Wikipedia wins landmark privacy lawsuit in France

A French court has ruled that Wikipedia could not be held responsible for content posted by its users in a landmark ruling for the Internet giant, officials said Friday.

Three plaintiffs were each seeking 69,000 euros (100,000 dollars) in damages for invasion of their privacy after their homosexuality was revealed on the website, which is written and edited by thousands of anonymous contributors.

But a judge rejected their demands in a ruling reached on Monday, arguing that “the Wikimedia Foundation’s responsibility … has not been clearly established,” a decision welcomed by the foundation.

“The decision is very clear and we appreciate the fact the court acknowledges our role as an Internet host, rather than an editor,” said Florence Devouard, chair of the Wikimedia Foundation’s board.

Founded in 2001, Wikipedia is an “open-source” Internet encyclopedia, which is to say anyone with access to a computer can edit it. The Foundation’s task is to work out ground rules and editorial policy and raise funds to pay for IT investments and development projects.

Devouard said the contested information was added anonymously to a Wikipedia article before being “quickly withdrawn, even if it remained accessible for a while through the site’s records.”

One of the plaintiffs “sent an e-mail which we never received before turning to his lawyer,” she said.

“When we are informed of this type of mistake we always try to react in the following hours to withdraw such information,” said Devouard, who is based near the central French city of Clermont-Ferrand.

With eight million articles and counting, in 250 languages from English and Arabic to Tagalog or Wolof, Wikipedia says it is used each month by more than 100 million people.

Although its accuracy is reportedly on a par with the Encyclopaedia Britannica, Wikipedia has also faced a mounting battle against misinformation and information vandalism.

Read more »

RIAA targets Usenet, newsgroup users next to feel its wrath?

It seems that newsgroup users will be the next target of the RIAA’s wrath with a new lawsuit filed on behalf major record labels against Usenet.com. It’s always been hoped that Usenet would stay under the radar while the RIAA, MPAA, and others focused on the more mainstream P2P services like Napster, Aimster, Grokster, and KaZaA, but it seems as though the party may be nearing an end.

Filed on October 12th, the suit claims that the Fargo, North Dakota-based Usenet.com service “…sells access to a body of content from a global network of computers” that “…contains…millions of copyrighted sound recordings” and “…touts its service as a haven for those seeking pirated content.”

The complaint even cites Usenet’s own “about” section with the following:

Today’s hottest way of sharing MP3 files over the Internet is Usenet; forget about all the peer-to-peer software applications, which quickly become outdated. Usenet allows everyone around the world to share their files on a worldwide network of peer servers and make them available to any member of this worldwide network.

A usenet is comprised of a large number of servers that communicate with each other. An individual user reads and posts messages to a company’s local computer server. Messages are stored on that server and then exchanged with other servers.

Usenet.com loads online bulletin boards(newsgroups) obtained from the usenet network onto its server and then sells access to the newsgroups that it has chosen to host on its usenet.com service.

The suit claims that many of the newsgroups that usenet.com chooses to offer “are explicitly dedicated to copyright infringement.”

The complaint continues:

Users of Defendant’s service post copyrighted sound recordings to these newsgroups on Defendant’s services; the works are identified by artist and title so that users can easily find any sound recordings they might want to copy. Those copyrighted works are then propagated worldwide, allowing millions of users of the Usenet network, including Defendant’s own subscribers, to copy copyrighted sound recordings with ease and anonymity - and without authorization.

It sums up its lawsuit with the claim that Usenet.com “provides essentially the same functionality that P2P services such as Napster, Aimster, Grokster, and and did,” and that it even goes further than them by customizing “…its services to make it as convenient and seamless as possible for subscribers to distribute and obtain copyrighted music without authorization and without paying for music.”

It’s too early to tell how things will paly out, but one thing’s for sure - the RIAA is leaving no stoned unturned in its scorched earth legal strategy.

Read more »

RIAA defendant maintains innocence

The Minnesota woman a federal jury ordered to pay $222,000 for unlawfully pirating digital music tells THREAT LEVEL she is innocent and was the subject of a computer hack, a position federal jurors in Duluth, Minnesota, rejected Thursday after five hours deliberating.

“I want people to know that they are being sued based on hacked, spoofed computers. They should still fight back in these cases,” Jammie Thomas, 30, said in a telephone interview moments ago. “I have to pay for somebody else’s actions.”

Thomas, a single mother of two from Brainerd, Minnesota, is among the 20,000-plus individuals the Recording Industry Association of America has sued in the past four years. She was found liable for 24 songs and ordered to pay $9,250 per track in penalties. She faced fines as high as $3.6 million.

Her case was the first to go to trial, while the bulk of them have settled and others are pending.

When the verdict was read, she said she became “disgusted because I didn’t do this.”

She said she would not settle the case before trial. “I wasn’t going to pay for something I didn’t do,” she said. She and her attorney, Brian Toder, are mulling whether to appeal the judgment.

The RIAA put on evidence that the internet protocol address and cable modem account linked to her internet service provider was sharing some 1,700 files on the Kazaa program on Feb. 21, 2005. Thomas was logged in to Kazaa using the name Tereastarr, jurors found.

Thomas uses Tereastarr on her e-mail accounts, for online shopping, on MySpace, and even with an online dating service.

When asked if she was going to buy any new music, she said “I don’t have any money for that.”

The Native American woman works as an administrator at a local tribe and said she would worry about the financial implications of paying the judgment “when I cross that bridge.”

Read more »

AOL, Google, Microsoft, Yahoo sued over competitive bidding patent

For the third time in about a month, Google has been sued for patent infringement.

Last week, Performance Pricing filed a lawsuit against AOL, Google, Microsoft, and Yahoo, charging the four companies with infringing upon its patent, “Systems and methods for transacting business over a global communications network such as the Internet.”

The suit was filed in the Eastern District of Texas, where a large number of patent cases have been filed in recent years due to the district’s perceived friendliness to ostensibly wronged inventors.

According to the Coalition for Patent Fairness, a group that counts Google and Microsoft as members, there were 218 infringement lawsuits filed in Marshall, Texas, from January 2004 through April 2006.

At the end of August, AOL, Amazon, Borders, Google, IAC, and Yahoo were sued in the same district by Texas-based Polaris IP for violating a patented method of automated e-mail routing.

Illinois Computer Research sued Google in Illinois’ Northern District Court in mid-September for violating a patented method of navigating through online books.

Performance Pricing alleges that Google AdWords, AOL Search Marketplace, Microsoft adCenter, and Yahoo Search Marketing all violate its patent, which was filed in 1999 and granted in 2005.

The patent describes a system for competitive bidding.

“The present invention comprises a business model used to determine the price of goods and/or services to be provided from a seller or sellers to a buyer or buyers,” the patent explains. “Various forms of electronic competition and/or entertainment are used as intermediary activities between said buyers and sellers to ultimately determine a contract price.”

The patent claims to cover a wide variety of activities: video games, electronic board games, crossword puzzles or other word games, sports betting, card games, or any other activity or combination of activities.

Presumably, the plaintiff believes the patent covers Internet ad auctions, too.

In a September 4th blog post, Google policy counsel and legislative strategist Johanna Shelton and Michelle Lee, head of patents and patent strategy, urged Congress to pass patent reform legislation.

“Google and other technology companies increasingly face mounting legal costs to defend against frivolous patent claims from parties gaming the system to forestall competition or reap windfall profits,” Shelton and Lee said.

Three days later, on Friday, September 7th, the House of Representatives passed the Patent Reform Act of 2007. The Senate is expected to vote on a version of the bill shortly.

If the Patent Reform Act passes the Senate and is signed by the President in its current form, monetary damage awards for patent infringement are likely to decline and venue shopping will be curtailed.

“Certain district courts have become notorious for rarely invalidating a patent, and have tilted the balance too often in favor of plaintiffs,” said Shelton and Lee. “We support judicial venue provisions to ensure that patent lawsuits are brought only in district courts with a reasonable connection to the case.”

Read more »

UK can now demand data decryption on penalty of jail time

New laws going into effect today in the United Kingdom make it a crime to refuse to decrypt almost any encrypted data requested by authorities as part of a criminal or terror investigation. Individuals who are believed to have the cryptographic keys necessary for such decryption will face up to 5 years in prison for failing to comply with police or military orders to hand over either the cryptographic keys, or the data in a decrypted form.

Part 3, Section 49 of the Regulation of Investigatory Powers Act (RIPA) includes provisions for the decryption requirements, which are applied differently based on the kind of investigation underway. As we reported last year, the five-year imprisonment penalty is reserved for cases involving anti-terrorism efforts. All other failures to comply can be met with a maximum two-year sentence.

The law can only be applied to data residing in the UK, hosted on UK servers, or stored on devices located within the UK. The law does not authorize the UK government to intercept encrypted materials in transit on the Internet via the UK and to attempt to have them decrypted under the auspices of the jail time penalty.
The keys to the (United) Kingdom

The law has been criticized for the power its gives investigators, which is seen as dangerously broad. Authorities tracking the movement of terrorist funds could demand the encryption keys used by a financial institution, for instance, thereby laying bare that bank’s files on everything from financial transactions to user data.

Cambridge University security expert Richard Clayton said in May of 2006 that such laws would only encourage businesses to house their cryptography operations out of the reach of UK investigators, potentially harming the country’s economy. “The controversy here [lies in] seizing keys, not in forcing people to decrypt. The power to seize encryption keys is spooking big business,” Clayton said.

“The notion that international bankers would be wary of bringing master keys into UK if they could be seized as part of legitimate police operations, or by a corrupt chief constable, has quite a lot of traction,” he added. “With the appropriate paperwork, keys can be seized. If you’re an international banker you’ll plonk your headquarters in Zurich.”

The law also allows authorities to compel individuals targeted in such investigation to keep silent about their role in decrypting data. Though this will be handled on a case-by-case basis, it’s another worrisome facet of a law that has been widely criticized for years. While RIPA was originally passed in 2000, the provisions detailing the handover of cryptographic keys and/or the force decryption of protected content has not been tapped by the UK Home Office—the division of the British government which oversees national security, the justice system, immigration, and the police forces of England and Wales. As we reported last year, the Home Office was slowly building its case to activate Part 3, Section 49.

The Home Office has steadfastly proclaimed that the law is aimed at catching terrorists, pedophiles, and hardened criminals—all parties which the UK government contends are rather adept at using encryption to cover up their activities.

Yet the law, in a strange way, almost gives criminals an “out,” in that those caught potentially committing serious crimes may opt to refuse to decrypt incriminating data. A pedophile with a 2GB collection of encrypted pornography may find it easier to do two years in the slammer than expose what he’s been up to.

Read more »