vigilant.tv

Following the RIAA's unprecedented legal attack on the users of file sharing networks, Pacific Bell has launched a countersuit arging that the RIAA's tactics of issuing subpoenas to ISPs is illegal.

In a complaint filed with the U.S. District Court in San Francisco, Internet service provider PBIS, operated by San Antonio-based SBC, alleges that many of the subpoenas served against it by the Recording Industry Association of America were done so improperly.

The suit also called to question some sections of the Digital Millennium Copyright Act, the federal law the RIAA contends supports its latest legal actions. A spokesman for SBC said the RIAA's use of the DMCA in its legal quest for online song-sharers butts up against the privacy rights of SBC's customers.

"The action taken by SBC Internet Services is intended to protect the privacy of our customers," said SBC spokesman Larry Meyer. "Misapplication of DMCA subpoena power raises serious constitutional questions that need to be decided by the courts, not by private companies which operate without duty of due diligence or judicial oversight."

[...]

PBIS claims that more than 200 subpoenas seeking file-sharers' e-mail addresses were issued from the wrong court of jurisdiction. Moreover, PBIS said the recording industry's demand for information on multiple file-sharers cannot be grouped under one subpoena, and that the demands themselves are overly broad.

In the complaint, PBIS maintains it only acts as a "passive conduit" for the activity of its subscribers and "does not initiate or direct the transmission of those files and has no control over their content or destination."

[...]

The recording industry has won at least 871 federal subpoenas against computer users suspected of illegal sharing music files on the Internet. The RIAA is trying to compel some of the largest Internet providers, such as Verizon Communications Inc. and Comcast Cable Communications Inc., to identify names and mailing addresses for users on their networks.

- AP, Pac Bell's Internet arm sues music industry over file-sharer IDs.

Proposed new Australian legislation would allow the Attorney-General to order internet and phone communications to be disconnected, and carrier licenses be refused, without any grounds for judicial review.

The amendments to the Telecommunications Act and the ASIO Act - part of the innocuously-named Communications Legislation Amendment Bill No 2 - are part of several legislative moves designed to make it easier for ASIO and law enforcement bodies to intercept or restrict telecommunications.

Introduced in the wake of Parliament's approval of the watered-down ASIO Bill, the widely-framed powers would allow a technological crackdown on anyone who posed a risk to national security.

The bill allows the Attorney-General to order the disconnection of a service where the "use or supply is ... prejudicial to security".

[...]

The legislation also requires the Australian Communications Authority to consult with the Attorney-General before it grants a carrier license, and allows the Attorney-General to refuse the issue of a license on national security grounds.

The government is also seeking to exempt such decisions from judicial review by the Administrative Appeals Tribunal on the grounds of national security. While individuals denied access to a service would normally be notified in writing, an exemption is allowed where "essential to the security of the nation.

- Australian, Net terrorists targeted.

Here's a copy of the bill (text version).

Catching up: An Australian government committee on crime recently proposed that free email accounts be banned, with all email providers collecting credit card details to help law enforcement track criminals. Meanwhile, Federal Police are reportedly talking with offshore providers of free email accounts about gaining access to customer records.

The committee has apparently not heard of anonymous remailers.

Admitting that the AFP had difficulty gaining access to subscriber details often stored with the US offices of email providers, Australian High Tech Crime Centre director Alastair MacGibbon said discussions were in train with the local offices of major providers.

His comments to the the Australian Parliamentary Joint Committee on the Australian Crime Commission's investigation into cybercrime came as other witnesses suggested 100 point checks for internet users and the abolition of free email accounts.

[...]

Former NCA member Greg Melick told the committee there was an easy way to eliminate the anonymity that protected criminals online.

"Do away with free internet (email) accounts," he said. "If they aren't free then people will pay by credit card and that gives law enforcement some starting point.

"Microsoft and others who provide these services have to be brought to heel."

- Australian IT, Police target free email.

The RIAA has begun issuing ISPs with subpoenas demanding the identity of hundreds users it accuses of illegally sharing music files.

"This should not come as a surprise to anyone. Filing information subpoenas is exactly what we said we'd do a couple of weeks ago when we announced that we were ," said a representative for the RIAA, the music recording industry's leading trade body.

[...]

Under the Digital Millennium Copyright Act, ISPs are required to provide copyright holders with such information when there is a good-faith reason to believe their copyrights are being infringed, according to attorneys for the RIAA.

The trade group said it would probably file several hundred lawsuits this summer.

[...]

David Blumenthal, a spokesman for EarthLink, said the company had received three subpoenas in recent weeks asking the company to identify individuals.

"It is our intention to do so, based on ," said Blumenthal. But, he added, "we disagree with the method that is being used here, and while we support the right of them to enforce copyrights, we think this is the wrong method for doing so."

"We're urging the RIAA and other copyright holders to find a less-intrusive method for protecting their intellectual property," he said.

- CNet, Record industry starts spreading subpoenas.

The Guardian reports on the contrast between advances in media freedom in Indonesia (with the notable exception of Aceh), and increasingly repressive laws aimed at speech by members of the public.

The same freedoms of expression do not seem to apply to the rest of the population. After a few years of rolling back some of the most repressive legislation of the Suharto era, such as the subversion law, releasing hundreds of political prisoners and relaxing regulations governing background checks, Indonesia's elite appears to have lost its "reformasi" zeal and is ominously heading back to the "safety" of authoritarianism to perpetuate its grip on power.

Of most concern to human rights activists is the increasingly regular prosecution of peaceful protesters and political activists for merely "insulting" the executive or allegedly "sowing hatred" against the state. Human Rights Watch and Amnesty International have recently issued separate reports on the subject. Titled A Return to the New Order? (in reference to the name given to Suharto's regime) and Indonesia: Old Laws - New Prisoners of Conscience respectively, they chronicle the cases of at least 46 detainees they regard as prisoners of conscience.

Their "crimes" range from trampling on posters of Ms Megawati and her deputy, Hamzah Haz, engaging in peaceful debates on independence for Aceh and Papua, organising labour protests to being the wrong religion in ethnic conflicts.

- Guardian, Under the spotlight.

NBC has a piece on private satellite broadcasts to Iran being jammed by a source in Cuba. The broadcasts are made by private TV studios, mostly low budget Iranian language news and chat shows. Iran had been largely unsuccessful at jamming the broadcasts from within the country, as we reported last month.

One of the sources said that [Telstar-12 operators Loral Skynet], working with transmitter location expert TLS Inc. of Chantilly, Va., had further fixed the location as "20 miles outside of Havana." Cuba's main electronic eavesdropping base, at Bejucal, is about 20 miles outside of the Cuban capital. The base, built for Cuba by the Russians in the early 1990's, monitors and intercepts satellite communications.

[...]

The Farsi language broadcasts, by the Los Angeles-based ParsTV, Azadi Television and Appadana TV, are uplinked in the US via Telstar-5, which is over the United States. They are then turned around at the Washington International Teleport in Alexandria, Va., where they are joined by the VOA broadcast and uplinked again to Telstar-12 over the eastern Atlantic Ocean.

       It is the Telstar-12 uplink that is being jammed, say investigators for companies working with the broadcasters, cutting off broadcasts not only in Iran but in Europe and the rest of the Middle East as well. The jamming could emanate from anywhere within the satellite's uplink footprint, which covers all the Eastern United States, the Caribbean and South America, say investigators. In the past, the Iranian government, using high-power transmitters on towers in cities such as Tehran have been able to jam it locally. The fact that TV viewers elsewhere can't see it was the first hint that the jamming was happening on this side of the Atlantic.

- NBC, U.S. satellite feeds to Iran jammed: Jamming signals are coming from Cuba, sources say.

Cringley's pulput details insecurity and abuse of the CALEA automated wiretapping system. The Comverse Infosys case gets an indirect mention.

CALEA made the phone companies and pager companies and Internet companies responsible for building into their equipment the capability to tap all types of communications on the order of a judge or -- in the case of foreign surveillance -- of the U.S. Attorney General.  Every telephone switch installed in the U.S. since 1995 is supposed to have this surveillance capability, paid for, by the way, with $500 million of your tax dollars.  Not only can the authorities listen to your phone calls, they can follow those phone calls back upstream and listen to the phones from which calls were made.  They can listen to what you say while you think you are on hold.  This is scary stuff.

But not nearly as scary as the way CALEA's own internal security is handled.  The typical CALEA installation on a Siemens ESWD or a Lucent 5E or a Nortel DMS 500 runs on a Sun workstation sitting in the machine room down at the phone company. The workstation is password protected, but it typically doesn't run Secure Solaris.  It often does not lie behind a firewall.  Heck, it usually doesn't even lie behind a door.  It has a direct connection to the Internet because, believe it or not, that is how the wiretap data is collected and transmitted.  And by just about any measure, that workstation doesn't meet federal standards for evidence integrity.

[...]

And abuse does happen. In the late 1990s the Los Angeles Police Department conducted illegal wiretaps with CALEA technology involving thousands of phone lines and potentially hundreds of thousands of people at a time when the official annual report on wiretaps compiled by the Department of Justice said L.A. was conducting an average of around 100 wiretaps per year. Illegal convictions were obtained, property was illegally confiscated, civilian careers and lives were ruined, yet nobody was punished.

- PBS, Shooting Ourselves in the Foot: Grandiose Schemes for Electronic Eavesdropping May Hurt More Than They Help.

This Village Voice piece on anonymous weblogs gives Invisiblog a plug. The article also includes some interviews with psuedonymous bloggers, describing their reasons for choosing not to reveal names.

"Political activists, independent journalists, whistleblowers-anyone who is prevented from publishing by repressive laws or threats of violence" can benefit from covert-blogging software, writes Charles Farley of Invisiblog. Indeed, over the past year, online diarists in Cuba, Iran, and Tunisia have been jailed for publishing. Like these writers, Yeedel and several other Hasidic bloggers have put their lifestyle, if not their lives, on the line with their contentious chronicles.

[...]

The Hasidic Rebel's anony-blog provides a unique view into this closed culture. "A couple of months ago, a Chasidic man was accused of having expressed heretic views," Yeedel writes. "It was alleged that he had a circle of friends who shared these views and he was their leader. . . . He was lured into an office for a supposedly friendly chat and beaten up. He was warned against reporting the perpetrators to the authorities and threatened that if he did, information . . . would be publicized that would shame him and his family."

- Village Voice, The Sharer of Secrets: Anonymous Blog Cracks Window Into Hasidic Community.

Compare and contrast with this recent Dvorak column predicting anonymity will lead to the end of the world. He's correct in noting that RIAA lawsuits will likely push anonymous technologies into common use, but forgets anonymizing technology has significant benefits: increased privacy and security, decreased censorship, reduced identity theft, cheaper and more pervasive publishing. He's also incorrect in claiming that anonymous remailers have decreased over the years - check the Frog remailer peak loads and compare 1999 figures to 2003.

We can expect to see the development of new stealth technologies that will be used routinely by everyone. A massive trend toward true Net anonymity will have repercussions that are all bad. Child porn rings will be harder to uncover. E-mail sources will be harder to find. Spam will rule. Virus coders will remain in the shadows. Terrorism can flourish in such an environment. And the RIAA still won't win the battle over file swapping. But it will have set off a bad chain of events.

There have been bursts of activity concerning anonymity on the Net, with paranoid users finding ways to hide themselves from any sort of scrutiny. There are still a few remailers out there through which you can send anonymous e-mails. You might do this to prevent your e-mail address from being harvested by so-called spam bots. It's also handy for writing poison-pen letters to the boss or whomever. Many of these anonymous remailers were compromised by various governmental security agencies (or so it was believed) and their use has declined recently. Also, the general public didn't seem to have a serious interest in extreme anonymity, since the openness of the Net didn't seem to be causing anyone's exploitation.

[...]

In the meantime, as anonymity software ups the technology ante and throws the ball back into the RIAA's court, I suspect that the organization will have to open some anonymous file-sharing portals of its own to snare and scare off users. It has to do this sooner rather than later. And, of course, that will up the ante one more time, and eventually we'll end up with completely anonymous computing-with all its negative implications. Won't that be peachy?

- PC Magazine, The Anonymity Doomsday Factor.

Washington Post reports on a universtiy student's research project that maps physical data and voice communications lines. Despite the fact that it was compiled from publicly available sources of information, government officials have suggested the work should not be published.

[George Mason University graduate student Sean Gorman] can click on a bank in Manhattan and see who has communication lines running into it and where. He can zoom in on Baltimore and find the choke point for trucking warehouses. He can drill into a cable trench between Kansas and Colorado and determine how to create the most havoc with a hedge clipper. Using mathematical formulas, he probes for critical links, trying to answer the question: "If I were Osama bin Laden, where would I want to attack?" In the background, he plays the Beastie Boys.

[...]

Invariably, he said, [government officials] suggest his work be classified. "Classify my dissertation? Crap. Does this mean I have to redo my PhD?" he said. "They're worried about national security. I'm worried about getting my degree." For academics, there always has been the imperative to publish or perish. In Gorman's case, there's a new concern: publish and perish.

"He should turn it in to his professor, get his grade -- and then they both should burn it," said Richard Clarke, who until recently was the White House cyberterrorism chief. "The fiber-optic network is our country's nervous system." Every fiber, thin as a hair, carries the impulses responsible for Internet traffic, telephones, cell phones, military communications, bank transfers, air traffic control, signals to the power grids and water systems, among other things.

[...]

Gorman compiled his mega-map using publicly available material he found on the Internet. None of it was classified. His interest in maps evolved from his childhood, he said, because he "grew up all over the place." Hunched in the back seat of the family car, he would puzzle over maps, trying to figure out where they should turn. Five years ago, he began work on a master's degree in geography. His original intention was to map the physical infrastructure of the Internet, to see who was connected, who was not, and to measure its economic impact.

- Washington Post, Dissertation Could Be Security Threat.

Grokster has announced a new group, as yet unnamed, that will lobby Congress against the RIAA's anti-p2p campaign.

Grokster President Wayne Rosso said Monday that he's planning to help launch a trade group in September that will try to convince Congress that peer-to-peer companies can be legitimate ventures.

Rosso said the group would work to tell its side of the story and counteract claims by the record industry, which has sought to characterize peer-to-peer networks as havens of piracy and porn.

"We're going to join the debate," he said.

Rosso said the group would encourage peer-to-peer companies to "take responsibility and clean up our own house." He also said the group would support , an overhaul of the content payment system that could force music labels and movie studios to allow anyone who asks--or who pushes a download button--to use their works on demand. Radio broadcasters and Webcasters currently use this model.

The announcement of the group, which has yet to adopt a formal name, comes just days after Sharman Networks, distributor of Kazaa, said it is that will work to bring together all types of companies that operate in, or are affected by, the peer-to-peer market. Those companies could include peer-to-peer operators as well as Internet providers and record labels.

- CNet, Trade group to back P2P efforts.

IT Analysis via The Register has a piece on internet censorship in Iran. It's a bit lacking in depth, but has a few details that are worth noting.

In order to implement the censorship, the mullahs send lists of the banned web sites - already more than 100,000 - to the 300 or so ISPs in Iran who are, in turn, obliged to prevent access to the sinful sites. There are problems with this. First, Iranian ISPs are not well equipped with the filtering software that they need to apply the dictates of the mullahs, and hence they get it wrong or do it slowly or both. Second, the web is organic, growing daily, so new 'degenerate' sites regularly emerge and also resurrections of banned sites spring up in new places. Third, the mullahs have no way of preventing seditious behaviour of any kind by email or in chat rooms.

[...]

Recently when there were popular protests in Tehran and other cities in Iran, the newspapers gave limited coverage of events. The student web sites became the only medium that reported the incidents in any detail. The mullahs have not yet tried to suppress these sites. Neither have they acted against some of the top portals, half of which either carry Iranian Internet porn or have web links that point to it.

- IT Analysis, Blocking Internet Porn in Iran.

Australian Jewish groups are considering appealing against a decision to allow a screening of a film by Holocaust revisionist David Irving. The JCCV had applied for an injunction against the film, claiming it breached religious tolerance laws.

The Victorian Civil and Administrative Tribunal (VCAT) refused to grant an interim injunction preventing the Melbourne Underground film Festival's (MUFF) Thursday screening of the movie: The Search for the Truth in History.

The Jewish Community Council of Victoria (JCCV) claims the film will promote Irving's claim that the Holocaust is a 50-year myth perpetrated by Jews.

The council's president, Michael Lipshutz, said he would decide whether to appeal the decision to the Supreme Court.

- AAP, Jewish groups ponder Irving appeal.

Meanwhile, The Guardian has a background piece on the state of film censorship in Australia: Censor sensibility. It doesn't mention the Irving decision, but covers last week's police raid on an attempted screening of Ken Park.

A California startup has announced a new email encryption system that uses Boneh and Franlkin's identity-based public key encryption to remove the need for key exchange.

Under the Voltage system, the sender of a message uses software that converts the recipient's e-mail address into a number and then encrypts the message using a mathematical formula. The recipient can then use a similar formula in conjunction with a secret key to decode the message. The company says it would be almost impossible for an eavesdropper to use the formula. The software can be used with several existing PC e-mail programs.

The new technology is based on the theoretical work of two computer scientists: Daniel Boneh of Stanford University and Matthew Franklin of the University of California at Davis. Two years ago, the two researchers proposed a theoretical solution known as "identity based encryption" as an alternative to the current, complex approach, using public keys, which must be validated with digital certificates held by a central and trusted repository.

- NY Times, A Simpler, More Personal Key to Protect Online Messages.

However, the system has some serious drawbacks that aren't mentioned in the NY Times article. As we reported here 2 years ago when it was first proposed, the identity-based system requires key escrow: secret keys are created and held by a third party (presumably Voltage, in this case). This means that Voltage will be a juicy target for subpoenas, warrants, hackers and stalkers.

Additionally, the algorithm as proposed by Boneh and Franklin offers no authentication mechanism.

There are some technical notes on the algorithm available at Stanford's crypto group.

The Australian government is considering linking drivers license, passport and other identity databases in a single national network. The database would be accessible not just by government departments, but by banks and other financial institutions. It's being pushed as a solution to identity fraud.

Justice Minister Chris Ellison will announce today a feasibility study into a nationwide "electronic gateway" that would allow the instant verification and cross-matching of documents such as birth and death certificates, driver's licences, passports and immigration records.

The proposed system would be used by banks, other financial institutions and state and federal government departments and agencies such as state road traffic authorities to verify identity.

[...]

Senator Ellison told The Sunday Age false or stolen identities could be used to carry out terrorism, fraud, people smuggling, illegal immigration and crimes involving electronic commerce.

Fraud taskforce co-ordinator Tony Burke said the study should be completed before the end of the year.

He said an electronic gateway system could first be established using a small "hub" of databases. More databases would be hooked up to the network as the government departments or agencies operating them demonstrated they had adequate security and document management systems.

- The Age, Hot link to beat identity fraud.

Hong Kong's leader Tung Chee-hwa has announced he will amend the controversion sedition and subversion bill to remove the most controversial clauses. No details of the amendments yet.

"After repeated and detailed discussions, we have decided to make amendments to further allay people's fears," [Tung Chee-hwa] told a news conference, looking weary after days of crisis talks with his cabinet and senior advisors.

[...]

Tung, who became leader of the former British colony after it was handed back to China in 1997, said the government would remove two of the bill's most controversial clauses.

One would have allowed the banning of groups in Hong Kong if they were outlawed on the mainland, while the other would have given police sweeping search powers without court warrants.

The government will also beef up the bill to add safeguards for freedom of the press. Journalists who disclose Chinese state secrets will be allowed to defend themselves if they can prove it is in the public interest.

- reuters.world, HK to Amend Subversion Bill After Mass Protests.