Intellect or Insanity, Jonathan Klinger's Blog

[or: "aren't there some words you could add to the terms and conditions to make this sh*t legal?"] The latest ruling in Mortensen v. BRESNAN COMMUNICATION, LLC, Dist. Court, D. Montana 2010 is interesting in all so many cases (you can read a full summary of the case and a short review at Eric Goldman’s blog). To sum up, a class action lawsuit was filed against an internet service provider who operated a service that examined its users’ traffic, injected a cookie inside their computer and according to their browsing habits offered them advertisements. (the service, NebuAd,was discontinued in the meantime); In court, the ISP raised a claim that its users are subject to an agreement that allowed it to inspect their traffic, and therefore the Electronic Communication Privacy Act claim (ECPA) should be denied. The court accepted most of the ISP’s claims and ruled that apart from the question of whether injecting the cookie was consensual, the remainder of the lawsuit should be denied.

Unfortunately, the court addresses the consents granted in the agreement in an exaggerated manner and leans on the agreement not being an agreement of adhesion or unconscionable (and in comparison, see Harris v. Blockbuster Inc., 622 F. Supp. 2d 396 – Dist. Court, ND Texas 2009); However, the substantial question is whether this agreement is the only instance that sums up the relations between the parties? In general, most non-lawyers tend to think that an agreement between A and B could influence the question of whether B’s actions against C are legal or not. This misunderstanding is somewhat popular with internet entrepreneurs who perform problematic actions legally, and would rather create agreements to protect them that to shape their privacy policy in some ethical manner (see, for example, the District court ruling in RPA 2542/03 Suissa v. Bar Haim).

However, the problematic question is about NebuAd’s infringement of other website holders’ right who the ISP’s users browse to (and see, in comparison, the question of this in regards to advertisement blocking): NebuAd utilizes information who is, prima facia, the property of other websites: the identity of their users, and commits (even in a minor way) amendments to their source code; similar activities are performed by companies such as Phorm, where users’ browsing habits are analyzed; allegedly, when a user browses website A, it receives a derivative work which was created by the NebuAd servers, which harms the work’s integrity and infringe the author’s copyright and enriches NebuAd unjustly; This proposition is required to understand the problems facing the ISP; unlike a toolbar, which is installed by the users with active consent, for personal and private use, this is an application that a part of infringes the reputation and tools of others.

For example, when Bezeq International, one if Israel’s major ISPs, launched a service that hijacked some of its users’ traffic for promotional uses the end users’ consent (or lack of) could not affect the rights of 3rd parties (innocent 3rd parties who preferred that Bezeq International would not block their and their freedom of speech and expression would not be harmed by it. Thus, in this case, the question is not whether the users were harmed by the placement of a cookie in their computer and whether they consented that their traffic would be intercepted, but whether an ISP may even provide such service that manipulates packets (consensually or without consent).

This is, in my humble opinion, the original err of the court; the court should have consider unconscionably according to the public interest (and, the freedom of the internet); according to the Israeli caselaw, the court has inherent powers to preempt agreements, even if the parties still agree on, when these agreements go against the public interest (See, for example, CA 6601/96 AES System Inc. v. Saar). In Saar, the court ruled that:

“We are facing the invalidity of a contractual stipulation due to the public policy. We found that the perspective is the of the people’; therefore, “the legitimacy of the parties’ interests is determined from the perspective of the public interest. Moreover, the different human rights – such as the freedom of contracts, freedom of employment,  right to property and other human rights – express both a private and a public interest. Indeed, we should not separate between legitimate interests of the parties (excluding banal interests) and the public interest.. We are interested in the public interest, which accepts all the relevant information, including the parties’ legitimate interests“.

Meaning, not only should we consider the interests of the ISP and the user, but the entire public, including the relationship between NebuAd and parties who are not a part of this agreement. In such case, the court should inspect what constitutes as reasonable policies. I want to believe that the final decision will come to a different arrangement, as currently it is quite problematic.

[Originally posted in Hebrew here][Administrative Comment: If you registered for e-mail updates from my Hebrew blog and keep getting this by mistake, please take a moment to re-register, as my Hebrew readers registered to this mailing list by mistake]

“I don’t think that there are many tragedies in China and there are no serious problems in china as long as you don’t fuck with the government“; that’s what John Perry Barlow said when Ido Kenan, Jonathan Silber and I interviewed him on August 2007. Barlow was enchanted by china so much that it seemed to forget that we have an inherent right to fuck with our government.

However, if you see Hillary Clinton‘s attack on China which marks the shot for the next world wide war, the war on information freedom, you need to think twice. Indeed, the alleged actions by China were hideous. Entering into a dissident’s email account and exploing zero-day vulnerabilities in Internet Explorer (the same browser that the Israeli Government requires people to use in order to interact with it) and Adobe’s Acrobat Reader is no less than troubling. However, Clinton’s rage on the involvement, censorship of political websites that try to undermine the government and reading personal emails was that it was blocking free trade. Therefore, China’s response was no less obvious: China reckons that Clinton (and Google) should obey the local laws, which include China’s ability to monitor and enforce the net.

Whether Clinton (and Google) are right, and whether China is right, one should still see Clinton’s hypocrisy.

During the same week where the United States decides to pick on China, we discover that the FBI made warrentless surveillance and obtained data illegally claiming that these activities were made against terror suspects. The US also performs warrantless and causeless searches in laptops when crossing the US border, copies their content and violates the privacy of those who enter the US, and even without need for cause. Meaning, the United States’ conduct is no different than China; The only difference is that the US performs this due to rules and regulations and China hacks.

“It is easier for the United States to point at China and say that they have a human-rights problem than to look at themselves”, Barlow said. But the Democracy residing in Zion is not innocent. When we blame China and stand next to our greatest friend we have to remember what Israel has been doing during the last year. Just last year we buried the Internet Censorship act, and now a new bill by Danny Danon threatens the freedom of the net, where the bill, if passed, will allow the Israeli government to shut down websites harming the Government’s stability, or sites which risk national security. More than that, the MetaData act in Israel allows the same crimes we blame China: our phone and Internet providers must provide the government with details about their users.

Israel already addmitted searching Mordechai Vanunun‘s computer when violating the law and tapping his emails; the same actions China made and is being blamed for; we just call these actions “National Security”

[Originally Posted in Hebrew on TheMarkerIT]

In a surprising yet disturbing manner, Ashlee Alexandra Dupre‘s myspae page is still online as to 12:45 today, a day after her public appearance. It isn’t certain, but i can assume that her music career will only benefit from this. The fact that she did not remove her myspace page may seem promising if you’re a record producer that’s willing to get the next American Idol.

For those who weren’t updated with the earthly news, Dupre was the high-end prostitute which uncovered NY Governor, Eliott Spitzer in a prostitution ring (or actually as a client of sex services). Spitzer resigned and will probably be charged with some kind of felony (not that i understand why customers of sex-services are criminals) and will also have to do lot of ‘explainig’ to his wife. (on the fact that Spitzer was exposed by the same wiretaps he advocated for during 2004 I shall post later on i guess). However, within a day’s work, like any other internet meme, Ashlee Alexandra Dupre spread all over the net like a virus while being portrayed as an innocent starlet, sexy and progressive; the fact that she received money for sex services became, instantly, to a minor detail.

Dupre and Spitzer’s story contains all the characters for a good story: Sex, Politics, Internet and Music. The only question is how much was Dupre, which didn’t have a choice but to be dragged into this, had to be exposed for this story to become public? A few months ago i blogged about the problems with prohibiting publishing of photographs taken on public places following a disturbing bill by Yuval Steinitz. The idea was that the press cannot be prohibited from reporting, as the public needs to know.

Indeed, the public needs to know everying: it needs to know that the governor of New-York uses sex-services, it needs to know who the hooker that slept with him is, he also, g-dammit, needs to know what is the Governor’s penis size and whether he came all over her face, had anal sex with her or that she chewed on his scrotum since that’s the way he likes it (In case i wasn’t clear enough, I was being sarcastic)

Using sex services by two consenting adults should not be a felony; using sex services may not be different from going to therapy, having mental or health problems and using sex services may not be different from a person’s fidelity to his wife. It’s not that the media should not publish these things, but it’s that the media that should allow a person to gather relevant information about his leaders, and as long as prostitution is not a crime (and, apparently, it is in NY), there is no need to publish the prostitute’s name or the fact that the governor needed one.

Any person has the right to be let alone (Olmstead v. United States). The only question is whether this right includes duties from the government only or also the media and other individuals. Maybe I’ll be more practical in this explaination: a week ago, Orit Kamir published a note about sexual harassment at the IDC which links to this article which tells the story about a lecturer who harassed a student. What interested most of the people was who was the lecturer, I refrained from going to the comment section to avoid looking at it, I think i grew up, but did the media grow up?

I think the media needs to grow up. The media needs to move its focus from the gossip type of information and focus on what’s important: giving quality criticism on the government. Maybe Steinitz’s bill is not the right one, but the details and people need to have their considerations and stop with the big titles in order to sell more copies and advertisements.

“Americans” (or United Statians), as Americans do, pass laws which restrict fundamental freedoms more than any other nation lately. The last statute had a compelling and delighting patriotic name – “The Safe Act” (“Securing Adolescents From Exploitation-Online” with a highly coerced name and that could have been easily named the “Simply Amusing Fraudulent Enactment” in the same manner, especially since there is already another SAFE Act – Security and Freedom Ensured Act) .The statute, basically, states that internet service providers will be liable (directly) to any content passed through by their users and will have to report any passage of child pornography to the authorities. (I’ve already discussed the problem with determining which photos are obscene and holding cached copies of those images). The statute’s purpose is, prima facia, to deter the distributors of child pornography. However, the statute does not prevent distribution but encourages snitching against consumers.

I don’t want to discuss the statute’s inapplicability, nor the discussion regarding liability of home WiFi operators ; I do want to mention the amusing element where the power to tap, spy and monitor people is delegated from the state to private entities (See also) and especially the requirement that ISPs hold a database of child pornography to be cross-referred with images transacted over the net  (see also how Apple deals with snitching effects).

When the state’s role is to enforce the law, it doe not carry the authority to delegate enforcement to private entities. One the other hand, the same private entities cannot be coerced to enforce the law (and against their financial interest). Meaning that forcing liability on ISPs will commit them in actively censoring content and not snitching on customers, in order to prevent a state where images are passed and the service providers will face liability for images they didn’t now about and couldn’t block. Of course, the enforcement of censorship will be harsher in order to prevent a situation where images might “slip” through the filters.

Allegedly, the same statute may also deter websites’ motivation to be hosted on servers located in the united states, and increase motivation to convey websites to countries where no restricting statutes exist; However, the US law requires that the US and its legal representatives do their best in order to encourage foreign government to pass laws against child pornography.

But that doesn’t have to be the case : Jerry Bell claims otherwise. He states that the privacy clause in the act states that no ISP shall be liable unless it actually monitored traffic. so could it be that the statute’s purpose is contrary to popular belief? Could it be that the statute was enacted to prevent the active monitoring of internet traffic by ISPs?

When you think of it, a policy of “if you’ve seen the customer’s habits and did not report it then liability”, could protect the customer. If ISPs were directly liable for traffic, then they would rather not listen to it in order to avoid liablity : therefore increasing fundamental freedoms. Will this be the ISPs conduct? time will tell.

This question is highly important with subjects such as Net Neutrality and Internet Surveillance;  The question won’t be solved so quickly, but it could be that in spite of all the big headlines, the legislator, like god, works in mysterious ways.

(all links are Hebrew, sorry again)

Yesterday was a shocking, terrible day, that would have shocked most people, if only it were brought in different circumstances, with a different person and with a different news desk.Ahmed Hatib, a Lawyer, (not the terrorist from the shooting in Jerusalem), was prohibited from meeting his clients, which are mostly security prisoners. The reason? secret documents brought to the attention of Hon. Judge Oded Mudrik as well as secret intelligence information.

Image cc-by-sa Skugga2shadow

In a “correct” state, this headline would have shocked the legal system, bring responses from the Chief of the Israeli Bar Association against this substantial damage to the right for Due Process and attorney client privileges. Also, some parliament members would have objected to illegal wiretapping to lawyers and deprivation of Due Process from security prisoners.

However in Israel, as in Israel, all this is minor. In the same moment that Judge Mudrik stated to the Lawyer that “I explained to the respondent that holding multiple series of meetings with a group of prisoners which is large raises a question mark regarding the quality of the legal service given in such a meeting“. This comment, of course, shows the real face of the legal system.

Judge Mudrik’s decision, (CR 93813/07 State v. Hatib) is a decision not only damaging Adv. Hatib’s freedom of practice and employment, as the court states, but also damages third parties – The lawyer’s clients. This public is entitle to attorney-client privilege and to the belief that anything that he may pass to the lawyer may not be used against him (see. for example, CR 4904/06 Kagansky v. State).

The basic right for any person to legal representation, the same Due Process that exists in the United States, is almost forgotten in our small state (See CA 5121/98 Yisasscharov v. Military Attorney). The same right every person has to know what his rights are is damaged; De facto, the Israeli Penal Authority deprive prisoners from legal consultation, that should be given even if financed by terror organisations or whilst the lawyer is committing security offences. (compare).

The Public’s trust in the legal system is based, amongst other things, on lawyers who enable citizens to know what their state is and how to deal with the law. Deprivation of the right from those standing behind bars to chose their lawyers is depriving a basic right, that is weighed to running a procedure against a person who is charged in violating a clandestine law. Only last week did Hon. Judge Shapira annul a verdict from 1999 since the defendant, a person with a speech impediment, was not given proper legal consultation. The Judge stated that:

Even though the court was aware that appellant was not able to express, and obviously cannot represent himself. In circumstances where a person cannot speak and express his position he should be considered mute, as meant in clause 15(a)(3) of the Criminal Procedure Act, even if medically he is not defined as such. Alternatively, this case resides under clause 15(b) to the Act since in these circumstances injustice may be caused, and one cannot expect a person who isn’t able to speak to ask for appointment of a lawyer. Therefore, under these circumstances, the appellant has the right to be represented. [...] The right for legal representation is in fact a tool to ensure the existence of other rights, both in the criminal procedure and other procedures where a person’s rights are determined. The legal representation is required in order to ensure that tempering these rights, if done, shall not be done but after a due process of law. (CA 2514/07 Cohen v. Municipality of Haifa)

It is sad to discover that a week has passed from the day the courts acknowledged the right for representation to the day it ruled that no such right exists.

0.
A year ago The Israeli Supreme Court decided in the case of Raphael Yisascharov (CA 5121/98 Yisascharov v. IDF). The basis of that ruling was a constitutional disqualification of evidence and not a use of the Fruits of the Poisonous Tree doctrine. In Yisascharov, the court conditioned the legality of evidence if a constitutional right was violated to the following terms: (1) The violation is severe and not technical (2) The authorities knowingly breached the right with bad faith or with intent (3) no reason to breach the right (4) the evidence was obtainable without breaching constitutional rights (5) the evidence would be obtained even without using unconstitutional means.

I apologise that most links lead to Hebrew articles or court decisions, but the basis of this post is Israeli Law.

1.
Currently in discussions in the Israeli Parliament, The Communication Metadata Act has many features, most of them are here to anchor the decision in Filosof (C 40197/06 State v. Filosof) (see also), where the court decided that seizure of most data communication, including emails and Sms requires a judicial warrant. The act’s purpose is, in general, to shorten the procedure which exists today and to allow the law enforcement authorities access to metadata. The police, and other law enforcement authorities, already have the ability to obtain this data, they just wish to circumvent the judicial procedure which disturbes them. The authorities seek more power since they claim to have less authority then they need.

2.
Today, allegedly, a secret appendix to the telecommunication service providers’ licenses mandates them to transfer most meta-data without any judicial review or warrants (via Haim Ravia). According to The Israeli Freedom of Information Movement claims that secret appendices which they recieved (which its legality should be discussed as well, as no one knows whether it was obtained justly)Shows that the telecom providers have to supply all requested meta-data to law authorities without the disclosing this authority to the public.

3.
Allegedly, the secret appendix allows GPSing or tracking a person without him knowing not only about the tracking (since most wiretaps involve a matter of secrecy) but about the possibility of being tracked. The procedure is quite similar to the NSL procedure disqualified at ACLU v. Gonzales(as already stated). The real question is not whether this wiretap is void, but what is the weight of evidence obtained under this mean? (of course that the FOIM’s appeal is only to disclose the existence of such appendices, and not their content or scope of operation. The major problem is that this might be a clandestine ordinance or law, which, according to the Israeli act of law and order, is void.

[The Hebrew version contained a discussion of the use of such evidence under a theoretical case]
4.
Theoretically, if the Metadata act was not in discussion, i doubt that the question of constitutionality would have been brought. Without the knowledge of a narrowly tailored mean (i.e warrant), Israel’s security needs would (as always) prevail. In one case, the Supreme court decided that torture of prisoners must be stopped only since the Shin-Bet, Israel’s secret service, had no authority under law. (HCJ 5100/94 Public Committee against Torture v. State) The court’s stated that “There is no special order allowing the Shin-Bet to interrogate at all“. But, the lack of any order allowing the enforcement authorities to intervene in telecom licenses is inexistent. That is only the first flaw, as the Telecommunication act does not authorise the minister to set these conditions in a license.

5.
An invasion of privacy (or breach of) may revoke the submission of evidence to the court under certain conditions. In the case of Plonit, (ראו HCJ 6650/04 Plonit v. Rabbinical Court and also Nachum Rakover Validity of evidence obtained while breaching privacy), the court stated that when narrowly tailored means are available, any evidence breaching privacy would not be allowed in the court. The invasion of privacy here is a direct result of not adopting the Olmstead ruling in Israel.

6.
We woke up today to a new Israel. A state where we cannot trust anyone any more. Wiretapping is not required, nor is any warrant. Welcome to China, have a nice day.