EFFector       Vol. 17, No. 5       February 18, 2004

A Publication of the Electronic Frontier Foundation     ISSN 1062-9424

In the 280th Issue of EFFector:

Record Industry Targets 531 More Filesharers

San Francisco, CA - In response to the record industry's announcement Tuesday of five new lawsuits targeting 531 more unnamed alleged music filesharers, the Electronic Frontier Foundation (EFF) renewed its efforts to ensure that the lawsuits adequately protect the rights of the accused.

EFF pointed out that the record industry failed to follow the basic rules required in all lawsuits when it lumped together hundreds of people in five lawsuits filed in Philadelphia, Atlanta, Orlando and Trenton, New Jersey. The cases include alleged filesharers located throughout the United States who acted independently, used different types of filesharing software and allegedly shared different music files. Also, the record industry has not ensured accused filesharers a means of reviewing and responding to potentially incorrect accusations before Internet Service Providers reveal their identities.

"The RIAA continues to cut corners in its crusade against filesharers and deny ordinary people the legal protections that are available in all other types of legal cases," said EFF Legal Director Cindy Cohn. "The courts should require the record industry to sue people individually in the appropriate local courts and provide notice so those sued have a chance to refute accusations of filesharing before the record industry compels an ISP to reveal their identities."


EFF Privacy Coalition Presses Congress for Hearings on Travel Privacy

Controversial Passenger-Screening System Fails Government Review

San Francisco, CA - In the wake of a government report that gives the controversial CAPPS II passenger-screening program a failing grade for protecting passenger privacy, the Electronic Frontier Foundation (EFF) and a diverse coalition of advocacy groups on Tuesday asked the House Committee on Transportation and Infrastructure to hold Congressional hearings on the threat posed to privacy and civil liberties by the government's collection and use of passengers' private information.

"The amount of data - potentially incorrect data - that the government is asking to access before permitting you to fly is simply astounding," said Lee Tien, a senior staff attorney at EFF. "Doing background checks on every American who chooses air travel doesn't seem like a logical way to keep bombs and weapons off of planes."

In its CAPPS II report issued late last week, the General Accounting Office (GAO) states that transportation authorities have failed to address Congress's concerns about the system's accuracy, effectiveness and impact on personal privacy. Further, the GAO shares EFF's concerns that the CAPPS II mission may "creep" beyond its original purpose of keeping terrorists from boarding flights and that there is no adequate redress for passengers mistakenly tagged as terrorists.

The request for hearings comes on the heels of the release last week of an open letter by a group of House Representatives asking President Bush to suspend plans to implement CAPPS II until a specific government policy is adopted that "makes clear the role of airlines in sharing consumer information with the federal government."

The groups joining EFF in the call for Congressional hearings on travel privacy are (in alphabetical order):


Update on CAPPS II Passenger Profiling: What's Going On?

EFF and other privacy advocacy groups are making headway in the battle to stop implementation of the Computer Assisted Passenger Prescreening System (CAPPS II), but the fight is far from over. Below, we provide an update on the latest developments; we urge you to take a look and to join us in calling for Congressional hearings on CAPPS II and the current state of our travel privacy.

Congress Flunks CAPPS II for Protection of Passenger Privacy

Last week, Congress's investigatory arm, the General Accounting Office (GAO), issued a report giving CAPPS II failing grades in tests for privacy, security, effectiveness, accuracy, fairness, due process and accountability: http://www.gao.gov/new.items/d04385.pdf. Under an appropriations provision enacted late last year, passing these congressional tests is the precondition for funding CAPPS II on anything more than an experimental basis. Unfortunately, President Bush has made it clear that he believes these requirements to be merely advisory and, as such, will not serve to prevent the Transportation Security Administration (TSA) from proceeding with implementation as scheduled.

EFF and a Diverse Coalition of Advocacy Groups Call for Congressional Hearings

As noted in the media release above, EFF and a coalition of advocacy groups on Tuesday asked the House Committee on Transportation and Infrastructure to hold hearings on CAPPS II and on all government use - or abuse - of air passenger records: http://www.eff.org/Privacy/CAPPSII/coalition_letter.php

House Representatives Ask President Bush, TSA to Suspend Plans to Implement CAPPS II

No fewer than 40 members of the House of Representatives last week voiced their concern about CAPPS II and passenger privacy in two public letters. In a letter sent to President Bush, a group of House Representatives asked that plans for its deployment be suspended until a specific government policy is adopted that "makes clear the role of airlines in sharing consumer information with the federal government": http://www.eff.org/cgi/tiny?urlID=126 (House website)

In a second, more strongly worded letter sent to Acting TSA Administrator David Stone, another coalition of House Representatives cited the many unanswered questions about CAPPS II and asked that the program be "suspended indefinitely until these serious concerns are addressed": http://www.house.gov/kucinich/action/letter.pdf

Travel Industry Groups Doubt that the Government or Airlines Can Be Trusted with Passenger Data

Asked about the security of passenger data, the majority of corporate travel and purchasing managers surveyed by the Business Travel Coalition expressed grave concern about what one manager called "[The] sharing of data without permission, then the deceit that followed that sharing": http://www.eff.org/cgi/tiny?urlID=128 (BTC).

The Association of Corporate Travel Executives has established a task force to advise TSA of its concerns about CAPPS II: http://www.acte.org/initiatives/CAPPSII.shtml.

High-ranking TSA Official Resigns

Ben Bell has announced that he is resigning effective April 3. Bell has been director of TSA's Office of National Risk Assessment (ONRA), which was responsible for much of the design of CAPPS II: http://www.eff.org/cgi/tiny?urlID=129 (Washington Post; registration unfortunately required.)

Join EFF today in calling for hearings on CAPPS II and our travel privacy - your voice makes a difference: http://action.eff.org/action/index.asp?step=2&item=2854

Let the Sun Set on PATRIOT - Section 215:

"Access to Records and Other Items Under the Foreign Intelligence Surveillance Act"

Welcome to "Let the Sun Set on PATRIOT," a new EFFector series on the battle to let some of the most troubling provisions in the USA PATRIOT Act expire, or "sunset." Each week, we'll profile one of the 13 provisions set to expire in December of 2005 and explain in plain language what's wrong with the provision and why Congress should allow it to sunset. This week we begin with the notorious section 215, which allows the FBI secretly to demand access to your private records.

What Section 215 Does

Section 215 allows the FBI secretly to order anyone to turn over your private records or any other "tangible things," so long as the FBI tells the secret Foreign Intelligence Surveillance Act (FISA) court that the information is sought "for an authorized investigation...to protect against international terrorism or clandestine intelligence activities." These demands for your personal records come with a "gag order" prohibiting the recipient from telling anyone, ever, that they received a Section 215 order.

How Section 215 Changed the Law

It used to be that the power to use a secret order to demand access to your private records had two critical checks: the FBI was (1) limited to reviewing records of particular use to terrorist or counter-intelligence investigations, such as hotel or car, truck and storage rental records, and (2) was required to present to the FISA court "specific and articulable facts giving reason to believe that the person to whom the records pertain[ed]" was a terrorist or spy.

Section 215 dispensed with these safeguards. Now, the FBI can use a secret order to examine anything, including "books, records, papers, documents, and other items." Nor does the FBI need any facts demonstrating that you may be a spy or terrorist in order to do so. Instead, it can use these secret orders to investigate anyone it chooses - even a U.S. citizen not suspected of any crime. And the FISA court no has choice in the matter: it must issue the order even when there are no facts to back it up.

Why Section 215 Should Sunset

By allowing the FBI secretly to search through your most personal information - including financial records, medical records, student records, even your library records - without ever having to give probable cause to suspect you of a crime, or even to show that your records are relevant to an investigation, Section 215 profoundly violates your Fourth Amendment rights.

Further, Section 215 makes it so that you could be investigated because of the political or religious meetings you attend, the websites you visit or even the books that you read. Under the provision, the FBI can investigate United States persons (citizens and legal residents) based at least in part on their exercise of First Amendment rights, and can investigate non-U.S. persons based solely on their free speech activities or religious practices. As a result, Americans are chilled from exercising their Constitutional rights. Already, attendance at and donations to mosques have dropped significantly, as many Muslims reasonably fear that they will be targeted for investigation due to their religious beliefs.

Finally, and unlike grand jury subpoenas used in non-FISA investigations, there is no way for someone served with a Section 215 order to go to court and challenge its legality. Combined with the FISA court's lack of discretion and oversight when it comes to Section 215 orders, this is a recipe for abuse, giving the FBI essentially unchecked power to scrutinize the private lives of innocent Americans.


Of the PATRIOT provisions scheduled to sunset, Section 215 is perhaps the most dangerous to your civil liberties. EFF strongly opposes its renewal, and urges you to do the same. We support the Security and Freedom Ensured Act (SAFE Act, S 1709/HR 3352), a PATRIOT reform bill that would, among other things, restore the requirement that the FBI have specific facts indicating you are a spy or terrorist before using Section 215 to gain access to your private records. We encourage you to visit EFF's Action Center today to let your representatives know you support the bill: http://action.eff.org/action/index.asp?step=2&item=2866

Next Week

We'll look at Section 206, which allows the FBI to conduct "John Doe" roving surveillance.

Update on IEEE Electronic Voting Standards - Progress!

EFFector readers may remember that EFF asked for your help in getting the wayward IEEE standards- development process for electronic voting machines back on track. While standards are important for all sorts of products, this particular standard is likely to determine the quality of our nation's voting machines for years to come. Proper certification is necessary to ensure that e-voting machines are reliable, usable and, most of all, secure.

Why Standards and Certification Matter

At their best, e-voting standards and certification mean that your precinct's machines have been shocked, shaken and banged. The source code has been examined, compiled and prodded for holes. The best minds in the country have tried to break into the machines and failed. When working properly, certification provides a baseline for the integrity of election equipment in an otherwise fragmented, county-by-county equipment procurement process.

However, certification is only as good as the "standard" it uses - that is, only as good as the document that designates what to test for and at what level of rigor. If the standard says, "machines may fail 50 percent of the time," a voting district may purchase seriously faulty machines. In short, if a standard merely describes current machines, rather than sets benchmarks that the machines must meet, it fails us.

Unfortunately, today's voting machine standards were written for yesterday's technology. The Federal Elections Commission's (FEC) most current standard is from 2002, but the bulk of the document was written in 1990. It fails to provide adequate guidance for the usage of cryptography, wireless security, voter verification and other contemporary issues. In fact, several independent security reviews have uncovered serious vulnerabilities in federally certified election systems throughout the last year. Our certification process will continue to fail unless these standards are updated.

EFF Gets Involved

In August of 2003, EFF was approached by concerned members of the IEEE committee tasked with creating a new standard for e-voting machines. Project Group 1583 (P1583) was supposed to update the FEC's antiquated standards, but some members worried that the process was being rushed through without careful consideration or was being co-opted by voting machine vendors. Instead of providing a blueprint for securing computerized voting machines, they argued that P1583 was only codifying the voting machine industry's current, questionable security practices. Worse, members who advocated security features like voter-verifiable paper audit trails were systematically precluded from full participation. Meetings were held with little notice and some participants were denied the ability to vote based on arbitrary rules. Meanwhile, the proposed standard provided no guidance for machines that create voter-verified paper audit trails.

After interviewing members of P1583, EFF initiated discussions with IEEE - the group's parent organization and respected standards-setting body - and began to catalog the committee's problems. Our legal department sent two letters to P1583's leadership in an effort to stop their troubling practices. We also asked EFFector readers and IEEE members to demand IEEE intervention, and nearly 500 people called on IEEE to help guide the wayward standards-development process.

Good News, But More Work Needed

These efforts appear to be working. EFF Activist Ren Bucholz attended the last two P1583 meetings and is happy to report that the group is showing substantial progress. In particular, the following changes have taken effect since EFF and EFF supporters became involved:

P1583 remains months away from a final standard, but it is already conducting a more balanced, transparent process. EFF will continue to monitor its progress and invite others to join the process.

EFF would also like to thank all of the people who have helped put this critically important standards-development process back on track.


Internet Pioneer Gives Over $1.2 Million to EFF to Defend Online Freedom

Electronic Frontier Foundation Announces Endowment Fund for Digital Civil Liberties

San Francisco, CA - EFF, the leading civil liberties organization working to protect rights in the digital world, is honored to receive a $1.2 million bequest from the estate of Leonard Zubkoff, an EFF supporter and technology pioneer. EFF will use $1 million of this money to establish the EFF Endowment Fund for Digital Civil Liberties.

"This generous legacy enables us to establish a permanent source of support for EFF," explained EFF Development Director Terri Forman. "It also leverages a $1 million pledge challenge from one of our co-founders and board members. We are now two-thirds of the way towards our Phase I goal of $3 million."

"This gift is important to us for several reasons," said EFF Executive Director Shari Steele. "Not only does it help us establish our endowment fund, Leonard's legacy makes it possible for us to bring aboard a Chief Technology Officer (CTO) to create and implement a technology strategy for EFF. With our combined expertise in both the law and technology, EFF is perfectly situated to help create and foster new technologies designed to enhance freedom."

Leonard Zubkoff was an internationally known software developer and entrepreneur, respected for his expertise in computer architecture and operating systems. He loved to fly and was learning to pilot a helicopter when he died in a crash in Misty Fjords National Monument Wilderness in Alaska on August 29, 2002.

Mr. Zubkoff was born in Seattle and earned a master's degree in computer science from Carnegie Mellon University after graduating summa cum laude in mathematics and physics at the University of Rochester. He moved to the Bay Area in 1985 to become the principal scientist for a Menlo Park company developing artificial intelligence software. In 1994, Mr. Zubkoff joined Oracle Corp., the database software giant located in Redwood Shores, as a principal member of its technical staff. He joined VA Linux Systems Inc., a Fremont company now known as VA Software Corp., as chief technical officer in 1998. Zubkoff also founded Dandelion Digital, a small, state-of-the-art recording studio that produced "filk" - originally a typo of "folk" - recordings on compact discs.

For information about making a gift to EFF's endowment fund or about establishing a bequest to benefit EFF, please contact Terri Forman at +1 415 436-9333 x113, or tforman@eff.org

To make an initial inquiry about the CTO position and to receive a job description when it becomes available, please send a note to ctojob@eff.org


Deep Links

Deep Links features noteworthy news items from around the Internet.

Staff Calendar

For a complete listing of EFF speaking engagements (with locations and times), please visit the full calendar.


EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)

Donna Wentworth, Web Writer/Activist

To Join EFF online, or make an additional donation, go to:

Membership and donation queries: membership@eff.org
General EFF, legal, policy or online resources queries: ask@eff.org

Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements and articles may be reproduced individually at will.

To change your address or other information, please visit: http://action.eff.org/subscribe/

If you have already subscribed to the EFF Action Center, please visit: http://action.eff.org/login.asp/

To unsubscribe from the EFFector mailing list, send an email to alerts@action.eff.org with the word "Remove" in the subject.

(Please ask donna@eff.org to manually remove you from the list if this does not work for you for some reason.)

Back issues are available at:

You can also get the latest issue of EFFector via the Web at:

Back to table of contents

Return to EFFector Newsletters Index

Please send any questions or comments to webmaster@eff.org