digital rights initiated in brussels, umbella organisation 14 members, prof. lobby inbrussels newsletter edri.org children protected from content, no anon. granted, anon = danger anon in eu no constitutional protection no legal provisions or case laws privacy directive 1995 - general rules on the lawfulnes of processing of personal data - principle of transparance - right to access data - right to object priv. dir. 2002 - preamble: anon means to access telecom network should be available - traffic and location data must be erased or anonymized when no longer needed - how relates to protection of personal data in whois? eu defenses of anon - article 29 working party data protection authorities nov 97 - council of europe may 03 - e-commerce directive recital 14 freedom & an.on - Freedom / Zero Knowledge Systems (1998 - (T)2001) technically challenging 1 month after 911 broke because of pressure, perhaps also excuse because hard to develop - an.on 2001 - today, universities dresden, berlin, funded by ministry of internal affairs forced to retain ip addresses in aug 03, legal victory in sep 03 reputation might have sufffered a lot due to this incident current eu working programs - rapid - apes - prime ? alternative to microsoft passport, eu concerned about ms data consolidation anonimity in the us press coverage in europe about europe is bad, c/p us press releases right to anon acknowledged in several contexts - pubs - handbills - est. political or rel. orgs - right to read anon_____ supreme court: anon protected by first amendment 2 cases: - talley vs california: protest bills against racism without author info - mcintyre vs ohio: anon pamphleteering (against school?), federalist papers were pub'ed anon john doe subpoena issued upon provider to force revelationof data -providers didn't require subpoena -prov. didn't notify users cyberslapp.org dmca probs: - no judicial prove - statement by rights holder is enough - no penalties for abuse RIAA vs verizon ¤512 does not apply to a provider that acts solely as a conduit for communications. therefore it can not be used ion the battle against p2p since sep03 3000 cases , average transaction of USD 3000 europe: providers pressed to voluntarily release data ipre directive published 26.4.04, immediately active similar to dmca worrysome: article 8: right of information to rights holders originally focus on classical counterfeiting no safeguards for privacy and freedom of speech never seen such heavy lobbying work _A DARKNET FULL OF FRIENDS_ todays p2p networks: not much change since napster more decentralized no relation with other users, horizon changes with every login seems "anonymous" (peronal, not technical level) network open to share with every other user -> eavesdroppers able to access every user classic darknet - network of trust introducing new content is a problem directconnect, hotline - used for closed groups sooner or later new users integrated to get more content - risk of compromise with eavesdroppers false idea of security: false feeling of trust encourages riskier behaviour e.g. raids against warez scene recently social networks friendster - 1deg - 24 2deg - 620 3deg - 32000 no exact model, possible to learn. transfer into file sharing: users connected via certain degrees orkut: disclosure info/data dependant on degree of familiarity "risk-based shizms" - calculating risks ?possible to stay under threshold??? not just for legal but also bandwidth reasons "be nice to your friends" user with different profiles/identities, connected to different networks which might be interconnected identities not necessarily traceable 1 network for friends with music affiliation 1 network for personal friends ^^ also separated by degree ? centralized system ??? legally risky if it'posible to distribute directories of content - possible to distribute directories of users? skype - distributed decentralized user directory today - bad usage for discovering content, collaborative filter through people with similar tastes, opportunity to discover new content roettgers@lowpass.de mixripburn.de _THE FREENET PROJECT_ ian clarke opensource project to protect and ensure freedom of info. on internet combination of two ideas, technical and political emergent architecture: simple components with simplistic behaviour, combined sophisticated behaviour, e.g. ant colony 1997 - internet publicly perceived as anon, open for info concern that it would be easy to monitor distribution of info theoratical concern 1997 became a very real concern in 2004 decentralized anonymous system for info distribution layer of anon above internet layer goals: - one to many publication - provide reasonable anon for producers and consumers - deniability for operators of nodes in the network - decentralized - scalable - robust against failure and malicious attacks small world - milgram study 5 hops on average, based on local knowledge, robust - if misrouted -> restart search ? did i really get this right ? idealised example: peers only know of their immediate neighbours "game of chinese whispers" provides deniability because of encryption nodes unaware of what is requested/transfered info doesn't reside in one specific place info will tend to migrate towards areas of demand popular info will be more widely cached !! unrequested info may be lost from the network /* skipping lots of technical details */ crypto in freenet link level encryption document verification - content hashed keys: key is hash of documents contents. correct key -> correct document data tunnelled failed requests cached load balancing thread pooling freenet today 200 known freesites ("flogs") /* some examples */ "reasonably convenient" - gotta love this ease of use comparable to linux97 trust vs anonymity? public/private-key architecture - allows people to build up anonymous identities building reputation over time questions answered: over 2 million downloads of software, translated to mandarin chinese keys searchable? upon first use listing of several sites, no search engine, ? few entry points ??? might seem clunky, 1995, appears to be functional how do requests work? "learning nodes where to route requests", in theory anonymity is impossible, trick is to make it more difficult to track, making it incrementally more difficult to track _PANEL_ social file sharing limiting file pool? as it is now there's still a limited search horizon circles based on shared interests can't offer network of trust? freenet morally wrong content - freenet is providing a service without drawing distinctions, otherwise would destroy purpose of the project copyright directive ipre, how much lobbying involved person who prepared the bill - married to high executive of vivendi, is expected to make 10 millions in 2 years through vivendi shares only heard by left wing, conservatives not listening use of social networks - accidental discovery, effective in keeping out bogeyman?, risk fragmented network?, people migrating to other networks (fasttrack -> edonkey), stopping to share out of pressure, more transparent environment orkut, friendster located in us - no data protection google as a threat to privacy technology overtaking legislation - ?technological progress can't be stopped by legislation? ian clarke: not easy to use now, no reason that freenet can't be a lot easier to use than e.g. wmp pgp one of the easier to use privacy software, still there are few users ian clarke: usability issues not fundamental to technology no strong market yet driving developers, but it's growing people want to be anon because they are doing something that is perceived as illegal - anonymity and p2p coming together law can prescribe behaviour, or it can follow - in case of file sharing law has to follow, efficient way to share highly demanded information, jankos proposal: introduces a certain aspect of fairness, moral janko: hard to have moral filesharing network ammorality is a certain requirement right now to counteract/to prove current legal trends as wrong. from audience, with passion: cripple 21st century technology to sustain 20th century business models, morality,