Fairtunes
Music & MP3
7/28/2000; 10:38:08 AM 'Fairtunes is an Internet service that allows digital music consumers to pay artists for their work.'
Note, paying the artists is not the same as paying the copyright holder, as the studios hold the copyright. It's a purely moral gesture with no legal force.
No "There" There Misc.7/28/2000; 9:41:25 AM 'Cyberspace isn't on any map, but I know that it must exist, because it is spoken of every day. People spend hours in chat rooms. They visit Web sites. They travel through this electronic domain on an information superhighway. The language we use implies that cyberspace is a place as tangible as France or St. Louis or the coffee shop on the corner. But why, exactly, should we think of the Internet as a geographic location? I recently participated in a telephone conference call with people in several other states and countries. Were we all together in another "place"? I doubt that any of us thought so.'Counterpoint: In Bruce Sterling's relatively well-known (and freely available on the Internet) book, he starts the first chapter with the invention of the telephone as the first 'cyberspace'.To some extent, both views are right. Part of the problem is simply the nature of the metaphor, which not everybody agrees on. To his credit, the author actually points this out at the end of the article:'The cyberspace-as-place metaphor is probably here to stay. And it has its uses, as do the many other fanciful metaphors we use in everyday speech. But let's not be misled. The regulation of cyberspace -- in areas from copyright to taxation to privacy -- hardly represents the spoliation of a pristine and untamed land.'
Divided Data Can Elude the Censor Free Speech7/28/2000; 8:11:34 AM 'The system is called Publius, after the pen name adopted by the authors of the Federalist Papers. It dices up messages, encrypts the pieces and spreads them across many computer servers. The pieces, called keys, are designed so that even a small number of them can be assembled into a complete message. Thus, while keys would live on dozens or hundreds of computers, a user would need to have access to only a few of those computers to have enough information to reassemble the document. Publius recently accepted its first users as part of a two-month trial.'Dr. Rubin said he hoped that political dissidents and others would use Publius to spread messages that otherwise would run the risk of being censored by autocratic governments or powerful organizations. In a paper about Publius, for example, Dr. Rubin and his co-authors, Dr. Lorrie Faith Cranor, a senior researcher at AT&T, and Marc Waldman, a doctoral student at New York University, wrote that the Church of Scientology tried to censor information about itself that it considered secret. "The Church has used copyright and trademark law, intimidation and illegal searches and seizures in an attempt to suppress the publication of Church documents," they wrote.'AT&T doing this? Wow... in today's climate, they will be sued as a liable party when something gets released that somebody doesn't like (the Church of Scientology, mentioned in the article, is a likely one), and by their own admission, they will be powerless to stop it. This is a bold thing for a company to support.
Toysmart suspends auction of customer list
Privacy from Companies
7/28/2000; 8:06:36 AM 'Objections to the sale of confidential customer information have driven Toysmart.com to temporarily pull its customer list from auction, according to the Massachusetts attorney general's office....
'"The debtor said that because of all of the objections being filed (against the sale of its customer list), no bidder was wanting to come forward," said Massachusetts Assistant Attorney General Pam Kogut. "All of the objections had chilled the possibility of a sale." But this does not mean Toysmart will no longer consider the sale of its list, she added.'
Yesmail.com versus MAPS: Lawsuit on hold Spam & E-Mail7/27/2000; 1:56:28 PM 'REDWOOD CITY, CA and CHICAGO, IL – July 25, 2000 -- yesmail.com, a leading outsourcer of permission email marketing services and technologies and a majority-owned company of CMGI, Inc. (NASDAQ: CMGI), and Mail Abuse Prevention Systems, LLC (“MAPS”) today announced that they have signed a Memorandum of Understanding which puts the previously reported litigation on hold, lifts the Temporary Restraining Order (TRO), and does not list yesmail.com on MAPS’ Realtime Blackhole List, pending further talks between companies. Executives from MAPS and yesmail.com are working jointly to clarify optimal practices for the email marketing industry for obtaining consumer permission and protecting against fraudulent registrations. The companies expect a formal announcement in the near future.'David Tolmie, CEO of yesmail.com, stated, “As discussions with MAPS have proceeded, we are both finding that the goals for yesmail.com and MAPS are very much in alignment. We are looking forward to being able to announce an agreement which will represent a very strong statement from both of us regarding policies and practices for consumer permission and protection in the email marketing industry.” 'Paul Vixie, Managing Member of MAPS LLC, stated, “Once we started peeling back the covers on this, it turned out that yesmail.com’s stated business interests and the policies they were willing to put in place made them ineligible for listing on the Realtime Blackhole List (RBL). We think that the details we’ll set forth in the final agreement in this case will outline a model for all companies in the electronic marketing field.”'Two days old; several people covered the suit, nobody covered this agreement; this is from the press-release archive at MAPS. I guess this means the issues at stake have essentially been pushed back into the corner.
Napster Stopped in Its Tracks Music & MP37/27/2000; 8:53:35 AM 'A federal judge today has ordered the company to stop assisting its users in the downloading of copyrighted music, a broad if surprisingly sudden decision that the popular MP3-swapping startup said would effectively shut down its service. The company vowed to appeal the decision immediately.'This is disappointing. While I don't know how the trial was going to be ruled, I thought the brief would have been enough to stop this on some perfectly legitimate grounds. In particular, I was under the impression that if some injunction would destroy a business, it could not be given. RIAA may have won this round, but they may have opened themselves up if they don't end up winning the trial to some stiff reparations if the injunction is later overturned. The stakes just went up, for both sides.'At today's hearing and in legal briefs, Napster has fallen back on a host of defenses.... Patel soundly rejected each argument, saying that none applied to Napster, whose primary purpose was to assist its users in finding and downloading copyrighted music. "You can hardly stand back and say, 'Gee, I didn't know all that stuff was ... infringing,' " Patel scolded Napster's counsel at one point. She also appeared unsympathetic to Boies' contention that an injunction essentially would shut down the fledgling service because it was impossible to know which of the songs it indexes are copyrighted. "That is the system that's been created, and I think you're stuck with the consequences of that," she said.'If Napster couldn't even stop the business-killing injunction, this case is over. This judge has already ruled. Prepare your appeal. (iRights coverage about the legal briefs filed to block the injunction.)
Joel on Software Does Issuing Passports Make Microsoft a Country?
Privacy from Companies
7/27/2000; 7:30:57 AM 'Am I the only one who is terrified about Microsoft Passport? It seems to me like a fairly blatant attempt to build the world's largest, richest consumer database, and then make fabulous profits mining it. It's a terrifying threat to everyone's personal privacy and it will make today's cookies seem positively tame by comparison. The scariest thing is that Microsoft is advertising Passport as if it were a benefit to consumers, and people seem to be falling for it! By the time you've read this article, I can guarantee that I'll scare you into turning off your Hotmail account and staying away from MSN web sites.' Always read what Joel has to say. 'Now, if you go to another Microsoft web site, say, www.investor.com, the same thing will happen: you'll get redirected to Passport and then back to Investor. Because Passport is "telling on you", even though your web browser is supposed to be protecting your security by following the golden rule of cookies, it's really Passport that is signing you in. Bottom line: Hotmail knows that you're the same person that just went to Investor. And that applies to any Microsoft web site: Slate, Expedia, Hotmail, Investor, MSN, etc.' I'm not much of a source hacker, but when Mozilla gets released, there's a patch I hope to make. I want to 1. Flat out block ALL use of "window.open" from anything but a click on a link. 2. Always pop up a warning about redirects such as the one Microsoft is currently using for Passport and 3. Eliminate "window.onclose" as an event; that's how people do things when you leave the site. Something tells me those patches could become popular. (Actually, the ideal solution, which I don't have time to implement, would be to add another layer of security sandboxing, allowing the user to disable specified parts of ECMA/Javascript and the event model.)
RealNetworks admits to new spyware bug
Privacy from Companies7/26/2000; 3:16:56 PM (Actually, the Register is a little mistaken... it's not a "new" spyware bug... see iRights coverage July 17th, 2000.)'A flaw in RealNetworks RealDownload, Netscape/AOL Smart Download, and NetZip Download Demon, discovered by Gibson Research founder Steve Gibson, appears, at least in the case of RealNetworks, to be the result of ignorance rather than nefarious intentions, according to a FAQ hastily issued by the company.'"We weren't even aware [the flaw] was there," RealNetworks spokesman David Brotherton said in an interview with MSNBC. "We were not using it to log users behaviour in any way. The [unique identifier Gibson discovered] served no function we needed, and it has been eliminated."'Apparently, due to confusing information in Microsoft Windows developers' documentation (another shocker), an ID string the company had intended to be random actually identified users, and without RealNetworks knowledge.'I know this sounds like a little bending of the truth... but in Real's defense, it is plausible. To conduct any network transaction, unique identifiers are necessary. That is why your network interface is uniquely identified with a MAC address, built into the hardware at some point. (Even IP addresses are insufficiently unique; somebody else can claim them easily.) Since Microsoft provides a nice library function to generate a "UID", which is a highly random number (designed to be guarenteed unique to within some obscenely low probability of replication), it's natural that Real would use that function rather then write their own random number generator, which are notoriously tricky to actually get right.However, what the programmer may not have realized is that "UID", the word I carefully left undefined in the previous paragraph, stands for "Unique IDentifier", and while it will be random, if called in the same way produces identical numbers. It is plausible that the programmer(s) who made the decision to use that library function was unaware of that propery. I don't know if Real's excuses are true, just that it's plausible 
Ways to Defeat the Snooping Provisions in the Regulation of Investigatory Powers Bill Country Watch: Britain7/26/2000; 3:04:41 PM 'The Regulation of Investigatory Powers (RIP) Bill currently going through Parliament will introduce powers to allow a number of UK authorities to intercept Internet communications and to seize encryption keys used for the protection of such traffic and for the protection of stored computer data. Such powers are not limited in their application to those involved in criminal activities and this means that law abiding individuals and businesses may be subject to interception activities as well as demands to hand over their encryption keys. Although abuse of these powers may well be limited, there can be no doubt that this will sometimes occur and this means that honest computer and Internet users will bear increased risks to their privacy, safety and security once this legislation is enacted. 'This paper aims to show that the envisaged powers for interception and for the seizure of encryption keys are technically inept. It also aims to offer honest computer and Internet users advice on the practical steps they can take to maintain their privacy, safety and security in the presence of the oppressive powers introduced by this legislation.'To sum this paper's author's opinions of the new powers being granted to Britain's police in two words, "Why bother?"
DVD Update: EFF Detonates Mind Bomb in Court on Final Day of DVD Trial (July 25, 2000) DVD & DeCSS7/26/2000; 2:05:04 PM
'EFF's DVD defense team rested its case on Tuesday in litigation over the movie studios' attempt to ban DeCSS software that enables people to play DVDs on their computers. David Touretzky, a computer science professor at Carnegie Mellon University testified for the defense explaining the inherently expressive nature of computer code. Touretzky created a ''Gallery of CSS Descramblers'' his university Web site illustrating a multitude of ways that the idea of DeCSS can be expressed using various languages - from plain English to source code to assembly language, etc. He walked the court through a step by step illustration, demonstrating how a series of 1's and 0's taken from one rendition of the code actually communicate a specific idea expressed in the English or C-source code versions of the software.' Lots of meat in this story today. The judge was quite affected by the testimony, apparently, which may bode well in the long-term even if it doesn't change the short-term. David Touretzky also wrote a paper called ''Source vs. Object Code: A False Dichotomy'' Also, see the transcript for the day. (Search for the words "David Touretzky" to jump to his testimony... it's about halfway down.) I strongly recommend reading the transcript and visiting the gallery if you are not an expert in computer science; Prof. Touretzky lays out the case very, very clearly.