Today a friend posted an article about the ACTA (Anti-Counterfeiting Trade Agreement) treaty to his Facebook account. It was the first I’d heard of this work, so I decided to have a look at some of the information currently circulating around the Internet about it. At first glance, one would think it’s designed to help slow the tide of illegal Chinese or Russian copying of DVD and other material. However, the negotiations have been labeled as part of “national security” and therefore aren’t available for review by the public.

This is simply idiotic.

Currently, groups like the EFF (Electronic Freedom Foundation) and other civil liberties groups are opposing the treaty as it’s currently written. The problem is that very little information about specific aspects of the negotiations are available. Only one allegedly leaked document has emerged so far. According to the EFF:

A document recently leaked to the public entitled ‘Discussion Paper on a Possible Anti-counterfeiting Trade Agreement’ from an unknown source gives an indication of what content industry rightsholder groups appear to be asking for – including new legal regimes to “encourage ISPs to cooperate with right holders in the removal of infringing material”, criminal measures, and increased border search powers. The Discussion Paper leaves open how Internet Service Providers should be encouraged to identify and remove allegedly infringing material from the Internet.

If true, it casts ISPs in the role of network cops who are supposed to effectively monitor traffic traversing their networks and report infractions to some enforcement body. This is totally in opposition to the concept of the ISP as Common Carrier (like telecommunications companies, which effectively they are). It smacks of Soviet-style surveillance of communications among dissident or other suspicious groups. But is this an accurate assessment?

We don’t know where the “leaked’ document came from. It may be completely legitimate, which means the ACTA should be opposed vehemently by anyone with a brain. If passed and signed in its allegedly current form, it means your iPod or laptop could be searched at any border, and any “illicit” material confiscated. It means you could be arrested for sharing a 1980s rock video on YouTube (which may not even exist anymore due to copyright concerns).

This is the problem with the government blindly labeling so many proposals and treaties as “national security” risks. If people could locate and read the actual text as currently proposed, there’d be far less ambiguity. We’d know exactly what it says and how enforcement is to work. Was the “leak” created by some anti-treaty nut trying to inflame people about the negotiations? Or is it an actual component of the ACTA material? We don’t know.

Write your Representative and Senator. Demand the sort of open access and transparency that the current administration claimed to support in its dealings. The rights you lose will be your own.

The subject of Net Neutrality has been discuss among both lawmakers and technophiles over the last few years. If you’ve been living under a rock, the basic idea is this: ISPs should not be allowed to use “biasing” or other means to manipulate, block, or otherwise affect user traffic. Under the strict definition of “neutrality,” an ISP would not be permitted to, for instance, provide slower service to customers when they request a URL from a company with which the ISP didn’t have a special agreement.

If you think this sort of thing doesn’t happen, just look at search results from various online phone directories. Look up “auto repair” or some other service in your town. You’ll probably see certain businesses (those that have paid the directory service) show up first, while others are pushed to the bottom of the list if they appear at all. Some ISPs want to apply the same sort of rules to overall user network traffic. If Net Neutrality becomes a reality, they’ll be prohibited from engaging in these practices.

Happily, it seems the FCC might actually be ready to act. In a speech this week, the chairman proposed two new rules that would help ensure ISPs can’t bias traffic unfairly. Under the proposed rules, “carriers should not be allowed to favor certain types of content or applications over others and that they could not degrade traffic of Internet companies that offer services similar to those of the carriers.”

This is good news for users. The Internet was founded on the principle that information should be available equally to everyone. Today’s advertisers already push that envelope by offering location-based ads, biasing in favor of certain companies, and search-engine manipulation techniques that push certain results to the top of result lists. But advertisers aren’t common carriers — ISPs (and telecommunications companies in general) are. Common carriers aren’t supposed to examine, manipulate, or block traffic. ISPs demanded this status in the ’90s to protect them from being subpoenaed for aiding and abetting criminals who might use their services. They shouldn’t be allowed to change the rules now in order to improve their bottom line.

I usually like John Dvorak’s articles on PC Magazine. He’s been around the industry for years and is generally very level-headed. But recently he let loose a very odd commentary in which he said the idea of Net Neutrality (i.e. the concept that ISPs should not be able to “bias” access to one portion of the net or another, based on preferencing and other tricks) is “crap.” I can’t disagree more with this one, though I sort of understand where he’s coming from.

On several occasions in the past, various ISPs have either planned or tried to implement schemes in which they attempted to control, or at least manipulate, how users accessed various online resources. As John says, Net Neutrality “became a concern when a CEO of an ISP began to make noise about Google screwing his company over somehow, and how his company might have to charge Google to even come on the network. The fact is, this guy, who will remain nameless, was an idiot. OK?” But those scenarios are very plausible, and I think they’re predictable, unless Federal rules are established to prohibit them.

Think of it this way: let’s say you’re a Comcast customer, and you try to visit Google’s site…but maybe Comcast doesn’t have an agreement with Google, so your request gets routed to a different search engine altogether. Or you try to visit Amazon.com, only to find your requests being handled very slowly because Amazon hasn’t paid your ISP for “preferred” access to their network. Given the way telecommunications companies are trying to squeeze pennies out of consumers, I think it’s only a matter of time before someone tries this.

John seems to think it won’t happen, or that consumers will vote with their feet by moving to other ISPs who have “fair” access algorithms (this despite the fact that, in many areas today, consumers have no choice but to use one local provider).

He also throws out some serious straw man arguments by asking whether Net Neutrality is “really more important than the pressing issues of poor rural Internet access, DNS attacks, spam, bots, snooping, and virus writers?” I’m sorry, but those topics have nothing to do with fair network access or limiting ISPs from making “most favored nation” style treaties with various online retailers or other sites.

Net Neutrality may be a somewhat ill-defined concept at present, but that doesn’t mean it’s unimportant or a “crap” issue. And John should know better.

European lawmakers are considering possible new regulations regarding software liability. Basically, they want developers held liable for defects in their code, circumstances arising from misuse, and other very nebulous causes. From a development standpoint, this is both good and bad.

The good part is fairly obvious. People should be able to trust that software is free from defects and safe to use. They need to know their health or financial information won’t be compromised, for example, or that a defect won’t ruin their business. These are fairly common concerns, especially today as more of our daily lives are wrapped up in technology.

The bad part is that, if put into practice, this rule would drive many developers out of business altogether. Those that left the business would be the exact people we wouldn’t want to lose. The reason is fairly clear: anyone who really knows software understands that defect-free code is nearly impossible to achieve, no matter how circumspect the developer is. So, like many very good medical professionals who have been sued once too often for errors that weren’t their fault, they’ll simply walk away from the business.

Conversely, I’ve met many developers who have a very cavalier, know-it-all attitude about coding. They think their code is rock solid and unbreakable. But they’ve never had it stress tested, or run through unexpected use cases, or otherwise manhandled by real users who aren’t likely to follow the developer’s preconceptions about how the software works.

Yes, software companies should turn out decent products. They should bend over backwards (and most do) to eliminate errors and promote clean code. Bad coders should be sent for more training or dumped from the payroll. But that’s not the whole story. A great deal of bad software hits the market not because of bad developers, but because of bad management practices and a first-to-market fanaticism on the part of senior management. Management pay lip service to “quality” while compressing QA schedules and insisting on new features far too late in the development cycle. Thus we end up with some very bad products.

All this said, software is not a tangible product. It’s bits and bytes, and sometimes people try using it without any real understanding of its intended use. Software companies shouldn’t be held liable for such failures, any more than an auto manufacturer should be held accountable for a drunk driver’s actions. Liability for clear cases of negligence is one thing. Extending this to “unintentional consequences” or forcing companies to correct defects long after the fact would be very detrimental to the industry. And to consumers.

It might be a surprise to many, but unused portions of the usable airwaves are still unallocated and unused by anyone. In the US, the FCC controls who gets to use each set of frequencies, and it turns out there’s one called AWS-3 that’s coming up for grabs. A current proposal in front of the FCC’s board now would (be still my heart!) allow access to it if companies reserve a full 25% for a completely free, nationwide wireless access network.

Yes that’s right — access would be free, and it would also cover at least 95% of the territorial US.

This is a proposal that deserves serious support. Many areas of the US, including even large cities and suburban areas, lack decent broadband access. The US lags behind while European and other countries are building large wireless networks providing 10 MBit or better speeds. This is ridiculous, and many supporters believe it’s due to a lack of competition in the US market. All the small providers have been bought up by the Verizons and Comcasts, so they can set the pace and have no fear their hegemony will be usurped.

A public wireless network would also provide much needed access to the have-nots of America — mainly those people living in rural areas where “consumer grade” broadband just isn’t economically viable for those big providers. I’ve seen far too many areas where 56k dial-up is the best physical connection is available, and often the phone networks are so bad that 24-28k is the best that can be achieved. Satellite links like Hughes Network’s help with downloads, but do nothing to increase upload speeds.

The Internet is here to stay, and it’s no longer a rich person’s toy or geek paradise. It’s part of our daily infrastructure, and everyone should have decent access. This proposal would guarantee that, and would make it porn-free to anyone who hasn’t signed an online agreement stating that they’re 18 or older. The extra competition would drive speed and access improvements among the big commercial providers, and everyone would have at least basic access anywhere they go. Laptops, PDAs, and other network-enabled devices would work freely at any location.

This is just a good idea. My only question is why it hasn’t happened already.

In a case that may (or may not) result in spammers thinking twice before disseminating junk through social networking sites and other venues, a US court has ordered the infamous “Facebook spammer” to pay a record $873 million fine. This is the guy who, after tricking Facebook users into revealing their login information, then embarked on “blitzing the unwitting victims with some 4 million obnoxious sexually explicit messages advertising everything from pot to supposed penis enlargement techniques.”

Will Facebook ever see the money? It’s unlikely. As an old colleague in the legal industry once said, “never sue poor people.” Does the guy have $873 million in assets? I’d think not. But this does give Facebook free rein to seize any assets the guy does own — his car, house, bank accounts, and whatever else they decide to go after.

Will this stop others from perpetrating similar scams? Definitely not. It might make them think twice, though. No legitimate company will ever resort to such chicanery, since the CAN-SPAM act is very explicit and the offending company would lose its assets in a heartbeat.

The only people who spam in this manner are, in a word, thieves. They think they won’t be caught, or that the reward is worth the risk. In some cases, like one-person operations run by people who have no assets to seize, the reward might be worthwhile. This is a civil suit, so the spammer probably won’t receive jail time. Effectively, he’ll probably walk away with the clothes on his back and whatever cash he’s managed to hide outside the banking system.

November has seen two major spam-related news stories: this one, and the McColo network shutdown that temporarily halved the amount of spam sent via email worldwide. I can only hope this is the start of something good. Maybe 2009 will be the year spammers start taking a hike.

If you’ve noticed a recent drop in spam and malware reaching your PC, it’s probably due to the efforts of an anti-cybercrime group that blew the whistle on a huge illegal network operating within the US. Some estimates suggest the breakthrough may have “slashed worldwide spam by 50 percent and junk e-mail by 75 percent.” This is, of course, really good news for our inboxes and the overall load on mail servers worldwide.

What’s interesting about this case is the blatant manner in which the offender violated various laws. The study pointed to “McColo, a San Jose, Calif.-based Web hosting service, as one of the biggest spam offenders. The company used servers which depend on U.S. transit peers, according to HostExploit, and beyond spam, McColo was also sending malware and hosting child-pornography sites.” I can see a company engaging in spamming or malware distribution since there are still some gray areas around the laws, but child porn is clearly illegal and punishable with stiff fines (not to mention prison time). How profitable must this have been for the company to have decided to take the risk?

Clearly, they were making lots of money and didn’t care how. The report said that “40,000 visitors per day were lured to fake Web sites and paying for antivirus software that didn’t exist.” At the same time the site was stealing passwords, credit card info, and other personal data from visitors. You can imagine how much money they were making. And of course none of it was being reported to the IRS.

Illegal Internet activity can be a very profitable venture, and it’s easy to see why criminals are diving headlong into it. I recall the case of a former spammer who made hundreds of thousands of dollars (all paid via PayPal and other online sites) a year, and kept it in shoeboxes at his house. The good news is that more governments are paying attention to the problem, and enforcement is becoming more organized.

With any luck and a few high profile convictions, maybe spam will start to diminish in a few years. It’d be really nice to have email become the useful medium it once was.

In an interesting legal case, several Dutch teens have been convicted of “virtual theft” in a case involving “a ‘virtual amulet and a virtual mask’ from the online adventure game RuneScape.” Apparently they somehow coerced another player into transferring the items to their online avatars. The Dutch court ruled that it’s still theft, even though it involved “property” that’s little more than a few pixels and an entry in a database.

This is probably not surprising, given the massive rise in popularity of massively multiplayer games like RuneScape, World of Warcraft, and LoTR Online. One can just imagine a few high-level players ganging up on a hapless low-level character, threatening to kill the online presence unless they’re given some “valuable” item in-world. It’s just bullying transferred to an online, non-physical paradigm. Sure, no tangible property was involved but the circumstances are identical. Since that’s the case, I see no reason not to prosecute such situations in the regular court system.

Apparently only a few such cases have been heard so far, and that means this precedent is far from the last word. Law is built over time, is based on opinion and precedent, and generally moves in baby steps. I’m certain some lawyers and judges will be unwilling to push the envelope too quickly. Some may simply refuse to take a case or hear it in the courtroom until some sort of formal legal decision is arrived upon.

This also introduces another question: will in-world court systems spring up over time, managed either by self-appointed avatar judges or by representatives of the company hosting the game? Will anyone even want to wade into these untested waters? Or will we see actual judges and lawyers participating, as avatars, in virtual-world court proceedings? If universities, corporations, and even religious bodies can establish virtual presences, can the Bar Association be far behind?

Of course, this also raises the question of handling evidence and enforcing decisions made in such courts. I’ll leave it to more capable legal minds to decide how best to handle those thorny problems.

We all know that movie studios and the entertainment industry as a whole hates copying. For years, consumers have pushed for looser controls while entertainment moguls have advocated making any type of copying illegal. Years ago they hated FM radio because people could make decent copies of songs right off the air.

The idea of “fair use” and copying for personal use was finally acknowledged, after a struggle, and persisted until suits against Napster and other groups erupted in the late 1990s. Since then, the studios have pushed the DMCA and other laws effectively banning copying through the courts and through Congress.

Today they’re trying to boost tariffs on Internet Radio stations and services like Pandora, effectively driving them off the air by raising per-song rates to many times that paid by commercial stations. And, in probably the latest salvo in this ongoing war, they’re trying to ban RealNetworks from selling its new RealDVD software.

The claim? It’ll cost them money since people will be able to rent DVDs and burn them to their PC hard drives. Their suit alleges the software is “designed” to facilitate piracy, a charge that RealNetworks denies. It doesn’t break the DVD’s encryption, doesn’t allow open copying, and confines the copy to the user’s local hard drive (plus up to 4 copies if you buy more licenses for the RealDVD software).

I can understand why media companies are concerned about illegal copying, but this is a really ridiculous way to go about stopping it. Garage companies in Asia are burning illegal copies of commercial DVDs and CDs by the million, but media moguls are worried US consumers will make an illegal copy of a rented DVD for Uncle Charlie?

The real issue here is one of control: entertainment companies want total control over distribution and how people gain access to performances of any type. They claim it’s all about not cheating artists out of well-deserved royalties, but that’s just a diversion. It’s really about keeping their own pockets well lined, and about pleasing stockholders.

If they’d only work with developers for a change, they might realize that not every consumer is out to steal their product. But, being bottom-line people they seem unable to get past the immediate dollar. They’re scared of technology, and it shows. But there’s nothing they can do — eventually they’ll have to accept that online media distribution is here to stay. That doesn’t mean people should be allowed to steal movies or songs, but they should have the ability to make personal copies without fearing the sudden arrival of the Music Police.

By now almost everyone knows that Governor Palin of Alaska has a policy of using commercial email accounts for government business. This is such an unbelievably naive and shortsighted policy, that I can’t believe it took a hacker to bring it into the open. Maybe Alaska’s government has few experienced IT folks, but I’m just amazed that no one said “uh, that’s a really bad idea governor.” Or maybe they did.

There are many good reasons not to use free (or even paid) commercial accounts for business mail involving sensitive data. Basic data security says you shouldn’t store confidential information on machines over which you have no direct control. It also says you shouldn’t really send such data via email in the first place, since it’s not a secure medium and anyone can intercept it if they try hard enough.

The US government, and (I certainly hope) other state governments surely operate their own mail and data servers behind well-monitored firewalls and maintain their own domains. Using this basic strategy means that sensitive traffic sent between offices or agencies located behind the firewall never makes it to the public Internet, which means it’s at least relatively safe from prying eyes. All employees are, hopefully, made aware that they should never send confidential data to any address outside the firewall.

Using Yahoo addresses for government business was just ridiculous, and the governor took appropriate heat for it. Just imagine if it was discovered that President Bush was discussing issues of national import by emailing VP Cheney from a “gwb@gmail.com” account. Not only is it irresponsible, but it bypasses public records laws designed to ensure government transparency. That is, in itself, questionable behavior. It also may be legally actionable, but whether there’s any long-term fallout remains to be seen.