EFFector Vol. 21, No. 02  January 15, 2008  editor@eff.org

A Publication of the Electronic Frontier Foundation
ISSN 1062-9424

In the 455th Issue of EFFector:
 * "Attempted Distribution" Not a Crime
 * Scrutinizing Comcast's Apologists
 * Troubling "Digital Theft Prevention" Requirements Remain
in Higher Education Bill
 * Are Personal Copies of Digital Music Files
"Unauthorized"?
 * House Committee Issues Report on TSA's Website Security
Flaws
 * Visit EFF at Macworld
 * Come See EFF at the O'Reilly Emerging Technology
Conference!
 * Nominate a Pioneer for EFF's 2008 Pioneer Awards!
 * miniLinks (5): Director of National Intelligence
planning more spying
 * Administrivia

For more information on EFF activities & alerts:
 http://www.eff.org/

Make a donation and become an EFF member today!
 http://eff.org/support/

Tell a friend about EFF:
 http://action.eff.org/site/Ecard?ecard_id=1061

effector: n, Computer Sci. A device for producing a desired
change.

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* "Attempted Distribution" Not a Crime

EFF Files Brief in Atlantic v. Howell Challenging RIAA's
Bogus Theory

Last Friday, EFF filed an amicus brief in Atlantic v.
Howell, an Arizona lawsuit brought as part of the Recording
Industry Association of America's (RIAA) national campaign
against individuals for file-sharing. Although the case has
received attention recently over the issue of whether CD
ripping is legal, EFF believes the most important issue in
the case is about something different: can the RIAA sue
people for *attempted* copyright infringement? EFF says no.

As in more than 20,000 other lawsuits, the recording
industry claims that Mr. and Mrs. Howell committed
copyright infringement by using P2P file sharing software.
But rather than attempting to prove infringing copying or
infringing distributions, the record labels argue that
simply having a song in a shared folder, even if no one
ever downloaded it from you (i.e., "making available"),
infringes the music industry's distribution right. This
essentially amounts to suing someone for attempted
distribution, something the Copyright Act has never
recognized.

Sure, it would make it quite a bit easier for the RIAA if
it could go to court and simply say, "This person had our
artists' songs in her shared folder, we win." But that's
not the law. If the RIAA wants to bring tens of thousands
of lawsuits against individuals, it has to play by the
rules and prove its cases. That means proving that actual
infringing copies were made or that actual infringing
distributions took place. It's not enough to prove that
they could have taken place.

For EFF's amicus brief in Atlantic v. Howell:
http://www.eff.org/files/EFF%20amicus%20brief.pdf

For the complete post by EFF Senior Staff Attorney Fred von
Lohmann:
http://www.eff.org/deeplinks/2008/01/eff-files-brief-atlantic-v-howell-resisting-riaas-attempted-distribution-theory

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Scrutinizing Comcast's Apologists

EFF is continuing its research into Comcast's use of forged
RST packets to interfere with its customers' BitTorrent
connections. (Apparently, the FCC is investigating, as
well.) While Comcast has remained conspicuously silent
about the technical details of its activities, a few
networking engineers have tried to defend Comcast by
proposing technical justifications for Comcast's
interference activities.

One of the most energetic of these pundits is Richard
Bennett, who has argued that Comcast deserves a "pat on the
back and a gold star," not criticism, for injecting spoofed
RST packets into its users' traffic. In this post, we're
going to examine and rebut his arguments.

For information about EFF's "Test Your ISP" Project:
http://www.eff.org/testyourisp/

For the complete post by EFF Staff Technologist Peter
Eckersley:
http://www.eff.org/deeplinks/2008/01/scrutinizing-comcasts-apologists

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Troubling "Digital Theft Prevention" Requirements Remain
in Higher Education Bill

Last November, we posted about H.R. 4137, the College
Opportunity and Affordability Act of 2007, which includes
misguided anti-piracy requirements for universities. For
the most part, the massive bill refreshes existing
legislation about federal financial aid. But the bill also
includes a section with a title that sounds as if it were
dreamt up by an entertainment industry lobbyist:
"Campus-based Digital Theft Prevention." It says that
universities shall "develop a plan for offering
alternatives to illegal downloading or peer-to-peer
distribution of intellectual property as well as a plan to
explore technology-based deterrents to prevent such illegal
activity."

Advocates of the bill stress that the language stops short
of demanding implementation, but this argument misses the
point entirely. The passage of this bill will unambiguously
lead universities into costly dead-ends -- the
industry-sanctioned online music services are laden with
DRM, and network detection/filtering programs present
privacy risks and are inevitably rendered obsolete by
technological countermeasures. The requirements are another
ill-conceived salvo in the entertainment industry's higher
education agenda.

For this complete post:
http://www.eff.org/deeplinks/2008/01/digital-theft-prevention-requirements-remain-higher-education-bill

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Are Personal Copies of Digital Music Files "Unauthorized"
or Not?

Is it illegal to make copies of legally purchased digital
music for personal use? Millions of people do this every
day when they rip CDs to their hard drives, copy audio
files to their iPods, or burn backups onto CDs; but as a
recent Washington Post article pointed out, the Recording
Industry Association of America (RIAA) doesn't necessarily
approve. The article noted that the RIAA case against
Arizona resident Jeffrey Howell refers to copies Howell
made of his legally purchased music as "unauthorized
copies."

However, after allegations that the article
mischaracterized the RIAA's claims, the Washington Post
issued a correction a few days later, to make clear that
the RIAA sued Howell over his "unauthorized" copies because
he allegedly placed them in his "shared folder" for
distribution over a peer-to-peer network. But the RIAA
subsequently refuses to clarify its stance on personal
copying, and many have since presented evidence that the
RIAA simply won't acknowledge the right of fans to make
personal copies, nor will it rule out the possibility of
lawsuits on these grounds at some point in the future.

For the original Washington Post article:
http://www.washingtonpost.com/wp-dyn/content/article/2007/12/28/AR2007122800693.html

For Wired blogger Ryan Singel's post "What It Looks Like
Trying to Get A Straight Answer From the RIAA":
http://blog.wired.com/27bstroke6/2008/01/what-it-looks-l.html

For this complete post:
http://www.eff.org/deeplinks/2008/01/are-personal-copies-digital-music-files-unauthorized-or-not

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

 * House Committee Issues Report on TSA's Website Security
Flaws

Last Friday, the Committee on Oversight and Goverment
Reform of the House of Representatives published a report
about the launch of a Transportation Security
Administration (TSA) website that had egregious security
vulnerabilities that "exposed thousands of American
travelers to potential identity theft." The "Traveler
Redress" website was intended to allow travelers
erroneously listed on airline watch lists to get help from
the government.

The report faults a no-bid contract process that benefited
a single company with close ties to the TSA employee in
charge of the project. The report also demonstrates that
the site would have continued putting travelers' personal
information at risk if it hadn't been exposed by blogger
and security researcher Chris Soghoian.

For the House Committee on Oversight and Government Reform
release:
http://oversight.house.gov/story.asp?ID=1680

For this post:
http://www.eff.org/deeplinks/2008/01/house-committee-issues-report-tsas-website-security-flaws

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

 * Visit EFF at Macworld

The Macworld organizers have generously donated booth space
to EFF -- so come visit EFF at the Macworld Conference &
Expo, going on now (January 14 to 18) in San Francisco.
Macworld is a week-long experience for everyone who uses
Apple Macintosh computers.

For more about the Macworld Conference & Expo:
http://www.macworldexpo.com

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Come See EFF at the O'Reilly Emerging Technology
Conference!

Heading to San Diego for the O'Reilly Emerging Technology
Conference (ETech) in March?  Plan to catch "EFF's "On A
Brighter Note..." panel, where EFF lawyers and activists
will put on their rose-tinted spectacles and describe our
best case scenarios: near-future technology that will help
you defend your rights, real world policy initiatives that
could help save the Net, and techniques and tricks that you
can bake into your work now that will help preserve all our
freedoms, for now and for good.

Also, don't forget to come to EFF's Pioneer Awards ceremony
on March 4. (See below for details on how to nominate a
Pioneer.) And don't forget to visit our booth and grab some
EFF schwag during exhibit hours.

The O'Reilly Emerging Technology Conference (ETech) takes
place March 3-6 in San Diego, CA. ETech hones in on the
ideas, projects, and technologies that the alpha geeks are
thinking about, hacking on, and inventing right now. From
robotics, health care, and space travel to gaming, finance,
and art, ETech explores promising technologies that are
influence everyday life and inspiring the future.

The good folks at O'Reilly are offering a discount to
EFFector readers; enter code "et08eff" when you register
online to save 20%!
http://www.oreilly.com/go/et3cheff

For more about ETech:
http://conferences.oreillynet.com/

For more information about O'Reilly:
http://www.oreilly.com

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Nominate a Pioneer for EFF's 2008 Pioneer Awards!

EFF established the Pioneer Awards to recognize leaders on
the electronic frontier who are extending freedom and
innovation in the realm of information technology. This is
your opportunity to nominate a deserving individual or
group to receive a Pioneer Award for 2008.

The International Pioneer Awards nominations are open both
to individuals and organizations from any country.
Nominations are reviewed by a panel of judges chosen for
their knowledge of the technical, legal, and social issues
associated with information technology.

How to Nominate Someone for a 2008 Pioneer Award:

You may send as many nominations as you wish, but please
use one email per nomination. Please submit your entries
via email to pioneer@eff.org. We will accept nominations
until January 31, 2008.

Simply tell us:

1. The name of the nominee,

2. The phone number, email address or website by which
the nominee can be reached, and, most importantly,

3. Why you feel the nominee deserves the award.

Nominee Criteria:

There are no specific categories for the EFF Pioneer
Awards, but the following guidelines apply:

1. The nominees must have contributed substantially to the
health, growth, accessibility, or freedom of computer-based
communications.

2. To be valid, all nominations must contain your reason,
however brief, for nominating the individual or
organization and a means of contacting the nominee. In
addition, while anonymous nominations will be accepted,
ideally we'd like to contact the nominating parties in case
we need further information.

3. The contribution may be technical, social, economic, or
cultural.

4. Nominations may be of individuals, systems, or
organizations in the private or public sectors.

5. Nominations are open to all (other than current members
of EFF's staff and operating board or this year's award
judges), and you may nominate more than one recipient. You
may also nominate yourself or your organization.

6. Persons or representatives of organizations receiving an
EFF Pioneer Award will be invited to attend the ceremony at
EFF's expense.

More on the EFF Pioneer Awards:
http://www.eff.org/awards/pioneer/

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* miniLinks
The week's noteworthy news, compressed.

~ Director of National Intelligence planning more spying
A New Yorker profile on Mike McConnell says the US is
drafting plans that will give it access to any email or web
search.
http://blog.wired.com/27bstroke6/2008/01/feds-must-exami.html

~ New Yorker reporter was wiretapped
Pulitzer prize-winner Lawrence Wright says his calls were
monitored by the government.
http://news.yahoo.com/s/ap/20080113/ap_on_go_ca_st_pe/terrorist_interrogation

~ DRM is dead, but watermarks are back
Record labels are experimenting with the use of
watermarking for copyright protection.
http://www.wired.com/entertainment/music/news/2008/01/sony_music

~ Will ISPs become copyright traffic cops?
AT&T; has been in talks with the RIAA and the MPAA to
discuss filtering traffic for copyrighted material.
http://www.engadget.com/2008/01/09/atandt-microsoft-nbc-working-on-solutions-to-filter-copyrighted/

~ Wiretap this!
Send cryptic messages to anyone who may be illegally
reading your email with this website.
http://www.wiretapthis.com/

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Administrivia

EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
 http://www.eff.org/

Editor:
Richard Esguerra, EFF Activist
 richard@eff.org

Membership & donation queries:
 membership@eff.org

General EFF, legal, policy, or online resources queries:
 information@eff.org

Reproduction of this publication in electronic media is
encouraged. Signed articles do not necessarily represent
the views of EFF. To reproduce signed articles
individually, please contact the authors for their express
permission.
Press releases and EFF announcements & articles may be
reproduced individually at will.

Current and back issues of EFFector are available via the
Web at:
 http://www.eff.org/effector/