had tried to download some songs of her idol, the Finnish artist called Chisu. The girl had been saving money in order to buy Chisu's latest CD, but was impatient to hear some songs from the album already, and so her dad showed her how to write the appropriate keywords in search engines. Despite her attempts, the girl only managed to download something that did not play. Soon after that the father bought the CD for the girl. In November 2012, something unbelievable happened. Two police officers with a search warrant entered the home of the family and seized the girl's computer. The police officers also suggested the father pay up "to make things easier for everyone involved" because they would immediately drop the matter if he did. Even the Finnish Copyright Information and Anti-Piracy Centre (TTVK ry, a private association of the copyright industry) has admitted that the identity of a person who shares copyrighted material online cannot be ascertained, and that, in Finland, the threat letters are sent to the owner of the Internet connection. The owner of the connection is the one who risks being subjected to a search and seizure of property. TTVK also says that the majority of people who have received these letters have agreed to the non-disclosure and payments demanded of them. The amounts are smaller than in the US, but still hefty. Shocking but true, apparently a copyright holder can demand mafia-style payments from ordinary people who are told to hand over their money and shut up or otherwise the police might come and take away their computers. TTVK has openly admitted that the aim of the letters is to threaten other downloaders. The disturbing incident was covered in the Finnish online and printed press, and made international headlines. In his detailed Facebook post about the incident, the father makes it clear that he has supported artists in many ways for his entire life, but as a result of the unethical practices of the copyright industry he has come to question the sanity of the copyright enforcement system. After the incident had become a major PR headache for the copyright lobby, the matter was settled out of court between the father and TTVK, and the father apparently agreed to pay half of the originally demanded amount (300 Euros). After this, the seized laptop is being returned to its owner. Electronic Frontier Finland (Effi) filed a request to investigate the actions of the Helsinki district court and the police with the parliamentary ombudsman. According to the court papers, TTVK only had evidence that one music album had been downloaded from the IP address which belonged to the father. The court interpreted this as constituting significant ongoing damage to the copyright holder and ordered the ISP to reveal the identity of the user of the IP address to TTVK. In the opinion of Effi, this is an overreaching interpretation of the Finnish copyright law. The police "planned the search and seizure carefully" (in their own words) but failed to act in proportion to the alleged damage: they should have only copied the contents of the laptop for evidence instead of seizing the whole device. Additionally, as police resources are limited nowadays, carrying out a search and seizure operation in a minor case like this has probably delayed the investigation of more important cases. Antipiracy Center in Finland http://antipiracy.fi/inenglish/ Payment demand for child's downloading part of a strike against piracy - majority paid without resisting (only in Finnish, 21.11.2012) http://ylex.yle.fi/uutiset/popuutiset/lapsen-latailusta-saatu-maksumaarays-… Payments of hundreds of euros for illegally downloading Chisu's album (only in Finnish, 2.12.2012) http://www.aamulehti.fi/Kotimaa/1194722011272/artikkeli/satojen%20eurojen%2… Post on Facebook from the father (only in Finnish, 20.11.2012) http://www.facebook.com/aki.w.nylund/posts/10151139041245079 Request to investigate the actions of Helsinki district court and the police in so-called Chisugate (only in Finnish, 27.11.2012) http://www.effi.org/kirjeet/121127-effi-tutkintapyynto-chisugate.html Anti-piracy group takes child's laptop in Finland (30.11.2012) http://www.bbc.co.uk/news/technology-20554442 (Contribution by Otso Kassinen and Timo Karjalainen - EDRi member Electronic Frontier Finland) ======================================================================= 5. Russia: Pussy Riot's videos declared illegal on the Internet ======================================================================= A Moscow-based court has ruled on 29 November 2012 that four videos of the already famous dissident punk band Pussy Riot are extremist and therefore should be banned on the Russian Internet. The court said that all the Russian websites that do not comply with this obligation could pay a fine of up to approx. 2500 Euro (100 000 roubles). Prosecutors took up the case on the request of State Duma member Alexander Starovoitov, from the Liberal Democratic Party of Russia. The court refused to allow the participation in the hearing of the one member of the punk band that was not convicted. Yekaterina Samutsevich, was freed last month after a court suspended her sentence. A Google representative confirmed that they would block the content on YouTube in Russia after they would receive the court order information. Under the Russian law, providers who host forbidden content are subject to criminal prosecution. "Whatever you think about these videos, they have become a part of the history of this country. Just as in old times, we burned books. Now we are deleting video clips which have undoubted historic significance." commented Russian blogger and analyst Oleg Kozyrev to the Radio Free Europe. The extremist nature of the videos was explained by the fact that it offended the Orthodox Christians, by shooting the anti-Putin performance video at Moscowbs main Russian Orthodox cathedral. This is why probably a spokesman for the Russian Orthodox Church welcomed the ruling. The ruling "violates the right to freedom of expression and shows the continued failure of the Russian justice system to protect political and artistic dissent," said Dr Agnes Callamard, Executive Director of the EDRi member ARTICLE 19, and explained that "the Russian government is trying to hide its attacks on democracy, claiming that the punk prayer which mocks the corrupt relationship between Putin and the church's patriarch is an attack on religious believers". The ruling should be enforced starting with 1 January 2013, but could be appealed. It is not clear who may appeal, though, after the spokeswoman for Moscow's Court, told journalists that Samutsevich has no right to appeal the court's decision because she did not take part in the hearing. But the Russian authorities might aim at more rules on the Internet. During the joint news conference held in Paris on 27 November 2012 by Russian Prime Minister Dmitry Medvedev and French Prime Minister Jean-Marc Ayrault, Medvedev was asked a question of legislative scrutiny with regard to internet regulation in Russia. In his reply, the Russian prime minister admitted that the current legislation regulating the Internet is b imperfectb and called upon the international community to b consider parameters to regulate the operation of the internet on the national or international level.b He also noted that the Russian Internet legislation b should not be referred to as repressive because not a single online source has been blocked or cut off during the enforcement of this legislation.b Moscow court orders removal of bextremistb Pussy Riot online videos (3.12.2012) http://netprophet.tol.org/2012/12/03/moscow-court-orders-removal-of-extremi… Moscow Court Designates Pussy Riot Videos As 'Extremist' (3.12.2012) http://www.rferl.org/content/pussy-riot-video-extremist-russia/24784613.html Moscow Court Finds Pussy Riot Video 'Extremist' (29.11.2012) http://en.rian.ru/russia/20121129/177815365.html Special Report On Russia: Enforcement Against Online Copyright Infringement (3.12.2012) http://www.ip-watch.org/2012/12/03/special-report-on-russia-enforcement-aga… Transcript of the Medvedev- Ayrault common press conference (27.11.2012) http://government.ru/eng/docs/21621/ Russia: Pussy Riot bpunk prayerb video banned (30.11.2012) http://www.article19.org/resources.php/resource/3547/en/russia:-pussy-riot-… ======================================================================= 6. Netherlands: legislation for forced decryption announced ======================================================================= The Dutch Minister of Justice has sent a letter to the House of Representatives announcing a proposal for legislation that will allow the police to force a suspect to decrypt information that is under investigation in a case of terrorism or sexual abuse of children. The Minister has ignored all major conclusions and recommendations set forth in the report commissioned by his department. The Dutch House of Representatives has urged the Minister of Justice to investigate the feasibility of such injunction. The Parliament felt these extra powers to be necessary after the media reported that the police was having difficulties accessing encrypted information on the computer of someone suspected of sexually abusing children. However, there has been no supporting evidence that this is a structural problem. Last year, the minister agreed to investigate the feasibility of such an order. He promised to look into the reconcilability with the privilege against self-incrimination, experiences of other countries in implementing such legislation and technical developments. A comprehensive report was sent to the Parliament last week, accompanied with the announcement of a legislative proposal. The report states that, although such an injunction will always be an infringement on the privilege against self-incrimination, this privilege does not preclude such an injunction as there may be a legitimate interests at stake. The report sets out that the European Court of Justice considers four criteria to determine whether a forced decryption is acceptable. These criteria are: i) the nature and extent of the coercion, ii) the public interest, iii) the presence of relevant safeguards, and iv) the way in which the decrypted information is used. The research also looks into the use of similar powers in other countries. The United Kingdom has an extensive regulation with quite some safeguards for legal protection. France has a similar law and in the United States the enforced decryption is defined by case law. However, these legal systems differ from those in the Netherlands considerably. As a result, the experiences from these countries cannot easily be translated to the Dutch legal system. The research also examined the enforceability and developments in technology. It finds that the use of encryption is rising and that the concept of b plausible deniabilityb makes it hard to prove the existence of encrypted information in the first place. The researchers doubt the effectiveness of the proposed powers when used against serious criminals. Such an injunction will only work against petty criminals. The research concludes with three proposals, apart from maintaining the status quo. One option would be to codify the procedure for such an injunction, but not to penalize refusal by the suspect. Alternatively, one could penalize the use upon the refusal. This last proposal comes in two flavours: one in which the unencrypted information is used excluded from the suspect's case and one in which the information may be used against the suspect as well. Based on this research, the Minister has now announced a proposal for legislation that will allow the police to force a suspect to decrypt information that is under investigation in a case of terrorism or sexual abuse of children. The suspect will be penalized if he refuses to provide access to the information. The Minister does not want to let room for exclusion of evidence. The Ministry has thus ignored all major conclusions and recommendations of the report. Letter of Minister of Justice to the House of Representatives, announcing legislation to allow police to force a suspect to decrypt information (only in Dutch, 28.11.2012) http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/kamerstukke… Research: forced decryption and the privilege against self-incrimination (only in Dutch, 28.11.2012) http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/kamerstukke… Bits of Freedom: forced decryption will not work and makes the Netherlands more insecure (28.11.2012) https://www.bof.nl/2012/11/28/decryptiebevel-werkt-niet-en-maakt-nederland-… (Contribution by Rejo Zenger - EDRi member Bits of Freedom, Netherlands) ======================================================================= 7. German government proposes extended tracking of Internet users ======================================================================= The German government is proposing an amendment to the Telecommunication Act that would allow law enforcement and intelligence agencies to extensively identify Internet users, without any court order or reasonable suspicion of a crime. The proposed amendment comes as a result of the German Federal Constitutional Court having decided in January 2012 that the rules governing the inquiry of telecommunication data from providers were unconstitutional. The Court found the provisions within the Telecommunication Act granting authorities the right to access such data, as unconstitutional and required additional specific provisions within the relevant specific laws, such as the code of criminal procedure. According to the draft amendment produced by the government, prosecution authorities as well as security and secret services may inquire certain personal data (such as name, address or bank information of customers) collected by telecommunications and Internet providers. Explicit provisions allow the use of a dynamic IP address for the identification of its holder. The amendment also includes a qualified legal basis for inquiry rights of the respective authorities against providers. The identification of IP addresses is not to be limited to a case-by-case basis. Providers are to install electronic data handover interfaces. The government is also planning to grant access to e-mail account passwords as well as to voicebox and mobile phone PIN codes without clearly defining the preconditions to such access. Several civil rights groups expressed concern regarding the draft amendment considering it poses a serious threat to civil liberties. b In the face of the fact that this has the quality of a breach of the privacy of telecommunication, the present draft of a revised disclosure of inventory data contains only insufficient provisions to guarantee the basic rights. It is especially problematic that it lacks the necessity of an injunction issued by a court or a state prosecutor. There has to be a qualified legal basis which fulfils the requirements of the principle of proportionality,b says Henning Lesch, Head of Law & Regulation of eco Association. Revision of Telecommunications Act Constitutional? (2.11.2012) http://international.eco.de/2012/news/revision-of-telecommunications-act-co… New German draft on state authorities' rights to inquiry telecommunications data from providers (11.2012) http://www.linkedin.com/groups/New-German-draft-on-state-4375471.S.181168482 German government to legalize extensive tracking of Internet users (26.11.2012) http://www.vorratsdatenspeicherung.de/content/view/714/79/lang,en/ German version http://www.vorratsdatenspeicherung.de/content/view/714/79/lang,de Draft Amendment (only in German, 19.09.2012) http://www.moenikes.de/ITC/wp-content/uploads/2012/10/2012-09-26_BR_Gesetze… ======================================================================= 8. Danish opposition wants to abandon the illegal medicine site blocking ======================================================================= A majority outside the Danish government parties proposes to abandon blocking access to websites selling illegal medicine. The law (a new revision of the laws regulating selling of medicine etc.) allowing blocking of these sites was passed in May 2011. Since that time, only one website 24hdiet.com, was blocked and new domains selling the same products as 24hdiet quickly appeared (e.g. 24hdiet.net) Now, laws regulating the sale of medicine are being revised again to implement EU directive 2011/62/EU. Enhedslisten party proposed an amendment to the revision to abandon the blocking. The proposal is a result of Enhedslisten spokeswoman, Stine Brix who started the debate on an Etherpad. Questions put to the government were formulated on the Etherpad where and the text of the amendment to abandon the blocking appeared first. There is a majority in the parliament against the blocking from the parties of the previous government that introduced it. The spokeswoman for opposition party Venstre, the biggest party in the Parliament, explains that they have expected the blocking to work, but it turned out not to be effective and now she wants to focus on customs and international cooperation. The spokesman for the Social Democrats (Government Party), Flemming MC8ller Mortensen, said to Information that something had to be done, that was more than a signal, something that they can believe it works. "Because it is really difficult with all the things that can be done on the Internet across borders". This is just about one kind of blocking. For example the blocking of gambling sites is still in effect. But maybe the tide is finally turning in Denmark. DNS-censoring Illegal Pharmaceutical Vendors - 24hdiet.com Blocked (30.09.2012) http://blog.censurfridns.dk/en/node/32 Rollback of DNS Blocking (only in Danish) http://openetherpad.org/b1zz1fEEf4 Majority outside the Government will remove net-blocking for medicine pages (only in Danish, 27.11.2012) http://www.information.dk/318311 (Contribution by Niels Elgaard Larsen EDRi member IT Pol - Denmark) ======================================================================= 9. ENDitorial: What could possibly go wrong? ======================================================================= With the discussions on the proposed General Data Protection Regulation in full swing and the first opinions of some European Parliament Committees in, several themes of proposed changes emerge. One of these can be paraphrased as b we shouldn't bother controllers with too many obligations, they know their stuff and want to do the right thingb. Slightly more elaborate versions of this view have been used to justify amendments aiming to cut documentation obligations, lessen requirements on data breach notifications and information obligations. There also seems to be an undercurrent of b in any case, it's usually not that bad if things go wrongb. Indeed, how bad could it be if things go wrong? And do controllers handle personal data responsibly? A few cases that made headlines in the past years can provide examples. Between 2005 and 2007, Deutsche Telekom used its own traffic data to spy on journalists and trade union members of its own supervisory board in order to stop leaks. According to the head of unit in charge of the spy operation, this happened on behalf of the then-CEO and the chairman of the supervisory board. Since then, this head of unit has been sentenced to 3.5 years of prison, while the former CEO and the chairman of the supervisory board claimed not to have known anything. More recently, whatsapp, a smartphone application for sending text messages which is used around the globe to send more than a billion messages per day, is currently in the news for an astounding row of privacy gaffes. For starters, the service used to send messages without encryption, so that exchanges could be easily spied upon. It seems that whatsapp's developers had been made aware about this security hole the size of a barn door almost a year before they fixed it. Just a month later, another security flaw was uncovered, allowing to take over whatsapp accounts and send messages from compromised accounts using simple tools b there was an app for that. Instead of fixing the problem, whatsapp sent legal threats against the developers of the tools. Now, two and a half months later, this other barn door is still wide open. Between 2002 and 2005 Deutsche Bahn, a railway operator, screened 170 000 of its employees to find out about connections to subcontractors and possible corruption. In 2006 and 2007, it also spied on employees' e-mails to uncover whistleblowers, sifting through up to 150 000 e-mails a day. The company's CEO had to step down over these scandals, while still denying that any wrongdoing had occurred. Later on, investigations confirmed the suspicions and Deutsche Bahn was fined 1.12 Million Euro in 2009. Sounds like a lot? That year, it took Deutsche Bahn about seven hours to make that amount in pre-tax profit. In 2007 to 2010, when sending cars around the world to collect images for its service Street View, Google also collected information on wireless networks to be used to make cell phone localisation more precise. The software used also collected content sent over open WiFi networks, collecting websites visited, passwords, e-mails and other information. Google was not forthcoming in the investigations, first denying that payload data had been collected, then talking about a simple b mistakeb, then blaming it on a rogue developer. In the end, it turned out that the code in question was in fact documented, and that oversight was b minimalb, to quote from the US Federal Communications Commission's investigation report, which fined Google 25 000 USD for stonewalling the investigation. In a different register, police authorities do not fare better. They will be subject to a different text, a proposed Directive that contains more lax rules than the Regulation. Here as well, egregious violations can be found everywhere. For example, officers of the Irish Police (Garda) used police databases for their private interests, for example to run background checks on their daughters' boyfriends. In another case, a police officer used retained telecommunications traffic data to snoop on her ex-partner. Such cases have been discovered again and again over the years, following a usual pattern: they become public, the Data Protection Authority (DPA) investigates and conducts audits, finds wrongdoings, the Garda promises to change, rinses and repeats. In one case, the Garda also adopted a b code of practiceb, endorsed by the DPA. It does not seem to have helped much. In Poland, the police, as well as the anti-corruption office and the domestic intelligence agency, surveyed at least ten journalists of various media between 2005 and 2007, using telecommunications traffic data without court orders or any connection to ongoing investigations. One of the journalists, of the influential Gazeta Wyborcza, wrote several articles about well-known and sometimes controversial actions of the anti-corruption office b the one that later on requested his traffic data. After the case became public, an investigation was launched, but a regional prosecutorbs office claimed to have found no wrongdoing. Only after one of the spied journalists went to court, a meaningful investigation got under way. The court ruled on the case in April 2012, saying that the anti-corruption office violated the journalistbs privacy, as well as the right to protection of journalistic sources. In Dresden, Germany, the local police collected information on more or less every mobile phone call made and SMS sent in the city, in total almost one million connections, at the occasion of an anti-Nazi demonstration. The police justified collecting the information with several offences that occurred at the margins of the demonstration. Saxony's interior minister defended the measure as being b proportionateb, even after it became public that the police also used the data for totally unrelated investigations and had been told to stop this by the local prosecutor's office. Months after being formally reprimanded by Saxony's DPA, the police still used the data. What all these examples, both from the private and the public sector, show is that in many cases, incompetence or lack of oversight lead to unacceptable shortcomings, while in others, it is straight-up malice. In law-enforcement, there seems to be a widespread belief among practitioners that b we're the good guysb, which in turn sometimes leads to abuses. So no, we cannot trusts controllers to know their stuff and to want to do the right thing. And yes, it can be bad if things go wrong. Whatsapp case http://www.h-online.com/security/news/item/Account-theft-still-possible-wit… http://www.h-online.com/security/news/item/WhatsApp-no-longer-sends-plain-t… http://www.h-online.com/security/news/item/WhatsApp-threatens-legal-action-… http://www.h-online.com/security/news/item/WhatsApp-accounts-almost-complet… http://www.androidpolice.com/2012/05/02/whatsappsniffer-shames-whatsapps-pl… Deutsche Telekom case http://www.wiwo.de/5239704-all.html http://www.wiwo.de/5239730.html Deutsche Bahn case http://www.heise.de/newsticker/meldung/Deutsche-Bahn-zahlt-Rekordstrafe-weg… http://www.heise.de/ct/meldung/Bahn-Datenskandal-Arbeitsminister-bekraeftig… http://www.n24.de/news/newsitem_4936517.html http://www.sueddeutsche.de/wirtschaft/spitzel-affaere-bei-der-bahn-tiefense… Google Streetview case http://www.wired.com/threatlevel/2012/05/google-wifi-fcc-investigation/ Irish police case http://www.edri.org/edrigram/number10.21/irish-dpa-police-self-regulation Surveillance of Polish journalists case http://wyborcza.pl/1,76842,8842563,Inwigilacja_dziennikarzy_badana_od_nowa.… http://wyborcza.pl/1,76842,9763653,CBA_i_billingi_dziennikarza__Gazety_.html http://wyborcza.pl/1,75478,11625664,Precedensowy_wyrok__CBA_nie_moze__ot_ta… Dresden police case http://www.taz.de/!73222/ http://www.taz.de/!94114/ http://www.heise.de/newsticker/meldung/Saechsische-Polizei-nutzt-weiter-Mob… (Contribution by EDRi interns Katarzyna Syska and Owe Langfeldt) ======================================================================= 10. Recommended Reading ======================================================================= Do we really want to put the ITU in charge of cybersecurity? (28.11.2012) http://edri.org/ITU-fail http://www.golem.de/news/internationale-fernmeldeunion-un-lassen-itu-blog-w… Northern Ireland Court Orders Facebook to take down b Paedophile Watchb page (30.11.2012) http://inforrm.wordpress.com/2012/11/30/news-northern-ireland-court-orders-… EU urged to choose transatlantic convergence on data protection (5.12.2012) http://www.euractiv.com/infosociety/eu-urged-choose-data-protection-news-51… ======================================================================= 11. Agenda ======================================================================= 27-30 December 2012, Hamburg, Germany 29C3 - Chaos Communication Congress http://events.ccc.de/category/29c3/ 20-23 January 2013, Brussels, Belgium The Power of Information - How Science and Technology can Make a Difference http://www.ThePowerofInformation.eu 23-25 January 2013, Brussels, Belgium CPDP 2013 Conference - Reloading data protection http://www.cpdpconferences.org/callforpapers.html 2-3 February 2013, Brussels, Belgium FOSDEM https://fosdem.org/2013/ 22 February 2013, Warsaw, Poland ePSIplatform Conference: "Gotcha! Getting everyone on board" http://epsiplatform.eu/content/save-date-22-february-2013-epsiplatform-conf… 21-22 March 2013, Malta Online Privacy: Consenting to your Future CfP by 14 December 2012 http://www.onlineprivacyconference.eu/ 6-8 May 2013, Berlin, Germany re:publica 2013 http://www.re-publica.de 25-26 June 2013, Barcelona, Spain 9th International Conference on Internet Law & Politics: Big Data: Challenges and Opportunities. http://edcp.uoc.edu/symposia/idp2013/?lang=en 31 July b 4 August 2013, Geestmerambacht, Netherlands Observe. Hack. Make. - OHM2013 https://ohm2013.org/ 24-27 September 2013, Warsaw, Poland Public Voice Conference 2013 35th International Data Protection and Privacy Commissioners conference http://www.giodo.gov.pl/ ============================================================ 12. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 32 members based or with offices in 20 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-gram. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRi and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring http://flattr.com/thing/417077/edri-on-Flattr - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/mk/vesti/edri - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [liberationtech] Privacy, data protection questions
by Rich Kulawiec 06 Jul '18

06 Jul '18

On Tue, Mar 26, 2013 at 04:24:33PM -0700, Brian Conley wrote: > I generally read most of your comments on this list as I find > them insightful, however in this case, I was struck by your > entirely hostile attitude. You're misreading exasperation and frustration as anger, and you're still focused on style rather than substance. If you think I'm wrong (and of course I might be) then make the case. Show me how someone can keep (let's say) a 1000-phone population in the field secure when there's an adversary actively trying to make them otherwise. ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys(a)stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

FC: Clinton administration takes on Napster in court case
by Declan McCullagh 06 Jul '18

06 Jul '18

The Clinton administration is siding with the entertainment industry in its attempts to shut down Napster. It just filed a 37-page amicus brief in the court case saying Napster can't use the Audio Home Recording Act of 1992 (http://www.virtualrecordings.com/ahra.htm) as a legal shield. The brief says "the activities of Napster's users do not even arguably come within the terms of the statute" and the district court's ruling should be upheld. The Justice Department, the Patent and Trademark Office, and the Copyright Office signed the brief. By way of possible explanation, one of my colleagues has compiled (http://www.wired.com/news/politics/0,1283,38528,00.html) a handy list of entertainment industry contributions to Democrats. :) -Declan ******** http://www.politechbot.com/docs/napster-amicus.html http://www.politechbot.com/docs/napster-amicus.wpd NOS. 00-16401 & 00-16403 IN THE UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT ____________________ A&M RECORDS, INC., et al. Plaintiffs-Appellants, v. NAPSTER, INC., Defendant-Appellant. ____________________ JERRY LEIBER, individually and d/b/a JERRY LEIBER MUSIC, et al., Plaintiffs-Appellants, v. NAPSTER, INC., Defendant-Appellant. ____________________ ON APPEAL FROM THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA ____________________ BRIEF FOR THE UNITED STATES AS AMICUS CURIAE ____________________ DAVID O. CARSON DAVID W. OGDEN General Counsel Assistant Attorney General J. KENT DUNLAP MARK B. STERN SCOTT R. McINTOSH United States Copyright Office Attorneys, Appellate Staff Library of Congress 101 Independence Ave. S.E. Civil Division, Department of Justice Washington, D.C. 20540 601 D Street N.W., Room 9550 Washington, D.C. 20520 ALBIN F. DROST Acting General Counsel Counsel for the United States JUSTIN HUGHES United States Patent and Trademark Office P.O. Box 15667 Arlington, VA 22215 Of Counsel [...] SUMMARY OF ARGUMENT Section 1008 of the Audio Home Recording Act does not protect Napster from the plaintiffs' claims of copyright infringement. Section 1008 was adopted to address a very different phenomenon - the noncommercial consumer use of digital audio recording devices, such as DAT tape decks, to perform "home taping" of musical recordings. Napster's effort to bring itself within the ambit of Section 1008 flouts the terms of the statute and conflicts with the basic policies of the Act. 1. Section 1008 prohibits actions for copyright infringement based on: (1) the manufacture, importation, or distribution of "a digital audio recording device, a digital audio recording medium, an analog recording device, or an analog recording medium"; or (2) "the noncommercial use by a consumer of such a device or medium for making digital musical recordings or analog musical recordings." Although Napster insists that the activities of its users are protected by Section 1008, and that it therefore cannot be held accountable for contributory or vicarious infringement based on those activities, Napster's defense cannot possibly be squared with the actual terms of Section 1008. First, it is undisputed that Napster's users are not using any "device" or "medium" specified in Section 1008, and Section 1008 applies only to consumer use of "such a device or medium." Second, when Napster's users create and store copies of music files on their computers' hard disks, they are not making "digital musical recordings or analog musical recordings" as those terms are defined in the Act. Third, Napster's users are engaged not only in copying musical recordings, but also in distributing such recordings to the public, and Section 1008 immunizes only noncommercial copying ("noncommercial use * * * for making digital musical recordings or analog musical recordings"), not public distribution. Fourth, unlike such copyright provisions as the fair use provision (17 U.S.C. =A7 107), Section 1008 does not designate any use of copyrighted works as non-infringing; it merely bars "action[s] * * * alleging infringement" based on such uses. Assuming arguendo that Napster's users are otherwise engaged in acts of copyright infringement, nothing in Section 1008 purports to render those actions non-infringing, and hence the claims against Napster for contributory and vicarious infringement would remain unaffected even if Section 1008 did apply to Napster's users. 2. The AHRA was intended by Congress to embody a compromise between the music industry on the one hand and the consumer electronics industry and consumer groups on the other. At the heart of that compromise is a quid pro quo: in exchange for allowing noncommercial consumer use of digital audio recording technology (Section 1008), the music industry receives financial compensation (Sections 1003-1007) and protection against serial copying (Section 1002). Permitting Napster to shelter itself behind Section 1008 would defeat this basic statutory quid pro quo: Napster's users would be permitted to engage in digital copying and public distribution of copyrighted works on a scale beggaring anything Congress could have imagined when it enacted the Act, yet the music industry would receive nothing in return because the products used by Napster and its users (computers and hard drives) are unquestionably not subject to the Act's royalty and serial copying provisions. Napster asserts that, despite the precision of the language in Section 1008, Congress actually meant to provide immunity for all noncommercial consumer copying of music in digital or analog form, whether or not the copying fits within the terms of Section 1008. Nothing in the legislative history of the Act supports that argument. And nothing in RIAA v. Diamond Multimedia Systems Inc., 180 F.3d 1072 (9th Cir. 1999), the decision on which Napster places principal reliance, supports the argument either. Section 1008 was not at issue in Diamond Multimedia, and nowhere does the case hold that Section 1008 provides the kind of omnibus immunity for digital copying that Napster invokes here. ARGUMENT SECTION 1008 OF THE AUDIO HOME RECORDING ACT OF 1992 DOES NOT EXCUSE NAPSTER FROM LIABILITY FOR COPYRIGHT INFRINGEMENT Napster asserts that Section 1008 of the Audio Home Recording Act provides its users with immunity from liability for copyright infringement and, in so doing, relieves Napster itself from any derivative liability for contributory or vicarious infringement. The district court was correct to reject that defense. Napster's invocation of Section 1008 is flatly inconsistent with the terms of the statute and the legislative policies that underlie the AHRA. Accordingly, if Napster is otherwise liable under the copyright laws, Section 1008 does not relieve Napster of liability. A. Napster's Immunity Defense Is Foreclosed by the Plain Language of Section 1008 "The 'starting point for interpreting a statute is the language of the statute itself.'" Exxon Mobil Corp. v. United States Environmental Protection Agency, 217 F.3d 1246, 1249 (9th Cir. 2000) (quoting Consumer Product Safety Commission v. GTE Sylvania, Inc., 447 U.S. 102, 108 (1980)). Napster's discussion of Section 1008 is notably selective about following this rule. Napster correctly points out that the introductory language of Section 1008 - "[n]o action may be brought under this title alleging infringement of copyright" - makes Section 1008 potentially applicable to any infringement action under Title 17, not just an action under the AHRA itself. But Napster conspicuously fails to address the remaining language of Section 1008, and makes no effort to explain how that language can be read to protect Napster's users or Napster itself. Napster's reluctance to come to grips with the statutory language is understandable, because the activities of Napster's users do not even arguably come within the terms of the statute. Not only does the language of Section 1008 foreclose Napster's immunity defense, but it does so in four separate and independent ways. Napster's argument thus depends on a wholesale disregard of what Section 1008 actually says. 1. Napster's Users Are Not Using Any of the "Devices" or "Media" Covered by Section 1008 Section 1008 identifies four specific kinds of products whose manufacture, distribution, and noncommercial use Congress wished to shield from actions for copyright infringement. Those products are "[1] a digital audio recording device, [2] a digital audio recording medium, [3] an analog recording device, or [4] an analog recording medium." 17 U.S.C. =A7 1008. Section 1008 prohibits actions for copyright infringement based on "the manufacture, importation, or distribution" of these four types of devices and media. Section 1008 also prohibits actions for copyright infringement based on "the noncommercial use by a consumer of such a device or medium" for making digital or analog musical recordings. Nothing in the language of Section 1008 purports to grant manufacturers, distributors, or consumers any immunity with respect to products other than the devices and media specified in Section 1008 itself. To the contrary, if an action for infringement does not involve the specified devices or media, it falls outside the scope of Section 1008 altogether. By its terms, Section 1008 protects consumers only from infringement actions that are based on "noncommercial use * * * of such a device or medium" (emphasis added). If an infringement action rests on consumer use of other products, Section 1008 on its face has no applicability to such an action. In this case, the plaintiffs' copyright claims are not based on the use of any of the devices or media covered by the terms of Section 1008. Napster's users exchange music by using personal computers to locate and transfer files from one computer hard disk to another. Neither a personal computer nor its hard disk constitutes "a digital audio recording device, a digital audio recording medium, an analog recording device, or an analog recording medium." Napster itself does not suggest otherwise. The terms "digital audio recording device" and "digital audio recording medium" are specifically defined in the Act. A "digital audio recording device" is defined, with exceptions not relevant here, as any machine or device "the digital recording function of which is designed or marketed for the primary purpose of, and that is capable of, making a digital audio copied recording for private use." 17 U.S.C. =A7 1001(3) (emphasis added). A "digital audio recording medium" is defined (again with inapplicable exceptions) as "any material object * * * that is primarily marketed or most commonly used by consumers for the purpose of making digital audio copied recordings by use of a digital audio recording device." Id. =A7 1001(4)(A) (emphasis added). This Court has already held that the statutory definition of "digital audio recording device" does not reach personal computers and their hard drives. RIAA v. Diamond Multimedia Systems Inc., 180 F.3d 1072, 1078 (9th Cir. 1999). Although personal computers are "capable of" making "digital audio copied recordings," neither they nor their hard drives are "designed or marketed for the primary purpose of" making such recordings. Ibid. For similar reasons, hard drives fall outside the statutory definition of "digital audio recording medium," since they are not "primarily marketed or most commonly used * * * for the purpose of" making such recordings. Unlike "digital audio recording device" and "digital audio recording medium," the terms "analog recording device" and "analog recording medium" are not expressly defined in the Act. Congress presumably had in mind the analog counterparts to digital audio recording devices and media - for example, traditional analog tape decks and analog recording tapes. Whatever the precise scope of these terms, however, they cannot encompass personal computers and their hard drives, because computers process and store information in digital rather than analog form. Thus, Napster users are not even arguably using any of the devices and media referred to in Section 1008. 2. Napster's Users Are Not Making "Digital Musical Recordings" Or "Analog Musical Recordings" Section 1008 protects the noncommercial consumer use of digital and analog recording devices and media for making "digital musical recordings or analog musical recordings." 17 U.S.C. =A7 1008. Even if Napster's users were using the specified devices or media, they are not making "digital musical recordings" or "analog musical recordings." Their activities fall outside the scope of Section 1008 for that reason as well. The Act defines a "digital musical recording" as "a material object * * * in which are fixed, in a digital recording format, only sounds, and material, statements, or instructions incidental to those fixed sounds, if any * * * ." 17 U.S.C. =A7 1001(5)(A)(i) (emphasis added). The definition goes on to exclude, among other things, "a material object * * * in which one or more computer programs are fixed * * * ." Id. =A7 1001(5)(B)(ii). Napster's users copy music files to their computers' hard drives. Hard drives store data of all kinds, from word processing files to multimedia files, and they ordinarily store computer programs as well. As a result, hard drives fall outside the statutory definition of "digital musical recording" in two respects: first, they are not objects in which "only sounds" are "fixed," and second, they are objects in which "one or more computer programs are fixed." See Diamond Multimedia, 180 F.3d at 1076 ("a hard drive is a material object in which one or more programs are fixed; thus, a hard drive is excluded from the definition of digital musical recordings"). Unlike "digital musical recording," "analog musical recording" is not a defined term under the Act. However, just as a computer's hard drive cannot be an "analog recording medium" (see p. 15 supra), neither can it be (or be used to store) an "analog musical recording," because hard drives store data in digital rather than analog form. Thus, Napster's users cannot be claimed to be making either "digital musical recordings" or "analog musical recordings" - and if a consumer is not making a digital or analog musical recording, the terms of Section 1008 do not provide him with any immunity. 3. Section 1008 Provides Immunity Only for Noncommercial Copying, Not for Public Distribution The Copyright Act grants the owner of a copyright a number of distinct legal rights. See 17 U.S.C. =A7 106(1)-(5). The most widely known right is the right of reproduction - the "exclusive right * * * to reproduce the copyrighted work in copies or phonorecords." Id. =A7 106(1). However, the Copyright Act also grants the copyright holder a separate and distinct right of public distribution - the "exclusive right * * * to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending." Id. =A7 106(3). The plaintiffs assert not only infringements on the right of reproduction, but also infringements on the right of public distribution. In the proceedings below, Napster stated that it has at least 20 million users, all of whom are able to use Napster's service to access and download music files containing copyrighted sound recordings. When a Napster user makes the music files on his or her hard drive available for downloading by other Napster users, he or she is distributing the files to the public at large. Cf. Michaels v. Internet Entertainment Group, Inc., 5 F. Supp. 2d 823, 830-31 (C.D. Cal.1998); Playboy Enterprises, Inc. v. Webbworld, Inc., 991 F. Supp. 543, 551 (N.D. Tex. 1997), aff'd mem., 168 F.3d 486 (5th Cir. 1999); Marobie-Fl, Inc. v. Nat'l Ass'n of Fire and Equip. Distributors and Northwest Nexus, Inc., 983 F. Supp. 1167, 1173 (N.D. Ill. 1997). To the extent that Napster users are engaged in the distribution of copyrighted works to the public at large, such activity falls outside the scope of Section 1008. The language of Section 1008 is directed at uses that infringe on the right of reproduction, not at uses that infringe on the right of public distribution. By its terms, Section 1008 only bars infringement actions "based on the noncommercial use" of the specified products "for making digital musical recordings or analog musical recordings" - in other words, for making copies of the music. Section 1008 makes no reference, and provides no possible defense, to infringement claims based on the public distribution of copied works. Thus, even if it were proper to treat the use of Napster's service for the public dissemination of copyrighted music as a "noncommercial" consumer use, which is far from clear, it is not the use at which the terms of Section 1008 are directed - the "making [of] digital musical recordings or analog musical recordings." 4. Section 1008 Does Not Transform Infringing Consumer Uses Into Non-Infringing Ones As the foregoing discussion shows, the language of Section 1008 cannot be read to encompass the activities of Napster's users. But even if Section 1008 did apply to Napster's users, it would not provide Napster itself with a defense to liability for contributory or vicarious infringement. That is because the terms of Section 1008 address only whether consumers can be sued for infringement; nothing in Section 1008 addresses or changes whether they are engaged in infringement. When Congress has chosen to make particular uses of copyrighted works non-infringing, it traditionally has said so expressly. For example, the fair use provision of the Copyright Act provides that "the fair use of a copyrighted work * * * is not an infringement of copyright." 17 U.S.C. =A7 107 (emphasis added). Congress has spoken with equal clarity regarding other uses. See, e.g., id. =A7 108 ("it is not an infringement of copyright" for library or archive to reproduce single copies of works under specified conditions); id. =A7 110 (specified performances and displays of works "are not infringements of copyright"); id. =A7 117 ("it is not an infringement" for owner of copy of computer program to make an additional copy for, inter alia, archival purposes). In contrast, Section 1008 of the AHRA conspicuously does not say that the activities it describes "are not an infringement of copyright." Instead, Section 1008 provides only that "[n]o action may be brought under this title alleging infringement of copyright" based on such activities. The legislative record indicates that this language reflects a deliberate decision by Congress to relieve consumers from the threat of copyright liability without altering the underlying contours of the copyright laws or resolving the legal debate over the legality of home taping. In the words of the Senate Report : [S]ection 1002 [now Section 1008] provides only that certain copyright infringement actions are precluded. The section does not purport to resolve, nor does it resolve, whether the underlying conduct is or is not infringement. The committee intends the immunity from lawsuits to provide full protection against the specified types of copyright infringement actions, but it has not addressed the underlying copyright infringement issue * * * . Senate Report at 52 (emphasis added). Thus, assuming for present purposes that Napster's users are engaged in copyright infringement, their actions would remain infringing even if Section 1008 were applicable to them, since Section 1008 does not purport to address the underlying issue of infringement. And if Section 1008 does not transform the actions of Napster's users into non-infringing uses, then it cannot provide shelter to Napster itself. In invoking Section 1008, Napster has argued that it cannot be liable for contributory or vicarious infringement if its users are not themselves engaged in infringement. Once it is recognized that Section 1008 does not alter whether the consumer uses that it addresses are infringing, Napster's argument falls apart. It is noteworthy in this regard that Section 1008 expressly provides immunity not only for the specified noncommercial consumer use of digital and analog recording devices and media, but also for the manufacture and distribution of such products. Napster's argument assumes that the immunity conferred on consumers is sufficient by itself to preclude liability for contributory or vicarious infringement on the part of the firms whose products are being used. But if that were the case, then there would have been no reason for Congress to include distinct immunity protection for manufacturers in Section 1008 itself, and the manufacturer immunity language in Section 1008 would serve no purpose. Napster's argument thus conflicts with the elementary principle that "legislative enactments should not be construed to render their provisions mere surplusage." Dunn v. CFTC, 519 U.S. 465, 472 (1997). The fact that Congress found it necessary to extend an express statutory grant of immunity to manufacturers, as well as to consumers, confirms that Congress did not regard consumer immunity from suit as sufficient by itself to insulate other parties from liability for contributory or vicarious infringement. B. Napster's Reliance on Section 1008 Is Inconsistent With the Policies Underlying the AHRA In Diamond Multimedia, this Court observed that it "need not resort to the legislative history [when] the statutory language is clear." 180 F.3d at 1076. Given the clarity with which the language of Section 1008 prescribes (and circumscribes) the scope of statutory immunity under the AHRA, and given Napster's manifest inability to bring this case within the language of the statute, resort to the legislative history of the AHRA is therefore unnecessary. Nevertheless, if recourse is had to the legislative history, it reinforces the conclusion that Section 1008 does not protect Napster. Far from advancing the policies of the AHRA, Napster's invocation of Section 1008 is directly contrary to those policies. 1. Napster's Invocation of Section 1008 Upsets the Quid Pro Quo That Underlies the Act The legislative history of the AHRA makes clear that the Act was intended by Congress to embody the compromise agreement reached in 1991 between the music industry on the one hand and the consumer electronics industry and consumer groups on the other. See, e.g., Senate Report at 34 ("the competing parties have, through negotiation and compromise, reached an agreement which all parties involved feel is equitable," and the legislation "reflects this agreement"); House Report at 13, reprinted in 1992 USCCAN at 3583 (the Act "preserves the essentials of the agreement"). As explained above, the compromise underlying the Act involves a basic quid pro quo. In exchange for accepting the marketing of digital audio recording technology and the use of such technology for noncommercial home taping, the music industry receives financial compensation (through the Act's royalty system) and protection against serial copying. This quid pro quo was central to the agreement and the legislation that embodies it. See, e.g., Senate Report at 30 (summarizing the purpose and basic elements of the legislation). Construing Section 1008 to protect Napster would mean repudiating, rather than preserving, the quid pro quo underlying the Act. On the one hand, Napster would be permitted to facilitate the copying and distribution of copyrighted sound recordings on a scale far surpassing the "home taping" that Congress foresaw when it enacted the AHRA. On the other hand, the products employed by Napster and its users - computers and their hard drives -- are not subject to royalty payments (by Napster or anyone else) and are not required to be equipped with anti-serial copying circuitry, because the royalty and serial copying provisions of the Act apply only to "digital audio recording devices" and "digital audio recording media," and as shown above, those terms exclude computers and hard drives. 17 U.S.C. =A7=A7 1002(a), 1003(a), 1004; see p. 15 supra. As a result, the music industry would bear the burdens of the statute without receiving the corresponding benefits. The legislative history makes clear that the Act's exclusion of computers and hard drives was the product of a deliberate choice by Congress. See, e.g., Senate Report at 48 ("a personal computer whose recording function is designed and marketed primarily for the recording of data and computer programs * * * would [not] qualify as a 'digital audio recording device'"). In invoking Section 1008, Napster is inviting this Court to countermand that legislative choice, and to do so in a way that undoes the reciprocal nature of the Act's digital recording provisions. That invitation should be declined. 2. Section 1008 Was Not Intended To Immunize All Consumer Copying of Musical Recordings Section 1008 identifies with precision the consumer activity that Congress meant to shelter from copyright infringement suits: "the noncommercial use by a consumer of such a device or medium for making digital musical recordings or analog musical recordings." 17 U.S.C. =A7 1008. Despite the precision of this language, Napster asserts that Congress actually intended to immunize "all noncommercial consumer copying of music in digital or analog form" (Napster Brief at 20), whether or not the copying comes within the terms of Section 1008. But Napster has identified nothing in the limited legislative history of Section 1008 that supports this argument or overcomes the explicit language of the statute. The following passage from the House Report on the Act is representative of the legislative history regarding Section 1008: Section 1008 covers one of the critical components of the legislation: exemptions from liability for suit under title 17 for home taping of copyrighted musical works and sound recordings, and for contributory infringement actions under title 17 against manufacturers, importers, and distributors of digital and analog recording devices and recording media. In the case of home taping, the exemption protects all noncommercial copying by consumers of digital and analog musical recordings. Manufacturers, importers, and distributors of digital and analog recording devices and media have a complete exemption from copyright infringement claims based on the manufacture, importation, or distribution of such devices. House Report at 24, reprinted in 1992 USCCAN at 3594 (emphasis added). The highlighted references to "home taping" suggest, not surprisingly, that Congress meant to address the problem that gave rise to the AHRA - the introduction and use of DAT tape decks and similar digital taping technology (see pp. 3-5 supra). There is no indication that Congress also meant to cover other kinds of devices and media that fall outside the terms of Section 1008. To the contrary, the legislative history reiterates the message conveyed by the language of the statute itself: Congress meant to "extend[] protection to users of such audio recording devices and media by prohibiting copyright infringement actions based on the use of such devices and media" to make musical recordings. Senate Report at 51 (emphasis added). In short, the legislative history confirms that Congress meant what it said in Section 1008 - and what Congress said cannot be reconciled with what Napster is seeking. 3. The Legislative History of Statutes Other Than the AHRA is Irrelevant In construing the scope of Section 1008, Napster attempts to rely on the legislative history of two statutes other than the AHRA - the Record Rental Amendment Act of 1984 and the Computer Software Rental Amendment Act of 1990. See Napster Brief at 23-24. Napster argues that Congress's treatment of "commercial" lending of phonorecords and computer software under those two statutes is consistent with Napster's reading of Section 1008. The short answer is that this case involves the meaning of the AHRA, not the meaning of other statutes. Napster's invocation of Section 1008 cannot be sustained on the basis of Section 1008's own language and legislative history; a fortiori, it cannot be sustained by resort to the language and legislative history of unrelated statutes. The Record Rental Amendment Act and the Computer Software Rental Amendment Act were both enacted prior to the AHRA, and they address entirely different subjects. Neither their language nor their legislative history purports to address the meaning of Section 1008 in any way. C. Diamond Multimedia Does Not Resolve the AHRA Immunity Question At Issue in This Case Napster suggests that this Court's decision in Diamond Multimedia confirms Napster's reading of Section 1008. It does not. The meaning and applicability of Section 1008 were not at issue in Diamond Multimedia, and nothing that the Court decided in Diamond Multimedia in any way requires the Court to accept Napster's Section 1008 defense in this case. Diamond Multimedia involved a suit under the AHRA by the recording industry against the manufacturer of the Rio portable music player, a "Walkman-like" device that plays MP3 music files. The recording industry claimed that the Rio player is a "digital audio recording device" and therefore is subject to the Act's royalty and serial copying provisions. Based on that claim, the recording industry sought to enjoin the manufacture and distribution of the Rio player and to compel Rio's manufacturer (Diamond) to make royalty payments under the Act. This Court rejected the industry claim, holding that the Rio player does not come within the Act's definition of a "digital audio recording device" and therefore is not subject to the Act's royalty and serial copying requirements. 180 F.3d at 1075-1081. Diamond Multimedia was not an action for copyright infringement. Because Section 1008 of the AHRA applies only to "action[s] * * * under this title alleging infringement of copyright," it was facially irrelevant to Diamond's liability, and Diamond never invoked Section 1008 as a defense. Accordingly, the Court was not called on to decide whether Section 1008 protected Diamond itself, much less whether or how Section 1008 may protect defendants in other cases that (unlike Diamond Multimedia) involve claims of copyright infringement. Napster relies on a single passage from the Court's opinion in Diamond Multimedia: As the Senate Report explains, "[t]he purpose of [the Act] is to ensure the right of consumers to make analog or digital audio recordings of copyrighted music for their private, noncommercial use." S. Rep. 102-294, at *86 (emphasis added). The Act does so through its home taping exemption, see 17 U.S.C. =A7 1008, which "protects all noncommercial copying by consumers of digital and analog musical recordings," H.R. Rep. 102-873(I), at *59. 180 F.3d at 1079 (emphasis in original). To the extent that this passage speaks to the meaning of Section 1008, it is no more than dictum, since Section 1008 was not at issue in the case. In any event, nothing in the passage is in any way inconsistent with the proposition that Section 1008 means what it says. The passage merely quotes excerpts from the House and Senate Reports regarding the purpose of the Act in general and Section 1008 in particular. As shown above, when the legislative history is considered in its entirety, it directly supports, rather than refutes, the conclusion that Section 1008 does not protect Napster or its users. Accordingly, nothing in Diamond Multimedia provides refuge for Napster in this case. CONCLUSION For the foregoing reasons, the district court's holding that Section 1008 of the Audio Home Recording Act does not excuse Napster from liability is correct and should be affirmed. Respectfully submitted, DAVID O. CARSON DAVID W. OGDEN General Counsel Assistant Attorney General J. KENT DUNLAP MARK B. STERN SCOTT R. McINTOSH United States Copyright Office Attorneys, Appellate Staff Library of Congress 101 Independence Ave. S.E. Civil Division, Department of Justice Washington, D.C. 20540 601 D Street N.W., Room 9550 Washington, D.C. 20520 ALBIN F. DROST Acting General Counsel Counsel for the United States JUSTIN HUGHES United States Patent and Trademark Office P.O. Box 15667 Arlington, VA 22215 Of Counsel September 8, 2000 CERTIFICATE OF COMPLIANCE Pursuant to Fed. R. App. P. 29(d)and Ninth Circuit Rule 32-1, I certify that the attached amicus brief is proportionately spaced, has a typeface of 14 points or more and contains 7000 words or less. _________________________ Scott R. McIntosh CERTIFICATE OF SERVICE I certify that on September 8, 2000, I filed and served the foregoing BRIEF FOR THE UNITED STATES AS AMICUS CURIAE by causing an original and 15 copies to be filed with the Clerk of the Court by overnight mail and by causing copies to be served on the following counsel by overnight mail and (where indicated) by fax: Carey R. Ramos Aidan Synnott Michael Keats Paul Weiss Rifkind Wharton & Garrison 1285 Avenue of the Americas New York, NY 10019-6064 (212) 373-3000 (OVERNIGHT MAIL AND FAX) Russell J. Frackman Jeffrey D. Goldman George M. Borkowski Drew E. Breuder Mitchell Silberberg & Knupp 11377 W Olympic Blvd Los Angeles, CA 90064 (310) 312-2000 (OVERNIGHT MAIL AND FAX) William M. Hart Eric J. German Frank P. Schibilia Carla M. Miller Hank L. Goldsmith Leon P. Gold Lawrence L. Weinstein Proskauer Rose LLP 1585 Broadway New York, NY 10036 (212) 969-3000 Hadrian R. Katz (202) 942-5000 Arnold & Porter 555 Twelfth Street, NW Washington, DC 20004 Steven B. Fabrizio 1330 Connecticut Avenue, N.W. Suite 300 Washington, DC 20036 202-775-0101 Lisa M. Arent Melinda M. Morton Michael A. Brille Samuel A. Kaplan William Jackson Seth A. Goldberg Fenwick & West LLP Two Palo Alto Sq Ste 800 Palo Alto, CA 94306 650-494-0600 (BY OVERNIGHT MAIL AND FAX) Laurence F. Pulgram Kathryn J. Fritz Fenwick & West LLP 275 Battery Street 15th Floor San Francisco, CA 94111 415-875-2300 (BY OVERNIGHT MAIL AND FAX) David Boies Boies Schiller & Flexner LLP 80 Business Park Drive Suite 110 Armonk, NY 10504 (914) 273-9800 (BY OVERNIGHT MAIL AND FAX) Albert P. Bedecarre Quinn Emanuel Urquhart Oliver & Hedges, LLP 2479 East Bayshore Road Suite 820 Palo Alto, CA 94303 650-494-3900 Hannah Bentley 394 Scenic Avenue San Anselmo, CA 94960 _________________________ Scott R. McIntosh ----- End forwarded message ----- ------------------------------------------------------------------------- POLITECH -- the moderated mailing list of politics and technology You may redistribute this message freely if it remains intact. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ ------------------------------------------------------------------------- ----- End forwarded message -----

1 0

Re: [liberationtech] Secure Your Domain - Where Is Safe to Register a Domain Name? - Gun.io
by liberationtech＠lewman.us 06 Jul '18

06 Jul '18

On Mon, May 07, 2012 at 11:01:36PM -0700, companys(a)stanford.edu wrote 38K bytes in 699 lines about: : https://gun.io/blog/secure-your-domain-where-is-safe-to-register-a-domain-n… : Secure Your Domain - Where Is Safe to Register a Domain Name? I realize this is just Woody and some guy pontificating late at night, however a more thorough answer would involve the cross-section of MLATs, Military assistance treaties, and global copyright agreements. I know a few people who are registering their domains in countries generally hostile to the US and EU and unlikely to sign an MLAT or any other agreement with businesses based out of either region. For example, if you wanted to start a cool new file sharing site, base it in Iran, Iraq, Cuba, Libya, Syria, Belarus, Zimbabwe, or Burma. This of course means you ignore the human rights issues with these countries. Otherwise you're left with .i2p, .onion, freenet, gnunet, and other alternate root domains like .glue, .pirate, etc from opennic. Or just register domains in many tlds with local in-country registrars and plan for a legal battle at each step of the way. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 _______________________________________________ liberationtech mailing list liberationtech(a)lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

FC: Clinton administration takes on Napster in court case
by Declan McCullagh 06 Jul '18

06 Jul '18

The Clinton administration is siding with the entertainment industry in its attempts to shut down Napster. It just filed a 37-page amicus brief in the court case saying Napster can't use the Audio Home Recording Act of 1992 (http://www.virtualrecordings.com/ahra.htm) as a legal shield. The brief says "the activities of Napster's users do not even arguably come within the terms of the statute" and the district court's ruling should be upheld. The Justice Department, the Patent and Trademark Office, and the Copyright Office signed the brief. By way of possible explanation, one of my colleagues has compiled (http://www.wired.com/news/politics/0,1283,38528,00.html) a handy list of entertainment industry contributions to Democrats. :) -Declan ******** http://www.politechbot.com/docs/napster-amicus.html http://www.politechbot.com/docs/napster-amicus.wpd NOS. 00-16401 & 00-16403 IN THE UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT ____________________ A&M RECORDS, INC., et al. Plaintiffs-Appellants, v. NAPSTER, INC., Defendant-Appellant. ____________________ JERRY LEIBER, individually and d/b/a JERRY LEIBER MUSIC, et al., Plaintiffs-Appellants, v. NAPSTER, INC., Defendant-Appellant. ____________________ ON APPEAL FROM THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA ____________________ BRIEF FOR THE UNITED STATES AS AMICUS CURIAE ____________________ DAVID O. CARSON DAVID W. OGDEN General Counsel Assistant Attorney General J. KENT DUNLAP MARK B. STERN SCOTT R. McINTOSH United States Copyright Office Attorneys, Appellate Staff Library of Congress 101 Independence Ave. S.E. Civil Division, Department of Justice Washington, D.C. 20540 601 D Street N.W., Room 9550 Washington, D.C. 20520 ALBIN F. DROST Acting General Counsel Counsel for the United States JUSTIN HUGHES United States Patent and Trademark Office P.O. Box 15667 Arlington, VA 22215 Of Counsel [...] SUMMARY OF ARGUMENT Section 1008 of the Audio Home Recording Act does not protect Napster from the plaintiffs' claims of copyright infringement. Section 1008 was adopted to address a very different phenomenon - the noncommercial consumer use of digital audio recording devices, such as DAT tape decks, to perform "home taping" of musical recordings. Napster's effort to bring itself within the ambit of Section 1008 flouts the terms of the statute and conflicts with the basic policies of the Act. 1. Section 1008 prohibits actions for copyright infringement based on: (1) the manufacture, importation, or distribution of "a digital audio recording device, a digital audio recording medium, an analog recording device, or an analog recording medium"; or (2) "the noncommercial use by a consumer of such a device or medium for making digital musical recordings or analog musical recordings." Although Napster insists that the activities of its users are protected by Section 1008, and that it therefore cannot be held accountable for contributory or vicarious infringement based on those activities, Napster's defense cannot possibly be squared with the actual terms of Section 1008. First, it is undisputed that Napster's users are not using any "device" or "medium" specified in Section 1008, and Section 1008 applies only to consumer use of "such a device or medium." Second, when Napster's users create and store copies of music files on their computers' hard disks, they are not making "digital musical recordings or analog musical recordings" as those terms are defined in the Act. Third, Napster's users are engaged not only in copying musical recordings, but also in distributing such recordings to the public, and Section 1008 immunizes only noncommercial copying ("noncommercial use * * * for making digital musical recordings or analog musical recordings"), not public distribution. Fourth, unlike such copyright provisions as the fair use provision (17 U.S.C. =A7 107), Section 1008 does not designate any use of copyrighted works as non-infringing; it merely bars "action[s] * * * alleging infringement" based on such uses. Assuming arguendo that Napster's users are otherwise engaged in acts of copyright infringement, nothing in Section 1008 purports to render those actions non-infringing, and hence the claims against Napster for contributory and vicarious infringement would remain unaffected even if Section 1008 did apply to Napster's users. 2. The AHRA was intended by Congress to embody a compromise between the music industry on the one hand and the consumer electronics industry and consumer groups on the other. At the heart of that compromise is a quid pro quo: in exchange for allowing noncommercial consumer use of digital audio recording technology (Section 1008), the music industry receives financial compensation (Sections 1003-1007) and protection against serial copying (Section 1002). Permitting Napster to shelter itself behind Section 1008 would defeat this basic statutory quid pro quo: Napster's users would be permitted to engage in digital copying and public distribution of copyrighted works on a scale beggaring anything Congress could have imagined when it enacted the Act, yet the music industry would receive nothing in return because the products used by Napster and its users (computers and hard drives) are unquestionably not subject to the Act's royalty and serial copying provisions. Napster asserts that, despite the precision of the language in Section 1008, Congress actually meant to provide immunity for all noncommercial consumer copying of music in digital or analog form, whether or not the copying fits within the terms of Section 1008. Nothing in the legislative history of the Act supports that argument. And nothing in RIAA v. Diamond Multimedia Systems Inc., 180 F.3d 1072 (9th Cir. 1999), the decision on which Napster places principal reliance, supports the argument either. Section 1008 was not at issue in Diamond Multimedia, and nowhere does the case hold that Section 1008 provides the kind of omnibus immunity for digital copying that Napster invokes here. ARGUMENT SECTION 1008 OF THE AUDIO HOME RECORDING ACT OF 1992 DOES NOT EXCUSE NAPSTER FROM LIABILITY FOR COPYRIGHT INFRINGEMENT Napster asserts that Section 1008 of the Audio Home Recording Act provides its users with immunity from liability for copyright infringement and, in so doing, relieves Napster itself from any derivative liability for contributory or vicarious infringement. The district court was correct to reject that defense. Napster's invocation of Section 1008 is flatly inconsistent with the terms of the statute and the legislative policies that underlie the AHRA. Accordingly, if Napster is otherwise liable under the copyright laws, Section 1008 does not relieve Napster of liability. A. Napster's Immunity Defense Is Foreclosed by the Plain Language of Section 1008 "The 'starting point for interpreting a statute is the language of the statute itself.'" Exxon Mobil Corp. v. United States Environmental Protection Agency, 217 F.3d 1246, 1249 (9th Cir. 2000) (quoting Consumer Product Safety Commission v. GTE Sylvania, Inc., 447 U.S. 102, 108 (1980)). Napster's discussion of Section 1008 is notably selective about following this rule. Napster correctly points out that the introductory language of Section 1008 - "[n]o action may be brought under this title alleging infringement of copyright" - makes Section 1008 potentially applicable to any infringement action under Title 17, not just an action under the AHRA itself. But Napster conspicuously fails to address the remaining language of Section 1008, and makes no effort to explain how that language can be read to protect Napster's users or Napster itself. Napster's reluctance to come to grips with the statutory language is understandable, because the activities of Napster's users do not even arguably come within the terms of the statute. Not only does the language of Section 1008 foreclose Napster's immunity defense, but it does so in four separate and independent ways. Napster's argument thus depends on a wholesale disregard of what Section 1008 actually says. 1. Napster's Users Are Not Using Any of the "Devices" or "Media" Covered by Section 1008 Section 1008 identifies four specific kinds of products whose manufacture, distribution, and noncommercial use Congress wished to shield from actions for copyright infringement. Those products are "[1] a digital audio recording device, [2] a digital audio recording medium, [3] an analog recording device, or [4] an analog recording medium." 17 U.S.C. =A7 1008. Section 1008 prohibits actions for copyright infringement based on "the manufacture, importation, or distribution" of these four types of devices and media. Section 1008 also prohibits actions for copyright infringement based on "the noncommercial use by a consumer of such a device or medium" for making digital or analog musical recordings. Nothing in the language of Section 1008 purports to grant manufacturers, distributors, or consumers any immunity with respect to products other than the devices and media specified in Section 1008 itself. To the contrary, if an action for infringement does not involve the specified devices or media, it falls outside the scope of Section 1008 altogether. By its terms, Section 1008 protects consumers only from infringement actions that are based on "noncommercial use * * * of such a device or medium" (emphasis added). If an infringement action rests on consumer use of other products, Section 1008 on its face has no applicability to such an action. In this case, the plaintiffs' copyright claims are not based on the use of any of the devices or media covered by the terms of Section 1008. Napster's users exchange music by using personal computers to locate and transfer files from one computer hard disk to another. Neither a personal computer nor its hard disk constitutes "a digital audio recording device, a digital audio recording medium, an analog recording device, or an analog recording medium." Napster itself does not suggest otherwise. The terms "digital audio recording device" and "digital audio recording medium" are specifically defined in the Act. A "digital audio recording device" is defined, with exceptions not relevant here, as any machine or device "the digital recording function of which is designed or marketed for the primary purpose of, and that is capable of, making a digital audio copied recording for private use." 17 U.S.C. =A7 1001(3) (emphasis added). A "digital audio recording medium" is defined (again with inapplicable exceptions) as "any material object * * * that is primarily marketed or most commonly used by consumers for the purpose of making digital audio copied recordings by use of a digital audio recording device." Id. =A7 1001(4)(A) (emphasis added). This Court has already held that the statutory definition of "digital audio recording device" does not reach personal computers and their hard drives. RIAA v. Diamond Multimedia Systems Inc., 180 F.3d 1072, 1078 (9th Cir. 1999). Although personal computers are "capable of" making "digital audio copied recordings," neither they nor their hard drives are "designed or marketed for the primary purpose of" making such recordings. Ibid. For similar reasons, hard drives fall outside the statutory definition of "digital audio recording medium," since they are not "primarily marketed or most commonly used * * * for the purpose of" making such recordings. Unlike "digital audio recording device" and "digital audio recording medium," the terms "analog recording device" and "analog recording medium" are not expressly defined in the Act. Congress presumably had in mind the analog counterparts to digital audio recording devices and media - for example, traditional analog tape decks and analog recording tapes. Whatever the precise scope of these terms, however, they cannot encompass personal computers and their hard drives, because computers process and store information in digital rather than analog form. Thus, Napster users are not even arguably using any of the devices and media referred to in Section 1008. 2. Napster's Users Are Not Making "Digital Musical Recordings" Or "Analog Musical Recordings" Section 1008 protects the noncommercial consumer use of digital and analog recording devices and media for making "digital musical recordings or analog musical recordings." 17 U.S.C. =A7 1008. Even if Napster's users were using the specified devices or media, they are not making "digital musical recordings" or "analog musical recordings." Their activities fall outside the scope of Section 1008 for that reason as well. The Act defines a "digital musical recording" as "a material object * * * in which are fixed, in a digital recording format, only sounds, and material, statements, or instructions incidental to those fixed sounds, if any * * * ." 17 U.S.C. =A7 1001(5)(A)(i) (emphasis added). The definition goes on to exclude, among other things, "a material object * * * in which one or more computer programs are fixed * * * ." Id. =A7 1001(5)(B)(ii). Napster's users copy music files to their computers' hard drives. Hard drives store data of all kinds, from word processing files to multimedia files, and they ordinarily store computer programs as well. As a result, hard drives fall outside the statutory definition of "digital musical recording" in two respects: first, they are not objects in which "only sounds" are "fixed," and second, they are objects in which "one or more computer programs are fixed." See Diamond Multimedia, 180 F.3d at 1076 ("a hard drive is a material object in which one or more programs are fixed; thus, a hard drive is excluded from the definition of digital musical recordings"). Unlike "digital musical recording," "analog musical recording" is not a defined term under the Act. However, just as a computer's hard drive cannot be an "analog recording medium" (see p. 15 supra), neither can it be (or be used to store) an "analog musical recording," because hard drives store data in digital rather than analog form. Thus, Napster's users cannot be claimed to be making either "digital musical recordings" or "analog musical recordings" - and if a consumer is not making a digital or analog musical recording, the terms of Section 1008 do not provide him with any immunity. 3. Section 1008 Provides Immunity Only for Noncommercial Copying, Not for Public Distribution The Copyright Act grants the owner of a copyright a number of distinct legal rights. See 17 U.S.C. =A7 106(1)-(5). The most widely known right is the right of reproduction - the "exclusive right * * * to reproduce the copyrighted work in copies or phonorecords." Id. =A7 106(1). However, the Copyright Act also grants the copyright holder a separate and distinct right of public distribution - the "exclusive right * * * to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending." Id. =A7 106(3). The plaintiffs assert not only infringements on the right of reproduction, but also infringements on the right of public distribution. In the proceedings below, Napster stated that it has at least 20 million users, all of whom are able to use Napster's service to access and download music files containing copyrighted sound recordings. When a Napster user makes the music files on his or her hard drive available for downloading by other Napster users, he or she is distributing the files to the public at large. Cf. Michaels v. Internet Entertainment Group, Inc., 5 F. Supp. 2d 823, 830-31 (C.D. Cal.1998); Playboy Enterprises, Inc. v. Webbworld, Inc., 991 F. Supp. 543, 551 (N.D. Tex. 1997), aff'd mem., 168 F.3d 486 (5th Cir. 1999); Marobie-Fl, Inc. v. Nat'l Ass'n of Fire and Equip. Distributors and Northwest Nexus, Inc., 983 F. Supp. 1167, 1173 (N.D. Ill. 1997). To the extent that Napster users are engaged in the distribution of copyrighted works to the public at large, such activity falls outside the scope of Section 1008. The language of Section 1008 is directed at uses that infringe on the right of reproduction, not at uses that infringe on the right of public distribution. By its terms, Section 1008 only bars infringement actions "based on the noncommercial use" of the specified products "for making digital musical recordings or analog musical recordings" - in other words, for making copies of the music. Section 1008 makes no reference, and provides no possible defense, to infringement claims based on the public distribution of copied works. Thus, even if it were proper to treat the use of Napster's service for the public dissemination of copyrighted music as a "noncommercial" consumer use, which is far from clear, it is not the use at which the terms of Section 1008 are directed - the "making [of] digital musical recordings or analog musical recordings." 4. Section 1008 Does Not Transform Infringing Consumer Uses Into Non-Infringing Ones As the foregoing discussion shows, the language of Section 1008 cannot be read to encompass the activities of Napster's users. But even if Section 1008 did apply to Napster's users, it would not provide Napster itself with a defense to liability for contributory or vicarious infringement. That is because the terms of Section 1008 address only whether consumers can be sued for infringement; nothing in Section 1008 addresses or changes whether they are engaged in infringement. When Congress has chosen to make particular uses of copyrighted works non-infringing, it traditionally has said so expressly. For example, the fair use provision of the Copyright Act provides that "the fair use of a copyrighted work * * * is not an infringement of copyright." 17 U.S.C. =A7 107 (emphasis added). Congress has spoken with equal clarity regarding other uses. See, e.g., id. =A7 108 ("it is not an infringement of copyright" for library or archive to reproduce single copies of works under specified conditions); id. =A7 110 (specified performances and displays of works "are not infringements of copyright"); id. =A7 117 ("it is not an infringement" for owner of copy of computer program to make an additional copy for, inter alia, archival purposes). In contrast, Section 1008 of the AHRA conspicuously does not say that the activities it describes "are not an infringement of copyright." Instead, Section 1008 provides only that "[n]o action may be brought under this title alleging infringement of copyright" based on such activities. The legislative record indicates that this language reflects a deliberate decision by Congress to relieve consumers from the threat of copyright liability without altering the underlying contours of the copyright laws or resolving the legal debate over the legality of home taping. In the words of the Senate Report : [S]ection 1002 [now Section 1008] provides only that certain copyright infringement actions are precluded. The section does not purport to resolve, nor does it resolve, whether the underlying conduct is or is not infringement. The committee intends the immunity from lawsuits to provide full protection against the specified types of copyright infringement actions, but it has not addressed the underlying copyright infringement issue * * * . Senate Report at 52 (emphasis added). Thus, assuming for present purposes that Napster's users are engaged in copyright infringement, their actions would remain infringing even if Section 1008 were applicable to them, since Section 1008 does not purport to address the underlying issue of infringement. And if Section 1008 does not transform the actions of Napster's users into non-infringing uses, then it cannot provide shelter to Napster itself. In invoking Section 1008, Napster has argued that it cannot be liable for contributory or vicarious infringement if its users are not themselves engaged in infringement. Once it is recognized that Section 1008 does not alter whether the consumer uses that it addresses are infringing, Napster's argument falls apart. It is noteworthy in this regard that Section 1008 expressly provides immunity not only for the specified noncommercial consumer use of digital and analog recording devices and media, but also for the manufacture and distribution of such products. Napster's argument assumes that the immunity conferred on consumers is sufficient by itself to preclude liability for contributory or vicarious infringement on the part of the firms whose products are being used. But if that were the case, then there would have been no reason for Congress to include distinct immunity protection for manufacturers in Section 1008 itself, and the manufacturer immunity language in Section 1008 would serve no purpose. Napster's argument thus conflicts with the elementary principle that "legislative enactments should not be construed to render their provisions mere surplusage." Dunn v. CFTC, 519 U.S. 465, 472 (1997). The fact that Congress found it necessary to extend an express statutory grant of immunity to manufacturers, as well as to consumers, confirms that Congress did not regard consumer immunity from suit as sufficient by itself to insulate other parties from liability for contributory or vicarious infringement. B. Napster's Reliance on Section 1008 Is Inconsistent With the Policies Underlying the AHRA In Diamond Multimedia, this Court observed that it "need not resort to the legislative history [when] the statutory language is clear." 180 F.3d at 1076. Given the clarity with which the language of Section 1008 prescribes (and circumscribes) the scope of statutory immunity under the AHRA, and given Napster's manifest inability to bring this case within the language of the statute, resort to the legislative history of the AHRA is therefore unnecessary. Nevertheless, if recourse is had to the legislative history, it reinforces the conclusion that Section 1008 does not protect Napster. Far from advancing the policies of the AHRA, Napster's invocation of Section 1008 is directly contrary to those policies. 1. Napster's Invocation of Section 1008 Upsets the Quid Pro Quo That Underlies the Act The legislative history of the AHRA makes clear that the Act was intended by Congress to embody the compromise agreement reached in 1991 between the music industry on the one hand and the consumer electronics industry and consumer groups on the other. See, e.g., Senate Report at 34 ("the competing parties have, through negotiation and compromise, reached an agreement which all parties involved feel is equitable," and the legislation "reflects this agreement"); House Report at 13, reprinted in 1992 USCCAN at 3583 (the Act "preserves the essentials of the agreement"). As explained above, the compromise underlying the Act involves a basic quid pro quo. In exchange for accepting the marketing of digital audio recording technology and the use of such technology for noncommercial home taping, the music industry receives financial compensation (through the Act's royalty system) and protection against serial copying. This quid pro quo was central to the agreement and the legislation that embodies it. See, e.g., Senate Report at 30 (summarizing the purpose and basic elements of the legislation). Construing Section 1008 to protect Napster would mean repudiating, rather than preserving, the quid pro quo underlying the Act. On the one hand, Napster would be permitted to facilitate the copying and distribution of copyrighted sound recordings on a scale far surpassing the "home taping" that Congress foresaw when it enacted the AHRA. On the other hand, the products employed by Napster and its users - computers and their hard drives -- are not subject to royalty payments (by Napster or anyone else) and are not required to be equipped with anti-serial copying circuitry, because the royalty and serial copying provisions of the Act apply only to "digital audio recording devices" and "digital audio recording media," and as shown above, those terms exclude computers and hard drives. 17 U.S.C. =A7=A7 1002(a), 1003(a), 1004; see p. 15 supra. As a result, the music industry would bear the burdens of the statute without receiving the corresponding benefits. The legislative history makes clear that the Act's exclusion of computers and hard drives was the product of a deliberate choice by Congress. See, e.g., Senate Report at 48 ("a personal computer whose recording function is designed and marketed primarily for the recording of data and computer programs * * * would [not] qualify as a 'digital audio recording device'"). In invoking Section 1008, Napster is inviting this Court to countermand that legislative choice, and to do so in a way that undoes the reciprocal nature of the Act's digital recording provisions. That invitation should be declined. 2. Section 1008 Was Not Intended To Immunize All Consumer Copying of Musical Recordings Section 1008 identifies with precision the consumer activity that Congress meant to shelter from copyright infringement suits: "the noncommercial use by a consumer of such a device or medium for making digital musical recordings or analog musical recordings." 17 U.S.C. =A7 1008. Despite the precision of this language, Napster asserts that Congress actually intended to immunize "all noncommercial consumer copying of music in digital or analog form" (Napster Brief at 20), whether or not the copying comes within the terms of Section 1008. But Napster has identified nothing in the limited legislative history of Section 1008 that supports this argument or overcomes the explicit language of the statute. The following passage from the House Report on the Act is representative of the legislative history regarding Section 1008: Section 1008 covers one of the critical components of the legislation: exemptions from liability for suit under title 17 for home taping of copyrighted musical works and sound recordings, and for contributory infringement actions under title 17 against manufacturers, importers, and distributors of digital and analog recording devices and recording media. In the case of home taping, the exemption protects all noncommercial copying by consumers of digital and analog musical recordings. Manufacturers, importers, and distributors of digital and analog recording devices and media have a complete exemption from copyright infringement claims based on the manufacture, importation, or distribution of such devices. House Report at 24, reprinted in 1992 USCCAN at 3594 (emphasis added). The highlighted references to "home taping" suggest, not surprisingly, that Congress meant to address the problem that gave rise to the AHRA - the introduction and use of DAT tape decks and similar digital taping technology (see pp. 3-5 supra). There is no indication that Congress also meant to cover other kinds of devices and media that fall outside the terms of Section 1008. To the contrary, the legislative history reiterates the message conveyed by the language of the statute itself: Congress meant to "extend[] protection to users of such audio recording devices and media by prohibiting copyright infringement actions based on the use of such devices and media" to make musical recordings. Senate Report at 51 (emphasis added). In short, the legislative history confirms that Congress meant what it said in Section 1008 - and what Congress said cannot be reconciled with what Napster is seeking. 3. The Legislative History of Statutes Other Than the AHRA is Irrelevant In construing the scope of Section 1008, Napster attempts to rely on the legislative history of two statutes other than the AHRA - the Record Rental Amendment Act of 1984 and the Computer Software Rental Amendment Act of 1990. See Napster Brief at 23-24. Napster argues that Congress's treatment of "commercial" lending of phonorecords and computer software under those two statutes is consistent with Napster's reading of Section 1008. The short answer is that this case involves the meaning of the AHRA, not the meaning of other statutes. Napster's invocation of Section 1008 cannot be sustained on the basis of Section 1008's own language and legislative history; a fortiori, it cannot be sustained by resort to the language and legislative history of unrelated statutes. The Record Rental Amendment Act and the Computer Software Rental Amendment Act were both enacted prior to the AHRA, and they address entirely different subjects. Neither their language nor their legislative history purports to address the meaning of Section 1008 in any way. C. Diamond Multimedia Does Not Resolve the AHRA Immunity Question At Issue in This Case Napster suggests that this Court's decision in Diamond Multimedia confirms Napster's reading of Section 1008. It does not. The meaning and applicability of Section 1008 were not at issue in Diamond Multimedia, and nothing that the Court decided in Diamond Multimedia in any way requires the Court to accept Napster's Section 1008 defense in this case. Diamond Multimedia involved a suit under the AHRA by the recording industry against the manufacturer of the Rio portable music player, a "Walkman-like" device that plays MP3 music files. The recording industry claimed that the Rio player is a "digital audio recording device" and therefore is subject to the Act's royalty and serial copying provisions. Based on that claim, the recording industry sought to enjoin the manufacture and distribution of the Rio player and to compel Rio's manufacturer (Diamond) to make royalty payments under the Act. This Court rejected the industry claim, holding that the Rio player does not come within the Act's definition of a "digital audio recording device" and therefore is not subject to the Act's royalty and serial copying requirements. 180 F.3d at 1075-1081. Diamond Multimedia was not an action for copyright infringement. Because Section 1008 of the AHRA applies only to "action[s] * * * under this title alleging infringement of copyright," it was facially irrelevant to Diamond's liability, and Diamond never invoked Section 1008 as a defense. Accordingly, the Court was not called on to decide whether Section 1008 protected Diamond itself, much less whether or how Section 1008 may protect defendants in other cases that (unlike Diamond Multimedia) involve claims of copyright infringement. Napster relies on a single passage from the Court's opinion in Diamond Multimedia: As the Senate Report explains, "[t]he purpose of [the Act] is to ensure the right of consumers to make analog or digital audio recordings of copyrighted music for their private, noncommercial use." S. Rep. 102-294, at *86 (emphasis added). The Act does so through its home taping exemption, see 17 U.S.C. =A7 1008, which "protects all noncommercial copying by consumers of digital and analog musical recordings," H.R. Rep. 102-873(I), at *59. 180 F.3d at 1079 (emphasis in original). To the extent that this passage speaks to the meaning of Section 1008, it is no more than dictum, since Section 1008 was not at issue in the case. In any event, nothing in the passage is in any way inconsistent with the proposition that Section 1008 means what it says. The passage merely quotes excerpts from the House and Senate Reports regarding the purpose of the Act in general and Section 1008 in particular. As shown above, when the legislative history is considered in its entirety, it directly supports, rather than refutes, the conclusion that Section 1008 does not protect Napster or its users. Accordingly, nothing in Diamond Multimedia provides refuge for Napster in this case. CONCLUSION For the foregoing reasons, the district court's holding that Section 1008 of the Audio Home Recording Act does not excuse Napster from liability is correct and should be affirmed. Respectfully submitted, DAVID O. CARSON DAVID W. OGDEN General Counsel Assistant Attorney General J. KENT DUNLAP MARK B. STERN SCOTT R. McINTOSH United States Copyright Office Attorneys, Appellate Staff Library of Congress 101 Independence Ave. S.E. Civil Division, Department of Justice Washington, D.C. 20540 601 D Street N.W., Room 9550 Washington, D.C. 20520 ALBIN F. DROST Acting General Counsel Counsel for the United States JUSTIN HUGHES United States Patent and Trademark Office P.O. Box 15667 Arlington, VA 22215 Of Counsel September 8, 2000 CERTIFICATE OF COMPLIANCE Pursuant to Fed. R. App. P. 29(d)and Ninth Circuit Rule 32-1, I certify that the attached amicus brief is proportionately spaced, has a typeface of 14 points or more and contains 7000 words or less. _________________________ Scott R. McIntosh CERTIFICATE OF SERVICE I certify that on September 8, 2000, I filed and served the foregoing BRIEF FOR THE UNITED STATES AS AMICUS CURIAE by causing an original and 15 copies to be filed with the Clerk of the Court by overnight mail and by causing copies to be served on the following counsel by overnight mail and (where indicated) by fax: Carey R. Ramos Aidan Synnott Michael Keats Paul Weiss Rifkind Wharton & Garrison 1285 Avenue of the Americas New York, NY 10019-6064 (212) 373-3000 (OVERNIGHT MAIL AND FAX) Russell J. Frackman Jeffrey D. Goldman George M. Borkowski Drew E. Breuder Mitchell Silberberg & Knupp 11377 W Olympic Blvd Los Angeles, CA 90064 (310) 312-2000 (OVERNIGHT MAIL AND FAX) William M. Hart Eric J. German Frank P. Schibilia Carla M. Miller Hank L. Goldsmith Leon P. Gold Lawrence L. Weinstein Proskauer Rose LLP 1585 Broadway New York, NY 10036 (212) 969-3000 Hadrian R. Katz (202) 942-5000 Arnold & Porter 555 Twelfth Street, NW Washington, DC 20004 Steven B. Fabrizio 1330 Connecticut Avenue, N.W. Suite 300 Washington, DC 20036 202-775-0101 Lisa M. Arent Melinda M. Morton Michael A. Brille Samuel A. Kaplan William Jackson Seth A. Goldberg Fenwick & West LLP Two Palo Alto Sq Ste 800 Palo Alto, CA 94306 650-494-0600 (BY OVERNIGHT MAIL AND FAX) Laurence F. Pulgram Kathryn J. Fritz Fenwick & West LLP 275 Battery Street 15th Floor San Francisco, CA 94111 415-875-2300 (BY OVERNIGHT MAIL AND FAX) David Boies Boies Schiller & Flexner LLP 80 Business Park Drive Suite 110 Armonk, NY 10504 (914) 273-9800 (BY OVERNIGHT MAIL AND FAX) Albert P. Bedecarre Quinn Emanuel Urquhart Oliver & Hedges, LLP 2479 East Bayshore Road Suite 820 Palo Alto, CA 94303 650-494-3900 Hannah Bentley 394 Scenic Avenue San Anselmo, CA 94960 _________________________ Scott R. McIntosh ----- End forwarded message ----- ------------------------------------------------------------------------- POLITECH -- the moderated mailing list of politics and technology You may redistribute this message freely if it remains intact. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ ------------------------------------------------------------------------- ----- End forwarded message -----

1 0

Re: [liberationtech] Secure Your Domain - Where Is Safe to Register a Domain Name? - Gun.io
by liberationtech＠lewman.us 06 Jul '18

06 Jul '18

On Mon, May 07, 2012 at 11:01:36PM -0700, companys(a)stanford.edu wrote 38K bytes in 699 lines about: : https://gun.io/blog/secure-your-domain-where-is-safe-to-register-a-domain-n… : Secure Your Domain - Where Is Safe to Register a Domain Name? I realize this is just Woody and some guy pontificating late at night, however a more thorough answer would involve the cross-section of MLATs, Military assistance treaties, and global copyright agreements. I know a few people who are registering their domains in countries generally hostile to the US and EU and unlikely to sign an MLAT or any other agreement with businesses based out of either region. For example, if you wanted to start a cool new file sharing site, base it in Iran, Iraq, Cuba, Libya, Syria, Belarus, Zimbabwe, or Burma. This of course means you ignore the human rights issues with these countries. Otherwise you're left with .i2p, .onion, freenet, gnunet, and other alternate root domains like .glue, .pirate, etc from opennic. Or just register domains in many tlds with local in-country registrars and plan for a legal battle at each step of the way. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 _______________________________________________ liberationtech mailing list liberationtech(a)lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [liberationtech] Travel with notebook habit
by Andreas Bader 06 Jul '18

06 Jul '18

On 12/28/2012 12:46 PM, Maxim Kammerer wrote: > On Fri, Dec 28, 2012 at 10:49 AM, Julian Oliver <julian(a)julianoliver.com> wrote: >> I've been extensively questioned at the border on a few occassions over the >> years /because/ my laptops don't have a Desktop as such, no icons either. Both >> my arms were grabbed at the Australian border as I reached to type 'firefox' in >> a terminal, to start the browser in an attempt to show them a normal looking >> environment. > I think that in such a discussion, it is necessary to distinguish > between border guards wanting to look at your data, and border guards > wanting to make sure that your laptop is not a bomb (given the limited > training they receive on the subject). The situation that you describe > looks more like the latter than the former (although clearly there > might be omitted details). > For the case of Border guards that want to have a look at your data there's an article from schneier: http://www.schneier.com/blog/archives/2008/05/crossing_border.html You can also use a normal (fake | Windows) OS on your standart HDD and a hidden OS on a mSATA SSD, you can use a 16 GB disk with a small and encryted Ubuntu distribution. If you set the boot standart to your standart HDD then you have a good chance to get through the control. Another possibility is to combine this with a hidden truecrypt container, no one can force you to write down a password to a container that is probably not even existing. You can't prove that. If this is to complicated for you, you can still install a OS on a small USB stick. Or a SDHC card. It's not that expensive and if you have an USB stick fixed at your keyring I think no one will notice. The most secure thing would be a Live CD and a hidden container on an USB / SDHC device. So they can't infiltrate a system that is not even installed (backtrack and stuff have truecrypt onboard) and they can't force you to open that hidden container (because you only know if there is a container when you hit the right password. When nobody performs a hardware hack on your SATA or something then nothing can happen. If they keep your notebook for some minutes | hours | days then you should examine it before use.. It's also helpful to check the md5 checksum of the boot partition; you can have a virus / keylogger in there. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [FoRK] moar change we can believe in!
by Koen Holtman 06 Jul '18

06 Jul '18

On Sat, 12 Sep 2009, J. Andrew Rogers wrote: [...] > This is a complicated topic and goes way beyond RFID. The world is > very rapidly becoming pervasively wired with network-connected > sensors, and the state of this reality is far beyond what most people > imagine it is. In my day job I work a bit on pervasive networked sensors and RFID. In fact the introduction of these has been less rapid than I would have predicted 5-10 years ago. When you get down to it, making a solid business case to roll out this type of technology on a massive scale is not that easy. What we really need is an irrational sensor bubble but I am not holding my breath. The actually existing scary pervasive network-connected sensor device is otherwise known as the internet enabled mobile phone. Data mining user-generated internet traffic is also a lot easier than collecting lots of camera/sound/sensor/rfid data and correlating it to people afterwards. The good news is that, at least for this type of scary pervasive sensor, the companies that are technically best placed to capture and mine all data generated are still somewhat regulated when it comes to privacy. Nevertheless technology is on a path where it becomes more and more easy for institutions to gather massive amounts of data about individuals. This is a threat to the correct functioning of states and markets, because it creates new opportunities to game the system for the benefit of a few. I can't see a purely technical fix. The only way to counter-balance this technical trend is by legislation and citizen/consumer education. Memes that will become increasingly useful: - All data about me is my own property, not the property of the people who managed to collect it. - They might happen to know this, but is it not legal for them to act on it. - Nobody is perfect. - If buyer and seller have hugely different access to information you cannot have a fair market. - Shouldn't my every word and gesture by covered by copyright law? After all I am at least as good an artist as <fill in here>. Koen. _______________________________________________ FoRK mailing list http://xent.com/mailman/listinfo/fork ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: SHA-1 rumors
by John Black 06 Jul '18

06 Jul '18

> >No, it was on the compression function, but not in any sense "reduced". But >you had to start with particular values of the chaining variables, and in >practice no-one knows how to do that, so MD5 (as a whole) isn't broken by >this, at least until tomorrow evening. The rumour here is that MD5, HAVAL, >and RIPE-MD are all goners. We know SHA-0 is toast too. There might also be >results against SHA-1. Hash functions are hard. > What I've heard (also at CRYPTO right now like Greg) is that the four Chinese researchers (Wang, Fang, Lai, Yu) have found collisions in MD4, MD5, HAVAL, and RIPEMD. They state that SHA-0 collisions can be found as well. However, the collision they list for MD5 doesn't produce work because the Chinese translation of [MOV] had an error which caused an endianness problem. So they have a collision for a PARTICULAR IV. One of the four researchers is back in China, so they are on the phone trying to fix the problem for the announcment tomorrow evening. However, they have announced nothing regarding SHA-1 or any of the larger-output SHA versions like SHA-256, etc. We haven't seen their methods yet, but one has to believe that their methods are fairly general given the range of hash functions they've attacked. This would SEEM to put the SHA family into jeopardy as well, but we should know more tomorrow evening. John Black [MOV] Menezes, van Oorschot, Vanstone; Handbook of Applied Cryptography, CRC Press. _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

1 0

EDRI-gram newsletter - Number 5.13, 4 July 2007
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 5.13, 4 July 2007 ============================================================ Contents ============================================================ 1. EDRI signs "Keep The Core Neutral" petition 2. Final agreements between EU and USA on PNR and SWIFT 3. OECD pushes for privacy co-operation 4. The Austrian government has postponed the law for data retention 5. Italian officials prepare the law for a DNA database 6. French Internet users are not properly informed on DRM 7. German legislation troubles the big Internet companies 8. ENDitorial : The End of Multilateral Broadcast Treaty 9. Recommended Reading 10. Agenda 11. About ============================================================ 1. EDRI signs "Keep The Core Neutral" petition ============================================================ European Digital Rights Initiative (EDRI) has joined more than 100 individuals and organizations from around the world in signing the petition "Keep The Core Neutral" urging ICANN (Internet Corporation for Assigned Names and Numbers ) to resist efforts to evaluate applications for new generic top-level domains (gTLDs) based on non-technical criteria such as ideas about morality and competing national political objectives. The "Keep the Core Neutral" coalition is concerned that ICANN's draft policy includes evaluation criteria that go well beyond technical considerations of operational stability and security and exceeds the organization's mandate of technical coordination. In particular, ICANN is considering policy that would reject applications for new gTLDs if they violate globally fixed standards on "morality" or "public order". But the lack of global standards on morality and policy objectives invites nations with restrictions on free expression to impose censorship on the entire world by blocking the creation of certain domains. There is also concern that religious institutions and business competitors will be allowed to object to new domain name applications based on non-technical and non-legal criteria. Creating a precedent for generalized public governance would be dangerous, as the private corporation does not have a democratic governance structure that is accountable to the public or that includes protections for the rights of Internet users. The proposed policy also threatens to extend unrelated concepts derived from commercial trademark law onto non-commercial expression, but domain names are distinct from trademarks in significant ways. Trademark rights only regulate a particular type of commercial speech, while ICANN policy could expand trademark restrictions onto non-commercial expression and prevent online criticism of companies and products. In a 27 June 2007 workshop at the San Juan ICANN meeting, a distinguished panel of legal and technical experts addressed these issues including former ICANN Board Member and attorney Michael Palage, who co-authored a 2006 essay "Please, Keep the Core Neutral", which served as inspiration for the coalition's global petition. Keep The Core Neutral : Global Petition Urges ICANN to Protect Free Expression and Innovation in Domain Name Policy (30.06.2007) http://www.keep-the-core-neutral.org/node/26 Global Petition to ICANN Board of Directors: "Keep the Core Neutral" (11.06.2007) http://www.keep-the-core-neutral.org/petition Transcript of Keep the Core Neutral Workshop (27.06.2007) http://sanjuan2007.icann.org/files/sanjuan/SanJuan-NCUCALACWorkshop-27June0… ============================================================ 2. Final agreements between EU and USA on PNR and SWIFT ============================================================ After a long and difficult period of negotiations, on 28-29 June 2007, final agreements were reached between EU and USA on the data regarding European financial transactions operated by Belgian consortium SWIFT and on the passenger name records (PNR) issue respectively. Regarding the access to financial data from SWIFT, the US has committed to use any data received from SWIFT exclusively for counter-terrorism purposes, the data retention period being of 5 years. SWIFT is also bound to "adequately" protect the privacy of data according to EU principles as laid out in 2000 and further more, from now on, all banks using SWIFT will have to inform their customers about any transfers of their data. According to a spokesman for Commission Vice-President Franco Frattini, an "agreement had been reached on the substance of the new Passenger Name Records (PNR) system, with only technical details and EU national parliaments' opinion still to be resolved". The agreement will replace the interim agreement due to expire at the end of July 2007. Both sets of negotiations resulted in the EU having obtained the power to inspect US investigators' use of European data. The EU has insisted on this, considering that US privacy laws would not protect European citizens' data from being abused. However, according to Gus Hosein from Privacy International, the EU won only limited oversight over the US use of PNR data. The PNR agreement reduced the number of pieces of data that can be collected by the US authorities from 34 pieces to 19, including name, contact information, payment details, travel agency, itinerary and baggage information, but excluding sensitive data such as ethnicity. The US will be allowed to store the data for a seven year period under an "active" or "operational" regime and can extend this period by 8 years for "dormant" data which would be accessible under stricter rules. This means a 15 year storage period in total as compared to three years as previously agreed. The EU officials however state that the agreement has more safeguards than before. In a letter to the German interior minister Wolfgang Schauble, the European Data Protection Supervisor Peter Hustinx has still shown concern believing that the privacy rights of air passengers between the EU and US will be threatened by the agreement struck on 29 June. A good point is that, for the first time, EU citizens will also be covered by the US Privacy Act which means they can enforce their rights in US courts. The new PNR system deal must be ratified by national parliaments before taking effect as expected at the end of July 2007. But the PNR data started to look interesting also for the European officials. Just a few days after the car bomb attack in Glasgow and London, the commissioner Franco Frattini announced that he would propose in October a new draft containing anti-terrorism measures, including creating a European PNR system. In this way, the airlines flying to the EU would be obliged to share passengers private data with Europe's secret services. It is not clear yet if the scheme will cover intra-European flights. Draft text - PNR Agreement (28.06.2007) http://www.statewatch.org/news/2007/jul/eu-usa-pnr-agreement-2007.pdf EU-US data-sharing deals renew privacy concerns (29.06.2007) http://www.euractiv.com/en/security/eu-us-data-sharing-deals-renew-privacy-… EU legitimises US travel and bank data snoops (28.06.2007) http://euobserver.com/22/24384 US gives in to EU demands over data (29.06.2007) http://www.theregister.co.uk/2007/06/29/us_eu_data_use/ Europe's banks must inform customers of US snooping (27.06.2007) http://www.theregister.co.uk/2007/06/27/swift-disclosure_rules_for-european… New PNR Agreement with the United States of America - Peter Hustinx letter to the German Minister of Interior (27.06.2007) http://www.statewatch.org/news/2007/jun/eu-us-pnr-hustinx-letter.pdf Air passengers to face EU anti-terror screening (4.07.2007) http://www.euractiv.com/en/transport/air-passengers-face-eu-anti-terror-scr… EU plans air passenger data exchange system (3.07.2007) http://euobserver.com/9/24416 ============================================================ 3. OECD pushes for privacy co-operation ============================================================ A new framework has been agreed by the 30 members of OECD (Organisation for Economic Co-operation and Development) regarding the co-operation in the enforcement of privacy laws, updating a 27 year old statement (OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data). The large volume of the data being exchanged across borders and the changes in the character of these exchanges having increased the risks to privacy for individuals have brought up the need for a better co-operation between authorities in charge with data protection. The framework, included in the new OECD Recommendation on Cross-Border Co-operation in the Enforcement of Laws Protecting Privacy, developed by the OECD Committee for Information, Computer and Communications Policy (ICCP), through its Working Party on Information Security and Privacy (WPISP), shows the commitment of the governments to improve their national privacy legislation to allow co-operation and mutual assistance among each other for an efficient enforcement of privacy laws. "A consensus has emerged on the need to promote closer co-operation among privacy law enforcement authorities to help them exchange information and carry out investigations with their foreign counterparts," says the recommendation which also reads: "Globalisation, the emergence of 'follow the sun' business models, the growth of the internet and falling communication costs dramatically increase the amount of personal information flowing across borders. This increase in transborder information flows benefits both organisations and individuals by lowering costs, increasing efficiency and improving customer convenience. At the same time, these personal information flows elevate concerns about privacy, and present new challenges with respect to protecting individuals' personal information." OECD has developed two model forms to facilitate the co-operation: one to assist in the creation of a list of contact points in each country to co-ordinate requests for assistance and another one to be used by an authority in requesting assistance. The recommendation will be introduced at regional events and at the 29th International Conference of Data Protection and Privacy Commissioners that will be hosted in September 2007 in Montreal by Commissioner Jennifer Stoddart Privacy Commissioner of Canada who also conducted the work on the development of the framework. OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy - Press release http://www.oecd.org/document/60/0,3343,en_2649_34223_38771516_1_1_1_1,00.ht… OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy - full text http://www.oecd.org/dataoecd/43/28/38770483.pdf Net growth prompts privacy update (30.06.2007) http://news.bbc.co.uk/2/hi/technology/6254650.stm International effort on privacy protection is launched (26.06.2007) http://www.out-law.com//default.aspx?page=8182 ============================================================ 4. The Austrian government has postponed the law for data retention ============================================================ A spokesman of the Federal Ministry of Transport, Innovation and Technology has confirmed that due to the flood of responses to the law proposal there is no way to have data retention ready before the deadline set by the directive. The ministry received a total of 90 statements from various organisations. Most of them voiced severe concerns about the suggested implementation of data retention. The supporters were various bodies of the entertainment industry, demanding longer retention periods and a lower threshold. They demanded extending access to retained data for violations of copyright, by a law that is being implemented to help fight terrorism. The ministry needs to process all those statements in a diligent way and it will do so, even if the EU issues a caution against the Republic of Austria. Furthermore there have been talks with the Ministry of Justice to embed data retention in the criminal law concerning the degree of penalty and periods. The criminal law has already exemptions for lawyers, physicians, journalists and other groups of society handling highly sensitive personal data. The retention period of six months both for telephone and Internet traffic data was not questioned. More results of these talks will be due in Autumn after the summer break. The background to this turnaround is that a general aversion against data retention has been growing in Austria, and the resistance is pretty broad. Hardly anybody turns up in Austrian public to express support for this measure. The Austrian Chambers of Commerce and Labour both oppose data retention. Those bodies, called "social partnership", are the pillars of real political life representing small and middle businesses (Conservatives) and Labour. Even the federal Chancellor's office expressed concerns about a possible violation of Austria's constitution. Various academic institutions stepped in as well. All quoted bodies are more or less closely related to one of the two big political parties. The discussion here started very late, as it took print and TV media journalists quite a long time to understand what data retention of network traffic data could mean for their jobs in general. During the month of June the topic was covered by all Austrian media - late, but better than never. AT: Data Retention gets delayed until Autumn (only in German, 28.06.2007) http://www.quintessenz.org/d/000100003888 Quintessenz doqubase about data retention http://quintessenz.org/data_retention The Truth about the Costs for Data Retention (only in German, 29.06.2007) http://futurezone.orf.at/it/stories/203760/ Data Retention Delayed (only in German, 28.06.2007) http://futurezone.orf.at/it/stories/203295/ Data Retention in Austria arrives later (only in German, 28.06.2007) http://www.heise.de/newsticker/result.xhtml?url=/newsticker/meldung/91913 (Contribution by EDRI-member quintessenz.org - Austria) ============================================================ 5. German legislation troubles the big Internet companies ============================================================ Yahoo and Google seems to have problems adapting their business to the tough requirements of the German law regarding content harmful to minors and the implementation of the data retention directive, respectively. Yahoo has recently changed the way the content filter setting for its photo-sharing service Flickr works for German members so that they can't view photos labelled as "moderate" or "restricted" via the search function. This caused a lot of complaints from German users, that created special groups on the platform such as Against Censorship! Also they started uploading anti-Flickr pictures in the Yahoo photo sharing service and tag them as "thinkflickrthink". In the end Flickr allowed the German users to turn SafeSearch off to allow photos flagged as 'moderate' and tried to explain the situation. "Flickr's intent is never to censor content, but rather to comply with local legal restrictions. In Germany, local law (Jugendmedien-Staatsvertrag JMStV) requires stringent age verification in order to display online content that could be considered harmful to minors." explained Flickr's co-founder Stewart Butterfield. Community Manager, Heather Champ added : "The central problem is that Germany has much more stringent age verification laws than its neighbouring countries," she said. She described the risks of breaking these laws as being punished with "much harsher penalties, including jail time, for those with direct responsibility." The German draft law for the implementation of the data retention directive also raises problems with the online service providers. The draft foresees that providers of e-mail services will basically have to keep records of the following: the user's IP address for each e-mail sent and for each access to the inbox as well as the sender's network ID for every e-mail received. According to an interview to the German economics magazine Wirtschaftswoche, Peter Fleischer, Google privacy counsellor considered the draft law as "a severe blow to privacy " and praised the possibility to have anonymous email accounts. According to Heise he also declared that : "If need be we will simply switch off Google Mail in Germany", but this was later considered as a misinterpreted quote, and the correct statement was : "We think that this law is bad for users and bad for privacy on the Internet. Google believes that users should have the right to create an email account without going through the hassle of having to prove exactly who they are. Anonymous email is particularly important for political dissidents, for example." Google also hoped that the German federal government will change its plans in this respect. User protests against and Yahoo's justification for filters at Flickr (18.06.2007) http://www.heise.de/english/newsticker/news/91279 Against Censorship! at Flickr http://www.flickr.com/groups/againstcensorship/ (Official Topic) German SafeSearch settings (20.06.2007) http://www.flickr.com/help/forum/en-us/43626/ Google threatens to shut down e-mail service in Germany (25.06.2007) http://www.heise.de/english/newsticker/news/91681 Lost In Translation: German Gmail Stays Put (27.06.2007) http://blog.wired.com/business/2007/06/lost-in-transla.html EDRI-gram: Data retention and increased surveillance in Germany (25.04.2007) http://www.edri.org/edrigram/number5.8/germany-data-retention ============================================================ 6. French Internet users are not properly informed on DRM ============================================================ The UFC- Que Choisir association has revealed the results of an online study performed in February 2007 regarding the use of DRM (Digital Rights Management) systems imposing third-party restrictions on the users of a reading device. The poll has shown that most French Internet users have not been properly informed on the restrictions that DRM systems involve and that they definitely would like these technical protections out. The poll covered about 800 Internet users that had already bought music online. Out of these, 51% stated they had never been informed on the usage restrictions that DRM imposes and 65% of them thought they could listen to the music they had legally bought on any device without any constraints. 72% of the iPod users had no idea they could listen on their devices only music bought on iTunes. According to the study, 20% of the respondents have already experienced the situation of buying music online that they could not listen to on the devices they had. Most respondents (about 90%) consider it is very important to be able to use any kind of device to read the music they buy. UFC-Que Choisir association asks from the French Government to revise the so-called DADVSI law in order "to refuse the producers the unilateral freedom to impose DRM contrary to the basic consumers' rights". UFC-Que Choisir's main preoccupation is interoperability for the consumers. "The musical world can very well live without the DRM. Even better" said Edouard Barreiro, in charge with new technologies within the association. "If the legislator cannot interdict the use of DRM, the industry should at least be imposed to use at least a unique DRM format to provide the interoperability". Some of the music distribution companies such as EMI group or Universal have already started having initiatives of providing DRM free music online. As Denis Olivennes, owner of Fnac commercial website, stated: A non-restricted title is sold twice a DRM bound one. The Internet users do not know DRM well (only in French, 26.06.2007) http://www.01net.com/editorial/352653/les-internautes-connaissent-mal-les-d… Music : the consumer does not want DRM (only in French, 28.06.2007) http://www.clubic.com/actualite-75858-musique-consommateur-drm.html DRM: the consumers do not want restrictions (only in French, 27.06.2007) http://www.ecrans.fr/spip.php?article1656 EDRI-gram:France establishes the DRM-regulation authority (12.04.2007) http://www.edri.org/edrigram/number5.7/drm-authority-france ============================================================ 7. Italian officials prepare the law for a DNA database ============================================================ Italy is preparing its DNA database law, claiming that it needs harmonization with the other European states situation, but forgetting about the privacy concerns. According to col. Luciano Garofano from RIS (Reparti Investigazioni Scientifiche), it is not very long until the law allowing archiving DNA data will be in place. In Garofano's opinion, Italy is actually one of the last to have a legislation in the domain and the problem is that although Italy has signed the Pr|m treaty to exchange data, it has no data to exchange. The colonel believes that Italy needs this database that would be efficient in identifying criminals as well as innocent people. Experts however fear that there is a risk of theft of genetic data that could be used abusively as well as of the possibility of relying too much on this database ignoring checks of various typologies and sources. Garofano believes advantage should be taken of the new technologies and data privacy issues should not stand in the way of security. He thinks privacy should not be a justification not to draft a law that would be for the security of the Italian citizens. A draft law has already been made by the National Committee for Biosecurity, Biotechnology and Life Science (Comitato Nazionale per la Biosicurezza, le Biotecnologie e le Scienze della Vita), a draft that stipulates the gathering of data from those that have infringed the law and might face more than 3 years of imprisonment as well of those that are imprisoned. "A law is absolutely necessary but it must be evaluated with extreme caution. It is a good think that the gathered data is based on alphanumerical sequence and not on biological samples" said Francesco Pizzetti, the president Italian Data Protection Authority (Garante per la protezione dei dati personali). He also expressed the hope that the authority's experience would be taken into consideration and that the Parliament would listen to the opinions of the Authority. Italy - ready for the Big Genetic Database (only in Italian, 29.06.2007) http://punto-informatico.it/p.aspx?i=2029006 ============================================================ 8. ENDitorial : The End of Multilateral Broadcast Treaty ============================================================ The summer special session of United Nation's World Intellectual Property Organization's (WIPO) Standing Committee on Copyright and Related rights (SCCR) ended with an outcome that effectively killed the proposed treaty for protection of broadcast organisations (Broadcast Treaty). The committee called off the Diplomatic Conference that was supposed to take place in November to approve the treaty. Even if the treaty remains on the agenda of SCCR, it is unlikely that there will be any serious push to overcome the vastly different positions on key issues relating to objectives, scope and object of protection. There were several reasons for this outcome. The treaty was unwanted by many countries. The United States lost interest after webcasting was removed from the scope of the treaty and - perhaps more importantly - after the US technology and telecommunication industries made their opposing position loudly known. There was also disagreement within the North American Broadcasters' Association. This left the EU and Japan in a much weaker position against the countries known as "Friends of Development", who saw little use in new property rights for broadcasters but instead considered the treaty as an opportunity to inject new elements such as competition, access to knowledge and cultural diversity into the global copyright regime. The second reason was spirited opposition by the rest of the stakeholders (i.e. other than broadcasters) against the treaty. In particular the organizations representing civil society constantly asked questions about the rationale of the treaty and brought transparency to the process by transcribing the discussions during the plenary sessions. This exposed in almost real-time the lack of any real substance to the proponents' arguments. One can also speculate on the role of the long-time chairman of the committee, Jukka Liedes, in the demise of the treaty. It became widely known that he and Mr. Tilman L|der (who represents the European Commission) did not agree on a strategy (or much else for that matter). Mr. Liedes also took many times positions that were seen as detached from the reality of the committee as he tried to push the treaty to the Diplomatic Conference. Still, the outcome of the negotiations was always likely to be a failure because of the divergent political situation on global IP policy. The big question now is what the outcome will mean for WIPO and SCCR. A rather direct hint could be found from this comment by Tom Rivers, external legal adviser to the Association of Commercial Television in Europe (ACT): "If Wipo is not the right forum for this issue to be addressed then broadcasters will need to raise (their) concerns at regional or bilateral level instead". So, in practice the broadcasters will try to use the sympathy of European Commission civil servants to advance their agenda by forcing the developing countries to accept extensive "investment protection clauses" to their bi-lateral trade agreements. This will be a key issue for EDRI. Finally, a more fundamental question must asked. Why are these kinds of investment protection schemes, which have nothing to do with creativity or culture, dealt with under the copyright system in the first place? It unfortunately seems that the so-called related rights have become a sweet spot for blatant corporate rent seeking. The European Commission seems to accept all kinds of demands from the stakeholders without the merest hint of economic justification. Even when their own studies find clear evidence that these types of protection are harmful (such as with the sui generis database right), there is no reaction on their part. Isn't it time that European IP policy was based on economic evidence rather than the interests of a small number of large right holders? Second Special Session of the Standing Committee on Copyright and Related Rights (SCCR) (18-22.06.2007) http://www.wipo.int/meetings/en/details.jsp?meeting_id=12744 Piracy collapses broadcasting treaty (24.06.2007) http://uk.biz.yahoo.com/24062007/399/piracy-collapses-broadcasting-treaty.h… EDRI-gram: Results of the WIPO's SCCR Special Session 1 (31.01.2007) http://www.edri.org/edrigram/number5.2/wipo_sccr1 EFF's resource page on the WIPO Broadcasting Treaty http://www.eff.org/IP/WIPO/broadcasting_treaty/ Some NABA (North American BroadcastersAssociation) members opposed the treaty (20.06.2007) http://lists.essential.org/pipermail/a2k/2007-June/002418.html (Contribution by Ville Oksanen - EDRI-member Electronic Frontier Finland) ============================================================ 9. Recommended Reading ============================================================ Findings of the Open Rights Group Election Observation Mission in Scotland and England The Open Rights Group (ORG) believes that the problems observed at the English and Scottish elections in May 2007 raise serious concerns regarding the suitability of e-voting and e-counting technologies for statutory elections. E-voting is a 'black box system', where the mechanisms for recording and tabulating the vote are hidden from the voter. This makes public scrutiny impossible, and leaves statutory elections open to error and fraud. http://www.openrightsgroup.org/e-voting-main/ http://media.ito.com/kevinmarks/org_election_report.pdf Article 29 Working Party Opinion 4/2007 on the concept of personal data (20.06.2007) http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2007/wp136_en.pdf ============================================================ 10. Agenda ============================================================ 6 July 2007, EU Two years anniversary of the rejection of the software patents directive http://www.free765.eu/ 8 May - 22 July 2007, Austria Annual decentralized community event around free software lectures, panel discussions, workshops, fairs and socialising http://www.linuxwochen.at 8-12 August 2007, near Berlin, Germany Chaos Communication Camp 2007 "In Fairy Dust We Trust!" http://events.ccc.de/camp/2007/ 5-11 September 2007, Linz, Austria Ars Electronica Festival - Festival for Art, Technology and Society http://www.aec.at/en/festival2007/index.asp 21 September 2007, Amsterdam, Netherlands Bits of Freedom organizes the 5th Dutch Big Brother Awards Nominations can be sent to info at bigbrotherawards.nl until the end of August. http://www.bigbrotherawards.nl/ 25 September 2007, Montreal, Canada Civil Society Workshop: Privacy Rights In A World Under Surveillance A one-day workshop organized by the International Civil Liberties Monitoring Group (ICLMG) in cooperation with Canadian and international civil rights and privacy organizations ahead of the 29th International Conference of Data Protection and Privacy Commissioners in Montreal. http://www.thepublicvoice.org/events/montreal07/default.html 25-28 September 2007, Montreal, Canada 29th International Conference of Data Protection and Privacy Commissioners http://www.privacyconference2007.gc.ca/Terra_Incognita_home_E.html 12-15 November 2007, Rio de Janeiro, Brazil The Government of Brazil will host the second Internet Governance Forum meeting. http://www.intgovforum.org/ http://cgi.br/igf/ ============================================================ 11. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 25 members from 16 European countries. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - EDRI-gram in Serbian EDRI-gram is also available in Serbian, with delay. Translations are provided by Aleksandar Markovic http://sr.edrigram.googlepages.com/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0