EFFector       Vol. 14, No. 31       Oct. 16, 2001     [email protected]

  A Publication of the Electronic Frontier Foundation     ISSN 1062-9424

   In the 191st Issue of EFFector (now with over 29,300 subscribers!):

    * ALERT UPDATE: "Anti-Terrorism" Surveillance Bill To Pass This Week
    * Public Interest Postion on Junk Email: Protect Innocent Users
    * EFF Comments On W3C's Draft Patent Policy
    * EFF Participates in FMC's Panel Discussion on Digital Music
    * Announcing the EFF Contest of the Century!
    * EFF Thanks CoffeeCup Software, Inc.
    * Administrivia

  For more information on EFF activities & alerts: http://www.eff.org/

  To join EFF or make an additional donation:
    http://www.eff.org/support/
  EFF is a member-supported nonprofit. Please sign up as a member today!
    _________________________________________________________________

ALERT UPDATE: "Anti-Terrorism" Surveillance Bill To Pass This Week

  Both the US Senate and House of Representatives have passed slightly
  different versions of the "Uniting and Stregthening America Act" (USA
  Act), an ostensibly anti-terrorism bill with many terrorism-unrelated,
  alarming provisions that erode protection againsts improper government
  surveillance, among other problems. The House version contains
  (probably worthless) "sunset" provisions that would expire some of the
  wiretap-related sections of the bill after several years unless they
  are re-ratified; but these provisions are not expected to survive the
  final draft.

  Final passage, despite our and your activism efforts, is essentially
  assured, and will be by way of a conference committee and a final vote
  on the merged version of the bill that results from the committee.
  However, it would not hurt to contact your legislators once again to
  express your disapproval of this legislation, and to contact the White
  House to urge President Bush to refuse to sign the final bill into law
  (not likely, but you'll be counted among those on record in opposition
  to the USA Act.)

  EFF will issue a statement if/when the bill passes, and, with other
  organizations, will work to monitor implementation of the new law, and
  examine avenues for legal challenges against its more troubling
  provisions.

  To our friends in other countries: You would do well to keep a close
  eye on what your own government is doing. The US is hardly alone in
  taking misguided steps toward become a more totalitarian society in
  the hope of stopping terrorism.

  For bill texts and analyses, see the EFF Surveillance Archive:
    http://www.eff.org/Privacy/Surveillance/

                                 - end -
    _________________________________________________________________


Public Interest Postion on Junk Email: Protect Innocent Users

 EFF Statement Regarding Anti-Spam Measures

  Executive Summary: Any measure for stopping spam must ensure that all
  non-spam messages reach their intended recipients.

  For the past several years, the Electronic Frontier Foundation (EFF)
  has watched with great interest the debate regarding what to do about
  unsolicited bulk email from strangers, or spam. We have been asked to
  lend our support to bills that have been introduced in Congress, and
  we have been approached in various other ways to help lead the fight
  against this annoying intrusion into people's email mailboxes.

  While members of the EFF staff and board find this unsolicited email
  to be as annoying as everyone else, we believe that the two most
  popular strategies for combatting it so far--legislation and anti-spam
  blacklists--have failed in their fundamental design. Anti-spam bills
  have been badly written, are unconstitutionally overbroad, and
  frequently wander into areas where legislators have no expertise, such
  as the establishment of Internet standards. And anti-spam blacklists,
  such as the MAPS RBL (Mail Abuse Prevention System Realtime Blackhole
  List, the most popular), result in a large number of Internet service
  providers (ISPs) surrepticiously blocking large amounts of non-spam
  from innocent people. This is because they block all email from entire
  IP address blocks--even from entire nations. This is done with no
  notice to the users, who do not even know that their mail is not being
  delivered.

  The focus of efforts to stop spam should include protecting end users
  and should not only consider stopping spammers at all costs.
  Specifically, any measure for stopping spam must ensure that all
  non-spam messages reach their intended recipients. Proposed solutions
  that do not fulfill these minimal goals are themselves a form of
  Internet abuse and are a direct assault on the health, growth,
  openness and liberty of the Internet.

  Email is protected speech. There is a fundamental free speech right to
  be able to send and receive messages, regardless of medium. Unless
  that right is being abused by a particular individual, that individual
  must not be restricted. It is unacceptable, then, for anti-spam
  policies to limit legitimate rights to send or receive email. To the
  extent that an anti-spam proposal, whether legal or technical, results
  in such casualties, that proposal is unacceptable.

   The Two Extremes of the Current Email Battlefield

  The legislative proposals that have dominated the anti-spam policy
  debate for the last several years have failed, and rightly so. The
  several existing state laws against spam are of questionable
  constitutionality, too hard to enforce even if they should be
  enforced, and have done nothing to stem the tide of spam. National
  legislation will not solve the problem either, while creating a morass
  of unintended consequences.

  Serious problems with the anti-spam legislation we have seen to date
  include:
    * misdefinitions of key terms and concepts, including "commercial,"
      "list," and "spam" itself;
    * technology-specific requirements that will be rapidly obsolete;
    * a focus on punishing expression rather than protecting privacy;
    * the giving of broad power or obligation to ISPs to control the
      private email of their customers;
    * jurisdictional problems;
    * unnecessary and excessive criminalization of private, civil
      disputes;
    * requirements with which senders will find it impossible to comply;
    * and a clear pattern of providing a defense for ISPs in the form of
      immunity from the simple realities and responsibilities of the
      marketplace, rather than one of enabling individuals to protect
      themselves.

  But poorly-focused legislation is not the only failing proposal here.
  Many groups of often well-meaning people have worked on ways to avoid
  the various annoyances and problems caused by unsolicited bulk email.
  Anti-spam blacklisting groups, such as MAPS and ORBs, put heavy
  pressure on ISPs to conform to a set of restrictive anti-spam policies
  and to virally pressure other ISPs to adopt the same policies. It is
  estimated that over 50% of US-based ISPs and up to one third of global
  ISPs already participate in the blacklisting.

  But blacklisting is interfering with the delivery of a significant
  amount of non-spam email. Systems administrators who will not adopt
  the suggested anti-spam policies find themselves unable to deliver
  their non-spamming users' mail to recipients who are on systems that
  participate in blacklisting. This blocking is being done at too high a
  cost. Ultimately, civil rights and the ability of non-spammers to
  communicate cannot be sacrificed to serve the goal of blocking
  unsolicited bulk email.

  The search for a nonexistent, and ultimately impossible, legislative
  or ISP-level blacklist "magic bullet" solution has actually distracted
  the Internet community for the last five years from the real solution:
  better voluntary user-end filtering and/or voluntary, informed and
  flexible ISP-level filtering. Only an end user-controlled solution
  will uphold the rights of the end users while serving to deter spam by
  removing most of the audience and making it unprofitable to continue
  junk emailing.

   The Right Way to Look at Spam

  Until we include the free speech rights of all end-users instead of
  trying to stop a few wrongdoers at the cost of innocent users, any
  solution for dealing with spam will be fundamentally flawed. End
  users, known as "customers" to ISPs, should demand that none of their
  wanted email be censored in attempts to filter out unwanted messages.
  In addition, Netizens should express their dismay at spam by
  boycotting products advertised with spam.

  On a larger scale, EFF supports combatting spam by providing end-users
  with adequate tools to filter unwanted messages on the receiving end.
  We also support the development of more robust and subtle technology
  for this purpose. Brightmail, for example, has created a system that
  does a good, if still imperfect, job. Others that attempt to do this
  are listed at http://spam.abuse.net/tools/mailblock.html. From a
  technical standpoint, we would like to see the development of better
  filtration software on servers, something that could work
  interactively with the mail recipient in defining what he or she
  regards as spam using pattern recognition. That is, every time
  somebody gets a message of a sort he or she does not want, s/he could
  send it to the filter, thereby making that filter smarter over time,
  as well as giving it the ability to "learn" as spam techniques
  develop.

  The rights of users to send and receive email must not be compromised
  for quick and dirty ways to limit unsolicited bulk email. Neither
  misguided and ignorant legislation, nor collusive, high pressure
  protection schemes, have a legitimate function or place in our online
  future. The Constitution, and the promise of a free, open Internet
  that exists for and is controlled by its participants, requires us to
  do better.

                                 - end -
    _________________________________________________________________


EFF Comments On W3C's Draft Patent Policy

 Staff Technologist's Letter to Patent Policy Working Group

  Dear W3C Patent Policy Working Group Members:

  The Electronic Frontier Foundation (EFF), the leading civil liberties
  organization working to protect rights in the digital world, submits
  the following comments on the PPWG's draft patent policy.
  In general, the draft policy of August 16 makes progress in addressing
  the thorny patent issues standards groups may encounter. We join other
  commentators, for example, in supporting the proposed Disclosure
  Obligations in Section 7 of the draft.

  We focus our attention on the most controversial provision, Section
  5.2, which creates a RAND ("reasonable-and-non-discriminatory")
  licensing mode for W3C Working Groups. Adopting this policy would mean
  that, for the first time, W3C would have a formal mechanism for
  promoting some patent-encumbered web standards -- with the knowledge
  that these standards could not be implemented by everybody.

  As WWW inventor Tim Berners-Lee observes in _Weaving the Web_,
  "patents ... are a great stumbling block for Web development. ...
  Small companies may be terrified to enter the business [in the face of
  patent claims]." Because of its harmful effects on smaller
  organizations, and the resulting risks to openness and
  interoperability on the web, we urge W3C to reconsider its support for
  a RAND licensing mode.

  The draft policy notes that

    participants in a standards body will be unwilling and unable to
    work collaboratively if, at the end of the process, the
    jointly-developed standard can only be implemented by meeting
    licensing terms that are unduly burdensome, unknown at the
    beginning or even the end of the design process, or considered
    unreasonable.

  This uncertainty is a significant risk to standards development, but
  participants are not the only beneficiaries of the process (nor the
  only parties whose support is called for). Where a standards body
  undertakes to develop public standards for general use -- clearly the
  aim of W3C standards work -- the larger community of prospective users
  and implementors also has a deep interest in standards' licensing
  terms. As the policy continues, this community has a "longstanding
  preference for Recommendations that can be implemented on a
  royalty-free (RF) basis".

  This "preference" must not be treated lightly; it has been essential
  to the success of the World Wide Web and the Internet as a whole, and
  one of the key features setting the Web apart from closed, proprietary
  content-delivery systems. Royalty-free web standards have provided the
  raw material for an explosion of creativity and the development of
  diverse but interoperable implementations.
  For many members of the web community, the RF licensing tradition is
  not merely a "preference", but a requirement. Royalty-based technology
  licensing, whether "discriminatory" or "non-discriminatory", grew up
  amidst large commercial players, who could typically afford a sizable
  licensing fee, accepting it as a cost of doing business. As you know,
  the World Wide Web community is much more diversified. It includes
  tiny startups, multinational corporations, individuals, non-profit
  organizations, consortia, libraries and archives, among other kinds of
  entities. Many of these participants are ill-equipped to cope with the
  one-size-fits-all world of RAND licensing, and have very different
  notions of what is "reasonable" or even "non-discriminatory".

  Much of the software which runs today's web is open source, like the
  W3C's own reference implementations. The world's most popular HTTP
  server package, Apache, is a leading example; W3C's own web site is
  using it, as is EFF's. But although a flat royalty structure might
  seem perfectly "reasonable" to a large corporation, the Apache
  Software Foundation -- and Apache licensees -- might well see things
  otherwise. Prospective implementors are all different, but when any
  implementor is left behind by a patent licensing system, everyone
  suffers.

  The draft policy attempts to distinguish between high-level and
  low-level web standards, in a largely informal way. Section 2.2,
  reporting on consensus within the Patent Policy Working Group, draws
  this distinction:
  [I]t is especially important that the Recommendations covering
  lower-layer infrastructure be implementable on an RF basis.
  Recommendations addressing higher-level services toward the
  application layer may have a higher tolerance for RAND terms.

  We agree that openness of infrastructure is particularly important.
  However, the distinction between infrastructure and higher-level
  services does not seem to be clearly drawn (nor does the policy appear
  to implement this consensus view in any specific way, e.g. by
  categorically forbidding the RAND licensing mode for certain Working
  Groups deemed "architectural"). Experience has shown that this
  distinction can be unstable; services once optional often become
  indispensable. We cannot stress enough that services originally
  conceived of as applications may eventually -- even rapidly -- come to
  be seen as infrastructural. For example, HTTP is often used as an
  example of an extremely high-level network protocol, yet it serves an
  infrastructural role, in turn, for other protocols like SOAP.

  We recognize that W3C cannot guarantee that none of its
  Recommendations will ever be encumbered by patent claims. W3C has no
  control over third party patent holders who are not W3C members, and
  there is no way to be absolutely certain that an encumbrance will not
  appear after a Recommendation has been issued or even implemented. (A
  troubling example is BT's hyperlink patent, which was definitely not
  foreseen as a risk to implementors of WWW user agents.) However, this
  does not mean that W3C should allow its members to use the W3C
  Recommendation process to knowingly promote encumbered technologies as
  public standards!

  W3C does have the ability to decline to endorse a standard where it is
  already aware of licensing problems (e.g. through the proposed
  disclosure requirements). It seems that the community strongly expects
  W3C to use that ability, and to preserve the existing RF tradition in
  the eventual W3C Patent Policy.

  EFF thanks W3C for extending the comment period and for the
  opportunity to comment on this draft. Please do not hesitate to
  contact us for any further information or clarification.

  Sincerely,

  Seth Schoen
  EFF Staff Technologist

                                 - end -
    _________________________________________________________________


EFF Participates in FMC's Panel Discussion on Digital Music

 Future of Music Coalition to Conduct Discussion/Music Program in Berkeley -
 Wednesday, October 24th

  WHO:
  ~Jenny Toomey - Executive Director, Future of Music Coalition and
  performing artist
  ~Brian Zisk - Serial entrepreneur focusing on digital music, open
  source, and distribution technologies.
  ~Fred von Lohmann - Senior Staff Attorney, EFF

  WHAT:
  Panel discussion of issues related to digital music on the net,
  including copyright law, royalty collection in the digital realm, the
  protection of copyrighted work through encryption and watermarking,
  and the use of legislation and lawsuits to protect established
  business models. These issues, which are often reported in the media
  as centralized struggles between isolated business interests, need to
  be understood in the light of their larger impact on creators and
  citizens. Following the discussion portion of the program, there will
  be a live musical performance by Jenny Toomey.

  WHEN:
  Wednesday, October 24, 2001, 12:30 pm - 4:00 pm

  WHERE:
  Boalt Hall Law School, UC Berkeley Campus
  Room: Booth Auditorium
  Corner of Bancroft Way and Piedmont Ave., Berkeley, CA 94720
  Tel: 510-642-8073
  email: [email protected]

  SPONSORED BY: Electronic Frontier Foundation, Berkeley Center for Law
  & Technology, and School of Information Management and Systems

  This event is free and open to the general public. For more
  information, contact Larry Trask as the Berkeley Center for Law &
  Technology (510-642-8073, [email protected])

                                 - end -
    _________________________________________________________________


Announcing the EFF Contest of the Century!

  You've been diligently reading all of those EFFectors and scouring the
  EFF website for those gems of information about topics such as online
  free speech, privacy, and intellectual property.

  Well, here is your chance to test your knowledge and have some fun
  trying to win a prize!

  A few lucky winners will receive recognition on the EFF contest web
  page and a vintage EFF T-shirt as a prize for being the first few to
  deliver the correct answers to the contest questions displayed at
  http://www.eff.org/cgi-bin/contest/contest.html

  Please note that those under 13 years of age and anyone employed by
  EFF are not eligible to participate. EFF thanks DMH for coding the
  contest Perl scripts. The contest will run for one week or until the
  next EFFector announcing the contest winners, whichever comes first.

  It's a great way to learn about the work EFF does and a chance to win

                                 - end -
    _________________________________________________________________


EFF Thanks CoffeeCup Software, Inc.

  The Electronic Frontier Foundation gives a warm thank you to Angel
  Chavez and CoffeeCup Software ( http://www.coffeecup.com ) for their
  kind donation of the CoffeeCup HTML Editor To EFF.

  CoffeeCup Software, Inc. was founded in 1996, and has many software
  web products including HTML editors for both the Linux and MS
  platforms. The software uses no proprietary coding.

                                 - end -
    _________________________________________________________________


Administrivia

  EFFector is published by:

  The Electronic Frontier Foundation
  454 Shotwell Street
  San Francisco CA 94110-1914 USA
  +1 415 436 9333 (voice)
  +1 415 436 9993 (fax)
    http://www.eff.org/

  Editors:
  Katina Bishop, EFF Education & Offline Activism Director
  Stanton McCandlish, EFF Technical Director/Webmaster
    [email protected]

  To Join EFF online, or make an additional donation, go to:
    http://www.eff.org/support/

  Membership & donation queries: [email protected]
  General EFF, legal, policy or online resources queries: [email protected]

  Reproduction of this publication in electronic media is encouraged.
  Signed articles do not necessarily represent the views of EFF. To
  reproduce signed articles individually, please contact the authors for
  their express permission. Press releases and EFF announcements &
  articles may be reproduced individually at will.

  To subscribe to or unsubscribe from EFFector via the Web, go to:
    http://www.eff.org/signup/mailserv.html

  To subscribe to EFFector via e-mail, send to [email protected] a
  message BODY (not subject) of:
    subscribe effector
  The list server will send you a confirmation code and then add you to
  a subscription list for EFFector (after you return the confirmation
  code; instructions will be in the confirmation e-mail).

  To unsubscribe, send a similar message body to the same address, like
  so:
    unsubscribe effector

  (Please ask [email protected] to manually remove you from the list if
  this does not work for you for some reason.)

  To change your address, send both commands at once, one per line
  (i.e., unsubscribe your old address, and subscribe your new address).

  Back issues are available at:
    http://www.eff.org/effector

  To get the latest issue, send any message to
  [email protected] (or [email protected]), and it will be mailed to
  you automatically. You can also get, via the Web:
    http://www.eff.org/pub/EFF/Newsletters/EFFector/current.html
    _________________________________________________________________