Week 7, Feb 28 Papers Gov't privacy: matching, facial recognition Medical privacy: HIPAA Odlyzko surveillance cards copyright & freedom of speech mclibel =============================================================================== Grading scale: A=20, B=15, C=10 Notes: A good opening paragraph frames the ISSUE. The answer is secondary. Different *degrees* of quoting? Wait-for-takedown?? Just putting up and responding to takedown notices *if* and when they arrive is a common approach; as a nonprofit site it is likely that such cases would go no further. Letters to editor: for most papers, the letter-writer still owns the copyright. Effect on market: only applies to market for that particular copyrighted item Ulrich clearly has some obligation here to tell this story, and that can lead to a justification of taking *some* risks Ulrich has some Fair Use legal rights. Arguably he has some ethical equivalent of Fair Use, as well; it is not at all clear that ethics requires full permission for any use! differences between types of material This is important: facts v images v whole v partial articles alternatives to reproduction discussion of editing is a plus Ideas to look for: * social importance of publication * ownership of letters to editor * variations in how extensively to quote from the work =============================================================================== =============================================================================== GOVERNMENT privacy ================== Case 4: Patriot II OMIT Patriot 1: allows gov't to search everyone's financial records Patriot 2: DNA database, 15-day warrant-free wiretaps, immunity to businesses providing false information permits spying on american citizens, Old (2001) & new (2006) patriot acts New changes: "Section 215" requests for business/medical records [inc libraries]: must be approved by FBI director or other high-level official also by FISA (Foreign Intelligence Surveillance Act) court. Must include Statement of Facts Showing Relevance requires minimization procedures for this data adds judicial challenge (by records provider, not subject!) More on National Security Letters: judicial challenge option, etc. Sneak-and-Peek warrants may be issued by Foreign Intelligence Surveillance Court; these warrants are non-public even to the subject. ================================================================== What is "search"? Old-fashioned examples of privacy issues, now kind of quaint: Matching: Should the government be able to do data mining on their databases? In particular, should they be able to compare DBs for: taxes & welfare taxes & social security bank records & welfare? student aid and draft registration? tax & immigration No-fly list, and corrections Other criminal databases; problem of how corrections are made library records - threatened by Patriot I caller ID PATRIOT act: bank records, ISP logs are all things gov't can now demand without a warrant What are our "effects"??? ======================================================================= Govt data collection: what does this really have to do with computing? Govt has resources to keep records on "suspects" even with pencil and paper. Government and e-privacy: * matching between government databases * eavesdropping on internet communications * eavesdropping on the phone (including VOIP) * obtaining commercial records (bank, credit, grocery) * getting search-engine records (google) * transponders: I-Pass, cellphone, RFID * facial recognition * databases of suspicions (Terrorist Information Agency) What if FACIAL RECOGNITION were to really take off? What would be the consequences? There are all those cameras already. What about camera evidence of running lights or speeding? ========= =================================================================== Commercial privacy: E-bay privacy - H&I p 75 This one is quite remarkable. What do you think? Is this *ethical*? =================================================================== Medical Privacy- the elephant in the room? * employment * insurance * social (ED, SSRI, therapy, any serious illness) HIPAA =================================================================== =================================================================== Odlyzko and price discrimination: real goal behind all this commercial info? Odlyzko: price discrimination basic supply/demand. You set price P, user X has threshold Px P <= Px: user X buys it P > Px: user X does not buy it But what you really want is to charge user X the price Px. Example: Alice & Bob each want a report. Alice will pay 1100, bob will pay 600. You will only do it for $1500. Charge Alice 1000, bob 500: both think they are getting a deal. But is this FAIR to alice? In one sense, absolutely yes. But what would Alice say when she finds out bob paid half, for the same thing? Possible ways to improve the perception of value: give it to Alice earlier give her bonus tracks, too delete some features from Bob's copy, or disable them What do computers have to do with this? Airline pricing: horrendously complicated, to try to maximize revenue for each seat. Online stores certainly *could* present different pricing models to different consumers. Does this happen? Dell: different prices to business, education academic subscriptions and price discrimination two roundtrip tickets including weekends are less than one Minneapolis -> Newark Wed-Fri: 772.50 Minneapolis -> Newark Wed-nextweek: 226.50 Newark-> Minneapolis Fri-nextweek: 246.50 issue isn't online shopping so much as store shopping versioning ======================================================== What about grocery stores? CASPIAN: nocards.org They're against grocery discount cards. A big part of their argument appears to be that they don't really save you money. customer-specific pricing: nocards.org/overview Latest strategy: scan your card at a kiosk to get special discounts. nocards.org/news/index.shtml#seg3 Jewel "avenu" program One clear goal within the industry is to offer the deepest discounts to those who are less likely to try the product anyway. In many cases, this means offering discounts to shoppers who are known to be PRICE SENSITIVE. Clearly, the cards let stores know who is brand-sensitive and who is price-sensitive. Loyal Skippy peanutbutter customers would be unlikely to get Skippy discounts, unless as part of a rewards strategy. They *might* qualify for Jif discounts. Classic price discrimination means charging MORE to your regular customers, to whom your product is WORTH more, and giving the coupons to those who are more price-sensitive. "shopper surveillance cards": 1. Allow price discrimination: giving coupons etc to the price-sensitive only. There may be other ways to use this; cf Avenu at Jewel "The idea used to be that you, the consumer, could shop around, compare goods and prices, and make a smart choice. But now the reverse is also true: The vendor looks at its consumer base, gathers information, and decides whether you are worth pleasing, or whether it can profit from your loyalty and habits." -- Joseph Turow, Univ of Pennsylvania 2. segmentation (nocards.com/overview) What about arranging the store to cater to the products purchased by the top 30% of customers (in terms of profitability)? Caspian case: candy aisle was reduced, although it's a good seller, because top 30% preferred baby products. Using a card anonymously doesn't help here, as long as you keep using the same card! Using checkout data alone isn't enough, if "the groceries" are bought once a week but high-margin items are bought on smaller trips. ======================================================== Cookies (move to e-commerce??) On the face of it, harmless: * a site sends you a small bit of information they generate * none of the info comes from you * a site can only read the info *they* send In practice: * There have been technical leaks in the last item above * If a site has a doubleclick ad, then the cookie doubleclick sends you contains a coded representation of the page in which the ad is embedded, and ALL past doubleclick cookies (that is, all past web page visits!) are now accessible. Oops. ============================================================== ============================================================== ============================================================== Copyright and suppression of speech Case 1: anon.penet.fi Run by Julf Helsingius 1993-1996 rationale for internet anonymity terrorists, child pornographers, drug smugglers rationale & function of anonymous remailer 1996: scientologists ask for records because someone posted secret scientology documents using anon.penet.fi. Finnish police get a search warrant. Helsingius decides that he can't protect identities & it's not worth it. Case 2: Diebold Appeal case: Diebold had attempted to enforce "takedown" notices based on the theory that the leaked documents were covered by copyright; defendants argued fair use. The court: The purpose, character, nature of the use, and the effect of the use upon the potential market for or value of the copyrighted work all indicate that at least part of the email archive is not protected by copyright law. The email archive was posted or hyperlinked to for the purpose of informing the public about the problems associated with Diebold’s electronic voting machines. It is hard to imagine a subject the discussion of which could be more in the public interest.... Even if it is true that portions of the email archive have commercial value, there is no evidence that Plaintiffs have attempted or intended to sell copies of the email archive for profit.... At most, Plaintiffs’ activity might have reduced Diebold’s profits because it helped inform potential customers of problems with the machines. However, copyright law is not designed to prevent such an outcome. ... Rather, the goal of copyright law is to protect creative works in order to promote their creation.... Finally, Plaintiffs’ and IndyMedia’s use was transformative: they used the email archive to support criticism that is in the public interest, not to develop electronic voting technology. Accordingly, there is no genuine issue of material fact that Diebold, through its use of the DMCA, sought to and did in fact suppress publication of content that is not subject to copyright protection. ========================================================================== ========================================================================== Cyberspeech What does it have to do with computers? Usenet personal websites blogs email: harassment & stalking Legal basis of free speech: we have a very fundamental right to it. Most legal theory tends to be utilitarian (how will this affect the most people), but the right to free speech is ALMOST a fundamental principle in the deontological sense. Limitations on speech: Libel Copyright (not patent) Trademark Obscentity Indecency (less severe) Threats Endangerment (Yelling "theater" at a crowded fire) incitement to immediate crime State secrets (but cf _The Pentagon Papers_, leaked by Daniel Ellsberg) fraud (although *commercial* speech has always been more tightly regulated) Subversive speech (cf Holmes opinion in Abrahms v US) stock price manipulation Weapon/bomb information? CDA - Communications Decency Act passed 1996. 1. restricts access to "indecent" material by children. =================== 2. Declares "operators of Internet services" to not be liable for their content, if provided by others. This is Section 230. Discussion: Batzel v Cremers, from the book Good question: why is Section 230 here? What does it have to do with Decency? Usenet history on worries about libel/copyright. Case studies: 1. Mcspotlight.org 2. _Hit Man_ - Smolla 3. Corporate cybersmear - Reder 4. WTO - Feder. gatt.org ============================== McSpotlight.org: mclibel uopsucks.com walmartsucks.org target-sucks.com gmsucks.net fordREALLYsucks.com intelsucks.org microsoftsucks.org Unemployed ex-postman Dave Morris and part-time bar worker Helen Steel called McDonald's a multinational corporate menace - abusing animals, workers and the environment and promoting an unhealthy diet. [NB: why are Morris & Steel identified above by their *occupations*?] They were distributing pamphlets claiming: * mcDonalds land use led to displacement & hunger for third-world farmers * locals starve while food crops are exported for use as animal feed * rainforest destruction * destruction of tribal lifestyles in rainforest * mcdonalds food is high in fat * encourages overeating * encourages children to think McD's is "normal" * hamburgers are made of dead animals * unions are not allowed Note that their story had NOTHING to do with the internet! McDonalds had to hire spies to infiltrate London Greenpeace to get names of members involved. ============= Oliver Wendell Holmes, in Abrahms v US: subversive speech *is* protected (though his was a dissenting opinion) ============= Hit Man published by Paladin Press, written by "Rex Feral", supposedly a single mom who writes true-crime books for a living. It is likely a work of fiction. Someone was killed by someone using the book In Rice v Paladin Press, the federal court of appeals held that the case *could* go to jury trial; ie freedom-of-press issues did not automatically prevent that. A popular theory was that after Paladin Press settled the case (which they did, under pressure from their insurer), the rights to the book ended up in the public domain. Paladin claims otherwise; however, the Utopian Anarchist Party promptly posted the entire book at overthrow.com and that was that. [Other parties may also have posted the book independently] (The bootleg copies don't have the diagrams, though) It has been claimed that _Hit Man_ was sold almost entirely to non-criminals who simply like antiestablishment stuff. Check out amazon.com for current prices of used editions. Other bad materials: Encyclopedia of Jihad Bomb-making instructions generally Note EofJ has significant political/religious component! ========================================== Batzel v Cremers summary *Is* Cremers like an ISP here? Why does Communications *Decency* Act have such a strong free-speech component? Generally free speech is something the *in*decent are in favor of. Previous cases: Cubby v CompuServe: Compuserve is only distributor Stratton Oakmont v Prodigy: prodigy loses *because* they promise to monitor for bad behavior on the board. Prodigy was trying to do "family values" editing, and it cost them. Enter the CDA. Section 230 was intended to *encourage* family-values editing. ==========================================