The Economist is having one of its regular debates, this time on the question of whether or not governments should do more to protect online privacy. Speaking for the motion that government should do more is Marc Rotenberg of EPIC, while arguing that there are better ways to protect your privacy than expecting your government to help you is Jim Harper from the Cato Institute. Right now more people are siding with Rotenberg, but it seems like a classic "oh, somebody has to protect me!" sort of response. Harper's arguments make a lot more sense to me, with the key point being: do you really trust the government to protect your privacy?
The American government, like others around the world, is a voracious information collector. It facilitates and promotes private-sector tracking and surveillance. It skirts and sometimes violates laws intended to restrain its snooping, and it cannot be held accountable when it does.
This does not seem like the kind of institution one would turn to for privacy protection. "Independent privacy agencies" and government bodies like the tiny, well-meaning American Federal Trade Commission do not tip the balance the other way.
Rotenberg responds that individuals really can't do much in response, and uses the example of Google Buzz's privacy screwup as an example. But, the response to that sort of proves Harper's point rather than Rotenberg's. Right after Google screwed up with the Buzz launch, in a manner that caused serious privacy concerns, the public and the press responded within hours, calling out Google for what it had done, and forcing Google to backtrack almost immediately and admit that it had screwed up. What more could the government have done? If it was solely up to the government, there would have been a months (years?) long investigation, and finally some sort of wrist-slap and a fine. The public response to Google's misstep and the concerns that raised among many people about their privacy in using Google seemed to function fine, and should (one hopes) cause Google to think a lot more carefully before making a similar mistake in the future.
Either way, as with all of the Economist's debates, there's a lot of interesting discussion going on, not just between the two main participants, but in the discussion section as well.
So this is just bizarre. I saw a Wired report about a talk by a guy named Chet Uber, who claimed he helped connect Adrian Lamo to the feds in order to turn in Bradley Manning (the Army intelligence analyst accused of leaking content to Wikileaks), but Uber's little talk raised a number of other issues unrelated to Manning/Lamo. Specifically, towards the end of this Forbes piece about Uber and his organization, Project Vigilant comes a little shocker about how the firm spies on internet traffic for the US government:
According to Uber, one of Project Vigilant's manifold methods for gathering intelligence includes collecting information from a dozen regional U.S. Internet service providers (ISPs). Uber declined to name those ISPs, but said that because the companies included a provision allowing them to share users' Internet activities with third parties in their end user license agreements (EULAs), Vigilant was able to legally gather data from those Internet carriers and use it to craft reports for federal agencies. A Vigilant press release says that the organization tracks more than 250 million IP addresses a day and can "develop portfolios on any name, screen name or IP address."
"We don't do anything illegal," says Uber. "If an ISP has a EULA to let us monitor traffic, we can work with them. If they don't, we can't."
And whether that massive data gathering violates privacy? The organization says it never looks at personally identifying information, though just how it defines that information isn't clear, nor is how it scrubs its data mining for sensitive details.
Uh... what? Given the uproar and then Congressional smackdown to ISPs that tried to monitor such information for advertising purposes, that doesn't seem right at all. Sneaking a clause into an EULA saying that it's handing all your info over to a private party who will monitor it for the feds (maybe) and whoever else they want doesn't really seem aboveboard or legal despite the claims. It's also highly unlikely that it "never looks at personally identifying information." Nearly everyone who's ever claimed that has been proven wrong later.
The whole thing seems really sketchy, and as Glenn Greenwald notes, it appears to be an attempt to skirt the law:
There are serious obstacles that impede the Government's ability to create these electronic dossiers themselves. It requires both huge resources and expertise. Various statutes enacted in the mid-1970s -- such as the Privacy Act of 1974 -- impose transparency requirements and other forms of accountability on programs whereby the Government collects data on citizens. And the fact that much of the data about you ends up in the hands of private corporations can create further obstacles, because the tools which the Government has to compel private companies to turn over this information is limited (the fact that the FBI is sometimes unable to obtain your "transactional" Internet data without a court order -- i.e., whom you email, who emails you, what Google searches you enter, and what websites you visit --is what has caused the Obama administration to demand that Congress amend the Patriot Act to vest them with the power to obtain all of that with no judicial supervision).
But the emergence of a private market that sells this data to the Government (or, in the case of Project Vigilance, is funded in order to hand it over voluntarily) has eliminated those obstacles. As a result, the Government is able to circumvent the legal and logistical restrictions on maintaining vast dossiers on citizens, and is doing exactly that. While advertisers really only care about your online profile (IP address) in order to assess what you do and who you are, the Government wants your online activities linked to your actual name and other identifying information.
So, since Uber and Project Vigilant won't say who these 12 ISPs are, can anyone help us out? What are the 12 ISPs out there who, via sneaky language in their EULAs are simply handing over your private data to some company to sell to the US government?
We already wrote about the recent Congressional committee hearings on intellectual property enforcement, where IP Czar Victoria Espinel blamed China. However, there were other speakers there as well, and perhaps the most interesting was from John Morton, the assistant secretary of Homeland Security's Immigration & Customs Enforcement (ICE) division -- the group that recently started working for Disney and seized a bunch of domains using questionable legal theories. We're still trying to figure out what the hell immigration and customs enforcement has to do with internet file sharing, and here was a chance to set the record straight.
In his opening remarks to the event, Rep. Howard Berman (who has been called the Representative from Disney, so it fits that he's happy that ICE now works for Disney) highlighted how this operation was "innovative thinking." (pdf):
Most recently, I was interested to read about the initiative
undertaken by Immigration and Customs Enforcement, or ICE, to seize the domain names of
Web sites that were unlawfully offering first-run movies. That is exactly the kind of innovative
thinking the Vice President called for -- and I am curious to hear from Assistant Secretary Morton
on how it came about, the obstacles that you faced, and how we can scale Operation "In Our
Sites" to enterprises that facilitate the theft of music, books and other products prone to
counterfeiting.
Note the sly trick (lie) from Berman here: suggesting that copyright infringement and counterfeiting are the same thing. You'll see this quite frequently these days (hello, ACTA), because it's easier to show actual problems from counterfeiting -- and nearly impossible to show problems from infringement. So by simply pretending they're the same, everyone can pretend that the "harm" from infringement is much worse. Note carefully that whenever anyone talks about the specific "harm," it always relates to counterfeiting. But when they talk about the "problem" they talk about infringement. It's amazing that no one calls them on this stuff.
Morton's talk was basically anchored with this kind of deception. You can read the whole thing here (pdf) or the embedded version below:
Let's dig into some specifics:
Simply put, American business is under assault from those who pirate copyrighted material and produce counterfeit trademarked goods.
And, we're off, with a simple conflation of two totally different things. Counterfeiting and copyright infringement are not the same at all.
Criminals are stealing American ideas and products and selling them over the Internet, in flea markets, in legitimate retail outlets and elsewhere. From counterfeit pharmaceuticals and electronics, to pirated movies, music, and software, these crooks are undermining the U.S. economy and jeopardizing public safety. American jobs are being lost, American innovation is being diluted and the public health and safety of Americans is at risk -- and organized criminal enterprises are profiting from their increasing involvement in IP theft.
Except, of course, you cannot "steal" ideas. And notice how the paragraph moves seamlessly back and forth between counterfeit goods and infringement. If infringement on the internet is the real problem, then why are they talking about "health and safety" which has nothing to do with people watching movies online. Furthermore, the whole "selling them over the Internet" may apply to counterfeit goods, but I thought the whole problem with content online is that people aren't "selling" it but giving it away for free? Why conflate the two unless your sole purpose is to confuse?
Finally, the GAO just dinged the government for buying into bogus industry claims about "lost jobs" and diluted innovation. So why is a government official repeating them?
Intellectual property rights are intended to discourage thieves from selling cheap imitations of products, which are often far less safe or reliable than the original products.
Please, let's be clear: Trademark law is designed to prevent consumer confusion over such imitations. Copyright law is entirely different and is designed to create incentives that "promote the progress of science." But, again, Morton is carefully conflating the two, because it hides the weakness of the idea that Homeland Security has any role in dealing with internet file sharing.
Intellectual property rights also protect the actor, director, writer, musician and artist from having a movie, manuscript, song or design illegally sold by someone who had no part in the artistry of creating it.
While true to some extent, again, "sold" over the internet? Wasn't the whole problem that all this stuff is available for free?
This increase in access to the Internet, while of great benefit for global communication and commerce, represents a very real threat to America's film and music industries. Their products are extremely susceptible to Internet piracy, especially as bandwidth increases. As a result of this growing concern, ICE counterfeiting and piracy investigations are increasingly directed to web-based criminals.
You know, cars represented a very real threat to America's horse and buggy industries. Would customs officials have blocked automobile manufacturing as well? The job of Homeland Security is not to pick which technology wins or to protect the business models of some legacy companies within an industry. And it's not actually a "threat." It's an opportunity for those who know how to embrace it. Remember, the movie industry continues to do quite well -- and it was the one who claimed that the DVD business would kill it. If this were a few decades back, would ICE be blocking all DVD imports because it represented a "a very real threat to America's film industry"? After all, that's exactly what the industry claimed, just as they are doing now. Why does Morton and ICE simply believe it this time when the industry has been wrong every single time about technology threats?
ICE has a legacy of engagement in IP theft enforcement -- stretching from our past years as U.S. Customs Service investigators to our present role as Homeland Security investigators. ICE is a leading agency in the investigation of criminal intellectual property violations involving the illegal production, smuggling, and distribution of counterfeit and pirated products, as well as money laundering violations.
Sure, the role is supposed to be about blocking counterfeit goods at the border. That's got nothing to do with file sharing online, so why dump it in there?
Representatives from the Motion Picture Association of America (MPAA) and RIAA assisted participating customs authorities with focused training, targeting and analysis...
Once again, we see biased industry players "training" government officials. Given the "training" we've seen both the MPAA and RIAA create for schools, why does it seem likely that they leave out certain important things (fair use, anyone?)?
ICE is an active member of the U.S. delegation negotiating the Anti-Counterfeiting Trade Agreement (ACTA). The goal of ACTA is to work with other countries interested in promoting strong enforcement of IPR. ACTA aims to strengthen legal frameworks to bridge existing gaps between laws and dedicated enforcement....
Someone's off message. Remember, ACTA isn't supposed to be about changing legal frameworks or laws.
Last month, the IPR Center launched Operation In Our Sites, a new initiative aimed at Internet counterfeiting and piracy.
Please. Be honest: it was aimed at piracy. It had nothing whatsoever to do with counterfeiting.
On June 30, more than 75 ICE agents participated in this enforcement action, which resulted in the seizure of assets from 15 bank, PayPal, investment, and advertising accounts.
And, um, also raising all sorts of legal questions about Homeland Security's right to just seize domains. On top of that, as many are starting to point out, just because you seize the domain name, it doesn't mean you take down the actual site. And, all this will really do is drive file sharers further underground.
Interestingly, as the new owners of the domain name, ICE has been able to determine the number of visitors these sites have received since seizures. Within two days of ICE's enforcement action against these pirating web sites, over 1.7 million visitors saw the banner. This number is more than the daily total of "hits" the sites were receiving when they offered pirated movies and music. In other words, the government's warning banners have "gone viral," and Internet users are actually seeking the web site out to view the banners themselves. The resulting public education about pirating is a significant result of this enforcement operation.
You might want to ask those visitors what they learned. Because many learned that Homeland Security is focused on stopping file sharing, rather than important things like stopping terrorism. People who are visiting those sites aren't suddenly saying "hey, wow, now I know it's illegal and I'll stop."
The IPR Center recognizes that law enforcement cannot fight IP theft alone and we look to partner with private industry in our efforts. In a market economy, no one has a greater incentive for protecting intellectual property rights than private industry. Companies want to protect their investments in research, development, manufacturing, sales, marketing and product distribution.
No. They want to protect their profits. They want to protect the monopoly rents guaranteed by the government. It's really quite scary how Homeland Security admits that it's protecting the business models of certain industries over those of other industries. This is not the role Homeland Security is supposed to be playing.
I have no problem with Homeland Security stopping legitimately harmful or faked products at the border. That makes perfect sense. But no one has explained what any of that has to do with seizing domains from file sharing sites. Conflating trademark infringement and copyright infringement, and acting as if they're the same thing, while highlighting the harm of fake drugs and then lumping in downloaded music and movies is extremely disingenuous. It's too bad our tax dollars are being used to prop up companies who refuse to adapt, and the lengths to which government employees will go to, in an effort to rationalize such blatant extension of their mandate in order to help out key companies.
Well, here we go. Remember how, a few months back, we noted how odd it was that the Justice Department (which, of course, employs many former RIAA/MPAA/BSA lawyers) was designating a special task force to fight copyright infringement? After all, copyright infringement is mostly a civil issue, between two private parties. For years, however, the entertainment industry has been working hard to convince the government to act as its own private police force, and following a totally one-sided "summit" with Joe Biden (who recently claimed that infringement is no different than doing a smash and grab at Tiffany's), suddenly the feds had a special IP task force... at the same time that it was downgrading the priority of crimes that cause actual harm, such as identity fraud.
Now, it looks like law enforcement isn't even trying to hide the fact that they're taking orders from Hollywood. Dark Helmet points us to the news that Homeland Security proudly announced raids on nine different movie sites, which they accuse of infringing on copyrights. But what's most interesting is where the announcements about these raids happened: at Disney. And who else was there on stage? Execs from other studios. Yup, Homeland Security isn't even trying to make the slightest effort to hide the fact that it now works for corporate interests. It will announce legal activity from the companies, which stand to benefit the most from such activity.
Imagine if the FTC announced plans to charge Google with antitrust from Microsoft's offices? With execs from Yahoo and Apple on stage. Wouldn't people cry foul?
Not only that, but the guy in charge of the raids blatantly admits that it's now a homeland security priority to protect movie studio interests:
The head of ICE [Immigration and Customs Enforcement], John Morton, says that the number of illegal movie sites is dramatically rising both in the U.S. and abroad, and organized crime is behind some of them. ICE is putting movie piracy front and center in this new initiative, by making its first actions to protect the movie studios' intellectual property.
What does customs have to do with a domestic dispute over civil copyright infringement? And why are Homeland Security officials so closely involved with a few Hollywood Studios that they're not just protecting their business models, but also announcing these efforts from the studios' own offices?
I don't know anything about these sites that were shut down. I've never heard of any of them, but they're nine out of hundreds, if not thousands. It won't do anything to actually help Disney or these other studios. Users will quickly shift elsewhere. The content will still get released just as quickly.
The claims that these sites were run by "organized crime" could very well be true, but I'd like to see some actual evidence on that. It's a common refrain from the industry, but no actual proof has been presented. At best they've shown that some DVD counterfeiting operations have some mob ties, but that's not the same thing. Note that in the announcement no actual evidence of organized crime links were provided.
In a separate article, US Attorney Preet Bharara is quoted as saying that the government took these actions because "copyright infringement translates into lost jobs." Never mind the fact that the GAO just pointed out that such claims are highly questionable (especially the ones from the MPAA -- who won't provide their methodology), this raises a really serious question about government interference into private markets. The government's role is not to protect industries from losing jobs. It never has been. Otherwise it would have "raided" car companies for making horse buggies obsolete. Using that as justification has no legal basis whatsoever, and is really a very disturbing claim.
The whole thing appears to be a gross misuse of government resources to protect a few movie studios, which are unwilling to adapt to a changing market place. People should be outraged over such a misuse of government powers, but because these are "pirate" sites, everyone will look the other way.
A bunch of folks have sent in Mike Arrington's recent blog post, angrily pointing out that the federal government keeps trying to meddle in Silicon Valley, and it would be better off just keeping as far away as possible from the Valley, because it's only going to mess things up. We'll get to the particulars of his post in a minute, but there was one key part of the story that a bunch of submitters highlighted in sending it in: a recent "off the record" meeting between Victoria Espinel and various Silicon Valley folks, which was supposed to be about "helping" Silicon Valley, and instead, turned into "how can the government get Silicon Valley to protect the entertainment industry":
Earlier this year I was invited to a small closed door meeting with Victoria Espinel, the U.S. Intellectual Property Enforcement Coordinator appointed by Obama. In attendance were CEOs and other senior executives of a number of large and small Silicon Valley companies. The meeting was supposed to be about how her office can help Silicon Valley thrive. But it became very apparent very quickly that Espinel has a single agenda when it comes to copyright issues -- helping the music labels and TV/Movie studios deal with the Internet on their own terms.
The meeting was strictly off record, which is why I didn't write about it immediately after leaving the room. And the things that she said in that meeting will remain off the record as I promised. But I will say this -- I walked out in utter frustration after an hour. And among the many things I said in that room was this:
The government can keep pissing in our flowerbed, but pretty soon all the flowers are going to be dead.
The problem with Espinel is that she has to follow the lobbying dollars, and those dollars come from the old entrenched players -- TV and movie studios, and record labels. And as she said in the meeting to me (the one quote I'll use), "My job title is Intellectual Property Enforcement after all."
Of course, none of this is shocking or surprising. This was obvious since Espinel was first appointed to the job, and even as I and many others expressed our concerns about the "strategic plan" she's working on, the nature of the questions she asked made it clear that her role is not to promote the progress, but to prop up the business models of certain industries.
That said, I also agree with Anil Dash's response to Arrington, pointing out that Silicon Valley can't ignore the federal government, because that will only make things worse. However, I don't think the two of them are really disagreeing. Dash is right that folks in Silicon Valley do need to be involved and talk to folks in DC... but in part as a way to make sure that Arrington's goal of keeping them from doing something stupid is at least a possibility.
Yes, there will always be lobbying from other interests in DC, and politicians will do stupid, innovation- and job-killing things to help protect the big dollars from other industries. That's how it works. But ignoring that doesn't help matters. Instead, it really is important to get involved, not for the sake of getting DC more involved in Silicon Valley, but to keep making it clear that they need to not mess with what works and, maybe even clear out a few of the aspects of the law that really are getting in the way. Yes, we should hope that the federal government stays out of Silicon Valley, but the best way to do that isn't for Silicon Valley to stay out of DC.
The whole "cyberterorrism" fear mongering is being taken to even more extreme levels. At the Strategic Command Cyber Symposium, William Lynn III, the deputy defense secretary apparently told the audience that companies who operate critical infrastructure need to let the US install monitoring equipment or it puts everyone at risk. The NSA has apparently developed a monitoring system called Einstein (I wonder if they paid the license fee), and want to let companies "opt-in" to installing the gov't's system on their own systems, or face the "wild west" and put everyone at risk. This sounds like blatant fear mongering to let the government tap into all sorts of private infrastructure systems. After all, the government has shown, time and time again, that once it gets access to information, it doesn't take those whole "oversight" or "privacy rights" issues particularly seriously.
Chris Soghoian recently gave a talk where he reminded companies that it actually can be good for business to say "no" when the government comes asking for info. He ran through a variety of scenarios (many covered here on Techdirt) when certain companies stood up to government requests and said no. When the news was later revealed, companies that have stood up to government requests often get very good press, while those who gave in, get really bad press. Of course, I think Chris may be overselling the case here, as it's not clear that the short burst of good PR from these situations really had a lasting impact. But, it is certainly one reason (among many) that companies shouldn't just roll over every time the government comes calling.
The White House tasked the Office of Management and Budget (OMB) with spreading "open government" efforts throughout the US government -- but a recent analysis of what agencies in the government are most open shows that OMB is near the back of the pack. The rankings put the different agencies into three categories: exceeding openness standards, in line with openness standards and... weak on openness. OMB fell into that last group along with the Treasury Department, the Justice Department, the Defense Department and the Energy Department (are any of those really a surprise?).
The study also criticized OMB for talking a lot more about openness than doing anything about openness:
"OMB's plans to improve these issue areas remain overly vague, with almost no listed milestones or schedule for specific actions," the study found. "OMB's plan also does fails to include any information about how the plan was developed, what outreach was done to gather input and ideas, and how it will inform the public about its progress."
This reminds me, actually, that just last week, there was a one-day session on open government policies by the White House... and some found it rather ironic that part of the session was off-the-record. Hint to the US gov't: this openness thing? You're doing it wrong.
So, the Australian court ruling in favor of iiNet was quite brilliant, not just in getting the technology and the law (and common sense) right, but also in explaining why it wouldn't make much sense to change the law either. But, of course, that's not the way the big industries that rely on copyright as crutch operate. If they don't get their way, they go crying to the gov't to have their business models propped up and thrust into the law. So, of course, the "anti-piracy" (i.e., the "we can't adapt so let's drag the whole world backwards") group AFACT has already jumped out and demanded that the Australian government change the law in response to the ruling. And, of course, the Australian government says it's "examining" the issue.
Of course, this just shows how far gone AFACT and its members (Hollywood studios mainly) are out of touch with what this ruling is saying. The ruling points out, quite clearly, that the problem isn't with the law and it's not with the technology. Changing the law doesn't fix things. The problem is with how the big movie studios have failed to adapt, and are now blaming totally blameless parties for their own failures. The proper response is: "Okay, it's time to come up with better business models." It's not to ask the government to artificially blame a third party that had nothing to do with the infringement. It's really a rather stunning statement of incompetence that any industry thinks the cure to their own business model failures is to legally make an innocent third party responsible.
A fascinating article points out that the government could make the process of filing your tax returns significantly easier by simply sending you pre-filled out forms of what they know (basically what's been sent in from your employer(s)) so that you could just take the pre-filled form, check it over, make any additions or changes as necessary and submit it. Apparently, many places that have done this have had great success with it. But it's not happening in the US in large part due to heavy lobbying from Intuit, who fears (perhaps correctly) that this would put a big dent into its tax preparation software business. Of course, that's not how Intuit puts it. The company first claims that this functionality is "already available" (it's not) and that it is a "conflict of interest for government to be both tax collector and tax preparer." However, that is also inaccurate. No one is asking the government to be the tax preparer, but just to share the information it already has so that individuals aren't forced to rebuild the info themselves. As one person quoted in the article notes, it's "as if Visa sent customers a blank piece of paper, requiring that they assemble their receipts, list their purchases -- and pay a fine if they forget one." So, everyone, thank Intuit for making tax season that much more frustrating.
