CDT Releases Report on Digital Surveillance

Digital Technology Makes Surveillance Easier; Stronger Laws Needed, Report Finds

The report details how two popular and increasingly ubiquitous technologies — Web-based email and location awareness — inadvertently give the government unprecedented access to Americans’ personal data.

Web-based email is a convenient, inexpensive way to stay in touch with friends and colleagues and to access one’s mail, photos and documents from anywhere in the world. Several webmail services now offer their users gigabytes of storage, touting the fact that users never need delete anything.

As “Digital Search and Seizure” illustrates, all of this information sits on the computers of service providers. The legal distinction between Web-based and traditional email accounts is essentially meaningless for most Internet users, but under the Electronic Communications Privacy Act (ECPA) — drafted in 1986, before webmail existed — messages and documents stored with webmail providers are entitled to weaker protections than those stored on users’ computers. While the government needs a judicial warrant to search a person’s computer, it may be able to access that person’s webmail account with only a subpoena, issued without judicial review; without any specific suspicion of wrongdoing on the part of the user; and often without notice to the person whose data is being disclosed.

“Digital Search and Seizure” also outlines how mobile phones serve as tracking beacons. “While a cell phone is turned on, whether or not it is making a call, it is regularly seeking out the nearest antenna and sending to it its identification numbers,” the report points out. Unfortunately the legal standards regulating the government’s ability to use that constant stream of new data haven’t kept pace with the technological reality. Since no existing law lays out explicit standards for government location tracking, the government’s use of location technology is governed by a patchwork of laws and court precedents, the report finds.

Finally, the report discusses the emergence of “government spyware” — keystroke-logging technology that can record everything a subject does on his or her computer. Here too the technology has far out paced the legal protections, giving the government a uniquely intrusive surveillance tool, with inadequate legal controls.

The report concludes that in all these areas and others (such as RFID and search services), the laws must be updated to reflect the technological realities of a new century.

The report: Digital Search & Seizure: Updating Privacy Protections to Keep Pace with Technology

Fair Use In Google Image Search Ruling

Google’s Image Search Set Back [pdf]

U.S. District Judge A. Howard Matz in Los Angeles ruled that Google was likely to lose at least part of a copyright infringement case filed by a publisher of adult magazines and websites. Perfect 10 Inc. alleged that Google users could find for free its pictures of nude women, for which it normally charges. The search engine links to such images posted improperly on other websites.

Matz said he planned to grant Perfect 10 a preliminary injunction and asked the two companies to negotiate an agreement by March 8. That could include requiring Google to block Perfect 10 images from its searches.

If upheld, the judge’s preliminary ruling could throw a kink into the way Mountain View, Calif.-based Google collects and displays photographs in the image portion of its search engine. Lawyers not involved with the case said it would have little effect on Google’s overall business, which generated $6.1 billion in revenue last year.

[…] Nonetheless, the case demonstrates how technological change is outpacing the law.

[…] Google appeared poised to win a key part of the lawsuit, which argued that the company was liable for the infringement of every website it linked to that contained copyrighted images. Matz said Google differed from file-sharing networks that encourage copyright infringement and called it unlikely that Perfect 10 would win its broader claim. He said he would deny its request for a preliminary injunction over that claim.

Had Matz ruled differently on that point, “a huge part of the World Wide Web would be suddenly vulnerable to legal attack,” said Fred von Lohmann, an attorney for the Electronic Frontier Foundation.

The opinionPerfect 10 v Google

BusWeek Columnist Sees An MP3.Com-Redux Strategy

Of course, the courts might have something to say about it (see UMG v. Another Take on Amazon Music: High-Stakes Chess?

But one source in digital music suggests a way that Amazon might actually provide something different than Apple while making the digital music business more profitable: What if Amazon believes that the fair use doctrine allows it to load music that people already own–CDs they bought from Amazon, that is–onto a music player for free? People can do that themselves now, right? Load a very cheap or free music player–even if it’s not an iPod–with essentially free music could be a compelling, no-hassle proposition for a whole lot of music lovers.

I suspect the labels would contend it wouldn’t be legal for Amazon to do it, but it’s not crystal-clear to me that such a practice would indeed be illegal. But even if Amazon didn’t actually try to assert this right without the labels’ blessing, could it use that potential as a club to get price concessions on digital songs from the labels? Lower prices might help Amazon’s digital music business actually make money.

If Amazon has waved this club in front of the labels–a big if, of course, since Amazon isn’t even talking about its nusic plans, let alone its negotiations–it may explain why the labels leaked Amazon’s plans so early. It doesn’t seem accidental that the labels put Amazon in a spot by mentioning a time frame for the music store–this summer–while noting that negotiations aren’t done yet. Checkmate, Amazon?

Yeah, it’s all sheer speculation [….]

Botnets on the Rise

Zombie PCs growing quickly online

Statistics gathered by security firm Ciphertrust reveal just how bad the problem of botnets is getting.

“Every day we are detecting more than 250,000 connecting to the internet and sending mail,” said Paul Judge, chief technology officer at Ciphertrust.

“That’s unique machines that have never done it before,” he said. “It’s a distribution platform that is becoming more popular for attackers.”

Mr Judge said the count of new bots had hit 250,000 every day in November 2005 and had stayed at that level ever since.