EFFector Vol. 19, No. 45 December 21, 2006 editor@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 In the 406th Issue of EFFector:

• Lawsuit Demands Answers About Government's Secret 'Risk Assessment' Scores
• Help EFF Investigate Invasive Travel Screening Program
• Computer Security Expert Edward W. Felten Joins EFF Board of Directors
• Celebrate EFF's Sweet 16 on January 11!
• Visit EFF at Macworld, January 9-12!
• Akaka-Sununu Bill Corrects Many Bad Aspects of Real ID Act
• State AGs Reach Settlement on Sony BMG Rootkit Debacle
• DRM Fading for Music: The Year in Review
• Nominate a Pioneer for EFF's 2007 Pioneer Awards!
• miniLinks (11): Privacy Alert Network
• Administrivia

For more information on EFF activities & alerts:
 http://www.eff.org/

Make a donation and become an EFF member today!
 http://eff.org/support/

Tell a friend about EFF:
 http://action.eff.org/site/Ecard?ecard_id=1061

effector: n, Computer Sci. A device for producing a desired 
change.

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Lawsuit Demands Answers About Government's Secret 'Risk 
Assessment' Scores

Millions of U.S. Travelers Affected by Giant Data-Mining 
Program

Washington, D.C. - The FLAG Project at the Electronic 
Frontier Foundation (EFF) filed suit against the Department 
of Homeland Security (DHS) in federal court this week, 
demanding immediate answers about an invasive and 
unprecedented data-mining system deployed on American 
travelers.

The Automated Targeting System (ATS) creates and assigns 
"risk assessments" to tens of millions of citizens as they 
enter and leave the country. In November, DHS announced 
that the program would launch on December 4, but Homeland 
Security Secretary Michael Chertoff later admitted that the 
program had already been in operation for several years.

"The news of this secret program sparked a nationwide 
uproar. DHS needs to provide answers, and provide them 
quickly, to the millions of law-abiding citizens who are 
worried about this 'risk assessment' score that will follow 
them throughout their lives," said EFF Senior Counsel David 
Sobel.

Under ATS, individuals have no way to access information 
about their "risk assessment" scores or to correct any 
false information about them. But while you cannot see your 
score, it will be made readily available to untold numbers 
of federal, state, local, and foreign agencies. The 
government will retain the data for 40 years.

While the publicly available information about ATS is 
disturbing enough, there are many critical details the 
government did not disclose. For example, DHS has not 
announced what the consequences might be of a "risk 
assessment" score that indicates an individual might be a 
threat. EFF's suit demands an urgent and expedited response 
to the Freedom of Information Act (FOIA) request filed 
earlier this month, including all Privacy Impact 
Assessments for the ATS, all records that describe redress 
for individuals who believe the system includes inaccurate 
information, and all records that discuss potential 
consequences for travelers as a result of the system.

"ATS is precisely the sort of system that Congress sought 
to prohibit with the Privacy Act of 1974," said Sobel. "DHS 
needs to abide by the law and give Americans the 
information they deserve about this dangerous program."

Congressional leaders have indicated that they are likely 
to convene hearings on ATS when the new Congress convenes 
in January. EFF's lawsuit cites that pending oversight as 
an additional reason why DHS must release details about the 
system on an expedited basis.

For the FOIA complaint filed against the Department of 
Homeland Security:
http://www.eff.org/Privacy/ats/ats_complaint.pdf

For more on the ATS program and other travel screening 
issues:
http://www.eff.org/privacy/travel/

For this release:
http://www.eff.org/news/archives/2006_12.php#005045

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Help EFF Investigate Invasive Travel Screening Program

The invasive Automated Targeting System (ATS) described 
above was only recently revealed to the public, and EFF is 
attempting to document the system's effect on law-abiding 
individuals.

If you have experienced difficulties when entering or 
leaving the United States, we'd like to hear from you. We 
are particularly interested in hearing from folks who have 
had repeated problems or have been told by government 
agents that they are on a "list" or that there is some 
unexplained "problem" that needs to be resolved. Please 
share your story with us by writing to  and 
providing as much detail as possible. We will treat all 
responses confidentially and may contact you to follow-up.

For more on ATS:
http://www.eff.org/privacy/travel

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Computer Security Expert Edward W. Felten Joins EFF Board 
of Directors

Princeton Professor Behind Important E-voting Vulnerability 
Research

San Francisco - The Electronic Frontier Foundation (EFF) 
welcomes the newest member of its Board of Directors, 
computer security expert Edward W. Felten. A professor of 
Computer Science and Public Affairs at Princeton 
University, Felten recently demonstrated the ability to 
manipulate results on a Diebold electronic voting machine -
- showing that the equipment was extremely vulnerable to 
"vote-stealing" attacks that would undermine the accuracy 
of vote counts.

Felten's research interests include computer security and 
privacy -- especially relating to media and consumer 
products -- and technology law and policy. He has published 
about 80 papers in the research literature and two books. 
Felten was the lead computer science expert witness for the 
Department of Justice in the Microsoft antitrust case. He 
has also testified before the Senate Commerce Committee on 
digital television technology and regulation and before the 
House Administration Committee on electronic voting.

Felten is the founding Director of Princeton's Center for 
Information Technology Policy, and his weblog, at freedom-
to-tinker.com, is widely regarded for its commentary on 
technology, law, and policy. In 2004, Scientific American 
magazine named Felten to its list of 50 worldwide science 
and technology leaders.

"EFF confronts critically important issues on the cutting 
edge of technology and freedom," said Felten. "My research 
and EFF's work have often intersected over the years, and 
I'm very pleased to take the next step and join the board 
as we strive to keep the digital world innovative, free, 
and secure."

In 2001, Felten and EFF sued the Recording Industry 
Association of America and the Secure Digital Music 
Initiative in a case challenging the constitutionality of 
the Digital Millennium Copyright Act (DMCA). EFF honored 
Felten with a Pioneer Award in 2005, which recognizes those 
who have made outstanding contributions to the development 
of computer-mediated communications and empower individuals 
in using computers and the Internet. He had previously 
served on EFF's advisory board.

"I have always been a huge fan of Ed's work, using his 
technical expertise to expose weak and vulnerable 
technologies to those of us more technically challenged," 
said EFF Executive Director Shari Steele. "I'm delighted to 
have him join EFF's Board of Directors."

Other members of EFF's executive board include Brad 
Templeton, John Perry Barlow, David Farber, John Gilmore, 
Brewster Kahle, Joe Kraus, Lawrence Lessig, and Pamela 
Samuelson.

For Professor Felten's website:
http://www.cs.princeton.edu/~felten/

For this release:
http://www.eff.org/news/archives/2006_12.php#005047

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Celebrate EFF's Sweet 16 on January 11!

All teenagers have big dreams for their sweet 16, and EFF's 
no different: we want to throw the Best Party Ever, we want 
a new car, and we want to secure your digital rights.

We're kidding about the car, but please do join EFF for a 
birthday bash to celebrate 16 years fighting for your 
rights. The party will be on January 11, 7-10 PM at 111 
Minna Gallery in San Francisco. DJ Ripley and Kid Kameleon 
will be keeping the dancefloor hopping all night long.

A $20 donation gets you in the door. No one will be turned 
away for lack of funds, and all proceeds go toward our work 
defending your digital freedom.

What:
EFF Sweet 16 Party

When:
January 11, 2007
7-10 PM

Where:
111 Minna Gallery
111 Minna Street
San Francisco, CA
94105
www.111minnagallery.com
Tel: (415) 974-1719

This fundraiser is open to the general public. 21+ only, 
cash bar.

Please RSVP to events@eff.org

For DJ Ripley:
http://djripley.blogspot.com/

For Kid Kameleon:
http://www.kidkameleon.com/

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Visit EFF at Macworld, January 9-12!

EFF will be at the Macworld Conference & Expo in San 
Francisco, California. We'll be in booth 3102, so please 
stop by and grab some swag during exhibit hours -- we look 
forward to seeing you!

For more about Macworld:
http://www.macworldexpo.com 

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Akaka-Sununu Bill Corrects Many Bad Aspects of Real ID 
Act

In 2005, Congress hastily passed legislation that rolled 
back privacy rights and moved the country towards a 
national ID system. The REAL ID Act states that drivers' 
licenses will only be accepted for "federal purposes"--like 
accessing planes, trains, national parks, and court houses--
if they conform to certain uniform standards. The law also 
requires a vast national database linking all of the ID 
records together. Estimated costs of $12 billion or more 
will be passed on to the states and, ultimately, average 
citizens in the form of increased DMV fees or taxes.

Thankfully, new bipartisan legislation could correct some 
of REAL IDs many flaws and add critical privacy and civil 
liberties safeguards. With the "Identification Security 
Enhancement Act of 2006," Senators Daniel Akaka (D-HI) and 
John Sununu (R-NH) would cancel most of the standardization 
that might have led to a national ID card, call for more 
flexible standards, require encryption of the data itself, 
and prohibit the use of ID data by third parties.

For more information on the problems with the Real ID Act:
http://www.eff.org/Privacy/ID/RealID/

For this post:
http://www.eff.org/deeplinks/archives/005048.php

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* State AGs Reach Settlement on Sony BMG Rootkit Debacle

Over a year since infecting CD purchasers' computers with 
flawed copy protection software, Sony BMG has reached a 
settlement with several state attorneys general (AGs) over 
the rootkit debacle. We've reviewed the Texas settlement 
agreement, which appears to be similar to agreements 
reached in other states, and it looks like the AGs used 
their investigatory and enforcement powers to obtain 
important additional relief for consumers.

Among other things, the settlement requires Sony BMG to 
compensate consumers whose computers were damaged by the 
XCP or Media Max software and to continue providing the 
settlement benefits obtained in the private litigation for 
an additional six months (through June 30, 2007).

Equally important are Sony BMG's future obligations. If 
Sony uses DRM on its CDs in the future, it will have to 
provide detailed pre- and post-sale disclosures to 
customers, provide an easy uninstaller, and notify 
consumers if it finds security flaws in the software.

Well done, AGs!

The Texas agreement is available here: 
http://www.oag.state.tx.us/newspubs/releases/2006/121406sony_afj.pdf

Background regarding the Sony BMG litigation is available 
here:
http://www.eff.org/IP/DRM/Sony-BMG

For this post:
http://www.eff.org/deeplinks/archives/005046.php

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* DRM Fading for Music: The Year in Review

Almost exactly one year ago, we predicted the beginning of 
the end for DRM on digital music. Now EMI has announced the 
release of the new Norah Jones single on Yahoo! Music in 
DRM-free MP3 format (many will remember that Yahoo! has 
been urging the major labels to give up DRM).

So let's pause to recap the year in music DRM's slow 
demise, including:

    * Rhapsody and Napster begin streaming to any browser;
    * Major labels all give up on CD copy protection in US 
market in the wake of the Sony-BMG rootkit debacle;
    * Major labels abandon DRM-laden SACD and DVD-A 
formats;
    * Sony-BMG releases Jessica Simpson song in MP3;
    * Disney's Hollywood Records releases Jesse McCartney 
album as MP3s;
    * EMI artist Lily Allen releases new track as MP3;
    * EMI releases Norah Jones and Reliant K tracks as 
MP3s;
    * eMusic becomes the #2 online music store selling 
nothing but MP3 files from independent labels.

Here's to more of the same in 2007. As we said in December 
2005, "Once the DRM is gone, we can see what a real, 
robust, competitive digital music marketplace looks like."

For this post and related links:
http://www.eff.org/deeplinks/archives/005039.php

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Nominate a Pioneer for EFF's 2007 Pioneer Awards!

EFF established the Pioneer Awards to recognize leaders on 
the electronic frontier who are extending freedom and 
innovation in the realm of information technology. This is 
your opportunity to nominate a deserving individual or 
group to receive a Pioneer Award for 2007.

The International Pioneer Awards nominations are open both 
to individuals and organizations from any country. 
Nominations are reviewed by a panel of judges chosen for 
their knowledge of the technical, legal, and social issues 
associated with information technology.

How to Nominate Someone for a 2007 Pioneer Award:

You may send as many nominations as you wish, but please 
use one email per nomination. Please submit your entries 
via email to pioneer@eff.org. We will accept nominations 
until January 15, 2007.

Simply tell us:

1. The name of the nominee,

2. The phone number or email address or website by which 
the nominee can be reached, and, most importantly,

3. Why you feel the nominee deserves the award.

Nominee Criteria:

There are no specific categories for the EFF Pioneer 
Awards, but the following guidelines apply:

1. The nominees must have contributed substantially to the 
health, growth, accessibility, or freedom of computer-based 
communications.

2. To be valid, all nominations must contain your reason, 
however brief, for nominating the individual or 
organization and a means of contacting the nominee. In 
addition, while anonymous nominations will be accepted, 
ideally we'd like to contact the nominating parties in case 
we need further information.

3. The contribution may be technical, social, economic, or 
cultural.

4. Nominations may be of individuals, systems, or 
organizations in the private or public sectors.

5. Nominations are open to all (other than current members 
of EFF's staff and board or this year's award judges), and 
you may nominate more than one recipient. You may also 
nominate yourself or your organization.

6. Persons or representatives of organizations receiving an 
EFF Pioneer Award will be invited to attend the ceremony at 
EFF's expense.

More on the EFF Pioneer Awards:
http://www.eff.org/awards/pioneer/

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* miniLinks
The week's noteworthy news, compressed.

~ Privacy Alert Network
Bill Scannell's new service alerts you to new privacy 
issues and guides you to take action.
http://privacyalertnetwork.net/network.html

~ Has Australia Banned Linking?
No, says Kim Weatherall -- but an Australian Federal Court 
has ruled that linking to an infringing file has a legal 
risk.
http://weatherall.blogspot.com/2006_12_01_weatherall_archive.html#116650943490838832

~ Fighting for Private Email
The Warshack case, and why email should be as 
constitutionally protected as snail mail.
http://www.startribune.com/789/story/884388.html

~ Questions Asked Over ATS
Edward Hasbrouck summarizes the concerns the EU, the Senate 
and travelers have over the Automated Targeting System.
http://hasbrouck.org/blog/archives/001197.html

~ Bill Gates on the Future of DRM
"Huge problems" with DRM; he suggests people "should just 
buy a CD and rip it."
http://www.techcrunch.com/2006/12/14/bill-gates-on-the-future-of-drm/

~ Data Mining Is No Good for Fighting Terrorism
The Cato Institute's Jim Harper and a chief scientist with 
IBM's data-mining group explain why in this report.
http://www.cato.org/homepage_item.php?id=436

~ Generic Infringement Letters Case Dismissed
A 28-year old lawyer gets a case thrown out in the 9th 
Circuit for cookie-cutter patent troll letters.
http://www.law.com/jsp/article.jsp?id=1166004320259

~ Labels Seek Lower Royalty Rate
The RIAA says music publishers and songwriters deserve 
lower mechanical royalty rates.
http://www.hollywoodreporter.com/hr/search/article_display.jsp?vnu_content_id=1003466811

~ Judge Posner Speaks in Second Life
Judge Posner: "I'd like to hear from the raccoon."
http://williampatry.blogspot.com/2006/12/transcript-of-judge-posner-in-second.html

~ The Wonderful World of Disney
Interesting article about the life of Walt Disney and his knack for recognizing a 
good story.
http://www.newyorker.com/fact/content/articles/061211fa_fact

~ Hollywood's Congressman to Head Key Committee
Howard Berman will head up Judiciary's Internet and IP 
subcommittee in the House.
http://www.latimes.com/business/la-fi-berman11dec11,0,3985003.story?track=tothtml

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Staff Calendar

For a complete listing of EFF speaking engagements (with 
locations and times), please visit the full calendar: < 
http://www.eff.org/calendar/

December 29 - Seth Schoen speaking at the 23rd Chaos 
Computer Conference, 8:30 PM - 9:30 PM, in Berlin, Germany:
http://events.ccc.de/congress/2006/Home

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Administrivia

EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
  http://www.eff.org/	

Editor:
Derek Slater, Activist
 derek@eff.org	

Membership & donation queries:
 membership@eff.org

General EFF, legal, policy, or online resources queries:
 information@eff.org

Reproduction of this publication in electronic media is 
encouraged. Signed articles do not necessarily represent 
the views of EFF. To reproduce signed articles 
individually, please contact the authors for their express 
permission.
Press releases and EFF announcements & articles may be 
reproduced individually at will.

Current and back issues of EFFector are available via the 
Web at:
  http://www.eff.org/effector/


This newsletter is printed on 100% recycled electrons.