I am very grateful for the blogging work going on at Carthage. Thomas Roessler is there, as are others. Looks as if the Board may back down in some way on the stld issue, under pressure from several directions. It won't be good if they adopt the current RFP, which requires applicants to agree in advance to ICANN's overreaching, overly-detailed contractual regime.

I'm in favor of a regular, lightweight process based on minimum technical and financial standards -- and incorporating a very slim contract. I have a draft contract along these lines that I'd be happy to share with anyone who is interested.

So the GNSO council today passed a resolution expressing regret at the Board's possible failure to consult with them regarding policy -- in particular, chastising the Board for ignoring the council's advice to roll out sTLDs.

While I'm all for new TLDs and very concerned by the Board's failure to act on them, the council's approach to life seems dangerously wrongheaded. Members of the council argued that a decision about new TLDs is "policy" and that the GNSO is the "policy council" that must be consulted. But the contracts that registries have signed refer to the GNSO as the source of consensus policies. If the council is right about its role, then the registrars fighting against WLS in court could win through the GNSO!

More broadly, the GNSO resolution creates a bad precedent. I would ordinarily be applauding any "bottom up" attempts, but here the GNSO is misusing the idea of "bottom up" by making themselves the gateway to everything ICANN does. If this attempt works, it will create an excuse for the ICANN Board to eliminate the entire process of consensus policy development. When we're inside the non-consensus policy "policy" box, there is nothing in the ICANN contracts that says that "if there is a policy decision, the GNSO council must be consulted".

Someone, someday, will claim that new registry services are "policy" and that the GNSO has to approve them.

ICANN staff is working away on the Issues Report called for by President Twomey's request to Bruce Tonkin. No action is being taken on new TLDs, as far as anyone can tell. RegistryPro wants permission to register names at the second level (a sensible request, and one they shouldn't even have to make). It looks like the Pro request will go through. And info wants to implement RGP -- which will require changes to several appendices.

Meanwhile, where is WLS? And is VeriSign about to reintroduce SiteFinder?

It is frustrating to have these meetings scheduled in places and at times when, in order to attend, everyone has to drop their daily activities and hang around for almost a week. I have personally enjoyed very much going to these meetings, but now that I can't go I wish they were online instead of in-person.

Fritz Attaway, Mike Godwin, and Emery Simon, here. The FCC is probably going to come out with a rule during the coming week. Litigation will follow.

There are new federal and California decisions questioning Section 230's grant of immunity to ISPs. A Seventh Circuit decision says Section 230 should be read narrowly -- because its effect is to induce ISPs not to do anything to filter wrongful content. And the California court said that the immunity created by caselaw following Zeran is similarly questionable.

I have a feeling that we'll see more of this questioning of Zeran -- not a good trend. ISPs have every reason to take down material that sullies their brand name, but cannot be held to a duty to monitor or screen.

Here's the text of the modified Burns/Wyden spam bill that the Senate passed unanimously on Thursday. Will spammers cooperate with a do-not-spam list? Is there something about the anonymity of email that fosters and supports spamming? Should we create communities that agree to a RBL-like death penalty for spammers? And if so, how would that penalty be enforced?

The Free Trade Area of the Americas (FTAA) is the formal name given to an expansion of the North American Free Trade Agreement (NAFTA) to every country in Central America, South America and the Caribbean, except Cuba. Negotiations began after the completion of NAFTA in 1994 and are to be completed by the end of 2004, to be implemented in 2005.

Article 21 of the draft FTAA agreement incorporates prohibitions consistent with Title I of the Digital Millennium Copyright Act (DMCA) which implements in U.S. law the circumvention provisions of the WIPO Copyright Treaty and WIPO Performances and Phonograms Treaty. However, the exceptions to the circumvention prohibitions that are found in 17 U.S.C. Sections 1201(c)-(k) are not included in the Draft. Additionally, Article 8 of the draft requires each agreeing party to "grant the authors of literary and artistic works the exclusive right to authorize any communication of their works to the public by wire or wireless means, including the making available to the public of their works, such that members of the public may access them from a place and at a time individually chosen by them" -- which seems to be a broadcast flag/analog hole theme. See Supplemental Comments of the American Library Association et al. on the Second Draft Consolidated Texts of the Free Trade Area of the Americas Agreement (arguing that the entire copyright chapter of the draft agreement should be eliminated because the agreement "would serve to unduly extend intellectual property rights beyond what is available under the laws of the United States").

In an October 20, 2003 white paper, the civil liberties organization IP Justice noted that expanded criminal penalties in the treaty will send file sharers to jail throughout the Western Hemisphere and the treaty's DMCA-like provisions (without the exceptions) will limit consumers' fair use rights. The white paper concluded that "unless the draft intellectual property chapter is substantially reformed or deleted in its entirety, the treaty will grant even greater control to major intellectual property holders to chill freedom of expression, prevent competition, restrict consumer rights, and stifle innovation." The US has already agreed to bilateral Free Trade Agreements (FTAs) with Chile and Singapore that include similar provisions -- and the MPAA has had a great deal of influence on these agreements. Dugie Standeford, Trade Pacts Could Broaden IP Law and Harm Poorer Economies, WASHINGTON INTERNET DAILY, April 15, 2003.

Michael Geist has written a good storyabout this from the Canadian perspective. His quote from the Canadian Supreme Court is particularly helpful:

Noting the importance of maintaining a fair copyright balance, the Court stated that "the proper balance ... lies not only in recognizing the creator's rights but in giving due weight to their limited nature . . . excessive control by holders of copyrights and other forms of intellectual property may unduly limit the ability of the public domain to incorporate and embellish creative innovation in the long-term interests of society as a whole, or create practical obstacles to proper utilization."

Two pointers for today: First, Beyond the Verisign vs. ICANN Battle, in businessweek.com, which says that the net's archaic infrastructure needs to grow up. The article makes the "religion" points (without using the name) that interest me -- that governance is "paralyzed by an old guard." That feels like the right description, particularly of the SESAC committee. But I disagree with the article's assertion that SiteFinde broke anything significant. If it did, then ICANN should come out with...an emergency consensus policy saying so.

Second pointer: no new TLDs for a while. While I agree that Stuart Lynn's "chalice" of three new sTLDs seemed like a gift that ICANN didn't need, it's difficult for all the people lined up to apply to believe in this process. And I will bet that we won't be seeing new TLDs for years. I think we'll see a process that outlines a procedure that discusses an approach that recommends a strategy .... Years.

Bret Fausett reports that after extensive oral argument Judge Webster has decided to ask ICANN whether it wants to put off implementing WLS until after a December trial date. If ICANN says it's unwilling to do that, then he'll issue an injunction opinion in the next week or so.

It looks from Bret's report as if it's a toss-up what will happen here. I'm disturbed by the judge's questioning about the consensus policy clauses -- ICANN should have made clear to him (and tried to in its papers) that registries are free to roll out services unless there exists a consensus policy to the contrary, that ICANN was only asking registrars (and the GNSO) for advice on Appendix G, and that the registrar opposition to WLS (which itself isn't uniform) doesn't represent a consensus policy. In my mind, he must be leaning towards some kind of injunctive relief, which would be a set-back for ICANN generally.

Also, I'm concerned that ICANN views its negotiations with VeriSign as having a long way to go. Didn't ICANN make a suggestion about Condition C? And didn't V ask that that be reconsidered? So couldn't V withdraw its request for reconsideration -- and wouldn't ICANN then be obligated to wind up the negotiations? If ICANN asks for more (in a move to placate the registrars) that will be a clearly anti-competitive action on ICANN's part. ICANN has no authority to negotiate the details of registry services -- unless they break the registry-registrar protocol in some way. Which this doesn't.

All in all, a bleak (if brief) report. Looking forward to more details.

More steady off-the-record hints that an FCC regulation is on the way. My article, "The Biology of the Broadcast Flag," will be coming out in Hastings COMM/ENT in a few (weeks?) (months?). When you read it, you'll understand why the FCC shouldn't act.

In a nutshell, the FCC doesn't have jurisdiction to do this, there isn't a problem now (because of bandwidth issues), this wouldn't fix the problem (because of the analog hole), and this will cause lots of other problems -- including freezing innovation, putting studio gatekeepers in charge of consumer electronics and IT products, and generally contributing to a monoculture of access and law. The studios believe that the continuing existence of analog is "unnatural," and that we need to protect evolution towards a secure, digital world. But they haven't listened to the importance of chance in evolution -- in fact, they'd like to make sure that they can keep new creatures from appearing (unauthorized machines) and keep their own creature (their business model) from becoming extinct.

On Monday, Oct. 20 at 1:30, Judge John Walter of the Central District of California will hear the preliminary injunction motion made by the DJC in the WLS matter -- Dotster v. ICANN. ICANN's arguments look strong, and I am hopeful that the injunction request will be denied. I look forward to whatever information comes out about the hearing. It seems to me that not allowing WLS to go forward will cause harm to a group of people that is larger than ICANN -- the registrars who want to adopt WLS, the registries who are waiting to roll out WLS-like services, and the registries and registrars who want to be able to innovate without asking permission from their competitors.

I'm also hopeful that VeriSign's sale of NSI will help smooth the way to a quick resolution of the WLS dispute. If the driver behind the DJC's concern about WLS was that NSI (and thus VeriSign) would be advantaged, surely that concern has been diluted.

Finally, it seems to me that ICANN should both want to win this suit and avoid future lawsuits. If ICANN stops pretending to have the power to stop Sitefinder (in the absence of an emergency board policy to the contrary), that would be a good outcome. ICANN should stay true to its limited powers and contractual roots. If ICANN truly believes that Sitefinder is destabilizing, then an emergency Board policy should be next.

Two articles to think about: VeriSign sells NSI (to whom, exactly?). And MSN hired a sociologist to look at listserv postings.

Who is smarter? VeriSign got $100 million for NSI, which sounds like a relatively good deal. And MSN will know everything about online communities.

I'd say they're both pretty smart.

Will the Windows iTunes Music Store solve the problems of the music industry? "iTunes for Windows is probably the best Windows application ever written."

Will MSN win the battle for attention?

Is the Sitefinder dispute really about religion? Is the broadcast flag dispute really about religion?

Comparing the technology-law conflicts in the flag situation and in the wildcard world: you could be optimistic that technology will always win in the end, but won't there be technologies that we collectively will find too harmful to be allowed? and who will make that decision?

I briefly asked my property class today whether streams of mistyped domain names were like wild foxes -- or not. If they were puzzled, here is background on the dispute. Today was another fascinating, unprincipled meeting about the Sitefinder service. Here's my take: no one involved publicly in this dispute has a clear idea about what ICANN's powers are or aren't; what a registry service is or isn't; what the scope of the SECSAC's mandate is or isn't; or what on earth to do now.

So it's time for someone to be thoughtful about all this. There are law review articles to be written here! But there are also huge practical holes in understanding that need to be filled.

If the Sitefinder people want to learn about wild foxes, go here.

I am interested in anything having to do with networks and identity; I am in the course of writing an article in connection with the NYLS conference on online gaming, and I'm a sponge.

In other news: there are now multiple blogs about social software. See [Many-to-Many] (Elizabeth Lane Lawley, Clay Shirky, Ross Mayfield, Sébastien Paquet & Jessica Hammer)
[Connected Selves] (Danah Boyd)
[Networks, Complexity, and Relatedness] (Patti Anklam)
[Sabbatical Musings] (Paul Resnick)
[Floating Atoll] (Richard Soderberg)
[EEK Speaks] (Eugene Eric Kim)
[How To Save The World] (Dave Pollard) .

VeriSign went forward, then pulled back. They could have persisted, in my view. But they've got a big public meeting coming up. (I'll be there.)

The SEAL conference met at the University of Indiana. A fine time was had by all. I gave a presentation on the biology of the broadcast flag. The paper now needs to be rewritten for Hastings COMM/ENT, by November 1.

The Greenwood Music Camp board met at the camp. The fireplaces were working but the furnace wasn't.

Substantial progress on the online intermediaries paper. Either I'm fooling myself or it will be an interesting paper.

The New York Times published a big article on privacy. I was very proud to be quoted. Here's the article:

October 2, 2003
Your Own Affair, More (VCR) or Less (MP3)
By SETH SCHIESEL

HE Internal Revenue Service is not used to hearing "no."

In 1998, it was investigating Kent Hovind, an evangelist and Internet radio host in Pensacola, Fla., and his wife, Jo Delia. Mr. Hovind said he had not filed a federal tax return since the early 1970's. Naturally, that got the agency's attention.

The I.R.S. was trying to figure out how much money the Hovinds were making by figuring out how much they were spending. The Hovinds were customers of Cox Cable, so the agency asked Cox to turn over the family's account records.

Federal law gives the I.R.S. extremely broad powers to obtain financial information when it is investigating a suspected tax dodge. That is why it rarely hears "no."

Cox said no.

It turns out that consumers' cable-television records enjoy more legal protection than just about any other sort of electronic media or communications records: more than satellite-television records, more than Internet logs, more than telephone records. The Cable Communications Policy Act of 1984 said that before the government could obtain cable television records, it had to go to court to show "clear and convincing evidence" that the subject of the request was reasonably suspected of criminal activity. Moreover, the customer was entitled to a hearing to contest the disclosure.

The I.R.S. took Cox to court, arguing that it was exempt from those requirements. A federal judge disagreed. The I.R.S. ultimately got the information it was after, but only because the judge ruled that it had satisfied the cable act's requirements.

This year, the recording industry has had things a lot easier than the I.R.S. Since July, the music industry's lobbying wing, the Recording Industry Association of America, has obtained the names, addresses, telephone numbers and e-mail addresses of more than 1,000 people around the nation whom the group suspects of Internet music piracy. The group has sued 261 of them so far, and promises that more suits are to come.

The Digital Millennium Copyright Act of 1998 says that copyright holders may issue subpoenas signed only by a court clerk - not a judge - that require Internet providers to turn over personal information about their subscribers. The law does not require the subscribers to be notified. Every major Internet provider except SBC has complied with the record industry's requests.

Between the stringent provisions of the cable law and the relatively wide-open provisions of the digital copyright act, a crazy quilt of laws - a product of decades of ad hoc legislation - govern what your phone company, cable company, Internet service provider or video store may be compelled to tell about you.

"Consumers are almost totally unaware that different modes of communication carry with them different expectations of privacy and have different rules," said Paul Glist, a communications lawyer with Cole, Raywid & Braverman in Washington who has represented major cable-television companies. "Every line of business has a different set of regulations, and it really is a maze. There are many times when a company comes to me and they just want to do the right thing and they can't figure it out. You might have one law saying you have to disclose certain information to law enforcement and another law saying you can't disclose the information unless other conditions are met."

For instance, federal law says law enforcement agencies may monitor the phone numbers a citizen is dialing, as they are being dialed, after certifying only that the information is "relevant to an ongoing criminal investigation." Under that provision, the person under surveillance need not even be the person suspected of breaking the law. Generally the subject of that surveillance is not notified of the government's action.

By contrast, a separate law says that even when law enforcement agencies obtain a court order to gain access to a consumer's video rental records, the consumer must be notified before those records are turned over.

While the European Commission has recently issued regulations meant to harmonize privacy protections across different electronic media, the provisions protecting electronic privacy in the United States remain a mishmash, reflecting the vagaries of politics and culture at different moments in recent decades.

"This is a historical accident reflecting law's inability to comprehend the convergence of technologies," Susan P. Crawford, a professor at the Cardozo School of Law of Yeshiva University in New York, said in a telephone interview. "We are very slow to understand that one bit is very much like another and that each bit should probably be subject to uniform law. On the other hand, this slowness means there are speed bumps in the way of law enforcement's ability to get access to all possible information."

In fact, in some areas of digital media, consumers' privacy does not appear to be guaranteed by any specific federal laws. For example, while the cable act generally prohibits the disclosure of personal information to outside private parties without the consumer's consent, there appears to be no federal law of any kind that protects the equivalent information from satellite-television companies.

"I am not aware of any federal statutes that specifically cover satellite-television providers," Christopher A. Murphy, a lawyer for DirecTV, the No. 1 satellite-television provider, said in a telephone interview. "There is a patchwork of state statutes out there, but they run a pretty wide gamut."

Definitive numbers are difficult to come by, but executives at several large telecommunications and media companies said that they process hundreds of requests for customers' personal information each year. Since the enactment of the USA Patriot Act of 2001, which essentially removed many of the most stringent privacy protections, including those in the cable act that supported Cox's case with the I.R.S., those demands have increased significantly, they said.

"Let me put it this way: we have five people working full-time in our court order bureau," said Jim Russell, SBC's managing director for asset protection. "It certainly would make our lives a lot easier if all of these privacy rules were in one law."

The evolution of electronic privacy laws in the United States has taken a convoluted path. In 1928, shortly after the initial widespread adoption of the telephone, the Supreme Court essentially ruled in Olmstead v. United States that law enforcement agencies could engage in unfettered wiretapping because listening in on a telephone conversation did not constitute a search or seizure subject to protection under the Fourth Amendment.

That decision was overturned in 1967, and a year later the Federal Wiretap Act became law. That act, which sets out the legal requirements for wiretapping, established that wiretaps should be an investigative measure of last resort.

For 30 years after the passage of the 1968 wiretap act, the basic framework for privacy in communications and media remained intact even as new laws established different legal privacy frameworks for national security investigations in 1978 and for the cable television industry in 1984. The basic principles of the 1968 wiretap system were extended to electronic data communications in 1986. The furor over the disclosure of Judge Robert Bork's video-rental history prompted a separate law for video-rental records in 1988.

For all the inconsistencies among these various laws, one of the more significant shifts in privacy protection came in 1998 with the Digital Millennium Copyright Act.

To many legal experts, the right that the digital copyright act granted to copyright holders to subpoena personal information about Internet users goes far beyond earlier legal frameworks. Verizon, the big phone company and Internet provider, challenged the subpoena provisions of the law but lost in court. That case is being appealed, and Verizon and other Internet providers are pushing Congress to change the law.

"The recording industry under this statute can get subpoenas that the Justice Department could not have," said Jessica Litman, a law professor at Wayne State University in Detroit and the author of "Digital Copyright" (Prometheus Books, 2001). "It is highly questionable whether Congress would have so lightly done something so constitutionally questionable, which is to subject millions of Americans to subpoenas for their personal information which are not reviewed or reviewable by any court."

The recording industry disagrees vigorously with that characterization. It argues that its expedited subpoena right under the copyright law reduces the load on judges and helps copyright holders and those accused of piracy work out solutions without lawsuits.

"The analogy is similar to a bank robber donning a ski mask to hide their identity as they rob the bank,'' said Matthew J. Oppenheim, senior vice president for business and legal affairs at the recording industry association. "A guard witnesses the robbery, and the question is: should the guard have the right to pull the mask off of the robber as he is running out of the bank? The answer obviously should be yes.''

If the 1998 copyright law appeared to some experts to challenge elements of traditional privacy protection, the Patriot Act altered them wholesale. It superseded the stringent privacy provisions of the cable act, for example, by specifying that in many cases government agencies can use the more relaxed traditional wiretap process to get personal information.

Robin H. Sangston, Cox Communications' chief litigation lawyer, has seen the changes wrought by the Patriot Act firsthand. She oversaw the strategy that won the legal victory against the I.R.S. in Pensacola, and she has seen an explosion in requests for customer information from the government over the last two years.

"The government will take the position that they can now use a subpoena under the wiretap law to get any personal subscriber information except for the video selections," Ms. Sangston said. "We have to respond to a lot more of these requests now, with the USA Patriot Act. I mean a lot more. Obviously we do not want our customers to break the law, but we want to be able to know that the government is not using this information for a fishing expedition. But we are not able to do that because there is no review by a judge."

The range of laws largely reflects Congress's unwillingness to pass comprehensive digital privacy legislation, perhaps because of competing impulses: a fear that greater infringements on privacy could stifle the development of the Internet, for example, whereas broader privacy rights could stifle law enforcement agencies and copyright holders like the recording industry.

To the man in the middle of the Pensacola case, Ken Hovind, it does not seem to matter much. Mr. Hovind said in a telephone interview that he could not recall the case, partly because he has been at loggerheads with the I.R.S. for so long.

There is one bit of personal information he does not hesitate to share. "I haven't filed a tax return in 30 years," he said.