Monday, November 30, 2009

Higher Education "Opportunity" Act

One of the most egregious manifestations of RIAA corporate lobbying has to be the new burdens placed on universities to enforce copyright law. You see, last year, the Department of Education created the Higher Education "Opportunity" Act, amendments to the 1965 Higher Education Act, which sets the guidelines for a university to receive federal financial aid for its students (correct me if I got this wrong). Somehow, skillfully woven into the document, among requirements for federal aid (the same aid that allows most students to attend college), some new, unexpected requirements came forth from the aether. They require that the university:

A) "has institutional policies and sanctions related to copyright infringement and civil and criminal liabilities students may face for unauthorized distribution of copyrighted materials which includes unauthorized peer-to-peer file sharing and the prohibited use of the institution’s information technology system for those activities"

B)" will, to the extent practicable, offer alternatives to illegal downloading or peer-to-peer distribution of intellectual property, as determined by the institution in consultation with the chief technology officer or other designated officer of the institution "

C) "[will regularly provide] a description of
institutional policies and sanctions related to copyright infringement and civil and criminal liabilities students may face for unauthorized distribution of copyrighted materials which includes unauthorized peer-to-peer file sharing and the prohibited use of the institution’s information technology system for those activities"

D) will aggressively serve DMCA cease-and-desist warnings to students

OK, let's try to set ire and pathos aside for a minute and analyze this like rational human beings.

(A) places a burden on the university's IT department to deploy some tech solution to hunt down those "stealing" from the RIAA and the MPAA, thereby incurring significant cost and become vigilantes. Now some lawyers interpret that (D) can satisfy the requirement in (A). Serving DMCA warnings is nothing new for most universities, but, I can assure you from firsthand experience, the cost is not trival - many large universities can use more than an FTE on this (so figure almost 6 figures per annum, counting benefits). Also, what other industries are required to deploy these tech-based deterrents?

(B) effectively requires that universities, in addition to expending the cost of (A) and (D), look into solutions where we can pay the RIAA and MPAA to borrow their content (note the intentional and accurate use of "borrow"; no one would own it but them). Going this route would have one of two effects: sustaining even more of a financial burden or passing it along to students (as is the case in many new pooled models).

(C) requires us to teach a moral lesson. It reminds me of the debate where Jack Valenti, former head of the MPAA, asked Stanford University, after a student admitted to downloading music, "What are you teaching these kids? What kind of moral platform will sustain this young man in his later life?" (Lessig, Remix). And, what better way to teach morals than side by side with the creators of the DMCA? Seriously, though, give me another example of a case where a university is required to regularly attempt to "teach" students about not committing a crime.

So, let's say you think these clauses are garbage. The cost of noncompliance? The university losing all federal financial aid for its students. That is, taking away access to education for students who need assistance in paying for it.

Give me one good reason why these clauses belong in an act relating to federal funding of education - an act that parades under the moniker of "opportunity."

Sunday, November 29, 2009

Tor - Internet Proxy for Preserving Anonymity

In my previous post I promised to explore some ways that we can maintain anonymity on the Web, even in light of the numerous ways personal data is mined everyday. The key piece of personally-identifiable information that we scatter across the web (frequently without any thought) is our IP addresses. Almost every time you visit a website, your IP address is logged - a digital record that you have been to that site, that you have requested to view its content. It's trivial, in most cases, to find out who your Internet service provider (Comcast, Verizon, Time Warner, Qwest, etc.) is with this IP address. Someone who wants to bring a tort case against you or a governmental agency interested in you for any reason can subpoena your ISP for your identity - recall the link in my last post about National Security Letters. Therefore, if you want to maintain some semblance of privacy as you browse the Web, you cannot be leaving y0ur IP address at every site you visit.

One solution to obscuring your IP is using a web proxy, like Tor. When you use a proxy, all of your Web traffic passes through the proxy - that is, the proxy is the only server you connect to. Then, the proxy connects to any site you wish to visit on your behalf. Thus, if you were using a proxy and if all visitors to this blog were subpoenaed, your IP would not be there - just the IP of the proxy, who likely keeps no logs, and thus could not comply with a subpoena.

Tor is a good, free proxy service. The technology was originally developed by the U.S. Navy, and it is more complex than your average proxy. Tor bounces your Internet traffic to multiple relays all around the globe before connecting to your intended destination. You can learn about the Tor Network and the values it stands for here. To get started using Tor, you'll have to install a Tor client. I use a Mac, so I installed Vidalia.

Once you've got a Tor client installed, you can use it to connect to the Tor network. This is only half of what you need: you'll need to tell any programs - Web, torrent, IM, etc. - that you want to anonymize to use Tor. For Firefox, it's easy. Just install the Tor add-on. The nice thing about about it is that you can enable and disable Tor on the fly - you wouldn't want to keep Tor on all the time because it is very slow.

I just installed Tor recently to see what it's about. I notice that it has a few downsides:
1) it's very slow
2) many web pages detect your location (using your IP) and render the page differently depending on where you are coming from. While using Tor, web sites will detect your location as the location of your Tor proxy. Therefore, I noticed that several web pages were displaying themselves to me in German. (This goes to show how much information about you is used to determine your browsing experience.)
3) I read that some employers may not appreciate your use of Tor at work.

Anyway, for me, at least, the hassle of using Tor outweighs any benefits it serves. I like the ideology of Tor more than I actually find it useful to me. :)

Of course, I would be remiss not to note that there are certainly downsides to the proxy methodology: like many good ideas, it can be abused by those who seek to perform nefarious actions under the cloak of anonymity.

Saturday, November 28, 2009

The Value of Anonymity

This semester, I have been teaching a class titled "Privacy in a Networked World." The class explores the evolving expectation of privacy with regard to the Internet, in addition to areas where the right to privacy and freedom of speech come into conflict. On a related note, one of my research interests lately has been the enforcement of copyright/intellectual property laws vis-à-vis digital content - DMCA, etc. These two areas of study recently intersected for me as I was doing research on how copyright-enforcement entities frequently flirt with violating the privacy of their "suspects."

I began reading about Bit Torrent (a protocol for sharing files, sometimes copyrighted), with which, believe it or not, I have no firsthand experience. In the process, I read a post at Lifehacker about preserving anonymity online using Internet proxy servers. Apparently, the RIAA, MPAA, and other copyright-enforcement cartels actively monitor torrent users to locate their next victims. Given this, it's reasonable to assume that, if these entities track our activities online (thereby violating our privacy), there are others (governmental, commercial [think targeted ads], etc.) doing the same. So, the question becomes, can we preserve privacy online or do we give it up and accept the fact that "privacy is dead" and "get over it?"

First, in order to ward off any "if you've got nothing to hide..." arguments, let's take a step back and consider the value of privacy and anonymity online. Consider journalists in countries with staunch commitments to censorship - China, Iran, etc. These countries frequently intimidate and incarcerate (or worse) their political dissidents, usually for nothing more than what we would consider exercising basic, American First-Amendment rights. If disclosing the actual events that led to the Tiananmen Square incident could earn a Chinese journalist almost a decade in prison, there needs to be some kind of mechanism to ensure anonymity, and therefore freedom of information dissemination, online.

It’s certainly true that there are numerous tales of anonymity protecting free speech, like those of the Chinese journalist and the obvious example of Twitter’s role in protests of the Iranian elections. However, it’s important to also consider the right to privacy itself and what it is meant to prevent: a person being judged out of context. For example, if one has an interest in the Manhattan Project, he should be able to pursue his curiosity without his search queries for “atomic bomb” being construed to mean that he is attempting to build one. One mustn’t do much work to find cases of clandestine subpoenas from the Department of Justice seeking the identities of all visitors to a particular website.

In my opinion, while I see privacy online as a waning right in this era of DMCA and the Patriot Act, there are some actions we can take to prevent privacy violations from occurring – in addition to supporting the ACLU and Electronic Frontier Foundation in fighting injustices. Over the next couple of posts, I will outline some ways we can preserve anonymity and limit the privacy violations that have become commonplace.