EFFector Vol. 19, No. 1 January 6, 2005
A Publication of the Electronic Frontier Foundation ISSN 1062-9424
In the 362nd Issue of EFFector:
- Action Alert: Illegal NSA Wiretapping Program Involved Data-Mining
- Judge Grants Preliminary Approval for Sony BMG CD Settlement
- EFF Calls on EMI to Permit Security Research on Copy-Protected CDs
- miniLinks (7): NSA Watch
- Administrivia
Action Alert: Illegal NSA Wiretapping Program Involved Data-Mining
News reports over the holidays revealed that the US National Security Agency (NSA)'s presidentially-approved domestic spying program is even broader than the White House acknowledged.
First it was revealed that the Administration has been wiretapping the international phone and email communications of people inside the US without getting search warrants.
Now we learn that, according to the New York Times and the Los Angeles Times, the NSA has gained access to major telecommunications switches inside the US, giving it essentially unchecked access not only to international communications but to purely domestic emails and phone calls as well. Those newspapers, and a new book by New York Times reporter James Risen, have further revealed that the NSA has been using that access--as well as access to telecommunications companies' databases--to data-mine Internet logs and phone logs for suspicious patterns, presumably to find new targets for the wiretapping program.
The continuing revelations about the NSA's illegal surveillance activities make a mockery of the current debate over USA PATRIOT reform. The Administration has been vigorously arguing against adding any new checks and balances to its foreign intelligence capabilities in the new PATRIOT renewal bill, yet the White House has now admitted that it authorized the NSA to bypass the few checks and balances remaining after PATRIOT. What good is legislative reform if the Administration considers itself above the law?
EFF is actively investigating all options for going to court and challenging the NSA program. However, the exact scope of the "President's Program," as it has been called, is still very unclear, and these new revelations show just how badly a Congressional inquiry is needed to get to the bottom of things. Senator Arlen Specter (R-PA) has vowed to hold hearings in the Senate Judiciary Committee, but neither the House nor Senate Intelligence Committees has announced similar plans. What is needed here is a full-court press from Congress--it appears that the facts we've gotten so far are potentially the tip of the iceberg.
Specter's hearings start this month. The debate over PATRIOT will resume, too, as the "sunsetting" provisions of the Act are now set to expire on February 3rd. Particularly in light of the NSA scandal, Congress should not even consider renewing the spying powers in the PATRIOT Act until the public hears the full story of the President's Program.
Visit our Action Center and tell your Senators and
Representative to support hearings on the NSA program and
oppose PATRIOT renewal:
http://action.eff.org/site/Advocacy?id=200
New York Times, "Spy Agency Mined Vast Data Trove, Officials
Report," 12/24/05:
http://www.nytimes.com/2005/12/24/politics/24spy.html
Los Angeles Times, "U.S. Spying Is Much Wider, Some Suspect,"
12/25/05:
http://www.eff.org/cgi/tiny?urlID=548
Excerpt from James Risen's "State of War," discussing "the
Program":
http://cryptome.org/nsa-program.htm
Judge Grants Preliminary Approval for Sony BMG CD Settlement
Customers to Get Clean CDs and Extra Downloads Because of Flawed Copy-Protection
New York - A US District Court judge in New York gave preliminary approval Friday to a settlement for music fans who purchased Sony BMG music CDs containing flawed copy protection programs.
Under the proposed settlement, Sony BMG will stop manufacturing CDs with both First4Internet XCP and SunnComm MediaMax software. People who have already purchased the flawed CDs will be offered the same music without digital rights management (DRM), and some will also receive downloads of other Sony BMG music from several different services, including iTunes. The settlement would also waive several restrictive end user license agreement (EULA) terms and commit Sony BMG to a detailed security review process prior to including any DRM on future CDs, as well as providing for adequate pre-sale notice to consumers in the future.
Consumers can exchange CDs with XCP software for clean CDs now, but the rest of the settlement benefits will not be available until an official notice to the class has been issued. The court ordered that the notice--via newspaper ads, Google ads, email and other means--must occur by February 15. Once that notice goes out, consumers can begin submitting claims for settlement benefits and should get those benefits within 6-8 weeks of submitting the proof of claim form.
To help consumers figure out what the settlement means to them, EFF has posted a list of frequently asked questions (FAQ) on its website. The FAQ tells music fans how to return their flawed CDs, how to get their clean CDs and downloads in exchange, and how to opt-out of this settlement. The deadline to opt-out of the settlement is May 1, 2006.
"The settlement helps consumers finally get music that will play on their computers without invading their privacy or eroding their security," said EFF Staff Attorney Corynne McSherry. "Now that the court has given preliminary approval, the next step is to make sure that the millions of music fans who bought these XCP and MediaMax CDs understand what is available and how to get it."
The problems with the Sony BMG CDs surfaced when security researchers discovered that XCP and MediaMax installed undisclosed--and in some cases, hidden--files on users' Windows computers, potentially exposing music fans to malicious attacks by third parties. The infected CDs also communicated back to Sony BMG about customers' computer use without proper notification.
EFF and its co-counsel--Green and Welling, Lerach, Coughlin, Stoia, Geller, Ruchman and Robbins, and the Law Offices of Lawrence E. Feldman and Associates--along with a coalition of other plaintiffs' class action counsel, reached the settlement after negotiations with Sony BMG over the last month.
You can stay updated on the progress of the settlement agreement by visiting the FAQ page.
FAQ on Sony BMG settlement proposal:
http://www.eff.org/IP/DRM/Sony-BMG/settlement_faq.php
For this release:
http://www.eff.org/IP/DRM/Sony-BMG/settlement_faq.php
EFF Calls on EMI to Permit Security Research on Copy-Protected CDs
Fear of Legal Action Chills Computer Security Researchers
San Francisco - The Electronic Frontier Foundation (EFF) this week sent an open letter to EMI Music -- the record label representing artists including Paul McCartney and Coldplay-- calling on it to agree not to pursue any legal action against computer security researchers who examine the copy-protection technologies used on some EMI CDs.
In late 2005, independent researchers uncovered security problems with Sony-BMG copy-protected CDs, forcing the label to issue patches and uninstallers to those customers who had played the CDs on Windows computers. Several record labels owned by EMI, including Virgin Records, Capitol Records, and Liberty Records, use similar copy-protection technologies supplied by Macrovision. On those CDs, an end user license agreement (EULA) forbids reverse engineering for any reason, including security testing. In addition, the Digital Millennium Copyright Act (DMCA) has chilled the efforts of computer security researchers interested in examining copy-protected CDs.
In the open letter published Wednesday, EFF urges EMI Music to publicly declare that it will not take legal action against computer security researchers who study copy-protected CDs released by record labels owned by EMI.
"Music fans deserve to know whether EMI's copy-protected CDs are exposing their computers to security risks," said Fred von Lohmann, senior staff attorney with EFF. "When it comes to computer security, it pays to have as many independent experts kick the tires as possible, and that can only happen if EMI assures those experts that they won't be sued for their trouble."
Full text of the open letter to EMI Music:
http://eff.org/IP/DRM/emi.pdf
For this release:
http://www.eff.org/news/archives/2006_01.php#004294
miniLinks
miniLinks features noteworthy news items from around the Internet.
NSA Watch
The ACLU relaunches its informational surveillance network
mini-site.
http://www.nsawatch.org/
Finding Subversives with Amazon Wishlists
How to data-mine with a few scripts and a lot of publicly
available data.
http://www.applefritter.com/bannedbooks
Reality Mining
MIT data-mining experiment shows just how much you can learn
from a sprinkling of traffic data.
http://reality.media.mit.edu/
Berlind, Neuros Fight Against Analog Hole Plugging
The ZDNet editor and CEO of consumer tech company point out
how any new legislation would kill tech innovation and raise
prices.
http://blogs.zdnet.com/BTL/?p=2321
L.A. Times on the Analog Hole Law
"As Sony BMG learned ... unanticipated glitches can inflict
more than enough pain to offset any reduction in illegal
copying."
http://www.latimes.com/news/opinion/la-ed-analog30dec30,0,5786724.story?coll=la-home-oped
Our Tunes
The Guardian on how UK indy music makers are using the net to
bypass the labels and make money for themselves.
http://www.guardian.co.uk/filmandmusic/story/0,16373,1672793,00.html
Canadian Copygraft Scandal Grows
Michael Geist continues the investigation into money paid to
MP Sam Bulte, Canada's strong copyright advocate in
parliament.
http://www.michaelgeist.ca/index.php?option=com_content&task;=view&id;=1058
Administrivia
EFFector is published by:
The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
http://www.eff.org/
Editor:
Rebecca Jeschke, Media Coordinator
rebecca@eff.org
Membership & donation queries:
membership@eff.org
General EFF, legal, policy, or online resources queries:
information@eff.org
Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements & articles may be reproduced individually at will.
Current and back issues of EFFector are available via the Web at:
http://www.eff.org/effector/