*HOT* Tech News And Downloads, I Would Read This Thread And Post Any Good Info

how about some head cheese for breakfast

Head cheese (AmE) is in fact not a cheese, but rather a terrine of meat from the head of a calf or pig (sometimes a sheep or cow) that would not otherwise be considered appealing. It may also include meat from the feet and heart. It is usually eaten cold or at room temperature as a luncheon meat.

Historically the cleaned (all organs removed) head was simmered to produce a gelatin (which would form from the bone marrow) containing any incidental meat which came off the head. The more modern method involves adding gelatin to meat, which is then cooked in a mold.

 

LMAO! That's just disgusting...and here I poke fun at our Brit friends for their black pudding!

I have a friend whose family left the mennonite church (they were very wealthy and had had quite enough of the humility thing); anyway, I had stuffed/roasted pig stomach once ... took all I had to force it down LOL!

I'd seen head cheese but never knew what it was short of its reputation: that's on the same list as scrapple and pig stomach on my "do not eat" list.

 

Aargh, head cheese it makes my stomach rebel thinking about it. Now scrapple is not bad. You are right gerry there is a difference between Amish and Mennonite, I have both in my area. The Mennonite are a little more willing to accept modern conveniences than the Amish.

 

Tiscali tells Hollywood to poke it

p2p news / p2pnet: One of the two UK ISPs ordered by the Big Six movie studios to turn in the IDs of users targeted for copyright infringement action has told Hollydud to poke it.

The BPI (British Phonographic Industry ), owned by Time Warner, Viacom, Fox, Sony, NBC Universal and Disney, is demanding that Tiscali and Cable & Wireless freeze 59 client accounts whos owners are said to have shared files with each other.

Seventeen are Tiscali customers, but only one of them appears to be in immediate danger and Tiscali says it's contacted the account holder asking for an explanation within seven days. But, "Should we not receive an adequate explanation during such period, we shall suspend the user's account pending resolution of your investigation, assuming by that time we have received evidence from you of a link between the user account and the IP address at the relevant time," states the ISP.


more here
http://p2pnet.net/story/9323

 

Sorry this is huge but the information is interesting in the context of misuse/abuse and the rights of the user.

ARTICLE: CYBERCRIME'S SCOPE: INTERPRETING "ACCESS" AND "AUTHORIZATION" IN COMPUTER MISUSE STATUTES

78 N. Y. U. L. Rev. 1596, November, 2003

Orin S. Kerr

…

Unauthorized Access Statutes as an Answer to the

Problem of Computer Misuse



Congress and all fifty state legislatures responded to the difficulties of prosecuting computer misuse as a property crime by enacting new computer crime statutes. Florida passed the first state statute in 1978; the final state to enact a statute was Vermont in May 1999. Congress enacted the first federal computer crime law in 1984, broadened it considerably in 1986, and then updated it in various ways in 1990, 1994, 1996, and 2001. While no two statutes are identical, all share the common trigger of "access without authorization" or "unauthorized access" to computers, sometimes in tandem with its close cousin, "exceeding authorized access" to computers. In most cases, the statutes prohibit accessing a computer without authorization or exceeding authorized access as a necessary but not sufficient element of criminal liability, and then create several specific offenses by combining this base with various additional statutory requirements. In other words, most statutes start with the basic building block of "unauthorized access" to computers, and then add additional elements to the offense to deal with specific types of computer misuse.

The influential federal computer crime statute codified at 18 U. S. C. 1030 provides a good example. The statute includes seven distinct crimes, listed in 1030(a)(1) through (a)(7), almost all of which are triggered by "access without authorization" to computers. For example, one crime prohibits unauthorized access to government computers, another prohibits unauthorized access to computers that results in damage, and a third prohibits unauthorized access or exceeding authorized access to computers such that the user obtains private information.

But what does the trigger of unauthorized access mean? What exactly do these statutes prohibit? … Trespass statutes prohibit entering property without license or privilege; computer crime statutes prohibit accessing a computer without authorization. But at this point the similarities cease.

1. Access



Consider the actus reus of the computer crime statutes, "accessing a computer. " What does it mean to "access" a computer? Obviously a computer user does not access a computer by physically getting inside the computer. Some other principle must govern. But what principle should that be? One approach would look at computers from the standpoint of virtual reality, and try to draw analogies between using a computer and entering real property. We could say that access hinges on whether the user has made a virtual entrance into the computer. For example, imagine a user tries to use a password-protected computer network and is confronted by a screen that requires a valid username and password to proceed. We might say that this screen is akin to a lock on a front door, and that entering a username and password is like using a key to open the lock. This approach suggests that a user who enters a valid username and password has accessed the computer, but a user who inputs an incorrect name or password has been denied access.

Similarly, we could say that visiting a publicly accessible website is something like visiting an open store in the physical world. Determining whether access has occurred then depends on whether visiting an open store can be deemed "entering" in the physical world. The correct answer is not obvious: Visiting a website could be seen as equivalent to viewing a shop window from a public street rather than actually entering the store. But at a conceptual level, the analogy to virtual space provides one heuristic to understand what it means to "access" a computer.

The virtual analogy does not provide the only tool, however. We can also look at the question of access from the standpoint of physical reality, in which we recognize that computers are simply machines that communicate with each other by sending and receiving information. For example, when a user visits a website, the user's computer sends requests to the computer that hosts the website asking the computer to send back computer files; when the files are returned to the user, the user's computer reassembles the files and presents them in the form of a website. If we focus on how computers operate, we can interpret access by looking to whether a user has sent communications that have physically entered the computer. For example, one standard could be that a user accesses a computer when she sends a command to that computer instructing the computer to perform a task, and the computer performs the request as instructed. Another standard could be that a user accesses a computer when the user sends a command requesting information in return and the computer responds by sending back information to the user. In this sense, accessing a computer is no different from simply using a computer.

Notably, physical-world standards and virtual-world standards can produce different outcomes. Imagine a user wishes to log on to a password-protected computer, and sends a request to the computer asking it to send back the page that prompts the user to enter a username and password. The computer complies, sending the page back to the user. This would not access the computer from a virtual perspective, as it would be something like walking up to a locked door but not yet trying the key. From a physical-world perspective, however, the request would be an access; the user sent a command to the computer and received the desired response. Similarly, consider whether sending an e-mail accesses the computers of the recipient's Internet service provider. From a virtual perspective, the answer would seem to be no; a user who sends an e-mail to the ISP does not understand herself to have "entered" the ISP. From a physical perspective, however, the answer seems to be yes; the user has in fact sent a communication to the ISP that its servers received and processed.

Which standard governs? The statutes themselves offer little guidance. Most computer crime statutes (including the federal statute) do not define access, and most statutes that do include a definition shed little light on these questions. In the handful of cases that have interpreted the meaning of access, however, courts have at one point or another suggested every one of these possible interpretations of access.



2. Authorization



Even greater ambiguities surface when we consider what it means for access to be without authorization. The concept of authorization seems clear in the case of traditional trespass statutes, which presume that people have a right to be where they are, and often require posted notice in that place instructing them that they cannot enter or remain there. The statutes also require that the trespasser knows that she is without license or privilege to enter or remain on the premises. The relevant authorization relates solely to physical presence in that location, and can be evaluated readily because most people understand the social norms that govern whether someone has permission to be present on another person's property. Everyone knows that a tall fence with an orange "No Trespassing" sign means to stay out.

The concept of authorization to access a computer is more difficult, as the following example shows. Imagine that a college student tasked with writing a research paper on the Ku Klux Klan decides to conduct her research using the Internet. She logs on to her AOL account, which is governed by a Terms of Service agreement containing the following clause: "You may not use your AOL account to post, transmit, or promote any unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, hateful, racially, ethnically or otherwise objectionable content. " Once connected to the Internet, she finds a web site hosted by a KKK chapter. The main page contains a click-through agreement: "Only white supremacists are authorized to access this site," the agreement states. "Access by people who are not white supremacists is unauthorized. By clicking 'I agree,' you agree that you are a white supremacist. " Although she is not a white supremacist, she clicks "I Agree" and examines the site. The site contains links to other Klan-related sites, and when she clicks on one of the links, she is connected to a university-hosted site about the history of the Klan that asks her to enter a username and password. Although she does not have an account with the university, she guesses a username and password correctly, and the site grants her access to its contents. She then copies some of the information contained in the site, and e-mails it to her best friend, who previously has told her to stop e-mailing her information about her KKK research project.

Assuming that our student has "accessed" all four of the computers used in this example, which of these acts of access were "without authorization?" Did the student access AOL's computers without authorization because she used AOL to "transmit . . . hateful . . . or otherwise objectionable content" in violation of AOL's Terms of Service? Did she access the Klan's computers without authorization because she was not a white supremacist? Did she access the university's computer without authorization by guessing the username and password, entering disguised as a legitimate user? Finally, did she access her friend's computer without authorization by sending her friend the e-mail after her friend had told her not to send it?

More broadly, who and what determines whether access is authorized, and under what circumstances? Can a computer owner set the scope of authorization by contractual language? Or do these standards derive from the social norms of Internet users? The statutes are silent on these questions: The phrase "without authorization" generally is left undefined.

B. Judicial Interpretations of Access



Only a handful of judicial decisions interpret what it means to access a computer, or when that access is without authorization. Even the few cases reflect the broad range of available interpretations. … Perhaps the most comprehensive discussion of "access" appears in a Kansas Supreme Court case from 1996, State v. Allen. Allen had used his computer repeatedly to dial up a Southwestern Bell Telephone computer that controlled long-distance telephone switches and could be manipulated to allow a user to place free long-distance calls. When Allen dialed up the Bell computers, he was confronted with a prompt requiring him to enter a username and password. Investigators speculated that Allen had guessed a password correctly and later erased the proof of his activity by deleting the logs. However, the forensic evidence established only that Allen had repeatedly dialed up the Bell computers and viewed the password prompt. Allen was charged with accessing the Bell computer without authorization in violation of the Kansas computer crime statute.

Before the Kansas Supreme Court, Allen argued that there was no evidence he had actually accessed the Bell computer. The government relied on the broad statutory definition of access, fairly common among early state computer crime statutes, which stated that access means "to approach, instruct, communicate with, store data in, retrieve data from, or otherwise make use of any resources of a computer. " The court responded that this definition was so broad that if taken seriously it would render the statute unconstitutionally vague. If "access" really meant "to approach," the court noted, "any unauthorized physical proximity to a computer could constitute a crime. " In light of its overbreadth, the court refused to apply the definition, concluding that "the plain and ordinary meaning should apply rather than a tortured translation of the definition that is provided. " The court explained:



Webster's defines "access" as "freedom or ability to obtain or make use of. " This is similar to the construction used by the trial court to find that no evidence showed that Allen had gained access to Southwestern Bell's computers. Until Allen proceeded beyond the initial banner and entered appropriate passwords, he could not be said to have had the ability to make use of Southwestern Bell's computers or obtain anything. Therefore, he cannot be said to have gained access to Southwestern Bell's computer systems as gaining access is commonly understood.



This concept of "access" appears to adopt the virtual reality approach, in which the correct username and password grants a user access to the files "inside" the computer, but the wrong username and password denies the user that access. Absent evidence that Allen had passed through the password prompt to find the information inside, he had not actually accessed the Bell computer.

A federal district court suggested a similar approach in Moulton v. VC3, a civil dispute between two computer security companies. The Moulton case harnessed a civil remedy added to the federal computer crime statute in 1994 to provide additional protection for computer misuse victims. One company sued the second when an employee of the second company performed a "port scan" on the first company's computers. A port scan is a common network security test that sends a query to each open port on the target computer to see if that port is open and ready to receive incoming traffic. A port is a sort of electronic door, and an open port is akin to an open door and therefore a possible security vulnerability. When scanned, an open port will return a message to the requesting computer instructing it that it is open; a closed port will return an error message. Consistent with Allen, the Moulton court concluded without analysis that the second company's port scan did not access the first company's computer.

While both Moulton and Allen suggest that accessing a computer is limited to uses that in a virtual sense get "inside" the computer, two other opinions have adopted a significantly broader approach. Consider the Washington Supreme Court's decision in State v. Riley. The facts of Riley closely resemble those of Allen. Joseph Riley had configured his computer to dial up the computers of the Northwest Telco Corporation and guess random passwords; a correct password allowed the user to place free long-distance telephone calls. The evidence showed that Riley repeatedly had dialed the Telco access number and guessed passwords, although it was unclear whether he had guessed correctly and placed free calls.

Riley argued on appeal that he had not accessed the Telco computers. The Washington statute contained a definition of "access" essentially identical to that in the Kansas statute from Allen. In Riley, however, the court relied on the statutory definition to conclude that Riley had in fact accessed the Telco computers:



Riley's repeated attempts to discover access codes by sequentially entering random 6-digit numbers constitute "approaching" or "otherwise making use of any resources of a computer. " The switch is a computer. Long distance calls are processed through the switch. Riley was approaching the switch each time he entered the general access number, followed by a random 6-digit number representing a customer access code, and a destination number. Therefore, Riley's conduct satisfied the statutory definition of "access" and so was properly treated as computer trespass.



It is possible to interpret the difference between Allen and Riley as simply the difference between one court that followed a common statutory definition of access and another that did not, or perhaps the difference between proof that a defendant guessed passwords and proof that he merely viewed the logon prompt. I think something else is afoot, however. In Allen, the court viewed computers as virtual spaces, and accessing the computer as akin to getting inside the space. Although the Riley court does not make its standard clear, it appeared to see computers more as physical machines, and accessing the computer as sending a communication to that machine. As a result, the conduct that did not constitute access in Allen did so in Riley.

An even broader interpretation of access appears in a civil decision, America Online v. National Health Care Discount, Inc. (NHCD) This case is one of several civil cases brought by AOL against spammers, senders of bulk unsolicited commercial e-mail. In this dispute, AOL sued NHCD, a company that sells discount health care plans, for hiring a spammer to send bulk e-mails about NHCD to AOL customers. AOL contended that by harvesting e-mail addresses and sending e-mail to AOL customers in violation of AOL's terms of service, the spammers had accessed AOL's computers without authorization. AOL moved for summary judgment, prompting the court to consider whether a computer user "accesses" another computer when he sends e-mail to that computer. The court answered in the affirmative, offering an expansive interpretation of "access":



The CFAA does not define "access," but the general definition of the word, as a transitive verb, is to "gain access to. " "Access," in this context, means to exercise the "freedom or ability to . . . make use of" something. . . . For purposes of the CFAA, when someone sends an e-mail message from his or her own computer, and the message then is transmitted through a number of other computers until it reaches its destination, the sender is making use of all of those computers, and is therefore "accessing" them.



Although the NHCD court relied on the same dictionary definition of "access" as had the Allen court, the court in NHCD reached a quite different interpretation of its meaning. To the NHCD court, access is a physical world concept, not a virtual world concept: The question is not whether the sender of the communication gains a virtual entrance into the computer from the sender's standpoint, but whether the communication itself is transmitted through the computer. As a result, sending an e-mail through a computer accesses the computer even if a user might not perceive the interaction as an access. Despite the common term, and even common statutory and dictionary definitions, the few courts to have interpreted access have reached inconsistent conclusions.

C. Judicial Interpretations of Authorization



Courts have faced even greater difficulties trying to interpret the meaning of authorization. The cases construing authorization fall into three categories: First, the leading case of United States v. Morris; second, cases involving employee use of an employer's computer against the employer's interests; and third, cases involving breaches of contractual relationships between users and computer owners. The three categories reflect increasingly broad constructions of the scope of computer crime statutes.



1. Morris and the Intended Function Test



The earliest significant case interpreting authorization is the Second Circuit's opinion in United States v. Morris, sometimes known as the Internet worm case. The Morris case introduced the "intended function" test of authorization.

Robert Tappan Morris was a graduate student at Cornell in the late 1980s who authored a computer program known as a "worm" which was designed to exploit several weaknesses in Internet security. Morris hoped that the code would spread across the then-nascent Internet to illustrate four common security flaws: a bug in common e-mail software, SENDMAIL; a bug in an Internet query function known as the "finger daemon"; a design flaw that allowed computers to use privileges on one computer to obtain privileges on another; and the use of simple, easy-to-guess passwords. Morris designed the code so that it would try various of these means of infecting its targets, and then once it succeeded it would try other computers. Morris released the worm from a computer at MIT on November 2, 1988, but the worm quickly spread out of control and replicated itself so often that it eventually shut down a good portion of the early Internet. Morris was charged with violating 18 U. S. C. 1030(a)(5)(A), which at the time prohibited "intentionally accessing a Federal interest computer without authorization" if damage resulted. A jury convicted Morris at trial.

On appeal, Morris argued that his computer access was not without authorization because he had rights to access several of the infected computers, including computers at Cornell, Harvard, and Berkeley - schools where Morris apparently held legitimate accounts. Morris based his argument on a distinction between two closely related types of abuse of authorization: access "without authorization" and access that "exceeds authorized access. " Some unauthorized access statutes prohibit only access without authorization; others prohibit both access without authorization and access that exceeds authorization. Although courts have struggled to distinguish between these two phrases, prohibitions against exceeding authorization appear to reflect concerns that users with some rights to access a computer network could otherwise use those limited rights as an absolute defense to further computer misuse. For example, an employee could hack her employer's computer and see her employer's secret files, but later claim that her limited rights to use the computer at work granted her authorization to access the computer, so that access by her could not be without authorization.

Morris drew support from a 1986 Senate report authored in support of the 1986 amendments that expanded 18 U. S. C. 1030 from its original narrow form into the broader statute it remains today. The Senate report had suggested a difference between access without authorization and exceeding authorized access based on the difference between "insiders" and "outsiders. " Insiders were those with rights to access computers in some circumstances (such as employees), whereas outsiders had no rights to access computers at all (such as hackers). The report seemed to presume an Allen-like understanding of access, in which a user "accessed" a computer by getting inside the computer with a username and password. The report then suggested that in cases in which Congress prohibited accessing a computer without authorization but did not prohibit exceeding authorized access, it intended to prohibit the acts of outsiders but not insiders. Morris reasoned that because he had several legitimate Internet accounts, he was an Internet insider and could not be convicted of accessing Internet computers without authorization.

It is worth noting that there are several complex issues lurking (or at least potentially lurking) within Morris's appeal. The worm spread across the Internet, and the government accused Morris of accessing computers without authorization. This raised important questions of interpreting access; had Morris committed one act of access when he had logged on and sent the worm, for example, or did each replication of the worm constitute a separate access by him? It also raised questions about how to divide a network of computers into individual computers for the purpose of the statute. However, Morris based his appeal solely on the question of authorization. Accepting the government's theory that he had caused the worm to access many different computers, Morris argued only that because he had authorization to access some federal interest computers, he had not accessed any computers entirely without authorization.

The Second Circuit rejected Morris's argument. While statutes that only prohibited access without authorization may have been "aimed" at outsiders, the court reasoned:



Congress was not drawing a bright line between those who have some access to any federal interest computer and those who have none. Congress contemplated that individuals with access to some federal interest computers would be subject to liability under the computer fraud provisions for gaining unauthorized access to other federal interest computers.



The court then introduced and applied a new standard for determining when access was unauthorized: the intended function test. According to the court, Morris had accessed computers without authorization because he had used weaknesses in several programs to obtain access in unintended ways. As the court put it, Morris did not use those programs "in any way related to their intended function. " The SENDMAIL program was an e-mail program, and the finger daemon was designed to let users query information about other users. However, Morris "did not send or read mail nor discover information about other users; instead he found holes in both programs that permitted him a special and unauthorized access route into other computers. "

Although the court did not elaborate on its standard, the intended function test appears to derive largely from a sense of social norms in the community of computer users. Under these norms, software designers design programs to perform certain tasks, and network providers enable the programs to allow users to perform those tasks. Providers implicitly authorize users to use their computers to perform the intended functions, but implicitly do not authorize users to exploit weaknesses in the programs that allow them to perform unintended functions. When a user exploits weaknesses in a program and uses a function in an unintended way to access a computer, the thinking goes, that access is "without authorization. "

2. Employee Misconduct Cases



Several cases have examined the meaning of authorization in the context of employee misconduct. In these cases, employees used their employers' computers in ways that exceeded the scope of their employment without violating the Morris intended function test.

Perhaps the most remarkable of these cases is Shurgard Storage Centers, Inc. v. Safeguard Self Storage, Inc. , which introduced an agency theory of authorization. Shurgard involved a civil dispute between two business competitors in the self-storage business. According to the complaint, the defendant lured away several of the plaintiff's employees, including an employee named Eric Leland who had access to the plaintiff's confidential business plan and other trade secrets. Before leaving the plaintiff's company, Leland e-mailed several of the plaintiff's trade secrets and other proprietary information to the defendant. The plaintiff later sued the defendant under 18 U. S. C. 1030(a)(2)(C), on the theory that Leland had "intentionally accessed [the plaintiff's] computer without authorization," or in excess of authorization, and thereby obtained information from the plaintiff's computer in violation of the federal unauthorized access statute. The defendant then moved to dismiss under Federal Rule of Civil Procedure 12(b)(6), on the ground that Leland had not accessed the plaintiff's computers without authorization or in excess of authorization.

The district court disagreed. The court adopted the plaintiff's theory of authorization, which was that "the authorization for its . . . employees ended when the employees began acting as agents for the defendant. " The court found its guidance in the Restatement (Second) of Agency: "Unless otherwise agreed, the authority of an agent terminates, if, without knowledge of the principal, he acquires adverse interests or if he is otherwise guilty of a serious breach of loyalty to the principal. " Applying this standard, the court concluded that the defendant's employees "lost their authorization and were 'without authorization' when they allegedly obtained and sent the proprietary information to the defendant via e-mail. " In support of its holding, the court turned to the CFAA's legislative history, which the court argued showed a congressional design broadly to prohibit computer misuse, especially where intellectual property rights were at issue. Notably, however, the court did not refer to the 1986 legislative history discussed extensively in Morris, did not mention the Morris intended function test, and did not explain why agency law standards should govern computer misuse law.

Shurgard's agency theory of authorization is strikingly broad. Under Shurgard, whenever an employee uses a computer for reasons contrary to an employer's interest, the employee does not act as the employer's agent and therefore is accessing the employer's computers without authorization. Motive determines whether access is authorized or unauthorized. Given that the federal computer crime statute uses access without authorization as the trigger for often-serious criminal liability, the apparent effect of Shurgard is to criminalize an employee's use of an employer's computer for anything other than work-related activities.

Courts have adopted slightly narrower interpretations of unauthorized access in criminal employee misconduct cases. Recall the First Circuit's decision in United States v. Czubinski, where an IRS employee browsed computerized tax returns of his friends and enemies despite workplace rules that he could only access the database for work-related reasons. Czubinski was charged under both property-based statutes and 18 U. S. C. 1030. Although the court rejected both counts of the indictment against Czubinski for reasons not relevant here, the court noted in passing that Czubinski had "unquestionably exceeded authorized access" to the IRS computer for purposes of section 1030. The comment is dicta, but appears to reflect a watered-down version of Shurgard. Like Shurgard, this language in Czubinski suggests that employers have a right to limit their employees' use of company computers to work solely motivated by a desire to serve the company. Czubinski had exceeded his authorized access by accessing the IRS computers for personal reasons when employees were allowed to access the computer only for official reasons.

A Georgia state court applied a similar standard in Fugarino v. State. Fugarino involved a computer trespass statute that prohibits use of a computer with knowledge that the use is without authority, and with intent to damage data. Sam Fugarino was a computer programmer whose behavior at work became increasingly bizarre. When Fugarino learned that another employee had been hired at the company, Fugarino became enraged, telling another employee that the company's code was "his product, that no one else was going to work on his code, that nobody was going to take his place and that he was 'going to take his code with him. '" Fugarino then started deleting sections of code from the employer's network. When the employer confronted him, Fugarino told the employer that "the blood of his dead son" was in the code and that the owner "would never get to make any money from that code. "

On appeal following his conviction, Fugarino argued that his conduct was not knowingly without authority. The Georgia court disagreed. Fugarino lacked authority because "the owner of the company . . . did not give Fugarino authority or permission to delete portions of the company's program. " Further, "the vindictive and retaliatory manner in which Fugarino deleted large amounts of computer code" demonstrated that he knew that he lacked authority to delete the code. Although the precise statutory text differs slightly from the federal statute, the opinion echoes Shurgard and Czubinski. Fugarino was a computer programmer who presumably had the authority to delete files for work-related reasons. By deleting files to spite his employer, however, Fugarino implicitly ventured beyond the scope of his authority and into the zone of unauthorized use.

State v. Olson reveals a roughly similar approach, albeit one that led to a reversal of the defendant's conviction. Laurence Olson was a police officer who used a police computer database to access and print out driver's license photographs of female college students who attended the nearby University of Washington. Olson was tried and convicted of accessing a government computer without authorization in violation of Washington's computer trespass statute. On appeal, he argued that his access was not explicitly unauthorized.

The court evaluated Olson's claim by examining the workplace rules that governed Olson's conduct. After reviewing the trial record, the court concluded that while "certain uses of retrieved data were against departmental policy, [the record] did not show that permission to access the computer was conditioned on the uses made of the data. " The court reversed the conviction. The fact that Olson apparently had accessed the computer for personal reasons did not make his access unauthorized, the court reasoned, because only the personal use and not the access itself violated an explicit workplace rule. Once again, this seems to be Shurgard-lite: The primary difference between Olson and Shurgard is that under Olson the employer must make the limits on computer access explicit.

The sole employee misconduct case rejecting such an approach to authorization is a Maryland case, Briggs v. State. In this case, a court dismissed the conviction of a disgruntled computer system administrator who had password-protected important files on his employer's network using passwords unknown to his employer. Shortly before he resigned, Briggs had placed the password-protected files in a subdirectory named "ha-ha he-he. " The password protection left his employer unable to read the files, and when the employer later asked Briggs for the password, Briggs claimed that he had forgotten it. The State charged Briggs with unauthorized access to his employer's computer, reasoning that Briggs was not authorized to access the computer "in such a way as to interrupt the operation of the computer services of the system. " The court disagreed, reasoning that as a system administrator, Briggs was in fact authorized to access his employer's computer. While Briggs had done something he was not supposed to do, he did not lack authorization to access the computer (although, the court noted, he might have exceeded his authorized access, something that the Maryland statute did not prohibit). In contrast with Shurgard, the Briggs court based authorization on conduct rather than motive. The fact that Briggs did not have his employer's interest at heart when he accessed the computer did not make his access without authorization.

3. Contractual Cases



The final and most fascinating set of cases interpreting authorization involves contracts governing the use of computers. In these cases, two parties are bound by a contract that implicitly or explicitly regulates access to a computer, and one side uses the computer in a way that arguably breaches the contract. The question: Does the breach of contract make the access unauthorized? The remarkable answer, at least in civil cases: Yes.

The most important of these cases is the recent decision by the First Circuit in EF Cultural Travel BV v. Explorica, Inc. Explorica involves another civil dispute between two business competitors - in this case, the well-established student travel business, EF, and an upstart competitor, Explorica. Explorica's vice president, Philip Gormley, was a former vice president at EF who had signed a confidentiality agreement with EF promising not to disclose any of EF's "technical, business, or financial information, the use or disclosure of which might reasonably be construed to be contrary to the interests of EF. " When Gormley arrived at Explorica, he decided that Explorica could compete with EF by undercutting EF's prices available from its public website.

Gormley instructed a computer consultant to design an automated "scraper" program that could query EF's website for tour prices and then send the EF price list to Explorica. Each use of the scraper sent 30,000 queries to the EF computer. Explorica used the scraper twice, enough to allow it to learn and then undercut EF's tour prices, all unbeknownst to EF. When EF learned of the scraper program, it sought a preliminary injunction against Explorica's use of the scraper on the ground that (among other things) it violated the federal unauthorized access statute by accessing EF's computers either without authorization or by exceeding authorized access. The district court agreed, reasoning that use of the scraper was so far beyond the "reasonable expectations" of EF that it was clearly unauthorized.

On appeal, the First Circuit affirmed the district court's injunction, concluding that the use of the scraper likely violated the statute because its use implicitly breached the confidentiality agreement that Gormley had signed with EF. The court reasoned that Gormley's decision to use a scraper on EF's site (as well as his help designing the scraper) relied on his insider's knowledge of EF's website and business practices. However, Gormley had signed a contract with EF promising not to disclose any information about EF in a way that might be against EF's interests. Because the scraper was used against EF's interests, the court reasoned, Explorica's use of the scraper relied on information obtained in violation of the contractual agreement. As a result, use of the scraper exceeded authorized access to EF's computer and violated 1030. The opinion acknowledged that any user could manually query the EF website to learn EF's prices, but concluded that the scraper's "wholesale" approach "reeks of use - and, indeed, abuse - of proprietary information that goes beyond any authorized use of EF's website. " Although the reasoning in Explorica is opaque, if not tortured, the court appears to base the question of authorization on whether the conduct surrounding the access breached the confidentiality agreement. The agreement formed a contract, and access that at least implicitly breached the contract exceeded authorization.

A district court in Virginia took a similar approach in America Online v. LCGM, Inc. , a civil case brought by America Online against a spammer. The spammer had purchased an AOL account and used it (along with special software programs) to collect the e- mail addresses of thousands of AOL users. AOL's Terms of Service expressly prohibited AOL members from harvesting e-mail addresses, however, and AOL argued that by violating the Terms of Service the spammer had accessed AOL without authorization. The district court agreed, with exactly one sentence of analysis: "Defendant's actions violated AOL's Terms of Service, and as such was [sic] unauthorized. "

Although Explorica and LCGM offer remarkably broad interpretations of unauthorized access statutes, the award for the broadest interpretation goes to Judge Jones of the Southern District of New York for his decision in Register. com v. Verio. The facts of Verio resemble those of Explorica. As in Explorica, the defendant in Verio used an automated program to send queries to a database maintained by a business competitor, the plaintiff. Specifically, employees of the Internet service provider Verio used a search robot to query the publicly available WHOIS database (a database of names and contact information for domain name registrants ) maintained by Register . com. The Verio search robot gathered contact information about Register. com's customers, and Verio employees would then contact Register. com customers and invite them to switch service providers from Register. com to Verio. Register. com sued Verio, and moved for a preliminary injunction against the use of the search robots on the ground (among others) that Verio's use of the search robot constituted an unauthorized access of Register. com's database.

The district court agreed. Unlike the court in LCGM, however, the Verio court did not rely on a breach of the plaintiff's terms of use; the court concluded that the plaintiff's use of the robot did not actually breach any terms of use that Register. com had enacted. Instead, the court concluded that the mere fact that Register. com had decided to sue Verio meant that Verio's use of the search robot was without authorization. "Because Register. com objects to Verio's use of search robots," the court held, "they represent an unauthorized access to the [Register. com] WHOIS database. " The fact that the computer owner had decided to object to the defendant's use of its computer after the conduct occurred made the access to the computer "without authorization. "

It is possible to see Explorica, LCGM, and Verio as merely civil cases about abusive business practices. In all three cases, plaintiffs sued to block defendants from misusing and potentially damaging their computers, and courts perhaps understandably found a basis for stopping the arguably unfair practices. In the course of reaching these decisions, however, the courts also established important interpretations of "authorization" that presumably will apply equally to cases interpreting the same text in a criminal prosecution. By using the law to aid sympathetic plaintiffs, the courts inadvertently have handed prosecutors a broad and powerful tool to punish breaches of contracts relating to computer use. Nearly any use of a computer that is against the interests of its owner is an "access" to the computer either "without authorization" or "exceeding authorized access" under these precedents, triggering severe criminal penalties.

D. Why Courts Have Struggled to Interpret Unauthorized Access



Proponents of unauthorized access laws often see the laws as analogues to the burglary and trespass laws that address real property crimes. In light of the failures of property-based crimes, the new laws prohibit "breaking in" to computers, which legislatures have described as the act of accessing computers without authorization. As we have just seen, however, this understanding is simplistic: "Access" and "authorization" have proven much more complicated to apply in practice than they first appear to be.

Why? In the case of access, much of the blame belongs to the advance of computer technology since the 1970s. In 1975, a person who used a remote computer typically did so by "dialing in" to the computer over a telephone line. The user then would encounter a text-based log-in prompt, and would need to enter a username and password to proceed. Today, in contrast, computer users utilize networks to surf the Web, send and receive instant messages, download music and videos, and perform countless other tasks, often using "always on" Internet connections that merge seamlessly with the computers themselves. While the concept of access may have made sense given 1975 computer technology, the technology of 2003 presents a different case. Back then, you knew when you accessed a computer; today you might know when you use a computer, but the word "access" is merely a label to be assigned somewhat awkwardly to conduct that may not seem like an access at all.

There are two major reasons courts have had difficulty interpreting the scope of "authorization. " The first is that courts have yet to explore exactly what kind of authorization the statutes address. Presumably the computer's owner/operator has the primary authority to control what is authorized, much like a property owner might do for physical trespass laws. But as I explain in the next Part, access to a computer can be unauthorized in different ways, and courts have not yet recognized such differences and explained which types of unauthorized conduct fall within the scope of the statutes.

The second source of the difficulty is that many cases have interpreted "authorization" in the context of civil disputes rather than criminal prosecutions. The difference tends to push courts in the direction of expansive interpretations of new laws. It is one thing to say that a defendant must pay a plaintiff for the harm his action caused; it is quite another to say that a defendant must go to jail for it. Courts are more likely to hold a defendant liable under an ambiguous statute when the stakes involve a business dispute between two competitors than when the government seeks to punish an individual with jail time. As a result, civil precedents tend to adopt broader standards of liability than do criminal precedents. Because many unauthorized access cases have arisen in a civil context with sympathetic facts, courts have adopted broad approaches to authorization that in a criminal context would criminalize a remarkable swath of conduct involving computers.

III



A Proposed Interpretation of "Access" and "Authorization"

in Computer Misuse Statutes



The history of computer crime law shows courts and legislatures trying to define a legal response to a problem that they only partially understand. In the first two decades, courts struggled to apply preexisting laws against theft and other property crimes to computer misuse. While they reached sensible outcomes in particular cases, no clear principles emerged. When computer misuse threatened or caused substantial harms, courts tended to find it criminal; when it did not, courts interpreted the law narrowly to avoid punishing the computer users. In response to these uncertainties, legislatures enacted computer crime statutes that prohibited accessing computers without authorization, and in some cases, exceeding authorized access.

While proponents of the new laws believed that they would cure the old ills, the old ills have reemerged, albeit in a slightly different form. Courts previously used harm as a proxy for theft; now they appear to use harm as a proxy for lack of authorization. The reasoning seems to go something like this: Use of a computer that causes harm to its owner is use that the owner would not want; use that an owner would not want is access that the owner implicitly has forbidden; and access that an owner implicitly forbids is access without authorization. Once again, the law has failed to create workable standards to guide courts. Instead, courts have interpreted the ambiguous legal standards to reach results that seemed correct given the facts of the particular case.

Can we do better? We can, and I suspect that in time we will. One promising alternative would be to replace one-size-fits-all unauthorized access statutes with new statutes that explicitly prohibit particular types of computer misuse. As I discuss below, only a handful of possible types of computer misuse exist: It should be possible for a legislature to catalog them, decide which types it wishes to prohibit, and draft a statute narrowly tailored to that misconduct. Such an approach would better satisfy the basic aspiration of criminal law by describing the harmful conduct clearly and proscribing it directly. As we develop more experience with computer misuse crimes, and as the categories of misuse become clearer, the pressure for such a direct approach surely will mount. ***

 

Related and along the same lines from another direction.

Date: Thu, 20 Apr 2000 18:04:08 -0700 (PDT)
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Massive Tracking of Web Users Planned -- Via ISPs!

Greetings.

This is not a delayed April Fools' Day joke. It's all too real,
and I assume that you're already sitting down.

Picture a world where information about your every move on the Web,
including the sites that you visit, the keywords that you enter into search
engines, and so on, are all shipped off to a third party, with the willing
cooperation of your Internet Service Provider (ISP). None of those pesky
cookies to disable, no outside Web sites to put on block lists--just a direct
flow of data from your ISP to the unseen folks with the dollar signs (or
pound, yen, euro, or whatever signs) gleaming brightly in their eyes behind
the scenes. You'll of course be told that your information is "anonymous"
and that you can trust everyone involved, that you'll derive immense benefits
from such tracking, and that you have an (at least theoretical) opt-in or
opt-out choice.

But just for some frosting on the cake, also picture that if you avail
yourself of the opportunity not to participate in such tracking (via opt-out
or opt-in choices), that you either cannot use the associated ISPs at all, or
will be faced with paying significantly higher fees than persons who are
willing to play along with tracking.

As you have no doubt guessed by now, this is not a theoretical scenario.
We're on the verge of starting down the slippery slope to this end right
now, with the imminent operations of Predictive Networks
(http://www.predictivenetworks.com) and other similar businesses also in the
works.

When I recently learned about Predictive (which has apparently been
established for some time and seems to be well funded), I naturally visited
their Web site, which was sadly lacking in obvious specifics such as an
actual posted privacy policy. (I've since been told that this is a temporary
condition which will shortly be remedied.) I spoke briefly with the firm's
president and had a much more detailed chat with his V.P. for Business
Development, and received an e-mailed copy of their privacy privacy. Both
of these fellows were polite, cordial, and willing to provide me with the
information I desired about their plans.

Unfortunately, the more that I learned from these sources, the
increasingly concerned I became.

In brief, Predictive's business is to engage ISPs (not just "free" ISPs
where usage tracking has become typical, but conventional fee-based ISPs as
well) in arrangements where the ISP will directly feed Web usage data to
Predictive. The firm also claims to be working with Internet backbone
providers. To quote from Predictive's privacy policy:

"Predictive Networks uses Digital Silhouettes to match Internet content
and advertising with appropriate subscriber recipients. As a result,
subscribers receive information that appeals to their current needs and
interests. To develop a Digital Silhouette, The Predictive Network
analyzes URL click-stream data, such as web pages visited, and date and
time of visit. URLs are then evaluated against more than 120 affinity
and demographic categories, and assigned a score between zero and one.
The resulting Digital Silhouette is simply an anonymous set of numerical
probabilities inferred from subscriber behavior. URL histories are not
permanently stored and the data in the Digital Silhouette is not
personally identifiable."

and:

"To provide subscribers with content most relevant to their current
interests, The Predictive Network may retain key words from Internet
searches. These key words are attached to the subscriber's anonymous
Digital Silhouette and, like the Digital Silhouette itself, are not
personally identifiable. The Predictive Network also gathers data about
a subscribers' response to messages and content, which is used to
fine-tune future messages and message format."

It is Predictive's contention that they do not maintain an ongoing history
of sites visited (URLs), and that the Digital Silhouettes are maintained in
an "anonymous" fashion--so they feel that there is no violation of users'
privacy.

But outside of the fact that keyword search terms themselves can often
contain personally-identifiable or other sensitive data, also note from the
Predictive privacy policy that:

"To optimize the format of the content delivered to subscribers, the
anonymous Digital Silhouette may include specifications about the
subscriber's computer, such as processor type, browser plug-ins and
available memory. For some of our ISP partners, Predictive Networks
may provide a built-in dialer system. Should an ISP select this
option, The Predictive Network may require subscribers to furnish their
ISP user name and password. This information will be used strictly for
account authentication purposes and will not be associated with the
subscriber's anonymous Digital Silhouette. Our ISP partners can also
the leverage the power of The Predictive Network for customer service
purposes. Should a subscriber's ISP select this option, the ISP user
name may be matched with the Digital Silhouette ID number. This will
allow The Predictive Network to send specific individuals important
customer service information. In addition, some subscribers may elect
to have email service from their ISP. Subscribers on The Predictive
Network that choose this option may be required to supply Predictive
Networks with their email address. This information is used for email
notification only."

In other words, there is a variety of personally-identifiable information
that you may need to provide to Predictive at various times, and you are
expected to trust Predictive not to purposely or accidentally misuse this
data. You also must trust that Predictive will not associate this
information with your "Digital Silhouette" in any manner--nor let anyone
else make such an association. One wonders what would happen in the face of
a court order to provide associated data for a civil or criminal proceeding
or investigation.

Most of the familiar problems we've seen in the past with so-called
"anonymous" tracking systems are present in this case. Privacy policies can
be changed at any time (e.g., the recent DoubleClick fiasco). Detailed data
that is theoretically discarded in the process of building "anonymous"
profiles could be preserved at any time, simply through software
alterations. The very existence of these sorts of data collection and
tracking infrastructures is of great concern. Even with the best of
intentions, the possibility for abuse is impossible to ignore--and as we
know there is a vacuum of laws to provide consumers with useful protections
in these areas.

Predictive claims that all of this effort is to bring better services to
Web users. Their apparent view is that tracking people's usage to figure
out what sorts of ads to send them is far better than simply asking people
to select the sorts of materials that they might wish to receive.

Of course, whenever you use automated techniques to try figure out what
people want based on the Web sites they happen to visit, there is the
possibility of embarrassing errors. For example, people may be suckered into
pornography sites by misleading banner ads, and not be at all interested in
receiving adult-oriented advertising. Similar errors relating to other
topic areas can occur from any number of the inadvertent Web sites that all
of us hit in the process of typical Web browsing. Predictive will let
people see the profiles that have been built about them--but sometimes you'll
have to pay for the privilege! There are other interesting catches
as well:

"In developing our anonymous subscriber Digital Silhouettes, Predictive
Networks captures, analyzes and then discards URL click-stream data.
While we do not permanently retain a record of each subscriber's usage,
we can, upon request, make their Digital Silhouette available to them
for review. Any subscriber on The Predictive Network has the right to
view their Digital Silhouette free of charge twice during the calendar
year. Subscribers will be charged $50.00 per request thereafter.
Subscribers can obtain a copy of their Digital Silhouette by emailing
Predictive Networks at silhouette@predictivenetworks.com. The email
request must contain the subscriber's anonymous ID number, which can be
found on their computer by holding down the shift key and
right-clicking on about. The corresponding Digital Silhouette will be
emailed back to the subscriber within approximately ten business days.
Subscriber should note that by emailing Predictive Networks, they may
be "identifying" themselves to the Company. While we do not
incorporate this information into our Digital Silhouettes, we do
maintain a separate record of Digital Silhouette requests for
accounting and billing purposes. Should a subscriber object to any or
all of the information contained in their Digital Silhouette, they can
opt-out of The Predictive Network permanently, or opt-out and
re-register, which will erase the existing Digital Silhouette and begin
a new one. Again, Predictive Networks urges subscribers to consult
their Internet service provider before opting-out as doing so may
affect their Internet service and/or their Internet service rate."

The last sentence above is of special interest to the question of how
"optional" this tracking really would be. It is apparently Predictive's
intention to encourage ISPs, both free and the conventional fee-based types,
to partner with them to create new revenue streams for the ISPs (and for
Predictive, of course). It would appear to be the plan that in most cases
any use of free ISPs who have associated themselves with Predictive would be
predicated on your acceptance of the tracking. You can opt-out, or refuse to
opt-in, but then you can't use the ISP. Not much of an option! The details
about the tracking may also be buried within an ISP's own privacy or other
policy statements, making it even less likely that most people will ever
bother reading or understanding all of the detailed ramifications of their
using these systems.

It also appears to be Predictive's intention to encourage fee-based ISPs to
offer lower rates to users willing to be tracked. This can rapidly degrade
into a coercive situation where users who do not wish to participate in such
tracking will be forced to pay ever higher rates simply to maintain the same
level of privacy and non-tracking that they had in the first place (as the
immortal Alice learned, "running faster and faster to stay in the same
place"...) Can ISPs resist this temptation? If not, the fundamental
structure of the Internet and Web will be permanently changed in a manner
that could make reasonably-priced, non-tracked Internet access a rapidly
fading memory, and make all of the abuse potentials of these tracking
technologies the status quo engrained within the Internet infrastructure.

After Predictive gets their privacy policy online at their Web site, I urge
everyone interested in these issues to read the entire text. There are many
other interesting sections, such as how they're dealing with the issue of
tracking children under the age of 13 (vis-a-vis the new Federal Trade
Commission regulations on this topic). Basically, Predictive says that you
either must keep such children away from the computer, or must agree that
it's OK for the children to be tracked. It's all or nothing.

Predictive of course says that they are very concerned about privacy.
They told me that they're forming a "privacy advisory board"--and so on.

I have a different suggestion. How about if the users of the Internet and
World Wide Web, the millions and soon billions of individuals, take a stand
while we still have the opportunity? We still have the chance to say that
our personal information is our own and that our Web browsing behavior is
private. We may yet be able to successfully assert that we won't be
manipulated, coerced, or otherwise "bribed" into allowing our Web activities
to (as "The Prisoner" put it) be "pushed, filed, stamped, indexed, briefed,
debriefed, or numbered!"

The Internet and Web have tremendous commercial potential. But it can be
achieved ethically and without the use of obnoxious technologies that are
being shoved down our throats like feed for animals destined for the dinner
table. The firms who view the Internet as little more than a "cash cow" are
already placing the software rings in our noses in an effort to see us made
easier to manipulate and control.

The stink of the slaughterhouse may not be far away.

--Lauren--
Lauren Weinstein
lauren@pfir.org or lauren@vortex.com
Co-Founder, PFIR: People for Internet Responsibility - http://www.pfir.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy

This article and more http://www.vortex.com/privacy/priv.09.13


My comment
As a C+W (via a subsidairy company) subscriber I have strong doubts about the compliance by my ISP with the privacy statement which is an agreed part of my legal contract with them. There is no difference in my view between monitoring my net traffic and reading my email.. Both are a serious invasion of my privacy and clearly in breach of the agreed terms of service which I pay for.

 

Nasty questions

p2p news / p2pnet: RIAA and MPAA mouthpersons turn up at conferences and public events all over the US as part of their carefully orchestrated, ongoing, multi-million-dollar disinformation campaigns.

The basic idea is: you're all crooks and thieves while the cartels are honest but hard-done-by companies struggling to survive in a world of hurt.

And the RIAA and MPAA are merely the American manifestations of a huge list of 'trade' organizations passing wind around the world on behalf of their owners, the corporate entertainment and software outfits.

The EFF (Electronic Frontier Foundation) has written a sample list of interesting questions you might want to ask the cartel reps and with a little judicious editing, they'll serve equally well in Britain, say or France, or anywhere else. You can, of course, also add a few questions of your own.

Music

1.The RIAA has sued more than 20,000 music fans for file sharing, yet file sharing continues to rapidly increase both online and offline. When will you stop suing music fans?

2.The RIAA has sued over 20,000 music fans for file sharing, who have on average paid a $3,750 settlement. That's over $75,000,000. Has any money collected from your lawsuits gone to pay actual artists? Where's all that money going?

3.The RIAA has sued over 20,000 music fans for file sharing. Recently, an RIAA representative reportedly suggested that "students drop out of college or go to community college in order to be able to afford [P2P lawsuit] settlements." Do you stand by this advice? Is this really good advice for our children's futures?

4.The RIAA said that it only went after individual file sharers because you couldn't go after P2P system creators. After the Supreme Court's Grokster decision, shouldn't you stop going after music fans?

5.Major entertainment companies have repeatedly brought lawsuits to block new technologies, including the VCR, Digital Audio Tape recorders, the first MP3 player, the ReplayTV PVR, and now P2P software. Why is your industry so hostile to new technologies?

6.DRM has clearly failed to stop songs from getting on file sharing networks, but it does prevent me from moving lawfully purchased music onto my iPod and other portable devices. Unlike the major record labels, many popular indie labels offer mp3 downloads through sites like eMusic. Why won't you let fans purchase mp3s as well?

7.The RIAA says that it doesn't mind if I rip CDs to my personal computer and put them on my iPod. Do I need your permission to do this or can I legally do it even if you object?

8.Recording off the radio is clearly permitted by copyright law and something Americans have done for over 25 years, but the RIAA supports legislation restricting devices that record from digital radio. Why are you against TiVo for radio?

9.Sony BMG recently implemented a DRM technology that damaged users' computers. But for independent researchers' analyses, this serious flaw may have gone undiscovered. After this scandal, will record labels allow any computer scientist or security expert to examine these products and agree not to sue them under the DMCA?

Video

1.The major movie studios have been enjoying some of their most profitable years in history over the past five years. Can you cite to any specific studies that prove noncommercial file sharing among fans, as opposed to commercial DVD piracy, has hurt the studios' bottom line in any significant way?

2.Is it legal for me to bypass CSS DVD encryption in order to skip the "unskippable" previews at the beginning of so many DVDs? Why should I have to be forced to watch these ads when I already bought the DVD?

3.Is it legal for me to skip the commercials when I play back time-shifted TV recordings on my TiVo or other PVR? How is this different than getting up and going to the bathroom?

4.Why are there region-code restrictions on DVDs? How does this prevent copyright infringement? Is it illegal for me to buy or and use a region-free DVD player, or to modify a DVD player to be region-free?

5.In several lawsuits, the MPAA has repeatedly said that it's illegal to make a back-up of a DVD that I purchased. Why is this illegal?

6.Is it ever legal for me to use software like DVD Shrink or Handbrake to rip a digital copy of a DVD I own onto a video iPod or my laptop? What if I want clips to use for a class report? Or if a teacher wants to include a clip in a PowerPoint slide?

7.Is there anything illegal about copying TV shows I’ve recorded off the air onto my video iPod?

8.If the MPAA-backed "broadcast flag" bill passes, I won't be able to move recorded TV content digitally to my current video iPod. Why should TV studios get to take away my ability to lawfully time- and space-shift?

9.Major entertainment companies have repeatedly brought lawsuits to block new technologies, including the VCR, Digital Audio Tape recorders, the first MP3 player, the ReplayTV PVR, and now P2P software. Why is your industry so hostile to new technologies?

10.Hollywood is pushing legislation to "plug the analog hole." These restrictions won't keep copyrighted video off of file sharing networks, but they will would block me from excerpting a recorded TV show for a school report or using tools like the Slingbox to send recorded TV shows to myself over the Internet. Why are you trying to restrict these legitimate uses?

Digg this.

p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile - http://p2pnet.net/index-wml.php

(Wednesday 12th July 2006)
http://p2pnet.net/story/9326

 

Sharman drops p2pnet libel case

p2p news / p2pnet: Two months after receiving a summons telling me I was being sued for alleged libel by Kazaa owner Sharman Networks and Kazaa ceo Nikki Hemming, I've at last received the detailed notice of claims.

Filed with the Supreme Court of British Columbia, it includes two intriguing new documents.

One, from Sharman, reads:

No. S-063039
Vancouver Registry

TAKE NOTICE that the Plaintiff, Sharman Networks Limited, wholly discontinues this proceeding against the Defendants John Newton, Interserver Inc., John Doe, Jane Doe, Richard Roe and Jane Roe.

The other, from Hemming, states:

No. S-063039
Vancouver Registry

TAKE NOTICE that the Plaintiff, Nikki Hemming, wholly discontinues this proceeding against the Defendants John Doe, Jane Doe, and Jane Roe.

Why has Sharman suddenly abandoned its claims against me and p2pnet, leaving Hemming by herself?

At this point, we don't know, but we'll find out when she tries to justify them to a Canadian jury of my peers at some date yet to be decided.

For now, I have to admit that as very ordinary father and husband with a very ordinary income, I'd definitely rather not be in this situation. But in it I am, and I'm here until it get resolved, whatever it takes.

My wife, Liz, and my daughter, Emma, almost 10, have told me they're behind me and corny as it may seem, I honest-to-God believe this case points up the dangers ancient laws, which automatically assume guilt, present to Freedom of Expression in Canada.

They have no place here.

Hemming and Sharman say I defamed them in an article outlining Australian court proceedings into Hemming's assets. They also demanded the identity of a p2pnet reader who posted an anonymous comment which I included in the same story.

Israeli lawyer Itai Lesham has since come forward, but be that as it may, as I say in Stop-the-Blogsuit, "as far as I'm concerned, an anonymous post is the same as a confidential source. I don't have to like a post, or even agree with it. But I believe that as an honest and responsible human being, I do have to safeguard the poster, if indeed I know who he or she is which in this case, I don't.

"If Sharman wins it'll make life a potential hell for bloggers in Canada, at the least. And you can bet the case will be used as a reference for similar actions around the world."

People come here, "from all over the world to file libel suits," as Jeffrey Shallit, a professor at Canada's University of Waterloo, emphasises on his web site.

The laws must be brought into the 21st century and winning this case will go a long way towards achieving that.

Cheers! And thanks for all the good wishes and support ...

Jon
http://p2pnet.net/story/9333

 

Here's how to cool your Dell

To all those owners of burning dell laptops I suggest the following

http://www.diefer.de/i8kfan/

I’ve tested this on an Inspiron 8000 and it keeps temperatures under control.

(ie) without this, CPU temp reaches an average of 70 – 80 DeGreesC

With the control it maintains a more comportable 55DeGreeC.

Cheers
http://www.theinquirer.net/default.aspx?article=32982

News
I8kfanGUI version 3.0 beta 5 is out (4. July 2006).

This is the fifth beta version of the upcoming version 3.0. The changes I made to beta 4 are listed here. I'm publishing several beta versions before the final version because I've made fundamental changes and fixes to the previous version. The following fundamental changes were made to version 2.2.0:

1. revised temperature control to support multiple sensors and fans in any combination
2. system specific sensor and fan detection
3. changeable colors for each tray icon
4. updated minimizing to tray feature to make it more intuitive
5. updated realtime cpu speed calculation for hyperthreading and multi core systems
6. automatic detection and support of hyperthreading, multi core, and multi processor systems
7. User interface redesigned and updated to Windows XP styles
8. redesigned the history diagram for better readability
9. support for Windows XP themes
10. dropped support for Windows 98/ME

Please read the manual to learn about the program's features and how it's working. If you have a question, then please look at the FAQ first.

I am not answering questions that are already covered in the FAQ or the manual !

Download

http://www.diefer.de/i8kfan/

 

Microsoft puts Virtual PC on free download

Grab it while you can

By Dean Pullen: Wednesday 12 July 2006, 16:46
MICROSOFT IS now offering its operating-system virtualisation tool for Windows, Virtual PC 2004 (SP1 release), for free.

The software firm also announced that the forthcoming Virtual PC 2007 for Vista will also be freely downloadable.

Previous to this, their other virtualisation package aimed at servers, Virtual Server 2005 R2 Enterprise Edition, was also offered as a free download.
http://www.theinquirer.net/default.aspx?article=32985

Grab it from here. µ
http://www.microsoft.com/windows/virtualpc/default.mspx

 

DVDOTNET.......... software to stream and archive live video sessions using the Microsoft Windows Media format, and provide access to those archives via a Podcast for use with iTunes and the iPod Video.....(free).....GO THERE!
http://www.merage.uci.edu/~dvdotnet/

 

p2pnet vs Kazaa: update

p2p news / p2pnet: The Sharman Networks / Nikki Hemming libel suit against p2pnet took an interesting turn when Kazaa owner Sharman dropped out, leaving Kazaa ceo Hemming to fend for herself.

Or is Sharman backing her behind the scenes?

Be that as it may, both The Register and Techdirt have picked up on one aspect of the suit as, no doubt, Sharman and Hemming had hoped.

“Hemming's lawyers go so far as to suggest that the publicity generated by the lawsuit and subsequent P2Pnet web site hits will counter Newton's legal costs resulting in 'a net profit and ensuring the permanent success of [Newton's] P2P Website'. [Cough - Ed.]” - says El Reg.

Says Techdirt, "It really is a unique strategy: accuse the person you're suing of profiting from the attention you brought him [Techdirt's emphasis] by suing him.”

To quote the portions of the detailed claim The Register and Techdirt are referring to:

Instead of simply removing the defamatory expression at issue from his P2P Website, the Defendant Newton elected to draw global attention to his P2P Website, which generates income for him based on the number of 'hits' from website visitors.

And in another section:

Falsely representing that his P2P Website does not log visitors and that IP addresses are not available to him, well knowing that his income from the P2P Website requires him to permit his advertisers to audit the number of visitors to his website and to verify the authenticity of those visit, and, Calculating that the increased revenue that he will earn by increasing the volume of visitors to his P2P Website in consequence of the controversy generated by this libel action will substantially exceed his pecuniary liability to the Plaintiff, thereby generating a net profit and ensuring the permanent success of his P2P Website.

Actually, as I say in an unrelated story:

We've always been a non-entrepreneurial site, and we still are, but were it not for our handful of flat-rate faithful advertisers .......

And that rate hasn't changed since the day BearShare, Blubster, LimeWire, Morpheus and Warez first signed on, although p2pnet now has a very significant audience of readers around the world - much larger than when kicked off in 2002. But we continue to turn down potentially lucrative ads because we didn't like what they're trying to sell, because the ads are pop-ups, because they're pumping products or services from firms we believed are against the p2p community, or because they're trying to use the ads to sneak in tricky coding.

And this year, thanks to the depredations of Warner Music, EMI, Sony BMG and Vivendi Universal, the members of the Big Four Organized Music gang who are trying to use lawsuits to both crush any and all competition and to sue their own customers into buying inferior, over-priced product on- and offline, we've actually lost two supporters: LimeWire and BearShare.

In other words, it doesn't make a blind bit of difference how many hits p2pnet gets. Or doesn't get. And, “well knowing that his income from the P2P Website requires him to permit his advertisers to audit the number of visitors to his website and to verify the authenticity of those visits,” is pure and utter fabrication.

p2pnet doesn't have these kinds of data and even if it did, I never have, nor will I ever, reveal details of users.

As I say say I in the p2pnet privacy statement (which has been a part of the site for ever):

By accessing p2pnet.net, you're agreeing to be bound by absolutely nothing.

And as far as stats go, p2pnet doesn't collect, analyse or do anything at all with visitor information, beyond using it for the occasional advertising inquiry.

Even then, all we reveal is: how many unique visitors surf to the site during a given period.

The same goes for registration. The only thing we do with user information is: keep it in a database so we can send out the newsletter.

There's no hidden fine print in teeny weeny letters, no opting out of something you'd never have agreed to in the first place if only you'd known about it.

So enjoy, secure in the knowledge that your user rights and privacy aren't being violated or invaded in any way.

Cheers! And all the best ...

And in case anyone thinks I'm getting rich from donations, as I write this, I've received a grand total of $1,551.81 which, considering the case will cost somewhere between $100,000 and $250,000 by the time it's finished, won't go very far.

Does the paucity of contributions mean no one is interested? Nope.

Unfortunately, there've been reports of several recent instances of sites appealing for donations to help legal expenses, and then disappearing or using the money as all or part of 'settlement' fees. I have no idea if there's any truth in them, but they've certainly created a dark cloud of suspicion where appeals of this type are concerned.

On top of that, there are now so many sites asking for money that the well is running dry. But I still have to do what I can to keep the wheels turning, hence the Stop-the-Blogsuit page.

Finally, I don't want anyone to lose sight of the fact that although we want to come out of this in one piece and still in possession of our house, and as I say here, "I'd definitely rather not be in this situation," I am in it. And I'll be here until it's resolved, whatever it takes.

My wife, Liz, and my daughter, Emma, almost 10, have told me they're behind me and corny as it may seem, I honestly believe this case points up the dangers ancient laws, which automatically assume guilt, present to Freedom of Expression in Canada.

They have no place here and when we win, the case will make a huge difference to getting the defamation laws revised. And they must be revised.

Here's a song I wrote called Freedom of Speech. :

Saying what you want to is your fundamental right
But freedom of speech can be stolen in the night
If you let 'em,
They'll take it away from you.
Then they'll have you where they want you and they're never gonna let you go.

Saying what you want to is your bottom line right
But your freedom of speech can vanish overnight
It ain't a gift you have to earn it
They'll destroy it if you spurn it
If you can't say what you're thinking
You might as well not think.

People are dying 'round the world to buy that right
If you want it you can have it
But it don't come without a fight
And if you let 'em. They'll steal it away from you.
Then they'll have you where they want you and they'll never let you go.

Saying what you want to is your bottom line right
But your freedom of speech can vanish overnight
It ain't a gift you have to earn it
They'll destroy it if you spurn it
If you can't say what you're thinking
You might just as well be dead.

Canadian indie label owner and performer Neil Leyton is organizing a Freedom of Speech benefit concert at the famed Rivoli dinner-dance club on Queen Street, Toronto, on the night of August 5. Neil will be performing a song he wrote for the occasion, and I'll be doing Freedom of Speech which is is not only the first song I've ever written, it'll be my first on-stage performace and to say I'm nervous is considerably understating things.

But the stars of the concert will be, in alphabetical order, Aceface; Peterborough singer/songwriter Dennis O'Toole; the Kobo Town band, Lindy and Neil.

If you'd like to be in on the August 5, performance on, there's still time to contact Neil at nleyton@gmail.com or 416 721 3566. If you'd like to talk to me, use jon@p2pnet.net.

For now, Cheers! And all the best ...
Jon
http://p2pnet.net/story/9339

 

'Imitation IPod' Invades Radio



By Dave Demerjian| Also by this reporter
02:00 AM Jul, 13, 2006

In the two years since Jack FM radio made its debut in the United States, the majority of U.S. radio stations programming the "imitation iPod" format have seen healthy, sustained gains in listeners. The format is a rare bright spot for the major radio broadcast chains, which are fast hemorrhaging listeners to real iPods and satellite radio.

Defined by wide-ranging playlists and unusual combinations of songs from different genres and eras, Jack has been likened to an iPod set on shuffle.

Jack is at the forefront of what is known in the radio industry as "variety hits" or "adult hits," programming philosophies centered on the belief that listeners want more variety and less repetition, but also like it when artists from completely different decades and genres are played back to back (think Pet Shop Boys followed by Mötley Crüe followed by Matchbox Twenty).

It's in sharp contrast to conventional programming logic, where small, genre-specific playlists are thought to attract specific target audiences, and songs are repeated over and over so as to become quickly familiar to listeners.

Jack stations don't broadcast weather, traffic or zany morning-show antics, eliminating DJs altogether in favor of brief, punchy, prerecorded announcements that aim for edgy irreverence -- "Hey Jack, that last song was so hot, I have to go change my underwear."

According to Mike Henry of Paragon Media Strategies, a radio consultancy in Denver that helped launch the format in the United States, the edgy irreverence is an important part of Jack's appeal. "It's creative packaging, and it's different from the typical radio clutter," he says.

It's resonating with listeners. A recent report (.pdf) from market researchers Arbitron and Edison Media Research tracking 36 adult hits/variety hits radio stations showed that 28 of them have seen improved ratings in the key 25- to 54-year-old demographic since flipping to the format. More impressive, these gains occurred in highly competitive major markets, including Los Angeles, Denver and Dallas.

While listening to a Jack station can sometimes feel like you're listening to a middle-aged couple spinning favorites from their LP collection, very little of what's broadcast is actually left to chance.

"Some believe that the key to this format is for programmers to literally play what they want," explains Henry. "But that's not true. In actuality, this format is very research-driven."

Jack's vastly larger library means more songs are tested -- up to 1,200 versus 300 at a more traditional pop or adult outlet -- and that programmers must apply the results of their research differently.

One example is the format's liberal use of "train-wreck editing," allowing songs from completely different genres to play back to back -- Deee-Lite followed by Steve Miller Band, for example.

Edison Media Research's Sean Ross says train-wreck editing was initially thought to alienate listeners, but is today seen as part of Jack's appeal.

"When done well, these segues are a throwback to some of the great radio of the 1970s," he says.

Garry Wall, president of SparkNet Communications, the company that licenses Jack in the United States, says: "As radio programmers, we've all come up through the ranks with very specific ideas about how things should be done. Jack's success in the marketplace is forcing us to reconsider and sometimes break these rules."

Stations that license the Jack format must adhere to specific brand guidelines. Wall won't provide details for fear of revealing competitive information, but says each licensee is provided with a recommended music library, imaging package and marketing suggestions prior to launch.

Today, all U.S. Jack stations use one of two company-sanctioned logos and the slogan, "Playing what we want." Most have similar websites, and all eschew live DJs in favor of recorded voiceovers.

With the rise of Jack has come a host of name-based copycats. The Bob FM format today airs on 20 U.S. stations, and other stations that have recently flipped to a Jacklike format include Mike in Boston, Charlie in Madison, Wisconsin, and Ben in Philadelphia. While these stations all adhere to the basic Jack programming philosophy, with broad playlists and less repetition, they are free to deviate from the brand's rigid guidelines as they please. The Peak in Phoenix, for example, uses live disc jockeys.

But while some critics continue to question the long-term viability of the Jack format, the numbers leave little doubt that people are listening, and that the format is more than just a novelty.

"It's a welcome relief from the narrow playlists that dominate the radio dial," says Paragon's Henry. "It's not just a different format, it's a whole different approach to radio."
http://www.wired.com/news/culture/0,71362-0.html?tw=wn_index_1

 

@arniebear...I didn't know you had Amish and Mennonites in your neck of the woods but it only makes sense when you think about it. As I'm sure you know, there is really quite a difference between the two though, depending on the sect, they can look quite alike.

Here in Lancaster County, PAs Amish/Mennonite country, there are quite a few different sects of mennonites but I do have a particular favorite. As you mentioned, they do accept modern conveniences, albeit in a non-showy way, whereas the Amish don't. I do have a particular favorite sect though. Many of them are actually quite wealthy from large dairy farms, various types of business etc. They will, for example, have best and the biggest TVs and home-theater systems but they build this tasteful but modest cabinetry around it to hide it when its not in use but my favorite is how they approach their cars... many love their cars like so many others and they like expensive ones be they luxury cars, sports cars or whatever. In order to be humble however, their jag, benz or corvetter MUST be black. So too, chrome work is seen as showy so they remove it all and have it painted black....bumpers, door handles, side mirrors...no chrome permitted because it's showy. Nothing stranger that a Mercedez Benz 600 with the grille and grille ornament painted black in order to be humble. Its an interesting group and their cars are very strange looking!

 

We too have a lot of Amish and Mennonite. Hartville, OH is mainly Mennonite and home to some big flea markets. Medina/Lucas/Lake/Geauga counties all have large number of Amish. Got to be careful of those buggies though, they really are speedsters.

 

LOL! Yeah, they can sure tie up traffic! It has and still does cause all sorts of nasty problems ... it's only logical that you folks share the same problems. About fifteen years ago, the state started requiring them to place these international orange triangles and damn did they raise holy hell ... and "orange"...probably the loudest and sinful color of them all! It did help some but there are still deadly accidents all the time.

I must admit, I feel sorry for them sometimes. There isn't a hotel or visitors' center here in Philly that doesn't offer bus tours etc. to go gawk at them ... busloads and busloads of them. Must make them feel like freaks, yet, perhaps they're used to it. Whenever I have presents to buy though, I rent a car and go to amish country. You can get the great stuff, exceptionally well made, totally one of a kind stuff and really cheap. People love the stuff and you'll never find it anywhere else but in amish country.

 

Yes Ohio does have the law about the orange triangles, they do offer bus tours to Amish Country to shop, but by and large the are left alone. But also, there is a problem within the community, they are such a closed society that they have many social problems. Mental and oddly enough substance abuse. Any help that is given usually has to be on their terms and they are not always willing to ask or get it. It is surprising in this day and age that the communities survive but the do.

 

USER PROFILE HIVE CLEANUP SERVICE..........Log off Windows much quicker - From Microsoft. The User Profile Hive Cleanup service helps to ensure user sessions are completely terminated when a user logs off. System processes and applications occasionally maintain connections to registry keys in the user profile after a user logs off. In those cases the user session is prevented from completely ending.....(free).....GO THERE!
http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en

Overview
The User Profile Hive Cleanup service helps to ensure user sessions are completely terminated when a user logs off. System processes and applications occasionally maintain connections to registry keys in the user profile after a user logs off. In those cases the user session is prevented from completely ending. This can result in problems when using Roaming User Profiles in a server environment or when using locked profiles as implemented through the Shared Computer Toolkit for Windows XP.

On Windows 2000 you can benefit from this service if the application event log shows event id 1000 where the message text indicates that the profile is not unloading and that the error is "Access is denied". On Windows XP and Windows Server 2003 either event ids 1517 and 1524 indicate the same profile unload problem.

To accomplish this the service monitors for logged off users that still have registry hives loaded. When that happens the service determines which application have handles opened to the hives and releases them. It logs the application name and what registry keys were left open. After this the system finishes unloading the profile.

System Requirements

* Supported Operating Systems: Windows 2000; Windows NT; Windows Server 2003; Windows XP

* Windows Installer: To use the MSI installation package you must have Windows Installer version 2.0 installed. Otherwise you can follow the manual installation instructions from the readme provided below. Windows Installer 2.0 is included with Windows 2000 SP3 and later, Windows XP and Windows Server 2003. You can install Windows Installer 2.0 using this link Windows Installer 2.0 Redistributable for Windows NT & 2000.


NOTE: The service has not been localized but is expected to run properly on localized version of Windows. The event log messages will be shown in English.


Instructions
This download is available to customers running genuine Microsoft Windows. Click the Continue button in the Validation Required section above to begin the short validation process. Once validated, you will be returned to this page with specific instructions for obtaining the download.

 

The Pig and the Box

Posted in All, P2P, Copyright, Right to copy, DRM on 07.14.06 20:17

A heartbreaking tale about a pig that invents his very own DRM to protect the powers of the magic box he found. Inspired by the harsh Anti-Piracy campaigns targeted at kids.

pig drm


go here to read it all
http://dustrunners.blogspot.com/2006/07/pig-and-box.html
The Pig and the Box is about a pig who finds a magic box that can replicate anything you put into it. The pig becomes so protective of it, and so suspicious of anyone that wants to use it, that he makes people take their copied items home in special buckets that act as… well, they’re basically DRM. It’s like a fable, except the moral of the story is very modern in tone.

 

This morning's coffee is second to none: dark roasted Arabica beans which I ground myself but what really makes the magic ... what makes this coffee second to none is my ancient pyrex stovetop percolator. Because of the ease, drip coffee-makers may have become the norm but there is simply no comparison to the ol' pyrex stovetop percolator. If you've used nothing but a drip maker in recent years, step back in time and try the ol' percolator again; you're in for a real treat! Really awesome coffee and a mouthful of nicotine gum ... mmmmmm. After I savor the coffee a while, I'll put on the bacon and eggs.

It's supposed to be damned near 100 degrees today and very humid so today will be a day of movies and lemonade while I unpack my few remaining boxes. I just wanted to wish everyone a great day and stay cool! ...Gerry