Usenet Privacy and DejaNews
Exjobb - J|rgen Grahn
I don't know if this is the best group for this kind of discussion (at
least it isn't spammed); please point me to more appropriate groups.
I got angry when I realized that www.dejanews.com archives all articles
posted to Usenet (even local groups), and that this database is
searchable by name or address.
Earlier, I have had a tiny preview of what it's like to be 'checked' on
the Net by people who have power over you, and believe me, it is _not_
fun!
(For those who don't want to be archived (at least not by
DejaNews), put
x-no-archive: yes
in your headers.)
My email to the DejaNews people follows:
=========================================================
Hello,
I was just reading your Policy file and was preparing to (virtually)
rip your heads off, when I noted the x-no-archive keyword. I figured
you had to put something like that in.
Still, I believe your service stinks. I don't have the time nor
education nor patience to explain myself fully but:
You seem to have completely missed the difference between a) someone
stating something in public, at some time and with some audience; not
necessarily anything 'private' and b) someone else offers a database to
the public (no bureaucracy, no waiting to get the results, one can just
surf in) with all information about everybody collected in one place
and searchable by name or address
In Sweden, there is a law against, amongst other things, keeping
databases (in electronic form only) with personal information without
special permission.
This law, although it has been severly outdated by lots of things (like
the Internet), is based on a simple philosophy that still holds:
registers on paper can't be combined and searched with low effort.
Databases can. The whole becomes larger than the sum of the parts.
In the DejaNews case, there is also another effect: I wouldn't mind
being in a database with, say 300 or 3000 other people. With DejaNews
or (to a much lesser extent, search engines like AltaVista) you _know_
that a person will be in it. Thus it is seldom a waste of time to check
it out.
My point is: a) there _are_ things about yourself you don't regard as
personal or secret, but that you don't want trumpeted into the ears of
everybody who knows you, either and b) there are _lots_ of these things
for almost everybody.
I believe in freedom of speech and all, and regard current political
debate in for example the US and Sweden (censorship of electronic
media, banning cryptography) with horror.
Also, I'm not normally a paranoid survivalist with a
Big-Brother-complex and a fallout shelter in my backyard. For example,
I find both social security numbers _and_ databases kept by different
public agencies very useful.
Still, I (and, likely, the majority of the Internet community) believe
that _publically_ indexing individuals on the Internet like you do,
without their consent, should be banned, or stopped by other means.
A copy of this has been sent to comp.society.privacy.
--
Jorgen Grahn (ex-g...@mdstud.chalmers.se)
Mr.Damo...@umbc.edu
USENET? *Privacy*? I wonder who strung these terms together?
Please reconcile how USENET can be private when the files that comprise
such are publically traded to anyone with the appropriate amounts of
money, bandwidth, hardware, and time; and can be accessed on an
arbitrary basis (such indexing can occur offline). I post to the
newsgroups I frequent with non-privacy in mind, even where such
dealings are somewhat intimate. At best, you can probably get an idea
of where I live, my *general* age, my race and sex. (It doesn't matter
to *me* because such information can be gleaned by anyone walking by my
doorstep when I exit.) Other people more "wise" to the nature of this
medium have successfully remained anonymous for years.
Your misunderstandings about this medium, I forsee, will (or already
*is*) a failure on the ISP's part to explain what USENET is: a medium
where you talk to *everyone*, no matter how limited you think the
groups you post to are. Such an expectation of focus used to work when
USENET was a non-instantaneous, store-and-forward network which was
actively-hidden expense at the bottom of an organization's
communication dept. budget, and processing time was relatively
expensive; these protections allowed a newcomer to learn this medium's
extent and limitations at his/her own pace which continues to this
day. The amount of "newbies" would logically induce ISPs to educate
(or provide pointers to) their users on the wooly ways of USENET, but
it seems that a lot of "syspos" are ignoring such considerations or a
lot of people are so blinded by the marketing hype of "logging on" that
people are refusing to learn (or think about) the implied risks of
writing to a distributed public forum.
When I first posted to this medium, I had a vague notion that privacy
wasn't absolute when I read the "Organization:" and "Path:" fields in
the headers of read messages. Many of today's newcomers are not privy
to such headers anymore which makes the application of the typical
"on-the-street vs. in-a-locked-bedroom" real-world model to 'Net
conversations easier.
Post carefully.
--
There's nothing *particularly* "cool" about my web page, as it focuses
on information not .GIFfed-up-the-wazoo wallpaper designed to distract
you from the well of nothingness present on other homepages:
http://research.umbc.edu/~damon
John R Levine
I got angry when I realized that www.dejanews.com archives all
articles posted to Usenet (even local groups), and that this
database is searchable by name or address.
Many people seem to have an idea that messages sent to usenet are
supposed to vanish from the face of the earth after a few days. I
don't know why. That's never been the case.
Usenet postings have been archived on tape and otherwise since the
earliest days of usenet over 15 years ago. (For a long time, uunet
sent the FBI a daily usenet tape, because the FBI not unreasonably
didn't want direct network connections to or from their computers, but
their employees wanted to read comp.whatever.)
More to the point, all the creepy people already have all the databases
full of news that they need. Dejanews levels the playing field
somewhat and offers an opportunity to correct people who misquote you.
--
John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869
jo...@iecc.com "Space aliens are stealing American jobs." - Stanford econ prof
Damaged Justice
An entity calling itself Exjobb - J|rgen Grahn
(ex-g...@mdstud.chalmers.se) allegedly wrote to Dejanews: I was
just reading your Policy file and was preparing to (virtually) rip
your heads off, when I noted the x-no-archive keyword. I figured
you had to put something like that in. Still, I believe your
service stinks.
The old rule was, and still is, "Don't post anything on Usenet that you
wouldn't want published under your real name on the front page of the
morning paper."
We can debate the moral/ethical implications, but the genie is out of
the bag. People can, and do, archive posts. In the past, this was
informal and largely unindexed, not to mention mostly unavailable to
the general public (these are *personal* archives I'm referring to).
Usenet on CD-ROM has been available for a long time, and on tape before
that. And it wasn't just the NSA buying those tapes; many businesses,
colleges, and other institutions subscribed to such services. Even
individuals, although it wasn't as cost- effective for them.
There are many alternatives to newsgroups that are not archived and
indexed, except by private individuals as has always been the case.
Mailing lists and the like also offer a better signal-to-noise ratio.
BTW, I wouldn't rely on X-No-Archive, either. Dejanews may honor it,
but they aren't the only service that searches Usenet (Alta Vista and
Excite have the option, and there may be others by now). There's
nothing to stop someone from setting up a service that doesn't care
what headers you put in your post.
There is also the use of anonymous and pseudonymous remailers, the
latter of which is useful for those wishing to generate and maintain a
persistent personality meant to engage in meaningful dialogue over the
long term.
In Sweden, there is a law against, amongst other things, keeping
databases (in electronic form only) with personal information
without special permission.
Suppose you and I are having a conversation, and I discover that you
like a particular kind of coffee. I go home and enter this fact in my
journal on my computer. Does this qualify? Have I done anything morally
wrong if I keep this information on my computer? If I show it to
others? How does this law distinguish between a "database" and any
other form of storage?
"There ought to be a law" is, IMO, a knee-jerk reaction that generally
produces more harm than good.
My point is: a) there _are_ things about yourself you don't regard
as personal or secret, but that you don't want trumpeted into the
ears of everybody who knows you, either and b) there are _lots_ of
these things for almost everybody.
More people ought to learn how to exercise their right to remain
silent. A little common sense goes a long way. Encryption takes care
of e-mail; newsgroups are an entirely different animal.
I believe in freedom of speech and all, and regard current
political debate in for example the US and Sweden (censorship of
electronic media, banning cryptography) with horror.
Freedom of speech necessarily includes the freedom to refrain from
speaking.
If I am prohibited by law from keeping an electronic record of "data
about people that I find interesting", I would hardly consider it a
blow for freedom of speech.
Also, I'm not normally a paranoid survivalist with a
Big-Brother-complex and a fallout shelter in my backyard. For
example, I find both social security numbers _and_ databases kept
by different public agencies very useful.
Methinks the citizen-unit doth protest too much. Everyone has at least
one good secret worth keeping. You may *think* you have nothing to
hide.
(To whom are these numbers useful? Many people find them more onerous
and potentially dangerous.)
Still, I (and, likely, the majority of the Internet community)
believe that _publically_ indexing individuals on the Internet like
you do, without their consent, should be banned, or stopped by
other means.
If you can minimize it without resorting to the gun of the law, more
power to you. But nothing will stop it, not even the law.
I should note in closing that I find Dejanews and similar services
quite useful on a regular basis.
--
frog...@yakko.cs.wmich.edu
Damaged Justice
Will yodel for food
Freedom...yeah, right
Patrick Crumhorn
ex-g...@mdstud.chalmers.se wrote: I got angry when I realized that
www.dejanews.com archives all articles posted to Usenet (even local
groups), and that this database is searchable by name or address.
This has been addressed before, and I am continually amazed that some
folks consider it an issue.
Simple analogy: You publish a book that is automatically distributed
to millions of bookstores around the world upon its publication. You then
find that a library that has a copy of your book has indexed it so that
others may find it more easily. You then object that there is some
"privacy" that has been violated by having your book (which, remember, YOU
distributed all over the world to anyone who wanted to read it) indexed.
Mailing list archives are another matter, since many of them are
considered at least semi-private (and of course, if anyone started
indexing private email, there would really be a privacy problem). But
Usenet is the very antithesis of "private." If you post something
there, it is assumed that you want the widest possible propagation of
it.
Bottom line: If you choose to publish something available to millions
of readers in the first place, it is hardly an "invasion of privacy" if
your publication is indexed. Copyright law is a possible issue, but
complaining about privacy violations is, frankly, silly. Learn to use
an anonymous remailer for Usenet posts if you are posting something you
are unwilling to defend personally.
--
Patrick Crumhorn pat...@io.com
http://www.io.com/~patrik
"You're twisted, depraved, and rotten to the core...
I like that in a person"
Bernie Cosell
ex-g...@mdstud.chalmers.se (Exjobb - J|rgen Grahn) wrote: I don't
know if this is the best group for this kind of discussion (at
least it isn't spammed); please point me to more appropriate
all articles posted to Usenet (even local groups), and that this
database is searchable by name or address.
I read through the rest of your note, but I still, for the life of me,
cannot figure out what your are so worked up about. I think it is naive
in the extreme to presume other than that things posted to usenet live
forever. Perhaps it is just the attitude of a person in the US, since
as you point out the laws are more strict in Sweden, but still
voluntarily posting information to a distribution system that is
propagated to hundreds of thousands of sites by dozen [if not more]
media, read by millions world-wide, and archived in scores of places,
and somehow expecting your stuff to be kept sort-of-confidential is a
bit of a stretch. Like using a million watt PA system to shout from a
building top and then be surprised if some folk actually heard you.
(For those who don't want to be archived (at least not by
DejaNews), put
x-no-archive: yes
I doubt that they're the only such archivers [there have been various
archived, taped and CD-ROM'ed forms of usenet available for a very long
time, and lord only knows about less public archives].
I was just reading your Policy file and was preparing to
(virtually) rip your heads off, when I noted the x-no-archive
keyword. I figured you had to put something like that in.
I doubt they "had to", other than some kind of PR gimmick.
You seem to have completely missed the difference between a)
someone stating something in public, at some time and with some
audience; not necessarily anything 'private' and b) someone else
offers a database to the public (no bureaucracy, no waiting to get
the results, one can just surf in) with all information about
everybody collected in one place and searchable by name or address
Indeed, again this may be from the US perspective, but I don't see the
difference. Is it the case in Sweden that if you say/do something in
public the your audience has to promise to forget that the event has
happened [or forget whatever information you transmitted], and if/when
you do it again in public feign surprise as if you've never done it
before?
In Sweden, there is a law against, amongst other things, keeping
databases (in electronic form only) with personal information
without special permission.
What "personal information"? You voluntarily distribute stuff to
hundreds of thousands of people via a totally uncontrolled broadcast
medium... what information is "personal" there? If you *unsolicited*
and *uncoerced* publish your home address in a newspaper in Sweden, it
is against the law for anyone to notice that and write it down???
This law, although it has been severly outdated by lots of things
(like the Internet), is based on a simple philosophy that still
holds: registers on paper can't be combined and searched with low
effort. Databases can. The whole becomes larger than the sum of
the parts.
Actually, that "simple philosophy" is an utter farce and is one of the
reasons why privacy is in such shambles now. The fact is that anyone
who *wanted* that sort of information could get it. Yes, it was harder
to collect [and took more people and more effort] than with computer
databases, but that's just a detail: the fact is that you didn't *use*
to have any real privacy -- if the gov't [or even private parties] took
an interest in you, they could find out just about anything they
wanted. A person could have the naively simple belief that they had
"privacy", when they really did not.
What has changed is NOT the effort, but rather the realization of the
situation that had always prevailed anyway. As such, band-aid
approaches to patching it don't work because they don't address the
underlying problem. Or is it the case that you're not interested in
*real* privacy and *real* control over your personal information, but
just the _illusion_ of privacy where you make it so that it _looks_
like you have some privacy to the casual inquirer, but actually you
have essentially none to the more determined parties.
A similar situation in the computer world is called "security by
obscurity"... basically a euphemism for "no security hardly at all, but
with a smoke screen to kind of hide the fact". The naive part [for most
businesses that deal with this kind of thing] is the assumption that
the industrial espionage that they would like to defend against willb e
done by bored high-school students who might be put off by the fog,
rather than by professionals who won't even notice it... similarly
here: if you privacy worries are only against idle searches by web
surfers, then life is simple for you and, indeed, somewhat naive laws
and regulations like your may give you the 'smoke screen' that'll make
you comfortable; but if your goal is *real* privacy against more
determined and skilled [and well financed] folk who wish to pry into
your personal affairs, then these sorts of laws are hardly worth the
paper they're printed on..
In the DejaNews case, there is also another effect: I wouldn't
mind being in a database with, say 300 or 3000 other people. With
DejaNews or (to a much lesser extent, search engines like
AltaVista) you _know_ that a person will be in it. Thus it is
seldom a waste of time to check it out.
I can't fathom this point at all.
My point is: a) there _are_ things about yourself you don't regard
as personal or secret, but that you don't want trumpeted into the
ears of everybody who knows you, either and b) there are _lots_ of
these things for almost everybody.
I guess you've lost me on this one. By posting stuff you usenet your
articles are "trumpeted" just about everyplace in the world. If you
don't want the world to know about it, don't say it on usenet... usenet
is neither a personal nor a "private" [in any sense] medium.
Still, I (and, likely, the majority of the Internet community)
believe that _publically_ indexing individuals on the Internet like
you do, without their consent, should be banned, or stopped by
other means.
Well, I'm part of the "not agree" part because the whole idea you're
trying to promulgate is much to Don Quixote-like to make hardly any
sense at all.
Is it the *index* that bothers you or the *archive*? Are you arguing
that an archive-without-an-index is "safe" but one that is indexed is
"intrusive"? Surely you realize how truly myopic *THAT* view is.
The problem is MUCH more difficult and profound than would admit of so
simple a band-aid as you think ought to be the case. And more to the
point, I think that using *Usenet* as your chosen battleground is
really silly. There are few more-open, non-private,
generally-uncontrolled venues that a usenet newsgroup. And it is all
engaged in volutarily without coercion. Truly a place where I think it
is *insane* to try to pretend that you have *any* privacy... as I say,
speaking from LONG experience with usenet, I have always assumed that
everything I've ever posted still exists somewhere and may well come
back to haunt me... that's just the way usenet is..
Far better would be to stop tilting at this windmill and worry about
the places where they coerce personal info out of you that you would
rather not have given [especially in dealing with the government,
insurers, bankers, etc]. At least there you can make a case that you
didn't intend the information to be publicly distributed and try to get
the law to impose some restrictions on how the other party may and may
not use the information it has more-or-less forced out of you. But
usenet? no way...
Edward Chilton
Jorgen Grahn (ex-g...@mdstud.chalmers.se) said in a public memo to
DejaNews...... : Still, I (and, likely, the majority of the
Internet community) : believe that _publically_ indexing
individuals on the Internet : like you do, without their consent,
should be banned, or stopped : by other means.
and at this writing five people have rushed to disagree with you and
imply that you must have flawed reasoning ability to feel the way you
do. But notice how each one relies upon some metaphor to justify the
technological state of affairs. The only way to argue with them is to
use counter-metaphors.
In the not too distant future we are going to witness the merger of
computer technology with toilets and there is not much we can do to
prevent it. We will witness a flurry of intense competition in RRT or
Rectum Recogition Technology. People like you and I will complain
loudly that it should be possible to take a crap without the whole damn
world being able to know about it. And when we make such complaints
herds of thinkalike clones will pounce upon us to suggest that our
belief is absurd, that we misunderstand the new toilets, that we have a
perfect right to go shit in the woods if we dont like the new
technology. They will tell us to shut up and to wear one of the
AnonyRec Disks that fit over the anus. But if AnonyRec Disks get too
popular there will be a flurry of research in technology to defeat
their effectiveness. You and I will express our rage at the effort to
defeat the rectal disguise and soon herds of thinkalike clones will
pounce upon us to suggest that our belief is absurd, that we
misunderstand the whole purpose of taking a crap in the Information
Age. It has nothing to do with biology, ... ha ha ha..... it is a
digital event in toilo-space. It will be argued this levels the human
cesspool and gives each of us an equal chance to know when and how
often our neighbors take a crap instead of some elite group possessing
that knowledge and using it for their own private purposes. Some dolts
will justify the technology based upon receipt of free samples of
toilet paper and "air miles" for taking a crap in the manner most
beneficial to the multi-national corporations.
And some future Hollywood film director will make a nostalgic movie
called _Night Soil_.
--
You read it here.
Ed Chilton
e...@juno.com
ex-g...@mdstud.chalmers.se (Exjobb - J|rgen Grahn) wrote: I got
angry when I realized that www.dejanews.com archives all articles
posted to Usenet (even local groups), and that this database is
searchable by name or address.
Why get angry? I have my newsreader automatically add the
"x-no-archive" to every post I make, unless I ask it not to. If I'm
replying to an article in comp.sys.* that might be useful if it is
archived, I leave it off. Deja News lets you have an option. This is
a Good Thing. :)
I've never used Deja News to search for specific authors. I have no
need for information like that. I have searched for subjects before
posting questions to newsgroups. If somebody already asked about the
subject last week or last year and there is already an answer that
takes care of my question, why waste bandwidth re-hashing the same
question? It's like an updated FAQ. :)
Ron Bean
A couple of comments which I hope will add some perspective:
Usenet, as such, is designed so that articles expire after a few days
or weeks (varies from site to site). In most cases the problem is that
articles expire *too soon*. Many people see it as a "conversation among
friends", and although they know that some people may be taking notes,
they also know that certain newsgroups have relatively few readers, and
the conversation, as a whole, is *relatively* ephemeral, compared to
handing out leaflets or publishing a book.
On the other hand, some newsgroups have traditionally been archived at
any number of places. The intent was that people would be able to
search the archives by *subject*, although they may have been able to
use other criteria. Some newsgroups have been selectively archived, in
effect being "retro-moderated".
My guess is that most people are less bothered by subject searches than
by author searches, which could be used to build a "dossier"-- and in
particular, could be filtered so that only the least flattering
examples are emphasized, including some that may be over 10 years old
(I don't know how far DejaNews goes, but I think there are CD-ROM's
that go back that far). Politicians have done this kind of thing to
each other for decades, and everyone has their enemies. People
naturally fear that their 15 min of fame will only show their worst
side.
The subject searches can be seen as a Good Thing, however. I wonder how
long it will be before net-savvy people will be expected to search
DejaNews before posting a question, in the same way that they are now
expected to have read the FAQ's (I'm surprised it hasn't happened
already). Some newsgroups that consist mostly of the same topics over
and over could be completely replaced by archives of previous
conversations, in which almost everything has already been said at
least once-- in effect, an alternate kind of FAQ file.
Can anyone think of a good reason to allow easy and painless searches
by author, other than "because it's there"? Certainly there are people
whose posts are almost always worth reading, at least in context. There
are also people whose net.reputations change over time. And people who
are sufficiently motivated will find ways to do it anyway. Are these
good enough reasons?
Another "risk" is that people may forget to look at the date, and you
may get email replies to something you posted years ago. This has
happened to me in local newsgroups with so little traffic that the
sysadmin didn't bother to run 'expire' on them.
Keith Graham
To the moderator:
While I think the issue is relevant, perhaps a FAQ is in order
here? We seem to go through this regularly.
A FAQ should cover what the searching services are, mention
X-No-Archive, mention the other kinds of archives (such as CDs)
and a quick "how-to" of Usenet.
Then a "This violations my privacy, there should be a law"
piece, followed by a "Get real, you published it to the world
piece."
I just don't think it's worth the regular thread on the list...
--
Keith Graham
s...@sadr.com
Todd B. SanMillan
Bernie Cosell wrote: [...] What has changed is NOT the effort, but
rather the realization of the situation that had always prevailed
anyway. As such, band-aid approaches to patching it don't work
because they don't address the underlying problem. Or is it the
case that you're not interested in *real* privacy and *real*
control over your personal information, but just the _illusion_ of
privacy where you make it so that it _looks_ like you have some
privacy to the casual inquirer, but actually you have essentially
none to the more determined parties.
It would seem that CPSR disagrees with you. From comp.society.privacy,
posted by out moderator
FOR IMMEDIATE RELEASE August 22, 1996
---------------------
Contact: Computer Professionals for Social Responsibility
Duane Fickeisen, Interim Director
Phone: 415-322-3778
E-mail: dfick...@cpsr.org
According to Zimmermann, the recent strides in electronic digital
communication brought with them a "disturbing erosion of our
privacy. In the past, if the government wanted to violate the
privacy of ordinary citizens, it had to expend a certain amount of
effort to intercept and steam open and read paper mail, and listen
to and possibly transcribe spoken telephone conversation. This is
analogous to catching fish with a hook and a line, one fish at a
time. Fortunately for freedom and democracy, this kind of
labor-intensive monitoring is not practical on a large scale."
While I agree that there is a world of difference between what is
posted to USENET and what is emailed privately and that the original
poster is makeing too big a deal out of the DejaNews system, I think
that the effort that is expended is absoulutely the point. If I
understand correctly, that is how cryptography is measured. On a
mundane level, if someone wants in my house badly enough, they can get
in, period. However, that does not mean that I don't take basic
security measures like installing locks and lighting. These increase
the *effort* and thereby decrease the chance of my house being
burgled. I don't think that it is tilting at windmills to not want to
give every person who might have a gruge against me *or* who has too
much time on there hands an *easy* way to dig through every thing I
have said publicly and sift out the stuff that looks bad.
And it seems to be the only objection to the current suggestion in the
United States to index everyone with their SSN. The whole point is
that this information is sitting around in a lot of different places
already, that what would be A Bad Thing would be to make it easy to
gather it all together. If the effort doesn't matter, let's go ahead
and tie it all together with SSN, it would make it easier for me to
just have one number to remember.
Perhaps I have the wrong viewpoint on USENET. I have only been online
for about 2.5 years and have not had any contact with large
organizations, like universities, that archived news. I regarded it
not as private, but rather fleeting. Something that everyone in the
world *could* read (if they had the time to read every group or similar
interests so that they *happened* to read the same groups), but that
disappeared off my system after some fairly short length of time. I
feel that the indexing services have fundamentally changed that and I
am glad that some people will take a go at putting the genie back in
the bottle. It may be that the genie *cannot* be put back, or even
never was *in* the bottle. But I know that there are things that I
posted early on that I would be embarassed to see pop back to life. I
would rather not give tools to the people who like like to just be a
nuisance to me. The professionals I have to worry about in other
ways. And it may be that the utility of being able to dig up all those
old bits of information may outweigh the risks.
--
Todd SanMillan
Gary McGath
Having myself recently been the target of a net gang that apparently
used DejaNews or something similar to find all my posts, I still must
agree that the idea of a right not to have one's Usenet posts archived
doesn't hold water. Others have stated the reasons for this quite well.
And DejaNews works both ways; it allows me to find out who's been
talking about me or my product. (Having an unusual name, such as mine,
makes it much easier -- for both sides.)
--
Gary McGath gmc...@mv.mv.com
http://www.mv.com/users/gmcgath
Unsolicted ads will be answered with a large junk data file.
Mark Miller
I think the recent discussions on Usenet and Deja News are missing some
critical points. To wit:
1. Infringement or violation of personal privacy and copyright. The
dictum "you own your own words" is worth careful consideration. The
bottom line in privacy and copyright issues is whether others may
benefit from the use of our information at our expense.
It is possible to argue that even though a submission to Usenet may
"seem" like public domain, legally it may not be. If any other
organization (Deja News, for example) wants to use that submission,
strictly speaking they would have to secure the author's permission.
2. Intellectual property. It is a big deal. Many of the dismissals of
this issue I have read seem to take the basic stance that "information
should be free" and "what's the big deal anyway." At the heart of the
individual privacy and copyright debates is the value of personal
intellectual property. Why should larger organizations (such as Deja
News) be allowed to profit from this property without paying royalties
or securing permissions?
3. Indexing can be harmful. The indexing done by search engines such as
Deja News means that the information in question is easily passed into
casual knowledge. That may not have been the author's intention when
his messages were written, particularly if he wrote the messages for a
specific audience with a specific means of distribution in mind. By
law, the author controls the rights to the style and form regarding the
distribution of his words. There might be substantial harm done by
making the messages "massively" public as the search engines do.
4. "Piping" is copyright infringement. Many mailing list owners have
begun making practice of automatically "piping" their mailing list
submissions to Usenet or the World Wide Web. We may eventually have to
take account of the fact that this lists archive, currently available
via FTP, will be published or broadcast to Usenet or the Web without
our permission. That could be considered copyright infringement.
(Don't cry that FTP is basically the same as WWW or Usenet. Copyright
law allows each protocol to be considered a distinct distribution
medium.)
Reactions, please.
Mark Miller
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to ab...@anon.penet.fi
For information (incl. non-anon reply) write to he...@anon.penet.fi
If you have any problems, address them to ad...@anon.penet.fi
Damaged Justice
Mark Miller (an65...@anon.penet.fi) allegedly wrote: It is
possible to argue that even though a submission to Usenet may
"seem" like public domain, legally it may not be. If any other
organization (Deja News, for example) wants to use that submission,
strictly speaking they would have to secure the author's
permission.
Whether there's a law (in what jurisdiction?) claiming that Usenet
posts are/aren't public domain doesn't affect the reality that it might
as well be public, for all practical purposes.
["Information should be free, but don't we own our own words?"]
The indexing services do not archive private mail between individuals
and groups of individuals, and I suspect any attempt to do so, by any
individual or service, would face an enormous backlash. Usenet has
always been understood to be the *agora*, the public square, where a
certain minimal set of accepted standards and observed and occasionally
enforced through as much of a voluntary consensus as possible. Indexing
has made it easier for everyone, whether they use the net for positive
or negative purposes: Spammers can more readily identify targets, but
those trying for constructive debate can more easily assemble a moron,
troller or spammer's "arguments" against them.
There have been many attempts at claiming ownership over one's words on
the net, such as the "Microsoft Network prohibited from carrying this
post", etc. But in the end, you still have to trust your audience.
Usenet is by its own nature public. Email is only as private as your
recipient decides; once they receive it, they can do anything with it.
["Indexing considered harmful"]
If, as you say, the author wrote the messages for a specific audience
with a specific means of distribution in mind, it is assumed that [s]he
is cognizant of the nature of the medium of transmission. Blindly using
a tool without a clear understanding of its workings is quite harmful.
Indexing does not make posts any more public.
4. "Piping" is copyright infringement. Many mailing list owners
have begun making practice of automatically "piping" their mailing
list submissions to Usenet or the World Wide Web.
Mailing lists are semi-public or wholly private. All the rules are
subject to the moderator's decision, and they may choose to pipe to
Usenet or the Web, and they may tell their users and they may not. If
I discovered that a moderator was doing so without informing the
subscribers, I would continue to read the list, and exchange private
mail with posters who I wished to engage in discussion, making sure I
wasn't CC'ing to the list.
We may eventually have to take account of the fact that this lists
archive, currently available via FTP, will be published or
broadcast to Usenet or the Web without our permission.
I hate to break it to you, but I'm reading it as comp.society.privacy
right now, and have been for a number of months. Wasn't that knowledge
contained in the welcome message for the list? I believe it is in the
FAQ posted to this group.
BTW, "Mark", I extend my sympathies to you over anon.penet.fi's death,
as you obviously found its services to be of value. If you have access
to PGP on a single-user machine, may I suggest using one of the 'nym
servers', such as an...@as-node.jena.thur.de. It's a bit of a newer one,
but seems secure enough:
"It's a bit less user-friendly than some servers, since you not only
need PGP, but you need to pick up your mail rather than having it
arrive directly. But in return, it's pretty secure, since you can only
get caught if the remailer or its operator are compromised when you
request a delivery...Because you don't get your reply email until you
ask to pick it up, it does seem easy to abuse; complaints, flames, and
mailbombs won't reach you if you don't ask for them."
-Cypherpunks posting
--
frog...@yakko.cs.wmich.edu free market anarchist, natural law advocate,
s..O).... You hit the smurf! --More-- male, lesbian, polyamorous,
@.../.".. You destroy the smurf! --More-- reader, atheist, chaotic,
$$*...].. You feel cynical! free and natural sovereign individual
John R Levine
and at this writing five people have rushed to disagree with you
and imply that you must have flawed reasoning ability to feel the
way you do. But notice how each one relies upon some metaphor to
justify the technological state of affairs. The only way to argue
with them is to use counter-metaphors.
Well, here's a non-metaphorical viewpoint: it's hard to think of a
worse way to keep a secret than to give it to a computer system that
promptly makes it available to several hundred thousand computers all
over the world. Usenet is not e-mail -- you don't have the faintest
idea where your message is going, who's going to see it, or what the
people who see it will do with it.
I understand that many people would prefer a system that erased
embarassing bits from their past. (Look me up on DejaNews, it has over
300 of my messages, some of which doubtless look stupid in retrospect.)
It's also quite reasonable to want private information kept private.
But if you want the rest of the world to treat something as private,
you have to treat it that way yourself, and posting it to usenet isn't
how you do that. Sorry.
--
John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869
jo...@iecc.com "Space aliens are stealing American jobs." - MIT econ prof
Bernie Cosell
ex-g...@mdstud.chalmers.se (Exjobb - J|rgen Grahn) wrote: I got
angry when I realized that www.dejanews.com archives all articles
posted to Usenet (even local groups), and that this database is
searchable by name or address.
e...@juno.com wrote: Why get angry? I have my newsreader
automatically add the "x-no-archive" to every post I make, unless I
ask it not to. If I'm replying to an article in comp.sys.* that
might be useful if it is archived, I leave it off. Deja News lets
you have an option. This is a Good Thing. :)
Perhaps. I wonder whether Deja News might not have two databases
[perhaps available to clients willing to pay at different rates]. One
that gives the illusion that the X-no-archive has been honored, and one
that just has everything. Moreover, why do you think that Deja News is
the only operation offering such an archive and such a search service?
What obligation do they have to tell *YOU* whether they run expire or
not?
--
/Bernie\
Gary McGath
e...@juno.com wrote: Why get angry? I have my newsreader
automatically add the "x-no-archive" to every post I make, unless I
ask it not to. If I'm replying to an article in comp.sys.* that
might be useful if it is archived, I leave it off. Deja News lets
you have an option. This is a Good Thing. :)
One thing which I just noticed is that my post to *this* newsgroup was
the only one of mine which got listed in DejaNews since I started
adding the x-no-archive line to my headers. I assume that as a result
of passing through the moderation process, the orignal header got lost.
Is there any chance that Prof. Levine might be able to work out a way
to preserve this header line, or that we could do something in our
posts to facilitate this? It would be ironic for comp.society.privacy
to be one of the less private newsgroups.
Ron Bean
an65...@anon.penet.fi (Mark Miller) writes: 2. Intellectual
property. It is a big deal. Many of the dismissals of this issue I
have read seem to take the basic stance that "information should be
free" and "what's the big deal anyway." At the heart of the
individual privacy and copyright debates is the value of personal
intellectual property. Why should larger organizations (such as
Deja News) be allowed to profit from this property without paying
royalties or securing permissions?
I don't have any answers, but I'd like to add a couple of points:
The original intent of copyright laws was to *encourage distribution*
by making sure that authors would be paid, so they wouldn't just hide
their un-published manuscripts in private libraries where only a few
people would see them.
The current concept of intellectual property seems to focus more on
*restricting* distribution than encouraging it. The right to be paid
has become the right to say no.
In many cases the distinction may seem trivial, but under the current
laws the author has no obligation to provide a contact point for anyone
wishing to ask permission to use his work. Much of the stuff posted to
usenet is legally unusable because it was sent from an account that no
longer exists, for whatever reason. A search of DejaNews may turn up
subsequent postings by the same person from a different account, or it
may not. When copyrights had to be registered (and renewed), you at
least had a place to start searching for an author's current address.
As a practial matter, there are only two options: Blanket rights to
redistribute (as used by most FAQ's), and blanket denials (such as the
X-no-archive line). In the absense of either one, and in the absense of a
valid contact point for the author, the law forces us to assume blanket
denial, which may or may not have been the author's intent. Anyone have a
solution for this?
As to profiting from other people's work, I would guess that in many
cases the profit margin is extremely low, so it's not a case of someone
getting rich at your expense. How much do you think DejaNews earns for
each of your posts? How much do you think people would pay to read your
old posts? How much would you pay for a subject search on DejaNews?
Note that songwriters have "compulsory licensing", meaning that they
cannot prevent someone from recording their song, but they have the
right to be paid for it (which is why ASCAP exists). I have often
thought that this concept should be extended to (some) other forms of
intellectual property, but I don't know where to draw the line.
Alan Miller
How is Deja News different from a local Usenet spool with huge expire
times[see example below]? The answer is that it's more limited. I
can't write a program to do my search - I can only do the searches that
they've decided to allow me.
Sure, they've built indexes, but as an end user, how can I tell? There
are all kinds of things that can result in fast response times.
One of the perpetual goals of computer usage has been making the
possible easier, and that's what Deja News does. If there are items
you post that you don't want associated with your name, find a
different way to post them, such as through an anonymous remailer or a
pseudonymous account.
Complaining about Deja News and Alta Vista is like complaining that
someone's written a program that will automatically find what port on
your unix box will take commands and execute them as root. Privacy
through obscurity is no better than security through obscurity.
--
ajm
[moved down here to avoid obscuring the main points -ajm]
I have a theoretical situation to throw out for people:
Let's suppose I have a system with effectively unlimited disk space,
and I'm using it as a news server. I've got lots of disk space to
play with, so I've set my expire times for all groups to 10 years.
Further, let's assume that I've got nearly unlimited processing power
available.
Finally, I have a passwordless guest account that can read mail with
trn, but which can't post anything. It can also do direct file
access to my Usenet spool, but only for reading.
OK, now the questions:
Should I allow the use of trn? After all, anyone can go into a
newsgroup and type "/<search-term>/a", then hit "E", and have a
listing of all articles in the group that contain that search term.
Should I allow access to the spool? After all, anyone can go into
the spool and use grep or one of its variants to search for articles,
with excellent wildcard support. If they need more, they can use awk
or perl to generate their own more detailed searches.
--
Alan Miller \\ a...@mcs.com or a...@pobox.com
<a href="http://www.mcs.net/~ajm">AJM's WWW page</a> or
<a href="http://www.pobox.com/~ajm">AJM's WWW page (portable link)</a>
Ken Scrogan
e...@juno.com wrote: Why get angry? I have my newsreader
automatically add the "x-no-archive" to every post I make, unless I
ask it not to. If I'm replying to an article in comp.sys.* that
might be useful if it is archived, I leave it off. Deja News lets
you have an option. This is a Good Thing. :)
How and where does one add the x-no-archive flag to your header? I am
using Free Agent if that would be of any help. Many thanks and best
regards,
--
Ken Scrogan
life...@mindspring.com
Christopher Stacy
frog...@yakko.cs.wmich.edu (Damaged Justice) Email is only as
private as your recipient decides; once they receive it, they can
do anything with it.
In some limited practical sense this is obviously true, but it is not
legally true. Letters that you send someone (whether they were typed
on a computer, or etched with a stick) have certain legal protections;
the recipient may not use the material in any arbitrary way that they
please. In particular, they have no legal right to publish it, and
would be liable for (at the least) copyright violations.
Dick Mills
Ron Bean <rb...@earth.execpc.com> wrote vis a vis copyright: As a
practial matter, there are only two options: Blanket rights to
redistribute (as used by most FAQ's), and blanket denials (such as
the X-no-archive line). In the absense of either one, and in the
absense of a valid contact point for the author, the law forces us
to assume blanket denial, which may or may not have been the
author's intent. Anyone have a solution for this?
I think the solution already exists in the legal doctrine "de minimis"
meaning "too little". It you do not register your work with the
copyright office, then you may only sue an infringer for actual amages
and you have to be able to prove the amount of actual damage claimed.
I read that the current guideline used in US federal courts use is to
not accept any case claiming less than $200,000. Their calendars are
already clogged with cases claiming greater amounts,so they arbitrarily
set the cutoff as a matter of practicality, not principle. (Sorry, I
can't find my source right now, the $200,000 figure is according to my
memory)
In effect that means that any *unregistered* work on the Internet worth
less than $200,000 actual value has no *practical* protection from
copyright law. I presume that just about everything out there (except
my own posts of course:) are worth very much less.
--
Dick Mills O- http://www.albany.net/~dmills
"Whenever people agree with me, I always feel I must be wrong." - Wilde
Matt Hite
frog...@yakko.cs.wmich.edu (Damaged Justice) Email is only as
private as your recipient decides; once they receive it, they can
do anything with it.
Christopher Stacy wrote: In some limited practical sense this is
obviously true, but it is not legally true. Letters that you send
someone (whether they were typed on a computer, or etched with a
stick) have certain legal protections; the recipient may not use
the material in any arbitrary way that they please. In particular,
they have no legal right to publish it, and would be liable for (at
the least) copyright violations.
I think the line being walked is thin. At my university, ANY email
which passes through their servers may be examined. This is a policy
which neither the sender nor the receiver has any control of.
Unfortunately, many students are unaware of this policy and presume
their email is private; use of our computer network constitutes
acceptance of this rather invasive policy.
--
Matt Hite
The recipient has no direct control of privacy other than acquiring
another means of email/Internet access, and the sendper say, and n
Dennis G. Rears
This discussion of Deja News should be broken down into two distinct
parts. The first one is the issue of privacy. This concerns the
indexing of all articles by author's name. This is currently legal and
probably should remain legal. The author can always post anonmously.
The second one is the copyright issue. This is a bit thornier
because:
1. Owner retains copyright.
2. Owner by posting has implicitly allowed the content to
o be transmitted using "normal usenet transmission"
o be read/printed by individuals using news readers
The question here is does "normal usenet transmission" include
archiving for the general public. Some will say it does (I am in this
camp) other will say it doesn't. Ultimately this is a legal question
not a privacy question. Hell in the future it might be possible for an
archiving machine to summarize each article and present that instead of
the article, in that case the copyright issue goes away. The copyright
questions also begs the question of "What are the damages suffered by
the author?" I would say for the most part the damages are privacy
related not copyrighted related.
--
dennis
Randal Schwartz
Matt Hite <mh...@sna.com> writes: I think the line being walked is
thin. At my university, ANY email which passes through their
servers may be examined. This is a policy which neither the sender
nor the receiver has any control of. Unfortunately, many students
are unaware of this policy and presume their email is private; use
of our computer network constitutes acceptance of this rather
invasive policy.
Hmm. If the admins *read* the email, and it's not directly in line
with making the mail system work, they *could* be in violation of the
ECPA, unless the student agreement specifically waived the ECPA.
After all, if it allowed Steve Jackson Games to get a big settlement
from the US Secret Service, it must be a pretty good law.
And violating the ECPA in this manner also means that the admins face
the risk of becoming accessories to any crime perpetrated using those
mail systems, because the admins *might have read the mail*. Wow.
Silly them. It's much better *not* to know. Really.
--
Name: Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095
Keywords: Perl training, UNIX[tm] consulting, video production, skiing, flying
Email: <mer...@stonehenge.com> Snail: (Call) PGP-Key: (finger mer...@ora.com)
Web: <A HREF="http://www.stonehenge.com/merlyn/">My Home Page!</A>
Quote: "I'm telling you, if I could have five lines in my .sig, I would!" -- me