EFFector Vol. 14, No. 31 Oct. 16, 2001 editors@eff.org
A Publication of the Electronic Frontier Foundation ISSN 1062-9424
In the 191st Issue of EFFector (now with over 29,300 subscribers!):
* ALERT UPDATE: "Anti-Terrorism" Surveillance Bill To Pass This Week
* Public Interest Postion on Junk Email: Protect Innocent Users
* EFF Comments On W3C's Draft Patent Policy
* EFF Participates in FMC's Panel Discussion on Digital Music
* Announcing the EFF Contest of the Century!
* EFF Thanks CoffeeCup Software, Inc.
* Administrivia
For more information on EFF activities & alerts: http://www.eff.org/
To join EFF or make an additional donation:
http://www.eff.org/support/
EFF is a member-supported nonprofit. Please sign up as a member today!
_________________________________________________________________
ALERT UPDATE: "Anti-Terrorism" Surveillance Bill To Pass This Week
Both the US Senate and House of Representatives have passed slightly
different versions of the "Uniting and Stregthening America Act" (USA
Act), an ostensibly anti-terrorism bill with many terrorism-unrelated,
alarming provisions that erode protection againsts improper government
surveillance, among other problems. The House version contains
(probably worthless) "sunset" provisions that would expire some of the
wiretap-related sections of the bill after several years unless they
are re-ratified; but these provisions are not expected to survive the
final draft.
Final passage, despite our and your activism efforts, is essentially
assured, and will be by way of a conference committee and a final vote
on the merged version of the bill that results from the committee.
However, it would not hurt to contact your legislators once again to
express your disapproval of this legislation, and to contact the White
House to urge President Bush to refuse to sign the final bill into law
(not likely, but you'll be counted among those on record in opposition
to the USA Act.)
EFF will issue a statement if/when the bill passes, and, with other
organizations, will work to monitor implementation of the new law, and
examine avenues for legal challenges against its more troubling
provisions.
To our friends in other countries: You would do well to keep a close
eye on what your own government is doing. The US is hardly alone in
taking misguided steps toward become a more totalitarian society in
the hope of stopping terrorism.
For bill texts and analyses, see the EFF Surveillance Archive:
http://www.eff.org/Privacy/Surveillance/
- end -
_________________________________________________________________
EFF Statement Regarding Anti-Spam Measures
Executive Summary: Any measure for stopping spam must ensure that all
non-spam messages reach their intended recipients.
For the past several years, the Electronic Frontier Foundation (EFF)
has watched with great interest the debate regarding what to do about
unsolicited bulk email from strangers, or spam. We have been asked to
lend our support to bills that have been introduced in Congress, and
we have been approached in various other ways to help lead the fight
against this annoying intrusion into people's email mailboxes.
While members of the EFF staff and board find this unsolicited email
to be as annoying as everyone else, we believe that the two most
popular strategies for combatting it so far--legislation and anti-spam
blacklists--have failed in their fundamental design. Anti-spam bills
have been badly written, are unconstitutionally overbroad, and
frequently wander into areas where legislators have no expertise, such
as the establishment of Internet standards. And anti-spam blacklists,
such as the MAPS RBL (Mail Abuse Prevention System Realtime Blackhole
List, the most popular), result in a large number of Internet service
providers (ISPs) surrepticiously blocking large amounts of non-spam
from innocent people. This is because they block all email from entire
IP address blocks--even from entire nations. This is done with no
notice to the users, who do not even know that their mail is not being
delivered.
The focus of efforts to stop spam should include protecting end users
and should not only consider stopping spammers at all costs.
Specifically, any measure for stopping spam must ensure that all
non-spam messages reach their intended recipients. Proposed solutions
that do not fulfill these minimal goals are themselves a form of
Internet abuse and are a direct assault on the health, growth,
openness and liberty of the Internet.
Email is protected speech. There is a fundamental free speech right to
be able to send and receive messages, regardless of medium. Unless
that right is being abused by a particular individual, that individual
must not be restricted. It is unacceptable, then, for anti-spam
policies to limit legitimate rights to send or receive email. To the
extent that an anti-spam proposal, whether legal or technical, results
in such casualties, that proposal is unacceptable.
The Two Extremes of the Current Email Battlefield
The legislative proposals that have dominated the anti-spam policy
debate for the last several years have failed, and rightly so. The
several existing state laws against spam are of questionable
constitutionality, too hard to enforce even if they should be
enforced, and have done nothing to stem the tide of spam. National
legislation will not solve the problem either, while creating a morass
of unintended consequences.
Serious problems with the anti-spam legislation we have seen to date
include:
* misdefinitions of key terms and concepts, including "commercial,"
"list," and "spam" itself;
* technology-specific requirements that will be rapidly obsolete;
* a focus on punishing expression rather than protecting privacy;
* the giving of broad power or obligation to ISPs to control the
private email of their customers;
* jurisdictional problems;
* unnecessary and excessive criminalization of private, civil
disputes;
* requirements with which senders will find it impossible to comply;
* and a clear pattern of providing a defense for ISPs in the form of
immunity from the simple realities and responsibilities of the
marketplace, rather than one of enabling individuals to protect
themselves.
But poorly-focused legislation is not the only failing proposal here.
Many groups of often well-meaning people have worked on ways to avoid
the various annoyances and problems caused by unsolicited bulk email.
Anti-spam blacklisting groups, such as MAPS and ORBs, put heavy
pressure on ISPs to conform to a set of restrictive anti-spam policies
and to virally pressure other ISPs to adopt the same policies. It is
estimated that over 50% of US-based ISPs and up to one third of global
ISPs already participate in the blacklisting.
But blacklisting is interfering with the delivery of a significant
amount of non-spam email. Systems administrators who will not adopt
the suggested anti-spam policies find themselves unable to deliver
their non-spamming users' mail to recipients who are on systems that
participate in blacklisting. This blocking is being done at too high a
cost. Ultimately, civil rights and the ability of non-spammers to
communicate cannot be sacrificed to serve the goal of blocking
unsolicited bulk email.
The search for a nonexistent, and ultimately impossible, legislative
or ISP-level blacklist "magic bullet" solution has actually distracted
the Internet community for the last five years from the real solution:
better voluntary user-end filtering and/or voluntary, informed and
flexible ISP-level filtering. Only an end user-controlled solution
will uphold the rights of the end users while serving to deter spam by
removing most of the audience and making it unprofitable to continue
junk emailing.
The Right Way to Look at Spam
Until we include the free speech rights of all end-users instead of
trying to stop a few wrongdoers at the cost of innocent users, any
solution for dealing with spam will be fundamentally flawed. End
users, known as "customers" to ISPs, should demand that none of their
wanted email be censored in attempts to filter out unwanted messages.
In addition, Netizens should express their dismay at spam by
boycotting products advertised with spam.
On a larger scale, EFF supports combatting spam by providing end-users
with adequate tools to filter unwanted messages on the receiving end.
We also support the development of more robust and subtle technology
for this purpose. Brightmail, for example, has created a system that
does a good, if still imperfect, job. Others that attempt to do this
are listed at http://spam.abuse.net/tools/mailblock.html. From a
technical standpoint, we would like to see the development of better
filtration software on servers, something that could work
interactively with the mail recipient in defining what he or she
regards as spam using pattern recognition. That is, every time
somebody gets a message of a sort he or she does not want, s/he could
send it to the filter, thereby making that filter smarter over time,
as well as giving it the ability to "learn" as spam techniques
develop.
The rights of users to send and receive email must not be compromised
for quick and dirty ways to limit unsolicited bulk email. Neither
misguided and ignorant legislation, nor collusive, high pressure
protection schemes, have a legitimate function or place in our online
future. The Constitution, and the promise of a free, open Internet
that exists for and is controlled by its participants, requires us to
do better.
- end -
_________________________________________________________________
EFF Comments On W3C's Draft Patent Policy
Staff Technologist's Letter to Patent Policy Working Group
Dear W3C Patent Policy Working Group Members:
The Electronic Frontier Foundation (EFF), the leading civil liberties
organization working to protect rights in the digital world, submits
the following comments on the PPWG's draft patent policy.
In general, the draft policy of August 16 makes progress in addressing
the thorny patent issues standards groups may encounter. We join other
commentators, for example, in supporting the proposed Disclosure
Obligations in Section 7 of the draft.
We focus our attention on the most controversial provision, Section
5.2, which creates a RAND ("reasonable-and-non-discriminatory")
licensing mode for W3C Working Groups. Adopting this policy would mean
that, for the first time, W3C would have a formal mechanism for
promoting some patent-encumbered web standards -- with the knowledge
that these standards could not be implemented by everybody.
As WWW inventor Tim Berners-Lee observes in _Weaving the Web_,
"patents ... are a great stumbling block for Web development. ...
Small companies may be terrified to enter the business [in the face of
patent claims]." Because of its harmful effects on smaller
organizations, and the resulting risks to openness and
interoperability on the web, we urge W3C to reconsider its support for
a RAND licensing mode.
The draft policy notes that
participants in a standards body will be unwilling and unable to
work collaboratively if, at the end of the process, the
jointly-developed standard can only be implemented by meeting
licensing terms that are unduly burdensome, unknown at the
beginning or even the end of the design process, or considered
unreasonable.
This uncertainty is a significant risk to standards development, but
participants are not the only beneficiaries of the process (nor the
only parties whose support is called for). Where a standards body
undertakes to develop public standards for general use -- clearly the
aim of W3C standards work -- the larger community of prospective users
and implementors also has a deep interest in standards' licensing
terms. As the policy continues, this community has a "longstanding
preference for Recommendations that can be implemented on a
royalty-free (RF) basis".
This "preference" must not be treated lightly; it has been essential
to the success of the World Wide Web and the Internet as a whole, and
one of the key features setting the Web apart from closed, proprietary
content-delivery systems. Royalty-free web standards have provided the
raw material for an explosion of creativity and the development of
diverse but interoperable implementations.
For many members of the web community, the RF licensing tradition is
not merely a "preference", but a requirement. Royalty-based technology
licensing, whether "discriminatory" or "non-discriminatory", grew up
amidst large commercial players, who could typically afford a sizable
licensing fee, accepting it as a cost of doing business. As you know,
the World Wide Web community is much more diversified. It includes
tiny startups, multinational corporations, individuals, non-profit
organizations, consortia, libraries and archives, among other kinds of
entities. Many of these participants are ill-equipped to cope with the
one-size-fits-all world of RAND licensing, and have very different
notions of what is "reasonable" or even "non-discriminatory".
Much of the software which runs today's web is open source, like the
W3C's own reference implementations. The world's most popular HTTP
server package, Apache, is a leading example; W3C's own web site is
using it, as is EFF's. But although a flat royalty structure might
seem perfectly "reasonable" to a large corporation, the Apache
Software Foundation -- and Apache licensees -- might well see things
otherwise. Prospective implementors are all different, but when any
implementor is left behind by a patent licensing system, everyone
suffers.
The draft policy attempts to distinguish between high-level and
low-level web standards, in a largely informal way. Section 2.2,
reporting on consensus within the Patent Policy Working Group, draws
this distinction:
[I]t is especially important that the Recommendations covering
lower-layer infrastructure be implementable on an RF basis.
Recommendations addressing higher-level services toward the
application layer may have a higher tolerance for RAND terms.
We agree that openness of infrastructure is particularly important.
However, the distinction between infrastructure and higher-level
services does not seem to be clearly drawn (nor does the policy appear
to implement this consensus view in any specific way, e.g. by
categorically forbidding the RAND licensing mode for certain Working
Groups deemed "architectural"). Experience has shown that this
distinction can be unstable; services once optional often become
indispensable. We cannot stress enough that services originally
conceived of as applications may eventually -- even rapidly -- come to
be seen as infrastructural. For example, HTTP is often used as an
example of an extremely high-level network protocol, yet it serves an
infrastructural role, in turn, for other protocols like SOAP.
We recognize that W3C cannot guarantee that none of its
Recommendations will ever be encumbered by patent claims. W3C has no
control over third party patent holders who are not W3C members, and
there is no way to be absolutely certain that an encumbrance will not
appear after a Recommendation has been issued or even implemented. (A
troubling example is BT's hyperlink patent, which was definitely not
foreseen as a risk to implementors of WWW user agents.) However, this
does not mean that W3C should allow its members to use the W3C
Recommendation process to knowingly promote encumbered technologies as
public standards!
W3C does have the ability to decline to endorse a standard where it is
already aware of licensing problems (e.g. through the proposed
disclosure requirements). It seems that the community strongly expects
W3C to use that ability, and to preserve the existing RF tradition in
the eventual W3C Patent Policy.
EFF thanks W3C for extending the comment period and for the
opportunity to comment on this draft. Please do not hesitate to
contact us for any further information or clarification.
Sincerely,
Seth Schoen
EFF Staff Technologist
- end -
_________________________________________________________________
EFF Participates in FMC's Panel Discussion on Digital Music
Future of Music Coalition to Conduct Discussion/Music Program in Berkeley -
Wednesday, October 24th
WHO:
~Jenny Toomey - Executive Director, Future of Music Coalition and
performing artist
~Brian Zisk - Serial entrepreneur focusing on digital music, open
source, and distribution technologies.
~Fred von Lohmann - Senior Staff Attorney, EFF
WHAT:
Panel discussion of issues related to digital music on the net,
including copyright law, royalty collection in the digital realm, the
protection of copyrighted work through encryption and watermarking,
and the use of legislation and lawsuits to protect established
business models. These issues, which are often reported in the media
as centralized struggles between isolated business interests, need to
be understood in the light of their larger impact on creators and
citizens. Following the discussion portion of the program, there will
be a live musical performance by Jenny Toomey.
WHEN:
Wednesday, October 24, 2001, 12:30 pm - 4:00 pm
WHERE:
Boalt Hall Law School, UC Berkeley Campus
Room: Booth Auditorium
Corner of Bancroft Way and Piedmont Ave., Berkeley, CA 94720
Tel: 510-642-8073
email: ltrask@law.berkeley.edu
SPONSORED BY: Electronic Frontier Foundation, Berkeley Center for Law
& Technology, and School of Information Management and Systems
This event is free and open to the general public. For more
information, contact Larry Trask as the Berkeley Center for Law &
Technology (510-642-8073, ltrask@law.berkeley.edu)
- end -
_________________________________________________________________
Announcing the EFF Contest of the Century!
You've been diligently reading all of those EFFectors and scouring the
EFF website for those gems of information about topics such as online
free speech, privacy, and intellectual property.
Well, here is your chance to test your knowledge and have some fun
trying to win a prize!
A few lucky winners will receive recognition on the EFF contest web
page and a vintage EFF T-shirt as a prize for being the first few to
deliver the correct answers to the contest questions displayed at
http://www.eff.org/cgi-bin/contest/contest.html
Please note that those under 13 years of age and anyone employed by
EFF are not eligible to participate. EFF thanks DMH for coding the
contest Perl scripts. The contest will run for one week or until the
next EFFector announcing the contest winners, whichever comes first.
It's a great way to learn about the work EFF does and a chance to win
- end -
_________________________________________________________________
EFF Thanks CoffeeCup Software, Inc.
The Electronic Frontier Foundation gives a warm thank you to Angel
Chavez and CoffeeCup Software ( http://www.coffeecup.com ) for their
kind donation of the CoffeeCup HTML Editor To EFF.
CoffeeCup Software, Inc. was founded in 1996, and has many software
web products including HTML editors for both the Linux and MS
platforms. The software uses no proprietary coding.
- end -
_________________________________________________________________
Administrivia
EFFector is published by:
The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
http://www.eff.org/
Editors:
Katina Bishop, EFF Education & Offline Activism Director
Stanton McCandlish, EFF Technical Director/Webmaster
editors@eff.org
To Join EFF online, or make an additional donation, go to:
http://www.eff.org/support/
Membership & donation queries: membership@eff.org
General EFF, legal, policy or online resources queries: ask@eff.org
Reproduction of this publication in electronic media is encouraged.
Signed articles do not necessarily represent the views of EFF. To
reproduce signed articles individually, please contact the authors for
their express permission. Press releases and EFF announcements &
articles may be reproduced individually at will.
To subscribe to or unsubscribe from EFFector via the Web, go to:
http://www.eff.org/signup/mailserv.html
To subscribe to EFFector via e-mail, send to majordomo@eff.org a
message BODY (not subject) of:
subscribe effector
The list server will send you a confirmation code and then add you to
a subscription list for EFFector (after you return the confirmation
code; instructions will be in the confirmation e-mail).
To unsubscribe, send a similar message body to the same address, like
so:
unsubscribe effector
(Please ask listmaster@eff.org to manually remove you from the list if
this does not work for you for some reason.)
To change your address, send both commands at once, one per line
(i.e., unsubscribe your old address, and subscribe your new address).
Back issues are available at:
http://www.eff.org/effector
To get the latest issue, send any message to
effector-reflector@eff.org (or er@eff.org), and it will be mailed to
you automatically. You can also get, via the Web:
http://www.eff.org/pub/EFF/Newsletters/EFFector/current.html
_________________________________________________________________