hja's blog

Protected: Dad Madness 2012

lockshot — Sat, 24 Dec 2011 17:46:58 +0000

This post is password protected. You must visit the website and enter the password to continue reading.

SOPA – the Stop Online Piracy Act – Is It Really Dangerous?

lockshot — Wed, 09 Nov 2011 07:28:09 +0000

Recently, the Stop Online Piracy Act, 112 HR 3261 (SOPA) was introduced as a bill in the US House of Representatives. This is the House companion to the Senate Protect-IP Act that drew considerable opposition from the tech and First Amendment quarters, so many of the issues remain same. The intent of SOPA is to help combat online piracy. This is a laudable goal; however, the unintended consequences are scary for intermediaries, websites with user generated content, DNS providers, and those of us who rely on the Internet as a vibrant and rich communications network.

SOPA grants IP claimants a lot more power than they currently have to remove allegedly infringing content and expands the scope of people who may be liable by giving:

the Attorney General the power to compel companies that maintain DNS look-ups to change the tables, also known as domain name filtering. See analysis by Larry Downes.

IP owners the power to require ad services and payment processors to stop doing business with a site by giving it notice that the site contains allegedly infringing content. See Public Knowledge’s analysis by Rashmi Ranganth.

the Attorney General injunctive relief power over anyone who allegedly circumvents copyright protections, and anyone who aids in the circumvention. See Public Knowledge’s analysis by jgraham.

The problem is that these are powerful remedies made available based upon unproven assertions and little due process. Imagine you’re a website operator, under SOPA you can get your Paypal payment processing services cut-off merely because someone claimed there’s infringing content or apps on your site. Faced with that choice, it’s an easy decision, remove the content early and often just to be safe.

IP rights are certainly important and need to be respected on the Internet, and there is a very real piracy problem, but SOPA threatens an essential attribute of the Internet – its ability to easily share information without friction and permissions. This doesn’t mean that the Internet should be a lawless expanse void of law or consequences either. The challenge is that SOPA exposes intermediaries to undue financial and legal liability for content in a way that will undoubtedly chill the free flow of content and ideas embodied in both software and media. In addition, the language in the bill is ambiguous leaving it open to abuse by plaintiffs who have already demonstrated aggressive interpretations of the existing DMCA framework. This is why there is so much concern that SOPA represents a real and dangerous threat to the Internet.

Some describe this debate in polemic terms, as Hollywood vs. the Internet, where the Internet slowly becomes managed by dominant media interests. Others have focused on the deleterious impact on human rights. Perhaps Masterswitch writer Tim Wu would see this as part of a larger pattern of how open information ecosystems become closed over time. US House Representative Zoe Lofgren, representing voters in Silicon Valley, warns that this “would mean the end of the Internet as we know it.” It could also just be bad legislation.

If SOPA becomes law, few think it will actually solve the problem. For example, it seems clear that blocking domains is not an effective means to combat piracy because domains can be redirected so easily. A while back Homeland Security asked Mozilla to take-down an add-on without a court order or a finding of liability. Under a SOPA regime, it appears the same incident would allow the putative plaintiffs to petition the Attorney General to issue an injunction compelling take-down based only on a specious claim of contributory infringement. Oddly SOPA makes one really appreciate the DMCA.

Many in the tech and policy communities are organizing to oppose SOPA. What’s most important is that Congress hears from everyone on this, whatever their view. Plus it’s Tuesday November 8th -voting day- so let your voice be heard. If you want to let Congress know that you oppose the legislation EFF and Public Knowledge have sites set up to easily send your message to Congress.

Additional links to the bill and other commentary can be found below.

HR 3261 – SOPA Bill Text

CDT – Growing Chorus of Opposition to “Stop Online Piracy Act”

Professors’ Letter in Opposition to “Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011” (PROTECT‐IP Act of 2011, S. 968)

CNET - SOPA: Hollywood’s latest effort to turn back time

CNET – US Government Also a Villian in piracy act story

EFF – SOPA: Hollywood Finally Gets A Chance to Break the Internet

Corporate Law Report – SOPA? E-PARASITE Act? Whatever It’s Called, Here’s A Primer on the Latest in Protect IP

Techdirt - An Open Letter To Chris Dodd: Silicon Valley Can’t Help Hollywood If You First Cripple It With Bad Regulation

Juxtaposition

lockshot — Thu, 15 Sep 2011 21:49:32 +0000

In the past few days I saw two messages that I thought were interesting, not sure why but wanted to share them.

The first was a sign in San francisco near the convention center. My kids asked “why should we be afraid of Google” –it was like someone told them to be afraid of Santa Claus. A quick G search and behold a whole gallery of work from xvala, a street artist.

The second was a daily email I get from Politico, an insider DC political newsletter I like to read. The subject line read “POLITICO Playbook presented by Google…” and the following text was included in the body of the email:

** A message from Google: Toothpaste, playing cards, and beef jerky may seem like an ordinary shopping list. But to a deployed soldier, a care package with these basics is a big deal. That’s why Meredith Leyva’s nonprofit, eCarePackage.org, lets people thank servicemen by creating custom care packages online. eCarePackage.org is based in Schertz, Texas, but connects to gift-givers around the U.S. using Google AdWords. Americans like Meredith support our troops. And Google is helping. **

Net net, the two messages, their placement, audiences, and POV are thought provoking.

Homeland Security Request to Take Down MafiaaFire Add-on

lockshot — Thu, 05 May 2011 15:30:30 +0000

From time to time, we receive government requests for information, usually market information and occasionally subpoenas. Recently the US Department of Homeland Security contacted Mozilla and requested that we remove the MafiaaFire add-on. The ICE Homeland Security Investigations unit alleged that the add-on circumvented a seizure order DHS had obtained against a number of domain names. Mafiaafire, like several other similar add-ons already available through AMO, redirects the user from one domain name to another similar to a mail forwarding service. In this case, Mafiaafire redirects traffic from seized domains to other domains. Here the seized domain names allegedly were used to stream content protected by copyrights of professional sports franchises and other media concerns.

Our approach is to comply with valid court orders, warrants, and legal mandates, but in this case there was no such court order. Thus, to evaluate Homeland Security’s request, we asked them several questions similar to those below to understand the legal justification:

Have any courts determined that the Mafiaafire add-on is unlawful or illegal in any way? If so, on what basis? (Please provide any relevant rulings)
Is Mozilla legally obligated to disable the add-on or is this request based on other reasons? If other reasons, can you please specify.
Can you please provide a copy of the relevant seizure order upon which your request to Mozilla to take down the Mafiaafire add-on is based?

To date we’ve received no response from Homeland Security nor any court order.

One of the fundamental issues here is under what conditions do intermediaries accede to government requests that have a censorship effect and which may threaten the open Internet. Others have commented on these practices already. In this case, the underlying justification arises from content holders legitimate desire to combat piracy. The problem stems from the use of these government powers in service of private content holders when it can have unintended and harmful consequences. Longterm, the challenge is to find better mechanisms that provide both real due process and transparency without infringing upon developer and user freedoms traditionally associated with the Internet. More to come.

Marching Along – Privacy Forward

lockshot — Tue, 08 Mar 2011 19:33:37 +0000

A bunch of folks, including Alex Fowler, Sid Stamm, and Mike Hanson to mention only a few, did some nice work developing Mozilla’s comments on the FTC’s proposed privacy framework. More details, including the comments, are available on the mozilla.com blog.

I’m still reading through some of the responses, and it’s really interesting seeing the diverse perspectives. Some saying the creation of a comprehensive US privacy framework will stifle innovation, leading to economic collapse and ruin, others suggesting the FTC hasn’t gone far enough. (+1 to an open government process with a robust debate and competing ideas)

One theme that seems to pervade the narrative unfortunately is the notion that doing right by the user from a privacy perspective is somehow hostile to innovation and business. This is a false paradigm. (We saw the same themes in the net-neutrality debate, but that’s a different story.) Innovating in services, managing information while being user centric and respectful aren’t competing values in my view. What’s right for the user doesn’t mean being hostile (or captive) to commercial motivations, nor should it mean rolling over to the great data slurp in the cloud.

As Eben Moglen recently reminded us, the web is young – some 7,000+ days young. Thus, there’s so much more to come, and we can’t drive by looking in the rear view mirror. So when I look forward, and see some of the ideas kicking around that give users both the benefits and control of their information in a “privacy forward” way, within and outside the Mozilla community, I see lots of opportunity and innovation.

This is pretty exciting, and on a good day, I feel lucky to observe and participate.

Recent Changes in US Crypto Export Rules

lockshot — Fri, 21 Jan 2011 17:43:18 +0000

On January 7, 2011, the US Government published a final export rule that relaxed export rules on publically available encryption code. Previously, mass market, encryption object code software was subject to US export controls. Under the new rule, issued by the Bureau of Industry and Security (BIS), publicly available, mass market, encryption object code software with a symmetric key length greater than 64-bits is no longer subject to the export control rules. Although the change will not have a limited direct impact on Mozilla because our code already falls under the TSU source code exception, the change is good because it simplifies and reduces the number of rules that might restrict distribution of publicly available, mass market, encryption object code software outside the US.

BIS reasoned that because there are no regulatory restrictions on making such software publicly available, and because, once it is publicly available, by definition it is available for download by any end user without restriction, removing it from the jurisdiction of the Export Administration Regulations (EAR) will have no effect on export control policy. Such policy is merely clarified and confirmed by this final rule.

This rule change follows the guidance of government and export law attorneys like Dan Minutillo (he also represents Mozilla) who argued in a recent California International Law Journal article that the Government should remove publicly available encryption code from the scope of items subject to the EAR based on the interpretation of a September 11, 2009 Advisory Opinion by the Director of Information Technology Controls Division, Office of National Security and Technology Transfer Controls, US Government. It seems this 2009 Advisory Opinion can be interpreted to relate directly to a Voluntary Self Disclosure filed by Minutillo on behalf of Mozilla regarding the exchange of code that resulted in a “No Violation Letter” from the US government in Mozilla’s favor.

Minutillo’s article takes the September 11, 2009 Advisory Opinion to its logical conclusion which appears to relate to the January 7, 2011, Final Rule mentioned above. Minutillo’s article states in pertinent part:

“Where does that leave us regarding the [September 11, 2009] Advisory Opinion? Relying on the second and fourth full paragraphs [of the Advisory Opinion] and using the above [meaning early parts of the Minutillo article] analysis, it appears that mass market encryption code, whether open or closed source, and other code which can be downloaded, meeting all the criteria discussed above, should be exportable by download without a violation of the EAR anywhere in the world without an export license, so long as the requisite footprint is kept in machine readable code in the provider’s data base and is not tracked or used for any purpose by the provider without having to rely on the TSU exception. The Advisory Opinion should be clarified to provide that non-encryption software provided for cost should be exportable, subject to the same standards as software without encryption (footprint so no restriction). Moreover, it appears that the United States Government should reconsider why merely collecting an email address and name of a downloader without more should reasonably trigger “knowledge” for purposes of the export regulations”.

New FTC Privacy Proposal

lockshot — Wed, 01 Dec 2010 21:48:13 +0000

Today the Federal Trade Commission released a proposal describing a new framework for protecting consumer privacy in both online and offline environments. The report reflects the new challenges users, publishers, service providers, and advertisers face in today’s digital environment and incorporates feedback from public roundtables conducted over the past year. The report acknowledges the shortcomings of the current “notice and consent” framework, but doesn’t abandon it completely, rather it seeks to implement it in a way that makes more sense for users.

While we’ll need more time to digest and evaluate the details, we’re encouraged by what we’ve seen so far. In particular, the FTC has proposed a set of principles that align well with the Mozilla manifesto and our approach to software development including:

privacy by design;
transparency;
user choice; and
no surprises.

Of course the devil is often in the details, but the first principles seem right. The FTC should also be commended for continuing its efforts to seek a comprehensive proposal rather than focusing only on one aspect of the issue.

The Commission has also shown that it understands the complexity and nuance of many of the issues, for example, the blending distinction between PII and non-PII, and the contextual nature of privacy issues. To that end, the Commission has articulated a robust set of questions on which it is seeking further public feedback. Comments on the proposal are due on January 13, 2011.

Over the next month, we’ll examine the questions and proposal in more detail and take advantage of this opportunity to share our experience, concerns, and views on the proposed framework.

If you have thoughts about the proposal let us know.

FCC Chairman Genachowski’s Proposal on Net Neutrality

lockshot — Wed, 01 Dec 2010 20:31:20 +0000

Today, the Chairman of the Federal Communications Commission, Julius Genachowski, issued a statement outlining a proposal to codify the open Internet principles and provide some resolution to the net neutrality debate. If adopted by the FCC in a hearing scheduled for December 21st, the new rules would represent a significant step forward in protecting users and innovation on the Internet. No doubt, the rules will not be perfect, nor achieve all of the aims sought by net neutrality proponents. As a whole, they represent major progress and reflect a delicate balance of the concerns of an array of stakeholders with often competing interest.

As proposed, the rules will establish needed non-discrimination, no blocking, and transparency principles for wireline communications. On the wireless side, it will establish rules that will prohibit blocking by carriers of lawful web sites or competitive voice, video, or telephony services, and require transparency in network management practices.

We urge the FCC to continue its efforts to promote rules that encourage a single framework regardless of the type of network. In the long term, there is “one Internet” and the rules should be the same for wired and wireless transport particularly given the importance and growth of wireless Internet access. Nonetheless, we’re pleased by the Commission’s efforts to protect the Internet and the qualities that have made it both so valuable and transformative.

New European Commission Privacy Recommendations

lockshot — Fri, 05 Nov 2010 17:11:02 +0000

The EC released its new privacy recommendations on Thursday to update the 15 year old EU privacy regime. The report contains the Commission’s findings from their analysis over the past year and announces an intention to investigate a number areas in more depth with the goal of proposing legislation in 2011. The impetus as described by the Commission is that today’s challenges “require the EU to develop a comprehensive and coherent approach guaranteeing that the fundamental right to data protection for individuals is fully respected within the EU and beyond.”

I suspect that for some the principles may be perceived as new administrative overhead and obstacles to an “optimum user experience.” My quick take (personal opinion) is that the findings and areas of study represent a move in the right direction. Ofcourse, the devil is in the details which will evolve over the coming year, so we’ll see. As the EC develops its new framework, finding reasonable and practical ways to implement the proposals will be essential to their success.

This is even more interesting given that the US Federal Trade Commission has indicated its coming out with recommendations soon. These would also likely result in legislation next year as well. It would be great (if not just common sense) to see as much harmonization between the two frameworks as possible. We can still dream.

Welcome any thoughts or observations about the proposal. Some highlights from the report are shown below, but the report is worth the read.

The Commission will consider how to ensure a coherent application of data protection rules, taking into account the impact of new technologies on individuals’ rights and freedoms and the objective of ensuring the free circulation of personal data within the internal market.

The Commission will examine ways of clarifying and strengthening the rules on consent.

The Commission will consider:
- introducing a general principle of transparent processing of personal data in the legal framework;
- introducing specific obligations for data controllers on the type of information to be provided and on the modalities for providing it, including in relation to children;
- drawing up one or more EU standard forms (‘privacy information notices’) to be used by data controllers.

The Commission will therefore examine ways of:
- strengthening the principle of data minimisation;
- improving the modalities for the actual exercise of the rights of access, rectification, erasure or blocking of data (e.g., by introducing deadlines for responding to individuals’ requests, by allowing the exercise of rights by electronic means or by providing that right of access should be ensured free of charge as a principle);
- clarifying the so-called ‘right to be forgotten’, i.e. the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes. This is the case, for example, when processing is based on the person’s consent and when he or she withdraws consent or when the storage period has expired;
- complementing the rights of data subjects by ensuring ’data portability’, i.e., providing the explicit right for an individual to withdraw his/her own data (e.g., his/her photos or a list of friends) from an application or service so that the withdrawn data can be transferred into another application or service, as far as technically feasible, without hindrance from the data controllers.
The Commission will examine the following elements to enhance data controllers’
responsibility:
- making the appointment of an independent Data Protection Officer mandatory and harmonising the rules related to their tasks and competences31, while reflecting on the appropriate threshold to avoid undue administrative burdens, particularly on small and micro-enterprises;
- including in the legal framework an obligation for data controllers to carry out a data protection impact assessment in specific cases, for instance, when sensitive data are being processed, or when the type of processing otherwise involves specific risks, in particular when using specific technologies, mechanisms or procedures, including profiling or video surveillance;
- further promoting the use of PETs and the possibilities for the concrete implementation of the concept of ‘Privacy by Design’.

Net Neutrality – Comments to the FCC

lockshot — Wed, 20 Oct 2010 23:05:48 +0000

The FCC recently asked for additional comments in its ongoing proceeding regarding Open Internet Principles. In particular, the FCC sought specific input on whether the openness principles should apply to both wireline and wireless networks.

We submitted comments in response to the FCC’s inquiry supporting application of the Open Internet principles to wireless networks. Relevant portions of the submission are shown below:

There is, and should be, only one Internet. Historically, the Internet has not distinguished between various forms of content or how users access such content. This non-discrimination has allowed consumers and software developers to choose between locations, platforms, and devices, all without complex negotiations with transport networks. This freedom has been a key reason why the Internet is so creative, competitive, and consumer-friendly. Internet users now benefit from this flexibility as they access the Internet across a wide range of devices and access points including 3/4G, WiFi, and wired networks. The wave of new Internet enabled mobile devices, such as the iPhone, iPad, and a broad range of smartphones, including Blackberry, Palm, and Android based devices, will continue to drive exponential increases in mobile Internet access. The central fact is that wireless Internet access is as important as wired Internet access.

The increasing importance of mobile networks is not the only reason policy should be network agnostic. Users should not have a significantly different experience as they move back and forth between connection types, and they should not have to be aware that one regulatory regime (applicable to wired and WiFi access) protects their ability to access content of their choosing, while another regime (for mobile wireless) does not. At the end of the day, users are not deciding to access a “wired platform” and then a “wireless platform” – they are simply deciding to access the Internet, and their access to content should not depend on how they happen to connect at any given moment. Given the undisputed importance and growth of wireless Internet access, the value created by keeping all Internet access open and neutral, and user expectations of a single Internet, it is imperative that the Commission protect the entire Internet, not just the wireline portion. The best way to do this is to extend the open Internet principles to wireless providers and protect the Internet, not the network.

We trust the FCC will consider these comments, and the many others like them, in reaching its final decision. You can submit your own comments here.