begin quoting Paul G. Allen as of Thu, Aug 14, 2008 at 06:47:29PM -0700: > We all know that research outside the corporate environment is illegal > and immoral, don't we? ;) > > -------- Original Message -------- > Subject: EFFector 21.28: EFF Defends MIT Students Gagged by Federal Court > Date: Thu, 14 Aug 2008 13:19:18 -0500 (CDT) > From: EFFector list <[EMAIL PROTECTED]> > Reply-To: EFFector list <[EMAIL PROTECTED]> > Organization: EFF > To: [EMAIL PROTECTED] > > EFFector Vol. 21, No. 28 August 14, 2008 [EMAIL PROTECTED] > > A Publication of the Electronic Frontier Foundation > ISSN 1062-9424 > > : . : . : . : . : . : . : . : . : . : . : . : . : . : . : > > In our 481st issue: > > * EFF IS DEFENDING FREE SPEECH FOR COMPUTER RESEARCHERS in > a legal battle between the Massachusetts Bay Transit > Authority (MBTA) and three MIT students. The undergraduate > students were planning to present their findings on > magnetic stripe and RFID vulnerabilities at the DEFCON > computer security conference in Las Vegas when a > Massachusetts judge stepped in and issued a gag order, > preemptively halting the research presentation. EFF is > urging the judge to lift the unconstitutional gag order -- > the court cannot silence researchers, even if their speech > exposes technological flaws. > http://www.eff.org/press/archives/2008/08/13
On the flip side -- since we know how even-handed the EFF is -- one needs to consider who is harmed by the release or failure to release this information. The MTBA can reasonably argue that nobody is hurt by delaying dissementation of this information, and release of this information has a high probability of "damaging" MTBA finances. Most of the time, security vulnerabilities are "exposed" in order to protect the end-users; the end-users aren't being harmed by the MTBA's actions, which eliminates the primary justification for releasing "sensitive security information" -- to force the vendors to actually fix the problem. As I recall, it was only a temporary injunction that was being sought, not a permenent gag order of any sort, so it's arguably not censorship, and much less "an unconstitutional gag order". The "damage" to the researchers is that they will lose a chance to brag at DEFCON. Have the MTBA pay their expenses for DEFCON, and leave it at that. My initial inclination is to side with the researchers, but upon reflection, I'm not entirely sure the MTBA is out of line in asking for the temporary suppression of this information. > * EFF HELPED WIN A VICTORY FOR FREE SPEECH IN > USER-GENERATED CONTENT when a judge dismissed a lawsuit > between a literary agent and Wikipedia. The agent sued > Wikipedia for edits identifying her as one of the "dumbest > of the twenty worst" agents and that she had "no documented > sales at all." But EFF argued that the operators of > "interactive computer services" such as Wikipedia cannot be > held liable for users' comments -- an important protection > that allows Wikipedia, Craigslist, and other online > communities to include user-generated content without > living in constant fear of costly lawsuits. > http://www.eff.org/deeplinks/2008/08/wikipedia-wins-dismissal-baseless-defamation-claim It seems that the appropriate course of action would be to notify Wikipedia to preserve ALL logs, to be turned over (or parts thereof) as evidence, and to (in a reasonable time, measured in hours) provide the IP addresses of the alleged defamators, so the same thing can be done for the ISPs. Surely defamation is a crime, and the normal course of action of purging logs destroys evidence. Failure to turn over the appropriate information could lead to a remote ISP purging their logs that would be necessary in identifying the author. If they refuse to comply with reasonable requests, or adopt policies that ensure that it is impossible to identify the author of defamatory material, then it gets a little dicey. Disallowing anonymous access would just as easily assuage such fears of costly lawsuits, by removing the illusion of anonymity, perhaps transferring those fears to the end-users, stifling expression. (I can see the EFF making such an assertion, actually.) I'm not sure what a good solution is. Slander and libel are old problems. Hm... http://www.enotes.com/everyday-law-encyclopedia/libel-and-slander It seems under English common law, the publisher of such material COULD be prosecuted. So it's not as a ridiculous concept on its face as one might first think... The article points out that in the USA, the law is quite a bit different, but I find these two sentences very interesting: Certain defamatory messages are slanderous or libelous PER SE, meaning that the plaintiff need not prove that the message damaged his or her reputation. Libel or slander per se occurs when the message accuses the plaintiff of committing a crime, of having a loathsome disease, or of being professionally incompetent. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It certainly sounds like there's a defamantion case here, and I'm wondering if Wikipedia is being creatively unhelpful in some way, or if it's just because they'd have deeper pockets than some smuck. -- Always consider the other point of view, even if it at first seems silly. Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
