by Mike Masnick
Thu, Aug 15th 2013 7:33am
Wed, Aug 14th 2013 3:33am
from the about-face dept
Microsoft may have ditched its numbers as naming convention scheme for its consoles, but the company has been doing more one-eighties than a mildly talented snowboarder as of late. You may recall that when the Xbox One was debuted, Microsoft firmly stated that the console would require an always-on internet connection, would carry heavy restrictions on used and traded games, and would require the included Kinect to be functioning. Since that firm stance, Microsoft rolled back the internet requirement, eased up on their used games policy, and have now completed the backing-down-trifecta by removing the Kinect requirement as well.
Microsoft already stated that the Kinect doesn't have to be powered on, but at that time, it was still required to be plugged into the Xbox One. This, of course, remains a little nerve-racking. The paranoid among us suggest that the Kinect never actually shuts off, and Microsoft could spy on us in our undies. Speaking with IGN, Xbox vice president Marc Whitten confirmed that the Xbox One will no longer require the Kinect to be plugged into the console. Yes, another Xbox One reversal.On the one hand, yay, Microsoft is listening to their customers. On the other hand, whoever in the company thought these ideas were worth floating to the public in the first place deserves some significant time in the employment penalty box. Nothing about these endeavors was in the least bit customer-oriented and, when we're talking about any policy that restricts that lack of customer benefit is going to be a deal-breaker.
The end result is and should be a boon for Sony, who has gone out of their way to run something of a "Sure, we're Sony, but at least we're not Microsoft" campaign. Rolling these policies back may be the right thing to do, but it also serves to keep what Microsoft had originally wanted in the headlines, and that's going to turn customers towards competitors.
by Mike Masnick
Tue, Jul 30th 2013 7:54am
from the yeah,-that's-working dept
by Tim Cushing
Thu, Jul 25th 2013 3:29pm
from the oh,-microsoft...-can't-you-try-to-be-a-little-BIGGER-than-everyone-else? dept
If you work in the software industry, patents are obviously a huge issue. Nowhere is the abuse of patents more common than in this field, where broadly written claims covering obvious "methods" are the rule, rather than the exception.
Fortunately, some new tools have been crafted to allow developers to head off future trolling efforts. One of these, Ask Patents, was set up by StackExchange and Google in conjunction with the USPTO. Joel Spolsky, cofounder and CEO, recently had a reason to test drive Ask Patents, resulting in the rejection of a terrible software patent application.
There are a lot of people complaining about lousy software patents these days. I say, stop complaining, and start killing them. It took me about fifteen minutes to stop a crappy Microsoft patent from being approved. Got fifteen minutes? You can do it too.First, Spolsky gives the uninitiated a little background on software patents.
Software developers don’t actually invent very much. The number of actually novel, non-obvious inventions in the software industry that maybe, in some universe, deserve a government-granted monopoly is, perhaps, two.Taking a look at the history of patent trolls bears this out. Eolas, a notorious troll, which recently had its patents invalidated, has been extracting settlements from dozens of companies with its "Web interactivity" patents for nearly a decade. Others have followed in its wake, using patents such as "System for disseminating media content representing episodes in a serialized sequence" (to attack podcasters) and "online shopping carts" (to attack pretty much everyone) to generate revenue via lawsuits and settlements, all without having to actually create a competing product.
The other 40,000-odd software patents issued every year are mostly garbage that any working programmer could “invent” three times before breakfast. Most issued software patents aren’t “inventions” as most people understand that word. They’re just things that any first-year student learning Java should be able to do as a homework assignment in two hours.
So, how do these patents make it past examiners without being discarded as obvious or running into tons of prior art?
The first technique is to try to make the language of the patent as confusing and obfuscated as possible. That actually makes it harder for a patent examiner to identify prior art or evaluate if the invention is obvious...Spolsky details even more methods deployed by trolls to push through broad patents. He also notes that these examiner-thwarting efforts serve two purposes: sliding the application through and clouding the patent's coverage in order to increase the possibility that it will be infringed. Trolls don't want other creators not to infringe on their patents -- they want as much infringement as possible in order to generate settlements, hence the vague, ill-defined terminology.
The second technique to getting bad software patents issued is to use a thesaurus. Often, software patent applicants make up new terms to describe things with perfectly good, existing names... Since patent examiners rely so much on keyword searches, when you submit your application, if you can change some of the keywords in your patent to be different than the words used everywhere else, you might get your patent through even when there’s blatant prior art, because by using weird, made-up words for things, you’ve made that prior art harder to find.
Armed with this knowledge, Spolsky went in search of a patent app to invalidate.
At first I honestly thought it was going to be hard. Would we even be able to find vulnerable applications? The funny thing is that when I looked at a bunch of software patent applications at random I came to realize that they were all bad, which makes our job much easier.From the patent's summary:
Take patent application US 20130063492 A1, submitted by Microsoft. An Ask Patent user submitted this call for prior art on March 26th.
[T]echniques for generating and displaying a presentation of elements in view of the pixel density of the display component, using a scale factor set of scale factors that specify a pixel density range and a scale factor value (e.g., 120%) to be applied to the elements of the presentation.Spolsky looked at this patent and noticed one phrase being used repeatedly: pixel density. Or as anyone not applying for a dubious patent would call it: resolution.
Without reading too deeply, I realized that this patent is basically trying to say “Sometimes you have a picture that you want to scale to different resolutions. When this happens, you might want to have multiple versions of the image available at different resolutions, so you can pick the one that’s closest and scale that.”So, Spolsky searched for prior art aimed at the actual purpose of the patent: providing images at multiple resolutions. And he found it -- right inside something else created by none other than Microsoft itself.
So I spent about a minute with Google and eventually (bing!) found this interesting document entitled Writing DPI-Aware Win32 Applications [PDF] written by Ryan Haveson and Ken Sykes at, what a coincidence, Microsoft.A couple of months down the road, Spolsky (or rather, his patent expert) was informed that the application (including all 20 claims) had been rejected. It's a non-final rejection and Microsoft is appealing, but Spolsky's experience still demonstrates the potential power tools like these have to thwart bad patents, or at the very least, force the applicants to refine their definitions and descriptions.
And it was written in 2008, while Microsoft’s new patent application was trying to claim that this “invention” was “invented” in 2011. Boom. Prior art found, and deployed.
Total time elapsed, maybe 10 minutes.
[Hat tip to a whole bunch of people who sent this in, with the first few being ChurchHatesTucker, Nate Hoffelder from The Digital Reader and Marcel Popescu.)
by Mike Masnick
Thu, Jul 25th 2013 2:39pm
from the encrypted-or-not? dept
"I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back."Similarly, Microsoft and Google both directly said that they would never do that, while other companies hadn't responded (or chose not to respond) by the time Declan went to press. Of course, as he notes, since most tech companies now encrypt passwords, even if the companies were to hand over the hashed passwords, it's not guaranteed that the NSA can take that and decipher the actual password, though, it makes it easier. Still, just the fact that the companies are being asked for passwords seems like, once again, the feds going way beyond what they should be able to do.
A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'"
by Mike Masnick
Tue, Jul 23rd 2013 7:03am
from the seems-a-bit-extreme dept
When we wrote about this case a year ago, it was under the context of one person, Kevin Heller, whose data was sought, and him successfully fighting back (with some help from the ACLU) getting Chevron to drop the request for his info. But, as for everyone else's info? Mother Jones alerts us to the news that a judge in NY recently said it was okay for Chevron to get all that metadata, in some cases going back nine years.
...a federal court granted Chevron access to nine years of email metadata—which includes names, time stamps, and detailed location data and login info, but not content—belonging to activists, lawyers, and journalists who criticized the company for drilling in Ecuador and leaving behind a trail of toxic sludge and leaky pipelines. Since 1993, when the litigation began, Chevron has lost multiple appeals and has been ordered to pay plaintiffs from native communities about $19 billion to cover the cost of environmental damage. Chevron alleges that it is the victim of a mass extortion conspiracy, which is why the company is asking Google, Yahoo, and Microsoft, which owns Hotmail, to cough up the email data. When Lewis Kaplan, a federal judge in New York, granted the Microsoft subpoena last month, he ruled it didn't violate the First Amendment because Americans weren't among the people targeted.Leaving aside the fact that the court thinks it's okay to do this even if it's just "non-Americans" who have their privacy violated here, Mother Jones points out that this claim that it only targeted non-Americans isn't, in fact, true. Pesky details.
This seems like a pretty big problem, given the rationale of the judge initially. Beyond that, just the basic chilling effects from finding out that a giant company could get access like this to so much metadata on a large list of its critics is fairly incredible. As the article notes, while subpoenas on people who aren't actually parties to a lawsuit are "routine," they're not supposed to be mass fishing expeditions, which they appear to be in this case.
Now Mother Jones has learned that the targeted accounts do include Americans—a revelation that calls the validity of the subpoena into question. The First Amendment protects the right to speak anonymously, and in cases involving Americans, courts have often quashed subpoenas seeking to discover the identities and locations of anonymous internet users. Earlier this year, a different federal judge quashed Chevron's attempts to seize documents from Amazon Watch, one of the company's most vocal critics. That judge said the subpoena was a violation of the group's First Amendment rights. In this case, though, that same protection has not been extended to activists, journalists, and lawyers' email metadata.
The Electronic Frontier Foundation (EFF) represents 40 of the targeted users—some of whom are members of the legal teams who represented the plaintiffs—and Nate Cardozo, an attorney for EFF, says that of the three targeted Hotmail users, at least one is American. Cardozo says that of the Yahoo and Gmail users, "many" are American.
And, of course, even the whole "well they're not Americans so the First Amendment doesn't apply" thing is highly questionable -- since many of the accounts are anonymous internet users, and the First Amendment does protect online anonymity and there's no way for Chevron or the judge to know if the anonymous users are Americans or not.
by Tim Cushing
Mon, Jul 22nd 2013 7:05am
from the look-how-furrowed-my-brow-is,-dammit! dept
"I'm going to try to regulate [insert concept or technology here] because I really have no idea how it works," said no politician ever. "Bad things are happening and we're going to do something about it!" said too many government officials to count.
UK Prime Minister David Cameron is at it again, fretting about child porn and saying grumbly things about holding search engines responsible for the actions of others. This is one of Cameron's favorite hobby horses: porn on the internet, both legal and otherwise. He's pushed for mandatory porn filtering on every new computer and insisted any business offering open wi-fi block access to the nasty stuff.
Child porn is the new focus, thanks to the recent high profile trial (and conviction) of Mark Bridger for the kidnapping and killing of a 5-year-old girl. Bridger's computer showed he had viewed pictures of child sexual abuse shortly before the kidnapping.
Despite the efforts already being made by search engines and ISPs (including Google's new child porn database that it's sharing with competitors and law enforcement), Cameron is insisting these just don't go far enough.
David Cameron will tell internet companies including Google they have a "moral duty" to do more to tackle child abuse images found by using their websites.Strange. I would have thought the "moral duty" lay with those creating and viewing the exploitative material, not the inadvertent go-between whose job it is to index web content. Complying with a blacklist seems like a good idea, but there are two problems with that idea: determined people will get around the blacklist and blacklists tend to inadvertently block legitimate searches.
In a major speech on Monday he will call for search engines to block any results being displayed for a blacklist of terms compiled by the Child Exploitation and Online Protection Centre (Ceop).
Why these search engines need to comply with the blacklist in Britain is a mystery, considering every major UK ISP already filters the web using this list, according to the head of the CEOP.
Jim Gamble, chief executive of the Child Exploitation and Online Protection Centre (CEOP), said the blacklist currently used to filter the vast majority of UK internet connections had been a "fabulous success".
At that point (2009), only small "boutique" ISPs had yet to adopt CEOP's filtering and the Home Office estimated roughly 95% of internet users were covered. But Cameron insists that more needs to be done, even as ISPs voluntarily comply with most government recommendations -- like "splash pages" that warn users they are attempting to view illegal material.
[T]he prime minister will call on firms to go further, with splash screens warning of consequences "such as losing their job, their family, even access to their children" as a result of viewing the content.Everything already in place just isn't good enough. Apparently, it all needs to be bigger and bolder and subject to brand new laws created in the climate of panic and paranoia that usually follows high profile criminal activity. Cameron won't be satisfied until he tames the Wild West.
"I'm concerned as a politician and as a parent about this issue, and I think all of us have been a bit guilty of saying: well it's the internet, it's lawless, there's nothing you can do about it.But, when Cameron says "responsibility," he means it in the governmental sense, which has nothing to do with personal responsibility and everything to do with the government acting as a national conscience and finding someone to hold responsible for the child porn problem. It won't be child pornographers or their audience, however.
"And that's wrong. I mean just because it's the internet doesn't mean there shouldn't be laws and rules, and also responsible behaviour."
"There is this problem ... that some people are putting simply appalling terms into the internet in order to find illegal images of child abuse.Do it or we'll make you do it.
[W]e need to have very, very strong conversations with those companies about saying no, you shouldn't provide results for some terms that are so depraved and disgusting...and that, I think, there's going to be a big argument there, and if we don't get what we need we'll have to look at legislation."
"So it's about companies wanting to act responsibly. If you think about it, there's really a triangle here. There are the people uploading the images. We've got to go after them. There are the people looking at the images. We've got to go after them. But there is also in this triangle the companies that are enabling it to happen, and they do need to do more to help us with this."Hi, I'm a seach engine. I index the web and bring you the results you ask for. I don't create child porn, nor do I consume child porn, but please, hold me responsible for the actions of others. The legal team at Google, Bing or any other search engine is always easier to locate than a child pornographer. It's the path of least resistance and taking on "tech giants" on "behalf" of the people makes government officials feel big. Win-win.
Cameron wants the search engines to return no results in response to CEOP's blacklisted terms. It seems like such a little thing to ask, and Cameron is certainly pitching it that way. They just need to "do more to help us." But what happens when law enforcement, intelligence agencies or the government itself decides other search terms are a problem, perhaps coming from an angle of "combating terrorism" or "preventing hate crime?" Almost everyone agrees those are "bad," but do they really want their search results censored and filtered and sorted according to secret blacklists? Probably not, but it likely won't matter. Agreeing to this allows the government to get a foot in the door.
On top of the collateral damage, there's the fact that filtering search engine results is going to make a lot of headlines but do very little to curb the trafficking of child pornography. Jim Gamble of CEOP feels we've already maxed out the effectiveness of web and search filters -- something he pointed out back in 2009.
At the frontline, web filtering is now viewed as a peripheral issue. Gamble agreed with the charities that filtering is useful, but added it was ineffective against "hardcore predators" who swap material over peer to peer networks and for whom "the internet has moved on".The pros don't bother with public web sites and search engines. They go P2P and circumvent every filter put into place by government intervention. Gamble realizes this and has already shifted the agency's focus to peer-to-peer networks. Unlike Cameron, Gamble doesn't waste time constructing stupid "triangles of responsibility" in order to pin the blame on the biggest, easiest target.
"I believe filtering is good to avoid inadvertent access that will disturb or damage a young person, or deliberate novice access," Gamble said.
Gamble, a former intelligence chief in the Police Service of Northern Ireland, was however keen to head off accusations of an attack on peer to peer technology itself. "We can't blame technology - it's people," he said.Maybe Cameron should spend a little time actually discussing his plans with CEOP before using the agency's name in vain in order to attack search engines for being search engines. CEOP seems to have a handle on the problem -- the real problem. It's too bad Cameron's more interested in publicly displaying how deeply concerned he is than making actual progress against child pornographers.
"Peer to peer is a valuable resource for the online community. Our focus is on child protection."
by Mike Masnick
Thu, Jul 18th 2013 12:02pm
If 'Just Metadata' Isn't An Issue, Why Can't Tech Companies Reveal 'Just Metadata' About NSA Surveillance?
from the simple-questions dept
We the undersigned are writing to urge greater transparency around national security-related requests by the US government to Internet, telephone, and web-based service providers for information about their users and subscribers.This follows on a somewhat somewhat similar letter from Reps. Jim Sensenbrenner and Zoe Lofgren to Attorney General Holder and Director of National Intelligence Clapper, urging them "to authorize U.S. companies to release information regarding national security requests for user data."
First, the US government should ensure that those companies who are entrusted with the privacy and security of their users’ data are allowed to regularly report statistics reflecting:
Second, the government should also augment the annual reporting that is already required by statute by issuing its own regular “transparency report” providing the same information: the total number of requests under specific authorities for specific types of data, and the number of individuals affected by each.
- The number of government requests for information about their users made under specific legal authorities such as Section 215 of the USA PATRIOT Act, Section 702 of the FISA Amendments Act, the various National Security Letter (NSL) statutes, and others;
- The number of individuals, accounts, or devices for which information was requested under each authority; and
- The number of requests under each authority that sought communications content, basic subscriber information, and/or other information.
As an initial step, we request that the Department of Justice, on behalf of the relevant executive branch agencies, agree that Internet, telephone, and web-based service providers may publish specific numbers regarding government requests authorized under specific national security authorities, including the Foreign Intelligence Surveillance Act (FISA) and the NSL statutes. We further urge Congress to pass legislation requiring comprehensive transparency reporting by the federal government and clearly allowing for transparency reporting by companies without requiring companies to first seek permission from the government or the FISA Court.
Both letters point out that they're just looking for the ability to reveal specific numbers about orders received and user accounts impacted, but obviously not further information that might reveal the details of any investigations. Basically, they're asking for "just the metadata."
You may have spotted the irony, pointed out by Ashkan Soltani: Defenders of many of the government's surveillance programs have repeatedly trotted out the "just metadata" argument for why all of this surveillance is no problem, claiming that mere metadata doesn't reveal anything important. Yet, when it comes to their own metadata about their own surveillance programs, suddenly it will reveal all their secrets? (And I won't even get into the fact that only some of the surveillance programs are "just metadata").
So, which is it, feds? Is "just metadata" nothing too important, or does it reveal everything?
by Tim Cushing
Wed, Jul 17th 2013 7:48am
from the at-this-point,-I'm-pretty-sure-no-one's-telling-the-complete-truth dept
The recent leak detailing Microsoft's extremely close work with US intelligence agencies seemed to contradict pre-leak statements made by the company concerning responses to data requests. Microsoft claimed it only did the minimum required by law, but the leaked documents portrayed the software giant as working in concert with the NSA and FBI to provide them with pre-encryption access to several services, including Outlook, SkyDrive and Skype.
Microsoft has responded to this leak via a blog post and a letter to Eric Holder. The blog post is a long refutation of every claim made in the leaked documents. Rather than give the agencies direct, pre-encryption access, as was stated in the leak, Microsoft claims it only provides metadata and content as requested -- and then only if Microsoft deems the request valid.
Microsoft does not provide any government with direct and unfettered access to our customer’s data. Microsoft only pulls and then provides the specific data mandated by the relevant legal demand.With this across the board denial of the leaked documents' contents, we're left with only a few possibilities. Either the document isn't accurate and Microsoft's statement is truthful or the statement is false and the document is the truth. Or, somewhere in between, there's a way both can be accurate (or "least untruthful"), which boils down to subjective definitions of certain words, most notably "access." Microsoft could have provided near real-time access while still only complying with court orders. Everything stored and turned over to the NSA and FBI was technically "pre-encryption," in the fact that Microsoft had unencrypted access to the data. As we haven't actually seen a court order or national security letter directed at Microsoft, it's tough to say how direct and how close to real time this access is.
If a government wants customer data – including for national security purposes – it needs to follow applicable legal process, meaning it must serve us with a court order for content or subpoena for account information.
We only respond to requests for specific accounts and identifiers. There is no blanket or indiscriminate access to Microsoft’s customer data. The aggregate data we have been able to publish shows clearly that only a tiny fraction – fractions of a percent – of our customers have ever been subject to a government demand related to criminal law or national security.
All of these requests are explicitly reviewed by Microsoft’s compliance team, who ensure the request are valid, reject those that are not, and make sure we only provide the data specified in the order. While we are obligated to comply, we continue to manage the compliance process by keeping track of the orders received, ensuring they are valid, and disclosing only the data covered by the order.
Microsoft's rebuttal doesn't entirely refute the documents, however. There's no doubt it worked closely with these agencies to provide the access, content and data they were seeking, even if it was all strictly "by request." In terms of Skype, Microsoft doesn't even bother refuting the government had access to audio and video via its Prism connection. All it addresses is the statement that claimed video production had tripled "since a new capability was added" in July of 2012.
The reporting last week made allegations about a specific change in 2012. We continue to enhance and evolve the Skype offerings and have made a number of improvements to the technical back-end for Skype, such as the 2012 move to in-house hosting of “supernodes” and the migration of much Skype IM traffic to servers in our data centers. These changes were not made to facilitate greater government access to audio, video, messaging or other customer data.These changes may not have been made to "facilitate greater government access," but that's not what the document claims. All it says is that this new capability tripled video production. Moving to in-house hosting and migrating traffic to Microsoft data centers could certainly aid in the "production" (read: harvesting) of Skype video calls. Whatever the intent, the end result was the same -- easier, faster access to Skpe data and content for intelligence agencies.
This back-and-forth is unlikely to result in establishing definitive guilt or innocence on the part of Microsoft. Either way, it's of negligible importance. The fact is that intelligence agencies are, by way of court orders and security letters, inserting themselves deeper and deeper into the underlying fabric of online communications, something that stretches much further than Microsoft.
Microsoft itself is hoping to address the larger, more problematic issue of our growing surveillance state. In addition to its blog post, the company sent a rather irate letter to Attorney General Eric Holder [pdf]. It dispenses with most of the usual diplomatic niceties and confronts the government with the damage it's doing to American citizens and American companies with its surveillance activities.
Since the initial leak of NSA documents, Microsoft has engaged constructively with the Department of Justice, the FBI, and other members of the Intelligence Community on the ground rules governing our ability to address these issues and the leaked documents publicly. We have appreciated the good faith in which the Government has dealt with us during this challenging period. But we’re not making adequate progress. When the Department and FBI denied our requests to share more information, we went to the Foreign Intelligence Surveillance Court (FISC) on June 19 to seek relief. Almost a month later, the Government is still considering its response to our motion.This is no surprise to anyone who's attempted to obtain information or official responses from our intelligence agencies. The standard m.o. is to wait it out while chanting "grave damage to national security." But what Microsoft adds next serves as a slap in the face to those parties attempting to wait it out.
Last week we requested official permission to publicly explain practices that are the subject of newly-leaked documents that refer to Microsoft and have now been misinterpreted in news stories around the world. This request was rejected. While we understand that various government agencies are trying to reach a decision on these issues, this has been the response for weeks.
As I know you appreciate, the Constitution guarantees the fundamental freedom to engage in free expression unless silence is required by a narrowly tailored, compelling Government interest. It’s time to face some obvious facts. Numerous documents are now in the public domain. As a result, there is no longer a compelling Government interest in stopping those of us with knowledge from sharing more information, especially when this information is likely to help allay public concerns.In other words, "Your secrets aren't secret anymore. Get over yourselves."
At this point, only government employees who dutifully ignore what their employer tells them to ignore aren't aware of these leaked documents and their contents. If our "national security" was suffering "exceptionally grave damage" from these leaks, you'd think at least some of that damage would be noticeable. Instead, what we have is the large scale embarrassment of government officials who are now forced to explain actions that contradict the very principles they claim this country stands for -- that they say they stand for. Refusing to allow companies to discuss activities already outed by leaks is simply the most self-serving form of damage control. The threat to officials' reputations easily exceeds the threat to the security of the American public, and continuing to deny these companies an opportunity to explain their involvement does them, and the public, a disservice.
by Mike Masnick
Mon, Jul 15th 2013 10:43am
Google, Microsoft And Other Ad Networks Agree To 'Best Practices' To Stop Ads From Appearing On 'Pirate' Sites
from the the-details-matter dept
I have some concerns about this, as I'll discuss below, but on the whole it appears that there's actually some good to come out of this. First off, it's worth noting that all of these guys already have terms of service that bar the use of their ads on sites that primarily engage in such things. While various tech industry haters still tend to believe otherwise, the tech industry has been pretty good at keeping their ads directly away from such sites for years. The ads that tend to get on those sites come from tiny third party ad networks that no one has heard of. In fact, some of the "evidence" against Megaupload was that from very early on, Google kicked it out of its ad program.
Another sign that this agreement probably isn't that bad: the MPAA has already put out a statement about how they hate it, saying that it's not enough. Chris Dodd specifically argues that nothing is going to be enough until everyone else does the copyright holders' job for them, and proactively polices the internet. The fact that no one but the copyright holder can know for certain if something is infringing is not even allowed to enter the discussion in the corrupt minds of the MPAA.
In this case, it appears that this new agreement involves something of a more formalized notice and (possible) takedown system. Copyright holders can submit a complaint to each ad network (individually, not to some central authority), and then the ad network gets to decide how it handles the notice -- but, under the best practices, they will strive to keep their ads from appearing on such sites. Since this is just a voluntary agreement, unlike, say, the DMCA, there's no automatic liability shifting in refusing to pull the ads -- and the agreement makes it clear that the best practices themselves do not establish liability, nor do they create a duty to proactively monitor (though, I could see how copyright holders might later try to raise that issue).
The good thing about this program is that it appears those who worked on it clearly recognize that certain copyright holders may be a little over eager in claiming certain sites are "pirate" sites when they might not be. So the program is designed to be more transparent and to include the clear ability for a site to appeal such a decision and get the ad networks to reconsider. In some ways, this is a step forward from the way it was before, in which Google or others might just kick you out of the program with almost no communication and absolutely no right of appeal. In fact, Google is somewhat infamous for its big white monolithic response to kicking people out of its ad network: basically just telling them "you've violated our terms" with no explanation, no way to find out more, and no way to appeal. Adding an actual appeals process is a step up.
That said, there are still two key concerns here. The first is that even with an appeals process and various safeguards, it's quite likely that legitimate sites that have significant non-infringing purposes will still get caught up in this. We've seen too many false takedowns, false attacks and the like for that not to happen. And even with an appeals process, losing your entire ad network for a period of time can completely sink a small business (and, any site making money on these kinds of ad networks is, by definition, a small business -- because none of these ad networks pay out very much to individual sites).
The second concern is a bigger one: which is that if you look at the history of some of the most important innovations that have helped the content industry grow, they almost always start out as what those content industries deemed "principally dedicated to infringing activity." In the early days of radio, cable TV, VCRs, DVRs, mp3 players, YouTube, etc... they were all attacked as being hotbeds of infringement. Yet, as they grew in popularity, business models developed that helped the content industry tremendously. As I've pointed out in the past, it was only four years after Jack Valenti declared that the VCR was the "Boston Strangler" of the movie business that the home video business surpassed the box office in revenue for Hollywood. Yet, if we allow a system where the copyright holders are able to simply starve these new businesses completely before they've had a chance to develop and mature, I worry that we miss the next VCR, the next DVR, the next mp3 player, the next YouTube -- and whatever tool that comes next that allows content creators to do an even better job connecting with fans, creating new works, distributing new works, promoting those works and eventually monetizing those works.
It's easy to simply try to label all new upstarts as "evil" and kill them off, but history has shown that's generally not a very good idea. The reason those upstarts are successful is not that they enable infringement, but rather that they enable something new and useful that people want and like. The real opportunity is in figuring out ways for content creators to use that to their advantage -- and I fear that programs like this make it easier to simply snuff them out too early.
That said, if there needs to be such a program, this one appears to be the least destructive approach. It doesn't create liability or a proactive duty to police the internet. It allows the networks to make the final call on what do with complaints. It gives the accused sites the ability to appeal whatever decisions are made. Either way, I would imagine that the MPAA and the RIAA already have their incredibly long lists of sites ready and are submitting them everywhere they can... and within a few weeks we'll watch them issue statements about how the new program isn't working and how more needs to be done.