iRi

Graham Scheduled to Die Personal Commentary6/22/2000; 7:02:49 PM This is out of the domain I've chosen for my 'blog... but I wanted to comment on the execution of a man, which if it went according to schedule was 8 minutes ago. (Update: Gary Graham has been executed.)Some Dave Winer said crystalized something about my feelings on the death penalty. Abstractly, I believe that it indeed has a place in the world. But I now think, concretely, that place is not here. We are a rich society. We're housing enough criminals for life already. We can afford to keep this guy in prison for life, whatever his crime may have been. Regardless of how certain we are that he committed these heinous crimes, we will never be 100%, and it will never be worth that small chance (probably bigger then we think!) of being wrong.When is it OK? When a society literally cannot afford a murderous criminal. A new settlement on an untamed frontier, a subsistence-level society that's barely making it, or (to be more fantastic) a long-term space ship on a trip taking generations. A murderer can't be allowed to take the rest of the society down with him (or possibly her).By no stretch of the imagination is America that poor. And any issue that causes a 5-4 split of the Supreme Court can hardly be said to inspire 100% in society that this is the right decision (oh, I know technically that decision isn't directly a vote of confidence in the trial, but it might as well be). It's worth the money to not be wrong.Better to let many guilty men go unexecuted then for one innocent man be executed, to co-opt a common phrase. While looking for a source on that quote I found this paper examining the history of that phrase, in particular the "guilty-to-innocent ratio"s that have been proposed by various people.(Update: I'm surprised this issue, so contentious in the off-line world, isn't getting more attention from this world. It seems like just the sort of story that would get a lot of emotional attention.)

Report on the Platform for Privacy Preferences Privacy from Companies6/22/2000; 2:48:06 PM I've been examining the Platform for Privacy Preferences stuff, though I haven't had time to read through the actual standard.While P3P is powerful, it is amazingly complicated (even by computer geek standards!), which has been noted by several others I've read. I looked at AT&T's policy file, and it's huge and full of... stuff. P3P has complexity-through-too-many-options written all over it. Not only will sites and browsers need to adapt to using it before it will be of any use, powerful tools will need to be freely available to assist in generating these complicated files. AT&T has a generator based on earlier drafts, but a simple examination of some of the code it output shows it's not half as complicated as the AT&T site's code, nor was that simple generator enough for me to truly specify this site's privacy policy. Critique of P3P, along with a decent (albiet biased) summary: Pretty Poor Privacy: An Assessment of P3P and Internet Privacy. Summary:

This report examines whether P3P is an effective solution to growing public concerns about online privacy. The report surveys earlier experience with "cookie" technology and notes similarities. The report finds that P3P fails to comply with baseline standards for privacy protection. It is a complex and confusing protocol that will make it more difficult for Internet users to protect their privacy. P3P also fails to address many of the privacy problems specifically associated with the Internet. The report further finds that earlier versions of P3P were withdrawn because the developers recognized that the proposed negotiation process was too burdensome for users and that the automatic transfer of personal information would be widely opposed. It is anticipated that this version of P3P will also be significantly overhauled once it is reviewed. The report concludes that there is little evidence to support the industry claim that P3P will improve user privacy citing the widely accepted Fair Information Practices.The report recommends the adoption of privacy standards built on Fair Information Practices and genuine Privacy Enhancing Techniques that minimize or eliminate the collection of personally identifiable information. Simple, predictable rules for the collection and use of personal information will also support consumer trust and confidence. P3P, on the other hand, is likely to undermine public confidence in Internet privacy.

By far the most damning thing against P3P was said by the European Union (which has actual privacy policies) after evaluating P3P for use, which the paper relays:

A technical platform for privacy protection will not in itself be sufficient to protect privacy on the web. It must be applied within the context of a framework of enforceable data protection rules, which provide a minimum and non-negotiable level of privacy protection for all individuals. Use of P3P in the absence of such a framework risks shifting the onus primarily onto the individual user to protect himself, a development which would undermine the internationally established principle that it is the "data controller" who is responsible for complying with data protection principles.

Emphasis mine.Anyhow, iRights hypothetically is in compliance with this standard, just for fun, even though there's not a browser on the planet that can easily use P3P and I'd probably remove the P3P code if there was such a browser (as the code would only annoy users of that browser). If you look in the source of this page, you'll find a LINK to the code I linked to above, which is supposed to tell browsers where my P3P policy is. If I am correctly compliant, apparently I'm one of the first. This means that, if you were using a P3P compatible browser, and you tell the browser you do not want to give out any information to a site, you would either get a warning about this site or be blocked. The problem is, I don't collect any information about you, it's just that if you want to post a message in the discussion area, you have to sign up as a member. I don't use that info in any other way, I don't require that you give it to me. I'm not sure that P3P would let me correctly express "This site asks that you give it your real name if and only if you chose to participate on its message boards."I see no real reason to believe this will provide anything but a buzzword to crawl behind and a way to maintain the status quo. I'd like to see it improve privacy on the web, but I think it's destined to end up like the TRUSTe seal,

U.S. Antidrug Site Dealing Cookies Surveillance and Privacy from Government6/22/2000; 9:58:19 AM "The White House announced Wednesday that the Office of National Drug Control Policy's online antidrug message has been getting an assist from software cookies silently deposited in the Web browsers of those who visit the department's flashy Freevibe antidrug Web site."'"We will take all steps necessary to halt these practices now," the White House said in a statement.''"The concern here is that as DoubleClick does more and more monitoring it'll be really attractive to law enforcement," Smith says. He paints an Orwellian scenario whereby the FBI or the Drug Enforcement Administration could cull incriminating data about Web surfers' online habits.'Wonder what they'd think of mine?

Critics: P3P Debut A 'Step' Privacy from Companies6/22/2000; 8:55:02 AM "An Internet protocol designed to serve as an automatic privacy-protection agent appeared in a working software demonstration Wednesday after years of development and a near-death experience."'"If you read most (websites') privacy policies, there's nothing private about them. So now that we can encode those in a machine language, (that) hasn't fixed the privacy problem," Hill said. "All that means is bad privacy policies can now be written in a form that your computer can read."'I expect companies to snap this up and utterly neutralize it, just as they have neutralized the concept of posting privacy policies, as the quote above illustrates, by making them completely unreadable. Expect Internet Explorer to include P3P (Platform for Privacy Preferences) support as a hidden feature, difficult to use, and buggy. (Can you tell I have no faith in the data-gathering industry to regulate the data-gathering industry?)

Media Enforcer Music & MP36/22/2000; 8:36:19 AM "Media Enforcer is, at its core, a line of defense for owners of different media to put the responsibility back to the offending users. The current version supports Napster and Gnutella services, with more being added all of the time."The application will run for as long as you wish, checking all servers on all services for illegal material- giving you enough identifying information to either submit a ban on the users from the service, or to hold them responsible in a court of law if it comes to that."You are not as safe as you thought using Napster and Gnutella.

Lawrence Lessig -- Round Three General IP Issues6/22/2000; 8:14:07 AM It's round three... Lawrence Lessig:

It is the principles that matter: design principles, like e2e, and legal principles, like limited intellectual property rights and sensible contracting law. Eric [Raymond] agrees with these principles; his excellent criticism of patents and UCITA evinces as much. But he believes these principles follow from the embrace of laissez-faire. I don't get how the invisible hand defines principled law. UCITA, the DMCA, and the business method patent are all modifications to the conditions (contract and property law) that laissez-faire takes for granted. Among laissez-faire theorists, each of these changes is hotly contested. There are many who view strong intellectual property rights as fundamental property rights, as sacred as the right to land or chattel.

Emphasis mine.Much as I respect Eric Raymond, I think he's missing Eric's point. In a fair fight, the 'hacker ethic' of freedom might win... but it is not shaping up as a fair fight.

BT could face legal action over hyperlink claim Patents6/21/2000; 9:26:43 AM "Anger against BT's patent - predominantly in the US where the intellectual property specialists are currently talking to ISPs over issuing licences - has flared quicker than hooligans rioting after a game of basketball."Ironically, it's an action welcomed by some. Donavon J Pfeiffer Jr told The Register: 'As an American citizen, steeped in greed and raised on profit motive and litigation, I am hopeful that BT wins this lawsuit."'I and my cyberbuddies will then launch a class action suit against BT for every broken link we've ever had to deal with using product liability as the basis for the suit. After all, one load of bovine fecal matter deserves another.'"Also see several people commenting on previous art that applies to the issues at hand far better then the British Telecommunications (BT) patent.

Patent Seeks to Collect on Data Patents6/21/2000; 9:07:33 AM "TeleDynamics, a small Florida company, said its newly awarded patent has major import for -- well, just about any automated service that gathers user information and passes it to someone else."The company said its patent award has "sweeping" ramifications for Internet, telephone, and wireless Web services."Question: If the patent has "sweeping ramification" for all of those things, none of which ever saw the patent TeleDynamics file and therefore came up with it independently, how can it be unobvious?"Gathers user information and passes it to someone else?" What's the patented part? Using a dialog box to ask a user to enter an address? Using a network to send data? Using a computer?

The Limits of Copyright
General IP Issues
6/20/2000; 2:08:23 PM "As economists have confirmed, it is not the case that every increase in intellectual property protection always will increase innovation. Intellectual property is both an input and an output in the information economy. Raising the costs of inputs can dampen more than incent innovation. What is needed with intellectual property is balance, not extremes. Not "overly strong" intellectual property protection, but appropriately strong intellectual property protection."

E-business vs. 'none of your business'
Privacy from Companies
6/20/2000; 8:07:27 AM "Should it be illegal to carry a pocket organizer across an international border, because it contains names and numbers of people who didn't give their permission? Or should companies and governments be allowed to collect all manner of information on people without their knowledge or consent, to be sold, swapped and used in any way whatsoever?"

This article is a fairly good summary of the disparity between European and American "privacy" (inasmuch as the word applies to America) practices.