October 24, 2018

Archives for August 2014

Criminal Copyright Sanctions as a U.S. Export

The copyright industries’ mantra that “digital is different” has driven an aggressive, global expansion in criminal sanctions for copyright infringement over the last two decades. Historically speaking, criminal penalties for copyright infringement under U.S. law date from the turn of the 20th century, which means that for over a hundred years (from 1790 to 1897), copyright infringement was exclusively a civil cause of action. From 1897 to 1976, there were criminal penalties, but only misdemeanor ones. In 1976, felony penalties were introduced, but only for repeat offenders. Following enactment of the 1976 Copyright Act, the pace of amendments expanding criminal liability greatly accelerated—a trend that more or less coincided with the PC revolution. In 1982, felony penalties were extended to some first-time offenses, but not for all types of copyrighted works. In 1992, felony penalties were extended to all types of works. In 1997, as the commercial Internet was beginning its exponential growth, the No Electronic Theft (NET) Act eliminated a longstanding requirement of commercial motive for criminal liability, making some infringements criminally actionable even if they are undertaken without any expectation of financial gain. Under the NET Act, a willful infringer acting without any commercial motive faces up to three years in prison for reproducing or distributing as few as 10 unauthorized copies of a copyrighted work.

As criminal penalties have ballooned domestically, they have also been expanding internationally.  The international expansion in criminal copyright liability has occurred in part (and increasingly) through the vehicle of plurilateral and bilateral trade agreements. The United States uses its negotiating leverage in the trade policy arena to pressure trading partners, particularly less powerful ones, to incorporate strict IP norms into their domestic law.   [Read more…]

The hidden perils of cookie syncing

[Steven Englehardt is a first-year Ph.D. student in the computer security group at Princeton. In this post he talks about the implications of a recent study that we published in collaboration with researchers at KU Leuven, Belgium. — Arvind Narayanan]

Online tracking is becoming more sophisticated and thus increasingly difficult to block. Modern browsers expose many surfaces that enable users to be uniquely identified, including Flash cookies and browser fingerprints. In a new paper that will appear at ACM CCS, we present the first large scale study of three advanced tracking mechanisms — canvas fingerprinting, evercookies, and cookie syncing. We developed novel measurement techniques and found that these tracking mechanisms are used on a large number of sites. Our findings on canvas fingerprinting, in particular, have been in the news (Propublica, BBC, EFF).

In this blog post I’ll focus on a different part of our paper that looked at cookie syncing, the process by which two different trackers link the IDs they’ve given to the same user. The most common use of cookie syncing is to enable real-time bidding between several entities in an ad auction. It allows the bidder and the ad network to refer to the user by the same ID so that the bidder can place bids on a particular user in current and future auctions. Cookie syncing raises subtle yet serious privacy concerns, but due to the technical complexity of explaining it, didn’t receive much press coverage. In this post I’ll explain cookie syncing and why it’s worrisome — even more so than canvas fingerprinting.
[Read more…]