Otherwise Occupied - Internet

Net Neutrality Symposium at USF

gregh — Thu, 17 Jan 2008 01:59:29 -0600

The Intellectual Property Law Bulletin at USF is holding a symposium on Net Neutrality. Here are the details:

Net Neutrality refers to free access to the Internet without discrimination based upon content, how often a user accesses the Internet, or the type of services and programs used.

The University of San Francisco School of Law Intellectual Property Law Bulletin is sponsoring The Toll Roads: The Legal and Political Debate Over Network Neutrality, a symposium to increase awareness about network neutrality, bringing together lawyers, academics, economists, and technologists for a balanced debate on the issue. Panelists include Tim Wu, Richard Clarke, Lawrence Spiwak, and many others.

When: January 26th, 2008 8 AM - 7 PM
Where: Fromm Institute on the University of San Francisco main campus
Web: http://www.netneutrality2008.org
Cost: Professionals (6.0 Units MCLE Credit): $100
Non-professionals: Free - $75 (see registration page for details)
Register: http://www.netneutrality2008.org/Registration.html

My current intention is to attend. It should be interesting. I'm not a huge proponent of mandated neutrality, and I'm bothered that most advocates (and some of the statements on the symposium site) suffer from the seeming belief that the Internet is and has been neutral, whereas it isn't and never has been. Hopefully, someone will be trumpeting that side.

This just in: user stupidity threatens computer security

gregh — Tue, 24 Jul 2007 22:53:14 -0500

Of course, it's easier to blame the technology.

Congress: P2P networks harm national security:

The politicians present Tuesday generally said they believe that there are benefits to peer-to-peer technology but that it will imperil national security, intrude on personal privacy and violate copyright law, if not properly restricted. Both Waxman and Rep. Paul Hodes (D-N.H.) dubbed P2P networks ongoing national security threats.

One would be led to believe this is the only way imaginable to get at this. Meanwhile, Congress all but ignores the spam issue, the bots that exist on computers around the world that allow it to happen, and the myriad other risks to government computer security. The primary risks? Untrained users on poorly secured networks.

There were some attempts at balance and sanity:

Mary Koelbel Engle, the associate director for advertising practices in the Federal Trade Commission's Bureau of Consumer Protection, said her agency has found in its studies of peer-to-peer network use that risks to sensitive information "stem largely from how individuals use the technology rather than being inherent in the technology itself."

But leave it to our elected representatives to be "impenetrable to logic":

Some politicians nonetheless lashed out at the sole representative from a peer-to-peer software company at Tuesday's hearing: Lime Wire's Gorton, who is also CEO of parent company Lime Group.

The most scathing criticism came from Rep. Jim Cooper (D-Tenn.), who launched into a lengthy monologue in which he deemed Gorton "one of the most naive chairmen and CEOs I've ever run across," and accused his company of making the "skeleton keys" that grant access to material harmful to U.S. national security.

"I'd feel more than a shade of guilt at this point, having made the laptop a dangerous weapon against the security of the United States," Cooper said. "Mr. Gorton, you seem to lack imagination about how your product can be deliberately misused by evildoers against this country." (Cooper also, at one point, claimed that Gorton's own home computer was probably leaking sensitive documents.)

Gorton know doubt rubs his hands together coolly each day thinking, "All your tubes are belong to us." Apparently the main things missing from this hearing were some moronic platitudes from Chertoff.

I really only see one solution: shut down this Internet experiment. Just flip the switch on it. It's endangering our national security, leaving no other realistic choice.

School student? Watch what you say.

gregh — Wed, 11 Jul 2007 23:49:38 -0500

If the apparently increased pressure to get into college isn't enough, now students are apparently no longer allowed to let off steam away from school.

In Wisniewski v. Board of Educ. of Weedsport Cent. School Dist., the Second Circuit upheld a student's suspension for sending a "threat" via instant message to some of his fellow students. That instant message was an "icon [that] was a small drawing of a pistol firing a bullet at a person's head, above which were dots representing splattered blood. Beneath the drawing appeared the words 'Kill Mr. VanderMolen.'" Mr. VanderMolen was the student's English teacher.

The message was sent from the student's home computer. The kids who received it weren't at school. The facts are unclear about what happened next, but it's not hard to imagine. The kids probably laughed, and someone started forwarding it around. Next thing you know, it ended up in the hands of the school. Investigations were performed, and the results didn't exactly speak to huge repercussions on the part of the school. "[A] police investigator who interviewed Aaron concluded that the icon was meant as a joke, that Aaron fully understood the severity of what he had done, and that Aaron posed no real threat to VanderMolen or to any other school official. A pending criminal case was then closed. Aaron was also evaluated by a psychologist, who also found that Aaron had no violent intent, posed no actual threat, and made the icon as a joke."

The school district was having no part of that. The hearing officer, an attorney for the school district, didn't really care:

VanCoske found that the icon was threatening and should not have been understood as a joke. Although the threatening act took place outside of school, she concluded that it was in violation of school rules and disrupted school operations by requiring special attention from school officials, replacement of the threatened teacher, and interviewing pupils during class time. The hearing officer acknowledged the opinions of the police investigator and the psychologist that Aaron did not intend to harm VanderMolen and that he did not pose any real threat, but stated that "intent [is] irrelevant." Citing the evidentiary standard followed in New York suspension hearings, the decision concluded:

Substantial and competent evidence exists that Aaron engaged in the act of sending a threatening message to his buddies, the subject of which was a teacher. He admitted it. Competent and substantial evidence exists that this message disrupted the educational environment....

As a result of the foregoing, I conclude that Aaron did commit the act of threatening a teacher, in violation of page 11 of the student handbook, creating an environment threatening the health, safety and welfare of others, and his actions created a disruption in the school environment.

The hearing officer recommended suspension of Aaron for one semester. The recommendation was presented to the district's Board of Education (“Board”), which approved the one semester suspension in late September 2001. Aaron was suspended for the first semester of the 2001-2002 school year.

I'm sure there were lots of times when people I know said something, jokingly, as the student in this case, about killing a teacher. I know people said it about fellow students. Now, in spite of the fact that law enforcement determined there was no threat, busybody school administrators apparently feel that it is their duty to go further, and to use their tendencies to be busybodies as a justification for the punishment.

It must be stifling at times to be a young student these days. Entrance requirements for universities seems to continually escalate, often pushing former safety schools out of reach of the saner of students. Meanwhile, pressure to go to more "prestigious" schools appears to be increasing. Pressure to perform is generally greater. Words are watched carefully, even when they're solely used to vent. And because those words are no longer purely ephemeral, but are logged and forwarded and traded among others, one must be on constant guard, out of fear of being found to have made a threat.

The courts, as seen here, aren't helping things.

Reader influx

gregh — Mon, 09 Jul 2007 23:50:35 -0500

It's been a busy couple of weeks here on haverkamp.com. Not busy by truly busy website standards, but certainly busy compared to what we normally see around here.

The traffic has pretty much all concerned my post on the proposed ABA standards interpretation for 301(a). At first, it was just a small bump, when the post garnered a mention at Legal Underground. Then on Friday, everything went nuts... Well, nuts for around here.

Someone apparently took my post and started spreading it around to various forums. The biggest traffic generator appears to have been Jd Undergound. The always lovely AutoAdmit.com picked it up, also generating more traffic to my about page than I had previously seen. Finally, someone posted it in a comment on Above the Law, which caused a reader to suggest that I stop "linkwhoring [my] pathetic blog." Wasn't me, pal. This must be the kind of stuff the A-listers see written about themselves everyday.

Since then, I've seen a lot of ripples. The post appears to be running through mailing lists at various California law schools. At first, there were lots of Whittiers. Then came the Chapmans. Today, oddly, was a string of Santa Claras.

What sort of impact are we talking about? Here's a graph for the last few weeks. The first bump is from Legal Underground. The second is the array of Friday bumps.

Home broadband usage, non-usage

gregh — Tue, 03 Jul 2007 23:51:54 -0500

The Pew Internet & American Life Project today released their Home Broadband Adoption 2007 report. It's an interesting read for the details of broadband adoption (not great) and, also, an idea of Internet usage by American adults (a bit surprising.) It's easy to come to the conclusion that everyone uses the Internet. That is nowhere near the truth.

Some interest tidbits:

Slightly less than half of American adults have home broadband.
29% of American adults do not use the Internet. For some reason, that astounds me. 27% don't use the Internet because they don't use a computer at home, work, or school.
Limited rural penetration means limited rural adoption. Home broadband adoption in rural areas is 31%.
90% of home dialup users don't ever read or send email. I find that astonishing. 5% of home broadband users don't. I don't know why that smaller small number makes more sense to me.

It's an interesting study to at least skim. The table of page 11 that lays out the uses people make of the Internet is probably the most interesting bit of the report.

Internet anonymity ain't dead yet.

gregh — Wed, 21 Mar 2007 13:09:51 -0600

[The following was largely spawned by a Cyberspace Law class last night, and the repeated suggestions that we must authenticate users before we allow them to "use the Internet" so that we may track down evildoers.]

Are we really heading toward the end of a (relatively) anonymous Internet? I don't think so.

To properly answer this, it's important to consider how the Internet is constructed. Sure, you'll often read accounts of your data traveling across the Internet's "backbone." The problem is, there isn't a single backbone. The internetwork that is the Internet is comprised of numerous independent network backbones that interconnect. For any one node on any one of those backbones to identify with any certainty the sender of a packet would require a vast identity infrastructure that simply is nowhere near existence. However, it's possible that this extreme example of the impossibility of defeating anonymity is more than what some consider necessary. In fact, I know it is, based on class discussion.

Let's take another popular example that has been used: all users must authenticate their identities before they are allowed to "connect to the Internet." The obvious first question I have to ask is "To whom must they authenticate?" This is not an easy question to answer.

Is the answer the user's Internet Service Provider? If so, who's going to mandate that? If it's the ISP who mandates this, what other limitations of service will the ISP then have to place on the user to enforce this authentication? A user who wishes to remain anonymous will simply tunnel traffic through an anonymizing conduit, whether this is an application like TOR, or wilder approaches like tunneling one application layer protocol through another.

This raises another problem: who authenticates the conduit? Not all Internet "users" are discrete individuals. Many are servers providing services, remote access devices providing connectivity, or bots gathering and processing data. Who authenticates every process that connects to the Internet? Who do these processes authenticate to?

Finally, are users going to be expected to authenticate to every peer process? This suggests that every process and every user on the Internet will use a single authentication mechanism, or sufficient federation will have to exist for these authentications to take place. Who's going to write the software that allows the millions of autonomous servers, routers, switches, and other devices connected to the Internet to be able to carry out these authentications so that anonymous actors may eventually be identified?

My point is this: until everything authenticates, there is no forced, universal authentication to "connect" to the Internet. As long as unauthenticated systems exist, and as long as owners of some of those systems prize anonymity, a step as limited as forcing users to properly authenticate to an ISP before using the Internet (a concept that has still more questions) will not kill one's ability to act anonymously, nor will it lead to discoverable identification of anonymous sources.

Thinking about Katz's Fourth Amendment Protections

gregh — Tue, 13 Mar 2007 16:54:41 -0600

As I mentioned in my previous post, this is occupying much of my time these days. The general area concerns government surveillance of communications. It raises questions of just what protections Katz provided, and how they may be best applied to the Internet. Opinions run the gamut.

The most extreme anti-protection side says that Katz doesn't really apply at all. All communications on the Internet are exposed to third parties, and therefore, there is no reasonable expectation of privacy. The only protection for Internet communication is what the legislature promulgates. Right now, that's the combination of the Wiretap Act, the Electronic Communications Privacy Act and the USA-PATRIOT Act.

The most extreme pro-protection side feels that all communications should be protected, that that includes all Internet communications, and the wittling down of protections brought on by subsequent cases, like Smith v. Maryland and others.

Throughout the middle there's a lot of stuff. It's that stuff I'm adding to.

Eric Goldman's Best and Worst Internet Laws

gregh — Fri, 16 Feb 2007 02:20:43 -0600

Professor Eric Goldman's parting post at Concurring Opinions is his list of the best and worst Internet laws (so far.) Among the highlights of Goldman's best and worst:

On the best list, intermediary protection that came under the CDA
And from the worst: Unlawful Internet Gambling Enforcement Act of 2006 ("Thus, just like Kafka might write it, Congress deputizes private actors to block illegal activity without deciding for itself what constitutes illegal activity. The consequence is that banks and other money sources are going to curtail lots of legitimate activity to be on the safe side.");
DMCA Anti-Circumvention provisions ("The law was designed to bolster content protection technology: the purported justification was that content owners wouldn't feel comfortable putting content online without content protection measures, and this law restricts the ability to bypass those measures. As it turns out, the hottest area of anti-circumvention litigation has nothing to do with such content protection schemes but instead involves companies using the DMCA as an anti-competition law.");
Electronic Communications Privacy Act, which I've recently been becoming more familiar with ("Unfortunately, this is not a well-drafted law; in my opinion, this law as one of the most poorly drafted statutes ever. The result is a tangled convoluted hairball that no one (even privacy experts) can understand or apply.");
Dotkids Implementation and Efficiency Act, which I didn't even know existed ("In the name of providing a safe online haven for kids, Congress co-opted the .kids.us domain and decreed that only kid-safe content could reside there."); and
Communications Decency Act. Notable for me because I was at Carnegie Mellon when the whole "Rimm Report" dust-up occurred. I met regularly with the dean of student affairs because of my then-former involvement in student government; was the public affairs director of the campus radio station, which put me in charge of the talk shows and stuff; and I was friends with Declan McCullagh, who put his name on the map with this issue. Anyway... ("The CDA tried to keep kids away from Internet porn, a reaction to a sensational 1995 article (the "Rimm Report") published in the Georgetown Law Journal that proclaimed that the Internet was awash in porn. But later examinations thoroughly discredited the "Rimm Report" meaning that Congress' efforts/overreactions were based on bad social science.")

The list doesn't say much for legislative action in this realm.

Info/Law: Election's Impact on Info/Law

gregh — Wed, 08 Nov 2006 19:11:34 -0600

It will prove interesting to see the results of the election as they bubble up.

Election’s Impact on Info/Law:

In the House, it appears most likely that Rep. Howard Berman will take over the chairmanship of the subcommittee that handles intellectual property law. As National Journal’s Congress Daily noted, we can expect him to ‘protect his nearby Hollywood interests by cracking down on piracy and protecting against copyright infringement of TV, music and movie productions.’ In general terms, that means restrictive IP law that favors content producers and rightsholders and hostility toward flexibility or expansion of fair use. That’s the bad news for Info/Law. The good news is that Congressman Ed Markey, a champion of consumer-oriented telecom and internet policy (and sponsor of the network neutrality amendment in the House earlier this year) will take over the subcommittee with the most power over these issues; the full Committee on Energy & Commerce will be helmed by John Dingell, who is pretty good on telecom as well. In addition, Rick Boucher, another consistent advocate for balanced information policy, particularly fair use and library concerns, will be a very senior Democrat on the Judiciary Committee (and possibly on Berman’s subcommittee). Finally, there is reason to hope education-oriented Democrats like Dale Kildee may pay attention to the serious and growing problems relating to educational uses of digital content.

'Supercerts' Aim to Highlight Legit Web Sites

gregh — Wed, 08 Nov 2006 18:45:40 -0600

'Supercerts' Aim to Highlight Legit Web Sites:

Over the past couple of years, dozens of companies have rolled out technologies designed to help computer users and companies better spot 'phishing' scams -- Web sites that try to trick people into giving away financial and personal data. But what about helping users tell for certain that when their browser tells them that they are at, say, BankofAmerica.com, that they're really at the bank's official Web site and not at some scam site?

That's precisely the aim of CA/Browserforum, a security effort by the major Web browser makers and certificate authorities, or companies who sell and issue Web site security certificates.

Today, pretty much any Web site owner can plunk down between $150 to $400 and purchase a secure sockets layer (SSL) certificate, a technology designed not only to protect the integrity of data submitted by customers but also to give visitors a modicum of assurance that the site takes their security seriously. By clicking on the little padlock icon in the browser that accompanies all SSL certified sites, visitors also can gain more assurances that the SSL holder is a legitimate company and that it at least has been vetted by a certification authority to some degree.

It wasn't too long ago, I was having a discussion with someone about this topic. The first time I tried to purchase a server certificate (from VeriSign), it was actually a labor-intensive process. I was working for Instinctive Technology (the makers of eRoom, bought by Documentum, who in turn was bought by EMC) and we had maybe 20 employees at the time. VeriSign rejected the application initially, because they couldn't verify that we existed. I had to come up with a D&B number, and I had to have a letter from an officer on company letterhead stating who we were and that the company was indeed requesting the certificate. Finally, I had to make several phone calls to finally get the thing processed. In the end, I was left pretty convinced that they knew who I was.

Obviously, that process wasn't going to work on a larger scale, and things became something of a joke. Now, certificates do little more then authenticate that someone presumably legitimate signed the data contained in the certificate. So, with this proposal, I guess we're taking some queues from the past. Imagine; people might actually have to get involved in an effort to prove identity.