Supreme Court Denies Cert in RIAA v. Verizon

The Supreme Court denied cert for the RIAA’s appeal in RIAA v. Verizon.
EFF: “No “Fishing License” for the RIAA

This is very good news for a number of reasons. First, it affirms that using a peer-to-peer file-sharing program does not automatically strip you of your right to privacy or anonymity on the Internet. Second, it’s an important check on the DMCA, which allows anyone simply claiming copyright infringement the ability to get your name, address, phone number, etc. Critical constitutional and privacy safeguards should not be removed wholesale on the mere assertion of wrongdoing.

CBS Marketwatch: Supreme Court refuses to hear Internet privacy case

This decision means copyright holders and their representatives — or identity thieves and stalkers posing as copyright holders – will not be allowed to obtain personal information about Internet users by simply filing a one-page form with a court clerk,” said Sarah Deutsch, Verizon’s associate general counsel, in a statement.

Washington Post: Supreme Court Internet Privacy Decision: Chat with Verizon attorney Sarah Deutsch.

SSRN-Reconstructing Electronic Surveillance Law by Daniel Solove

Daniel Solove: Reconstructing Electronic Surveillance Law, George Washington Law Review, Vol. 72, 2004.

The USA-Patriot Act made a number of changes in electronic surveillance law, but the most fundamental problems with the law did not begin with the USA-Patriot Act. In this article, Professor Solove argues that electronic surveillance law suffers from significant problems that predate the USA-Patriot Act. The USA-Patriot Act indeed worsened some of these problems, but surveillance law had lost its way long before. Surveillance law is thus in need of a radical reconstruction.

The Governator asks to see ID

The San Fransisco Chronicle reports: Governor signs Internet piracy bill / E-mail address required to share movies, music online

Aiding the industry that helped him gain worldwide fame, Gov. Arnold Schwarzenegger signed legislation Tuesday aimed at discouraging online piracy by requiring anyone disseminating movies or music on the Internet to disclose their e-mail address.
California file sharers who trade songs or films without providing an e- mail address will be guilty of a misdemeanor, under the first-in-the-nation measure that could make it easier for law enforcement to track down people who illegally download copyrighted material.

The bill is SB1506.
Previously: California to force file sharers to wear name tags.

Spynet Tap

Newsweek looks at possible effects of the Councilman decision and the FCC ruling that VoIP services must comply with CALEA: Wiretapping the Web

As if hacking worries weren’t enough, two recent legal developments have raised further fears among Web privacy advocates in the United States. In one case, the Federal Communications Commission voted 5-0 last week to prohibit businesses from offering broadband or Internet phone service unless they provide Uncle Sam with backdoors for wiretapping access. And in a separate decision last month, a federal appeals court decided that e-mail and other electronic communications are not protected under a strict reading of wiretap laws. Taken together, these decisions may make it both legally and technologically easier to wiretap Internet communications, some legal experts told NEWSWEEK. “All the trends are toward easier to tap,” says Kevin Bankston, an attorney at the nonprofit Electronic Frontier Foundation.

GMail Privacy Kerfuffle

On April 1, Google announced Gmail, its new free webmail service, which features an unprecedented 1GB of storage. Google plans to generate revenue from this service by placing advertising in the service. The major free webmail providers, including Yahoo! and Hotmail, sell advertising banners in their services. Google will provide context-related text advertising in GMail. Google already provides contextual advertising for searches and to third-party websites who use the AdSense service.
Some privacy advocates are concerned that Google will be scanning the content of its users’ emails. A letter from 28 privacy and civil liberties organizations to Google CEO Sergei Brin:

Google’s proposed Gmail service and the practices and policies of its business units raise significant and troubling questions.
First, Google has proposed scanning the text of all incoming emails for ad placement. The scanning of confidential email violates the implicit trust of an email service provider. Further, the unlimited period for data retention poses unnecessary risks of misuse.
Second, Google’s overall data retention and correlation policies are problematic in their lack of clarity and broad scope. Google has not set specific, finite limits on how long it will retain user account, email, and transactional data. And Google has not set clear written policies about its data sharing between business units.
Third, the Gmail system sets potentially dangerous precedents and establishes reduced expectations of privacy in email communications. These precedents may be adopted by other companies and governments and may persist long after Google is gone.

The privacy policy for Gmail is still a work in progress. The most troubling aspect of the privacy policy
Internet e-mail is an insecure means of communications and users should avoid sending confidential information unencrypted across the internet because the messages may be intercepted and read while in transit. So long as Google does not log data about the keywords extracted from e-mail, this is the least objectionable privacy concern about the Gmail service. Already, many e-mail providers scan e-mail messages for spam or virus contents. Email users are free to choose other webmail services if they are uncomfortable with Google inserting contextual ads next to their inboxes.
Other concerns include identifiability and record retention. EFF Deep Links reports that Your Gmail Email Address Can Be Linked to Your Search History. This changes Google’s search data from being at least somewhat anonymous to becoming linked to an identity. EFF recommends that Gmail users frequently delete their Google cookie. Google could de-link search records from e-mail identity by using separate cookies and user id’s for search and Gmail.
Google’s fuzzy data retention policies are troubling. When a Gmail user deletes a message from her Gmail account, that message may not be immediately deleted from the system, but instead live on in a limbo where a deleted message may be recoverable long after a user thinks that message has vanished.
Going to extremes, California State Senator Liz Figuero plans to introduce legislation to prohibit scanning personal e-mail for advertising purposes. BBC News: Google’s Gmail Could Be Blocked. ClickZ: Lawmaker Voices Google Privacy Concerns

Figueroa called the tradeoff of contextual ads for greater storage and other enhancements a Faustian bargain.
“They will be scanning your private e-mail,” Figueroa [said]. “You may say that’s fine and dandy, but I may not like it. To what extent are we giving up privacy?”

Eugene Volokh responds, Please Save Us From Ourselves, Ms. Legislator:

 I realize that there are sometimes plausible arguments for saving people from their own folly; I don’t always agree with them, but I respect them — for instance, if their folly seems likely to get them killed (consider bans on dueling, seat belt laws, and the like), or likely to get them addicted and thus drastically diminish their ability to undo their error (that’s a common justification for bans on certain drugs), or likely to seriously harm others as well as themselves.
What’s striking about this proposal is how utterly inapplicable those arguments are here. The Nanny State (or, at this point, one of its directors) is trying to save us from the irreversible, appalling horror of getting custom-tailored advertising based on the context of our e-mail. We’re in trouble indeed.

Stanford Privacy Symposium

This weekend, the Stanford Law, Science and Technology Program held a symposium on Securing Privacy in the Internet Age which sounds like it was very interesting.
Here are some posts covering the event from Stanford’s Center for Internet & Society weblog: Live from CIS Privacy Symposium, Approaches to Reform, From Contractual Freedom to Strict Liability, Challenges for the Chief Privacy Officer
From bIPlog: Privacy on Several Fronts
Michael Froomkin (who spoke about National ID Cards) posted some Notes From the Stanford Privacy Conference

Wiretap dancing

The Justice Department, DEA and FBI filed a petition with the FCC for an expedited rulemaking process to grant law enforcement expanded authority to wiretap packet-based communications– particularly those that go over the internet.
LawMeme provides a concise analysis: FBI seek to expand the system-formerly-known-as-Carnivore

Under the FBI’s proposal, all broadband Internet providers, including cable modem and DSL companies, would be required to rewire their networks to facilitate police wiretapping. Companies would bear “sole financial responsibility for development and implementation of CALEA solutions” but would be authorized to raise prices to cover their costs.

Washington Post: Easier Internet Wiretaps Sought

Justice Department lawyers argue in a 75-page FCC petition that Internet broadband and online telephone providers should be treated the same as traditional telephone companies, which are required by law to provide access for wiretaps and other monitoring of voice communications. The law enforcement agencies complain that many providers do not comply with existing wiretap rules and that rapidly changing technology is limiting the government’s ability to track terrorists and other threats. FBI adds to wiretap wish list

Legal experts said the 85-page filing includes language that could be interpreted as forcing companies to build back doors into everything from instant messaging and voice over Internet Protocol (VoIP) programs to Microsoft’s Xbox Live game service. The introduction of new services that did not support a back door for police would be outlawed, and companies would be given 15 months to make sure that existing services comply.

Ernest Miller: A Race the FBI Can’t Win: The Increasingly Asymmetric Costs of Wiretap Surveillance vs. Wiretap Avoidance

If I were the FBI, I wouldn’t waste my time on a battle I ultimately couldn’t win and instead would concentrate my efforts on the place where I could still achieve my goals – the ends. You want to know what someone is up to online? I would recommend, for example, key loggers, “real” spyware, and social engineering. It ain’t gonna be easy, but you have a chance of winning in the long term. The sooner you quit a race you can’t win, the faster you can enter a race where you have a chance.