Early Bird Registration for the Computers, Freedom and Privacy Conference is up on Friday and, if you’re like me, you probably haven’t registered yet. So here is your reminder… go register!

It looks like a great conference — John Morris and I are speaking from CDT. Here are all the details:

COMPUTERS, FREEDOM, AND PRIVACY: TECHNOLOGY POLICY ‘08
http://cfp2008.org/
18th Annual CFP conference
May 20-23, 2008
Omni Hotel
New Haven, CT

Conference Blog
Facebook Group
Conference Wiki
LinkedIn Group

Hotel Conference Discount Deadline: May 1, 2008
Early Bird Registration: Fri., May 2, 2008
Yale Journal of Law and Technology Tech Policy Essay Contest: Mon., May 5, 2008

(more…)

Following on its earlier announcement of plans to collaborate with BitTorrent, Comcast this week issued a press release signaling its intention to collaborate with another peer-to-peer (P2P) technology provider, Pando Networks. There are two main parts to the Pando announcement.

First, Comcast and Pando hope to lead an “industry-wide effort” to create a “P2P Bill of Rights and Responsibilities” for P2P users and ISPs. We’ll have to see how this evolves, but establishing a set of best practices in this area could well be useful. It is important, for example, to ensure that users have control over how their P2P applications work, as in what files get shared, how and when the P2P application uses computer resources, etc.; the press release suggests that the question of “what choices and controls” consumers should have will be a central focus. So if Comcast and Pando succeed in getting broad buy-in to their ideas, this could be a productive discussion.
(more…)

Nine days ago, Sophia Cope blogged about how Homeland Secretary Secretary Michael Chertoff suggested that REAL IDs cannot be skimmed, in sharp contrast to DHS REAL ID Regs, which clearly say that the REAL ID is at risk of skimming. Today, CDT Fellow Peter Swire blogged on the Center for American Progress Web site about a new Chertoff statement where he said that “fingerprints aren’t ‘Personal Data.’” Swire shows that this comment lies in sharp contrast to DHS’ stated policy that fingerprints are “personally identifiable information.”

It is now time for DHS to make clear, is Chertoff purposely suggesting changes to existing policy or are these both misstatements?

Department of Homeland Security Secretary Michael Chertoff has a hard job. Among other things, it’s his responsibility to make sure that our country isn’t attacked by terrorists and that undocumented immigrants don’t cross our borders. So it’s understandable when he vociferously defends his Department’s efforts at “protecting the homeland.” But it’s inexcusable when the guy is simply factually (and vociferously) wrong on an important policy issue.

On April 2, Chertoff, testifying before the Senate Judiciary Committee during a hearing on DHS oversight, had the gall to say that public interests groups have been putting out “misinformation” and are “dead wrong” about the privacy and civil liberties risks of REAL ID. Yet it was the Secretary who put out misinformation and was dead wrong about the risk of the wrong people gaining access to personal information stored in the REAL ID card’s “machine-readable zone” (MRZ).

Specifically, Chertoff said – in response to a question from Sen. Feingold – that it would be impossible to “skim” personal information off REAL ID cards, all of which will have a DHS-mandated two-dimensional (2D) barcode as the MRZ. An MRZ is a section of an ID card that stores digitized personal information that can be quickly scanned and collected by an electronic reader. Other MRZ examples are the common magnetic stripe or the one-dimensional bar code like those seen on grocery packages. Chertoff asserted that the skimming of personal information can only happen with RFID chips. He also said that DHS is not mandating that REAL ID cards have an RFID chip (this actually is true).

While CDT is glad that DHS is not mandating an RFID chip for REAL ID cards, the Secretary is nevertheless – in his words – dead wrong. The RFID chip isn’t the only “machine-readable zone” that can be scanned and from which personal information can be collected. Police officers regularly scan the various MRZs of state driver’s licenses, as do businesses such as bars that seek to verify that patrons are over 21.

(more…)

Last week, a federal trial court in New Hampshire held that a website that enables singles and “swingers” to find sexual partners may be sued by a woman who was the subject of a fake profile created by an unknown imposter. The New Hampshire District Court in Jane Doe v. Friendfinder Network (No. 07-CV-286) ruled that Section 230 of the Communications Decency Act (47 U.S.C. § 230), which generally protects website operators from being held responsible for illegal content posted by others, doesn’t bar Doe’s claim against AdultFriendFinder.com for violating her “right of publicity” under New Hampshire law.

While I have sympathy for the woman – I certainly wouldn’t want a fake profile of me on such a site – CDT is concerned with the legal precedent that might be created in this case. If Section 230 doesn’t bar state right-of-publicity claims against Internet intermediaries, popular user-generated-content sites – like YouTube.com where thousands of videos are posted each day, undoubtedly without the consent of many of the people in the videos – could soon face a wave of costly lawsuits.

(more…)