Cybercrime and Patents in Europe

Hairy1 writes: "The Council of Europe has been working on a Cyber Crime Treaty for some time. The final version is now available, and makes interesting reading." The submitter points out that treaty signers will be obligated to create legislation, as the UK already has, to force people to disclose passwords and encryption keys to the authorities. The U.S. may well sign this treaty - we've participated in the drafting process. On a slightly different note, people are up in arms because the European Patent Office has decided, apparently on its own, that software programs are patentable. Update: 11/09 15:23 GMT by M : A reader sent in this interesting bibliography of the treaty's history.

Patents

The Register has a piece on the patents issue here...
Eurolinux goes ballistic over Euro patent 'coup' [theregister.co.uk]

Amusing.

The EU recently released a report encouraging business & individuals to encrypt data, as the Americans, and sympathetic governments (UK) can read it via Echelon. Now they are saying that once you`ve encrypted it, you have to give the passwords to...uh, the UK government!

RIP in UK

This site [magnacartaplus.org] details RIP (the Regulation of Investigatory Powers Act (2000)), which has nothing to do with reglation, but with allows unwarrented searches of computer data, without the data holders knowledge or permission.

Hmm

I'm dubious.

Ok, I'm sure loads of other countries have participated, but it seems to me that this will be nothing but red tape to businesses.

As a citizen of "europe" I have yet to see the EU write one single peice of legislation that a) makes sense, b) actually has an effect other than to annoy people c) does any good. d) doesnt cost tonnes of money for sod all.

Don't get me wrong, I'm glad government are trying to get a hand into formalising these sorts of things, but what we really need is competant people advising them. I mean, look at what incompetance in these matters [stand.org.uk] gave us the last time.

I won't hold my breath.

Software Patents?

Finally! I've got this great program I've been working on, I'm not going to disclose the ultra secret source code here, but let me tell you, It's awesome. You run it and it displays:

Hello World!

Software isn't patentable...

but a software implementation of an invention does not render the invention unpatentable either.

All this latest directive does is clarify that an implementation in software has no effect on an invention's patentability: If you could get an patent on a method for doing something by using LEGO bricks, you could likewise get a patent on a method for doing the same thing using software.

What's the big deal?

Re:Software isn't patentable...

If you could get an patent on a method for doing something by using LEGO bricks, you could likewise get a patent on a method for doing the same thing using software.

What's the big deal?

This is more or less how software patents are supposed to work over here in the U.S., too. However, because the PTO has pathetically little software expertise, the result is that you can patent pretty much any stupid idea that is obvious to everyone else if your patent description ends with "...on a computer!"

The other big problem with this is that the patent system is explicitly not supposed to cover algorithms or mathematical formulae, because these are deemed fundamental properties of nature. However, patenting software is a surprisingly easy backdoor to patenting algorithms. E.g. RSA Data Security and the RSA patent which held back public key cryptography by a decade or more, and would have been worse if RSA had succeeded in convincing the PTO that their patent actually covers all forms of PK crypto.

EU protecting privacy?

On November 13 the EU Parliment will vote on the the proposal for a European Parliament and Council directive concerning the processing of personal data and the protection of privacy in the electronic communications sector
Read the report here [eu.int] . If passed it would make it illegal to idenitfy users on the internet without their permission. Keep your fingers crossed.

Not all things that come out of the EU are bad. Belive it or not :)

This is an interesting development.

If software becomes a patentable, er... commodity, what implications will this have for free software? Will the length of legal disclaimers attached to code eventually be greater than the code itself?
And everyone fighting against encryption... it's a losing battle. "Criminals" don't exactly pay attention to "the law", and if they're not completely braindead and know that a given piece of encryption software is crippled by the fact that the government has the keys to the backdoor, don't you think that they'll either use something else or maybe just not incriminate themselves via any digital media? Law-abiding citizens are the only ones that lose here, unless you like the idea of every Jane Government sticking their nose in your business whether you've done anything wrong or not.
On the bright side, if software becomes patentable, maybe this will strengthen the notion of Code As Speech in the US courts? I sure hope that the US legislators in charge of ratifying this bill (are there any? what body would be in charge of this?) runs this by the RIAA and MPAA before they sign it.

DOJ Wrote it!

The US didn't help write the treaty. The US DOJ wrote the damn legislation. This is what is called "policy laundering" in Washington. If you can't pass the surveillance powers you want in the US, just shop the same provisions around in a treaty in other countries.

What to do for us EU citizens?

So, what can we (EU citizens) actively do?

I've already signed the EuroLinux Petition [eurolinux.org]

Maybe a membership with FSF Europe [fsfeurope.org]?

What else? Find politicians that'll listen?

give my keys to the athorities?

Hmm... looks like it's time to start out-sourcing encryption to other countries that don't sign on. - India and China come to mind.

I feel safer, don't you?

So I don't own My Hard Drive anymore?

Look, They can regulate to their hearts content on transmission of stuff over the internet, But How the Heck can they now tell me my computer, and notably the hard drives, are subject to search and seizure , and that I am REQIRED to protect the information they want on MY OWN PROPERTY.

Don't get me wrong - child porn is bad, But taking away my rights to my own property is NOT the way to stop it. By all means, monitor for child porn, nail the ftp sites that hst it, but stay the hell away from my hard drive.

how the fuck

can you patent a string of numbers, or one very large number (depending in interpretation)?

An assembler or compiler is merely a filter for some text. This number when transfered to another processor type will generate complete different results, most likely garbage. Clearly the object code means different things to different processors, so they can't use binary.

Source code? Well that doesn't actually do anything other that represent algorithms, or thought process (pseudo code); which in turn represents free speech. You know, that thing the US used to have.

CoE - U.S. Law?

I thought the U.S. had decided a few centuries ago to do without European legislation. I suppose I was wrong, as it appears that the U.S. Federal Government is now using the European federal legislative body to create law here in the U.S., via treaty.

right

" The U.S. may well sign this treaty"

you like they signed

-Global warming treaty
-Chemical weapons treaty
-Land mines treaty
-nuclear weapons treaty

US won't sign shit

Forced to disclose Passwords???

... treaty signers will be obligated to create legislation, as the UK already has, to force people to disclose passwords and encryption keys to the authorities. The U.S. may well sign this treaty - we've participated in the drafting process.

You would think that a law like this would violate everyone's '5th Amendment Rights':

nor shall be compelled in any criminal case to be a witness against himself... full text [cornell.edu].

Being force to disclose passwords to authorities, IMHO, would be equivalent to testifying agaist yourself...

Never Laughed So Hard

That writ says NOTHING! I read it to article 9 and didn't see anything resembling a real statement for or agains something. Each and every passage that really says something "may or may not" be implemented by "a party". I'm considering moving to a place where there are real LAWS not lax guidelines. When I'm being shot for something, I want to know WHY!

Well, once in a while, my sig makes sense.

5th amendment

If it is true that the treaty forces countries to create legislation that makes it illegal to not provide keys on demand, how could the U.S. possibly sign this since the treaty? The 5th amendment prevents the gov't from forcing a person to testify against themselves. I believe that Mitnick used the 5th amend. to keep his encryption keys secret. I think that it was even discussed on slashdot a while back too.

"nor shall be compelled in any criminal case to be a witness against himself" [usconstitution.net]

James

P.S. Does the search feature for stories even work anymore?

Mathematics

According to the EuroLinux article,

the European Patent Office just published a new examination directive which extends the realm of the European patent practice to software, business methods and mathematics.

Patenting mathematics is outright crazy. It's the same sort of crazy that allows the patenting of software, but in the past one could always say: patenting algorithms is like patenting mathematics, and thus clearly nonsense. reductio ad absurdum has come along and bit us all on the arse.

Trying to imagine a world where mathematics is patentable is both hard and disturbing. Can you imagine if only licensed physicists were allowed to use Hilbert space theory? If one needed to pay a levy every time one used Shannon's law to help design a product? Where would we be if the finite element methods could only be applied to engineering analyses with the blessings of its creators?

How much mathematical progress would be made, if every mathematician had to check whether the work they were building on was patent-encumbered? If every publication had to first get the approval of some patent holders, with the possibility of a required payment?

It quickly gets surreal. Many statements in mathematics are equivalent when viewed in the appropriate fashion. Many too are based on certain sets of axioms. What does patentable mean when viewed in this light?

This to me is a clear sign that extreme IP advocates have just completely lost the plot.

Re:Mathematics

The EuroLinux article links to a French version of the text; an English version [epo.co.at] can be obtained by changing the "f" to an "e" (or following my link).

Here's the part on Mathematics:

These are a particular example of the principle that purely abstract or intellectual methods are not patentable. For example, a shortcut method of division would not be patentable but a calculating machine constructed to operate accordingly may well be patentable. A mathematical method for designing electrical filters is not patentable; nevertheless filters designed according to this method would not be excluded from patentability by Art. 52(2) and (3).

First, note that the Patent office, evidently not being staffed by mathematicians, believe that they have not rendered mathematics patentable. Or, in other words, explanation-free protests based on the statement that they have will only confuse them, and cause them to distrust the protesters. After all, "These are a particular example of the principle that purely abstract or intellectual methods are not patentable."

I see three problems with this:

1. "Purely abstract or intellectual methods" often are algorithms. For example, we tend to express the mathematical concept of "graph reachability" as the algorithm that tells us whether a given node is reachable from another. It can be defined other ways (including second order existential logic), but we tend to think of it algoritmically first, moreso for complicated properties.
   
   Therefore, despite protests from the Patent Office that mathematics are not patentable, damn near every discrete mathematics definition and algorithm is patentable, or close enough that a the prospect of fighting a patent would scare anybody.
   
2. "A mathematical method for designing electrical filters is not patentable; nevertheless filters designed according to this method would not be excluded from patentability by Art. 52(2) and (3)." Functions are only relevent in terms of the results. (Merely specifying a domain is rarely useful.) If one can create a mathematic concept, then proceed to creatively patent the (useful, for the Patent Office's amazingly low standard of "useful") results that can come from concept and associated functions, then the only useful part of the concept is effectively patented. Combine this with the next problem ->
   
3. An increasing amount of math is taking place on computers. For instance, the famouse and importent 4-Color problem was proven by a computer. This will only increase over time. Therefore, there may be no difference between the abstract math and the concrete implementation, which means there is no difference between patenting math and patenting an algorithm.

Remember that as you protest to the EU. They don't speak our language and, frankly, they don't know jack shit about math. And it shows. They honestly think that under these rules, math is still unpatentable.

(And frankly, I don't think we stand a chance in Hades of convincing them otherwise. The more ignorant you are, the more you think you know on a given topic, and I'd lay money these people honestly believe they know mathematics. Which means they will not listen to people like us.)

"Bush to blame" according to Wired.

This Wired Article makes interesting reading. It gives the impression that the preasure to alter Europes (mainly very strict) privacy laws has come from as high up as Bush Himself [wired.com]

As we all know, wherever America goes, Europe gets dragged along kicking and screeming!
However, I definately couldn't imagine the Duch or the Danes going along with such draconian anti-privacy laws, even if we in the UK seem complacent about our privacy and rights.

Very important things

First, remember that the Council of Europe is not the EU. It doesn't even have the same members. Just because this organisation passes a stupid law, doesn't mean the EU is evil, and doesn't mean the EU is contradicting itself.

Second, the Council of Europe didn't write this law, the US did; as such, I wouldn't expect many (if any) continental EU countries to sign it, especially considering it may contradict some of their EU responsibilities and they'd rather be part of the EU than pass this law.

Third, if they somehow did pass this law, we could always create a country in Antarctica.

forced disclosure of passwords

and how would that work with the right to refuse self incriminiation?

Use Best Practices

Best Practices says that if your password or keys are compromised, you need to change them as soon as possible.

Or we need to develop an "under duress" password capability that destroys the data if used.

Whoops, I gave you the wrong password. My bad.

At least this way...

At least this way the state has to come to you to demand your password -- you'll know you're being watched.

It'll be too late, of course. Your key will be used to decrypt all your old messages. (Is there a statute saying how long you need to remember your passphrase after you change keys?)

You want my password?

Gee, sorry, I can't seem to remember it. Contempt of court? Fine. Hey, charge my company while you're at it, they're the ones who make me change it every other month and never write it down...

Terrible..

To be honest.. I find the whole RIP bill disgusting.. It's a complete violation of your privacy.. but saying this is nothing new and I won't go there..

One things i've noticed though, is the amount of UK ISP's (Freeserve, AOL to name two), to me, seem to be abusing their shadow proxies (cisco cache engines I presume)..

For, whilst using AOL or FreeServe, you try and telnet to _any_ outside mailserver on port 25, you get their mailserver. It's actually _impossible_ to get to any other SMTP service whilst dialled-up with one of these ISP's.

Now, sure this could be because they're attempting to optimize their network, but on the other hand, they could have their SMTP relays configured to store/cache messages locally - ideal for RIP bill investigations..

Scary thought..

Is Source Code a Patent Violation?

After reading in an earlier slashdot article where the California Supreme Court declared that source code is speach regardless of its ability to be compiled, I asked myself:

"If you publish the source code for a patented algorithm, are you violating the patent?"

If this holds up as yes in the US ane EU, does this mean we can scoot around the patents as long as we distribute the software in source-code ONLY form?

Patrent Law - Big Deal

No big news. It seems to me it is just giving European countries the right to patent software (think US patent office). Until now this was not possible in Europe, although u could still file a US patent. Its just *ANOTHER* example of Europe playing catch-up to the US decades later.

A big problem with the big(gest hehe) European software company I work for is that since software has always been unpatentable in Europe, we are getting creamed with infrigment claims from US companies. The patent game for big corporations consist of:

Bloated Software Company A: "Hey, we have a patent on that! Pay us money or we'll sue!"

Bloated Software Company B: "Oh yeah, we'll we have patent of something your selling, so shut up!" etc.

Problem is taht a lot of Europeans companies (like the one I work for) can't tell anyone to shut up. This legelation will only help European countries compete by encouraging software patents.

At odds with "anti terrorist" legislation?

It states:

Article 3 Illegal interception
Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system, including electromagnetic emissions from a computer system carrying such computer data. A Party may require that the offence be committed with dishonest intent, or in relation to a computer system that is connected to another computer system.

Given the number of organisations that the UK government is planning to give access to your IT data under "anti terrorist legislation" (eg Guardian article [guardian.co.uk]), this will surely require some tricky legal manouvers to get every man and his dog working for the government classed as "with right" to intercept?

Also, what it'll be interesting to see how the data that the ISPs are being told to collect for "anti terrorist" means will be classed as "with right" to intercept, given the provisions in the human rights act on privacy...

Oceania?

password and encryption disclosure wigs me a little much. Exactly who decides on weather this is signed into law or not? Some committee that we can't talk to?

Don't you love how this works?

First, governments cooperate on creating a treaty with provisions that would never pass muster with the folks back home if they tried to pass it directly. Once signed, they then work to pass laws implementing the treaty. If people complain about the provisions, the lawmakers disclaim responsibility, saying they have to do this to comply with the treaty.

It HAS happened and It DOES happen, EXACTLY like this. Let's not get fooled again.

Hmm...barrier to entry?

What effect might this have down the road on the few countries like Bulgaria where neither the culture nor the law recognizes things like copyright protection? If one of these countries wishes to join, what laws will be imposed upon them?

Funny how the system works

From the bibliography [wildernesscoast.org] link above (one of the very earliest entries at bottom of the page):
By Steve Gold, Newsbytes Special to the E-Commerce Times January 14, 2000
Unconfirmed reports circulating on the Usenet suggest that the U.S. government is working with the European Union (EU), Japan, Canada and other countries, including South Africa, on a draft cybercrime treaty that would try to ban hacking and Internet eavesdropping utilities.

Interesting how only the powers that be should now be allowed [loc.gov] to eavesdrop and crack into computer systems, even though they're so intent on making it illegal for everyone else.

It's too bad that we have to trust a bunch of mostly technologically uninformed politicians to draft law these days. I'm sure their intentions are all good in trying to prevent terrorism, but sadly they've been duped, like much of American society, into believing that government can provide us with safety and security in all aspects of life. Unfortunately, in this effort to provide a safe and secure country, our liberties are getting trampled on in the process.

there go my emigration plans

Jesus, and I was thinking that if things got any worse in the U.S. I might take my family and emigrate someplace sane, like Holland. But that won't work if Holland, through the EU, starts signing up for the same insanity the U.S. government seems so enamored of.

Max

So create your own "backdoor"...

It would work like this: Take two plaintext messages -- one innocuous and one more, um, poignant. Encode both, using different keys, into a single ciphertext. If the authorities intercept it and demand the key, just give them the one that decrypts the innocuous message, leaving the other one safely hidden.

Misleading - in the UK a warrant is needed

In the UK you must provide the decryption key upon being presented with a court warrant. Providing the unencrypted text is not enough, they may force you to hand over the key (which, unfortunately, also allows law enforcement to read all past communications encrypted with that key and not just the communications covered by the court warrant). If required to turn over the encryption key for someone else (eg a boss for an employee) you may not tell the person that uses the encryption key you have revealed it to law enforcement or you face 5 years in jail. This is called a 'tipping off offence'.

As for the EU patent office, they are typical of EU beaurocracy gone mad. The UK had already decided against [slashdot.org] software patents. I hope we see more software groups lining up behind the EuroLinux call.

Phillip.

Computer languages ARE languages

There seems to be confusion about what a computer language is. The correct answer is

a language for describing partial recursive functions.

A partial recursive function [mit.edu] is a type of function that was introduced by Kurt Godel, in the 1930s, using mathematical logic. (Also in the 1930s, Alan Turing developed the Turing machine as a model of human thought processes. It was then proven that the partial recursive functions were the same as the functions that could be evaluated by Turing machines. Later, electronic computers were created, and they were well modelled by Turing machines.)

The important point here is that the definition has nothing to do with physical devices. Of course, most computer languages can be understood by particular physical devices (electronic computers), but that is not required--and it only came about later. Even after the advent of electronic computers, some computer languages were still being invented for the purpose of communicating with people. Two good examples illustrating this are APL and MIX.

APL (A Programming Language) was invented by Ken Iverson, a Harvard mathematician. His sole purpose was to have a good way to describe algorithms to people. Physical computers were not even a consideration. Later, other people thought that it would be a good idea to implement the language, and interpreters for computers were crafted, but that was strictly secondary.

MIX was invented by Don Knuth, a Stanford mathematician. His primary purpose was to have a "formal, precise way" to "present the various techniques" detailed in his book Art of Computer Programming (I'm quoting from the preface). Although algorithms described in MIX could be executed on a (idealized) computer, Knuth's primary purpose was communicate to people.

Both these languages are intended to be used to describe algorithmic calculations, but not all computer languages need do this. Prolog [cmu.edu] is an example, where you just describe the input and output of the program (e.g. input "a list" and output "an ordered list", where "ordered" means "i LE j implies list[i] LE list[j]"), without necessarily describing how to calculate the output. And Prolog was invented primarily to be executed on a computer.

If an algorithm is described in English, then plainly, there are free-speech protections. What if Esperanto were used? Again, free-speech protections should apply, but note that Esperanto is an artificial language. So, I think that the same provisions should apply if the language is APL or MIX. From there, we surely get protection for Prolog, Java, C, etc.: all human-readable languages.

Has this line of reasoning been used in the courts? If not, why?

CPPA equivalent

The treaty may (hopefully) be held in contravention of the constitution which would bar the US from enacting it. Article 9, section 2b 2c mirror the virtual kiddie porn clause in the CPPA. If the supreme court finds that clause of the CPPA in defiance of the first amendment (for being overbroad) then, presumably, this miserable little bit of judicial imprudence would also be and we who manage our own servers will hopefully not quickly be hobbled with the provision that we catalog all the traffic for law enforcement to peruse on their donut breaks.

You just try

you just try and get my keys from me. i'll be at my keyboard with a shotgun.

Reasoning by analogy?

Seems to me that the question is similar to what happens if you have a safe in your basement. If the government thinks you've done something illegal, they get a search warrant and you open the safe or they do. A password encrypted file is different only in that they cannot open it without your cooperation. Failure to cooperate would be like having a tamper-proof safe (e.g., one that destroyed the contents if opened without the right combo).

Now, IANAL, but I bet these cases (physical safes) have already been confronted, and I bet that if these password cases show up in USA courts, the laws will be interpreted in a similar manner.

As for 5th ammendment issues, I would be interested in a knowledgeable person telling me if you can use this to keep the govt out of your diary, or other physical stuff you have produced. I think not, as the 5th is designed to keep the govt from torturing prisoners -- not protect the individual's right to commit crimes if they can be clever about hiding, encrypting or otherwise documenting their crime. Now, if the only way into your safe (or your file) requires violating the 5th ammendment (torturing you for your password), then can we suggest that refusing to reveal the password is prima facia evidence of obstructing justice -- which is a different crime than (perhaps) that covered by the original search warrant? Where are the /. lawyers (you know, the ones that can write "IAAL" when you need them?).

I know this is a joke but.

In Taliban Afghanistan connecting to the internet, or even just owning a computer is completly illegal.

Re:Is it just me...

That's funny. I was thinking that a power vacuum, US military, or UN martial law would provide a good opportunity to prosylatize Christianity and educate women with impunity. Free DVDs were pretty far down on the list.

I DO IT WRONG, some more ;)

I do it wrong

Laying here in the shadows of my room, I squint up at my love. My Ms. Portman.
I am sore and tired after fucking her for eight solid hours. My chapped and aching
dick is soaking in grits to relieve the pain. She gets on her knees and starts lapping
the grits up out of the bowl. She places her beautiful hands on my penis and starts to
lick the grits off my achy piece.

Massaging my nutsack she....

WAIT, I DO IT WRONG!!!!

Yanking my dick out of her mouth I throw her to the ground and shove it in to her
gaping freshly fisted ass. [goatse.cx]

"OH BIG ASS SPORK, err, OOOHHHH BANNED IP!! Fuck my ass, fuck my ass good. DEEPER, my stallion, deeper!!
Make a Beowulf cluster of sperm on my back!!"

"Imagine a Beowulf cluster of this baby!"

I DO IT WRONG!!!!

Due to excessive bad posting from this IP or Subnet, comment posting has temporarily been disabled. If it's you, consider this a chance to sit in the timeout corner. If it's someone else, this is a chance to hunt them down. If you think this is unfair, please email jamie@mccarthy.vg.

HAHAHAHAA fuckers! I am not ssooo wrong I can't recover! All your trolls are belong to... forget it...

The /. troll HOWTO
This is version 0.6 of a troll HOWTO, sort of a companion piece to jsm's excellent troll FAQ. As a draft, comments and criticism are always welcome, if not appreciated :)

Section 1 - Trolling techniques
There are techniques used by successful trolls to elicit the maximum amount of responses from unthinking /.ers. This section is dedicated to explaining how to use these in the course of your trolls. Remember though, a great troll can break any or all of these and still be successful...

Timing
Because you're posting as an AC, your troll will generally be ignored in favour of posters using their accounts, and so getting in early is essential. A good guideline is to get into the first 20 posts, so that people reading the article will see the troll before it is swamped out. One way of increasing the speed with which you get your troll into play is to prepare them beforehand, and then quickly customise them for the current article. This is easier than it sounds since /. typically repeats stories with small variations and runs lots of similar stories.

Note that this is why Jon Katz stories are pretty worthless as trolling material - by the time you've found the article and prepared a troll there's already 50+ posts on it, most of them flaming Jon Katz anyway :)

Exposure
Once you've got your troll in, you need people to actually read it. You also want replies - /.ers are more likely to read your troll if it starts a large thread. You also want to remember that some people have set their comment thresholds to values higher than 0 - to get the attention of these you either want to get your post moderated up (see Style, below) or get a reply which gets moderated up to 4 or 5, in which case your troll becomes visible to all.

Accounts
An alternative to the time-honoured tradition of AC trolling is that of creating a "troll" account. This gives you the advantage of posting at 1 rather than 0, and slashbots are more likely to take you seriously, especially if you at least sound reasonable. If you do this, try to avoid posting stuff where it is obvious you're a troll under the account - post it anoymously instead - some slightly more canny readers actually check your user info before they reply. Not many though :)

The ultimate goal of the troll account is to secure the +1 bonus, which is currently received once you hit 26 points of Karma. To get there, employ the techniques of karma whoring that we see every day on /. and watch the karma roll in. And of course once you get the +1 bonus, the world is your oyster in terms of /. Posts made at a default of 2 hit even those people with the threshold of 2, are more likely to get moderated up even further if they are at all coherent, and people tend to lose their critical thinking abilities in the face of the +1 bonus. Milk it for all it's worth.

Layout
To get people reading it a troll needs to be easily readable. Make sure you break it down into easily digestible paragraphs, use HTML tags where appropriate (but always make sure you close them properly) and use whitespace appropriately.

Size
Generally a troll shouldn't be too short, otherwise it'll get lost in the crowd. A workable minimum is a couple of medium paragraphs. Conversely, it shouldn't be too long, or no-one will bother to read it. Keep it to a happy medium.

Spelling
Whilst spelling is important if you want the troll to be taken "seriously", key spelling mistakes can draw out the spelling zealots, especially if you mis-spell the name of a venerated /. hero, like Linus Torveldes or Richard Strawlman (thanks dmg). Related to this is the use of the wrong word, explaining an acronym as being something it isn't or making a word into an acronym even when it isn't.

Subject
The subject line needs to draw attention to your post without making it obvious that it is a troll. A simple statement of the main point of your argument can work here.

Style
Once you realise that most moderators don't bother to read past the first paragraph or two, you can use this fact to craft trolls that can be moderated up as "Insightful" (note that I mean this in the /. sense rather than the real-world sense). Start off fairly reasonable, making statements that are /. friendly and not being too controversial. As the troll goes on, make it more and more controversial, building it up for the coup de grace in the final paragraph.

Linking
As we all know, a post with links is considered "informative" by the /. crowd. Moderators love it, and they rarely check the links, so be sure to include as many as possible. And make them wrong - a link to the Perl website should instead point to the Python website instead, and vice versa. The other alternative to incorrect links is "useful" links to places like www.linux.org and www.microsoft.com i.e. places /.ers could never have found on their own :)

Feeding
The ideal troll requires no feeding - it runs on its own, generating flamewars between clueless /.ers for your amusement. But often a troll requires some help and so you should consider feeding it. Feeding is best reserved for people making either completely clueless responses, people making responses with holes in, or those wonderful people who write a 2000-word point-by-point rebuttal of your troll.

Know your audience
Always keep in mind the kind of things advocated on /. so that you can play on and against them. This is why anti-Linux, creationist, gun-loving, pro-corporation trolls work well - the vast majority of /.ers hold the opposite viewpoints. And if a few people agree with you, so much the better - it merely validates your viewpoint in the eyes of readers.

Arrogance
Be arrogant. You, as a troll, know that you're right. No other explanation could exist. The wronger the "fact", the more assertively you should state it. Make it clear that you are better than everyone else - you know the truth and they are just too stupid to realise it. Use plenty of sarcasm, and use "quotes" to show it to people too dumb to realise.

Offensiveness
Being offensive in your initial troll can be counter-productive - it causes moderators to mark you down as flamebait in general. But if you're feeding, then you can get away with calling /.ers all kinds of things. Make broad generalisations about /. readers - call them "long-haired Linux zealots", "socialist open-source bigots" or whatever. Stereotyping is encouraged - people always want to think that they're an individual, and will point this out to you given half a chance.

Indifference
Great for articles with a political or social bent, this kind of troll expresses complete indifference to the topic at hand, wondering who on Earth cares about it. An alternative method is to say that the topic only concerns a certain group of people - criminals, idiots, hackers (always use this instead of crackers) or whatever group you want to offend.

Sympathy
Appear to take the same stance as the people you're trying to troll - claim you're as much a fan of Linux as the next man, but... This way you can make all kinds of claims in the sure knowledge that you actually know what you're talking about. A great phrase to use here is "In my experience". Remember to act like all the things you're pointing out are unfortunate but true.

The common touch
Always accuse /.ers of being elitist. This is an easy thing to do seeing as a lot of them are. Claim that is their grandmother couldn't use it, then they are just into it to feel better than Joe Sixpack rather than "doing it for the average user". This is always great for working into anti-Linux trolls - attack command-line tools and poorly designed desktops.

The 31337 touch
The opposite of the above. Claim that technology or whatever is only for the elite of society and that any attempt to open it up for everyone is wrong, an attack on intellectualism and possibly even dangerous. If people were meant to understand these things then they would, and it's their fault if they're too stupid to learn.

Contradiction
Never be afraid to contradict yourself, even in the space of a single sentence. The phrases "I am a top programmer who codes in VB" or "I am a supporter of open source who uses NT at work and 95 at home" will be sure to get a response from some weenie smugly pointing out the contradiction. Confuse the issue more by engaging in contradiction when you are feeding - this will confuse /.ers who will then make even more stupid replies, leaving them even more wide open for response.

Clues

If you're feeling brave, give the reader clues that this is an obvious troll. The classic example here is dmg's stock phrase "I am often accused of trolling (whatever that is)", but also feel free to use phrases like "I have not read the article, and I don't know much about XYZ but I feel I must comment". If anyone responds to a troll with these kinds of clues in it, feel free to bask in the glow of knee-jerk /. responses.

Denial
If you're unlucky someone will accuse you of being a troll (surely not!) and try and ruin it for you. If you don't want it all to end there, then be sure to counter it by accusing them of being small-minded and petty, saying that it's easier for them to say it's a troll than to accept that people have different opinions. Be sure to say this in the subject line, especially if their subject was the infamous "YHBT. YHL. HAND."

Claiming credit
Given that /. has its community of regular trolls (hi guys!), it's only polite to publish your troll on one of the so-called "hidden" forums for all to see and admire. This way, you get to bask in the praise of other trolls, they get to contribute to your's if they want to, and you get an easy way to find the troll later on when you want to check on its progress :)

As for when to post it, that's a matter of opinion really. You can either post it straight away or leave it will after people start biting. Remember that the troll forum is also frequented by non-trolls, and sometimes you may get a self-declared "troll-buster" try and expose you. But remember, /.ers always post before thinking, and often it doesn't matter at all.

There is no real current forum at the moment thanks to various spammers hitting the sids, but try trolltalk, the original troll sid started by 80md and osm way back in the day. Generally all postings are done there as an AC, with your name at the end of the post. Include a link to the troll somewhere in the text, which ideally will be directly to the post and its replies - click on the #XX link in the thread to get there.

Ending the troll
Sometimes you just get bored with a troll, or people start posting genuinely thoughtful stuff in reply (it does happen). When this happens it might be time to own up to the troll with a helpful "YHBT. YHL. HAND." post. Sometimes people will carry on a discussion of the issue, and if you're really lucky (and it was a great troll) they will completely fail to believe you and carry on arguing. If that happens, pat yourself on the back for writing a great troll :)

The cheap $3 crack
Finally, when all else fails and your troll gets moderated down to (-1, Troll) within ten seconds of you posting it, the only honourable thing to do is to accuse the moderators of smoking the cheap $3 crack (again) and give up :(

Section 2 - Types of troll
The Maniac
Probably the most popular kind of troll, the Maniac holds an opinion on something, and won't budge from that opinion no matter what evidence to the contrary is presented. If challenged, the Maniac will simply get more and more agitated and abusive, deriding his opponents as "idiots", "wrong-thinking", "dangerous" and "subversive". Generally the Maniac takes a position that opposes the prevalent /. beliefs, but a similar effect can be achieved by taking a typical /. viewpoint and pushing it to ridiculous extremes.

Maniacs can be crafted for practically every article /. posts, although some are more obvious targets than others. Civil liberty articles, especially on things like censorship, DMCA, UCITA that really get /.ers riled up, are usually extremely fruitful grounds for a well-crafted maniac. The other obvious type of article is anything which could possibly involve religion, especially evolution :)

Here are some fruitful avenues to explore:

The Right-Wing Maniac
Always popular, the right-wing maniac (RWM) is a God-fearing, gun-toting, flag-waving American, and proud of it. They don't care about the rest of the world, unless it's to "prove" that America is better than everything else, and they cannot stand liberal whining over civil rights. They hate the moral decay of America and want it to revert into a nation of heterosexual, Christian whites like it was meant to be. Woe betide anyone that dares to suggest otherwise.

Religion
There are two ways to approach this kind of maniac. The harder to pull off is the militant atheist, but this is quite common amongst /. posters and you would have to be very offensive to get this to work. Of course with religion trolls, the argument can go on for ever once it's started... The more common approach is the Christian fundamentalist. They are ignorant, intolerant and bigoted in the extreme. For them the Bible is the inerrant word of God revealed to man - it contains no flaws and no contradictions. Thus they are strict Creationists - mentions of evolution or cosmology will set them off on vitriolic rants. Flaming denunciations of anyone daring to contradict the "Word of God" are the way to go, and any kind of proof can always be ignored by appealing to "secular humanist brainwashing". And let's not forget, the USA is the greatest nation on Earth because it has the righteous power of Jesus Christ behind it.

Ideology
Pick a philosophy, any philosophy. This troll is a troll with a cause - they have found some kind of ideological truth, and are out to expose every other philosophy as a sham. Whether it be libertarianism, objectivism, communism or capitalism, this troll will point out the obvious "flaws" in any other philosophies, whilst spouting dogma about their own. And the best thing is - you don't even need to know that much about what you're spouting - making doctrinaire mistakes will get both sides of the argument flaming you, adding to the fun.

Software
This is an old favourite and crops up in many forms, covering the gamut from OS maniacs (Linux zealots, MS-apologists or embittered BSD fanatics), language maniacs (Pascal vs. C, C vs. C++, C++ vs. Java, Perl vs. Python, VB vs. everything), application maniacs(GIMP vs. Photoshop, Netscape vs. IE, vi vs. emacs) and also includes people who complain about how technology should only be for the 31337 hackers.

Guns
Americans love their guns, and will always fight passionately for their Constitutionally guarenteed rights to bear arms and shoot people. Even the slightest hint of criticism of this will bring down the wrath of a thousand and one enraged gun-owners on you, so it's always a great point to work into a troll :)

The Expert
The Expert is someone who is "savvy" in their particular field, and is perfectly willing to give their opinion on any topic even vauguely related to their field. The Expert is most likely to be from a field which /.ers as a rule despise - the classic example is dumb marketing guy, but try consultants, lawyers, politicians, lobbyists, executives, journalists (just think Jon Katz). With this kind of troll sweeping statements with little content are the norm, along wire dire portents of future catastrophe and dark hints of "insider knowledge".

Some possible angles to exploit:

Industry knowledge
The expert knows the computing industry from the inside - as a long-term pro, they can dispense knowledge knowing that they can "speak for the industry". Their smug self-satisfaction is bound to annoy, as is any suggestion that things aren't the way that /.ers would like it - saying "Linux requires the rock-solid guarantee of a trusted company like Microsoft" or "Apache cannot be trusted for mission-critical enterprise platforms" is guaranteed to get you denials explaining exactly why you're wrong, in excruciating detail.

Helpful hints
With their tech-savvy (or law-savvy or whatever) experience, the expert is obviously the best person to point out what's wrong with things or to give out useful "factual" information. In fact this probably works best with lawyer trolls - for all that /.ers protest "IANAL", they certainly seem to think they could be, and any mistakes you make will send them rushing to prove themselves by correcting you.

Offtopic Trolls
Not really a "troll" in the strict Jargon File sense of the word, but they certainly should be included here :) This category includes parodies, offtopic weirdness any all kinds of amusing stuff. Not really my area of expertise, this stuff is mainly done by gnarphlager and opensourceman. Thanks to gnarphlager for this section.

Offtopic trolls, like any other, come in almost as many colours as an iMac, but generally not as cute. But then again, a good offtopic "troll" can affect more people than a repulsive little gumdrop on your desk, because you need to have someone SEE your desk before they can react. Simple? Moreso than even my overblown prose could indicate. Some basic examples:

The serial troll
Write a story. Keep expanding it. It doesn't matter what article you post it under, so long as it's high up. If you want people to recognize you, pick a couple themes or symbols, and carry them on throughout the story. Other alternatives include back linking or including the entire story, but adding more each time. Be funny if you want. Or if you don't feel like being funny, just be really weird. Someone will react.

The random troll
This has nothing to do with anything. Be it a stream of consciousness rant, or a description of the corner of your desk. Another favorite is a monologue, read as if spoken from any one given entity to another. The more outlandish, the better (a pair of socks talking to a mousepad, for example). If you really wanted to be artsy, work in an actual metaphor or legitimate meaning behind it, but it's not necessary.

The vaguely related troll
Start out with a comment about the article. Have a definite opinion of it. Then, after a little while, disintegrate into randomness. All roads eventually can eventually lead to cheese (yum), Natalie Portman, cannibalism, toasters, squirrels, futons, you name it. All it takes is a little bit of creativity. Oh, and feel free to use other trolls' motifs. Open source and all that ;-)

General tips:

If it's funny for a fleeting moment, then it's worth posting.
Puns. Puns are only less vile than mimes, but it's hard to mime on /. So feel free/obligated to litter your offtopic and random bits with puns. Hurt the bastards. And if they're sick enough to laugh at them, then they'll eventually end up here ;-)
Obscure cultural references and injokes are always good. SOMEONE will get them eventually.
Several drafts of a serial or random post are common, but true elegance is being able to come up with something on the spot that still makes the top 40 posts (on a post-heavy article)
Section 3 - Useful trolling links
The following links contain background information useful for trolls needing quick quotes and "expert" opinions to include.

General purpose links

ddi.digital.net/~gandalf/trollfaq.html - How to deal with USENET trolls - learn your enemy :)
www.don-lindsay-archive.org/skeptic/arguments.ht ml - A List Of Fallacious Arguments - Learn them and use them liberally
www.altairiv.demon.co.uk/troll/trollfaq.html - USENET troll HOWTO
www.baiting.org - Baiting.org
www.fieldingtravel.com/df/index.htm - Fielding's DangerFinder - A guide to what and where's dangerous

Religious links

www.godhatesamerica.com/ - God Hates America
www.chalcedon.edu/creed.html - The Creed of Christian Reconstruction
www.demonbuster.com - How to cast out your demons and do spiritual warfare
riceinfo.rice.edu/armadillo/Sciacademy/riggins/t hi ngs.htm - Things Creationists hate
www.icr.org/ - Institute for Creation Research
www.xenu.net - Operation Clambake - The fight against Scientology on the net
www.hom.net/~angels/ - Citizens for the Ten Commandments
www.bju.edu/rcnbc.html - The difference between Catholics and Christians
www.geocities.com/prazske00/biblequotes.html - Bible quotes by category

Political/economy links

www.aynrand.org - The Ayn Rand Institute
www.reason.com - Libertarian site
www.freerepublic.com - Right-wing stuff
www.jbs.org - Excellent site for all kinds of right-wingery
www.dack.com/web/bullshit.html - Web economy bullshit generator

Crackpot science links

www.fixedearth.com - The Earth Is Not Moving
www.jir.com/index.htm - The Journal