Entries Tagged "laws"

Page 19 of 35

DMCA Does Not Apply to U.S. Government

According to a recent court ruling, we are all subject to the provisions of the DMCA, but the government is not:

The Court of Federal Claims that first heard the case threw it out, and the new Appellate ruling upholds that decision. The reasoning behind the decisions focuses on the US government’s sovereign immunity, which the court describes thusly: “The United States, as [a] sovereign, ‘is immune from suit save as it consents to be sued . . . and the terms of its consent to be sued in any court define that court’s jurisdiction to entertain the suit.'”

In the case of copyright law, the US has given up much of its immunity, but the government retains a few noteworthy exceptions. The one most relevant to this case says that when a government employee is in a position to induce the use of the copyrighted material, “[the provision] does not provide a Government employee a right of action ‘where he was in a position to order, influence, or induce use of the copyrighted work by the Government.'” Given that Davenport used his position as part of the relevant Air Force office to get his peers to use his software, the case fails this test.

But the court also addressed the DMCA claims made by Blueport, and its decision here is quite striking. “The DMCA itself contains no express waiver of sovereign immunity,” the judge wrote, “Indeed, the substantive prohibitions of the DMCA refer to individual persons, not the Government.” Thus, because sovereign immunity is not explicitly eliminated, and the phrasing of the statute does not mention organizations, the DMCA cannot be applied to the US government, even in cases where the more general immunity to copyright claims does not apply.

It appears that Congress took a “do as we say, not as we need to do” approach to strengthening digital copyrights.

Posted on August 8, 2008 at 11:32 AMView Comments

Why You Should Never Talk to the Police

This is an engaging and fascinating video presentation by Professor James Duane of the Regent University School of Law, explaining why—in a criminal matter—you should never, ever, ever talk to the police or any other government agent. It doesn’t matter if you’re guilty or innocent, if you have an alibi or not—it isn’t possible for anything you say to help you, and it’s very possible that innocuous things you say will hurt you.

Definitely worth half an hour of your time.

And this is a video of Virginia Beach Police Department Officer George Bruch, who basically says that Duane is right.

Posted on July 31, 2008 at 12:52 PMView Comments

Information Security and Liabilities

In my fourth column for the Guardian last Thursday, I talk about information security and liabilities:

Last summer, the House of Lords Science and Technology Committee issued a report on “Personal Internet Security.” I was invited to give testimony for that report, and one of my recommendations was that software vendors be held liable when they are at fault. Their final report included that recommendation. The government rejected the recommendations in that report last autumn, and last week the committee issued a report on their follow-up inquiry, which still recommends software liabilities.

Good for them.

I’m not implying that liabilities are easy, or that all the liability for security vulnerabilities should fall on the vendor. But the courts are good at partial liability. Any automobile liability suit has many potential responsible parties: the car, the driver, the road, the weather, possibly another driver and another car, and so on. Similarly, a computer failure has several parties who may be partially responsible: the software vendor, the computer vendor, the network vendor, the user, possibly another hacker, and so on. But we’re never going to get there until we start. Software liability is the market force that will incentivise companies to improve their software quality—and everyone’s security.

Posted on July 23, 2008 at 3:09 PMView Comments

Daniel Solove on the New FISA Law

From his blog:

Future presidents can learn a lot from all this—do exactly what the Bush Administration did! If the law holds you back, don’t first go to Congress and try to work something out. Secretly violate that law, and then when you get caught, staunchly demand that Congress change the law to your liking and then immunize any company that might have illegally cooperated with you. That’s the lesson. You spit in Congress’s face, and they’ll give you what you want.

The past eight years have witnessed a dramatic expansion of Executive Branch power, with a rather anemic push-back from the Legislative and Judicial Branches. We have extensive surveillance on a mass scale by agencies with hardly any public scrutiny, operating mostly in secret, with very limited judicial oversight, and also with very minimal legislative oversight. Most citizens know little about what is going on, and it will be difficult for them to find out, since everything is kept so secret. Secrecy and accountability rarely go well together. The telecomm lawsuits were at least one way that citizens could demand some information and accountability, but now that avenue appears to be shut down significantly with the retroactive immunity grant. There appear to be fewer ways for the individual citizen or citizen advocacy groups to ensure accountability of the government in the context of national security.

That’s the direction we’re heading in—more surveillance, more systemic government monitoring and data mining, and minimal oversight and accountability—with most of the oversight being very general, not particularly rigorous, and nearly always secret—and with the public being almost completely shut out of the process. But don’t worry, you shouldn’t get too upset about all this. You probably won’t know much about it. They’ll keep the dirty details from you, because what you don’t know can’t hurt you.

Posted on July 14, 2008 at 12:08 PMView Comments

Our Data, Ourselves

In the information age, we all have a data shadow.

We leave data everywhere we go. It’s not just our bank accounts and stock portfolios, or our itemized bills, listing every credit card purchase and telephone call we make. It’s automatic road-toll collection systems, supermarket affinity cards, ATMs and so on.

It’s also our lives. Our love letters and friendly chat. Our personal e-mails and SMS messages. Our business plans, strategies and offhand conversations. Our political leanings and positions. And this is just the data we interact with. We all have shadow selves living in the data banks of hundreds of corporations’ information brokers—information about us that is both surprisingly personal and uncannily complete—except for the errors that you can neither see nor correct.

What happens to our data happens to ourselves.

This shadow self doesn’t just sit there: It’s constantly touched. It’s examined and judged. When we apply for a bank loan, it’s our data that determines whether or not we get it. When we try to board an airplane, it’s our data that determines how thoroughly we get searched—or whether we get to board at all. If the government wants to investigate us, they’re more likely to go through our data than they are to search our homes; for a lot of that data, they don’t even need a warrant.

Who controls our data controls our lives.

It’s true. Whoever controls our data can decide whether we can get a bank loan, on an airplane or into a country. Or what sort of discount we get from a merchant, or even how we’re treated by customer support. A potential employer can, illegally in the U.S., examine our medical data and decide whether or not to offer us a job. The police can mine our data and decide whether or not we’re a terrorist risk. If a criminal can get hold of enough of our data, he can open credit cards in our names, siphon money out of our investment accounts, even sell our property. Identity theft is the ultimate proof that control of our data means control of our life.

We need to take back our data.

Our data is a part of us. It’s intimate and personal, and we have basic rights to it. It should be protected from unwanted touch.

We need a comprehensive data privacy law. This law should protect all information about us, and not be limited merely to financial or health information. It should limit others’ ability to buy and sell our information without our knowledge and consent. It should allow us to see information about us held by others, and correct any inaccuracies we find. It should prevent the government from going after our information without judicial oversight. It should enforce data deletion, and limit data collection, where necessary. And we need more than token penalties for deliberate violations.

This is a tall order, and it will take years for us to get there. It’s easy to do nothing and let the market take over. But as we see with things like grocery store club cards and click-through privacy policies on websites, most people either don’t realize the extent their privacy is being violated or don’t have any real choice. And businesses, of course, are more than happy to collect, buy, and sell our most intimate information. But the long-term effects of this on society are toxic; we give up control of ourselves.

This essay originally appeared on Wired.com.

EDITED TO ADD (5/21): A rebuttal.

Posted on May 20, 2008 at 1:10 PMView Comments

More RIPA Creep

I previously blogged about the UK’s Regulation of Investigatory Powers Act (RIPA), which was sold as a means to tackle terrorism, and other serious crimes, being used against animal rights protestors. The latest news from the UK is that a local council has used provisions of the act to put a couple and their children under surveillance, for “suspected fraudulent school place applications”:

Poole council said it used the legislation to watch a family at home and in their daily movements because it wanted to know if they lived in the catchment area for a school, which they wanted their three-year-old daughter to attend.

This kind of thing happens again and again. When campaigning for a law’s passage, the authorities invoke the most heinous of criminals—terrorists, kidnappers, drug dealers, child pornographers—but after the law is passed, they start using it in more mundane situations.

Another article. And this follow-up.

Posted on April 15, 2008 at 1:04 PMView Comments

Seat Belt Usage and Compensating Behavior

There is a theory that people have an inherent risk thermostat that seeks out an optimal level of risk. When something becomes inherently safer—a law is passed requiring motorcycle riders to wear helmets, for example—people compensate by riding more recklessly. I first read this theory in a 1999 paper by John Adams at the University of Reading, although it seems to have originated with Sam Peltzman.

In any case, this paper presents data that contradicts that thesis:

Abstract—This paper investigates the effects of mandatory seat belt laws on driver behavior and traffic fatalities. Using a unique panel data set on seat belt usage in all U.S. jurisdictions, we analyze how such laws, by influencing seat belt use, affect the incidence of traffic fatalities. Allowing for the endogeneity of seat belt usage, we find that such usage decreases overall traffic fatalities. The magnitude of this effect, however, is significantly smaller than the estimate used by the National Highway Traffic Safety Administration. In addition, we do not find significant support for the compensating-behavior theory, which suggests that seat belt use also has an indirect adverse effect on fatalities by encouraging careless driving. Finally, we identify factors, especially the type of enforcement used, that make seat belt laws more effective in increasing seat belt usage.

Posted on April 11, 2008 at 1:44 PMView Comments

Terroristic Threatening

What in the world is “terroristic threatening“?

The woman was also charged with one count of terroristic threatening for pointing a handgun at an officer, said university police Maj. Kenny Brown. The woman gave her handgun to a counselor at the health services building, he said.

We are all hurt by the application of the word “terrorist” to everything we don’t like. Terrorism does not equal criminality.

Posted on April 4, 2008 at 11:19 AMView Comments

1 17 18 19 20 21 35

Sidebar photo of Bruce Schneier by Joe MacInnis.