Hep Sano is remarkably calm. Sipping an iced tea at a brewpub in San Francisco’s Haight-Ashbury, she dispassionately recounts Indymedia’s alarming situation — the unexplained seizure of two of the media organization’s computers by an unknown government at the behest of the FBI.
“We want to set a precedent,” says Sano. “The damage has been done to us. But we’re hoping to get something that says, no, the FBI was wrong. You can’t just go in and take a server in another country for unknown reasons without saying who did it.”
The facts of the matter are scanty. On Oct. 7, Rackspace Managed Hosting, an Internet service provider based in San Antonio, was served with a subpoena ordering it to hand over two Indymedia servers physically located in London. Rackspace immediately fired off an e-mail to Indymedia informing them about the servers and noting that it was required to comply, according to something called the Mutual Legal Assistance Treaty, an international agreement that sets out “procedures for countries to assist each other in investigations such as international terrorism, kidnapping, and money laundering.”
In the e-mail, Rackspace noted that it was “acting as a good corporate citizen and is cooperating with international law enforcement authorities. The court prohibits Rackspace from commenting further on this matter.”
And that was that. Rackspace refused to provide a copy of the seizure order to Indymedia. Noting that it was under a federal gag order, it refused to even discuss the contents of the order. Indymedia was left wondering which government seized its servers and for what purpose. To this day, the group has no idea what was done to the servers before they were returned, what was being searched for, who did the searching, or why. All they know is that for nearly a week somebody, somewhere, with the assistance of the FBI, had a peek, and maybe more, at their machines.
This kind of thing doesn’t happen to Wolf Blitzer.
Indymedia, also known as the Independent Media Center, is a pain in the establishment ass. It doesn’t fit neatly into the box of either journalism or activism. Frequently cited and dismissed by the mainstream media as irresponsible, it also boasts a string of legal victories giving it important media protections. It consistently pushes the bleeding edge of what can be published, and for that, it has landed in hot water again and again.
The promise of Indymedia is that anyone can be a reporter. Forget journalism schools or internships at hifalutin intellectual magazines. Indymedia is more or less dedicated to the same promise as Fox News (minus daily memos from Roger Ailes): We report, you decide.
But the “we” in Indymedia’s case is inclusive of everyone, everywhere. The idea is that the mainstream media isn’t telling the whole story, and so the public has to pick up the slack. Or, as Sano puts it, “Who really knows what’s going on in a neighborhood better than the people who live there?”
Like so many other progressive and activist organizations, Indymedia had its genesis in the 1999 World Trade Organization protests in Seattle, where freelance journalists and activists came together to form a new media organization that aimed to broadcast a message they didn’t feel the mainstream media was covering. They wanted to present a different picture of the WTO than the one typically portrayed in the press. They wanted something new, something that wasn’t organized from the top down in a hierarchical manner. And before the protests had ended, IMC was born.
Over the years, IMC has grown to include cities all over the world, with more than 100 centers in all. There’s no barrier to entry. Once approved, anyone who abides by the New Independent Media Center principles can form their own branch. In the years following the Seattle protests, IMC branches have opened from Europe to Uruguay. But true to its riotous roots, IMC has consistently pushed the limits of acceptable practice.
Which is perhaps why Sano remains sanguine. Trouble with the law is a regular occurrence for Indymedia.
In 2001, following the FTAA protests in Quebec City, the FBI and Secret Service subpoenaed the IMC to supply the FBI with user logs from an Indymedia Web server. Indymedia won that fight, and it subsequently ceased logging identifying data for visitors and posters to its sites.
In 2003, Indymedia made a splash when it took up the cause of the Diebold memos. After a group of Swarthmore students obtained and published embarrassing internal memos from Diebold concerning that company’s electronic voting machines, Indymedia hosted a copy of the memos on its servers. Diebold claimed that Indymedia had violated its copyrights and tried to use the Digital Millennium Copyright Act to bludgeon it into submission. The Electronic Frontier Foundation, or EFF, provided legal representation to the maverick media outlet. It won not only the case but, on Oct. 14, a $125,000 decision against Diebold as well.
More recently, in August 2004, Indymedia found itself in the midst of a controversy surrounding its coverage of the Republican National Convention. Prior to the convention, a poster to nyc.indymedia.org published the names of about 1,600 convention delegates coming to New York, along with their e-mail addresses, phone numbers, home addresses and a list of hotels where they would be staying. The Secret Service subpoenaed NYC Indymedia’s Internet service provider to try to obtain information that would identify the poster, but as a result of the Quebec case, Indymedia no longer kept such logs.
Then, on Oct. 1, the FBI paid a visit to an Indymedia representative in Seattle on behalf of the Swiss government. The Swiss were upset that IMC had published pictures of undercover agents posing as anti-globalization protesters. The pictures, though published by IMC Nantes, were physically located on the server in Seattle. Prior to the FBI’s visit, IMC had already digitally masked the agents’ faces. Since no names or other information was published, this effectively killed the Swiss government’s argument that the pictures contained personally identifiable information. During this meeting, according to the EFF, the FBI conceded “that they were not contending any laws had been broken, and that there was nothing wrong with the photos of the officers, but were rather passing on a request from the Swiss government.” Again, Indymedia won.
But there’s one important distinction between the current case and all previous clashes with authority. In the past, at least, Indymedia always knew whom it was fighting.
“ISPs are not allowed to disclose stored data to the government without a specific court order,” says Annalee Newitz, spokesperson for the EFF, which is again representing Indymedia. “The lawyers are jumping up and down saying, ‘Sue! Sue!’ But we don’t know yet who to sue.”
Kurt Opsahl, who is wrangling the legal end of the case for the EFF, concurs. “So far it has been just a brick wall,” says Opsahl. “There are similarities to some of the PATRIOT Act powers through which the U.S. can issue secret orders to obtain evidence. But in those cases the service provider wouldn’t even be allowed to say they had received the order. So it is extraordinarily unusual to say that [Rackspace] had gotten a court order, but to not be able to say who requested it or any of the other pertinent information.”
“There’s also a similarity between this and the notorious Steve Jackson Games case. In that case the Secret Service came in and seized a computer that was hosting some [bulletin board system] because they had an interest in a particular posting on those boards. The EFF was able to go to the court and show that the court can’t go in and seize protected speech in its interest in just one posting. It appears that the government has forgotten that lesson, and we may need to remind them of it again.”
Opsahl is optimistic about his chances of winning a decision for Indymedia. “The Electronics Communications Privacy Act sets restrictions on when an ISP can provide the content of communications. The Privacy Protection Act prohibits the government from seizing a server that contains a journalist’s work product or documentary information that is to be published in the news media.”
When Salon contacted Rackspace, the company offered apologies but no information. Rackspace spokesperson Annalie Drusch, while apologizing profusely for her inability to comment, told Salon that “all I can tell you is that we responded to a subpoena.”
Nor was the agency that served the subpoena much help.
“Much as Indymedia would like for it to be, this is not an FBI case. This was a request from a third country pursuant to an MLAT subpoena,” said Joe Parris, a spokesperson for the agency, referring to the Mutual Legal Assistance Treaty. “It is not a U.S. case. The FBI, the Department of Justice, are not parties in interest. We just fulfilled the U.S. end of an MLAT treaty on serving the subpoena.”
Parris went on, however, to offer a tantalizing nugget.
“I think that the Indymedia site is claiming that it had something to do with them publishing pictures of undercover police officers, but I’ve heard through other media sources that it was coming from Italy. But that’s not from an internal FBI source.”
Both the EFF and Indymedia are now focusing on Italy. Suspicions center on Morena Plazzi, a deputy public prosecutor of the court of Bologna. IMC Italy reported that Plazzi stated in a press conference that she had subpoenaed the servers’ user logs. (Which, again, Indymedia doesn’t keep a record of.) Salon’s attempts to reach Plazzi were unsuccessful.
“At this point we don’t have a whole lot of information,” Opsahl says. “But we do have what appears to be somebody admitting that they had asked for log information. So that is now becoming the prime suspect.”
To that end, the EFF filed a motion on Oct. 22 to unseal the court order that subpoenaed the servers and discover who actually issued it. Meanwhile, in the United Kingdom, where the servers were seized, there’s been considerably more uproar over the seizure. M.P. Richard Allan, a Liberal Democrat, has been pressing the U.K. Home Office to determine what that government’s involvement, if any, was, and has been posting the results of his inquiries on his blog.
But the question remains, what exactly were the Italians — assuming it even was the Italians — looking for?
“I believe it was something to do with the G8 protests in Genoa,” Sano says. “They were very violent. Several Indymedia reporters were caught up in that. One of them was severely beaten and is currently pursuing a case regarding that.”
Regardless of the cause, the seizure, at least temporarily, effectively silenced several media outlets. And that, says Julien Pain of Reporters Without Borders, is intolerable.
“We really find this FBI intervention unacceptable,” Pain says. “They’d never have done that for another media. It shows that Internet publications, and especially Indymedia, are not considered media. They see the Internet as a jungle, where they can do whatever they want.”
“The worst part is for Uruguay,” Sano says, explaining that IMC Uruguay also kept its data on the London servers, and was preparing for a presidential election of its own. “They have a huge history of violent media repression in Uruguay, even after they achieved democracy. They have no backups. And the reason they were being hosted outside the country was specifically to avoid the kind of seizure that ended up occurring.”
I’m not scared of Gmail. I’m not at all worried that my privacy is about to be invaded by the world’s most popular search engine company. Call me brave, call me crazy, but I’m not. Nor should you be.
Gmail is the new Web-based e-mail service from Google that offers a gigabyte of storage space to users. Google announced Gmail on April 1 and has been handing out a limited number of beta accounts since then. The company still doesn’t have a firm release date, but says it will most likely be within the next three to six months. More beta users are being added every day. On April 20, Google began divvying out Gmail accounts to “active” users of its weblogging service, Blogger.com. A representative of Google says that there are currently not quite “tens of thousands” of Gmail users, and that it wants to try to incrementally roll out more accounts. If it’s as good as Google search — and it is — it won’t be long before that number hits the tens of millions.
I was fortunate enough to be one of the early beta testers. Here’s my report on how it works, and why you shouldn’t let it frighten you.
Gmail grew from an internal program to help Google employees better manage their e-mail. Among the program’s most useful features is its incorporation of Google’s search technology right in the inbox. Finding a particular message based on its content has never been easier in a Web-mail application.
“I think the principal issue that we had to contend with early on was the fact that I had a lot of e-mail,” says Google co-founder Sergey Brin. “In Unix, all of your mail is stored in a mail spool file. Oftentimes, people I know would just open up a raw spool file. You can’t do anything but it’s very, very fast, and you can use other Unix tools such as grep. That was the inspiration as much as anything.
“Fairly early on, we decided we wanted an internal search for e-mail. I wanted it for myself. I found I was eventually using it for all my e-mail. And as a consequence of that, I decided everyone should have a version of it and that’s been the more recent effort.”
But Gmail is much more than storage and search. It makes extensive use of JavaScript to give users such niceties as keyboard shortcuts, spell-checking, and seamless composition, replying and forwarding. The result feels like a cross between a Web-based application and a standalone program.
“We wanted to have the benefits of both,” says Brin. “We wanted to have the efficiency of a stand-alone application. I think we aimed for that, but I don’t think we went as far as those kinds of things that really try to duplicate apps. We did not want to go that far. If you push it too far, then it really interferes with what people are used to in a Web application and it causes the browsers to be really confused.”
It has a fairly effective spam filter that uses both rules-based and Bayesian filtering. I redirected much of the spam from my old mail account to Gmail, and it caught every piece of spam I threw at it. Brin says that coming down the pike will be even better filtering tools.
Gmail also sports several interesting organizational features. Messages are grouped together in “conversations,” similar to the way some stand-alone e-mail applications thread replies. But Google does it differently, making it easy for users to view the new text in each reply in a thread without reading the full body of the message that’s being quoted back and forth. Furthermore, each response is expandable and collapsible, with previous replies being collapsed by default. When you need to go back and look at previously quoted text, clicking on an individual message within the conversation causes it to expand instantly.
“While there are mail programs that support threading, it’s often not on by default, and it usually has some funny trade-offs,” says Brin. “Ultimately when they do thread them you don’t see all the messages at once. And then you end up reading the same content twice. We’ve dealt with all those issues, and it makes it easier for me.”
Gmail’s labeling is also interesting. Normally, when you want to organize your e-mail, you have to sort it into different folders. Gmail uses “labels” instead, that allow users to apply multiple labels to the same message.
Want to keep your work mail separate from your personal mail? Set up a filter that applies a “work” label to incoming mail from your office’s domain. Have friends at work who send you personal messages? Set up another filter that labels those messages as “friends.” Thus when a co-worker sends you a message about catching an A’s game after work, you don’t have to make a decision about where to file it. It can appear in both places.
Like all the major free-mail services, Google is relying on ads to turn a profit. But Gmail ads are different; they aren’t just appended willy-nilly to the bottom of your message (they don’t show up in the body of your message at all, in fact). Gmail robots automatically scan the text of your incoming messages, and then use that information to deliver targeted ads and related links that appear next to incoming messages.
“The goal is we should only show you an ad when we think it’s going to be useful to you, based on the same technology that you see on many Adsense Ads,” says Brin. “It’s the exact same technology that tries to figure out what from our advertisers is likely to be relevant to the reader.
“It will try to find concepts in the message that match concepts we’ve associated with advertisers, and it will also know how well those various ads performed on all the Adsense sites in our network.”
How well do the ads perform? It’s a mixed bag.
In preparing for this story, I asked several Gmail beta testers to forward the ads they received to me. An e-mail Jessamyn West received about cheese prompted Gmail to serve several cheese-related links, but no ads. Similarly, an e-mail I sent myself to test the system that contained several San Diego travel-related phrases prompted Gmail to serve San Diego-related links, but again, no ads. But more often than not, even the most obvious-seeming messages failed to produce either ads or related links.
Yet when I added specific products or corporate names to the mix, Gmail typically homed in on them immediately. It also seemed to have a much easier time with technology-related subjects. When a friend bemoaned her corporate e-mail server’s tendency to bounce messages over a certain file size, Gmail offered up a sponsored link that would remedy the problem. Messages about Wi-Fi and Web hosting also triggered ads and sponsored links. When I added a few company names to the travel message listed above, Gmail fired back with relevant links. When I sent myself an e-mail with Hoover’s data on Costco, Gmail served both sponsored links to Costco and related pages. Furthermore, it’s smart enough to figure out that just because an e-mail mentions Costco, that doesn’t mean that a Costco ad would be relevant, as evidenced by the H.R.-related ads it served in response to this message.
But it also has a tendency to be goofy. Andre Torrez forwarded a message where Gmail keyed in on an ad appended to the bottom of a Yahoo mail message that had nothing to do with the body of the message. A spam message with a body full of unrelated words triggered two related links and an ad, while a bake sale fundraising e-mail from MoveOn.org triggered ads for “delightful candy bouquets.”
Unlike traditional Adsense ads, however, Gmail ads don’t collect, or reveal to advertisers, the terms used to deliver the ads. “We’re not using any of the data people are clicking on in the messages,” says Brin.
In fact, the company is collecting so little data on user click-throughs that Brin claims to be unaware even of how many ads per message Gmail is serving.
“We did not set a target ratio and, to be honest with you, we weren’t even exactly sure as of yesterday what the ratio was,” says Brin. “Because of all the privacy concerns, we can’t get the kind of basic stats that we ought to have. I get the feeling that right now it’s maybe a third of the time or so.”
Brin’s claim that he doesn’t know exactly how many ads Google is serving comes at an odd time, since Gmail’s highly targeted in-box ads have quickly raised a massive privacy stink. Even as we spoke, California state Sen. Liz Figueroa was in the process of drafting legislation banning the service from California, which is Google’s home state.
“We’re in the process of drafting a piece of legislation that would really ban the Gmail concept that Google is pushing forward,” Figueroa told Salon. “Our premise is that it is an invasion of privacy. They are scanning for content purposes. I know that e-mail is scanned in a general way but this is a scan in a specific way for marketing purposes.”
When Salon posed the question of what, exactly, was wrong with this, if users knew about it beforehand, Sen. Figueroa noted that many users don’t read privacy policies, and pointed out that third parties who send e-mail to Gmail users are unknowingly submitting to having their e-mail scanned.
Indeed, the third-party question is at the heart of the legislation, California S.B. 1822, which Figueroa introduced the day after speaking with Salon. The law would forbid the review of e-mail content unless Google (or any other e-mail provider) first obtains the consent of all the parties to an e-mail conversation — senders, receivers, everyone. If it passes, the bill will not only block Gmail from scanning incoming e-mails, but it could also end up prohibiting employers and other e-mail providers from filtering e-mail for objectionable content.
“I think more and more people don’t have the time [to read agreements], or just don’t realize how far it’s gone,” says Figueroa, who acknowledges that she hasn’t used Gmail. “And yes, somebody’s got to say for everybody ‘privacy is really an issue for me. I want you to think of that foremost on the agenda so we start with that.’ We have to make Google be aware that this is a product that’s somewhat offensive to a lot of people. ”
Oh, but they are. They are.
“I think a lot of people got up in arms before they saw the product,” says Brin. “That was a little unfortunate the way we released it. As a consequence of that, most people who have heard about it, the only thing they have access to is the privacy policy. In many cases, there’s misinformation out there. I think many are misunderstandings of the product.”
For example, one of the early rumors swirling around Gmail that sprung from unclear wording in Gmail’s privacy policy was that e-mail would be archived forever — regardless of whether or not you delete it. Regardless, even, if you close your account. Not so, says Brin.
“That was our fault for not having carefully enough worded the privacy policy,” he notes. “It’s exactly the same as any other Web-mail services. We have a variety of backups because we never want to lose mail. We do in fact delete the messages. It just sometimes takes a while to propagate the messages through all the proxies.”
But in the meantime, Privacy International filed a complaint against Google in 16 countries on April 19.
“Google is showing its true colors. The company pays lip service to privacy but in this case has demonstrated no real commitment to it,” fumed P.I.’s Simon Davies in a press release. “I am beginning to suspect that Google looks at privacy in the same way that a worm looks at a fishhook.”
Far from it. The privacy issue is overblown. Indeed, as Sen. Figueroa herself points out, virtually every piece of e-mail sent across the Internet is already scanned by robots, be it for spam or viruses. If you have a problem with robots reading your mail — with or without your consent — you’re going to have to go back to the U.S. Postal Service, or start encrypting everything. Similarly, the demands that Google erect a “wall” between Gmail and its other sites — such as Search, Groups or Orkut — are not only preposterous, they are counterproductive to the best interests of consumers. Not only that, but it appears that Google’s critics are holding it to a different standard than its competitors. Yahoo and MSN (Hotmail) both collect vastly more personal data that can be linked back to e-mail accounts, including address books, search data and even stock portfolios.
Sometimes, data should be aggregated. It makes for more convenient, useful applications. Would you rather your e-mail not be linked to your address book? Do you really want to have to log in again and again when you try to navigate across the Yahoo suite of Web sites? Is it intrinsically bad for MSN Messenger to notify me when new e-mail arrives in my Hotmail account?
More important, says Brin, is protecting the data you choose to allow Google to handle.
“We treat the data with great care and we never let any personal data get out in any form,” he says. “If you log into Orkut, yeah it’d be nice to see if you have unread messages, so I don’t think that it makes sense to have complete walls. A single e-mail can be very, very sensitive. Therefore we have to treat every single bit very carefully. I’m not sure the aggregation makes that huge of a difference, because ultimately we have to be very guarded about all data. But we will use good judgment.”
What remains to be seen is whether its critics can be counted on to use good judgment as well.
For the past few months, the Recording Industry Association of America (RIAA) has been slapping American MP3-swappers with lawsuits in an effort to deter an activity that the entertainment industry claims is costing it millions of dollars. But now, somebody is slapping back. Earth Station 5, or ES5, is a peer-to-peer (P2P) file-sharing network based in the Jenin refugee camp in the Palestinian Territories. The backers of ES5 say that the program can provide complete anonymity for its users via third-party proxy servers (computers that provide a kind of neutral buffer between a file downloader’s home computer and the network); has, on average, 16 million members connected to its network; will never contain stealth adware or spyware programs; and — because it is headquartered in the Palestinian Territories — is immune from the legal grasp of the RIAA and the Motion Picture Association of America (MPAA).
Moreover, ES5 has taken an aggressively hostile stance against the movie, music and software industries. There’s none of the wink-wink, nudge-nudge, we’re-not-responsible- for-what-our-users-do stance that goes on with other P2P platforms such as Kazaa, or, once upon a time, Napster. ES5 claims to be “at war” with the major media organizations. The company actively engages in file sharing, streams unlicensed first-run movies, and claims to have 200 terabytes of “free” music and software it plans to release across its network. And how does it respond to demands to cease and desist?
“Basically,” says ES5 media liaison Steve Taylor, “we tell them to go fuck off.”
“Earth Station 5 is trying to get press by throwing stones at us,” says Matthew Oppenheim, senior vice president of legal and business affairs for the RIAA. Maybe so. But if history is any example, Palestinians can be very determined stone-throwers.
Before Kazaa, before Audiogalaxy, before Gnutella, iMesh, LimeWire, MP3.com, or Napster, MP3 swapping was already rampant on the Internet. If you knew where to look, the files were there. On IRC and FTP sites and in newsgroups, MP3 trading raged. But it was all very quiet, very hush-hush. And then along came MP3.com and Napster. Suddenly, you didn’t have to know where to look anymore. It was all there for the taking.
But the centralized systems turned out to be easy targets for the RIAA. So the rapidly moving P2P world switched to decentralized servers, the Fast Track file-sharing system used by Kazaa and Grokster, and the Gnutella network used by eDonkey and LimeWire. Although the RIAA has had more difficulty stomping out these networks, it has still been able to uniquely identify users on those systems. These are the so-called “grannies and girl scouts” cases, in which the RIAA has sued end-users to try to stem the tide of file swapping.
As it always does, technology evolved in response. The latest generation of P2P applications, such as WASTE and ES5, are designed to thwart efforts to determine who is hosting or downloading files.
“Filehoover and I were talking about the Kazaa court case and how the Fast Track network lacks the ability to secure itself,” says “SharePro,” an ES5 programmer, via online messaging. (Like the users themselves, many of ES5′s employees rely on anonymity. Although a few of the company’s operatives, such as Taylor and company founder Ras Kabir, maintain a public presence, most of the employees tend to go by screen names.)
“Fast Track was built nicely three years ago. But today it is obsolete because it cannot complement modern secure protocols like HTTPS/SSL. Nor can Kazaa support proxies. It supports SOCKS proxies, which are mainly set up by hackers to steal passwords. So Filehoover, I and Ras discussed building a network and program that could support multiple proxies and secure P2Pr’s.
“In addition, we were concerned with how Kazaa contains spyware and the fact that they could be putting their entire user database at risk. Spyware sends at different intervals the Internet Protocol (IP) address, MAC address, registry settings, and the entire upload/download log of the P2Pr. In other words, Kazaa has infected over 300 million P2Pr’s and sold them out.”
But without advertising, or spyware, ES5 would seemingly have no way to make money. Considering the massive infrastructure required to support such an application and network — according to the European and Middle Eastern domain registry RIPE, ES5 owns blocks of thousands of IP addresses — as well as likely ongoing legal costs, ES5 would require some sort of major investment and, presumably, a major payoff eventually.
Taylor claims that the company is spending $2 million a month. Behind the scenes, he says, are six investors who fund the project and keep it going, four of whom are billionaires. He claims that the company sees ES5 not as a P2P network, but rather as a full-service portal, complete with voice-over IP for making long-distance calls on the cheap, online dating, and eventually, online gambling.
Yet ES5′s business plan — or lack of one — has raised all sorts of questions and suspicions. Rumors abound about the company’s motives. Many in the online file-trading community have speculated that ES5 is some sort of front for the RIAA and MPAA, engaging in a giant dragnet to snare unsuspecting sharers. Or that the network’s list of trusted proxy servers are actually RIAA “honeypots,” designed to snag users’ IP addresses. Taylor adamantly denies these stories, and points out the volume of financial damages ES5 is inflicting on copyright holders. Likewise, the RIAA’s Oppenheim scoffs at such rumors as “nonsense.”
Worse for ES5′s reputation, however, was a utility built into the software that wasn’t readily apparent. When Kazaa-Lite author Shaun Garriock reverse-engineered ES5′s software, he found a tool that allows the network to remotely delete files on users’ systems. When he disclosed his findings, it caused quite a stink online. ES5 states that the functionality was built in so that it might remotely update users’ software, and that it has since disabled the feature. However, the damage has already been done.
“The key to enabling any functionality that changes the user’s software or computing base is to fully disclose said behavior,” says security consultant and anonymity expert Len Sassaman, “so that the user is entirely aware of the actions of your software. When such functionality is stealthily introduced, it raises suspicions, warranted or not.”
Yet the real question for ES5 users is: Are you really anonymous?
“So-called anonymizers have not worked. We are filing actions against individuals who use them,” says Opppenheim. However, he concedes that the organization has taken no action against ES5 users thus far. “We haven’t filed suit against Earth Station 5 users to date, but we have the ability to identify infringers on that network and reserve the right to do so at any time.”
Shenanigans, replies Taylor. “You can’t trust anything the RIAA says.”
Since the RIAA won’t comment on ongoing investigations, we can’t know how it’s accessing user data. One answer might be that some ES5 users aren’t connecting to the network in “stealth” mode, the setting that hides a user’s IP address. Another, more likely scenario, is that the RIAA has found a way to exploit the network of third-party proxy servers ES5 relies on to conceal its users’ anonymity.
“Anonymity systems are extremely difficult to build,” says Sassaman. “What they claim to have is a ‘trusted proxy’ system, where the user’s anonymity is not verifiable, but relies on the proxy he is using being honest. Even if the proxy is honest, there are possible side-channel attacks which could result in leakage of information about the user.”
“Unless you know who the proxy is,” concurs Taylor, “you really don’t know what’s happening.” He states that ES5 is in the process of releasing a new version of the application (which should be out by the time this article appears) that doesn’t rely on proxy servers at all. But he won’t say how it works. “We’re not going to discuss that,” he says, “and the reason we’re not going to discuss that is because the bad boys read everything that’s out there.”
SharePro is equally circumspect on the details of the new network, even if he is adamant about its effectiveness. “We are releasing … a new version that will change the entire P2P industry,” he writes, “[with] the ability to forge your IP address and share/download. There is no way in hell that anybody can track you down using this protocol and there is no need for a proxy. It’s like putting a letter in a public mailbox with a fake return address.”
But what about the company itself? Isn’t it subject to legal action by the RIAA?
“We saw that a court was willing to exercise jurisdiction over [Kazaa parent company Sharman Networks],” says Oppenheim, referring to a court decision in January that found that although the company was headquartered in Vanuatu, a Pacific Island state with no copyright agreements, it could still be sued in the U.S. based on its millions of American subscribers. “And underlying infringers are subject to enforcement here.”
“They can try [to sue us in the United States],” laughs Taylor. “What are they going to do? Why don’t they sue us in China? Let’s say they did sue us and did win a judgment. What are they going to do, wipe their ass with it? How do they enforce it?”
And that does seem to be the question for the RIAA. Palestine is a unique place, but it isn’t lawless. ES5 argues that it isn’t breaking any laws, that as long as it doesn’t violate any Palestinian copyrights, everything’s kosher, so to speak. In Palestine, the company claims, all of its activities are entirely legal. This may or may not be true; it’s certainly complicated by the unique legal status of the territories in the West Bank and the Gaza Strip.
According to legal experts Salon talked to, the Palestinian autonomous area is a trouble spot for Western copyright holders, but not a complete free-for-all zone. Israel has intellectual property agreements with the Palestinian Authority that provide TRIPS-level copyright protections between the two entities. At the very least, this would secure Israeli copyrights. Even more compelling, however, is a statute dating back to the time when the entire region was a British Possession, the 1911 Copyright Act, which the Palestinian Authority claims to adhere to. Stanford University law professor and copyright guru Lawrence Lessig concurs with the prevailing Western opinion that ES5 is violating the law.
“The RIAA is correct,” says Lessig. “When someone downloads something in the U.S., that constitutes a violation in the U.S. So there is a U.S.-based wrong. They could get a default judgment against the Palestine-based P2P network, and then start foreign proceedings to try to get a judgment. But more likely is that they would get companies supplying bandwidth to stop supplying bandwidth. So whether or not it would be meaningless in Palestine, the RIAA can get effective justice just outside the border.”
Or can it? Taylor and Kabir provided Salon with copies of numerous complaints sent to Speednet, the ISP listed on RIPE as ES5′s access provider, from the MPAA, dating back to September. The company, however, remains online and untroubled. Taylor contends that under the 1996 agreement granting conditional authority to the Palestinian Territories, the Israeli government is obligated to provide Internet and communications access to the territories, and that the Palestinian Authority is of no mind to cut off ES5. Furthermore, he claims that ES5 has backup access, via satellites and other methods.
Yet whatever the truth of the matter is, and regardless of what the courts may decide, as long as the security situation in the Palestinian Territories is what it is, copyright enforcement will remain difficult for reasons that have nothing to do with international agreements, or the vagaries of an emerging legal system.
“A process server tried to serve papers one time,” Taylor explains. “Supposedly, there were shots fired.”
