Now, Companies Can Track Down TheirCyber-Critics Misc.7/9/2000; 3:07:43 PM ''Thanks to a new product from Dallas-based eWatch -- and sold through Edelman Interactive public relations agency and PR Newswire -- companies can now monitor what people do or say on the Web and respond. The result: So-called "anticorporate activism," as it's known in the flak trade, will never be the same -- and neither will your sense of free speech as a consumer.'' ..."Still not convinced this is for real? eWatch's Skinner says Northwest Airlines used his service earlier this year to help it track down the identities of employees who organized a "sick-out" that nearly halted flights over the last Christmas holiday. The company has since fired those employees, and a court has upheld the legality of that action. The ruling is under appeal. Northwest is now using eWatch to help it target -- for reeducation -- the most teed-off of its fed-up fliers."Another reminder that technology will rise to the challenge of repressing people if we let it.
P3P Already Out Of Date?
Privacy from Companies7/7/2000; 2:01:37 PM Nothing much is happening today... that's generally good news 
I wanted to point out something about the Platform for Privacy Preferences. In light of the news laws concerning electronic signatures, is P3P already out of date? If you load the P3P standard, the word "signature" appears a grand total of zero times.Considering the ease with which you can now sign away your privacy rights, this is a big hole in the P3P specs. You can claim your site has wonderful privacy, tricking all P3P browsers into visiting without objection to this wonderful privacy policy, then trick the user into clicking a link that is a contract to collect information anyhow. (How do you trick the user? How about some fine print on the bottom of the page that clicking any further link is permission for the company to track anything they want to? It would be sufficient as the law currently reads.)P3P isn't even trustworthy if there are legal loopholes like this (assuming that P3P could even be considered binding). At the very least, there should be fields added to the spec, explaining what the company plans to do or not do with electronic signatures. That would be useful to me... I'd set my browser to reject anything using electronic signatures.
Electronic Vs. Digital Signatures Glossary7/7/2000; 11:55:55 AM It's been pointed out to me a couple of times, so it's worth explaining to everybody. There is a huge difference between "electronic" and "digital" signatures, even though many people (including me sometimes) have used the terms interchangably.Electronic signatures are the things recently given legal force by the US Federal Government. Essentially, they are the electronic equivalent of a signature on a conventional contract, capable of joining two parties into a legally binding agreement. The problem with the law is the incredibly low requirements on this legally binding signature. See previous coverage.Digital signatures are something else entirely. Digital signatures are placed on specific data, such as an e-mail, web request, or web page. Digital signatures verify that the data has not been tampered with, and can be used to verify that the data came from where it claimed to come from, using interesting, if a bit complicated, technical processes. For an overview, look at this page. Be sure to follow the links in the definition. For a more technical explanation, look at the Crypotgraphy FAQ, or more specifically, the section on digital signatures.At this point in time, the two are totally unrelated. This is unfortunate, as digital signatures could be easily used to enhance the security of electronic signatures, by reducing their forgibility.
Copyright Groups Knock Heads
Music & MP3
7/6/2000; 10:02:46 AM "On Wednesday, five composer and songwriter organizations -- BMI of the United States, GEMA of Germany, SACEM of France, SGAE of Spain, and SIAE of Italy -- announced an alliance to develop a technology infrastructure to track music use across international borders.
''The BMI alliance hopes to speed international compensation for composers, but there remains a slight complication. Last April, ASCAP (the other United States copyright organization) formed the International Music Joint Venture (IMJV), with Dutch and English licensing agents, with the intention of doing the same job.''
A Fight to Ban Cell Phone Spam Spam & E-Mail7/6/2000; 9:35:26 AM A fight to ban cell phone spam... before we can even manage to ban e-mail spam."Although members of the wireless industry say advertising in the wireless future is inevitable and will help subsidize cell-phone use, Representative Rush Holt (D-New Jersey) is currently drafting a bill similar to a law prohibiting unsolicited junk mail on fax machines."Also interesting from that article, an update on the e-mail Spam ban:
This isn't Holt's first campaign to combat spam. He was the lead co-sponsor of the "Can Spam Act," which would fine email spammers up to $50,000 for sending unsolicited junk mail illegally. Provisions of this bill made it to a more comprehensive measure authored by Representative Heather Wilson (R-New Mexico), the Unsolicited Commercial Electronic Mail Act of 1999. The bill, expected to pass the House of Representatives on Wednesday, mandates the accurate return address be posted on unsolicited commercial email and makes it illegal for spammers to continue sending unsolicited junk mail after they've been warned by irked recipients or Internet service providers.Emphasis mine.
How many LoC/sec?
Personal Commentary
7/5/2000; 3:29:55 PM I don't know why, but I love this commercial. "How many libraries of Congress per second can your software handle?" just sings to me for some reason.
"One thousand billion trillion bytes."
Europe Investigating Echelon Surveillance and Privacy from Government7/5/2000; 10:50:56 AM "The EU committee has one year to establish whether the Echelon system really exists and whether European industry has been damaged by global interception of communications. It will also consider whether the privacy of individuals can be protected from spying and how this can be done."In a seperate development, the French are opening their own investigation.
Dintilhac's office began the preliminary investigation in response to a letter by a French center-right member of the European parliament, Thierry Jean-Pierre, who alleged Echelon was potentially prejudicial to French nationals and to France's economic interests.Dintilhac has ordered the state counter-intelligence agency DST to find out whether Echelon's activities could be qualified under French law as ``harmful to the vital interests of the (French) nation.''More power to them. If my country has engaged in these practices, I am ashamed.It has been pointed out that countries spy on each other all the time, and that there are no friends at the nation level, only interests. This is true, and regardless of how you feel about it, there's nothing you can do about it that makes any sense. If you stop to think about it, you might even call it a good thing. However, to pass information on to private individuals with the intent of enriching them, that is over the line.Slashdot article on the French probe... unusually informative in the higher-scoring comments.
Napster Leaps To Its Own Defense Music & MP37/5/2000; 8:11:14 AM "Laying out a defense that sets the stage for a legal showdown at the end of the year, attorneys representing Napster responded Monday to the recording industry's request that the song-swap service be immediately shut down."A few comments:'"As long as the consumer is engaged in non-commercial activity, that is something that the Audio Home Recording Act immunizes," Boies says.' ... In response, the RIAA argues that Napster is disqualified from such a defense because it has built a business around the sharing of its users.'RIAA's response will probably convince the court... but in the long term, they miss a bigger problem with the whole argument that may come back to bite them. It's not Napster-the-company doing the sharing. If it's Napster-the-company's fault, it's not the user's fault (at least, I've haven't heard anybody trying to split the blame, not even RIAA). In that case, for those sharing MP3's with Gnutella... it's nobody's fault (read: responsibility). Napster-the-software-like stuff happens with the only central authority being "the Internet". RIAA really should try for saddling Napster users with part of the blame, rather then seeming to admit the point that users are engaged in non-commercial use of the system.'"If you make something that has unlawful and lawful [in this case, sharing public-domain MP3's] uses, you don't want to ban it," Boies argues. "The courts have a strong reluctance to interfere in a new technology."'Apparently the record companies have no comment on this one. It's pretty powerful. Maybe I should MP3 some more of my work and share it on Napster... give them some perfectly legal MP3's to point at.The final argument in stunning in scope:'The RIAA represents five companies that control 85 percent of recorded music sales in the United States. ... "This is a new technology that threatens the control of a dominant trade association," Boies says. "If you use copyrights to achieve an anti-competitive purpose, you lose the right to enforce your copyrights."'Wow! I'd like to see that one accepted by the courts! RIAA responds by saying that they are not a plaintiff in the case, but still, trying to strip copyright protection from the vast majority of popular music in existance is certainly a bold move!Update: David Boies court brief. Note: It's not the dense legalese you might be expecting, it's actually quite readable. In fact, I'd highly recommend you do so.
The Napster library
Misc.
7/5/2000; 7:50:36 AM "But imagine if your public library eventually became a kind of Napster for the literary set -- offering free, downloadable versions of all the hottest book releases, which you could trade with your friends, and carry around on your PDA."
Failed dot-coms may be selling your private information
Privacy from Companies
6/30/2000; 12:05:06 PM "At least three companies that have recently failed, Boo.com, Toysmart and CraftShop.com, have either sold or are trying to sell highly sought-after customer data that could include information such as phone and credit card numbers, home addresses, and even statistics on shopping habits."
'"It is inappropriate and potentially illegal to sell customer information when it was collected under the assumption that it wouldn't be shared," said Truste spokesman Dave Steer. "It's an invasion of privacy and if not handled swiftly could happen again and again."'