NPR has released a digital audio recording and transcript of an interview with Daphne Keller (Google), Fred Von Lohmann (EFF), and Jessica Vascellaro (Wall Street Journal) about the Google Book Search Settlement.

Here's an excerpt:

[Von Lohmann] Unlike a bookstore or even a library, because these books will live online on Google's computers, where you will be accessing them, Google will have the ability to watch every page you read, how long you spend on any particular page, what page you read a minute ago and what page you're going to read a week from now. It really is as though every book comes with a surveillance camera that comes home with you. So we think it's really critical that this arrangement builds in real strong privacy protections because our nation's bookstores and libraries have fought hard for that, and we think we should accept no less online.

Paul Ohm, Associate Professor of Law at the University of Colorado Law School, has self-archived "Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization" at SSRN.

Here's an excerpt:

Computer scientists have recently undermined our faith in the privacy-protecting power of anonymization, the name for techniques for protecting the privacy of individuals in large databases by deleting information like names and social security numbers. These scientists have demonstrated they can often 'reidentify' or 'deanonymize' individuals hidden in anonymized data with astonishing ease. By understanding this research, we will realize we have made a mistake, labored beneath a fundamental misunderstanding, which has assured us much less privacy than we have assumed. This mistake pervades nearly every information privacy law, regulation, and debate, yet regulators and legal scholars have paid it scant attention. We must respond to the surprising failure of anonymization, and this Article provides the tools to do so.

Read more about it at "What Information Is 'Personally Identifiable'?"

The University of California School of Information's Google Books Settlement and the Future of Information Access Conference was held on August 28, 2009. Below is a selection of articles and posts about the conference.

• Google Book Search—Is It The Last Library?
• Google Book Search Settlement Plan Questioned
• Google Book Search? Try Google Library
• Google Books: A Metadata Train Wreck
• The Google Books Settlement
• Internet Archive Director: Don't Jump at the Google Books Settlement
• Internet Archive Stares Down Google Book Mine
• More Questions Than Answers on Google Books
• Privacy Missing from Google Books Settlement
• The Single Best Question Asked at the Google Books Settlement Conference
• Thoughts on Privacy and the Google Book Settlement
• Why It's So Hard to Get a Handle on the Google Books Settlement and Figure Out if Google's Doing Right By You

In "Warrants Required: EFF and Google's Big Disagreement about Google Book Search," Cindy Cohn discusses the Electronic Frontier Foundation's concerns over privacy issues in Google Book Search.

Here's an excerpt:

One of the most important of those protections is the assurance that your browsing and reading habits are safe from fishing expeditions by the government or lawyers in civil cases. In order to maintain freedom of inquiry and thought, the books we search for, browse, and read should simply be unavailable for use against us in a court of law except in the rarest of circumstances. We have other concerns about Google Book Search as well—concerns and data collection, retention, and reader anonymity—so this won't end the debate, but safeguards against disclosure are a central point of concern for us. . . .

Given this backdrop, we asked Google to promise that it would fight for those same standards to be applied to its Google Book Search product. . . .

Unfortunately, Google has refused. It is insisting on keeping broad discretion to decide when and where it will actually stand up for user privacy, and saying that we should just trust the company to do so. So, if Bob looks like a good guy, maybe they'll stand up for him. But if standing up for Alice could make Google look bad, complicate things for the company, or seem ill-advised for some other reason, then Google insists on having the leeway to simply hand over her reading list after a subpoena or some lesser legal process. As Google Book Search grows, the pressure on Google to compromise readers' privacy will likely grow too, whether from government entities that have to approve mergers or investigate antitrust complaints, or subpoenas from companies where Google has a business relationship, or for some other reason that emerges over time.

The Electronic Frontier Foundation has released a letter to Google about reader privacy and Google Book Search.

Here's an excerpt:

1. Protection Against Disclosure: Readers should be able to use Google books without worrying that the government or a third party is reading over their shoulder. Google needs to promise that it will protect reader records by responding only to properly-issued warrants from law enforcement and court orders from third parties. It also must promise that it will let readers know if anyone has demanded access to information about them.
2. Limited Tracking: Just as readers can anonymously browse books in a library or bookstore, they should also be able to search, browse, and preview Google books without being forced to register or provide any personal information to Google. And for any of its Google Book Search services, Google must not keep logging information longer than 30 days. Google should also not link any information it collects about reader use of Google Book Search to that reader’s usage of any other Google services without specific, affirmative consent.
3. User Control: Readers should have complete control of their purchases and purchasing data. Readers should be able to delete their records and have extensive permissions controls for their "bookshelves" or any other reading displays to prevent others from seeing their reading activities. Readers should be able to “give” books to anyone, including to themselves, without tracking. Google also should not reveal any information about Google book use to credit card processors or any other third parties.
4. User Transparency: Readers should know what information is being collected and maintained about them and when and why reader information has been disclosed. Google needs to develop a robust, enforceable privacy policy and publish the number and type of demands for reader information that are received on an annual basis.

Read more about it at "Don't Let Google Close the Book on Reader Privacy!."

As many as 10% of all U.S. ISP customers may be subject to deep-packet inspection of their Internet traffic. Unnamed ISPs have contracts with ad agencies, such as Front Porch and NebuAd, that permit them to monitor customers' activities. Front Porch can track 100,000 U.S. users and NebuAd can track up to 10% of all U.S. users.

How can ISPs do this? It's because customers agreed to let them monitor their Internet activity by accepting the terms of their ISP's service contract.

Read more about it at "Can an Eavesdropper Protect Your Privacy?," "Every Click You Make: Internet Providers Quietly Test Expanded Tracking of Web Use to Target Advertising," "I.S.P. Tracking: The Mother of All Privacy Battles," and "Web Service Contracts Say ISPs Can Block Sites, Snoop."

The Italian agency in charge of protecting personal data has ruled that Logistep violated the privacy rights of Italian file sharers by tracking their activity and ordered that these tracking records be destroyed. Previously, the Swiss data protection commissioner made a similar ruling against Logistep.

Read more about it at "Anti-Piracy Company Breaches Privacy, Ordered to Shut Down"; "Anti-Piracy Company Illegally Spied on P2P Users"; and "Italian File-Sharers Let Off The Hook."

Slashdot reports that the Motion Picture of Association of America has removed the MPA University Toolkit software from the software's website after Matthew Garrett contacted the MPAA's ISP indicating that the software violated the GNU GPL. Garrett had attempted to contact the MPAA directly, but it was unresponsive. Currently, only Toolkit documentation remains on the website.

The Washington Post reports that the Motion Picture of Association of America is trying to persuade universities to utilize its new MPA University Toolkit, which uses Snort and ntop to provide detailed internal network use statistics that may identify possible copyright infringers.

Security experts have determined that, in its default configuration, the MPA University Toolkit sets up a Web server that provides use statistics to any Internet user unless it is blocked from doing so by a firewall. There is a user/password option, but network administrators are not prompted to set it. Moreover, the software "phones home" to the MPAA upon setup, providing the organization with the IP address of the server.

Read more about it at "MPAA University 'Toolkit' Raises Privacy Concerns."

DigitalPreservationEurope has published PO3.4: Report on the Legal Framework on Repository Infrastructure Impacting on Cooperation Across Member States.

Here's excerpt from the "Introduction."

The focus of this paper is the legal framework for the management of content of cooperating repositories. The focus will be on the regulation of copyright and protection of personal data. That copyright is important when managing data repositories is common knowledge. However, there is an increasing tendency among authors not only to deposit their published scientific work, scientific articles, dissertations or books, but also the underlying data. In addition to this ordinary publicly available sources like internet web pages contain personal data, often of a sensitive nature. Due to this emergent trend repositories will have to comply with the rules governing the use and protection of personal data, especially in the medical and social sciences.

The scenario is the following:

• National repositories acquire material from different sources and in different formats.
• The repositories cooperate with repositories in other countries in the preservation of data.
• There is some degree of specialisation, some repositories specialise on preserving certain formats and other repositories on the preservation of other formats.

This paper describes the legal framework regulating the two decisive actions which have to take place if this scenario is to become a reality:

1. The reproduction of data
2. The transfer of data to other repositories

Other copyright issues like the rules concerning communication with the public and the protection of databases will also be touched upon.