Saturday, July 16, 2016

1992 :: July 16 :: David Clark Articulates Internet Creed

We Reject: Kings, Presidents, and Voting.
We Believe in: Running Code and Rough Consensus.
Prof. David Clark
On July 16, 1992, Prof. David Clark articulated what would become the creed of the Internet engineering community.  He was giving a presentation A Cloudy Crystal Ball: A Vision into the Future at the IETF.  It was era of turmoil and uncertainty as the privatization of the Internet (the transformation of the Internet from NSFNET to commercial networks) was in its infancy.

During his presentation, based on Prof. Clark's slides, he made a number of additional curious observations:

  • Our best success was not computing, but hooking people together.
  • The hacks of today are the commonplace of tomorrow.
  • Security is a CRITICAL problem.
  • What we should do: Fix insecure services: PASSWORDS
  • The problem is assigning the correct degree of fear to distant elephants.
  • If we have a problem it is due to too much success. 


Thursday, July 14, 2016

1999, July 14 :: IANA Announces First Allocations of IPv6 Addresses

14 July 1999
From: IANA [iana@ISI.EDU]
Sent: Wednesday, July 14, 1999 12:32 PM
To: iana-announce@ISI.EDU
Cc: 'iana'
Subject: Delegation of IPv6 address space 
Internet Community, 
After much discussion concerning the policy guidelines for the deployment of IPv6 addresses, in addition to the years of technical development done throughout the Internet community, the IANA has delegated the initial IPv6 address space to the regional registries in order to begin immediate worldwide deployment of IPv6 addresses. 
We would like to thank the current Regional Internet Registries (RIR) for their invaluable work in the construction of the policy guidelines, which seem to have general consensus from the Internet community. We would also like to thank the efforts of the IETF community and the support of the IAB in making this effort a reality.

1998, July 14 :: Akamai files CDN Patent

In the 1990s, with the birth of the public Internet and the success of the World Wide Web, the network was experiencing high and peak demand resulting in significant congestion. Generally, each time content was requested by an end-user, the request would go across the backbones to the content host server, the content would be served and travel back across the backbones, and it would be delivered across the access network to the end user. When peak demand hit World Wide Web resources, content would become congested and some traffic would not get through (packet loss). In 1999, catastrophically demonstrating the problem of content delivery at that time, Victoria's Secret advertised during the Superbowl that it would webcast its fashion show. 1.5 million people attempted to view the Victoria's Secrets webcast, overwhelming the server infrastructure, resulting in a poor experience. [Adler] [Borland] Online services had a problem moving content from source, across the backbones, to eyeballs. 

In 1995, Tim Berners Lee foresaw that this means of delivering content could not successfully scale. He challenged colleagues at MIT to invent a way to deliver web traffic and mitigate congestion, particularly during moments of peak or flash demand. [Akamai History] [Mitra (quoting Tom Leighton, "Tim was interested in issues with the Internet and the web, and he foresaw there would be problems with congestion. Hot spots, flash crowds, … and that the centralized model of distributing content would be facing challenges. He was right.... He presented an ideal problem for me and my group to work on.")][Berners-Lee] [Held 149] (For discussion of flash demand, see [Jung] [Khan]) A 1998 entrepreneurship competition at MIT resulted in Patent '703 which became Akamai [Akamai History] [Khan]. CDNs were designed to fetch and cache the most popular content, store it closer to access networks, and permit quality access to the content while avoiding transit fees.  

Sunday, July 10, 2016

Internet Means the Death of Borders :: Elvis is Everywhere :: #Nope

In the era of exceptionalism, the Internet was proclaimed as the death of borders.  Kinda like Elvis, the Internet was everywhere all the time.  Plaintiffs' lawyers heard that - and figured that meant any court had jurisdiction over any website ~ because that website was virtually in that jurisdiction.

The courts found the borders; they did not have jurisdiction over any website.

Okay, the facts on this one are straight forward.  Let's got to the video tape: Plaintiffs sell clothes.  Plaintiffs claims that Defendants (all 3343 of them), who are like in China, "sell counterfeit products that violate Plaintiffs' intellectual property rights . . . to consumers within the United States."  Plaintiffs sued in Illinois.

Jumping over a lot in the court's decision to get to the interesting stuff, there was just not a lot alleged that connected defendants to Illinois other than that they had websites.

So, over an individual defendant,  as a rule, a court has your general jurisdiction and your specific jurisdiction.  

As for general jurisdiction, the court sez:
[T]he exercise of personal jurisdiction here is based exclusively upon Defendants' alleged maintenance of interactive websites. Without more (and there is not more here), this fact alone is not enough to support general personal jurisdiction.  See, e.g., Richter v. INSTAR Enterprises Int'l, Inc., 594 F. Supp. 2d 1000, 1009 (N.D. Ill. 2009) ("[R]egardless how interactive a website is, it cannot form the basis for [general] personal jurisdiction . . . unless the contacts through the website are so substantial that they may be considered `systematic and continuous' for the purpose of general jurisdiction."); Euromarket Designs, Inc. v. Crate & Barrel Ltd., 96 F. Supp. 2d 824, 833 (N.D. Ill. 2000) ("Generally, the defendant's mere maintenance of an Internet website is not sufficient activity to exercise general jurisdiction over the defendant.").
As for specific jurisdiction, this means that the defendant had specific transactions and presence within the jurisdiction.  Plaintiffs said that each of the defendants transacted business in Illinois.  A few of the defendants surfaced and said... "um, no we didnt (and by the way, we are Irish not Chinese)."  The court said
jurisdictional allegations are accepted as true, but if a defendant submits evidence in opposition to the exercise of jurisdiction, plaintiff must go beyond the pleadings and submit affirmative evidence to support it) (citing Purdue Research Foundation v. Sonofi-Synthelabo, S.A., 338 F.3d 773, 782-83 (7th Cir. 2003)). Plaintiffs did not provide such evidence
Then plaintiffs' counsel flops back and argued "that he believed personal jurisdiction was proper as to all 3,343 defendants solely because they operated interactive websites that displayed copyrighted images and infringed Plaintiffs' trademarks."

To quote the court, "yeah.... no." Following plaintiffs logic, the court said, "personal jurisdiction would automatically exist in every state and presumably every country."  The court cited two cases where the court indeed found jurisdictions over websites, but the finding of specific jurisdiction was premised on evidence that defendants had in fact transacted business in Illinois. Monster Energy, 136 F.Supp. 3d at 902. State of Illinois v. Hemi Group LLC, 622 F.3d 754 (7th Cir. 2010). "In this case, however, Plaintiffs have not made such a showing. They provided no facts to show that any of the defendants named in the complaint aimed any action at Illinois."

The Internet is not borderless; Elvis is not everywhere.

American Bridal & Prom Industry v a bunch of defendants, NDILL June 29, 2016

1962, July 10 :: Telstra I lauched

Wikipedia: "Telstar is the name of various communications satellites. The first two Telstar satellites were experimental and nearly identical. Telstar 1 was launched on top of a Thor-Delta rocket on July 10, 1962. It successfully relayed through space the first television pictures, telephone calls, faximages and provided the first live transatlantic television feed. Telstar 2 was launched May 7, 1963. Telstar 1 and 2, though no longer functional, are still in orbit as of October 2013"


Saturday, July 09, 2016

Bollaert :: "Designed to Solicit Illegal Content" Removes Sec. 230 Immunity #Nope

I like this case.  Every now and then a judge puts it just right.  47 USC s 230 immunity applies, except where a site is "designed to solicit illegal content."  The court states Defendant's "actions were not neutral, but rather materially contributed to the illegality of the content and the privacy invasions suffered by the victims."

Nice. Clean. Wrong.

Okay, before we unpack it, lets go to the videotape:
In 2012, 2013 and 2014, a number of individuals discovered that photographs of themselves, including nude photographs, as well as their names, hometowns, and social media addresses, had been posted without their permission on a Web site, UGotPosted.com. Most of the pictures were taken by or for former significant others or friends. Some of the pictures the victims had taken on their own phones or placed on personal webpages for private viewing by themselves or select others. Some had been taken while the victim was drugged and in a compromised state or otherwise unaware of the photographing. Victims received harassing and vulgar messages from strangers. Many of the victims contacted the Web site administrator at UGotPosted.com to try to get their photographs and information removed without success. ...The UGotPosted Web site contained a link to another Web site, ChangeMyReputation.com, where victims were told that for payment of a specified amount of money, their pictures and information would be taken down. Six of the victims paid money to an account on ChangeMyReputation.com to have their pictures removed from the Web site.
The People brought charges of extortion and unlawful use of personally identifying information.

Defendant claimed immunity under 47 USC s 230.

If you are familiar with the Roommates decision, you know where this is going. In Roommates, defendant created a website which had a survey with required questions and answers.  These required inquiries were used to create a customer's profile.  Unfortunately, some of those questions appeared to have violated the Fair Housing Act.  The court held that yeah, if you requiring that people answer questions with answers that you supplied, you have become an Information Content Provider and are liable for the content you created.

In this instance, the court found that the Defendant was pretty much doing the same thing: Defendant
created UGotPosted.com so that it forced users to answer a series of questions with the damaging content in order to create an account and post photographs. That content—full names, locations, and Facebook links, as well as the nude photographs themselves—exposed the victims' personal identifying information and violated their privacy rights.
The court then slips: Defendant's
Web site was "designed to solicit"  content that was unlawful, demonstrating that [Defendant's] actions were not neutral, but rather materially contributed to the illegality of the content and the privacy invasions suffered by the victims. In that way, he developed in part the content, taking him outside the scope of CDA immunity. 
Yeah.  No.  Careful.

The court has conflated two questions - and in some ways the conflation does not matter - but in some ways it is important to acknowledge and bloggers need things to quibble about. The two questions:  (A) Is defendant an Information Content Producer and thus does not fall under 230 immunity and (B) Is the content in question legally actionable.

Say it the opposite way.  The fact that "the content was unlawful" did not make Defendant an Information Content Producer.  The whole purpose to 230 is to protect Interactive Computer Services from the bad content created by third parties. Consistently, if a defendant created a perfectly legal survey with required questions and pre-concocted answers - but legal - defendant would still potentially be an Information Content Producer under Roommates and not fall under 230 immunity (there would just be no liability because the content was not actionable). 

Sec. 230 immunity is lost, pursuant to Roommates, not, because the site was designed to solicit unlawful content.  Sec. 230 immunity is lost, pursuant to Roommates, because
By requiring subscribers to provide the information as a condition of accessing its service, and by providing a limited set of pre-populated answers, Roommate becomes much more than a passive transmitter of information provided by others; it becomes the developer, at least in part, of that information. And section 230 provides immunity only if the interactive computer service does not `creat[e] or develop[]' the information `in whole or in part.'
Roommates p. 1166.  

Whether the content is illegal is a different question from whether defendant is immune.

People v. BOLLAERT, Cal: Court of Appeal, 4th Appellate Dist., 1st Div. 2016

Thursday, July 07, 2016

:: Priorities for the National Privacy Research Strategy

Release: Vast improvements in computing and communications are creating new opportunities for improving life and health, eliminating barriers to education and employment, and enabling advances in many sectors of the economy. The promise of these new applications frequently comes from their ability to create, collect, process, and archive information on a massive scale.
However, the rapid increase in the quantity of personal information that is being collected and retained, combined with our increased ability to analyze and combine it with other information, is creating concerns about privacy. When information about people and their activities can be collected, analyzed, and repurposed in so many ways, it can create new opportunities for crime, discrimination, inadvertent disclosure, embarrassment, and harassment.
This Administration has been a strong champion of initiatives to improve the state of privacy, such as the “Consumer Privacy Bill of Rights” proposal and the creation of the Federal Privacy Council. Similarly, the White House report Big Data: Seizing Opportunities, Preserving Values highlights the need for large-scale privacy research, stating: “We should dramatically increase investment for research and development in privacy-enhancing technologies, encouraging cross-cutting research that involves not only computer science and mathematics, but also social science, communications and legal disciplines.”
Today, we are pleased to release the National Privacy Research Strategy. Research agencies across government participated in the development of the strategy, reviewing existing Federal research activities in privacy-enhancing technologies, soliciting inputs from the private sector, and identifying priorities for privacy research funded by the Federal Government. The National Privacy Research Strategy calls for research along a continuum of challenges, from how people understand privacy in different situations and how their privacy needs can be formally specified, to how these needs can be addressed, to how to mitigate and remediate the effects when privacy expectations are violated. This strategy proposes the following priorities for privacy research:
  • Foster a multidisciplinary approach to privacy research and solutions;
  • Understand and measure privacy desires and impacts;
  • Develop system design methods that incorporate privacy desires, requirements, and controls;
  • Increase transparency of data collection, sharing, use, and retention;
  • Assure that information flows and use are consistent with privacy rules;
  • Develop approaches for remediation and recovery; and
  • Reduce privacy risks of analytical algorithms.



  With this strategy, our goal is to produce knowledge and technology that will enable individuals, commercial entities, and the Federal Government to benefit from technological advancements and data use while proactively identifying and mitigating privacy risks. Following the release of this strategy, we are also launching a Federal Privacy R&D Interagency Working Group, which will lead the coordination of the Federal Government’s privacy research efforts. Among the group’s first public activities will be to host a workshop to discuss the strategic plan and explore directions of follow-on research. It is our hope that this strategy will also inspire parallel efforts in the private sector.