Friday, 31 October 2003

Amazon.com "blocks" printing of page images (not)

In an e-mail message to Authors Guild members also posted on the organization's Web site, the Author's Guild says today that "Amazon.com has, at least for the moment, disabled the print function on its new "Search Inside the Book" program. We view this as an important development." Amazon.com's claims are also reported in this story from the Associated Press .

It would be an important development, if it had happened, or if it was even possible. But it hasn't, and it isn't.

Amazon.com has "disabled the print function" only of certain versions of certain Web browsers, on certain platforms, using (buggy) browser-specific JavaScript. As a copy-protection mechanism, that's a pathetic joke. (Any attempt to write JavaScript that isn't buggy and browser-specific sometimes seems to be a bit of a joke. But that's another story.)

On Windows, for example, in my favorite browser, Opera , all I have to do to save each book page image as a .jpg (stripped of all of the surrounding Amazon.com content on the Web page), is alternate-click and select "save image" from the context menu. I can then view or print the page image in any desired program -- or, if desired, "share" the page image file or folder through a peer-to-peer system.

(Hmmm... maybe this will prompt everyone who wants free e-books to switch from MSIE to Opera. That would be a good side effect -- but that's not worth destroying the possibility of remuneration for writing.)

It doesn't matter what technology Amazon.com uses: anything that can be displayed on screen can be captured with a screen-capture program, saved to any desired storage medioum, and distributed as widely as anyone likes.

The Authors Guild also reports that, "At least one student is already bragging that he used the system to print out what he needed, when others, to their chagrin, had bought the book."

Make no mistake: this isn't a "search" program. This is a giveaway by Amazon.com of e-books and e-excerpts of books to which Amazon.com doesn't own the rights. In other words, thievery. Let's see if publishers treat Amazon.com the same way they treat individual file-sharers accused of unauthorized electronic distribution of copyrighted works.

[Addendum, 1 November 2003: In a brief follow-up, after I sent their reporter a copy of this posting, the Seattle P-I reports on the continued vulnerability of book pages displayed through Amazon.com. But the P-I still overstates Amazon.com's "copy protection" by saying, "Pages can't be printed when visitors use Microsoft's Internet Explorer or Netscape's Navigator browsers." They can't be printed using those browsers' "Print" commands, but they can still be printed using the "Print Screen" key or any screen capture utility.]

[Further addendum, 3 November 2003: FriedEgg posts at Ars Technica that it's even more stupid and easily defeated than JavaScript: Amazon.com is trying to "prevent" printing through a .css file -- as though they'd never heard of user style sheets, of which FriedEgg posts a sample to override the image print blocking. (Isn't that the whole point of cascading style sheets?) Is this the first recorded instance of .css-based "copy protection"? For all I know, they'll be using something different, but equally ineffective, tomorrow. It still won't work.]

Link | Posted by Edward, 31 October 2003, 16:13 ( 4:13 PM) | Comments (2) | TrackBack (0)

Thursday, 30 October 2003

Seattle P-I on Amazon.com "search" and page view

New Amazon search feature angers authors: Writers weren't consulted on searchability of work ( Seattle Post-Intelligencer , Friday, 31 October 2003)

The P-I reports, on the basis of an Amazon.com press release, that "Amazon.com's new "Search Inside the Book" feature -- introduced last week to let visitors search the full text of 33 million pages in 120,000 volumes -- has boosted book sales... Amazon said that in the new feature's first five days, sales of searchable titles on average exceeded those of its other titles by 9 percent."

But even Amazon.com didn't make such a claim: all that they claimed was that the new scheme has increased sales through Amazon.com . There's no evidence yet, nor will there be for some time, as to how it is affecting book sales overall, including through other bookstores and channels.

It could be (and likely is) that some people were attracted to Amazon.com by the search and page-display feature, and bought through Amazon.com, increasing Amazon.com sales of those books, while an even larger number -- who would otherwise have bought the book elsewhere -- instead came to Amazon.com, read (and perhaps saved) the pages with the information they wanted, and thus didn't buy the book at all, anwhere.

If the second group was larger than the first, Amazon.com sales of these books would be up, but total sales down. I suspect this will be the case, especially over time as people learn that if they only need an excerpt, not the whole book, they can get it for free on Amazon.com.

Th P-I article also quotes me, my publisher, and other authors who write for my publisher.

Link | Posted by Edward, 30 October 2003, 22:43 (10:43 PM) | Comments (0) | TrackBack (0)

Canada to remove privacy clause from CRS regulations

Transport Canada has published proposed revisions to the Canadian Computer Reservation Systems (CRS) Regulations in the Canada Gazette .

Section 28 (2) of the current regulations provides as follows:

Personal Booking Information

28. (2) A system vendor shall not make personal information about a passenger available to others not involved in a booking without the consent of the passenger.

According to the text and analysis of the proposed new regulations , "Section 28 of the current Regulations regarding personal information is considered redundant given the force and effect of the Personal Information and Protection of Electronic Documents Act , and it is therefore proposed that the section be repealed. "

It would be good if a general privacy law could obviate the need for separate privacy clauses in sector-specific laws and regulations. And certainly this action in Canada points up the need for a privacy section in the CRS regulations currently under review and amendment in the USA, since unlike Canada the USA doesn't have any general privacy law to cover travel records.

But without knowing anything about the nuances of Canadian Law, I'm somewhat concerned that the privacy clause in the CRS regulations, now proposed to be eliminated, seems at first glance to have fewer loopholes or exceptions than the Personal Information and Protection of Electronic Documents Act , and thus might have some continued significance for the rights of Canadian travellers against non-consensual "sharing" of their travel records.

Interestingly, the European Union, depsite having a general data privacy directive similar to the Canadian privacy law, has retained language in the EU CRS regulations -- see Article 6 (d) -- virtually identical to Section 28 (2) of the Canadian CRS regulations.

According to this press release from Transport Canada , "The proposed changes were published in the Canada Gazette Part I on October 25, 2003. Following publication in the Canada Gazette Part I , there is a 30-day period for the public to respond. After consideration of the comments, the regulations will be finalized and published in the Canada Gazette Part II. "

Link | Posted by Edward, 30 October 2003, 10:54 (10:54 AM) | Comments (0) | TrackBack (0)

Public comments (not) to the ICANN annual meeting

As I mentioned last week , the ICANN Board of Directors is holding its annual meeting this week in Carthage, Tunisia.

As with the last two ICANN board meetings, by the time the issue of new top-level Internet domain names (TLD's), including new Internet domain names for travel , was added to the agenda, it was too late for me to attend in person, even if I could have afforded to do so.

I submitted comments by e-mail for the public forums at the previous two meetings, in Rio de Janeiro in March 2003 and in Montréal in June 2003 . I was prepared to do likewise for the public forum today in Carthage, although really I would only have reminded the ICANN board, and anyone watching or exercising oversight, that the same problems I called to their attention months ago in Rio and Montréal continue unabated.

According to the ICANN Web site , the open microphone (and, in the past, open e-mail) portion of the public forum was scheduled as its last segment, from 17:30-18:00 Carthage time (UTC/GMT +1) today, or 8:30-9:00 a.m. San Francisco time. But when I went to bed last night an e-mail address for public comments still hadn't been posted on the ICANN Web site.

Overnight, an address for public comments, carthage@icann.org , was added to the ICANN Web page for the forum. As I addressed the e-mail message with my comments, I tuned in the live Webcast of the meeting -- and at 8:17 a.m. San Francisco time (17:17 Carthage time), just before I could send my e-mail comments and well before the open mike session was scheduled to begin , heard the public forum abruptly gavelled to adjournment!

Thus closes the last remaining avenue open to the public through which to bring their concerns before the de facto governing body of the Internet.

I'd like to hope that the minutes of the ICANN annual meeting will reflect the adjournment in advance of the scheduled open microphone period, to the exclusion of potential remote participation. But I wouldn't be at all surprised to see a retroactive re-write of the schedule in the minutes and on ICANN's Web site, to hide the fact that this last vestige of openness was eliminated.

More at ICANN Watch

Link | Posted by Edward, 30 October 2003, 08:37 ( 8:37 AM) | Comments (0) | TrackBack (0)

Wednesday, 29 October 2003

USA welcome mat (not) for visitors

Testimony of John Marks, CEO of the San Francisco Convention and Visitors Bureau and Chair of the Travel Industry Association of America, U.S. House of Representatives, 10 July 2003

"Intentional or otherwise, a collection of rules and policies that discourages international visitors from coming to the U.S. also create a perception of "Fortress America". The U.S. "welcome mat" for international visitors is beginning to fray and the perception of some around the world is that we are no longer a welcoming nation."

See the complete document for an excellent analysis of the economic impact of new interview requirements for visa applicants, and the differential between visitorship to the USA from countries that require visas and those that don't.

Just remember: never judge a country by its border guards. Most people in the USA like foreigners, and welcome them. Really!

Link | Posted by Edward, 29 October 2003, 21:09 ( 9:09 PM) | Comments (0) | TrackBack (0)

"Legal Problems for Amazon?"

Possible Legal Problems for Amazon's Book Search?
(Publishers Weekly, 28 October 2003)

Later revised version of the story:

Industry Debates Latest Amazon.com Initiative; Varied reactions; some experts say 'search' poses legal problems; will it sell books? (Publishers Weekly, 3 November 2003)

Book publisher Penguin's CEO says "we have a duty to our authors" to ensure that users of the Amazon.com "search" service won't be able to download entire books (which, as of now, they can). The "protections" against downloading in currently in place are laughable. More importantly, any safeguards against storing and forwarding displayed pages will be useless. Anything displayed on a screen can be captured to any desired storage medium. And anything that can be done in a browser can easily be automated to be done by a 'bot.

Personally, I imagine that if Amazon.com gets away with this scheme, it will be a matter of months -- at most -- before 'bots are built that allow a reader to enter the ISBN or other identifying info of the book, let the 'bot go grab the page images from Amazon.com in the background, and return to find the e-book neatly re-assembled, whole, in the user's download folder -- without the user ever seeing an Amazon.com page or a suggestion that, God forbid, they buy the book or pay for the download.

"Meanwhile," according to PW , "Publishing's legal expert Martin Garbus said what he found disturbing here was the absence of author permissions. "It really makes you wonder whether they [Amazon] thought about this before they went ahead and did it," he said." Unfortunately, this Wired article and the history of Amazon.com's Alexa division, before and after its acquisition by Amazon.com, suggests that Amazon.com knew full well what it was trying to do.

As PW says, "There remain ... many key queries."

[Addendum, 3 November 2003: There's a discusssion of how 'bots could be built to download sequential page images in this article and comments from the blog of science fiction writer Kathryn Cramer, who draws particular attention to the potential damage to rights to reprints and contributions to anthologies. There's also a 'bot-building thread on Usenet in the sci-fi newsgroup "rec.arts.sf.written".]

Link | Posted by Edward, 29 October 2003, 15:38 ( 3:38 PM) | Comments (0) | TrackBack (0)

More on Amazon.com copyright infringement

I'm quoted in today's Seattle Times in their story, Amazon's inside look irks authors: Search function previews any page

Unfortunately, the story focuses rather narrowly on whether authors would want to participate in the full-text search and retrieval system as Amazon.com has established it. But that's not a choice authors have yet been given: Amazon.com only approached publishers, not authors.

Amazon.com claims that giving away full text online will increase book sales. That might be true, but it might also undercut sales and licensing of other rights to the same content, such as excerpting in magazine and newspaper articles, use on other Web sites, downloading to PDA's, and so forth. As an author, I can't really evaluate Amazon.com's sales claims, since Amazon.com refuses to provide authors with reports on sales of their books -- only publishers and distributors get those. And Amazon.com categorically refuses to provide any links, even from reviews or comments, to authors' or publishers' own Web sites -- even those that already provide the full texts of their books. If Amazon.com wants to get writers' agreement for its full-text search and retrieval service, they might start by providing participating authors with reports on sales of their books through Amazon.com, and with links from the book pages on Amazon.com to the authors' and publishers' Web sites.

Readers would appear to be disserved by getting the texts of books through Amazon.com rather than authors' own Web sites: Amazon.com provides only a snapshot of the book as published, while many publishers' and authors' sites (including this one, through this blog and other articles ) provide updates after the book goes to press. Travel publishers, of course, have been leaders in online updating.

Lonely Planet, for example, commissions all the writing for its guidebooks as "work for hire". Unlike my publisher, Avalon Travel Publishing , Lonely Planet owns copyright to its books, and could have made them available for search and full-text retrieval through Amazon.com. But with only its own profits at stake, and no need to consult or obtain approval from the writers whose one-time fee already purchased "all rights" to the books' content, LP appears to have chosen not to make any of them available for Amazon.com's search and full-text retrieval system.

Although I discussed it at length when the Seattle Times reporter contacted me, today's article doesn't go into the more significant legal and ethical questions of Amazon.com's copyright infringement. Perhaps that will have to wait for reporting by a news outlet other than Amazon.com's hometown newspaper, or one of the companies convicted of wholesale plagiarism in Tasini v. New York Times, et al. .

Amazon.com labels its bootleg images of pages from my books as "publisher copyrighted material". But those images of my books available from Amazon.com include images of the copyright pages, plainly showing that copyright is in my name. The Amazon.com Enter Publisher Information for Search Inside the Book requires publishers to certify that they are "the exclusive rights holder (including copyright and marketing/promotion rights) of the titles you wish to submit to our Search Inside the Book program." That's rarely true, except for self-publishers and books produced as work for hire. Almost every copyright page image I called up through the new Amazon.com service showed copyright in the name of the author, not the publisher. At best, Amazon.com was grossly negligent in failing to notice the discrepenancy between publisher's claim to own the rights they were licensing, and the copyright notices in the books themselves. At worst, Amazon.com was knowingly proceeding in bad faith.

The Seattle Times story also omits the connection to Amazon.com's Alexa division, which has already been engaged in the sort of plagiarism of the World Wide Web that Amazon.com is now trying to expand to the contants of Books in Print . This article in Wired makes clear how the new program is, in fact, the fruition of Amazon.com's acquisition of Alexa and adoption of its attitudes. (Thanks to Dan Gillmor for calling my attention to the Wired story in his blog , although he didn't address the copyright question.)

As I said in my original article on this topic and in yesterday's follow-up , the real issue is the hypocrisy of those who whine about pettty retail copyright infringement through sharing of single MP3's, while turning a blind eye to wholesale copyright infringement by big companies like Amazon.com and Google.com (see this new story from Publishers Weekly on Google's copycat plans , also summarized here ) that are systematically attempting to compile bootleg libraries of every book or Web page ever published anywhere in the world.

Link | Posted by Edward, 29 October 2003, 07:11 ( 7:11 AM) | Comments (0) | TrackBack (0)

Tuesday, 28 October 2003

Thank you, France

Air Transport World online reports on "a meeting yesterday between French Secretary of State for Transportation Dominique Bussereau and Asa Hutchinson, US Dept. of Homeland Security under secretary for border and transportation security", US-French talks center on passenger rights issue

According to the story, Bussereau told Hutchinson that, "a number of civil suits already have been filed against EU carriers" as a reult of their provision of passenger data to the DHS border control division.

Link | Posted by Edward, 28 October 2003, 16:27 ( 4:27 PM) | Comments (0) | TrackBack (0)

USA visitor fingerprint and photo database to include travel data

Today the USA Department of Homeland Security gave its first public demonstration and explanation of the new systems for foreign visitors that will be deployed at USA international airports and seaports starting 31 December 2003 (press release, fact sheet, FAQ ).

As part of the 'US-VISIT" program, all visitors who require visas -- apparently including all transit passengers changing planes in the USA en route between other countries -- will have digital photographs and fingerprint scans entered into their "travel record" in a new database, the "Arrival/Departure Information System (ADIS)".

Earlier reports suggested that the DHS -- which still seems to have no idea what's really in reservations databases -- intended to rely on airline reservation records to match arrival and departure records. Eventually they figured out that arrival and departure flights could be in separate reservations, which can't (yet) readily be correlated. (Although the DHS wants to change that: the DHS CAPPS-II proposal would require additional standardized data in travel reservations, so as to ensure that separate reservations could easily be indexed to create a master lifelong index to your travel records.)

It's still not clear whether any of the data the DHS is now obtaining from international airlines (in violation of European Union and other countries' laws) will be included with fingerprints and photos in the ADIS database of travel records -- the DHS press release is vague as to the "travel records" to be included, and I haven't found the Privacy Act statement for the system (if there even is one, since the system will only be used on non-citizens of the USA).

Visitors from the small minority of countries (mostly wealthy European countries with predominantly white-skinned Christian populations) that the USA allows to participate in the "Visa Waiver Program" will also be exempt from the new indignities of fingerprinting and photographing on entry and exit -- at least initially. Along with the new personal interview requirements for all USA visas, the new procedures will increase the difference between the treatment given visitors from countries the USA considers first-class and second-class, and reduce visits from the latter.

Doesn't all this make you eager to come to the USA for your next holiday?

Link | Posted by Edward, 28 October 2003, 12:53 (12:53 PM) | Comments (8) | TrackBack (1)

Google joins Amazon in expanding its book bootlegging

According to this article in today's New York Times (free registration and cookie acceptance required unless, ironically, you follow a link from a Google.com news search), "Google.com has begun talks with book publishers to compile a searchable database of the contents of thousands of volumes."

As I mentioned in yesterday's blog entry, Google.com's "cache" is already the most significant channel for unauthorized online distribution of copyrighted text, and certainly the text plagiarism system that deprives writers of the most potential copyright licensing revenue. So as with Amazon.com -- whose Alexa subsidiary was already engaged in a similar copyright-theft endeveavor -- it's no surprise that Google.com is treading boldly into full-text book plagiarism. And it's equally characteristic of the attitudes of publishers (whether of text or of music) that the discussions have begun with publishers -- not with the writers who, under the doctrine of the U.S. Supreme Court decision in Tasini v. New York Times , actually own the rights what Google.com wants to do, and Amazon.com is already doing.

There's an argument for why authors might benefit, even financially, from making the full text of their books (at least some books) available on the Web for downloading and/or searching. But if I want to make the text of my books available to Google to index and include in search results, why wouldn't I just put it on my own Web site, where I can control and update it? I want people to come to my own Web site for information about my books. Not Google.com, and not Amazon.com. I can't see any benefit to authors or publishers from this scheme; its only beneficiaries would be the positions of Google.com and Amazon.com as portals to the world of books. No thanks. When looking for books, I'll use Google.com, if at all, to find individual authors' individual Web sites.

Link | Posted by Edward, 28 October 2003, 08:15 ( 8:15 AM) | Comments (1) | TrackBack (0)

Sunday, 26 October 2003

Eyewitness to presentation on jetBlue passenger profiling

I had a long chat this week with Brian Lawson, business reporter for the Huntsville [AL] Times. He called me in the course of his research for a follow-up story on Huntsville military contractor Torch Concepts and its use of jetBlue Airways' passenger database for tests of airline passenger profiling and threat assessment.

Lawson's story in today's Huntsville Times (free registration and cookie acceptance required) is worth reading. Torch Concepts' attorney/spokesperson told Lawson that, "From our perspective, there was nothing bad that happened.... The complaints are from a vocal minority. The majority of people are very comfortable with this." I guess he hasn't noticed that public comments, at last count, were running more than 5,000 to 1 against CAPPS-II.

I was even more interested, though, in some of the things Lawson told me that didn't make it into his story in today's paper. Lawson was, so far as he remembers, the only reporter in attendance, and is the only eyewitness so far to come forward, at the conference presentation by Torch Concepts about how it got the the jetBlue Airways data and what it did with it. Lawson even wrote about it at the time -- making him, and not me, the first to have reported that jetBlue passenger data had been used in profiling tests. He read me his brief story (the Hunstville Times archives aren't available online). It was matter-of-fact -- as, Lawson said, was the Torch Concepts presentation. "It simply didn't occur to me that this was anything secret. There was nothing they were trying to hide," he said. "This wasn't a classified conference -- it was open to anyone who paid the admission fee -- and you can't get much more high-profile than that conference if you're a Hunstville defense contractor."

Lawson didn't remember anything being said in the conference presentation about military base security. "It was all about airline passenger profiling," he recalled, although this week the spokesperson/attorney for Torch again claimed that "the company's work was not sponsored by TSA and he doesn't know why TSA helped Torch get the data."

Even more significantly, Lawson remembered Bill Roark, who gave the Torch presentation, saying that jetBlue had provided the data because jetBlue's fare structire (no advance purchase or round-trip purchase requirements) led to an unusaully high percentage of last-minute one-way ticket purchases, and thus an unusally high rate of selection of passengers for "secondary security screening" under the current CAPPS 1 profiling system. "jetBlue cooperated because they had so many of their passengers getting selected," Lawson says Roark told the conference, "and they hoped that providing their data might help reduce that number".

But if the Torch research wasn't intended to be used for passenger screening, Lawson wonders, why would jetBlue have had any particular interest in providing data for military base security research? What Lawson remembers Roark saying makes sense only if the Torch project really was intended for airline passenger profiling rather than, as Torch now claims, military base security.

Also today, Sean Holstege of the Oakland Tribune -- another reporter who's been digging into the airline passenger profiling and "watch list" stories for months -- has a detailed update on some of the problems facing the TSA in getting data for CAPPS-II testing. Among other interesting bits of news, Holstege quotes "insiders' estimates" that the TSA has already spent "between $80 million and $100 million on [CAPPS-II] testing and consultants." There's still no public figure on how much the TSA plans to spend to complete and deploy the system, although I've estmated total costs (most of which, evidently, the TSA expects to be absorbed by the travel industry) at over US$1 billion.

Link | Posted by Edward, 26 October 2003, 20:31 ( 8:31 PM) | Comments (0) | TrackBack (0)

Defend the Right to Link

If linking is at the heart of blogging, all bloggers should be up in arms at the cease and desist letter sent by e-voting (mis)manufacturer Diebold Elections Systems, Inc. to my friend Will Doherty in his capacity as Executive Director of the Online Policy Group.

Not having been following the news -- see the news releases from OPG and EFF -- closely enough, I thought this was just another case of corporations and the Digital Millenium Copyright Act run amok:

Diebold makes e-voting systems that rely on insecure Microsoft software components. Documents come to public attention that show that Diebold knew this, but didn't care. The documents are made available on the Web. Emulating the strategy of the Church of Scientology, Diebold tries to get the documents removed from the Web by claiming that news reports and commentaries reproducing the documents constitute copyright infringement. So far, so bad.

But that's not what the latest cease and desist letter is complaining about. Diebold's cease-and-desist letter is directed at OPG, a non-profit organization which provides "email list hosting, website hosting, domain registration, and colocation services ... to individuals and groups from communities that are underserved, underrepresented, or who face unfair bias, discrimination, or defamation online". Among the groups to which OPG provides such hosting services is IndyMedia .

Here's where things get weird: neither IndyMedia nor the OPG is accused of actually hosting any of the copyrighted Diebold menos. Diebold's complaint against IndyMedia is that IndyMedia's Web site included links pointing (at least temporarily) to some locations where allegedly copyright-infringing Diebold memos could be found. Diebold cliams that such links by IndyMedia constitute "information location tools". And, in turn, Diebold's complaint against OPG is thta, "The web page you are hosting clearly infringes Diebold's copyrights by providing information location tools that refer or link users of the web page to an online location containing infringing material or activity."

OPG's lawyer's at the Electronic Frontier Foundation have responded to Diebold, "Linking is not among the exclusive rights granted by the Copyright Act, 17 U.S.C. §106, and so cannot infringe any copyright Diebold might hold. Your allegations amount to a claim of tertiary liability; copyright law does not reach parties so far removed from a claimed infringement."

It's not clear exactly what statement. if any, is made by a link. Absent some specific statement in the text of the link, a link per se is less than a claim that anything at all exists at the target address of the link. In this case, most of the links in question pointed to nothing, since other ISP's, unlike OPG, kept taking down the complained-of Web pages. (Amazingly, and frighteningly, OPG is the only hosting provider not to enforce removal even of links to the complained-of Web pages.) At most, a link is a suggestion that the reader might find it rewarding to attempt to access whatever content might exist at the linked address.

So if there are crack and heroin dealers on the corner outside my window (there might be, but I don't know; I'm not at the window at the moment), and I step out on my stoop and say, "Look over there!", does that make me party to their crimes? And if my landlord fails to stop me from doing so, do they become party to my vicarious crime as well? It's tantamount to making it a crime to fail to prevent others from pointing at the emperor, or crting out, "Look!", when the emperor has no clothes.

Of course, if you're the Ford Motor Compnay, people don't need links to figure out that whatever you might want to say, they can find it at http://www.ford.com, or in most cases simply by entering "ford" in their Web browser. On the other hand, links are crucial for "individuals and groups from communities that are underserved, underrepresented, or who face unfair bias, discrimination, or defamation online" to connect with their online audience. That's who OPG serves, and that's why OPG's work, and this case, are so crucial to the future of free linking and free speech on the Internet.

Link | Posted by Edward, 26 October 2003, 16:33 ( 4:33 PM) | Comments (0) | TrackBack (0)

Copyright infringement by Amazon.com

Yesterday I was forwarded a copy of this message from the Authors Guild about a new program under which Amazon.com is making the full text of certain books available for searching and download from the Amazon.com web site.

The message from the Authors Guild was the first I had heard of this scheme, and I hadn't approved any contract to make the text of my books available in this form. (I'm not sure whether I want to, but I hadn't even been asked.)

I hold the copyright to my books, and my contract with my publisher requires my approval for any licenses of "subsidiary rights" (including rights to publication in any medium other than printed books).

But I checked and, sure enough, the full next of the most recent editions of both The Practical Nomad: How to Travel Around the World and The Practical Nomad Guide to the Online Travel Marketplace is available for search and download from the Amazon.com Web site, just as music and videos are available for download through Napster, Kazaa, and other file-sharing systems.

It should come as no surprise that Amazon.com is becoming more conspicuous as a plagiarist. Alexa, a subsidiary of Amazon.com -- with its offices located, bizarrely, in a national park -- has for years been engaged in systematic collection and use for commercial purposes of a comprehensive archive of unauthorized bootleg copies of everying it can find that has ever been available anywhere on the Web. Google has a similar "cache" both of Web content and of Usenet postings that has raised similar copyright concerns .

Alexa and Google claim that they allow Webmasters to "opt-out" of storage and redistribution of material on their Web pages by including "META NAME="ROBOTS" CONTENT="noarchive"' in their HTML code, or similar instructions in a "robots.txt" file. But that doesn't absolve Alexa or Google of copyright infringement, because:

  1. Under the law in the USA (where Alexa and Google are based) and most other countries, all copyrightable work is copyrighted from the moment of creation, and any use other than "fair use" is permitted only by explicit permisison ("opt-in"). Alexa and Google operate on the reverse (legally impermissible) assumption that unlimited copying and commercial use is permitted unless there's an "opt-out" in the HTML.
  2. Alexa and Google place the power to "opt-out" in the hands of whomever controls the HTML. But there's no guarantee that she who holds the copyright to the content controls the HTML in which the page is encoded. That's usually not the case, especially for freelance content producers.
  3. Alexa and Google's commercial use of their "archive" or "cache" of bootleg copies is clearly not "fair use". It's especially damaging to authors, photographers, and other producers of work that is licensed for time-limited availability on the Web. Freelance writers and photographers often depend for their livelihood on the ability to license the same work repeatedly in different markets or at different times. But long after the original Web site's license has expired, and the work has been removed from that site, bootleg copies remain available for free from the Google "cache" and the Alexa "archive" -- sabotaging the ability of the content producer to license the same work elsewhere.

It should be no surprise that large publishing and distribution companies like Google and Amazon.com are the Napster's (and worse) of text bootlegging. Creators -- writers, musicians, and others -- have long complained of publishers who appropriate their works without permission and use them for the publishers' profit, without compensation to the creators.

(It's worth noting that the U.S. Constution authorizes Congress to "secur[e] for limited times to authors and inventors the exclusive right to their respective writings and discoveries." There's no mention of any rights for publishers or distributors, and it's not clear that copyrights are intended to be capable of sale, as opposed to licensing.)

In 2001, in Tasini v. New York Times, the U.S. Supreme Court upheld copyright infringement judgments against the New York Times, Time Warner AOL, Newsday, Mead Data Central (Lexis/Nexis), University Microfilms, and others, for making available comprehensive searchable electronic databases of content to which the rights to such use were owned by the authors and photographers, not the publishers.

But the successful plaintiffs in the Tasini case have yet to receive a penny in damages, and the wholesale bootlegging of the entire content of the Web (or as much of it as they can get their hands on) by Google and Alexa continues unabashedly and unabated. It's par for the course that Alexa's parent, Amazon.com, now wants to distribute bootlegs copies of everything in Books In Print , and that it's asking publishers, not authors, for permisison to do so.

So my question is, if publishers like the MPAA and the RIAA really care about copyright infringement, why aren't they going after the big fish -- publishers who are, quite literally, trying to steal and sell the entire content of the World Wide Web, and entire libraries of work created by freelancers -- rather than going after people who they think might have stolen single songs? If this is really about "fair compensation for creators", why isn't the publishing industry trying to help creators collect from the Tasini defendants, or trying to stop Google or Amazon.com?

The near-inescapble conclusion is that publishers don't care about copyright: they care about their profits, whether through their own wholesale theft from creators or through suppression of petty retail theft by "file sharing". The real "copyright thieves" are, for the most part, publishers and distributors who steal from creators of music, text, photots, etc. -- not individuals who steal single copies from those publishers and distributors.

Link | Posted by Edward, 26 October 2003, 15:13 ( 3:13 PM) | Comments (0) | TrackBack (1)

Friday, 24 October 2003

Admiral Loy nominated for promotion from TSA

Coast Guard Admiral James M. Loy, currently Administrator ("Under Secretary of Transportation for Security") of the Transportation Security Administration of the USA Department of Homeland Security, has been nominated for a promotion to the second-highest position in the DHS, Deputy Secretary of Homeland Security.

In the revolving door that has characterized personnel relationships between the military and the supposedly-civilian DHS, Admiral Loy would be replacing Gordon England, who left the DHS earlier this month to return to his former job as Secretary of the Navy. Loy would, apparently, retain his military rank and title (as former commander of the Coast Guard -- the only branch of the military now incorporated, in its entirety, into the DHS), as he has at the TSA.

Admiral Loy will remain in charge of the TSA pending Senate action on his nomination; no appointment to succeed him at the TSA has been announced.

As I've written previously in response to public statements by Admiral Loy about CAPPS-II, "That such an Orwellian scheme is being implemented under the direction of someone who insists on using his military title, while administering what purports to be a civilian agency, is symptomatic of the extent to which the "war on terrorism" has become a war on civil liberties," waged with military means and lack of restraint by people with military mindsets. (The same could be said, as I can vouch from my personal experience having my head used as an early stepping-stone in his political career, for ex-Marine Bob Mueller at the FBI.)

Admiral Loy himself has characterized CAPPS-II as his highest priority at the TSA. Senate hearings and debate on Admiral Loy's confirmation as Deputy Secretary of Homeland Security, and on confirmation of a successor as Administrator of the TSA, will provide an ideal opportunity -- if Senators choose to use it -- to ask questions about why CAPPS-II has been pursued so insistently, despite overwhelming public opposition and complete lack of support from security experts or evidence that it could serve any legitimate security purpose (the most plausible-seeming answer being the surveillance purposes that it would facilitate), as well as about the impact of the extensive military role in managing the DHS on creating a culture of military unconcern for civilian rights and freedoms. And. of course, the Senate should insist on confirming a replacement TSA Administrator committed to ending CAPPS-II testing and development, and putting in place meaningful privacy protection for travel and transportation records used for TSA purposes.

[Addendum, 26 November 2003: Admiral Loy was confimred by the Senate 25 November 2003, by voice vote, without debate.]

Link | Posted by Edward, 24 October 2003, 06:45 ( 6:45 AM) | Comments (2) | TrackBack (0)

Thursday, 23 October 2003

Congress, think tank discuss mining and aggregating travel data

At least some members of Congress still seem to be under the delusion that anyone knows what the airline reservation of a would-be terrorist would look like, according to this report in Wired News

"When somebody buys a ticket on Delta Airlines in Munich, Germany, if there's any potential for (that person to have) a suspicious background, I want bells and whistles to go off on that computer," Sen. Saxby Chambliss (R-Ga.) told the group of 25 or so policy makers assembled in the Russell Senate Office Building's third floor."

But according to my sources, including one who worked on CAPPS-II tests, even when the CAPPS-II "proof of concept" contractors were given real reservation data for the tests, they weren't given any "terrorist" reservations, or any criteria for how to find them. The tests were judged solely by throughput, and the ability to assign a "risk" score to each reservation. Whether that score had any relationship to actual risk wasn't part of the test purpose, protocol, or evaluation criteria.

Link | Posted by Edward, 23 October 2003, 16:38 ( 4:38 PM) | Comments (2) | TrackBack (0)

Talk tonight on Cuba travel

Curious about what today's vote by Congress to lift the ban on travel between the USA and Cuba might mean? There's a perfect opportunity to find out if you can get yourself to Walnut Creek, CA, tonight.

I'm honored to consider myself a colleague, and to have the same publisher, as Christopher Baker. Christopher is a travel writer and photographer; author of Moon Handbooks Cuba, Moon Handbooks Havana, Mi Moto Fidel: Motorcycling Through Castro's Cuba, and the forthcoming National Geographic Traveler Cuba (among other books); and quite simply the foremost authority on travel to Cuba.

Tonight (Thursday, 23 October 2003), he'll be speaking to the World Affairs Council of Northern California on Cuba Today: Restrictions, Tourism, and Politics. $32 for nonmembers includes reception at 6:30 p.m. and dinner at 7 p.m.; students are admitted free to the program at 7:30 p.m.

I know it's short notice, but be there if you can.

[Addendum: I'm part of a separate discussion at discourse.net over whether Cuba has jurisdiction over Guantanamo.]

Link | Posted by Edward, 23 October 2003, 14:03 ( 2:03 PM) | Comments (0) | TrackBack (0)

Personal data stored on hotel card-key mag stripes

As tracked down (in spite of the initial skepticism of your truly about his initial less detailed reports) and posted by Jay Melnick of TravelBank Systems on his own Web site and in the Travel Guide Writers' Email List, here's more on the storage of personal information from reservation records (including names, addresses, and credit card numbers) on the mag stripes of hotel card keys:

In a message dated 10/22/2003 5:16:13 PM Mountain Standard Time, rnanning@cityofpasadena.net writes:

The following information is in response to numerous inquiries about an e-mail that was distributed regarding hotel card keys and personal information. Please take note and feel free to share with any constituents who may also have concerns.

On October 6, 2003, Detective Sergeant Kathryn Jorge of the Pasadena Police Department received information from a group of Southern California fraud detectives who had formed a fraud investigations network through a local internet carrier. One of the members of this group from another San Gabriel Valley agency reported that in an investigation that he was personally involved in, he came across a plastic hotel card key from a major hotel that had personal information that could potentially lead to identify theft and fraud. This information included names, addresses, length of stay, and credit card numbers. This detective took the precautionary measure of notifying the detectives in the network prior to seeing if this practice was standard in the industry.

As the investigation into this potential fraud risk continued, this information was shared with other members of the Pasadena Police Department and personnel chose to share this information with others before we could correctly evaluate the risk. This has caused a chain reaction of probably thousands of people being given this information before the risk was evaluated thoroughly.

As of today, detectives have contacted several large hotels and computer companies using plastic card key technology and they assure us that personal information, especially credit card information, is not included on their key cards. The one incident referred to appears to be several years old, and with today's newer technology, it would appear that no hotels engage in the practice of storing personal information on key cards. Please share this information with anyone who has a concern over the initial information send out to others as a precautionary measure.

There was never the intent of the Pasadena Police Department to forward this information to others before the risk was evaluated. The information was forwarded by individuals as a possible precautionary note of interest only.

Janet A. Pope

Adjutant to the Chief of Police/Public Information Official

Pasadena Police Department

626.744.4537

Thanks again to Jay Melnick for getting to the root of this story.

Christoper Elliott, who also has a travel blog, says that "It's an urban legend." But I wouldn't take the "assurances" that this isn't still happening (at the specific hotels contacted by one local police department) as conclusive, or as indicative of industry norms. What this really goes to show is that there is still no culture of privacy consciousness in the travel industry -- and that people from places with real privacy laws are right to demand the same in the USA before they do business with travel companies in the USA.

Link | Posted by Edward, 23 October 2003, 09:24 ( 9:24 AM) | Comments (5) | TrackBack (0)

Bad idea of the day

Venture to Offer ID Card for Use at Security Checks (N.Y. Times, free registration and cookie acceptance required)

"Today a new company, Verified Identity Card Inc., which will offer customers an electronic card containing data showing that they are not on terrorism watch lists and do not have certain felony convictions on their records.... Partners include Lehman Brothers; TransCore, the company that created the E-ZPass electronic toll system; and ChoicePoint, a Georgia company that will screen the customers."

I can't begin to catalog all the things that are wrong with this scheme to outsource imposition of a national ID card to the "private" (read, "unregulated and unaccountable", at least until we have a comprehensive data privacy law) sector.

As Marc Rotenberg of EPIC is quoted by the Times, "I don't think it will necessarily come as an assurance to most Americans that a Big Brother card is being minted in the private sector and not in the government."

The first potential use mentioned in the lead of the Times story for this "Large USA Corporations Do Not Consider Me A Threat" card is as a "trusted-traveller" card to shortcut or bypass airport security. That's consistent with the disingenuous efforts of the TSA and DHS to evade exisitng (minimal) privacy protections on data in federal government hands by outsourcing as much as possible of the CAPPS-II airline passenger profiling, monitoring, and surveillance system to the private sector -- while mandating that data be collected and structured in such a way as to assure convenient access by the Feds to data of interest, but without their having to dirty their hands with the data or pay to warehouse it (that would be taken care of by private firms, in exchange for the opportunity to exploit for their profit data obtained through government coercion).

I've said it before, and I'll say it again, although Congress still doesn't seem to be listening: the only way to close this loophole is to bring the USA into line with international norms by enacting a federal privacy law that applies eqaully to all travel records, whether in "private" (corporate) or government hands.

Link | Posted by Edward, 23 October 2003, 06:35 ( 6:35 AM) | Comments (1) | TrackBack (0)

Wednesday, 22 October 2003

International tourism to the USA still falling

Yesterday the USA Department of Commerce released its latest revised Forecast of International Travel to the United States, with actual, estimated, and predicted numbers of visitors from each regioin of the world for 2001 through 2007.

Despite the upbeat tone of the DOC press release announcing the latest revisons, the real story in the statistics is that the USA is bucking the global trend: while travel in the rest of the world has been recovering, international travel to the USA has continued to decline each year since 2000 -- this will be the third successive year that international visitor numbers in the USA have been less than the prior year.

The USA is one of the world's most popular destinations. Inbound international tourists spent US$7 billion more in the USA in 2002 than Americans spent abroad, making tourism the largest single contributor in the services sector of the economy to the USA balance of payments. Keeping would-be visitors from coming here and spending their money is enormously costly, as well as difficult.

But that hasn't kept the Homeland Security Department from giving it the old college try, with remarkable (and unfortunate) resuts. Around the world, the USA has acquired a reputation for hostility, harassment, and hassles at borders and airports. More and more of my friends from abroad are questioning whether it's worth putting up with all that, not to mention having the details of their reservations sent to the government of the USA, or whether to take their holiday somewhere else this year. As the numbers show, these impressions are widespread.

And it's going to get worse: new rules have just gone into effect under which all foreigners who need visas to visit the USA (about 90% of the world's population), must go to a U.S. Consulate or Embassy and be interviewed in person before they can be issued even a transit visa to change planes in the USA (!), much less a visa to visit the USA as a tourist.

Tourism officials expect that to be a disaster for regions of the USA that depend on revenues from international visitors. At a meeting of the Bay Area Travel Writers last Saturday, Laurie Armstrong of the San Francisco Convention and Visitors Bureau said they've been putting more effort into lobbying Congress not to sabotage the inbound tourism industry. But even in the Bay Area, one of the places likely to be hardest hit, there's little sign of leadership against anti-tourism measures from the local Congrsssional delegation.

Brazilians, for example, love the Bay Area, and considered it practically their "second home" when I saw them play (and win) here in the 1994 World Cup. But someone in say, Manaus, now has to travel over a thousand miles to the nearest U.S. Consulate for an interview, just to apply for a tourist visa -- with no guarantee that the visa will be approved. The U.S. Embassy in Brasilia is starting to schedule a road show of "visa interview days" in cities without consulates, but tourism from Brazil and other large countries such as Argentina, Russia, Chile, and China, is still expected to decline even further with the new rules.

I hope foreigners won't judge the USA by its border gauards -- I certainly try not to judge the people in countries I visit by the way I get treated in the immigration queue. But I also hope Americans, particularly in Congress, will recognize the value of welcoming visitors, before it's too late and we've alienated them all, or closed our borders, permanently.

Link | Posted by Edward, 22 October 2003, 21:39 ( 9:39 PM) | Comments (0) | TrackBack (0)

"America, land of sheep..."

Marita Adair of GuidebookWriters.com sent me a clipping of this cartoon by David Horsey from the Seattle Post-Intelligencer. (Also available here .)

Baa, baa, black sheep?


editorial cartoon


Link | Posted by Edward, 22 October 2003, 20:55 ( 8:55 PM) | Comments (0) | TrackBack (0)

discourse.net on The Practical Nomad

Michael Froomkin (Professor of Law at the University of Miami, moderator and contributor to ICANN Watch, and part of the Freetotravel.org team), has some especially kind words about my fledging efforts in his blog at discourse.net. Check it out, especially if you've never met a lawyer with a sense of humor.

Thanks to all who've sent comments on my new blog. (I'm still working on the problem of notification by e-mail of new postings.)

Link | Posted by Edward, 22 October 2003, 06:59 ( 6:59 AM) | Comments (0) | TrackBack (0)

U.S. Supreme Court to rule on law requiring ID

The US Supreme Court agreed Monday to hear an appeal of a Nevada Supreme Court decision upholding a conviction for "resisting a public officer" based solely on the defendant's refusal to identify himself.

Freetotravel.org has links to court documents and news reports about the case.

Fascinating. Very frightening -- I don't want to have to carry a domestic passport all the time. The idea of a passport as symbolizing freedom to travel is an illusion: Passports and, "Your papers, please!" are really the symbols of unfreedom to travel. And what about the 5th Amendment (self incrimination) -- the case seems to have been argued solely as a 4th Amendment (search and seizure) case?

John Gilmore, who brought this case to my attention and who is still waiting for a decision on his legal challenge to airline ID requirements, points out that, "The case involves a demand for ID that occurred outside a travel context -- in and around a parked car -- but if ID-while-sitting-still is upheld, then ID-for-travel is also likely to be upheld."

Aside from the fact that the Nevada court seems to have defied clear Ninth Circuit precedent, there's a curious angle to the case that doesn't seem to have been addressed in the lower courts. (I don't know if it was raised at trial.)

The Nevada statute says, "Any peace officer may detain any person whom the officer encounters under circumstances which reasonably indicate that the person has committed, is committing or is about to commit a crime. The officer may detain the person pursuant to this section only to ascertain his identity and the suspicious circumstances surrounding his presence abroad. [I don't know what "abroad" means in this statute. "Outside their assigned cage", perhaps? It never fails to amaze me how badly laws are written. - EH] Any person so detained shall identify himself, but may not be compelled to answer any other inquiry of any peace officer."

The statute says "identify". Not "produce identity documents" or "produce proof of identity" or even "produce evidence of identity".

What does "identify" mean? The decision seems to conflate refusal to produce documents with refusal to identify oneself, but that can't be sustainable.

Cf. the discussion in my comments on CAPPS 2.1 on the ineffectiveness of requiring a name in the absence of a requirement to produce documents or proof, since people legally can use any name they please (for any purpose except fraud).

My argument in the Nevada case would be that (1) the stature doesn't (and can't) require document porduction and (2) without that, the requirement to state a name -- any name -- fails to advance any legitimate purpose, and thus fails any balancing test against liberty interests.

The next time I go to Nevada, remind me first to take a marker and write "My name is John Doe" on my forehead to identify myself and protect my right to sit in public without risk of detention.

Link | Posted by Edward, 22 October 2003, 06:08 ( 6:08 AM) | Comments (0) | TrackBack (0)

Tuesday, 21 October 2003

USA airlines say privacy must come before CAPPS-II tests

According to this article in today's Christian Science Monitor, "The Air Transport Association, which represents America's commercial airlines, is just as adamant that proper protections be put in place before they give anyone's private information to the government. They're particularly sensitive since the recent controversy over JetBlue, which provided a defense contractor passenger information, without the passenger's knowledge. "We're in very intense negotiations with the TSA," says the ATA's Doug Wills. "You can't have higher levels of protection without taking steps to secure customers' private information.""

This is getting really interesting. This isn't IATA, which represents airlines worldwide, mostly outside the USA, and might be expected to listen to concerns from other countries. ATA is strictly a lobbying group for USA-based airlines.

If even ATA is arguing that we need better privacy protection in the USA before airlines start turning over passenger records to the government, even for testing purposes, it's high time for someone in Congress to introduce a travel privacy bill.

More and more I think that the silver lining in the jetBlue Airways privacy scandal and the misguided push for CAPPS-II will be a federal travel privacy law. With the major USA-based airlines on board, it's not a question of whether, but of when, and of what the law will say.

Link | Posted by Edward, 21 October 2003, 21:00 ( 9:00 PM) | Comments (0) | TrackBack (0)

Overseas? Dial home on the cheap

"Your own mobile phone is probably useless abroad. You have plenty of other options, some outrageously expensive and others almost free...."

Read the full story from Bankrate.com or MSN Money.

This is a surprisingly thorough survey of a complex topic: pricing options for mobile (cellular) phone use outside your home country. With, of course, extensive quotes from The Practical Nomad. But the key advice is buried at the end:

There are lots of choices but, as I've written before, by far the cheapest option is usually to buy an unlocked dual-band or triband GSM phone, and use locally-purchased prepaid SIM's in each country you visit.

There will be a much more detailed discusssion of this topic in the forthcoming 3rd edition of The Practical Nomad: How to Travel Around the World.

Link | Posted by Edward, 21 October 2003, 16:26 ( 4:26 PM) | Comments (0)

The Amazing Race 5 applications closed

Applications closed earlier this month for The Amazing Race 5, the next season of the CBS reality-TV show about travel around the world. Apparently the producers were having difficulty finding the types of people they wanted for the cast: last-minute casting calls were held across the country, at which local CBS affiliates send camera crews to film would-be contestants' audition tapes. I couldn't be there, but I'm told that 200 or more couples showed up at the San Francisco Bay Area taping (in that epicenter of cosmopolitanism, The Great Mall in Milpitas), with two film crews working throughout the day.

According to the application forms, filming will begin in January 2004. Let me know ASAP if you spot any race flags or couples running through airports followed by pairs of film and sound technicians during January and early February 2004. The Amazing Race 5 is expected to be broadcast in the USA and Canada in summer 2004, although it could be sooner. Of course, I'll once again be posting weekly columns about the travel lessons of the show, as long as I'm in the broadcast area.

Future columns, starting with season 5, will probably be posted here in my blog. Here are links to my weekly commentaries on The Amazing Race seasons 1 through 4:

  1. The Amazing Race (Fall 2001)
  1. The Amazing Race 2 (Spring 2002)
  1. The Amazing Race 3 (Fall 2002)
  1. The Amazing Race 4 (Summer 2003)
  1. The Amazing Race 5 (Summer 2004)
Link | Posted by Edward, 21 October 2003, 06:39 ( 6:39 AM) | Comments (13)

Will ICANN give ".travel" to IATA?

Less than a week before the start of the annual meeting of the Internet Corporation for Assigned Names and Numbers (ICANN)Board of Directors, the agendas for the public forum and the actual Board meeting have still not been posted on the meeting Web site. That makes it real easy for people interested in particular issues -- which, as of now, might or might not be open for discussion -- to jet off to Carthage, Tunisia, on a day or two's notice once the agenda is announced.

So we still don't know whether ICANN will take up the question of new top-level domains (TLD's), including the proposal from the airline cartel IATA to "sponsor" a .travel domain. And I won't be there -- I certainly can't afford to go to Tunisia on speculation.

But we've seen this before: schemes to move forward (or backward, depending on your opinion of ICANN's plans) on new TLD's have been added to the agenda of the last two ICANN meetings within days of the meeting or after the meeting had begun. And, more importantly, as I said in my comments to the June 2003 ICANN meeting (by e-mail), the fix is still in to give IATA or a front for IATA's interests de facto control over a new ".travel" domain. Indeed, ICANN still appears to be pulling out all the stops to find a way to keep the secret back-room promise made to IATA years ago by previous ICANN staff and Board members.

As I say in the section of my Web site on Internet domain names for travel :

Why should anyone care that the Internet is being hijacked by commercial interests? The issue is, in part, whether the Internet will be governed democratically or ruled by money and back-room cronyism. It's also about whether we should have top-level domains (like .com or .edu) for sectors of activity -- open to everyone with a stake in those activities -- or solely for industries and commercial interests. Will the Internet travel namespace be a virtual community of travelers, or a domain where -- as in a speech I heard a while back by the president of Expedia.com -- interactivity and participation will be limited to the opportunity to click on the "buy" button?

Watching from afar, I don't know exactly what form the skullduggery will take. But one way or another, I suspect that will be the question once again in Carthage next week. Keep a close eye on the smoke-filled rooms!

Link | Posted by Edward, 21 October 2003, 05:06 ( 5:06 AM) | Comments (0)

Monday, 20 October 2003

Business travel convention discusses CAPPS-II and EU privacy rules

The privacy of business travel records, and the diplomatic dispute between the European Union and the USA over the lack of a travel privacy law in the USA, was a major topic of discussion at the [USA] Association of Corporate Travel Executives convention last week in Dublin, Ireland.

According to this report in TravelAgent magazine, ACTE has asked for a moratorium on enforcement action against airlines by either the USA or the EU -- in order to avoid an interruption of trans-Atlantic flights -- pending resolution of the diplomatic dispute.

But, "The majority of ACTE members... call[ed] the U.S. data requirements "excessive."" At a minimum, that's an indication that travel execs take the prospect of EU action, even to the extent of suspenstion of operating rights in Europe, very seriously, and don't expect the EU to capitulate to demands from the USA.

As reported in Business Travel news, "On the equally controversial, second generation Computer Assisted Passenger Prescreening System, known as CAPPS II, being planned for flights originating in the United States, [US State Dept. representative] Fennerty said: "My thoughts are let's take one crisis at a time. We are trying to resolve the E.U. issue first.""

The problem with this is that:


  1. The USA still hasn't begun to talk with the EU about CAPPS-II (the current discussions relate to the narrower demands for passenger data, limited to international flights, of the Bureau of Customs and Border Protection).
  2. The State Department apparently believes (or is pretending to believe) that CAPPS-II is a purely domestic program that doesn't raise any concerns about compliance with other countries' laws.

But people make reservations in Europe (and throughout the world) for domestic flights within the USA. Any sample of "historical" reservations -- such as the USA says they intend to use (as as has actually been used already) for CAPPS-II testing, will inevitably include data collected in the EU under promises to abide by EU privacy rules.

It isn't possible to determine from the content of reservations whether they contain data originally collected in the EU under EU rules. And even if it were, there isn't enough information in most PNR's (Passenger Name Records) to contact the data subjects to give them notice and obtain their consent.

So any use of "historical" PNR's for purposes of CAPPS-II testing -- a purpose that wasn't disclosed or consented to when the data was collected -- will inevitably contravene the EU Data Protection Directive (and, if the data was obtained through a Computerized reservation System, the EU regulations governing CRS's).

The real CAPPS-II scandal will be when EU authorities and the European travelling public realize that probably tens of thousands of reservations from the EU have already been used for CAPPS-II testing, in flagrant violation of EU law. Once that happens, there's little if any chance that the USA will be able to persuade Europeans that existing privacy protections (not) in the USA are "adequate" to satisfy global norms or EU standards.

Link | Posted by Edward, 20 October 2003, 21:36 ( 9:36 PM) | Comments (0)

Senators ask questions about jetBlue

In a letter sent Friday, 17 October 2003, to Secretary of Defense Rumsfeld, three members of the US Senate are demanding answers from the Department of Defense to some (but by no means all) of the many lingering questions about the acquisition and use by a DoD subcontractor, "Torch Concepts, Inc.", of jetBlue Airways' entire database of reservation records.

Wired News has the story here, with quotes from yours truly. CDT (which presumably had a hand in the drafting of the letter) has a copy of the Senators' letter to Rumsfeld.

Among the questions not asked in the Senators' letter are those about the relationship of the Torch Concepts subcontract to the DARPA's Total Information Awareness program. (According to a press release formerly posted on the Torch Concepts Web site, the prime contractor was SRS Technologies, the exclusive prime IT contractor to DARPA for the TIA program. And the Army has referred FOIA requests related to the use of jetBlue reservation data to the office that handles FOIA requests related to TIA and other DARPA programs.)

Also not yet asked by the Senators are any of the questions about the other CAPPS-II tests with real passenger data, as admitted to by Airline Automation, Inc. and as reported by myself and the Times (London).

We aren't likely to get to the bottom of the jetBlue scandal, or the (thus far less widely publicized) scandal about the other CAPPS-II tests with real passneger data in 2001-2002 (and perhaps right now) without a full-fledged Congressional investigation. This letter isn't it, but it's a positive step. We can only hope that the Senate doesn't just ask questions, but insists on real (and true) answers.

Link | Posted by Edward, 20 October 2003, 21:17 ( 9:17 PM) | Comments (1)

European Parliament resolution on travel data transfers to the USA

On 9 October 2003 the full European Parliament adopted a resolution finding that "it is currently not possible to consider the data protection [for travel reservation records] provided by the US authorities to be adequate" and calling for enforcement action if adequate privacy safeguards for travel records aren't put in place by 1 December 2003.

The crux of the EU complaint is not per se the transfer of data to the USA. Huge volumes of personal data (including travel data) are transferred across international boundaries between EU countries every day. But EU laws require that personal data can only be transferred to countries that provide minimally adequate privacy prootections for that data once it leaves the EU -- which the USA does not.

All that the EU has asked is that, before demanding data from Europe and about European citizens, the USA put in place a framework of privacy protection -- consistent with international norms -- comparable to that which is already in place in the EU, Canada, and many other countries. Once that is done, data can be transferred freely, with privacy protection assured.

It's common, although mistaken, to assume that more security inevitably requires less privacy. But there is no conflict on this issue between privacy and security. Both can be protected, just as they are in Europe (which has long had much more airline and airport security systems than the USA) and Canada.

If the DHS, and especially its Chief Privacy Officer, were sincere about being committed to privacy as well as secuirty, they'd be taking the lead in pressuring Congress to enact a travel privacy law, so that they could move forward with any security measures that require access to reservation data. Instead, the DHS is leading the oppostion to the privacy legislation that is the prerequisite to cooperation with the EU and Canada on aviation security. It's hard to escape the conclusion that the real interest of the DHS is in surveillance, not security.

Statewatch (UK) has the full text of the resolution as well as a a new Observatory on the exchange of PNR data on passengers with the USA with lots of background information and links to their previous coverage of the issue.

Following passage of this resolution, European Commissioner Fritz Bolkestein met in Washington last week with Secretary of Homeland Security Tom Ridge. According to this report in the Financial Times, Ridge agreed to postpone enforcement action against airlines that don't turn over their passenger records to the USA until 14 October 2003. But by all accounts Ridge and the DHS remained unwilling either to scale back their demands for data, or to agree to enact meaningful privacy protection for travel data in the USA. (And the desire of the DHS for huge amounts of irrelevant data has become the butt of jokes like this in the European press.)

Link | Posted by Edward, 20 October 2003, 20:41 ( 8:41 PM) | Comments (0)

CAPPS-II comments: 5,847 to 1 (and counting)

Since the last major update to my article, Total Travel Information Awareness, there have been major developments on several fronts related to the privacy of travel data: in Congress, in the European Union, and in the Department of Homeland Security (sic) and its Transportation Security Adminstration. I'll try to catch up on these in separate articles as soon as I can. (If you're just tuning in, read this first for background.)

Today the Chief Privacy Officer of the Department of Homeland Security posted 30 more comments on the CAPPS 2.1 proposal, sent by snail-mail and dated 19 August 2003 - 2 September 2003. The comment period didn't end until 30 September 2003, but there's still no sign of any of the comments filed by e-mail after 20 August 2003, or any of the comments filed after I exposed the jetBlue Airways scandal 16 September 2003. (And extra credit to everyone who can figure out how to find the comments from the DHS home page at www.dhs.gov, where they had promised they would be posted.)

Undoubtedly there are thousands more critical comments yet to be posted. But adding the latest 30 those already posted -- all from before the jetBlue scandal -- the score thus far is:


  • 5,847 public comments against CAPPS-II

  • 1 public comment for CAPPS-II

  • 1 sales pitch from a data warehousing company hoping to get a piece of the CAPPS-II pie

Stay tuned for the final score -- following the World Series, perhaps?

Link | Posted by Edward, 20 October 2003, 19:22 ( 7:22 PM) | Comments (0) | TrackBack (0)

Motionsickness Magazine promotion

Motionsickness Magazine is currently offering a steal of a deal, as follows: for US$20, you get a copy of The Practical Nomad Guide to the Online Travel Marketplace , including shipping in the USA (regularly $17.95 plus shipping) and a one-year (6 issue) subscription (regularly $15) to the most excellent new travel magazine to come along since the demise of Big World and Escape. It's close to a giveaway of either the book or the magazine, depending on how you want to look at it. Get 'em while they last!

Link | Posted by Edward, 20 October 2003, 19:06 ( 7:06 PM) | Comments (0) | TrackBack (0)

3rd edition of "How to Travel Around the World"

Today Avalon Travel Publishing and I put I put the final touches on the cover copy for the 3rd edition of The Practical Nomad: How to Travel Around the World . It looks loverly, if I do say so myself. Most of the changes from the 1st to the 2nd editions were in design and usability. For this 3rd edition, there have been many more substantive changes to the content.

Powells.com already has it listed, so you can pre-order now for delivery as soon as the new edition reaches bookstores in January 2004. And if you can't wait, you can still get the 2nd edition from your local bookstore, or all the usual suspects.

I'll be on the road starting in mid-January doing booksignings and travel planning seminars across the USA and Canada. If you know a bookstore, hostel, travel club, study-abroad office, or other group that might like to host an event, please let me know.

Link | Posted by Edward, 20 October 2003, 18:50 ( 6:50 PM) | Comments (0) | TrackBack (0)

Airtreks CEO calls for privacy protection for travellers

Lee Marona, CEO of Airtreks, Inc. -- where I work in my "day job" as staff Travel Guru at Airtreks.com -- has become one of the first travel companies to call for Federal legislation to protect the privacy of travel records.

"Congress needs to enact a travel privacy law that will assure consumers that their personal information will only be used to facilitate their travel arrangements, and not used for other purposes or given to the government or anyone else without their permission," Marona said in a news release on 14 October 2003.

Tthe full statement makes me proud of where I work, the people I work with, and their values.

Link | Posted by Edward, 20 October 2003, 12:51 (12:51 PM) | Comments (0) | TrackBack (0)

Self-determination and human rights in Kashmir

I've added a new section of my Web site to help explain why I care about Kashmir. I've posted some of the articles I've written for peace movement publications -- they are mostly a few years old, but should still provide some background information. Sadly, the situation remains largely the same. Only the body count has changed.

Link | Posted by Edward, 20 October 2003, 08:43 ( 8:43 AM) | Comments (18) | TrackBack (0)

Hello World!

Welcome to my blog!

Believe it or not, this isn't my idea: I'm starting a blog by popular demand, in response to several requests from readers and the latest wave of interest following my exposé of the jetBlue Airways privacy scandal and my writing about the CAPPS-II airline passenger profiling, monitoring, and surveillance system.

This won't replace my e-mail lists or newsletter, but it will provide a searchable archive of the commentaries and links but I've been e-mailing to several different lists, or that I haven't had a convenient place to publish.

If you're only interested in articles on certain topics, this blog includes indexes to articles by category. Much of my writing crosses categories (often quite deliberately). So you may want to browse the indexes to articles in other categories, or the main index and archives.

To take advantage of the searching and archiving features of the blogging system, I may eventually add some of my previous articles to this blog, especially my columns on past seasons of The Amazing Race. That will take awhile, if it happens at all. Don't look for any of my older writing in this blog yet.

This is still an experiment. No warranties express or implied. I reserve the right to go on vacation and not post anything for weeks at a time (although this system will allow me to post from cybercafés, if I feel like).

Please let me know what you think, and what you'd like to see in this blog. You can post comments here, or send me e-mail at blog@hasbrouck.org.

I'm sorry about the brief hiatus in updates to my Web site and postings to some of my e-mail lists while they were being moved to new servers. In addition to making this blog possible, the new system should make delivery of my newsletter and news releases much more reliable -- they had been outgrowing the capabilities of the server under my desk. The e-mail addresses for subscribing and unsubscribing to my newsletter have changed, but you can still subscribe or unsubscribe on the Web site , and the new e-mail addresses will be in each message to the list.

For those who care, there's an RSS (XML) feed of this blog. If you don't know what that means, you probably don't care. If you are curious, try installing the Firebird or Mozilla Web browser and the NewsMonster plug-in. With those or other similar tools, you can "aggregate" articles from multiple blogs and Web sites, without having to visit each one separately.

(Firebird is the stripped-down version of Mozilla without the e-mail client, newsreader, HTML editor, or other bloatware. Firebird lacks some of the most important distinguishing features that make Opera the best available web browser for Windows and many other platforms. But Firebird is almost as small and fast as Opera. And Firebird, like Mozilla, works with many mal-designed Web sites and plug-ins that don't work with Opera, Lynx, or other browsers.)

Thanks to John Taylor and Will Doherty for helping get me up and blogging.

Bon Voyage,

Edward Hasbrouck

Link | Posted by Edward, 20 October 2003, 08:30 ( 8:30 AM) | Comments (2) | TrackBack (0)