DigitalKoans

As many as 10% of all U.S. ISP customers may be subject to deep-packet inspection of their Internet traffic. Unnamed ISPs have contracts with ad agencies, such as Front Porch and NebuAd, that permit them to monitor customers' activities. Front Porch can track 100,000 U.S. users and NebuAd can track up to 10% of all U.S. users.

How can ISPs do this? It's because customers agreed to let them monitor their Internet activity by accepting the terms of their ISP's service contract.

Read more about it at "Can an Eavesdropper Protect Your Privacy?," "Every Click You Make: Internet Providers Quietly Test Expanded Tracking of Web Use to Target Advertising," "I.S.P. Tracking: The Mother of All Privacy Battles," and "Web Service Contracts Say ISPs Can Block Sites, Snoop."

The Italian agency in charge of protecting personal data has ruled that Logistep violated the privacy rights of Italian file sharers by tracking their activity and ordered that these tracking records be destroyed. Previously, the Swiss data protection commissioner made a similar ruling against Logistep.

Read more about it at "Anti-Piracy Company Breaches Privacy, Ordered to Shut Down"; "Anti-Piracy Company Illegally Spied on P2P Users"; and "Italian File-Sharers Let Off The Hook."

Slashdot reports that the Motion Picture of Association of America has removed the MPA University Toolkit software from the software's website after Matthew Garrett contacted the MPAA's ISP indicating that the software violated the GNU GPL. Garrett had attempted to contact the MPAA directly, but it was unresponsive. Currently, only Toolkit documentation remains on the website.

The Washington Post reports that the Motion Picture of Association of America is trying to persuade universities to utilize its new MPA University Toolkit, which uses Snort and ntop to provide detailed internal network use statistics that may identify possible copyright infringers.

Security experts have determined that, in its default configuration, the MPA University Toolkit sets up a Web server that provides use statistics to any Internet user unless it is blocked from doing so by a firewall. There is a user/password option, but network administrators are not prompted to set it. Moreover, the software "phones home" to the MPAA upon setup, providing the organization with the IP address of the server.

Read more about it at "MPAA University 'Toolkit' Raises Privacy Concerns."

DigitalPreservationEurope has published PO3.4: Report on the Legal Framework on Repository Infrastructure Impacting on Cooperation Across Member States.

Here's excerpt from the "Introduction."

The focus of this paper is the legal framework for the management of content of cooperating repositories. The focus will be on the regulation of copyright and protection of personal data. That copyright is important when managing data repositories is common knowledge. However, there is an increasing tendency among authors not only to deposit their published scientific work, scientific articles, dissertations or books, but also the underlying data. In addition to this ordinary publicly available sources like internet web pages contain personal data, often of a sensitive nature. Due to this emergent trend repositories will have to comply with the rules governing the use and protection of personal data, especially in the medical and social sciences.

The scenario is the following:

• National repositories acquire material from different sources and in different formats.
• The repositories cooperate with repositories in other countries in the preservation of data.
• There is some degree of specialisation, some repositories specialise on preserving certain formats and other repositories on the preservation of other formats.

This paper describes the legal framework regulating the two decisive actions which have to take place if this scenario is to become a reality:

1. The reproduction of data
2. The transfer of data to other repositories

Other copyright issues like the rules concerning communication with the public and the protection of databases will also be touched upon.

The Creative Commons, along with Vigin Mobile, has been sued by Susan Chang and Justin Ho-Wee Wong over the "unauthorized and exploitive use of Alison's Chang's image in an advertising campaign launched in June 2007 to promote free text messaging and other mobile services."

Here's an excerpt from Lawrence Lessig's posting:

Slashdot has an entry about a lawsuit filed this week by parents of a Texas minor whose photograph was used by Virgin Australia in an advertising campaign. The photograph was taken by an adult. He posted it to Flickr under a CC-Attribution license. The parents of the minor are complaining that Virgin violated their daughter's right to privacy (by using a photograph of her for commercial purposes without her or her parents permission). The photographer is also a plaintiff. He is complaining that Creative Commons failed "to adequately educate and warn him . . . of the meaning of commercial use and the ramifications and effects of entering into a license allowing such use." (Count V of the complaint).

The comments on the Slashdot thread are very balanced and largely accurate. (The story itself is a bit misleading, as the photographer also complains that Virgin did not give him attribution, thereby violating the CC license). As comment after comment rightly notes, CC licenses have not (yet) tried to deal with the complexity of any right of privacy. The failure of Virgin to get a release before commercially exploiting the photograph thus triggers the question of whether the minor's right to privacy has been violated.

Source: Lessig, Lawrence. "On the Texas Suit against Virgin and Creative Commons." Lessig 2.0, 22 September 2007.

The Canadian Internet Policy and Public Interest Clinic of the University of Ottawa Faculty of Law has released Digital Rights Management and Consumer Privacy: An Assessment of DRM Applications under Canadian Privacy Law.

Here's an excerpt from the report's "Executive Summary":

This report confirms that DRM is currently being used in the Canadian marketplace in ways that violate Canadian privacy laws. DRM is being used to collect, use and disclose consumers’ personal information, often for secondary purposes, without adequate notice to the consumer, and without giving the consumer an opportunity to opt-out of unnecessary collection, use or disclosure of their personal information, as required under Canadian privacy law.

As usual, the LITA top 10 technology trends session at ALA produced some thought-provoking results. And, as usual, I have a somewhat different take on this question.

I’ll whittle my list down to five.

• Digital Copyright Wars: Big media and publishers are far from finished changing copyright laws to broaden, strengthen, and lengthen the rights of copyright holders. And they are not yet done protecting their digital turf with punitive lawsuits either. One big copyright impact on libraries is digitization: you can only safely digitize what’s in the public domain or what you have permission for (and the permission process can be difficult or impossible). There’s always fair use of course, if you have the deep pockets and institutional backing needed to defend yourself (like Google does) or if your efforts are tolerated (like e-reserves has been so far, except for a few sub rosa publisher objections). In opposition to this trend is a movement by the Creative Commons and others to persuade authors, musicians, and other copyright holders to license their works in ways that permit liberal use and reuse of them.
• DRM: The Sony BMG rootkit fiasco was a blow, but think again if you believe that this will stop DRM from controlling your digital content in the future. The trick is to get DRM embedded in your operating system, and to have every piece of computer hardware and every consumer digital device that can access and/or manipulate content to support it (or to refuse access to material protected by unsupported DRM schemes). That’s a tall order, but incremental progress is likely to continue to be made towards this goal. Big media will continue to try to pass laws that mandate certain types of DRM and, like the DMCA, protect its use.
• Internet Privacy: If you believe this still exists on the Internet, you are either using anonymous surfing services or you haven’t been paying attention. Net monitoring will become far more effective if ISPs can be persuaded or required to retain user-specific Internet activity logs. Would you be upset if every licensed e-document that your library users read could be traced back to them? Unless you still offer unauthenticated Internet access in your library, that may depend upon your retention of login records and whether you are legally compelled to reveal them.
• Net Neutrality: If ISPs can create Internet speed lanes, you don’t want your library or digital content provider to be in the slow one. Hope you (or they) can pay for the fast one. But Net neutrality issues don’t end there: there are issues of content/service blockage and differential service based on fees as well.
• Open Access: If there is a glimmer of hope on the horizon for the scholarly communication crisis, it’s open access. Efforts to produce alternative low-cost journals are important and deserve full support, but the open access movement’s impact is far greater, and it offers global access to scholars whose institutions may not be able to pay even modest subscription fees and to unaffiliated individuals.

Privacy advocates have good reason to worry about a recent flurry of activity related to Internet data re