Deeplinks

Attorney General Nominee Sessions Backs Crypto Backdoors (Di, 24 Jan 2017)
As the presidential campaign was in full swing early last year, now-President Trump made his feelings on encryption clear. Commenting on the Apple-FBI fight in San Bernardino, Trump threatened to boycott Apple if they didn’t cooperate: “to think that Apple won't allow us to get into [the] cell phone,” Trump said in an interview. “Who do they think they are? No, we have to open it up.” For that reason, we were curious what Trump’s nominee for Attorney General, Sen. Jeff Sessions (R-AL) would say about the role of encryption. At his confirmation hearing, Sessions was largely non-committal. But in his written responses to questions posed by Sen. Patrick Leahy, however, he took a much clearer position: Question: Do you agree with NSA Director Rogers, Secretary of Defense Carter, and other national security experts that strong encryption helps protect this country from cyberattack and is beneficial to the American people's’ digital security? Response: Encryption serves many valuable and important purposes. It is also critical, however, that national security and criminal investigators be able to overcome encryption, under lawful authority, when necessary to the furtherance of national-security and criminal investigations. Despite Sessions’ “on the one hand, on the other” phrasing, this answer is a clear endorsement of backdooring the security we all rely on. It’s simply not feasible for encryption to serve what Sessions concedes are its “many valuable and important purposes” and still be “overcome” when the government wants access to plaintext. As we saw last year with Sens. Burr and Feinstein’s draft Compliance with Court Orders Act, the only way to give the government this kind of access is to break the Internet and outlaw industry best practices, and even then it would only reach the minority of encryption products made in the USA. As we’ve done for more than two decades, we will strongly oppose any legislative or regulatory proposal to force companies or other providers to give Sessions what he’s demanding: the ability to “overcome encryption.” Code is speech, and no law that mandates backdoors can be both effective and pass constitutional scrutiny. If Sessions follows through on his endorsement of “overcoming” encryption, we’ll see him in court. Related Cases:  Apple Challenges FBI: All Writs Act Order (CA) Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Supreme Court Should Block Printer Company’s Ploy to Undermine Consumer Rights (Mo, 23 Jan 2017)
EFF Urges Justices to Protect Important ‘Patent Exhaustion’ Doctrine San Francisco - When you buy a printer cartridge, is it yours? Or can the company control what you do with it, even after you pay your bill and take it home? The Electronic Frontier Foundation (EFF) urged the U.S. Supreme Court today to protect consumers’ property rights in a court case centering on the important “patent exhaustion” doctrine. In Impression Products, Inc. v. Lexmark International Inc., printer company Lexmark sold printer cartridges with restrictions on refilling and resale. Impression Products acquired used Lexmark ink cartridges and then refilled and resold them, sparking a lawsuit from Lexmark claiming infringement. The Federal Circuit decided in Lexmark’s favor, ruling that a customer’s use of a product can be “restricted” by the patent owner with something as simple as a notice on disposable packaging. In the amicus brief filed today, EFF—joined by Public Knowledge, AARP and the AARP Foundation, Mozilla, and R Street—argued that “conditional sales” like the ones attempted by Lexmark cannot impose arbitrary conditions on a customer’s use of a product. The Federal Circuit’s incorrect ruling to the contrary goes against the doctrine of “patent exhaustion,” which says that once a patent owner sells a product, it cannot later claim the product’s use or sale is infringing. “If allowed to stand, the lower court’s decision could block your right to reuse, resell, and tinker with the devices you own,” said EFF Staff Attorney Daniel Nazer, who is also the Mark Cuban Chair to Eliminate Stupid Patents. “Under this theory, consumers could be held liable for infringement for using products purchased legally, and that the patent owner has already been paid for.” Patent exhaustion has been part of centuries of law upholding the right of individuals to use and resell their possessions. If patent owners can control goods after sale, then all sorts of activities—like security research, reverse engineering, and device modification—would be threatened. “This trick is straight out of some companies’ wishlists for restricting user rights,” said EFF Staff Attorney Kit Walsh. “They have tried a variety of legal tactics to restrict your ability to repair or resell the things you buy, and to prevent experts from investigating how they work. That includes experts who want to figure out if your devices are secure and respecting your privacy, or who want to build products that can plug in to your devices and make them do new and useful things. We urge the Supreme Court to reaffirm the patent exhaustion doctrine, and protect people’s rights to own and understand the products they’ve purchased.” For the full amicus brief: https://www.eff.org/document/supreme-court-merits-brief Contact:  Daniel Nazer Staff Attorney and Mark Cuban Chair to Eliminate Stupid Patents daniel@eff.org Kit Walsh Staff Attorney kit@eff.org Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Does Trump's Withdrawal From TPP Signal a New Approach to Trade Agreements? (Mo, 23 Jan 2017)
A planet Earth in chainsToday, President Trump signed an executive order fulfilling his campaign promise to withdraw the signature of the United States from the Trans-Pacific Partnership agreement (TPP). Although EFF was a strong opponent of the TPP, President Trump's reasons for withdrawal from the agreement are not EFF's reasons for opposition to it. Whereas the President contended in his inauguration address that previous U.S. trade policies had "enriched foreign industry at the expense of American industry," he had nothing to say about EFF's concerns such as the secrecy with which the pact was concluded, and its impacts on digital rights. This means that the President's withdrawal from the TPP may not have achieved a long-lasting victory on those underlying issues. In other words, when future trade deals led by the Trump administration come up—such as a revision of NAFTA, and new bilateral agreements—they may be just as secretive, and equally harmful to Internet users' rights, as the TPP. Ten days ago EFF held a roundtable on trade transparency to try to avert that outcome, by gathering experts from across government and civil society to make the case for a new, more transparent and inclusive approach to trade negotiations. Today, we are publicly releasing the text of five simple recommendations that came out of that meeting: On January 13, 2017 we the undersigned participants at a Trade Transparency Roundtable presented the following recommendations to the United States Trade Representative (USTR) for the reform of its current trade negotiation practices, which we observe as lacking in public transparency and openness. 1. Publish U.S. textual proposals on rules in ongoing international trade negotiations USTR should immediately make available on its website the textual proposals related to rules that it has already tabled to its negotiating partners in the context of the TTIP, TiSA, and any other bilateral, regional, or multilateral trade and investment negotiations it undertakes. 2. Publish consolidated texts after each round of ongoing negotiations USTR should impose as a prerequisite to any new or continuing trade negotiations that all parties agree to publish consolidated draft texts on rules after each negotiating round, including negotiations conducted on the entire agreement or a specific element or chapter and among trade ministers or other officials of every party to such negotiations or of a subgroup of the parties to such negotiations. 3. Appoint a "transparency officer" who does not have structural conflicts of interest in promoting transparency at the agency USTR should immediately appoint a transparency officer who does not have any structural conflicts of interest in promoting transparency at the agency. 4. Open up textual proposals to a notice and comment and public hearing process USTR should initiate on-the-record public notice and comment and public hearing processes—at least equivalent to that normally required for other public rulemaking processes—at relevant points during the generation of government positions. 5. Make Trade Advisory Committees more broadly inclusive If proposed U.S. texts and draft texts from negotiations are made publicly available, the main official advantage of the Trade Advisory Committee system – access to that information – would disappear. However, if Trade Advisory Committees are to be retained in addition to public notice and comment and public hearing processes, then resources must be devoted to making membership and effective participation in these committees more accessible to all affected stakeholder groups, including non-industry groups. We submit these recommendations in the firm belief that that such reforms will be essential in enabling the successful conclusion of future trade agreements, particularly those that contain provisions relating to the digital and online environment. These five recommendations have also been endorsed by the Sunlight Foundation and the Association of Research Libraries, and we will be updating this post with further organizational endorsements as we receive them.  The President also stated in his inauguration speech last week that henceforth "every decision on trade…will be made to benefit American workers and American families." If that is so, then one such decision should be to ensure that these American workers and families have access to the text of the proposed trade rules that will affect their lives, and that there is a better way of ensuring that their opinions, rather than just those of industry lobbyists, are reflected in U.S. trade policy. Indeed, however U.S. trade rules may change going forward, better transparency in developing those rules makes sense for this and every future U.S. administration.  The five simple recommendations above are a good first start, and currently EFF's top priority on trade and your rights. We will be transmitting them to the United States Trade Representative and to other key offices within the administration, and following up throughout the year. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

When the Law Stands in the Way of Tech Companies Standing Up for Their Users (Mo, 23 Jan 2017)
It’s no secret online service providers hold tons of sensitive data about their customers, which is why EFF calls on companies to stand up to abusive or overbroad government demands for this data. It’s especially important for providers to play this role when the government forces them to stay silent and not notify their users about the government’s demands. In those cases, the service provider is simply the only party able to challenge the government. Unfortunately, companies are too often met with hurdles to vindicating their users’ rights. Two recent cases illustrate some of the problems they face. Microsoft sued the government last year, challenging portions of the Electronic Communications Privacy Act (ECPA) that allow the government to serve a warrant on the company to get access to customers’ emails and other information stored on remote servers—all without telling users their data is being searched or seized. Microsoft argues that precluding notice to its users violates both its First Amendment rights and its customers’ rights under the Fourth Amendment to be notified of the search. (EFF filed an amicus brief in support of Microsoft.) Today, Microsoft is facing a hearing on the government’s motion to dismiss the lawsuit. Troublingly, the court has asked the parties to address whether Microsoft should be allowed to assert its customers’ Fourth Amendment rights at all, because in the words of the Supreme Court, Fourth Amendment rights are “personal” and “may not be vicariously asserted.” However, there are well-established precedents allowing third parties to “stand in the shoes” of others and bring a lawsuit. In these cases, standing requires a close relationship between the third party and the individual whose rights are being asserted and a demonstration of circumstances preventing the individual from personally bringing the lawsuit. That’s what allows doctors to sue behalf of patients for the right to an abortion and liquor vendors to challenge unequal, gender-based treatment of their customers, to give just a few examples. Microsoft’s lawsuit fits this model: Microsoft has a close business relationship with its customers, and it is suing for the very reason that the government’s secrecy in demanding data held by Microsoft prevents its customers from asserting their own rights. Even the Foreign Intelligence Surveillance Court of Review, not known for its friendliness to the Fourth Amendment, found in 2008 that Yahoo could sue to protect its customers’ data against warrantless collection by the NSA. Given that the “papers and effects” protected by the Fourth Amendment are increasingly stored not in the home but by companies like Microsoft, barring these companies from suing to protect Fourth Amendment rights would be a great setback for privacy. We’ll be watching closely to see what the court in Microsoft’s case decides. A closely related issue surfaced in a case involving Facebook, which has spent years trying to quash 381 “bulk warrants” issued by New York State for the contents of users accounts. Back in 2013, a trial court determined that Facebook couldn’t stand in the shoes of its users, and Facebook appealed. Rather than simply relying on the question of “vicarious” standing, however, the intermediate court questioned how and whether the Fourth Amendment even protects the information Facebook was being asked to provide, namely the entire contents of accounts. What’s more, the court determined that even though Facebook’s assistance was required to produce the information, it need not be given a chance to object to the search warrants in advance. The case has now reached New York’s highest court, and earlier this month, EFF joined an amicus brief written by the law firm of O’Melveny & Myers along with the Brennan Center for Justice, the Center for Democracy & Technology, Access Now, and TechFreedom to highlight the important Fourth Amendment issues at stake. As the brief explains: Courts should apply the Fourth Amendment with full force to protect against improper government access to personal data that is stored with Internet Service Providers (“ISPs”). This data often includes both “sensitive records previously found in the home” and highly personal information “never found in a home in any form.” . . . The fact that such data is held by a third-party ISP like Facebook should not diminish Fourth Amendment protections. If anything, searches and seizures of data held by ISPs deserve heightened Fourth Amendment scrutiny because the aggregation and remote storage of private data greatly reduces resource constraints on law enforcement and allows for the bulk warrant tactics employed here. We’re hopeful that the New York court will recognize the importance of allowing third parties to vindicate Fourth Amendment rights of their users and to apply these rights robustly.  Related Cases:  Microsoft v. Department of Justice Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Copyright Shouldn't Be A Tool of Censorship (Fr, 20 Jan 2017)
We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of the law, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation. Copyright was meant to be an “engine of free expression,” and with the right limits, it can be. But today’s copyright law stifles free speech far too often. Its broad reach, its excessive and unpredictable penalties, and its flawed enforcement mechanisms make tempting tools for anyone seeking to make speech they don’t like disappear from the Internet. Threats to free speech are on the rise. From potentially ruinous libel suits against bloggers, to the erosion of net neutrality, to intimidation of websites by law enforcement, the promise of the open Internet as a medium where all can speak and be heard is at risk.  In this environment, it’s more important than ever that copyright not be twisted into a tool of censorship. The Tale of the Thin-Skinned President Imagine, if you can, a thin-skinned person who rises to become President of a nation. Despite his powerful position, this person simply hates being mocked. The President’s opponents create memes and parodies to make fun of him. These memes often include unsympathetic photographs paired with critical text. Could this leader turn to copyright to censor his critics? The answer, alas, is yes. President Rafael Correa of Ecuador has spent millions of dollars of public funds to censor online criticism. One of his favorite censorship tools is the Digital Millennial Copyright Act (DMCA) takedown notice, a creation of U.S. law that can be invoked around the world on social networks and other Internet platforms. These notices are often used to attack fair uses such as reporting and criticism. The Ecuadorian government has abused copyright law in attempts to censor news reporting, critical tweets, and documentaries. Indeed, its use of copyright law as a censorship tool is so rampant that it has attracted the attention of Human Rights Watch and was the subject of a report by the Committee to Protect Journalists. EFF has long argued that, as currently interpreted by the courts, the DMCA provides insufficient protection for free speech. Since copyright law provides the quickest and easiest way to remove unwanted online content, it is a favorite tool of unscrupulous censors. On behalf of our client Stephanie Lenz, we are currently asking the Supreme Court to improve the protections for fair use within the DMCA. From Copyright to “Terrorist Content” to Political Dissent Mr. Correa’s misuse of copyright law tools to suppress political speech is just one example of how a system set up to enforce rules about online speech can easily be co-opted, and why it’s dangerous to build such systems in the first place. We’ve written here about the private “voluntary” copyright enforcement systems being built by major entertainment companies along with Internet service providers, payment processors, domain name registries, and others, with the encouragement of the U.S. government. Once built, these systems risk being used for more overt censorship. The recent agreement by YouTube, Twitter, Microsoft, and Facebook to block ill-defined “terrorist content” based on a shared blacklist mirrors the copyright system set up by the Motion Picture Association of America with the domain name registries Donuts and Radix. Both systems create a quick and easy way to make speech disappear from the Internet based on the determinations of private companies without any clear standards or meaningful recourse. Both were created under pressure from governments, but without any accountability through political and legal processes. And both are subject to abuse. Just as critical commentary can be taken down through false or flimsy accusations of copyright infringement, it’s easy to imagine speech that criticizes a government figure being labeled as “terrorist content,” and blocked. Carefully balanced and limited, copyright can reward artists and promote creativity. But today’s copyright law, and the mechanisms created to enforce it, enables censorship that harms artists, voices of political dissent, and all who speak against the powerful. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

EFF to Court: Protect Free Speech From Overbroad Use of DMCA (Fr, 20 Jan 2017)
In order to make remix videos, do computer research, or make e-books accessible, people often need to bypass access controls on the media they own. This week, EFF explained to the U.S. Court of Appeals for the Ninth Circuit that the government cannot prohibit such speech without running afoul of the First Amendment, in a friend-of-the-court brief filed in the case of VidAngel v. Disney.  VidAngel provides a service that allows customers to view movies minus the parts it identifies as offensive. Disney and other entertainment companies, including Fox and Warner Brothers, argued that providing this service violates copyright law and the related law against bypassing access controls in Section 1201 of the Digital Millennium Copyright Act. Importantly, they argue that the service involves circumvention of the access controls on DVDs, and that VidAngel could be liable for this violation even if its service were held to entail fair use and thus did not infringe copyright. This is an issue that the Ninth Circuit has previously left unresolved, and on which other federal appeals courts disagree. We filed to ensure the Ninth Circuit understands the impact on speech of an anti-circumvention law that does not include flexible accommodations for free speech, like a fair use exemption. This is an issue we are also directly litigating in the District of Columbia, where we await a ruling in our Green v. Department of Justice lawsuit. After almost 20 years of speech repression, it is past time to remedy the defects in Section 1201 of the DMCA, and we hope 2017 will be the year that finally happens. Related Cases:  Green v. U.S. Department of Justice Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Hollywood Doesn’t Represent All Creators (Do, 19 Jan 2017)
We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of the law, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation. One of the biggest pitfalls in copyright policymaking is to treat creators of copyrighted content as a monolithic entity with identical interests and concerns. When massive entertainment companies ask for dangerous new types of copyright protection, they imply that all artists share the same set of interests (which allegedly line up with those of the big companies themselves). It would be a mistake even to accept the entertainment industry’s interpretation of the will of the artists it represents, let alone extend it to the community of artists in general. Copyright should take into account the needs of artists and creators of all stripes, reflecting the differences among their tactics, their goals, their business models, and how they go about creating new works. The conflict over copyright between Hollywood and independent artists is perhaps nowhere more pronounced than in the debate over automatic copyright filtering on YouTube and sites like it. Video creators rely on fair use protections every day—especially if their work involves quoting or sampling others’ content for the purposes of criticism, journalism, or education, uses that are protected under the law. Last year, video creators organized to protest YouTube’s copyright policies—they argued that fear of Content ID takedowns (and of having to navigate YouTube’s arcane repeat infringer system) effectively chilled YouTube artists’ free expression. As popular YouTube personality Doug Walker put it, “I’ve been doing this professionally for over eight years, and I have never had a day where I felt safe posting one of my videos even though the law states I should be safe posting one of my videos.” YouTubers were successful in convincing Google to make some small but important policy changes (namely, allowing videos to earn revenue while under a copyright dispute, thus ensuring that a bogus dispute doesn’t cut off a creator’s revenue stream), but that victory could be tiny compared to the fight that’s on the horizon. The RIAA and a host of other entertainment industry groups recently wrote a memo to President-Elect Trump asking for a major overhaul of the safe harbors system in the Digital Millennium Copyright Act (DMCA). Safe harbors protect web platforms that host third-party content from liability for their users’ allegedly infringing content. Without safe harbors, many popular media platforms would look very different from how they look today, or they simply wouldn’t exist. Although it didn’t make specific demands, the RIAA memo eerily echoes a number of proposals that Hollywood lobbyists have made for weakening safe harbor protections. One such proposal is a filter-everything approach: under filter-everything, websites that host third-party content would be required to run Content ID-style copyright bots. Once a takedown notice went uncontested, the platform would have to block any future uploads of the same allegedly infringing content. Proposals like filter-everything inevitably shift the burden of policing copyright infringement (or at least some of that burden) from copyright owners to the web platforms themselves. In doing so, they effectively incentivize platforms to give copyright owners the upper hand in any dispute. Moreover, legally mandated filters could compromise fair use. As we’ve said before, copyright bots can be a helpful tool, but they’re no substitute for human analysis. Ultimately, when big content companies demand weaker users’ rights or brand new types of copyright protection, they make a crucial miscalculation. They assume that their large budgets earn them super-copyright powers—that is, that lawmakers must protect their rights to the detriment of other creators, users, and platforms because their content is so expensive to produce. It doesn’t work that way. As Tim Cushing pointed out, Hollywood’s logic would suggest that a ticket to Avatar should cost 90,000 times more than a ticket to Paranormal Activity. Independent creators of all types can play an essential role in pushing for fairness in copyright law. Lawmakers need to balance the needs and rights of everyone, including small creators and users. When entertainment companies claim to represent the will of artists, Congress hears only a fraction of the story. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Kazakhstan’s Exploitation of Flawed U.S. Law To Censor Respublika Finally Ends, In Cautionary Tale About CFAA Abuse (Do, 19 Jan 2017)
The Republic of Kazakhstan’s harassing U.S. court case that it used to target the independent newspaper Respublika, and other fierce critics of the ruling regime, has finally come to an end. Kazakhstan employed the deeply flawed U.S. hacking statute called the Computer Fraud and Abuse Act (CFAA) to mount a two-year campaign of harassment, censorship, and retaliation against the publication in courts around the world. The clock ran out on Kazakhstan’s lawsuit and the government finally dismissed it, but not before real damage was done to the free speech rights of the newspaper, which was forced to shut down, and other parties. The harassment of Respublika is a cautionary tale about how the CFAA can be used by an oppressive foreign government to enter the U.S. court system by claiming it was hacked by an unknown party, and then use the U.S. case to get court orders here and abroad to intimidate enemies and dissidents without ever having to name a defendant. The government of Kazakhstan pursued Respublika, with lawsuits and threats for fifteen years. By 2012 the paper’s founder was in exile and the publication ceased printing—but survived by going digital. In 2014 the paper began reporting on a cache of emails leaked from what appeared to be the Gmail accounts and computers of Kazakhstan government officials. Kazakhstan then filed a CFAA lawsuit in federal court in New York against the unknown hackers of the emails, and obtained a court order it used to force Respublika and its web hosts to take down certain articles about the emails. Enter EFF. We represented Respublika in New York and won an order blocking such censorship. A federal judge ruled that the First Amendment protected publication of the documents by anyone unless they were directly involved in the alleged theft. We helped Respublika win a separate order in federal court in California rejecting Kazakhstan's demand that Facebook turn over information about users associated with Respublika’s account on the social media site. Nevertheless, Respublika’s editor in chief was required to be questioned under oath about the paper’s funding sources and confidential sources. The federal judge in New York also authorized a deposition of dissident and Kazakh opposition leader Muratbek Ketebayev, in Poland, where he has political asylum. Kazakhstan also went to court in New Zealand and obtained an order that cloud storage website Mega must hand over a slew of otherwise confidential users' information. The toll the CFAA case took on Respublika was drastic. In September the editors, citing the lawsuit and risks to the safety of its people, announced that after 16 years of courageous and independent reporting the weekly was shutting down. In the end, the republic failed to name a defendant within the two-year statute of limitation required under the CFAA. We’re relieved the case is going away, but without drastic reform of the CFAA, it’s only a matter of time before another government uses our courts to intimidate those it considers enemies. Related Cases:  Kazakhstan v. Does Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

EFF to Court: Don’t Undermine Legal Protections for Online Platforms that Enable Free Speech (Do, 19 Jan 2017)
EFF filed a brief in federal court arguing that a lower court’s ruling jeopardizes the online platforms that make the Internet a robust platform for users’ free speech. The brief, filed in the U.S. Court of Appeals for the Ninth Circuit, argues that 47 U.S.C. § 230, enacted as part of the Communications Decency Act (known simply as “Section 230”) broadly protects online platforms, including review websites, when they aggregate or otherwise edit users’ posts. Generally, Section 230 provides legal immunity for online intermediaries that host or republish speech by protecting them against a range of laws that might otherwise be used to hold them legally responsible for what others say and do. Section 230’s immunity directly led to the development of the platforms everyone uses today, allowing people to upload videos to their favorite platforms such as YouTube, as well as leave reviews on Amazon or Yelp. It also incentivizes the creation of new platforms that can host users’ content, leading to more innovation that enables the robust free speech found online. The lower court’s decision in Consumer Cellular v. ConsumerAffairs.com, however, threatens to undermine the broad protections of Section 230, EFF’s brief argues. In the case, Consumer Cellular alleged, among other things, that ConsumerAffairs.com should be held liable for aggregating negative reviews about its business into a star rating. It also alleged that ConsumerAffairs.com edited or otherwise deleted certain reviews of Consumer Cellular in bad faith. Courts and the text of Section 230, however, plainly allow platforms to edit or aggregate user-generated content into summaries or star ratings without incurring legal liability, EFF’s brief argues. It goes on: “And any function protected by Section 230 remains so regardless of the publisher’s intent.” By allowing Consumer Cellular’s claims against ConsumerAffairs.com to proceed, the lower court seriously undercut Section 230’s legal immunity for online platforms. If the decision is allowed to stand, EFF’s brief argues, then platforms may take steps to further censor or otherwise restrict user content out of fear of being held liable. That outcome, EFF warns, could seriously diminish the Internet’s ability to serve as a diverse forum for free speech. The Internet it is constructed of and depends upon intermediaries. The many varied online intermediary platforms, including Twitter, Reddit, YouTube, and Instagram, all give a single person, with minimal resources, almost anywhere in the world the ability to communicate with the rest of the world. Without intermediaries, that speaker would need technical skill and money that most people lack to disseminate their message. If our legal system fails to robustly protect intermediaries, it fails to protect free speech online. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

5 Years Later, Victory Over SOPA Means More than Ever (Mi, 18 Jan 2017)
It would have happened slowly at first. A broken hyperlink here and there. A few Google searches with links leading to nowhere. In the beginning, global users of the web would have barely noticed pieces of the Internet going dark. Then there may have been a few investigative journalists piecing things together, and then more coverage as mainstream media picked it up. Adversaries of the open web would have grown bolder, attacking larger and larger websites. Services and companies that we enjoyed would have been shut down or drastically changed. Some sites would never have existed at all, but Internet users would never really know what they were missing.  The increasingly rigid control of the Internet would have turned surfing the web into an experience more like surfing television stations—moving from one controlled, expensive online platform to the next—than the strange maze of eccentric, eclectic information flows that we have today. In a few generations, the wildness of the web would have been extinguished. Instead, we fought back. On January 18, 2012, advocacy groups like EFF, Fight for the Future, and Demand Progress, millions of everyday Internet users across the globe, Internet engineers, law professors and tech companies big and small worked together to orchestrate a digital protest so powerful, it changed the game in DC and around the world. Congress was flooded with emails, calls, and letters while huge websites like Google and Wikipedia blacked out in solidarity. The Internet showed Washington that it could and would defend itself. But defeating SOPA didn’t happen in a single day—it was a multi-year effort. Many people remember the blackout and forget the countless hours spent raising early alarms about coming censorship efforts. That work—in the form of public advocacy, research, articles, and coalition calls—was indispensable to creating the movement that would defeat SOPA. Today, we’re raising those alarms again. While no one knows the details of what the coming four years will bring, we have enough information to be afraid for the future of digital rights. With President Trump taking office, we expect new efforts to undermine encryption, ratchet up surveillance, dismantle protections for net neutrality, and attack freedom of the press. Now more than ever, we need an engaged, coordinated, powerful force of Internet defenders.  That’s why EFF is joining dozens of organizations in commemorating the SOPA anniversary today. We’re committing to safeguarding Internet freedom against all foes, and we know that core values like creativity, access to knowledge, and privacy are at stake. A coalition of digital rights groups—including EFF—and Internet companies published a piece today about the SOPA blackout and the future of our fight: Looking back from five years in the future, the defeat of SOPA/PIPA by an unlikely coalition of Internet activists, online communities, and huge business interests is even more amazing. The call to action didn’t fall along party lines. It brought together libertarians, progressives, conservatives, and Tea Party activists. It didn’t matter if you were a major corporation or an individual citizen. For one day, the line was drawn, and the fight for a Free Internet changed everything… If the 2012 victory against SOPA/PIPA taught us anything, it’s that whether or not the Internet will remain a place that everyone can access reliably and affordably to share, connect, and create freely depends on us. Read more. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

The Perils of Secrecy in Copyright Rulemaking (Mi, 18 Jan 2017)
We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of the law, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation. When a big corporation seeks special-interest laws to boost its profits at the expense of the broader public interest, it naturally gravitates towards the most secretive lawmaking venue possible. This is why Hollywood's copyright maximalists have invested so much in international trade agreements, where negotiations over copyright rules take place behind closed doors, and negotiators take the advice of secretive, industry-dominated advisory panels. Last year, that tactic backfired—big time. After five wasted years of taxpayer-funded flights around the world, the Trans-Pacific Partnership (TPP) dramatically imploded, frustrating big media's plans to extend the term of copyright protection across the Pacific rim, to set broken U.S. rules on DRM in concrete, and to turn some cases of non-commercial copyright infringements into international crimes. But the death of the TPP doesn't mean the end of free trade agreements. In one form or another, these agreements will continue, and so will the lobbying efforts of copyright maximalists. The only way to break the cycle is to make dramatic changes to the way in which trade agreements are negotiated, to make them a less attractive venue for rent seeking. The way to do this is to make trade agreements more open, democratic, and transparent. To this end, EFF held a high-level roundtable on trade transparency in Washington, D.C. last Friday, inviting not only staff of the U.S. Trade Representative (USTR), but also representatives of other agencies with expertise in trade, along with interested Congressional offices, a few key Internet industry representatives, and colleagues from two civil society networks, the Open Digital Trade Network that EFF formed last year, and the OpenTheGovernment.org coalition. As we explained in a background document [PDF] that we tabled at the meeting: Trade agreements are disconnected from democratic oversight, mired in a swamp of influence from lobbyists and special interests, and harmful to the interests of American workers and entrepreneurs. Agreements are negotiated with levels of confidentiality that go far beyond those necessary for effective deal-making. But the roundtable wasn't just a gripe session. We came into the meeting with some specific proposals for meaningful reforms that would make trade negotiations more transparent and inclusive; for example: the regular release of U.S. text proposals and consolidated negotiation texts, the development of U.S. proposals through an open, notice-and-comment process, and (if they are to be retained at all) the relaxation of confidentiality obligations applicable to Trade Advisory Committees. We left the meeting with strong support around the table for some of these ideas, and with a number of additional ideas from the assembled experts. While we also received some pushback, which amounts to an argument for business as usual, the idea that Americans will accept any future trade agreements that are negotiated in the same closed, captured fashion as the TPP is delusional thinking. As we explained: the world in which such agreements are made has changed since America’s first trade agreements were negotiated in the 1930s under the Reciprocal Tariff Act. Today, transparency and broad public consultation are expected, and fierce public opposition can be expected to follow any trade agreement that does not follow these practices. This is especially so in relation to Internet-related rules, where prescriptions nominally about commerce and trade can affect citizens’ free speech and other fundamental individual rights. As we also explained, copyright and other so-called intellectual property rules are the archetypal example of such rules that affect free speech and other human rights, and can't be treated as if they only had impacts on trade. Hollywood has pushed the use of trade agreements to their breaking point—and sure enough, they have broken, leaving the new administration to pick up the pieces. It's too early to say whether trade negotiations will become more transparent and inclusive under the Trump administration, but EFF and our partners have made as best a case for it as we can. The USTR now has to decide what is more important—continuing to secretly write trade deals that include Hollywood's maximalist copyright rules, or negotiating agreements with a diversity of stakeholder views that may be less favorable to Hollywood, but have a better chance of being accepted as legitimate. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

EFF to BART: Adopt Spy Tech Control Law (Mi, 18 Jan 2017)
EFF urged the Bay Area Rapid Transit (BART) Board to adopt a new law that would ensure community control of whether to adopt new surveillance technologies. All too often, police executives unilaterally decide to adopt powerful new spying tools that invade our privacy, chill our free speech, and unfairly burden communities of color. These intrusive and proliferating tools of street-level surveillance include drones, cell site simulators, surveillance cameras, and automatic license plate readers. Under the proposed BART law, the power to decide whether or not to adopt new surveillance technologies would rest with the elected BART Board, and not law enforcement officials. The Board could not approve a new spy tool unless it first determines that the benefits outweigh the costs, and that the proposed use policy protects civil rights and civil liberties. Most importantly, members of the public would have the opportunity to participate in the decision-making process. As we explain in our letter to the BART Board: Each government surveillance technology raises a thicket of difficult questions.  Should it be used at all?  What are the benefits and the costs?  Will it actually make us safer?  If it is adopted, who will be targeted?  What are the privacy safeguards? These are questions that the BART Board of Directors should answer before BART adopts surveillance technology.  The general public should be heard, too.  When all concerned stakeholders participate, we make better decisions. Our allies include the ACLU and the Oakland Privacy Working Group. EFF supported a similar law adopted last year in Santa Clara County. We are now working on parallel efforts in Oakland and Palo Alto. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

EFF Celebrates Obama’s Decision: Chelsea Manning To Be Released This Year (Mi, 18 Jan 2017)
Chelsea ManningAs one of his very last acts in office, President Obama has commuted the sentence of whistleblower Chelsea Manning by 28 years. EFF applauds Obama for using his last days as president to bring justice to Manning’s case. And we congratulate all those who supported, defended, and spoke out on behalf of Manning over the years and supported her clemency petition. Your efforts secured her freedom.   Manning was originally sentenced to 35 years in prison for her role in the release of approximately 700,000 military and diplomatic records to WikiLeaks. Under this sentence—the longest punishment ever imposed on a whistleblower in United States history—Manning would have been released in 2045. Now, under the terms set by President Obama, Manning is to be released on May 17, 2017, after more than seven years behind bars. Last year, EFF filed an amicus brief in support of Manning to the U.S. Army Court of Criminal Appeals. Manning was convicted of 19 counts as a result of her whistleblowing activities, including one under the Computer Fraud and Abuse Act (“CFAA”). The notoriously vague law makes it illegal to intentionally access a computer connected to the Internet “without authorization,” but it doesn’t say what "without authorization” means. The government’s theory in Manning’s case was that she violated the CFAA when she disregarded the terms of a written computer use policy, which prohibited using unauthorized software to access a Department of State database. This theory takes the CFAA too far. In our brief, we told the Army Court of Criminal Appeals something we’ve said before (and before): violating a computer use policy is not a federal crime. What’s more, interpreting the CFAA’s language to include terms of use violations would turn millions of Americans into criminals on the basis of innocuous activities, like browsing Facebook or viewing online sports scores from a work computer in violation of company policy. EFF also successfully defended Manning’s ability to access information while in custody. After hearing word that the U.S. Disciplinary Barracks (USDB) at Fort Leavenworth had refused to provide her with printouts of EFF blog posts and other materials related to prisoner censorship—ostensibly to protect EFF’s copyrights—we contacted USDB and made sure Manning received the materials. We’ve also worked to protect the ability of Manning’s supporters to amplify her voice. Manning’s case—and draconian, 35-year sentence—highlights the need for legal reform. First, Congress needs to clarify something that courts across the country have already recognized: that the CFAA—a seriously outdated law—was never meant to criminalize violations of private policies. Second, it’s time for Congress to enact strong protections for whistleblowers, including reforming the Espionage Act to take into account both the motivation of individuals who pass on documents and the ramifications of the disclosure. While we’ll continue to fight for CFAA reform and whistleblower rights into the future, today we celebrate Manning’s freedom. Even from solitary confinement, Manning provided a unique perspective on foreign affairs, surveillance, incarceration, and gender identity through her essays and tweets. We look forward to her rejoining us in the free world and fulfilling her full potential—right alongside us. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

One Weird Trick to Improve Copyright: Fix EULAs (Di, 17 Jan 2017)
We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of the law, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation. Congress has been spinning its wheels on comprehensive copyright reform, but it could do a lot of good with one simple fix: forbid manufacturers from using EULAs to force consumers to waive their fair use rights. Traditionally, once a person has purchased a product, she has been free to use it however she sees fit without oversight or control from the copyright owner. Purchasers have also been free to use competitors’ add-on software and hardware that interoperate with the goods they buy, because innovators have been able to develop and distribute such technologies. That expectation is upended when it comes to products that come with embedded software, from tractors to refrigerators to toasters and children’s toys.  That software is supposed to make our stuff smarter, but it also makes our stuff not really ours. We own the hardware, but supposedly we only license the software in it.  And those licensing agreements sharply limit your ability to repair, test, and reuse your stuff. They inhibit both add-on innovation and security and privacy research that keeps you safe. Those limits usually take two forms. First, they force you to waive rights like fair use granted to you under copyright law, such as the rights to:  Remix media elements such as video game imagery or patch software (i.e. to prepare noninfringing derivative works); Reverse engineer (to understand non-copyrightable elements or to create interoperable software and hardware); Perform security or other research involving the software; and Perform otherwise lawful acts of circumvention, such as device jailbreaking. Second, they impose conditions on your use of the product, including:   Forbidding use of “unauthorized” hardware or software in conjunction with the device (such as third-party replacement parts for repair, competing peripherals, or privacy-protecting software on mobile phones); Forbidding second-hand sale of a used device; and Requiring the user to agree to ever more onerous EULAs to continue using their device at all. Users who violate these terms can find themselves threatened with a copyright lawsuit, but that is relatively rare. A more common tactic is to threaten third parties who want to offer add-on products or services (including repair) that might conflict with the EULA terms. Studies suggest that most customers have no idea they are agreeing to such terms. But even if they do, they have few options short of refusing to buy the device. One Guardian reporter tried reading the terms of use he encountered over the course of a week and concluded: “reading the terms and conditions simply doesn’t help … With no negotiating power, it ends up being mostly depressing reading.” And courts have repeatedly upheld such terms, even when the record is clear that no one has read them or even explicitly agreed to the terms. It’s time for Congress to take a step towards meaningful copyright reform: restrict the ability of manufacturers to force customers to waive their rights. Such a limitation is not all that unusual; for example, the current Copyright Act prevents authors from waiving their right to terminate a transfer of copyright ownership (which just makes sense – if publishers could require such a waiver the termination right would be meaningless). Legislators commonly restrict waiver by contract in all kinds of situations, as this table from the Association of Research Libraries shows. In the meantime, several states (New York, Massachusetts, Minnesota and Nebraska) are considering legislation to protect one basic right that’s often waived: the right to repair. If you live in those states, you can take action now to support those efforts. But we need a cleaner, simpler, national fix. As software proliferates, onerous outdated copyright rules and contract terms shouldn't stop us from making sure our devices are safe, much less inhibit innovation and creativity. After years of talk about copyright reform, it's time for Congress to take real steps to protect user rights.    Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

EFF's 100-Day Plan (Di, 17 Jan 2017)
The Trump presidency starts Friday. Here is the Electronic Frontier Foundation's agenda.  In a matter of days, the United States will enter a new era. On Friday, President Elect Donald J. Trump will swear the oath of office, pledging to uphold the Constitution. But as EFF has learned in the course of defending our fundamental rights over four American presidencies, our civil liberties need an independent defense force. Free speech and the rights to privacy, transparency, and innovation won’t survive on their own—we’re here to ensure that government is held accountable and in check. Technological progress does not wait for politicians to catch up, and new tools can quickly be misused by aggressive governments. The next four years will be characterized by rapid developments in the fields of artificial intelligence, autonomous vehicles, virtual and augmented reality, connected homes, and smart cities. We welcome innovation, but we also expect to see an explosion of surveillance technologies designed to take advantage of our connected world to spy on all of us and our devices, all the time. That data will be used not only to target individuals but to project and manipulate social behavior. What will our digital rights look like during these uncertain and evolving times? Will our current rights remain intact when the baton is passed on once again? Make no mistake: privacy, liberty, and accountability are not partisan issues. We’ve seen digital rights come under threat no matter which party controls the Oval Office. In 1995, we sued President Bill Clinton’s Department of Justice to overturn unconstitutional export restrictions on encryption. We sued President George W. Bush over illegal domestic surveillance. We sued the Obama administration for mass surveillance of digital communications. And we expect to file new lawsuits in the next four years. Now, more than ever, we will fiercely resist any legislation, policy, regulation, ruling, or prosecution that would impinge on our civil liberties. The first 100 days will set the tone for the rest of Mr. Trump’s time in office. The transition team has laid out what they hope to accomplish over this period. Some of the things he and his team said have us preparing for the worst. Based on statements about surveillance, net neutrality, and press freedom, we anticipate attempts to undercut many of the hard-won protections for technology users and thwart efforts to reform broken laws. But priorities tend to change, sometimes rather quickly. As Mr. Trump’s appointees assume control of every federal agency, and as Congress settles on its balance of power, the new government’s agenda will crystalize.  Today, EFF lays out how we will fight for your rights over those first 100 Days. 1. We will continue to defend digital rights in court. If the Trump administration seeks to undermine the constitutional rights of technology users, our litigation team stands ready to go to court. We’ve fought wrongful surveillance and censorship orders for 26 years, and our decades of experience make us uniquely suited to challenge unconstitutional laws and executive orders. We’ve successfully fought for the ability of online service providers to reveal the existence of national security letters and forced the release of secret opinions from the Foreign Intelligence Surveillance Court. We’ll also continue the legal challenges already underway: all 11 of EFF’s active cases against federal agencies will be inherited by the 45th president’s administration.  2. We will test and leverage the Freedom of Information Act. EFF has a long history of using FOIA requests and lawsuits to force transparency on our secretive government, and we intend to wield this tool from the earliest days of Trump’s presidency.  On day one, we will begin filing requests with the goal of assessing how his agencies will carry out the law and the new modest reforms passed by Congress last session. Over time, we will be demanding transparency from agencies within the Department of Justice, the Department of Homeland Security, and the intelligence community on a variety of issues, but especially on surveillance technology, litigating whenever necessary. 3. We will hold Silicon Valley accountable. From the boardroom executives to the server-room sysadmins, tech companies need to decide whether they’ll defend their users when the government comes knocking. EFF is sending a message: if you stand up for your users, then we’ll stand up for you. That’s why we began the year with a full-page ad in Wired magazine and a series of recommendations for the technology community. We plan to keep the pressure on tech companies—in public and through direct meetings. We will also keep building tools that will empower technology users to hold companies to account, and we will build and explore alternatives to a centralized, surveillance-friendly, Internet. 4. We will reach out to targeted communities to enhance their security and legal capabilities.   With the arrival of the Trump administration, we are going to dedicate more resources to help those most at risk. We will be providing even more free or at-cost security trainings to groups who may be subjected to increased surveillance under the Trump administration. We’re reaching out to a wide range of activists, Muslim communities, immigrant communities, lawyers, security educators and others. We also will be working to support security educators. While it is impossible to provide trainings to everyone, we will reach out to groups that could significantly benefit. These trainings can help ensure those who dissent are better protected from surveillance. Many of these groups worry about just how bad it could get if the surveillance apparatus of America’s intelligence services are turned further inward onto domestic political groups. EFF has spent many years working across the world to help activists and dissidents in countries with repressive regimes, from Iran to Russia to China to Ethiopia to Vietnam to Kazakhstan, as well as advise those who might have already been targeted abroad by the United States. We have helped with advice, tools, exposés, and we have learned much from our partners. We are prepared to bring that knowledge home—while continuing to defend the rest of the world from the excesses of the American surveillance state.  We are also reaching out to organizations to provide our specialized legal expertise in defending free speech, surveillance, and privacy, building new relationships and deepening old ones. When their digital rights are threatened, we will stand up for them in court to challenge invasive policies and laws.  5. We will work on creating new security education materials. Surveillance Self Defense has been our flagship security-training tool, providing in-depth, step-by-step guides to threat modeling, understanding different types of encryption, choosing tools that are right for you, and understanding their limitations. We will be expanding, updating, and sharpening these guides in the coming months, including better helping trainers and those in our tech-savvy community who are seeking to digitally protect friends or loved ones. And of course, we will continue to translate SSD into nearly a dozen languages, so that our message reaches people in need, no matter where they are or what language they speak. 6. We will work with the California legislature to resist federal government overreach.  California has never been in a stronger position to protect the rights of its citizens and residents. The governor and the legislature have drawn a line in the sand on a number of issues, including digital privacy. Right out of the gate, Senate President pro Tem Kevin de León introduced S.B. 54, the California Values Act, which would restrict how data collected by law enforcement is shared with the federal government in order to counter mass deportations, the creation of Muslim registries, and efforts to monitor the public. The bill would also require every state agency to review its confidentiality policies and only collect the bare minimum of information required to carry out its duties. EFF will work with a coalition of justice and community organizations to strengthen this bill, as well as other measures that the legislature may introduce. As the center of the global technology industry, we can also work here for legal changes that can improve user privacy in tech produced by California-based companies, no matter where in the world those users live. 7. We will build the ground game in Washington, D.C. EFF has redoubled its effort to bring our expertise to Capitol Hill, with a larger team dedicated to knocking on doors in the halls of Congress. Since the election, we’ve connected with dozens of Congressional offices, advocating for our supporters and offering practical instruction on digital privacy. We’re talking to our returning bipartisan allies, among them Sens. Ron Wyden and Rand Paul, who have already distinguished themselves by asking direct questions about mass surveillance from Trump’s nominees. We are also meeting with returning members of Congress whose perspectives on civil liberties and digital privacy may have shifted over the course of tumultuous 2016. There are seven new senators to reach out to as well, including Sen. Kamala Harris, who represents California where EFF is based, and who has been appointed to two committees key to our issues: Homeland Security and Intelligence. 8. We will lead a campaign to end mass surveillance under Section 702 of the FISA Amendments Act. Regardless of who occupies the White House, mass surveillance of Internet communications is unconstitutional. We are hopeful that even those who defended government surveillance under President Obama will rethink the wide set of surveillance tools that will be handed to the incoming Trump administration. As always, we will fight to protect users’ privacy from government surveillance, including by supporting a warrant requirement for emails, pushing back on new government hacking powers, and calling for a sunset to national security surveillance authorities. Section 702 of the FISA Amendments Act—one of the legal authorities used to justify the sweeping and warrantless Internet surveillance exposed by former government contractor Edward Snowden—is set to expire at the end of 2017. We are ready to fight alongside principled lawmakers to end this mass surveillance.  9. We will defend a free and open Internet. There’s ample reason to believe that Mr. Trump and his appointees, backed by members of Congress, will attempt to dismantle hard-fought net neutrality victories. With new membership, we are expecting the Federal Communications Commission to actively seek ways to roll back consumer privacy rights and allow Internet service providers to stealthily harvest your data so it can be packaged and resold to third parties without your permission. We are prepared to fight efforts to undo the Open Internet Order and allow cable and telephone companies to dictate the future of the Internet. We will continue to play a major role in building the movement to oppose any efforts to undermine Internet freedom in Congress, the Executive Branch, and in the courts. 10. We will cultivate a grassroots movement to defend digital rights in all 50 states. We are planting seeds to grow dissent at the local level by encouraging and supporting movements to resist surveillance and censorship and to promote a free and open Internet in their own communities. Having launched nine months ago, the Electronic Frontier Alliance already has recruited more than 40 local organizations from over 15 states, which is a solid start toward our long-term goal to identify a group representing the alliance in every state in the country. While we won’t have groups in every state within the first 100 days, we will prioritize expanding into new areas, including in the southern states, such as North Carolina, Georgia, and Texas. We are also committed to working across parties (and not just Republicans and Democrats) to ensure freedom of speech and your right to privacy both to protect you and defend our democracy.   Digital privacy and free speech need protection. Become a member today. donate to EFF Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

First Amendment Protections Don’t End For Anonymous Speakers Who Lose Lawsuits, EFF Tells Court (Di, 17 Jan 2017)
Plaintiffs Don’t Automatically Get to Unmask Anonymous Blogger Cincinnati—The Electronic Frontier Foundation (EFF) urged a federal appeals court to uphold a judge’s ruling that the identity of an anonymous blogger found to have infringed copyright should remain secret, arguing that courts must balance litigants’ needs to unmask online speakers against the First Amendment protections afforded to those relying on anonymity. Maintaining one’s anonymity online may be warranted even in cases—like this one—where a court ruled that a blogger infringed a copyright, EFF said in an amicus brief filed with the U.S. Court of Appeal for the Sixth Circuit. The balancing test required by the First Amendment to protect speakers who choose to mask their identity must be applied at every stage of a lawsuit, including after a court finds an anonymous speaker violated the law, EFF said. EFF believes Signature Management Team LLC v. John Doe marks the first case to consider whether speakers can remain anonymous even after a court rules that they broke the law. “Plaintiffs don’t get to unmask anonymous bloggers just because they prove liability. The First Amendment requires that judges balance the need for anonymity against the needs of litigants at every stage of a lawsuit,” said Aaron Mackey, EFF Frank Stanton Legal Fellow. “Being able to speak online anonymously allows citizens to air dissenting views without fear of retaliation. Unmasking anonymous bloggers without proper justification can discourage people from speaking out or commenting online, which chills the free speech rights of all Americans.” The plaintiff is a multi-level marketing (MLM) company that won a judgment against the owner of Amthrax.com, a website and blog that criticizes Amway and other MLM companies. The owner is a former Amway marketer who blogs anonymously. Signature Management sued John Doe for infringing the copyright of its book, which was posted on Amthrax.com. After a judge ruled its copyright had been infringed, Signature Management sought a court order revealing the identity of John Doe, who feared he would face a slew of abusive comments and threats once his identity was known. The trial judge refused. In doing so, the judge correctly balanced the needs of the plaintiff with the First Amendment protections of the blogger. For the brief: https://www.eff.org/document/smt-v-doe-amicus-brief Contact:  Aaron Mackey Frank Stanton Legal Fellow amackey@eff.org Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

It's Copyright Week: Join Us in the Fight for a Better Copyright Law (Di, 17 Jan 2017)
We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of the law, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation. Copyright law touches everyone. But despite its constitutional mandate to serve the public, policymakers have often treated it as the private preserve of major media and entertainment industries. Those industries built entire empires on copyrighted works, and they’ve shaped the law to reflect their interests and desires. But with copyrighted software and digital technologies now integral to our daily lives, copyright affects everyone – and the law should serve all of us. Today, copyright law not only impacts the music you hear or the movies you watch, it shapes your ability to communicate with others online, to create, post or share content to online platforms, to make art that talks back to popular culture, and to use, fix, and tinker with your own belongings. When copyright law is out of balance – when content holders are given too much power to control how new technologies and copyrighted works are used – it limits our basic freedoms to access information, to express ourselves, to control our own digital devices, and to innovate to create new tools and creative works. Established content industries have long sought to use copyright law to expand their monopoly control over culture, pursuing longer copyright terms, for example, and attempting to dictate the design of new technologies that come into contact with creative works. These industries often use lobbying, litigation, and private agreements to reach their aims, and their campaigns sometimes harm the very progress and innovation that copyright is designed to encourage.  But in recent years, Internet users, emerging artists, authors, independent musicians and filmmakers, students, researchers, libraries, and technology users have begun to push back. Five years ago this week, a diverse coalition of Internet users, non-profit groups, and Internet companies defeated the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA), bills that would have forced Internet companies to blacklist and block websites accused of hosting copyright infringing content. Had they become law, SOPA and PIPA would have allowed established copyright industries to censor the web, and to constrain its innovative potential. They would also have increased the risk that both government and private entities could remove or block unpopular or critical speech from the Internet. In the five years since SOPA, new threats have emerged, and we continue to fight alongside our allies to push back against proposals that would expand copyright’s reach and trample on the public interest. But we’re not only fighting against bad legal changes and private agreements that harm the public – we’re taking part in the copyright reform process to fight for a better copyright law that serves everyone, not just established copyright industries. As part of that work, each year we join together with a diverse range of organizations to advocate for a set of principles for making copyright law work for everyone. This year, we highlight two additional principles. One is that copyright law should reflect the needs of all authors and creators, not just those backed by established copyright industries. This means that conversations around copyright reform should also include the voices of online creators, bloggers, remixers, fan artists, independent musicians and filmmakers, and authors who rely both on internet platforms, and on the limitations on copyright in order to produce and share new works. Another principle is that in the face of increasing anxiety about the vulnerability of freedom of expression online, the relationship between copyright and free speech is more important than ever. We will pay special attention to how both government and private entities use copyright law to undermine Internet users’ freedom of expression. Here are this year’s Copyright Week principles: Monday: Building and Defending the Public Domain. The public domain is our cultural commons and a crucial resource for innovation and access to knowledge. Copyright policy should strive to promote, and not diminish, a robust, accessible public domain. Tuesday: You Bought It, You Own It, You Fix It. Copyright law shouldn't interfere with your freedom to truly own your stuff: to repair it, tinker with it, recycle it, use it on any device, lend it, and then give it away (or re-sell it) when you're done. Wednesday: Transparency and Representation. Copyright policy must be set through a participatory, democratic, and transparent process. It should not be decided through back room deals, secret international agreements, or unilateral attempts to apply national laws extraterritorially. Thursday: 21st Century Creators. Copyright law should account for the interests of all creators, not just those backed by traditional copyright industries. YouTube creators, remixers, fan artists and independent musicians (among others) are all part of the community of creators that encourage cultural progress and innovation. Friday: Copyright and Free Speech. Freedom of expression is fundamental to our democratic system. Copyright law should promote, not restrict or suppress free speech. Every day this week, we’ll be sharing links to blog posts and actions on these topics at https://www.eff.org/copyrightweek and at #CopyrightWeek. If you’ve followed Copyright Week in past years, you may note that this year, we didn’t designate a specific day to focus on fair use. Fair use—the legal doctrine that permits many important uses of copyrighted works without permission or payment—is critical to the law’s ability to promote creativity, innovation, and freedom of expression. Fair use is a part of each of this year’s principles. As we said last year, if you too stand behind these principles, please join us by supporting them, sharing them, and telling your lawmakers you want to see copyright law reflect them.       Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Remember Dr. King—and What He Endured (Mo, 16 Jan 2017)
Annual celebrations of the life and work of Reverend Dr. Martin Luther King, Jr. often lionize the civil rights era, rightfully focusing on its achievements.  But celebrations often overlook the federal government’s attempts to “neutralize” the movement. While we remember Dr. King’s many achievements today, we also must remember the documented and unfounded vilification by U.S. intelligence agencies that he, and others in the civil rights movement, endured. As our nation approaches a new administration, led by a president-elect whose rhetoric has shown little respect for constitutional limits on executive power and armed with an entrenched surveillance state, that experience offers a prescient warning. A movement in Memoriam The emergence of the civil rights movement in the 1960s, its triumph over hate to establish desegregation and secure procedural voting rights, and the narrative of interracial struggle for justice—all reflect an inspiring legacy of a grassroots movement that aspired to hold America true to our founding values. As Dr. King succinctly exhorted, the movement called on America to "Be true to what you said on paper."  The movement was subjected to brutal violence, both by the assassination of its leaders and by the daily brutality of police and vigilantes reacting to the desegregation of public institutions. Dozens of civil rights activists from various backgrounds were murdered during this era, alongside hundreds—if not thousands—of African-Americans as young as 14 year-old Emmitt Till and 11 year-old Denise McNair, whose church in Alabama was bombed by extremists using violent terror to oppose racial integration. The risks confronting supporters of civil rights grew so acute that the Supreme Court in 1958, in NAACP v. Alabama, granted members of organizations the right to anonymity under the association clause of the First Amendment. EFF cited that decision 55 years later, when we filed First Unitarian Church of Los Angeles v. NSA to challenge the contemporary mass surveillance regime (which we have fought in court since 2008) that turned the right to anonymity on its head. Violent state suppression of speech Throughout Dr. King's life, and for a decade (if not longer) beyond it, the FBI pursued what members of the U.S. Senate in 1976 described as "a sophisticated vigilante operation aimed squarely at suppressing…First Amendment rights of speech and association." Those operations, described in internal FBI files as COINTELPRO, have been forgotten by many Americans, but represent a key to understanding why the specter of mass surveillance threatens not only privacy, but also democracy. For 40 years, FBI Director J. Edgar Hoover presided over a reign of intimidation and terror across Washington. Under his tenure, the FBI blackmailed members of Congress, and infiltrated organizations seeking everything from international peace to equal rights for women. The Bureau’s aim was not to guard national security from any external threat, but instead to “neutralize” constitutionally protected domestic dissent and people using their rights—including Dr. King. In addition to bugging his hotel rooms, monitoring his movements, and recording his liaisons, the FBI also tried to break up Dr. King's marriage and attempted to prompt his suicide. Many Americans reacted to seemingly politicized FBI disclosures in the days before the 2016 presidential election with surprise. But the FBI has embroiled itself in partisan controversies since its very origins. From the Palmer Raids through the McCarthy era, from the Green Scare to its infiltration of labor organizing by farm workers, the FBI has a long history of investigating and undermining constitutional rights in the context of political movements. Under Hoover’s direction, the FBI achieved its written goal: the "neutralization" of domestic social groups speaking out to advance their views as protected by the First Amendment. Hoover's FBI achieved its goals with a fraction of the budget, staff—and none of the computing power—of the FBI today. Continuing abuses The story of the FBI's Next Generation Initiative provides a compelling example of how the Bureau’s access to technology has increased its ability to undermine rights in secret. Starting by collecting biometric data of arrestees from local police departments around the country, originally for the stated purpose of identifying undocumented immigrants with criminal records eligible for fast track deportation proceedings, the FBI has built a fully operational facial recognition database including over 400 million records including biometric data of over 115 million Americans. The Bureau’s aspiration to build a comprehensive biometrics database was kept secret for years, and became public knowledge only after a federal court in 2013 forced disclosure of previously secret documents. Even after its plans became public, the FBI continued to resist legal restraints, lobbying for exemptions to federal privacy requirements. The FBI’s biometrics bait & switch is hardly unique. The Bureau played fast and loose with the facts again when claiming in 2016 that national security required it to force Apple to create a hack for a device platform that would place the security of millions of users at risk. Then, as now, encryption keeps us safe—whether from despotic regimes abroad (or at home), thieves, foreign state intelligence agencies, or the prying eyes of a neighbor. EFF was glad to see Apple choose user privacy over the ill-considered demands of intelligence agencies, and filed an amicus brief in support of Apple’s position, noting how the FBI’s demands violated the First Amendment in multiple ways. Beyond hiding its biometric tracking scheme and trying to co-opt device manufacturers, the FBI has also helped extend secret surveillance across and throughout the U.S. For a decade, police departments around the U.S. deployed cell-site simulators (also known as IMSI-catchers or Stingrays) to spy on local cell phone networks without public oversight. Only after a jailhouse lawyer discovered how the device had enabled authorities to identify him did the public learn about these devices, the latest versions of which are so powerful that they can hack phones, deny service, or plant malware on a device. While half a dozen states and the federal Department of Justice now require police to secure a judicial warrant before using a cell site simulator, only one state prohibits their offensive use. Throughout the decade that local police kept Stingrays secret from policymakers, they did so at the behest of FBI agreements that required them to do so. The FBI imposed secrecy not only from the public, but even from judges. In multiple jurisdictions, FBI demands forced prosecutors to abandon cases rather than disclose to courts the origins of their evidence as required by Due Process principles. The FBI also conducts its own surveillance activities, using powers including National Security Letters (NSLs) that have long been predictably abused behind walls of secrecy. We are proud to have challenged NSLs on behalf of organizational clients who recently revealed themselves after years of complying with illegitimate government gag orders that prevented them from informing Congress and the public about their experience. Will past prove prologue? Many have voiced concerns that the FBI's entrenched intelligence apparatus could expand under president-elect Trump. Even more dangerous is the specter of its potential politicization, given Trump’s campaign statements reflecting his seeming eagerness to use state intelligence to advance his own political ends. If politicized, surveillance can insulate a system from accountability from critics and dissidents. That’s why the values offended by surveillance extend beyond privacy to also include dissent and democracy. Communities organized around any number of pursuits—from advocacy to social services, recreation to religious practice—could find their opportunities dramatically diminished in an era when supporters must risk the ire of the state should they raise their voice.  Put another way: as long as the mass surveillance regime is available for the next (or any) administration to abuse, democracy hangs in the balance. The system has already been abused by individual agents and contractors to, for instance, spy on their ex-wives and lovers. They may be the canaries in the coal mine. The continuing potential for recurring abuse poses a threat to our entire political system. A crucial opportunity Against this backdrop, Congress enters 2017 with a critical deadline looming before it. A statutory pillar of the NSA and FBI’s mass surveillance powers, Section 702 of the Foreign Intelligence Surveillance Act, is scheduled to expire at the end of the year. If Congress does nothing, the legal basis for the NSA’s PRISM and Upstream collection programs (from which raw, unfiltered data became available to the FBI in the waning days of the Obama administration) will expire on December 31. In years past, Congress has responded to reauthorization deadlines facing surveillance powers in a predictable pattern. After ignoring its oversight responsibilities for years, as the eleventh hour approaches before intelligence powers near their expiration, members cite national security concerns as a basis to ignore not only the need to conduct any oversight but also constitutional limits on executive power. Congress has repeatedly extended executive surveillance powers without either determining whether they have actually helped security or how much they have undermined democracy by inhibiting participation in the political process. That pattern is poised to recur under the next administration.  Americans who share a stake in democracy can intervene to prevent these horrors by raising our voices in concert. United resistance has derailed congressional consensus in the recent past, and also driven crucial (if incomplete) policy reform in 2015 when Congress enacted the USA Freedom Act. To fully honor Dr. King’s legacy, we must bear witness not only to his courage, but also his vision, as well as his sacrifice. Rather than represent a comforting historical figure to assuage America of the burden to realize our founding values in practice, his example should sound a clarion call to resistance, a renewed commitment to hold America “true to what We said on paper.” Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Google Launches Key Transparency While a Trade-Off in WhatsApp Is Called a Backdoor (So, 15 Jan 2017)
The Guardian ran a sensational story on Friday claiming a backdoor was discovered in WhatsApp, enabling intelligence agencies to snoop on encrypted messages. Gizmodo followed up saying it's no backdoor at all, but reasonable, intended behavior. So what's really going on here? The lost phone, lost message dilemma The issue at question is WhatsApp's answer to the question of what applications should do when someone's phone number changes (or they reinstall their app, or switch phones). Suppose Alice sends a message to Bob encrypted with Bob's key K1. Alice's message is stored encrypted at the server until Bob can connect and download it. This behavior is required for any app that allows asynchronous communications (meaning you can send a message to somebody while they are offline), which nearly all popular messaging apps support. Unfortunately, Bob just dropped his phone in a lake. Later on, Bob gets a new phone and reinstalls WhatsApp. On this new phone, the app will create a new key K2. There are two possible behaviors here: Fail safe: The server can delete the queued message, since it was encrypted with K1, which no longer exists. Bob will never see the message. If Alice has turned on key change notifications, she will be warned that Bob is using a new key. She will be told that her message was not delivered and given the option to re-send it. This is what Signal does. Proceed: The server will tell Alice's phone that Bob has a new key K2, and to please re-encrypt the message for K2. Alice's phone will do this, and Bob will get the message. If Alice has turned on key change notifications, she will then be warned that Bob's key had changed. This is what WhatsApp does. Note that the second behavior makes the service seem more reliable: it's one less way a message can fail to be delivered. The issue here is that the second behavior opens a security hole: Bob need not have actually lost his phone for the server to act as if he has lost it. Acting maliciously, the server could pretend that Bob's new key is a key that the server controls. Then, it will tell Alice about this new key, but will not give Alice a chance to intervene and prevent the message from being sent. Her phone will automatically re-send the message, which the server can now read. Alice will be notified and can later attempt to verify the new fingerprint with Bob, but by then it will be too late. By contrast, the first behavior of failing safe prevents this potential attack vector. As far as reliability, however, it also introduces a case in which messages could fail to be delivered. What to do if you use WhatsApp If you are a high-risk user whose safety might be compromised by a single revealed message, you may want to consider alternative applications. As we mention in our Surveillance Self-Defense guides for Android and iOS, we don't currently recommend WhatsApp for secure communications. But if your threat model can tolerate being notified after a potential security incident, WhatsApp still does a laudable job of keeping your communications secure. And thanks to WhatsApp's massive user base, using WhatsApp is not immediate evidence of secretive activity. If you would like to turn on WhatsApp's key change notifications, go into Settings → Account → Security, and slide “Show security notifications” to the right. In defense of security trade-offs The difference between WhatsApp and Signal here is a case of sensible defaults. Signal was designed as a secure messaging tool first and foremost. Signal users are willing to tolerate lower reliability for more security. As anybody who's used Signal extensively can probably attest, these types of edge cases add up and overall the app can seem less reliable. WhatsApp, on the other hand, was a massively popular tool before end-to-end encryption was added. The goal was to add encryption in a way that WhatsApp users wouldn't even know it was there (and the vast majority of them don't). If encryption can cause messages to not be delivered in new ways, the average WhatsApp user will see that as a disadvantage. WhatsApp is not competing with Signal in the marketplace, but it does compete with many apps that are not end-to-end encrypted by default and don't have to make these security trade-offs, like Hangouts, Allo, or Facebook Messenger, and we applaud WhatsApp for giving end-to-end encryption to everyone whether they know it's there or not. Nevertheless, this is certainly a vulnerability of WhatsApp, and they should give users the choice to opt into more restrictive Signal-like defaults. But it's inaccurate to the point of irresponsibility to call this behavior a backdoor. This is a classic security trade-off. Every communication system must make security trade-offs. Perfect security does no good if the resulting tool is so difficult that it goes unused. Famously, PGP made few security trade-offs early on, and it appears to be going the way of the dodo as a result. Ideally, users should be given as much control as possible. But WhatsApp has to set defaults, and their choice is defensible. Detecting bad behavior more easily with Key Transparency Coincidentally, Google just announced the launch of its new Key Transparency project. This project embraces a big security trade-off: given that most users will not verify their contacts' key fingerprints and catch attacks before they happen, the project provides a way to build guarantees into messaging protocols that a server's misbehavior will be permanently and publicly visible after the fact. For a messaging application, this means you can audit a log and see exactly which keys the service provider has ever published for your account and when. This is a very powerful concept and provides additional checks on the situation above: Bob and anyone else with the appropriate permissions will know if his account has been abused to leak the messages that Alice sent to him, without having to verify fingerprints. It's important to note that transparency does not prevent the server from attacking: it merely ensures that attacks will be visible after the fact to more people, more readily. For a few users, this is not enough, and they should continue to demand more restrictive settings to prevent attacks at the cost of making the tool more difficult to use. But transparency can be a big win as a remedy against mass surveillance of users who won't tolerate any reduction in user experience or reliability for the sake of security. Adding key transparency will not prevent a user from being attacked, but it will catch a server that's carried out an attack. We are still a long way from building the perfect usable and secure messaging application, and WhatsApp, like all such applications, has to make tradeoffs. As the secure messaging community continues to work towards the ideal solution, we should not write off the current batch as being backdoored and insecure in their imperfect but earnest attempts. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

How to Talk to Congress (Sa, 14 Jan 2017)
As this year begins with a new president and new Congress taking power, more people than ever want to know how to make their voices heard in Congress. As the Legislative Counsel at EFF, my job is to help the organization and our supporters reach out to Congress more effectively. We've put together this guide in order to share some of our findings about how best to impact decisions in government. This represents years of trial and error at EFF as well as my own experience working in Congress and Washington, D.C. for a number of years before joining the organization. What Is the Best Way to Communicate with Congress? At EFF, we have had success asking our supporters to call their lawmakers, email them, and contact them over social media. Each tactic has its advantages and disadvantages, depending on the situation. When an issue is time-sensitive—for example, a vote in the coming days—you have to pick up the phone and call your representative and two senators to voice your opinion. All other forms of communication such as emails, faxes, and letters take an office weeks to process before they are ever seen by a decision-maker. Social media campaigns (Twitter campaigns, posts on lawmakers' Facebook pages, etc.) can also be powerful, both because they spread the word publicly and because many staffers are watching social media streams. Each tweet may not have as much impact as a phone call (and we recommend you do both), but when thousands of people participate at once, these campaigns can and do make a difference, particularly when elected officials are contemplating how an issue is covered by the press. Some members of Congress actively watch their own Twitter and Facebook feeds—there have even been times when lawmakers have directly referred to our social media campaigns in their arguments on the floor of Congress. One drawback of social media campaigns is that it can be difficult for lawmakers to tell which tweets are coming from their own constituents. Twitter campaigns are sometimes the last option when there is very little time left before a vote. Phone calls are typically tallied at the end of the day, whereas an outpouring on Twitter might be noticed in real time the same day as a vote. In more long-term situations—say, demanding oversight over a federal agency, supporting a bill that is not scheduled for a vote, or demanding that your elected official take a policy position—you can send in an email and meet with the district office (or Washington office if you are traveling there). EFF created a tool called democracy.io to make it as easy as possible for people to write to their members of Congress. Quality is important: the more personal the communication, the more impact it has on the elected official's thinking. In our Action Center campaigns, we usually provide default text to use in your letter, but we encourage you to edit it to reflect your own experience. We've also seen that referencing recent news articles in your emails or letters can be helpful. Be sure that you also reference the specific bill number you're writing about, and say that you are a constituent. And if you have time, sending a physical letter through snail mail can add a personal touch. Lastly, one of the most powerful ways to talk to a member of Congress is to attend their townhall meetings and speak to them directly. These are usually hosted when Congress is not in session (see the calendar for 2017 here) and are announced through the member's online newsletter, which you can subscribe to by visiting their website. Townhalls are typically announced 1 to 3 days before they are hosted, so you need to be vigilant. Meeting with staff at the district office or in Washington, D.C., is valuable in conveying public opinion. Those can be set up at any time simply by calling the office (every office line is listed on their congressional website) and asking for a meeting. Just make sure you are calling the right office (go here to look up your House representatives. and go here for your senators) because, again, they will only want to hear from their constituents. For more information on how to set up and prepare for a meeting with a congressional staffer, see our page on contacting Congress. How are Congressional Offices Structured to Process Public Opinion? Every member of Congress has two sets of offices, one in Washington, D.C., and district offices in areas where their constituents live. D.C. staffers are responsible for researching and advising senators and representatives on the hundreds of issues Congress covers each year. For virtually every bill that goes through Congress, each member will have a staffer responsible for researching and advising them on that bill. Staffers' advice is influenced by a variety of sources such as local press coverage, national press, research papers, personal experience, lobbyists, and most importantly, voter opinion back home. In addition to these policy staffers, every office has a group of staff who receive your communication (email, phone calls, or letters) and ensure that you get a response. See below for information on how to interpret those responses. The district office is staffed by people who do "casework;" essentially, that means they work on helping voters back home navigate and understand the federal government services available to them. Sometimes a district staffer will also be the subject matter expert, but that's the exception. That doesn't mean your opinion won't be heard back home, though: district staffers are responsible for meeting with voters and delivering their opinions to the right staff who will help get you a response. If you want to meet with an office in person and don't plan to travel to D.C., you should meet with the district office. Does My Member of Congress Read My Communication? This is one of the most common questions we get about Congress. The answer is that it depends on the member. We can say two things for certain, though. First, Congress will never hear you if you never communicate with it. Second, every communication is read and processed in some manner to keep the member informed about what voters back home think. I have personally worked for a member of Congress who read every single new letter that came to the office and was directly involved with staff-drafted responses. In other words, when a constituent wrote about an issue that was new to the office, the member read the letter and approved the response letter. Once the member's position on an issue was established, staffers could reuse previous responses. These are called form-letter responses. To give an example of how this works, imagine going into the district office to meet with a staffer to voice your opinion on an EFF issue such as defending encryption. That district staffer may not know the details of the issue or what experts are saying, but they will take notes about your opinion and then send that to the D.C. office so that you get a response. Once your communication is received in D.C., the staff responsible for encryption as a policy matter will check if the member of Congress has taken a position in a form letter they approved and then will immediately send it your way. If they do not have an approved response, then the legislative staff responsible for the issue will be involved in writing a response for approval and will send it through a process to formalize the public statement of that member of Congress. At the end of that process, you can be sure that the written statement you receive represents their official position and that your communication is directly involved in the decision-making process. Every letter, phone call, or email you send is absolutely critical because frankly, most people do not take the time to contact Congress. When people do rally in sizable numbers, no amount of special interest and campaign contributions can override the perceived opinion of voters back home and how that impacts an elected official's electoral concerns. The more confident a member of Congress feels in the number of people who will vote for them back home if they vote their way, the more resistant they become to opposing influence. I Got a Response, What Does It Mean? There are two kinds of letters congressional offices send back to voters. One is crystal clear about their position on the issue because they have settled on their opinion (though that can always be changed with enough of a push from voters back home) and the other is less clear. The "undecided" responses recite various facts about the issue and then conclude with stating that they will "keep your thoughts in mind" or something to that effect. These types of letters happen because the member of Congress remains undecided or simply does not want to take a public position at that time. Until you have a firm commitment that is favorable to you established by your elected official, you should assume that you have to continue to advocate as a voter and organize others to do the same. Many issues worth fighting for do not get resolved quickly; they require sustained activism on the part of voters to really bring about change. That being said, movements that are persistent, motivated, and widespread regularly bring about changes in law or stop bad changes from happening in Congress. The only parties that do not want you to believe you can make change happen are the special interests that reside in D.C. because they depend on voters back home being silent. How Do I Get Started and Join the Fight with EFF? At EFF, we are preparing for the new congressional session and administration and will aggressively fight for your constitutional rights to privacy, free speech, as well as protecting a free and open Internet. However, all of our work depends on you augmenting our voice with your support. So please sign up for our action alerts, make those calls and send those emails when we put out the word, follow what is going on in Congress on our blog, and most importantly, organize your friends and family to join you in standing up for free speech, promoting innovation, and ending the surveillance state. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

EFF to Court: Don't Let California Gag IMDb (Fr, 13 Jan 2017)
California is trying to gag websites from sharing true, publicly available information about actors in the name of age discrimination. But one online service, IMDb, is fighting back. EFF and four other public interest organizations have filed in a friend of the court brief in the case, urging the court not to allow celebrities to wipe truthful information about them from the Internet. IMDb.com v. Harris challenges the constitutionality of California Civil Code section 1798.83.5, which took effect January 1, 2017. That law requires “commercial online entertainment employment service providers” to remove an actor’s date of birth or age information from their websites upon request. The purported purpose of the law is to prevent age discrimination by the entertainment industry. The “providers” covered are those which “owns, licenses, or otherwise possesses computerized information, including, but not limited to, age and date of birth information, about individuals employed in the entertainment industry, including television, films, and video games, and that makes the information available to the public or potential employers.” Under the law, IMDB.com, which meets this definition because of its IMDB Pro service, would be required to delete age information from all of its websites, not just its subscription service. As we wrote in our brief, and as we and others urged the California Legislature when it was considering the law, the law is clearly unconstitutional. The First Amendment provides near absolute protection to publish truthful information about a matter of public interest. And the rule has extra force when the truthful information is contained in official governmental records, such as local government’s vital records, which contain dates of birth. This rule, sometimes called the Daily Mail rule after the Supreme Court opinion from which it originates, is an extremely important free speech protection. It gives publishers the confidence to publish important information even when they know that others want it suppressed. The rule also supports the First Amendment rights of the public to receive newsworthy information. Our brief emphasizes that although IMDb may have a financial interest in challenging the law, the public too has a strong interest in this information remaining available. Indeed, if age discrimination in Hollywood is really such a compelling issue, and EFF does not doubt that it is, then hiding age information from the public makes it difficult for people to participate in the debate on the issue, form their own opinions, and scrutinize their government’s response to it. Joining EFF on the brief are the First Amendment Coalition, Media Law Resource Center, Wikimedia Foundation, and Center for Democracy and Technology. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Obama Expands Surveillance Powers on His Way Out (Fr, 13 Jan 2017)
With mere days left before President-elect Donald Trump takes the White House, President Barack Obama’s administration just finalized rules to make it easier for the nation’s intelligence agencies to share unfiltered information about innocent people. New rules issued by the Obama administration under Executive Order 12333 will let the NSA—which collects information under that authority with little oversight, transparency, or concern for privacy—share the raw streams of communications it intercepts directly with agencies including the FBI, the DEA, and the Department of Homeland Security, according to a report today by the New York Times. That’s a huge and troubling shift in the way those intelligence agencies receive information collected by the NSA. Domestic agencies like the FBI are subject to more privacy protections, including warrant requirements. Previously, the NSA shared data with these agencies only after it had screened the data, filtering out unnecessary personal information, including about innocent people whose communications were swept up the NSA’s massive surveillance operations. As the New York Times put it, with the new rules, the government claims to be “reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.” Under the new, relaxed rules, there are still conditions that need to be met before the NSA will grant domestic intelligence analysts access to the raw streams of data it collects. And analysts can only search that raw data for information about Americans for foreign intelligence and counterintelligence purposes, not domestic criminal cases. However—and this is especially troubling—“if analysts stumble across evidence that an American has committed any crime, they will send it to the Justice Department,” the Times wrote.  So information that was collected without a warrant—or indeed any involvement by a court at all—for foreign intelligence purposes with little to no privacy protections, can be accessed raw and unfiltered by domestic law enforcement agencies to prosecute Americans with no involvement in threats to national security. We had hoped for more. In November, we and other civil liberties and privacy groups sent a letter to President Obama asking him to improve transparency and accountability, especially around government surveillance, before he leaves office. This is not the transparency we were hoping for. We asked that he declassify and release Foreign Intelligence Surveillance Court opinions, shed some much-needed light on how certain foreign-facing surveillance programs are used to target Americans, and more. Obviously, and not for the first time, we are disappointed in the Obama administration. In his finals days in office, let the president know about your disappointment in the government surveillance infrastructure he’s bulking up before he hands the reins to Trump. Sign our petition here. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Government Pressure Shutters Backpage's Adult Services Section (Do, 12 Jan 2017)
Succumbing to years of government pressure, the online classified ads website Backpage.com has shut down its adult services section. Just like Craigslist before it, Backpage faced the difficult choice of censoring an entire forum for online speech rather than continue to endure the costly onslaught of state and federal government efforts seeking to hold it responsible for the illegal activity of some of its users. The announcement came on the eve of a hearing by the Senate Permanent Subcommittee on Investigations (PSI). The hearing was the backdrop for the release of a committee report [PDF] alleging [PDF] that Backpage knew that its website was being used to post ads for illegal prostitution and child sex trafficking, and directly edited such ads to make their illegality less conspicuous or flagged for the posters how to do so themselves. While acknowledging the horrific nature of sex trafficking, EFF has participated in several cases to remind courts about the importance of preserving strong legal protection under the First Amendment and Section 230 (47 U.S.C. § 230) for Internet intermediaries. For example, we were counsel for the Internet Archive in two cases, one in Washington state and the other in New Jersey, challenging state laws that sought to hold online companies responsible for hosting third-party ads for illegal sexual transactions (Backpage had brought parallel challenges). We successfully argued that the laws were invalid under the First Amendment and Section 230. Section 230 is the two-decade old statute passed by Congress to promote online free speech and innovation by immunizing (with certain exceptions) Internet intermediaries from liability for illegal content created or posted by their users. Section 230 immunity holds as long as the companies did not themselves create the illegal content, while editing user-generated content is permitted by Section 230 as long as the editing does not make the content illegal. We’ve also filed amicus briefs in support of strong legal protection for Internet intermediaries. We filed an amicus brief in an emotionally tough Massachusetts case against Backpage brought by young women trafficked for sex as minors via the website. The court rightly dismissed the case, largely adopting our Section 230 arguments. Much of Backpage’s fights have hinged on defending fundamental First Amendment rights online. We submitted an amicus brief in a case where Backpage successfully challenged the “campaign of suffocation” by an Illinois sheriff who had illegally coerced major credit card companies to stop doing business with Backpage. Recently, we submitted an amicus brief in a case where Backpage is challenging some of the subpoenas issued by PSI, arguing that the committee’s inquiry into Backpage’s ad moderating practices amounts to improper government interference into core editorial functions protected by the First Amendment—something we also argued Sen. Thune did in relation to Facebook’s “trending” news stories. During the PSI hearing, senators expressed their disdain for Backpage’s reliance on Section 230 and the First Amendment. Chairman Rob Portman (R-OH) said that Backpage’s invocation of Section 230 is a “fraud on courts, on victims, and on the public.” Ranking Member Claire McCaskill (D-MO) exclaimed, “This investigation is not about curbing First Amendment rights. Give me a break!” And Sen. Heidi Heitkamp (D-ND) said that Backpage has “the audacity to hide behind the First Amendment." EFF and other civil liberties organizations are all too familiar with the fact that First Amendment rights are often championed by those accused of disseminating unpopular or harmful speech. And when First Amendment rights are weakened for one unsavory person or entity, First Amendment rights become weakened for everyone. Most disturbing during the hearing, Chairman Portman said that the committee will explore “legislative remedies” to address the problem of online sex trafficking. This surely means a weakening of Section 230 protection for Internet intermediaries, which EFF strongly opposes. Congress already passed the SAVE Act in 2015, which amended the federal criminal statute on sex trafficking to include anyone involved in advertising sex trafficking. This amendment was specifically meant to target online platforms that host ads posted by third parties, and strip those platforms of Section 230 protection since the statute does not provide immunity against federal criminal charges. Any changes to Section 230 itself, to make it easier to impose liability on companies for user-generated content, would be devastating to the web as we know it—as a thriving online metropolis of free speech and innovation. As my colleague Matt Zimmerman wrote back in 2010 when Craigslist shuttered its adult services section, Section 230 “is not some clever loophole” but rather “a conscious policy decision by Congress to protect individuals and companies who would otherwise be vulnerable targets to litigants who want to silence speech to which they object.” Matt further explained: This clear protection plays an essential role in how the Internet functions today, protecting every interactive website operator—from Facebook to Craigslist to the average solo blog operator—from potentially crippling legal bills and liability stemming from comments or other material posted to websites by third parties. Moreover, if they were obligated to pre-screen their users’ content, wide swaths of First Amendment-protected speech would inevitably be sacrificed as website operators, suddenly transformed into conservative content reviewers, permitted only the speech that they could be sure would not trigger lawsuits. So while Backpage’s announcement suggests that the company’s opponents have at least temporarily won the battle against the adult services section of the website (Backpage has vowed to continue its legal battles), EFF will continue to try to win the war to ensure that both the First Amendment and Section 230 remain strong protectors of Internet intermediaries—the online innovators who enable the rest of us to communicate, engage in commerce, and generally be active participants in our democratic and diverse society like never before.   Related Cases:  Internet Archive v. McKenna Internet Archive v. Hoffman Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

New Video on Encrypting the Web (Do, 12 Jan 2017)
Encrypting the web is a more important challenge than ever. Now, EFF has teamed up with Sandwich Video and Baratunde Thurston to explain and promote this mission via video. Sandwich is the production company behind some of the best product launch videos in tech, and you may know Baratunde from his work on The Daily Show, The Onion, and New York Times bestseller How To Be Black. We brought these creative forces together to show you why we need to continue moving from non-secure HTTP to more secure HTTPS, and how you, with EFF tech tools HTTPS Everywhere and Certbot, can help us get there. Share the video with friends and colleagues as another way to show what HTTPS Everywhere and Certbot can do for them, and learn more about our encrypt the web initiative. mytubethumb play %3Ciframe%20src%3D%22https%3A%2F%2Fwww.youtube.com%2Fembed%2FPdnpNJZVUE0%3Fautoplay%3D1%22%20width%3D%22650%22%20height%3D%22365%22%20frameborder%3D%220%22%3E%3C%2Fiframe%3E Privacy info. This embed will serve content from youtube.com Some websites offer inconsistent support for HTTPS, use unencrypted HTTP as a default, or link from secure HTTPS pages to unencrypted HTTP pages. HTTPS Everywhere is a browser extension for users that fixes these problems by rewriting requests to these sites to HTTPS wherever possible, automatically activating encryption and HTTPS protection that might otherwise slip through the cracks. Our long-term goal, however, is to make a tool like HTTPS Everywhere unnecessary. This vision of a 100% encrypted web requires web site owners to enable HTTPS and encrypt their websites. Certbot allows domain owners and website administrators to make their own sites secure for free. Using a series of easy-to-follow interactive instructions, Certbot can automatically fetch custom certificates for your domain. Certbot can also automatically configure your webserver to support encrypted traffic and even be set to renew that certificate whenever it’s close to expiring so that you never have to worry about it again. Certbot is a client for the Let’s Encrypt certificate authority (CA), which is operated by the Internet Security Research Group. CAs play a central identification and verification role in the web encryption ecosystem—and Let’s Encrypt is one of the world’s largest, having issued over 20 million active certificates. Hosting providers can user Let’s Encrypt to offer HTTPS by default to their customers, joining the movement toward free, automatic HTTPS as the default standard. Let's Encrypt logo These tools work together to make a safer, more secure web for everyone, and they are free to use, download, and share. The mission to encrypt the web can only advance when users, website owners, and hosting providers work together, too. Share the video, spread the word, and take action to help us get closer to the mission of encrypting the web. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

EFF is Proud to Stand Beside Techdirt in its "First Amendment Fight for its Life." (Do, 12 Jan 2017)
Techdirt, a prominent and critical source for incisive tech reporting and analysis, is defending itself against a $15 million lawsuit that could become a fight for its very existence. That suit was brought by Shiva Ayyadurai, who claims he invented email, and is based on a series of detailed articles Techdirt published disputing Ayyadurai’s claims. Important note: Techdirt is represented in this suit by Rob Bertsche and Jeff Pyle at Prince Lobel Tye, LLP. The First Amendment provides vitally important protections for publishers – the Supreme Court ruled that public figure plaintiffs in defamation lawsuits must prove that offending statements about them are in fact false, and that the speaker actually knew they were false or seriously doubted them when they were published. That rule protects speakers, bloggers, and reporters against lawsuits designed merely to squelch critical speech about public figures. Nonetheless, defending against such suits can be very costly. Techdirt released a statement on the litigation, making clear exactly what hangs in the balance in these kinds of suits: Defamation claims like this can force independent media companies to capitulate and shut down due to mounting legal costs…this is not a fight about who invented email. This is a fight about whether or not our legal system will silence independent publications for publishing opinions that public figures do not like. We wholeheartedly agree. Defending against even frivolous defamation and similar lawsuits can be extremely expensive, forcing news sites to shut down or settle the lawsuits under unfavorable terms. Those that settle often must agree to remove the offending content. These results are far from speculative - as Techdirt explains in its statement, Ayyadurai’s lawyer in this case, Charles Harder, has “already . . . [h]elped put a much larger and much more well-resourced company than Techdirt completely out of business.” Techdirt is a vital resource – it provides a wide audience with independent journalism addressing some of the biggest technology issues of our time. The Internet community wouldn’t be the same without it. But of course this case is not just about Techdirt. It's about freedom of the press generally. We commend Techdirt for taking on this fight for freedom of expression. And we urge everyone who cares about a free and independent press to support Techdirt in “its First Amendment fight for its life.” Want to publicly show your support for Techdirt? Add this graphic to your website. Stand With Techdirt - Defend the First Amendment Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

“Everyone Made Themselves the Hero.” Remembering Aaron Swartz (Mi, 11 Jan 2017)
On January 18, 2012, the Internet went dark. Hundreds of websites went black in protest of the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA). The bills would have created a “blacklist” of censored websites based on accusations of copyright infringement. SOPA was en route to quietly passing. But when millions of Americans complained to their members of Congress, support for the bill quickly vanished. We called it the Internet at its best. As we approach the fifth anniversary of the blackout, we also note a much sadder anniversary. A year after we beat SOPA, we lost one of the most active organizers behind the opposition. While being unfairly prosecuted under the Computer Fraud and Abuse Act, Aaron Swartz took his own life on January 11, 2013. When you look around the digital rights community, it’s easy to find Aaron’s fingerprints all over it. He and his organization Demand Progress worked closely with EFF to stop SOPA. Long before that, he played key roles in the development of RSS, RDF, and Creative Commons. He railed hard against the idea of government-funded scientific research being unavailable to the public, and his passion continues to motivate the open access community. Aaron inspired Lawrence Lessig to fight corruption in politics, eventually fueling Lessig’s White House run. There’s no better way to remember Aaron’s life and work than by hearing his words. And there’s no more inspiring account of the fight over SOPA than Aaron’s famous talk, “How We Stopped SOPA” (transcript). mytubethumb play %3Ciframe%20src%3D%22https%3A%2F%2Fwww.youtube.com%2Fembed%2FFgh2dFngFsg%3Fautoplay%3D1%22%20allowfullscreen%3D%22%22%20height%3D%22315%22%20frameborder%3D%220%22%20width%3D%22560%22%3E%3C%2Fiframe%3E Privacy info. This embed will serve content from youtube.com Aaron warned that SOPA wouldn’t be the last time Hollywood attempted to use copyright law as an excuse to censor the Internet: Sure, it will have yet another name, and maybe a different excuse, and probably do its damage in a different way. But make no mistake: The enemies of the freedom to connect have not disappeared. The fire in those politicians’ eyes hasn’t been put out. There are a lot of people, a lot of powerful people, who want to clamp down on the Internet. And to be honest, there aren’t a whole lot who have a vested interest in protecting it from all of that. Even some of the biggest companies, some of the biggest Internet companies, to put it frankly, would benefit from a world in which their little competitors could get censored. Five years later, it’s clear that Aaron was right. In the courts, record labels are pushing for an interpretation of copyright law that would enable them to block entire websites because of their users’ activities, or force ISPs to cut off users’ Internet connections based on mere accusations of copyright infringement. Big content companies even wrote a memo to President-elect Trump calling for a new law that would require website owners to use copyright bots to censor their users’ activity. Threats to free speech online are on the horizon—and they’re going to come hitched to copyright law. It’s tempting to become pessimistic in the face of countless threats to free speech and privacy. But the story of the SOPA protests demonstrates that we can win in the face of seemingly insurmountable odds. In his talk, Aaron showed how all of us can become heroes in the fight for civil liberties: I’ve told this as a personal story, partly because I think big stories like this one are just more interesting at human scale. The director J.D. Walsh says good stories should be like the poster for Transformers. There’s a huge evil robot on the left side of the poster and a huge, big army on the right side of the poster. And in the middle, at the bottom, there’s just a small family trapped in the middle. Big stories need human stakes. But mostly, it’s a personal story, because I didn’t have time to research any of the other part of it. But that’s kind of the point. We won this fight because everyone made themselves the hero of their own story. Everyone took it as their job to save this crucial freedom. They threw themselves into it. They did whatever they could think of to do. As a president comes to power who’s promised to ratchet up surveillance and censorship, we need heroes more than ever. Whether it’s by calling your members of Congress to speak up for a free and open Internet, urging your company to protect its users’ data from government surveillance, or by joining the Electronic Frontier Alliance to defend digital freedom locally and nationally, you can be the hero in the story of how we stopped the next big threat to your digital rights. Image: Ragesoss / CC BY-SA 3.0 Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Liveblogging Jeff Sessions' Attorney General Confirmation Hearing (Mi, 11 Jan 2017)
Attorney General nominee Sen. Jeff Sessions is testifying in front of the Senate Judiciary Committee today as part of his confirmation process. EFF has voiced concerns about President-elect Donald Trump’s nomination of Sessions to lead the Justice Department, citing past statements he has made and votes he has cast on a number of critical digital rights issues, including surveillance, encryption, net neutrality, and protections for the press. While we can’t predict what Sessions would do as the head of an agency that oversees immigration enforcement, law enforcement and national security surveillance, and everything in between, we will be closely following the things he says and the commitments he makes during his confirmation process, beginning with a live blog below of his hearing. ------------------------------------------------------------------- Click here to reload the page for more live-blogging. 10:56 a.m. (PST) -- The hearing has ended. Sen. Amy Klobuchar 9:32 a.m. (PST) -- Sen. Amy Klobuchar noted that Sessions did not support the Free Flow of Information Act, a proposed shield law for journalists. She further noted that Sessions provided no concrete answers and said he would need to conduct more research when she pressed him on various measures Attorney General Holder undertook to protect the media. Klobuchar specifically noted Holder’s 2015 memo limiting when federal prosecutors can subpoena journalists and Holder’s commitments not to imprison reporters for doing their job and to release an annual report about investigations involving journalists. David Cole, legal director for the ACLU, agreed that our country’s democracy depends on the freedom of the press, which functions as an essential check on government overreach, especially when one party controls all the branches of government. 7:30 a.m. (PST) -- National President of the Fraternal Order of Police Chuck Canterbury stated that he endorses Sen. Jeff Sessions’ in part for his support for the “equitable sharing” program, which allows the federal government to share asset forfeiture funds (money seized in drug cases) with local law enforcement, even before a case has been adjudicated. As EFF has reported, asset forfeiture and electronic surveillance go hand in hand, with seized monies funding surveillance and surveillance assisting in seizing more funds. 6:35 a.m. (PST) -- The hearing has started. ------------------------------------------------------------------- Liveblog from Day One 5:07 p.m. (PST) -- That’s a wrap for today. We’ll continue liveblogging when the hearing resumes with its third panel of witnesses tomorrow morning at 6:30 a.m. (PST). 5:06 p.m. (PST) -- Sessions said he would be receptive to whistleblowers if confirmed as the head of the Justice Department. In an exchange with Senate Judiciary Chairman Chuck Grassley, Grassley asked Sessions to “give encouragement to whistleblowing,” since  “whistleblowers within an agency are usually treated like skunks at a picnic.”   Sessions responded that he would defend whistleblowers, including from retaliation from a government agency. “You cannot effectively manage this government without good citizens and good employees speaking up when they see wrongdoing,” he said. 3: 46 p.m. (PST) -- Sessions stayed mum on Trump’s embrace of Wikileaks—including the President-elect putting his faith in the organization over the conclusions from U.S. intelligence agencies about the 2016 hack of the DNC—during a prolonged line of questioning from Sen. Al Franken, which included Franken repeatedly reading Trump’s “I love Wikileaks” statement. Franken also cited Sessions’ condemnation of Wikileaks’ Julian Assange in the past.   “If Assange participated in violating the American law, then he is a person subject to prosecution and condemnation,” Sessions replied. He added that he needs “to be more cautious” about what he says as Attorney General nominee than he had been as Senator. “It’s just not appropriate for me to be the person [from whom] you seek political responses,” he said. Sessions also declined to comment on today’s report that Trump surrogates communicated with intermediaries for the Russian government. Sen. Maize Hirono 2:54 p.m. (PST) -- Sessions admitted that a registry of Muslim U.S. citizens would pose “serious constitutional problems.” In response to questions from Sen. Maize Hirono, Sessions also noted Trump’s inconsistent position on creating a registry of U.S Muslims. 2:29 p.m. (PST) -- Sessions said he does not support a registry of Muslims in the U.S. but left the door open for surveillance targeting mosques in certain cases. In response to questions from Sen. Chris Coons, Sessions repeated his previously stated position that it’s acceptable to consider religion when deciding whether or not to admit an individual to the country.   But, deviating from Trump’s calls for targeted surveillance of Muslim communities during the campaign, Sessions said he “would not favor a registry of Muslims in the U.S.” and said he thinks the government “should avoid surveillance of religious institutions unless there is a basis to believe that a dangerous or threatening illegal activity could be carried on there.” He added, “I’m not aware that there’s a legal prohibition on that under current law.” 1:52 p.m. (PST) -- Sen. Cornyn also asked Sessions to commit to supporting the Freedom of Information Act and the “public’s right to know.” Sessions agreed. 1:51 p.m. (PST) -- Sen. John Cornyn broached a series of national security and surveillance topics, including the Electronic Communications Privacy Act, national security letters, encryption, and Section 702 of the Foreign Intelligence Surveillance Act, which is set to sunset at the end of the year. Cornyn pointed to a conclusion by the Privacy and Civil Liberties Oversight Board that Section 702 has been effective, despite the fact that it allows warrantless spying on Americans, and said he hopes lawmakers make it a priority to reauthorize the law. Sen. Cornyn asked no question though, except to have Sessions make a verbal commitment to “put the safety and security of the American people first.” Sessions responded only with: “I will.” We think it’s time to END 702. 12:56 p.m. (PST) -- In response to a question by Sen. John Kennedy, Sessions admits that the Freedom of Information Act is law and would see it carried out. We heartily agree. 12:33 p.m. (PST) -- Sessions wouldn’t commit to recuse himself if the Justice Department ends up pursuing any legal action against the Trump campaign tied to the DNC hack in 2016. When pressed by Sen. Dick Durbin, Sessions drew a distinction between this hypothetical and his commitment to recuse himself from prosecutions involving Trump’s opponent Hillary Clinton, citing public statements he made about Clinton.   “I don’t think I’ve made any comments on [the DNC hack] that go to that,” he said. “I would review it and try to do the right thing.”   Durbin pushed back, calling an investigation into the DNC hack “an obvious case for a special prosecutor”. Sessions said an Attorney General would have to “carefully think his way through that, to seek advice, and to follow the normal or appropriate special prosecutor standards.” Sen. Jeff Sessions answering questions about the USA FREEDOM Act 12:10 p.m. (PST) -- Sen. Patrick Leahy pressed Sessions to commit to enforcing the USA FREEDOM Act, which prohibited the bulk collection of Americans’ phone records by the NSA. Sessions opposed the bill in 2015. Sessions responded that the prohibition on bulk collection “appears to be” the governing statute for U.S. government surveillance and pledged to follow the law, although he couldn’t confirm it prohibited bulk collection in all cases. “I believe the statute must be followed,” he said. 11:52 a.m. (PST) -- There have been a number of questions since the hearing resumed, but so far no new digital liberties issues have specifically been raised. 11:24 a.m. (PST) -- Sen. Richard Blumenthal tells Sessions that the attorney general must be a “zealous advocate of rights and liberties that are increasingly under threat,” and raises questions of how Sessions would handle conflicts of interests and under what circumstances he would appoint independent counsel. Sessions was non-committal. 10:45 a.m. (PST) -- The hearing has resumed. 10:11 a.m. (PST) -- The hearing has recessed for a 30-minute break. 9:41 a.m. (PST) -- Sen. Amy Klobuchar asked if Sessions will commit to following the standards in place for investigating journalists and commit to not put reporters in jail for doing their job. Sessions said he does believe that the DoJ has “sensitivity” to this issue but noted that “you could have a situation where the media is not unbiased” and could be a “mechanism where unlawful intelligence is obtained.” So, no.  Sen. Mike Lee  9:29 a.m. (PST) -- Sen. Mike Lee asked what Sessions will do to ensure that the Office of Legal Counsel maintains its independence. Sessions responded that the OLC is extremely important as it adjudicates a number of disputes within the executive. While we agree that OLC is indeed important, we wish that Sessions had answered the question. 9:16 a.m. (PST) -- Sessions dodged a line of questioning from Sen. Sheldon Whitehouse about whether he would prosecute Trump and his associates if the intelligence community finds that Russia’s involvement in the DNC hack was tied in some way to the incoming president. Whitehouse asked if the Justice Department under Sessions and the Trump administration would “be allowed to continue to investigate the Russian connection [to the DNC hack], even if it [shows ties] to the Trump campaign” and continue, “even if your duties require the investigation and even prosecution of the president, his family, and his associates.” Rather than committing to prosecute Trump and his allies, Sessions pointed to using political means to retaliate. “The problem may turn out to be—as in the Chinese hacking in our hundreds of thousands, maybe millions, of records—has to be handled at the political level.” 8:42 a.m. (PST) -- In response to a line of questioning from Sen. Lindsey Graham, Sessions said he will need to briefed by the intelligence community, including the FBI, about Russia’s involvement in the hack of the DNC in 2016. He said he has done no research on the issue yet but—contrary to Trump's insinuations—is “sure [the FBI’s conclusion] was honorably reached.” Sessions also said that the U.S. should “develop protocols to ensure that a price is paid” when other countries interfere with U.S. democracy. 8:32 a.m. (PST) -- The confirmation hearing has been interrupted four times now by protesters, with chants covering issues ranging from racism to the closing of Guantanamo Bay detention facility. Sen. Patrick Leahy  8:28 a.m. (PST) -- In responding to a question from Sen. Patrick Leahy, Sessions said he believes that a person’s religious views can and should be a factor in determining whether they should be admitted into the U.S. He talked around a potential “Muslim registry” but indicated that he supported some sort of “strong vetting” for entrants coming from countries with high rates of terrorism. 8:18 a.m. (PST) -- Sessions committed to work with Sen. Orrin Hatch on the issue of law enforcement access to data stored in servers located abroad but said that he currently does “not have firm and fast opinions on the subject.” Hatch—who has pushed for privacy protections for data stored abroad, especially in the wake of Microsoft's lawsuit against the U.S. government—asked Sessions to work with Senate staff “to strike the needed balance” between law enforcement and privacy concerns. Sessions said he would work on “understanding the new technology but the great principles of the right to privacy, the ability of individuals to protect data that they believe is private and should be protected. All of those are great issues in this new technological world that we’re in.” 8:13 a.m. (PST) -- Would Sessions support speedy legislation enabling Rapid DNA scanning? “Rapid DNA analysis is a hugely important issue for the criminal justice system...it’s the kind of thing you can’t fake or mislead, and so I’m very strongly in favor of that.” We’re concerned about the system’s accuracy and its privacy implications. Sen. Orrin Hatch 8:10 a.m. (PST) -- In answering a question from Sen. Orrin Hatch, Sessions says he’d consider reestablishing a unit within the DOJ to prosecute obscenity. We think that would be unnecessary and frankly would pose a threat to free expression. 7:41 a.m. (PST) -- Sessions’ opening statement was entirely free of any mention of free speech, privacy, or civil liberties. We’re not surprised—just disappointed. On the other hand, he did note that the Attorney General “must be willing to tell the President ‘no’ if he overreaches. He or she cannot be a mere rubber stamp to any idea the President has.”  Sen. Jeff Sessions  7:17 a.m. (PST) -- Sessions was light on digital rights issues in his opening statement, but he briefly and vaguely outlined his cybersecurity goals as a part of his plan to fight “the rising threat of terrorism.” He touted “partnerships,” which he said will “be vital to achieving much more effective enforcement against cyber threats, and the Department of Justice clearly has a lead role to play in that essential effort.” The U.S. government “must honestly assess our vulnerabilities and have a clear plan for defense, as well as offense, when it comes to America’s cybersecurity,” he continued. His comments on cybersecurity come as the government continues to grapple with recent high-profile cyber attacks, including this past summer’s hack of the Democratic National Committee, which the U.S. intelligence community has conclusively tied to Russia. President-elect Trump has repeatedly questioned the intelligence community’s conclusions and encouraged the “country to move on to bigger and better things” after the Obama administration imposed sanctions on Russia in retaliation for the hack. 7:06 a.m. (PST) -- During her opening remarks, Sen. Dianne Feinstein questioned Sessions’ ability to serve as an Attorney General, independent from the incoming administration. “Will he tell the President ‘no’ when appropriate?” she asked. “We cannot ignore there are deep concerns and anxieties throughout America. It is in this context that we must consider whether Jeff Sessions is qualified to become the top law enforcement official in this country.” 6:30 a.m. (PST) -- Liveblogging underway! Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Finally Revealed: Cloudflare Has Been Fighting NSL for Years (Mi, 11 Jan 2017)
EFF Fights National Security Letter on Behalf of CloudflareWe’re happy to be able to announce that Cloudflare is the second courageous client in EFF’s long-running lawsuit challenging the government’s unconstitutional national security letter (NSL) authority. Cloudflare, a provider of web performance and security services, just published its new transparency report announcing it has been fighting the NSL statute since 2013. Like EFF’s other client, CREDO, Cloudflare took a stand against the FBI’s use of unilateral, perpetual NSL gag orders that resulted in a secret court battle stretching several years and counting. The litigation—seeking a ruling that the NSL power is unconstitutional—continues, but we’re pleased that we can at long last publicly applaud Cloudflare for fighting on behalf of its customers. Now more than ever we need the technology community to stand with users in the courts. We hope others will follow Cloudflare’s example. Late last Friday, the government filed a public notice with the U.S. Circuit Court of Appeals for the Ninth Circuit identifying Cloudflare as an NSL recipient and EFF’s client in the lawsuit. The notice explains that the FBI determined it no longer needed to gag Cloudflare in conjunction with an NSL issued in early 2013. Under the USA FREEDOM Act of 2015, the FBI is required to periodically review outstanding NSLs and lift gag orders on its own accord if circumstances no longer support a need for secrecy. As we’ve seen, this periodic review process has recently resulted in some very selective transparency by the FBI, which has nearly complete control over the handful of NSL gags it retracts, not to mention the hundreds of thousands it leaves in place. Make no mistake: this process is irredeemably flawed. It fails to place on the FBI the burden of justifying NSL gag orders in a timely fashion to a neutral third party, namely a federal court. Nevertheless, Cloudflare’s fight demonstrates that it is not unreasonable to require the FBI to relinquish some of its customary secrecy in national security cases. The revelation of Cloudflare’s participation in our lawsuit follows the identification of CREDO as EFF’s other client last November. In CREDO’s case, the district court found that the FBI had failed to justify the need for the gag orders connected to two NSLs also issued in 2013. But EFF’s fight against NSLs is by no means over. Our consolidated lawsuits remain on appeal in the Ninth Circuit, where we continue to argue that the entire NSL scheme is unconstitutional. The First Amendment requires that any gag order imposed by the executive branch be quickly evaluated by a court and demands that the government meet a high burden of justifying the gag. The FBI’s desultory removal of its unilateral NSL gags comes nowhere close to satisfying this standard. Oral argument has been scheduled in San Francisco for the week of March 20; we look forward to making these arguments there and then. Related Cases:  In re National Security Letter 2013 (13-1165) Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

EFF to Court: Don’t Let the Right of Publicity Eat the Internet (Di, 10 Jan 2017)
Imagine if every depiction of a real person on social media could support a lawsuit. That’s the strange and dangerous logic of a recent lower court decision from California. In that case, Cross v. Facebook, a superior court judge ruled that any “use” of a person’s identity on a site that also included advertising could support a right of publicity claim. If allowed to stand, this ruling could destroy long-settled immunity for hosts of user-generated content. Today EFF filed an amicus brief urging the California Court of Appeal to overturn the lower court’s decision. Our brief explains that the ruling is inconsistent with right of publicity law, CDA 230, and the First Amendment. The case was brought by a country-rap artist named Jason Cross who performs under the stage name Mikel Knight. He promotes his music using “street teams” who sell his CDs out of vans. After a fatal accident involving one of these vans, Knight’s sales practices began getting unfavorable media attention. He has been accused of pushing his sales teams too hard and created an unsafe environment. A Facebook page called ‘Families Against Mikel Knight’ was created where ex-street team members and others could comment on Knight’s operation. Knight filed a lawsuit against Facebook asserting a collection of claims ranging from negligent interference with prospective business relations to right of publicity. Facebook filed an anti-SLAPP motion seeking to dismiss the complaint. Since Knight was effectively trying to hold Facebook liable for content posted by users, the court correctly dismissed most of Knight’s claims as barred under CDA 230 (which protects online intermediaries that host or republish speech against a range of claims that might otherwise be used to hold them legally responsible for what others say and do). The court did allow Knight’s right of publicity claim to proceed. The right of publicity is a fairly recent offshoot of state privacy law that gives a person the right to limit the public use of her name, likeness, or identity for commercial purposes. While a limited version of this right makes sense (for example, allowing people to prevent companies from using their name in an ad without permission), some courts have allowed it to expand dramatically to cover just about any speech that that “evokes” a person’s identity. Celebrities have brought right of publicity cases against movies, rap lyrics, magazine features, and computer games. The judge reasoned that Knight had a viable right of publicity claim because Facebook had made commercial “use” of his likeness along side advertisements and has a commercial interest in growing its user base. But this seems inconsistent with long standing rulings holding, for example, that a magazine article does not give rise to a right of publicity claim just because it is placed next to an advertisement. There is no reason to have a different, less protective, rule for the Internet. It is difficult to overstate just how disruptive this ruling would be if it were allowed to stand. One of the central purposes of CDA 230 was to shield intermediaries from defamation claims. The trial court’s logic would allow frustrated defamation plaintiffs to evade CDA 230 by filing right of publicity claims instead. These claims would likely be even easier to establish because they only require “use” of the plaintiff’s identity and don’t require proving falsity. Our brief explains that the court should have dismissed all of Knight’s claims, including the right of publicity count, under CDA 230. Although CDA 230 does not shield intermediaries from “intellectual property” claims, the Ninth Circuit has correctly limited that provision to federal intellectual property laws. In any event, the right of publicity is more appropriately considered a privacy tort. It does not protect creative works or the products of intellectual effort. Instead, it regulates the commercial use of identity. It is more like a false-advertising claim than a copyright claim. We also point out that Knight’s claim is barred by the First Amendment. If it were truly as broad as the lower court suggests, the right of publicity would massively burden expression. It would effectively give celebrities (or even regular people since the right of publicity is not limited to the famous) veto power over Facebook  posts, tweets, or Yelp reviews that feature them. The right of publicity cannot trump free speech. We are joined on the amicus brief by Engine, Professor Eric Goldman, Github, Medium, the Organization for Transformative Works, Professor Rebecca Tushnet, Snap, the Wikimedia Foundation, and Yelp. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Congress Must Pass Long-Delayed Email Privacy Bill (Mo, 09 Jan 2017)
It’s time for Congress to put an end to a glaring loophole in privacy law. Thanks to the wording in a more than 30-year-old law, the papers in your desk are better protected than the emails in your inbox. Congress can fix that by finally passing the Email Privacy Act, reintroduced in the House by Reps. Kevin Yoder and Jared Polis and others today. The bill would require law enforcement to get a warrant before searching through electronic communications—including things like emails, Facebook messages, and Dropbox files—regardless of how long they have been stored. That would put an end to the arbitrary standard in the 1986 Electronic Communications Privacy Act that allows law enforcement to access emails and other communications that have been stored on a server for more than 180 days. It would also set a uniform legal standard by codifying a 2010 federal court ruling that said Fourth Amendment protections require law enforcement to obtain a warrant before accessing stored communications. Congress has come close to fixing this in the past. A similar bill passed the Senate Judiciary Committee in 2013, and this exact bill unanimously passed the House last year after racking up an overwhelming 315 House members as cosponsors. While we had hoped last year’s bill would go further—including requiring the government to notify individuals when it searches for their data, and requiring the government to obtain a warrant for geolocation information—the House vote was a historic win for privacy. Unfortunately, the measure got stuck in the Senate, where lawmakers tried to add a series of privacy eroding amendments. This session, Congress needs to close this loophole and extend fundamental privacy protections to electronic communications. Lawmakers must ignore certain agencies’ calls for exceptions to the bill’s warrant requirement and reject attempts from some members to weigh the bill down with unrelated amendments that would make digital privacy worse instead of better. The last time this digital privacy law was updated was more than 30 years ago. Tell Congress to pass the Email Privacy Act and require law enforcement to follow Fourth Amendment protections in the 21st century. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Why a Tax Break for Security Cameras Is a Terrible Idea (Mo, 09 Jan 2017)
Law enforcement agencies around the country have been expanding their surveillance capabilities by recruiting private citizens and businesses to share their security camera footage and live feeds. The trend is alarming, since it allows government to spy on communities without the oversight, approval, or legal processes that are typically required for police.  EFF is opposing new legislation introduced in California by Assemblymember Marc Steinorth that would create a tax credit worth up to $500 for residents who purchase home security systems, including fences, alarms and cameras. In a letter, EFF has asked the lawmaker to strike the tax break for surveillance cameras, citing privacy concerns as well as the potential threat created by consumer cameras that can be exploited by botnets. As we write in the letter:  Personal privacy is an inalienable right under Section 1 of the California Constitution. Yet, in 2017, privacy is under threat on multiple fronts, including through the increase in use of privately operated surveillance cameras. Law enforcement agencies throughout the state have been encouraging private individuals and businesses to install cameras and share access to expand government’s surveillance reach through private cooperation. The ability for facial recognition technology to be applied routinely and automatically to CCTV footage will present even more dangers for personal privacy. EFF has significant concerns that, by using tax credits to encourage residents of California to buy and install security cameras, A.B. 54 will not only increase the probability that Californians will use cameras to spy on one another but will also build the infrastructure to allow for the growth of a “Big Brother” state. In addition, this tax credit for surveillance cameras may create a new weakness for security. In October, a massive cyberattack that exploited personal cameras disabled Internet traffic across the country. EFF and independent security researchers have also discovered surveillance cameras that were openly accessible over the Internet, allowing anyone with a browser to watch live footage and manipulate the cameras. The potential for breaches will grow commensurately with the increase in the number of cameras in communities promoted by the tax incentive. EFF urges Steinorth to amend A.B. 54 and, failing that, we ask his colleagues in the California legislature to vote against the bill.  Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Now Accepting Nominations for The Foilies 2017 (Mo, 09 Jan 2017)
Third Annual “Awards” Recognize the Worst in Government Transparency Government transparency shouldn’t be a battle, but too often when the public wants to see what their officials are up to they’re met with resistance, hostility, obfuscation, and even retaliation. For the third year in a row, the Electronic Frontier Foundation is soliciting submissions for “The Foilies,” our tongue-in-cheek awards for government officials who stand in the way of your right to review what they’re up to. EFF will announce the awards during Sunshine Week, March 12-18, 2017.  In the meantime, we need your nominations. Who Can Win? The Foilies are not awarded to people who filed FOIA requests. These are not a type of recognition anyone actually should covet. There’s no physical trophy or other tangible award, just a virtual distinction of demerit issued to government agencies and public officials (plus the odd rock star) who snubbed their nose at transparency. If you filed a FOIA request with the Ministry of Silly Walks for a list of grant recipients, and a civil servant in a bowler hat told you to take a ludicrous hike, then the ministry itself would be eligible for the Foilies.  What Are the Categories? For the most part, we do not determine the categories in advance. Rather, we look at the nominations we receive, winnow them down to the most outrageous, then come up with fitting tributes, such as the “Most Expensive FOIA Fee Estimate” and “Sue the Messenger Award.”  That said, there are a few things we’re looking for in particular, such as extremely long processing times and surreal redactions. Who Can Nominate  Anyone, regardless of whether you were involved in the issue or just happened to read about it on Twitter. Send as many nominations as you like!  Eligibility All nominations must have had some event happen during calendar year 2016. For example, you can nominate something related to a FOIA request filed in 1994 if you finally received a rejection in 2016. Deadline All nominations must be received by Jan. 31, 2017. How to Submit a Nomination Send nominations to foilies@eff.org with “FOILIES 2016 NOMINATION” in the subject line. You can nominate multiple entries in a single email, just make sure to enumerate the nominations so we can easily separate them. Please try to include the following information:  Category: One-line suggested award title Description: Succinct explanation of the public records issue and why it deserves recognition.  Links: Include any links to stories, records, or other information that will help us better understand the issue.  Contact details: Include a way for us to reach you with further questions. This information will remain confidential. If we short-list your nomination, we’ll be in touch to request more information. The Foilies from Previous Years The Foilies 2016: Recognizing the Worst Government Responses to Public Records Requests The Foilies 2015: Part 1, Part 2, Part 3, Part 4 Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Still Looking for a New Year’s Resolution? Join EFF to FOIA Early and Often (Do, 05 Jan 2017)
An Updated Transparency Law Means New Language For Your Records Requests As the sun sets on the Obama presidency, let’s make sure the light shines brightly anew on the incoming administration. In 2016, Congress passed the biggest update to the Freedom of Information Act (FOIA), the nation’s transparency law, in more than a decade. But until people start using those changes to push back on government secrecy, they are just words on a page. So in the spirit of New Year’s resolutions, EFF hopes that you will join us in filing more FOIA requests to increase government transparency and put the new FOIA provisions to work. EFF has long used FOIA to uncover surveillance technologies used in law enforcement and national security programs that threaten everyone’s civil liberties. Since President Obama signed the amendments into law, EFF has begun incorporating some of the law’s changes into its FOIA requests. But we need your help to make government as transparent as possible. Below we discuss three of the biggest changes Congress made to FOIA and include suggested language that anyone can use in future FOIA requests. If you’ve never filed one before, there are a number of online resources that can teach you about the law and help you file a request. Remind Agencies They Are Required to Presume All Records Are Open to the Public The FOIA Improvement Act of 2016 wrote into a law a presumption of disclosure that mandates agencies disclose records unless: (1) the disclosure is prohibited by law or (2) the agency believes disclosure would violate one of FOIA’s nine exemptions. The change was modeled after language President Obama included in a memo to all federal agencies in his first day in office that requires them all to be more transparent. Unfortunately, that memo was not legally binding and, as many FOIA requesters know, it was largely ignored by many federal agencies. Because the presumption is now law under FOIA, requesters should not be shy about reminding agencies of their new legal obligations. Specifically, EFF recommends that requesters include the following language in their FOIA requests: Although FOIA has always presumed that government records are open to public inspection, the FOIA Improvement Act of 2016, Pub. L. 114-185, prohibits agencies from withholding records unless (1) "disclosure is prohibited by law" or (2) "the agency reasonably foresees that disclosure would harm an interest protected by" one of FOIA's exemptions. 5 U.S.C. § 552(a)(8)(A). Thus, in addition to FOIA favoring disclosure and requiring its exemptions to be narrowly construed, Section 552(a)(8)(A) prohibits agencies from using their discretion to broadly withhold records merely because they believe an exemption could technically apply. Call Agencies On Their Bluff to Withhold Historic Records The FOIA Improvement Act also curtailed agencies ability to misuse an exemption that shields internal agency decision-making from disclosure, known as the deliberative process privilege, making it inapplicable to government documents created more than 25 years ago. The change is an important limitation on what transparency advocates have long called the “withhold it because you want to” exemption. To avoid getting stonewalled by officials, EFF recommends the following language be included if your request is likely to have responsive records that are more than 25 years old. Under the FOIA Improvement Act of 2016, agencies can no longer withhold records under the deliberative process privilege of Exemption 5 if they are more than 25 years old. Specifically, Section 552(b)(5) states that “the deliberative process privilege shall not apply to records created 25 years or more before the date on which the records were requested.” Don’t Let Agencies Rush Your Appeal of a FOIA Denial An overlooked but important change included in the FOIA Improvement Act of 2016 was the requirement that agencies give requesters at least 90 days to appeal any adverse decision by an agency to withhold or redact records sought by requesters. Repeat FOIA requesters know that although it can take federal agencies months, and sometimes years, to meaningfully respond to a request, those same agencies often force requesters to appeal any withholding within 30 days of receiving the final response. This was one of the most frustrating aspects of FOIA, as missing the 30-day deadline would often result in the agency closing out the request, meaning the only way to challenge a decision to withhold records was to file a new request and start all over again. Thankfully, Congress has required agencies to give requesters a minimum of 90 days to administratively appeal any decision on a FOIA request. The 90-day limit is just a floor, however, as agencies can provide even longer response deadlines as they revise their regulations. Should an agency withhold records in response to your request and still claim that you have only 30 days to appeal that decision, we suggest adding the following language to your appeal. Although the agency’s final response states that I have 30 days to appeal an adverse decision, the FOIA Improvement Act of 2016 requires agencies to give FOIA requesters “not less than 90 days” to appeal an adverse determination. 5 U.S.C. § 552(a)(6)(A)(i)(III)(aa). As such, Congress has superseded by statute any shorter deadline your agency has previously imposed on requesters. My appeal is thus timely under FOIA so long as it is received within 90 days of a final response. Also, please update all future correspondence with all requesters to reflect the extended deadline requesters now have to challenge your agency’s determinations, as you are currently misstating the law. We hope that you will join EFF in 2017 in using these new provisions—and FOIA generally—to pry records from the government and to hold public officials accountable for their actions. Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

The State of Crypto Law: 2016 in Review (Di, 03 Jan 2017)
This year was one of the busiest in recent memory when it comes to cryptography law in the United States and around the world. But for all the Sturm und Drang, surprisingly little actually changed in the U.S. In this post, we’ll run down the list of things that happened, how they could have gone wrong (but didn’t), how they could yet go wrong (especially in the U.K.), and what we might see in 2017. Savecrypto.org For a fuller picture of what happened this year, we need actually start this post with a brief review of what happened in late 2015. At the end of September of last year, EFF and our friends at Access Now launched an online petition to demand that President Obama protect encryption from any sort of compromise or backdoor mandate. The petition and its companion website at savecrypto.org used the White House petition site to let our members and supporters tell the President exactly what we think: strong crypto is critical to security in the digital world and any sort of compromise would be unacceptable. And despite garnering well over the 100,000 signature threshold that warrants a response from the White House, no substantive response ever came. Apple v. FBI: The All Writs Act in (in)Action If you’re reading this post, chances are you’re already familiar with the case that could have led to the biggest development in crypto law in 2016: the “Apple v. FBI” fight in the wake of the San Bernardino shooting. In February 2016, a federal magistrate judge in southern California in charge of the investigation into the San Bernardino shooting was presented with an application by the government to force Apple to unlock one of the phones used by the deceased shooters. That same day, the magistrate judge ordered Apple to write and digitally sign custom software to help unlock the iPhone 5C at issue. In an unprecedented move, the order required Apple to create a brand new version of its operating system with intentionally weakened security features, which the government could then use to get into the phone. EFF and an unusually large group of tech companies, nonprofits, academics, and others all filed amicus briefs supporting Apple. Our brief focused on why the order the judge signed would have violated Apple’s First Amendment rights. Others wrote briefs about why the order would have been bad for our security, and why the order was not actually authorized under the All Writs Act, the law the government used to justify its outrageous demand. If the FBI had won, 2016 could have become the year that the U.S. government obtained the legal authority to order American technology companies to create arbitrary backdoors in technology products. Indeed, the FBI’s demand was never about “just that one phone” and was all about creating legal precedent. Instead, the FBI found another way into the iPhone at issue and withdrew its illegal and unconstitutional demand without creating bad law. The Burr-Feinstein Bill, or Another Way 2016 Could Have Been a Lot Worse In April, less than two weeks after the Apple v. FBI fight ended with a whimper, crypto faced its next existential challenge. That challenge came in the form of a draft bill, proposed by Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA). The draft bill would have created a new obligation on device manufacturers, software developers, ISPs, online services and others to decrypt encrypted data or offer “such technical assistance as is necessary” if ordered to do so by any court in the country.  The draft bill was absolutely terrible. Indeed, the language demonstrated an almost studied ignorance of everyday computer security practices that safeguard our devices and information from criminals. As written, the draft likely would have outlawed forward secrecy, an innovative security feature that many major tech providers, including WhatsApp, have implemented to limit the damage to user privacy in the event encryption keys are compromised. Thousands of EFF supporters spoke out to oppose the bill, and many others joined us in a campaign to pressure Obama again to take a strong stance against encryption backdoors. That work paid off: congressional support waned and the Obama administration’s decision not to endorse the bill was key to the proposal being scrapped for the year. The Investigatory Powers Act, or How 2016 Was Worse in the U.K. While we ended up winning the Apple v. FBI fight and defeating the Burr-Feinstein Bill, we weren’t so lucky across the pond in the United Kingdom. This year, the Investigatory Powers Bill, introduced in draft form in November 2015, has become the Investigatory Powers Act and is now unfortunately law in the U.K. as of November 2016. The law’s 245 pages codified the U.K. government’s plans to create a statutory basis for the country’s mass surveillance, data retention, and remote intrusion practices. Several of the Act’s provisions are especially troubling. First, the Act grants the U.K. the power to issue a “Technical Capability Notice” (S.189), a secret order to a telecommunications operator (which the Act defines so broadly it includes companies like Apple) to force it to “remov[e] electronic protection applied ... to any communications or data” and to “provide facilities or services of a specified description.” Second, the law also grants the U.K. the power to issue a “National Security Notice” (S.188)—another secret instrument, even more vaguely drawn, that would require operators to “carry out any conduct, including the provision of services of facilities,” which the British government “considers necessary in the interests of national security.” As Privacy International has noted, both of these instruments include gag orders that would prohibit Tim Cook from telling his customers what was happening. Third, the new Act provides for “equipment interference”—the U.K.’s euphemism hacking in the popular sense of that term. It allows the U.K. to break into private devices and insert new code for the purposes of surveillance or extracting data. The very questionable silver lining is that we don’t think that the U.K. government has taken advantage of the most dangerous provisions in the Act and forced backdoors into consumer technology… yet. We’ll be keeping a close eye on this one in 2017. 2017 and Crypto in the Trump Era Pretty much all we can say with confidence about what challenges cryptography law will face in 2017 is that we’re sure there will be some. President-elect Trump hasn’t said much on crypto directly, but during Apple v. FBI fight, Trump made it very clear he was on FBI’s side: “To think that Apple won't allow us to get into [the shooter's] cellphone? . . . Who do they think they are? No, we have to open it up.” He also called for a boycott of Apple until Apple caved. But like so much else, Trump has offered no specifics. Trump’s nominee for Attorney General, Senator Jeff Sessions (R-AL), is widely speculated to be aggressively anti-crypto. Again, Sen. Sessions has offered no specifics, but does “believe this is a more serious issue than Tim Cook understands.” Whatever 2017 and the Trump Administration bring, we’ll be ready for it. And you can be certain that we’ll fight as hard as we can for your right to use encryption without compromise. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016. Like what you're reading? Support digital freedom defense today! donate to EFF Related Cases:  Apple Challenges FBI: All Writs Act Order (CA) Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Surveillance in Latin America: 2016 in Review (Mo, 02 Jan 2017)
Throughout 2016, EFF and our civil society partners have been closely following digital rights developments throughout Latin America. You can see some of the results in Unblinking Eyes, our exhaustive survey of surveillance law and practice across the Americas, as well as multiple countries’ localized versions of Who Has Your Back (Mexico, Colombia, and Brazil), our guide to how companies respond to government data requests. Both projects were led by an increasingly strong network of local digital rights groups in Latin America, who, together with some investigative work by the region’s incredibly brave journalists, have been keeping up the fight against mass surveillance. ARGENTINA: A Database of Mobiles, Backsliding Among Spies Argentinians' privacy took a massive hit in October, when the Argentinean Ministry of Communication and the Ministry of Security adopted a resolution that creates a registry of users’ mobile communication services, citing a need to investigate serious and organized crime, including identity requirements for prepaid SIMs. Argentinian digital rights groups like Asociación por los Derechos Civiles fought the new regulation and opposed the nominees to lead the federal intelligence agency (AFI) for their lack of independence from the government. Despite that, the Senate confirmed their appointments in August, which may suggest the intelligence agencies are becoming more politicized and reverting back to old practices. BRAZIL: WhatsApp Gets Blocked Again In 2016, for the fourth time, WhatsApp users in Brazil faced an order blocking the popular, Facebook-owned secure chat service in July. Unlike in the past, the decision was made public, but the details of the case, including information available through the legal docket, are still not available. The government had been seeking real time communications between users and was frustrated by WhatsApp's end-to-end encryption.  CHILE: Surveillance Is Ballooning Out of Control Surveillance in Chile reached new heights in June 2016, when the country's highest court gave a green light to surveillance balloons. In its ruling, the Chilean Supreme Court rejected a legal action filed by Fundación de Datos Protegidos, Corporación Fundamental and Derechos Digitales to end surveillance through camera-balloons in two municipalities of the capital. PARAGUAY: Military Caught Spying on Journalists In August, a Paraguayan newspaper revealed that the Paraguayan government used its intelligence system to spy on journalists. The military intelligence team carried out an operation to spy on two cell phone numbers of the journalists from the ABC newspaper who were investigating a series of articles about corruption in the military. PERU: New Toys for the Spooks In August of 2016, the Associated Press revealed that the Peruvian government acquired a $22 million tool from Israeli company Verint to conduct mass surveillance of communications. The program, named Pisco, lets officials "intercept and monitor" satellite networks that carry voice and data traffic, putting the private communications of millions of Peruvians at risk. Located in a three-story building next to the country's spy agency, Pisco sits on a Lima military base off-limits to the public. It can track 5,000 individual targets and simultaneously record the communications of 300 people, according to agency documents, with eight listening rooms and parabolic antennae affixed outside to capture satellite downlinks. MEXICO: A Little More Transparency, a Challenge for Data Retention, And a Spyware Scandal Mexico managed to hit the headlines in three of EFF’s major areas of interest: transparency, data retention, and endpoint security. Even though a new Mexican law requires the government and private companies to publish transparency reports about electronic surveillance, the law has yet to produce substantial results. Only a single state entity, the Attorney General of the State of Querétaro, has complied with the law’s obligations, and AT&T Mexico is the only telecom company in the country to have published an individual transparency report on government data requests. On the brighter side, the Federal Telecommunications Institute reported in 2016 that AT&T, AXTEL, Megacable, Telcel, and Movistar complied with their obligation to deliver a biannual report on the number of real-time geolocation and data registration requests they receive. However, the transparency reports were not made public: instead, a copy of the report was obtained by civil society organization Red en Defensa de los Derechos Digitales (R3D) through a FOIA request. In May, Mexico’s Supreme Court heard a challenge filed by digital rights group R3D against articles 189 and 190 of the Ley Telecom, which require ISPs to retain communications data for two years. The Supreme Court made clear that a court order is required to access the retained data. Unfortunately, they refrained from declaring that mass data retention per se unconstitutional. Bizarrely, the court also gave the go-ahead to conduct real-time location tracking with no court order at all. R3D will be challenging the decision in the Inter-American Human Rights system, the region’s supranational judicial review court. In a theme that runs throughout the region, reporters uncovered massive Mexican government investment in new spying tools. The Mexican authorities spent $15 million to buy a tool called Pegasus from the Israeli firm NSO Group. Pegasus is a  “lawful intercept” spyware suite that can capture images and text messages, listen to phone calls, and steal other information from any smartphone. It appears that spyware was used to try to access the communications of Rafael Cabrera, a journalist investigating corruption in the Mexican government. Conclusion The vast amount of digital communications content we create—and the increasing ease with which it can be collected—means that governments around the world are capable of creating profiles of our lives: our medical conditions, political viewpoints, religious affiliations, and much more. Yet laws throughout Latin America and around the world are often vague and ripe for abuse, a problem compounded by secrecy around what the governments are doing. Our work in Latin America is part of our long-term project to reform global communications surveillance until it comports with human rights standards. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016.   Like what you're reading? Support digital freedom defense today! donate to EFF Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

The Year We Went on Offense Against DRM: 2016 in Review (So, 01 Jan 2017)
A decade ago, DRM seemed like it was on the ropes: it had disappeared from music, most video was being served DRM-free by YouTube and its competitors, and gamers were united in their hatred of the technology. But by 2016, DRM had come roaring back, finding its way into voting machines, insulin pumps, and car engines. Like all invasive species, DRM is hardy, and in the years since the mid-2000s, it has gone on to colonize nearly every category of software-enabled device, from thermostats to voting machines to cars and tractors to insulin pumps. Companies have worked out that since section 1201 of the Digital Millennium Copyright Act provides penalties for breaking DRM, they can simply design their products so that using them in ways that the manufacturer dislikes requires breaking DRM first, and then they can claim that using your property in ways that displease the company that made it is a literal felony. Companies use DRM to force you to pay extra for repairs at their authorized service centers, or to buy their official consumables—everything from printer ink to detergent for automated cat-litter boxes—or to control which software will run on your device, forcing you to download only from an official, controlled "app store." Every business has a mix of legal rights—like Netflix's right against infringing distribution of its videos—and commercial preferences—like Netflix's wish that you will only use its "offline viewer" to watch videos later, and not a third-party recorder that lets you take your videos on any device of your choosing. By adding DRM to their products, companies can convert those commercial preferences into legal rights—they can claim that it's illegal to arrange your affairs in ways that are suboptimal for their investors. Worst of all, companies claim that basic security research—finding and disclosing defects in products that threaten their users' safety and privacy—is also a violation of the law against breaking DRM. If you know about a defect in a product, you might be able to exploit that knowledge to figure out how to get around the DRM. Yeesh. In 2015, the U.S. Copyright Office held its regularly scheduled triennial hearing about DMCA 1201, and the world's top security researchers described the bewildering constellation of devices they've discovered to be unfit for service, but whose defects they cannot disclose because of the DMCA. The result was a set of short-lived, symbolic—but nonetheless vindicating—exemptions to DMCA 1201, and in 2016 we've built on that victory, and we're going to kill all the DRM in the world, forever. We're fighting DRM on many fronts. We've built an unprecedented coalition to beat back DRM in the core standards for the Web, we're using consumer regulations to push for DRM labeling on products, and building coalitions with security researchers, entrepreneurs, service and repair professionals, and international groups involved in this fight. It all comes under the banner of a project called Apollo 1201, whose mission is to end all the DRM in the world in a decade. We're in the right time at the right place. Some 20,000 EFF supporters signed our letter to Hewlett-Packard after the company pushed a fake "security update" that actually turned on DRM used to force printer owners to buy HP ink. These were the leading edge of a massive wave of people who are figuring out that their toaster is one next-generation computer vision system away from rejecting unauthorized bread and their dishwashers need only a simple RFID reader to begin rejecting third-party dishes. The good news is that DRM is such a disaster in so many ways—so bad for consumer rights, so bad for innovation, so bad for security—that the coming opposition will come from many fronts, and we'll be there, leading the charge. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016. Like what you're reading? Support digital freedom defense today! donate to EFF Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Passing, Defeating, and Leveraging Legislation in California: 2016 in Review (So, 01 Jan 2017)
While the presidential election has thrown the federal government into a cloud of uncertainty, one thing is clear: EFF has never been in a better position to protect our rights on the state level in California. In 2016, we built off our previous victories around surveillance transparency, passed new laws reforming criminal justice, defeated other bills that would’ve weakened our liberties, and laid the groundwork for the hard fight ahead in 2017. Here’s a round-up of some of our efforts in Sacramento over the last year. Crowdsourcing Transparency In 2015, EFF supported a series of bills to require government agencies to disclose their policies for use of automated license plate readers (ALPR) and cell-site simulators, and to publish inventories of all the systems they use to store data on the public. The three bills went into effect this year, and EFF’s supporters were ready to hold the agencies to account. In April, more than 30 citizen watchdogs joined EFF for the “California Surveillance Sweep,” in which we combed through local government agency websites for policies related to ALPR and cell-tracking technology. We found nearly 80 policies, but also identified another 90 that were not in compliance with the new laws. In the months since, many of those agencies have responded to our report by publishing those policies online. In August, our team of transparency advocates reassembled for the “California Database Hunt,” in which we scoured government websites for inventories of “enterprise systems,” the software systems agencies use to store information. These inventories are supposed to disclose the types of information agencies collect on the public and the purposes for amassing the information. In all, we compiled more 400 catalogs from across the state. Later EFF presented our findings at a state senate committee. Watch the video here. Next year, the legislature will consider a bill to expand these requirements to cover a larger array of surveillance technologies, and we look forward to working with the sponsor, Sen. Jerry Hill, on promoting these transparency efforts.  Gang Database Reform A deep investigation by Reveal, followed by a California State Auditor’s report, found massive problems with CalGang, the state’s law enforcement database that contains information on suspected gang members and their associates. The database was found to be rife with errors, lacking accountability, and providing little crime-fighting value.  EFF joined a coalition of justice organizations to flood legislators and the governor with emails in support A.B. 2298, a bill that would partially reform CalGang.The bill was signed by Gov. Jerry Brown in September, requiring law enforcement to inform people before they’re added to a shared gang database. Under the new law, people have a chance to go to court to challenge their inclusion in a gang database. And by January 2018, agencies that maintain these databases will have to produce detailed transparency reports. No SmartPhone Backdoors Amid the battle between Apple and the FBI over access to an encrypted iPhone used by a suspect in the San Bernadino shooting, Assemblymember Jim Cooper introduced a bill to require phone manufacturers to decrypt phones or else pay a fine. EFF launched a campaign to defeat the bill and emerged victorious: the legislation never made it out of its first committee.  Keeping Public Records in the Public Domain Following a brouhaha over who owns the name to a resort in Yosemite, the state legislature introduced a bill that would allow government agencies to claim intellectual property rights over government-produced works, overturning the current status quo that puts most public records in the public domain. The bill could have limited the right of the public and the press to publish records they received through the California Public Records Act. EFF, and a coalition of 25 organizations, fought hard against the legislation, resulting in the author abandoning the bill. Defending Drone Enthusiasts Several lawmakers in California introduced bills designed to regulate the consumer drone industry. While the lawmakers may have had good motives to protect people’s privacy and safety, the bills went too far by fully outlawing the arming of drones with devices that might damage property or hurt people. Now, on first glance, that might not seem like a terrible idea. But on further analysis EFF learned that the bill would criminalize the ability of drone enthusiasts to engage in voluntary aerial combat games, in which drones dogfight with only rudimentary weapons, like a dangling wire to jam an opponent’s rotors. EFF stood up for the rights to innovate and to participate in events like those staged by the Aerial Sports League at Maker Faire SF. We ultimately defeated the bills. Victory for Virtual Currency The California Assembly resurrected a short-sighted proposal to overregulate the virtual currency industry. The bill was fraught with technically inaccurate information and burdensome requirements for start-ups that would ultimately hurt the consumer. EFF pushed back with the help of the virtual currency proponents, ultimately sending the bill back into hibernation. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016. Like what you're reading? Support digital freedom defense today! donate to EFF Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Shining a Spotlight on Shadow Regulation of the Internet: 2016 in Review (So, 01 Jan 2017)
Over the past few years, Internet users have found their voice in the halls of power. Through legal challenges, speaking to legislators, and effective online organizing, we've beat back many attempts to create mechanisms of censorship and strip speakers of their privacy. We defeated the SOPA/PIPA Internet blacklist bills, and the ACTA and TPP agreements, and stood up for net neutrality as a free speech principle. But these victories had a side effect: corporate and government interests who seek to edit the Internet and regulate others' speech have turned to private agreements. These agreements can create restrictions that are as effective as any law, but without the need for approval by a court or parliament. Sometimes they are even initiated by government officials, who offer companies the Hobson's choice of coming up with a "voluntary" solution or submitting to government regulation. This year, we've begun to shine a spotlight on these Shadow Regulations, and hold them to the same high standards as we do for laws. Many of the Shadow Regulations we've looked at involve copyright enforcement. Since the defeat of SOPA/PIPA in 2012, major music and movie distributors have been trying to achieve the goal of those bills—making so-called "rogue websites" disappear from the Internet at the request of major entertainment companies—through private agreements with payment processors, advertising networks, and DNS companies. Whether it happens through law or private agreement, copyright enforcement needs to be based on valid rules and employ fair processes and accountability, and users must have a voice in the design of these rules and processes. Private regulation of the Internet has also reached into online pharmacies and "hate speech" codes. Just this month, Facebook, YouTube, Microsoft, and Twitter announced that they will be creating a common blacklist of "terrorist content" to be blocked from their platforms, although the bounds of what speech will be blocked, and who will decide, remain a mystery. This agreement seems to have been made under pressure from a European Union governing body, which may itself avoid accountability for the inevitable overblocking and politically-motivated censorship that will occur. Because the Internet crosses borders, there will always be some private coordination of its functions. Governments shouldn't have sole control of the Internet, especially governments that don't respect individual rights. But when private coordination is needed—for example, to set technical standards for connecting to the Internet—that coordination needs to be transparent, accountable, and balanced. Simply labeling something a "multistakeholder" process doesn't make it accountable or legitimate. That's why we're also looking at groups and agreements that create Internet policies and norms, and how they can work better. By calling out dangerous and unaccountable shadow regulations, we're empowering users to choose companies that respect individual rights, and holding governments accountable for the policies they seek, wherever those policies get put into practice. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016. Like what you're reading? Support digital freedom defense today! donate to EFF Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Ringing in the New Year with Resistance: 2016 in Review (Sa, 31 Dez 2016)
Since the Electronic Frontier Alliance launched this spring, dozens of grassroots groups across the country have found common cause. United by digital rights principles including freedom of expression, access to knowledge, and privacy, they independently pursue a vast array of activities from public education and policy advocacy to hackathons and projects creating digital infrastructure. In 17 states plus the District of Columbia, dozens of local groups are bringing together grassroots digital rights activists to raise awareness, spread information, share skills, and push their universities, cities, and states to reconsider their policies on issues from domestic surveillance to patent reform. Wherever local activists have joined the Alliance, they have successfully brought together neighbors to learn from each other and begin the long and difficult process of shifting policy, law, and culture. In the following half dozen locations, they have gone even further by making palpable progress towards those goals. Lucy Parsons Labs, a grassroots organization directed by youth of color wielding technology expertise, released a public beta version of Open Oversight, an online database of Chicago police officers. After two years of public records requests, LPL also released evidence that the Chicago Police Department uses funds gained through civil asset forfeiture to purchase surveillance technology used to spy on cell phone networks during mobilizations by the movement for black lives. The Hacking Club at San Francisco State University hosted former SFSU student / EFF technologist Cooper Quintin in December to discuss how to use one’s hacking powers for good, as well as his experience hunting for Stingrays at Standing Rock. EFF’s Elliot Harmon visited Austin, Texas, in October for an event co-hosted by local groups (including the Committee on Law and Technology, a student-led organization at the UT-Austin School of Law) to launch the first Reclaim Invention campaign in the South. After speaking at the U.S. Air Force Academy’s Eisenhower Center for Space & Defense Studies, I had a chance to facilitate a discussion among grassroots activists in Denver during a launch event that they hosted for EFA Colorado bringing together individuals from across the state. EFF investigative researcher Dave Maass hosted two crowdsourced investigations coordinating the efforts of dozens of volunteers to expand public transparency under unique opportunities created by California state laws. In April, the California Surveillance Sweep helped identify 90 law enforcement agencies that had yet to comply with a recent state law mandating disclosure of privacy and usage policies for specific surveillance technology platforms. In August, the similarly organized Great California Database Hunt helped collect 400 government database catalogs from state agencies. California’s Santa Clara County became the first jurisdiction in the country to enact a local legal reform now pursued by dozens of campaigns across the country in their respective jurisdictions. Supported by three allied groups within the EFA (including the Oakland Privacy Working GroupPeninsula Peace and Justice Center, and Restore the Fourth-Bay Area) as well as EFF (which addressed the County Board and also wrote a letter supporting the reform), the new law requires public approval before surveillance equipment can be purchased by local law enforcement agencies, which otherwise have routinely gained access to military-grade surveillance tools without public knowledge or consent. If you’d like to learn more about the Electronic Frontier Alliance, the groups within the Alliance doing formidable work around the U.S. to advance digital rights, or how to get involved wherever you live, join us in the new year for the January 2017 EFA teleconference. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016. Like what you're reading? Support digital freedom defense today! donate to EFF Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Chipping Away at National Security Letters: 2016 in Review (Sa, 31 Dez 2016)
When Congress passed the USA FREEDOM Act in 2015 as part of the country’s reckoning with the post-9/11 surveillance state, comparably little attention was paid to amendments the law made to national security letters (NSLs). At the time, EFF said that these changes stopped far short of the NSL reform we’d hoped for, and we predicted only superficial improvements in how the FBI issues NSLs. In 2016, we saw how these changes played out in real cases—some involving EFF clients—and it looks as if our assessment was appropriately measured. Overall, the revised law has allowed for the FBI to engage in selective transparency about NSLs on a modest scale, all the while seeking to expand the scope of NSLs and stand in the way of independent oversight. In 2016, EFF notched a few victories on behalf of our clients, but we’re still looking to achieve total victory and have the NSL statute declared unconstitutional. First Amendment Horseshoes The passage of USA FREEDOM in 2015 made for considerable uncertainty in EFF’s long-running constitutional challenge to the NSL statute—in our three consolidated cases, we were in the midst of defending a 2013 district court ruling that the previous version of the law failed to meet the First Amendment. Rather than deciding the appeal, the Ninth Circuit sent the cases back to the district court, which issued a disappointing ruling this March. Unfortunately, Judge Illston of the federal district court for the Northern District of California found that the changes to the NSL statute introduced by USA FREEDOM were sufficient to remedy the constitutional defects she identified in her 2013 ruling. In particular, although she previously determined that the First Amendment required the FBI to ask a court to review NSL gag orders in all cases, Judge Illston determined that the new “reciprocal notice” procedure—by which the FBI need only go to court if an NSL recipient asks for it—was close enough. But as the saying goes, “close only counts in horseshoes and hand grenades,” and the First Amendment requires more. Similarly, the court found that although the revised statute didn’t meet the high standards of the First Amendment, it didn’t need to do so because NSL recipients aren’t the kind of “customary speakers” who receive full First Amendment protections. We think the district court’s ruling was seriously misguided, as demonstrated by the desire of so many service providers to talk about NSLs and publish the ones they’ve received. (More on that below.) We’ve appealed Judge Illston’s ruling back to the Ninth Circuit, where briefing is ongoing. A silver lining was the court’s determination that in one of these three consolidated cases, the FBI had failed to demonstrate why our client should remain gagged. As a result, in November CREDO Mobile was able to reveal that it had been fighting two NSLs it received back in 2013.  Sticking Up to NSLs with a Little Help from Our Friends Companies like CREDO deserve serious praise for choosing to stick up for their users when faced with intimidating surveillance requests like NSLs. It’s not always an easy road: CREDO had to stay silent about its fight against these NSLs for many years, and it was forced to self-censor even as Congress debated and passed USA FREEDOM. But we wouldn’t be able to do our work without companies taking this kind of stand, and we hope others will follow suit. Another organization that did just that in 2016 was the Internet Archive, which received an NSL in August. Represented by EFF, the Archive pushed back on the FBI’s request, which ignored the protection from NSLs that the law gives to libraries. In addition, we noticed that the NSL sent to the Archive failed to mention that USA FREEDOM had changed how often NSL recipients could bring a challenge. That’s concerning exactly because these challenges are so rare. In response, the FBI lifted the gag on the Archive and agreed to send revised NSLs to everyone it had misinformed, potentially thousands of recipients. We’re proud of this victory and were glad to help the Archive in its mission to protect reader privacy and access to the world’s knowledge. Selective Transparency in Action  USA FREEDOM requires the FBI to periodically review NSLs to determine whether accompanying gag orders need to stay in place. As we’ve argued in our constitutional challenges, this does little to stop the FBI from issuing indefinite and overbroad gag orders in the first place, and it is no substitute for independent review of NSLs by a court. Even the limited procedures put in place by the FBI to do this review have, in the words of a D.C. district court opinion issued in August, “several large loopholes.”   Nevertheless, the FBI’s reviews allowed two notable recipients to publish a handful of NSLs in 2016. In June, Yahoo became the first company to publish three NSLs thanks to the USA FREEDOM-mandated review, and Google followed with eight more in December. Nice as it is to see these individual disclosures, we should remember that the FBI unilaterally controls the decision to remove these gags and appears to be doing so in very small dribs and drabs. By comparison, the Bureau has issued hundreds of thousands of NSLs in the last 15 years, so the publication of ten or twenty is a very narrow slice indeed. There are other areas where USA FREEDOM left the FBI’s secrecy untouched. Most notorious are Department of Justice procedures for using NSLs in investigations involving journalists, including to identify confidential sources based on communications metadata. Despite a Freedom of Information Act lawsuit brought by the Freedom of the Press Foundation, it took a leak published by the Intercept in June for the public to see these guidelines, which unsurprisingly do little to protect journalist-source relationships. Legislative Fight in 2017 Finally, even as EFF’s constitutional challenge makes its way through the appeals process, there’s a worrying battle looming as the FBI seeks to actually expand the kinds of information it can obtain with an NSL. Several times over the summer, the DOJ and FBI attempted to include a legislative amendment that would allow the government to issue NSLs for Internet records including browsing history and email headers, known as electronic communication transactional records, or ECTRs. Those proposals failed to advance, but we’ll be watching closely to see if they resurface with a new Congress and administration in 2017. Needless to say, expanding this secretive power to include even more revealing information is not the way to go. We’ll fight it tooth and nail. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016.   Like what you're reading? Support digital freedom defense today! donate to EFF Related Cases:  National Security Letters (NSLs) In re: National Security Letter 2011 (11-2173) In re National Security Letter 2013 (13-80089) In re National Security Letter 2013 (13-1165) 2016 Internet Archive NSL Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Everybody Wants To Rule The World (Wide Web): 2016 in Review (Sa, 31 Dez 2016)
It's been twenty years since John Perry Barlow declared cyberspace independent, but there continues to be a long line of not-so-weary giants aiming to expand their territory over the electronic frontier. Here is 2016's roll call of national governments and courts who either presumed that their own local law should be enforced across the global Internet, or are attempting to lock down their own citizens into a shuttered and parochial version of the world wide net: In Google v. Equustek, a Canadian appeal court insisted that an order to remove search engine links to a site involved in a trade secrets case should be removed from everyone's sight—including billions of Internet users outside Canada's jurisdiction. EFF intervened and earlier this month argued before the Canadian Supreme Court that forcing search engines to implement the court's order worldwide would affect non-Canadians' right to access information that could very well be lawful in their own nation. France's data protection regulators, CNIL, similarly declared that search engines implementing France's Right to Be Forgotten must de-list links globally—as opposed to the EU-only geo-blocking accepted by the data protection authorities in other European countries. The case is now being appealed to France's highest administrative court, the Conseil d'Etat, where EFF joined with eight other human rights groups to point out the dangerous consequences if every country claimed that their censorship laws must apply across the global net. We also stressed how such an order would be unlawful in the United States. The parties in both Equustek and CNIL cases highlight who is expected to use their power to erase and forget: Google and the social media giants of the 2016's Internet. As well as attempting to turn these multinationals into global censors, governments across the world are working with them in subtler ways, with the same effect. Shadow regulations are "voluntary" agreements between corporations and governments, where companies agree to take down content or suspend accounts under vague and wide-ranging terms. We've got a whole other blog post devoted to reviewing creeping shadow regulation in 2016, but here are a couple of this year's examples that ended up with one part of the world broadening its laws and prohibitions through deals with globe-spanning Internet companies. The European Commission negotiated a "code of conduct" this year with the big social media companies, where they agreed to remove the majority of "illegal hate speech" within 24 hours of being notified by EU authorities. Because these take-downs would take place under the companies' own terms of service, this content removal would be worldwide in its effect, with no due process, no court of appeals, and very little transparency. In December, the same Internet companies agreed to compile, share and act on a collective set of hashes (digital fingerprints) of terrorist imagery and videos—a secret database of content that will be pro-actively forbidden on the vast majority of social media platforms. What counts as "terrorist" is left undefined, but given the companies' base in the United States, it will undoubtedly track closely that country's view of who in the world is a terrorist. That is, until other countries decide to encourage these companies to adopt their suggested hashes. The United States government was also caught expanding its jurisdiction across the Atlantic: After attempting to use a U.S. search warrant to seize data stored by Microsoft overseas, the Second Circuit Court of Appeals told the U.S. Department of Justice that if they wanted to get data held in Ireland, they'd need to come back with a local, Irish, warrant. (EFF provided an amicus arguing in favor of this approach.) But requiring the American government to come back with a local warrant may not last much longer, at least in the United Kingdom and United States. Over the summer of 2016, the U.K. and U.S. governments began lobbying Congress to create a new shortcut for obtaining the contents of communications and live taps of data in each other's countries. The new U.K./U.S. agreement would expand the jurisdiction of the U.S. courts to obtain email and other private data from the U.K. It would also allow British law enforcement to ask American companies for the contents of emails without a U.S. warrant. The bill would require a change to the law in the United States, and a new willingness in the U.K. to let the United States government rifle through private U.K. users' data without asking.  The biggest headline-grabber in Internet control this year, though, was ICANN. One of the net's few points of centralized control, the domain name authority officially ended its ties with the U.S. government and established itself as independent body. Despite cries from U.S. politicians that Washington was losing control of the Internet, the end result remained close to the status quo. ICANN stays a private company, still working out of the United States. It continues to be courted by governments and corporations alike to reflect their vision of how domain names should be policed. EFF continues to advocate that ICANN should stand up for the privacy and free expression rights of domain name owners wherever they live. While Western countries fought to expand (or fight to maintain) their influence on the global net, we also see countries have been flexing their muscles close to home. These included: Russia, where the increased enforcement of 2013's 242-FZ data localisation mandate, together with the new Yarovaya data retention law, increased the pressure on foreign companies to track their Russian users and keep their private data available for the authorities. China, where the PRC's new Cybersecurity Law gave that country even wider powers to force foreign and local companies to provide Chinese authorities access to personal data. Brazil, where judges and politicians continued to threaten net service providers like WhatsApp with bans and blocks unless they provide back doors or keep data stored locally. Those are just this year's latest attempts to divide and conquer the net. We anticipate, as John Perry Barlow did two decades ago, continuing attempts to erect these "guard posts at the frontiers of cyberspace." But while you're still there supporting us, we'll work to keep the net an open frontier, not enclosed and divided by scrapping states. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016. Like what you're reading? Support digital freedom defense today! donate to EFF Related Cases:  Google v. Equustek Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Fighting for Fair Use and Safer Harbors: 2016 in Review (Fr, 30 Dez 2016)
In 2016 we witnessed the latest stretch in an ongoing struggle over the shape of copyright law and who it serves - between a law that respects and promotes innovation and free expression, and one that only serves the interests of large copyright holders. This year we welcomed a run of victories for fair use and Internet safe harbors, while looking toward some important battles yet to come.  The fight for fair use heads to the Supreme Court in Lenz v. Universal  After 9 years of battling it out in the lower courts, Stephanie Lenz, represented by EFF, has taken her fight for Internet fair use to the United States Supreme Court. In August, Lenz filed a petition asking the Court to overturn a part of the 2015 ruling from the United States Court of Appeals for the Ninth Circuit that undermines the Digital Millennium Copyright Act’s safeguards for users. In 2007, Lenz first filed the “Dancing Baby” lawsuit after her YouTube video was taken down as the result of a bogus copyright infringement notice from Universal Music. Lenz’s video was a 29 second recording of her toddler dancing in her kitchen while Prince’s “Let’s Go Crazy” played, barely audible, in the background. Lenz argued that Universal’s takedown notice was precisely the kind of abuse that the DMCA’s safeguards are designed to prevent. In 2015, the Ninth Circuit issued an important decision holding that copyright holders must consider whether alleged infringement is a fair use before sending a takedown notice. But the court also applied an entirely subjective standard that, we fear, will be read to allow rights holders to target content “based on nothing more than an unreasonable hunch, or subjective criteria they simply made up[.]” We don’t think this is what Congress intended, and Lenz has asked the Supreme Court to protect users’ fair use rights and overrule this part of the decision. Supreme Court declines to overturn fair use ruling in Google Books case  In April, the Supreme Court rejected the Authors’ Guild’s request to review the Second Circuit’s landmark fair use ruling in the Google Books litigation.  By declining to hear the appeal, the Supreme Court left in place a significant victory for fair use and brought an end to over a decade of litigation. The Second Circuit found the Google Books project to be a highly transformative fair use of the authors’ copyrighted works, providing the public information to which they would not otherwise have access. The court’s opinion also affirmed that copyright law’s main purpose is to serve the public by facilitating access to knowledge and creative works, stating “[t]he ultimate goal of copyright is to expand public knowledge and understanding. . . Thus, while authors are undoubtedly important intended beneficiaries of copyright, the ultimate, primary intended beneficiary is the public, whose access to knowledge copyright seeks to advance by providing rewards for authorship.”  Federal Jury finds Google’s use of Java APIs fair use in Oracle v. Google In May, a federal jury unanimously agreed that Google’s use of Java APIs in the Android operating system was a fair use. Following on the heels of the Court of Appeals for the Federal Circuit’s disappointing and dangerous decision that APIs are copyrightable, the fair use verdict ensures some degree of protection against copyright creep for software innovation and interoperability. But, as we’ve said before, it would be far better if the Federal Circuit had recognized that APIs are a system or method of operation and therefore not eligible for copyright protection.  Oracle is appealing the decision to the Federal Circuit, and we’re hoping that, this time, the court makes the right call and upholds the jury’s verdict. Appeals court affirms Vimeo has no obligation to monitor or investigate user uploads This June, responding to one of several recent attacks on the DMCA’s safe harbors for Internet intermediaries, the Second Circuit ruled that online video site Vimeo had no obligation to investigate or monitor its users’ uploads for copyright infringement. Recording company Capitol Records sued Vimeo back in 2014, arguing that the DMCA’s safe harbors did not cover pre-1972 sound recordings (which aren’t covered under federal copyright law) and that even if the safe harbors did apply, Vimeo should lose its protection for failing to investigate potentially infringing uploads. The Second Circuit roundly rejected Capitol Records’ arguments, finding that the safe harbors did apply, and that Vimeo had no duty to monitor user uploads for infringement. In so doing, the Second Circuit handed a significant win to users and online platforms in the ongoing battle over the scope of the safe harbors. If the decision had come out the other way, it would have been disastrous for competition and free expression online. An obligation that platforms monitor all user-generated content would impose a substantial economic burden on small and non-commercial platforms and would almost certainly lead to overzealous filtering and restriction of users’ activities online. Appeals court gives music sampling some room to breathe in VMG Salsoul v. Ciccone The Ninth Circuit’s holding in VMG Salsoul v. Ciccone that copyright law’s “de minimis” doctrine does in fact apply to music sampling was a long overdue departure from the Sixth Circuit’s 2005 Bridgeport Music decision. In Bridgeport, the Sixth Circuit foreclosed application of the doctrine to sound recordings, making music sampling a risky and expensive enterprise. This year the Ninth Circuit gave music sampling back some much needed breathing room in holding that Madonna’s use of a .23 second sample of a Salsoul Orchestra song was “de minimis” and therefore not infringing. But 2016 wasn’t all victories for users. In BMG v. Cox Communications, for example, a judge in the Eastern District of Virginia held that an Internet service provider (ISP) might have to cut off someone’s Internet access on the basis of mere allegations of infringement, or else lose the legal protections that ensure ISPs can’t be held liable for infringement by their customers.  EFF, along with Public Knowledge and the Center for Democracy and Technology, filed a brief in support of Cox’s ongoing appeal, asking the Fourth Circuit to consider the importance of Internet access in daily life in determining when copyright law requires an ISP to cut off someone’s connection. We’re glad to see that some courts are pushing back against copyright holders’ demands to shape the law to serve their own interests. In 2017 we’ll continue the fight to ensure that copyright law works for all of us. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016. Like what you're reading? Support digital freedom defense today! donate to EFF Related Cases:  Oracle v. Google Lenz v. Universal Capitol v. Vimeo Authors Guild v. Google, Part II: Fair Use Proceedings Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Secure Messaging Takes Some Steps Forward, Some Steps Back: 2016 In Review (Fr, 30 Dez 2016)
This year has been full of developments in messaging platforms that employ encryption to protect users. 2016 saw an increase in the level of security for some major messaging services, bringing end-to-end encryption to over a billion people. Unfortunately, we’ve also seen major platforms making poor decisions for users and potentially undermining the strong cryptography built into their apps. WhatsApp makes big improvements, but concerning privacy changes In late March, the Facebook-owned messaging service WhatsApp introduced end-to-end encryption for its over 1 billion monthly active users.  The enormous significance of rolling out strong encryption to such a large user-base was combined with the fact that underlying Whatsapp’s new feature was the Signal Protocol, a well-regarded and independently reviewed encryption protocol. WhatsApp was not only protecting users’ chats, but also doing so with one of the best end-to-end encrypted messaging protocols out there. At the time, we praised WhatsApp and created a guide for both iOS and Android on how you could protect your communications using it. In August, however, we were alarmed to see WhatsApp establish data-sharing practices that signaled a shift in its attitude toward user privacy. In its first privacy policy change since 2012, WhatsApp laid the groundwork for expanded data-sharing with its parent company, Facebook. This change allows Facebook access to several pieces of users’ WhatsApp information, including WhatsApp phone number, contact list, and usage data (e.g. when a user last used WhatsApp, what device it was used it on, and what OS it was run on). This new data-sharing compounded our previous concerns about some of WhatsApp’s non-privacy-friendly default settings. Signal takes steps forward Meanwhile, the well-regarded end-to-end encryption app Signal, for which the Signal Protocol was created, has grown its user-base and introduced new features.  Available for iOS and Android (as well as desktop if you have either of the previous two), Signal recently introduced disappearing messages to its platform.  With this, users can be assured that after a chosen amount of time, messages will be deleted from both their own and their contact’s devices. Signal also recently changed the way users verify their communications, introducing the concept of “safety numbers” to authenticate conversations and verify the long-lived keys of contacts in a more streamlined way. Mixed-mode messaging 2016  reminded us that it’s not as black-and-white as secure messaging apps vs. not-secure ones. This year we saw several existing players in the messaging space add end-to-end encrypted options to their platforms. Facebook Messenger added “secret” messaging, and Google released Allo Messenger with “incognito” mode. These end-to-end encrypted options co-exist on the apps with a default option that is only encrypted in transit. Unfortunately, this “mixed mode” design may do more harm than good by teaching users the wrong lessons about encryption. Branding end-to-end encryption as “secret,” “incognito,” or “private” may encourage users to use end-to-end encryption only when they are doing something shady or embarrassing. And if end-to-end encryption is a feature that you only use when you want to hide or protect something, then the simple act of using it functions as a red flag for valuable, sensitive information. Instead, encryption should be an automatic, straightforward, easy-to-use status quo to protect all communications. Further, mixing end-to-end encrypted modes with less sensitive defaults has been demonstrated to result in users making mistakes and inadvertently sending sensitive messages without end-to-end encryption. In contrast, the end-to-end encrypted “letter sealing” that LINE expanded this year is enabled by default. Since first introducing it for 1-on-1 chats in 2015, LINE has made end-to-end encryption the default and progressively expanded the feature to group chats and 1-on-1 calls. Users can still send messages on LINE without end-to-end encryption by changing security settings, but the company recommends leaving the default “letter sealing” enabled at all times. This kind of default design makes it easier for users to communicate with encryption from the get-go, and much more difficult for them to make dangerous mistakes. The dangers of unsecure messaging In stark contrast to the above-mentioned secure messaging apps, a November report from Citizen Lab exposes China’s WeChat messenger’s practice of performing selective censorship on its over 806 million monthly active users.  When a user registers with a Chinese phone number, WeChat will censor content critical of the regime no matter where that user is. The censorship effectively “follows them around,” even if the user switches to an international phone number or leaves China to travel abroad. Effectively, WeChat users may be under the control of China’s censorship regime no matter where they go. Compared to the secure messaging practices EFF advocates for, WeChat represents the other end of the messaging spectrum, employing algorithms to control and limit access rather than using privacy-enhancing technologies to allow communication. This is an urgent reminder of how users can be put in danger when their communications are available to platform providers and governments, and why it is so important to continue promoting privacy-enhancing technologies and secure messaging. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016.   Like what you're reading? Support digital freedom defense today! donate to EFF Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Most Young Gig Economy Companies Way Behind On Protecting User Data: 2016 In Review (Do, 29 Dez 2016)
"Sharing" or "gig economy" companies like Uber and Airbnb continued to grow in 2016, meaning their data protection and privacy practices came into sharp focus as millions of Americans turned to these young companies for everything from rides to the airport to renting an apartment instead of a hotel room. Customers are entrusting these companies—including others like Lyft, TaskRabbit, and Instacart—with enormous amounts of sensitive information about their habits and lives. To access the services offered, or to offer services via company apps, individuals are disclosing data about where they live and shop, what they buy, where they sleep, and where they travel. In 2016, we published our annual Who Has Your Back report, which took a close look at policies and practices of gig economy companies and found much to be desired. On the whole, gig economy companies haven’t caught up with the rest of the tech industry in safeguarding user data against unwarranted government access demands. When the government comes knocking, most gig economy companies—whether home rental services, car sharing, or on-demand labor—aren’t promising to stand by their users. Half of the companies we reviewed didn’t require a warrant before turning over customer data to law enforcement. Most of the companies we reviewed haven’t issued transparency reports providing information about the number of government data requests they get. There were some exceptions. Uber and Lyft earned our highest marks for best practices in transparency over their handling of user data. But in December, Uber made a change in its iPhone app that undermined user privacy. The company removed an option to limit location tracking of its customers to “While Using,” a privacy setting in the iOS that provides users control of when their information is shared with the app. When you need a ride and open the Uber app, you are asked for location data and given the option of providing this “Always” or “Never.” The company took away the option of providing location data only while using the app. Choosing “Always” enables Uber to track your location for five minutes after you leave the vehicle. Sorry, but that’s just creepy and unnecessary. We’ve asked Uber to restore the “While Using” choice. Unfortunately the Uber location tracking change is part of a disturbing trend among software makers that we saw continue in 2016 to take away, or at least limit, the ability of users to opt out of functionality that automatically gobbles up your personal information—such as location data and browsing history. Two other examples stand out in the past year. Microsoft has aggressively pushed its Windows 10 upgrade on customers, using tactics that went from annoying to downright malicious. If that’s not troubling enough, consumers who upgrade find that once installed, Windows 10 sends an unprecedented amount of usage data back to Microsoft, particularly if users opt in to “personalize” the software using the OS assistant called Cortana. Here’s a non-exhaustive list of data sent back: location data, text input, voice input, touch input, webpages you visit, and telemetry data regarding your general usage of your computer, including which programs you run and for how long. Unless you’re an enterprise user, no matter what, you have to share at least some of this telemetry data with Microsoft and there’s no way to opt-out of it. The second example involves the note-taking app Evernote. The company adopted a new privacy policy in December that allows some employees to read user content for the sake of improving its machine learning technology. Want to avoid the company’s prying eyes? Apparently there’s no clear way to do so if you want to continue using the service. As our review shows, it is incumbent upon users to be mindful of what and how much information they give up in order to participate in the digital marketplace and to vote with their feet to platforms that do a better job of protecting user privacy.   This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016.   Like what you're reading? Support digital freedom defense today! donate to EFF Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Dark Skies for International Copyright: 2016 in Review (Do, 29 Dez 2016)
It's hard to imagine that a year ago we were celebrating "positive movement" towards reforms to European copyright law, expecting that the European Commission would be soon proposing new copyright exceptions and other measures to modernize Europe's aging copyright regime. Instead, what we got was a proposal to force user-generated content websites to do deals with copyright holders to scan and filter users' uploads, along with a proposal to give news publishers the power to impose a link tax on third-party websites such as news aggregators. There were also few legislative sops thrown to users and creators—a slight relaxation of national barriers to online TV services within Europe and some narrowly-drafted exceptions to allow text and data mining by research organizations, online illustration for teaching, and preservation of cultural heritage by libraries and archives. But the headline threats of the European Commission's proposal—the upload filtering and the link tax—outweigh these modest benefits. Thankfully the deal is not quite yet done, and negotiations over compromises to the European Commission's proposals will continue into the New Year. Users didn't fare much better in the European courts. The European Court of Justice, in a particularly bad decision, ruled that a website that merely links to copyright-infringing material can be held liable for copyright infringement. We predicted at the time that the decision would result in new copyright lawsuits against websites for innocently hosting such links, and it hasn't taken long for this to prove true. TorrentFreak reported this month on one such case, in which a website operator was held liable for linking to another website which reproduced a Creative Commons–licensed photo without including attribution of the photographer, as required by the license. The success of the World Wide Web was built upon the freedom to link to external resources without permission—a freedom that this atrocious series of court decisions has now curtailed. 2016 wasn't a year noted for its bright sides, but if there are any for international copyright, it must be in the defeat of the Trans-Pacific Partnership in the United States, which would otherwise have locked down many of the worst aspects of U.S. copyright law such as its life-plus-70-year copyright term, its prohibition on DRM circumvention, and its outlandish civil and criminal penalties for copyright infringement. Even this victory, though, is proving a little bitter, as several of the TPP countries are continuing moves to ratify the agreement and to amend their laws as if in preparation for it to come into force. Thankfully the implementing legislation that we have seen so far has been conditional on the unlikely circumstance of the TPP coming into effect (we originally reported that Japan's implementation would be unconditional, but have since learned otherwise). It it too much to hope for a rosier dawn next year? The last twelve months in copyright give us yet another reason to hope for a better 2017, and all the more motivation to play our part in making it happen. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016. Like what you're reading? Support digital freedom defense today! donate to EFF Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Congress Gives FOIA a Modest but Important Update For Its 50th Birthday: 2016 in Review (Mi, 28 Dez 2016)
Year after year, federal agencies worked behind the scenes to thwart any attempt to reform the Freedom of Information Act (FOIA). In 2016, Congress finally came through and successfully amended the 50-year-old transparency statute with the goal of improving our ability to oversee our government. For FOIA’s golden anniversary, EFF and other transparency advocates were hoping for a comprehensive set of reforms (our wishlist is here). Although what Congress ultimately passed wasn’t half as robust, the FOIA Improvement Act of 2016 represents some of the most pronounced changes to the law in roughly a decade. The biggest change: “the presumption of disclosure.” FOIA now explicitly limits officials' discretion to withhold records by requiring agencies to disclose them by default, with a couple of exceptions. The agency can hold back if it can point to a law other than FOIA that prohibits disclosure. The agency can also withhold the records if it can articulate exactly how disclosure would harm a specific interest protected by FOIA’s exemptions, such as an individual’s private medical records or classified military files. EFF is cautiously optimistic that the presumption of disclosure rule will lead to greater transparency. Other features of the reform bill: The All-in-One FOIA Portal. The law mandates that the federal government create a central online portal that will allow anyone to file a FOIA request with any agency. No More Outdated Regs. The law also requires all federal agencies to update their FOIA regulations before the end of 2016 to reflect the current law. This was a small but essential requirement, as many agencies’ regulations were woefully out of date, ignoring changes to FOIA passed by Congress from as far back as 2007. The 25-Year “Deliberative Process” Clock. The law now includes a 25-year limit on agencies’ claims that records would disclose internal decision-making, in what is known as the deliberative process privilege, and required agencies to give requesters more time to appeal denied requests. The FOIA reforms have already had an impact. One of EFF’s allies, the National Security Archive, had been fighting in court for years to disclose a volume of the CIA’s Bay of Pigs invasion history. The CIA had long claimed that the document could not be released on grounds that it would reveal internal decision-making, i.e. deliberative process. After the law passed, the CIA reversed course and released the document to the Archive. You can read the newly released history here. We’d like to wish a Very Sunshiny New Year to Sens. John Cornyn (R-TX) and Patrick Leahy (D-VT) and Rep. Jason Chaffetz (R-UT) for getting the bill to President Obama’s desk and fixing parts of our nation’s transparency law. But we’ll be clinking our champagne flutes to the coalition who worked with us all year, which included: Project On Government Oversight, National Security Archive, Sunshine in Government Initiative, Reporters Committee for Freedom of the Press, American Society of News Editors, ACLU, and, of course, the Sunlight Foundation. And to the incoming agency heads, we’ll FOIA you in January. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016. Like what you're reading? Support digital freedom defense today! donate to EFF Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

Our Fight to Rein In the CFAA: 2016 in Review (Mi, 28 Dez 2016)
Laws enacted out of fear, not facts, are a recipe for disaster. That’s what happened with the Computer Fraud and Abuse Act (CFAA)—the federal statute that makes it illegal to break into computer systems to access or alter information. The law’s notoriously vague language has confused courts, chilled security research, and given overzealous prosecutors broad discretion to bring criminal charges for behavior that in no way qualifies as breaking into a computer. And it’s out of touch with how we use computers today. We were hard at work in 2016 pushing courts to limit the CFAA to what Congress intended and advocating for reform that would rein the law back in. We’ve seen some minor victories as well as a few setbacks, but we anticipate a big fight next year against efforts to expand the law without correcting its many problems. We stand ready. The CFAA was passed back in 1986—in the very early years of the Internet, long before the vast majority of people were even using email—after a House of Representatives report cited WarGames, a 1983 techno thriller staring Matthew Broderick and Ally Sheedy, as a "realistic representation of the automatic dialing and access capabilities of the personal computer." And because Congress was trying to solve a problem it didn’t fully understand, it gave us a law with incredibly vague language. The CFAA makes it illegal to intentionally access a “protected computer”—which includes any computer connected to the Internet—“without authorization” or in excess of authorization. But it doesn’t tell us what “without authorization” means. This language is so vague that, if not applied narrowly, it could criminalize routine online behavior like checking the weather while at work or using a family member’s Netflix password. A few years back, the U.S. Ninth Circuit Court of Appeals clarified that terms of service violations—like using a work computer for personal reasons or creating a Facebook account with anything other than your real name—cannot give rise to CFAA liability. Two other circuit courts, the Second Circuit and Fourth Circuit, have since followed suit, along with numerous district courts across the country. But this year, we learned that even though the three most recent federal circuit courts to address the issue agree, federal prosecution guidelines still recommend pursuing an overbroad and constitutionally suspect interpretation of the statute in any jurisdiction that hasn’t explicitly rejected it. The government released the guidelines in a pending ACLU lawsuit, which challenges the CFAA on First Amendment grounds for chilling research into online discrimination. The guidelines make one thing clear: our fight against the government’s problematic interpretation of the CFAA is far from over. And we’re prepared to go to court to continue this fight. Password sharing and the CFAA also came to a head in 2016. The Ninth Circuit issued two troubling decisions in July with reasoning that threatened to criminalize routine password sharing. We filed an amicus brief in both cases, U.S. v. Nosal and Facebook v. Power Ventures, urging the court to reconsider these dangerous holdings en banc. In our briefs, we pointed out how the two decisions, written by two different three-judge panels, were inconsistent not only with each other, but also with CFAA precedent and sound public policy. While the court declined to reconsider either case, both panels revised their decisions, attempting to walk back their holdings by clarifying that the decisions were limited to the “stark” facts before them. They say they really, really didn’t mean to criminalize all password sharing, just the particular instances of password sharing at issue in these cases—where both defendants had received “particularized notice” that the computer owner had “affirmatively revoked” their authorization to access the computers at issue. But because neither panel actually modified the flawed reasoning underlying these opinions, both cases still raise a host of questions about how the CFAA will be applied to password sharing and other types of terms of service violations in the future. We’ll be fighting to ensure that that the CFAA, a law meant to target computer break-ins, is not turned into a mechanism for enforcing terms of service violations across the board, and that these cases are limited to the very specific facts at issue—just as the judges said they should be. We’ll also keep advocating for reform clarifying that the CFAA is not and was never intended to be a massive computer misappropriation statute. We also fended off yet another legislative proposal in 2016 that would have taken CFAA reform in the wrong direction. It was called the Botnet Prevention Act of 2016 and ostensibly directed at stopping botnets. But it was vague, its prohibitions were covered by existing law, and it would have empowered government officials to obtain court orders to force companies to “hack” computer users for a wide range of activity completely unrelated to botnets. Botnet, a portmanteau of “robot” and “network,” refers to a network of private computers or devices infected with malicious software and controlled without the owner’s knowledge. It appears that folks in Congress are worried about botnets. And there is some cause for concern, as illustrated by the Mirari botnet that took over insecure Internet of Things devices and “broke the Internet” in September. But the way to protect against the threat of botnets is by bolstering security research—not by passing yet another vague, fear-based law that would exacerbate the CFAA’s harshness, overbreadth, and confusion, and only further chill the important security research that will keep us all safe. Because some representatives in Congress seem to think that expanding the CFAA is the way to address all of our “cyber” problems, we expect a fight on the horizon against further proposals to make this draconian law worse. Keep your ears open in 2017. We’ll need your help to reign in the CFAA—and to fight back against the same type of fear-based proposals that got us here in the first place. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016.  Like what you're reading? Support digital freedom defense today! donate to EFF Related Cases:  United States v. David Nosal Facebook v. Power Ventures Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

The Patent Troll Abides: 2016 in Review (Di, 27 Dez 2016)
Patent trolls were down but certainly not out in 2016. After a massive burst of litigation at the end of last year, we saw a noticeable drop in patent troll lawsuits at the start of this one. But trolls began returning to court as the year continued and 2016 will likely end with a relatively small overall decline. Consistent with recent trends, troll cases clustered in the Eastern District of Texas. Approximately one in three patent suits were filed in that remote, troll-friendly district, and these suits were almost all filed by companies with no business other than suing for patent infringement. With many of the worst patent suits clustering in Texas, recent reform efforts have focused on requiring that patent suits be brought in forums that have meaningful ties to the dispute. The current regime allows trolls to pick an inconvenient and expensive venue where they can pressure defendants to settle regardless of the merits of the case. We urged Congress to pass the VENUE Act and also filed an amicus brief in a case called TC Heartland v. Kraft, urging the Supreme Court to end forum shopping in patent cases. On December 14, 2016, the Supreme Court agreed to take the case. When it considers the merits of the case next year, we will ask the Supreme Court to loosen the Eastern District of Texas's hold on patent troll litigation. We saw mixed results in the courts this year. The Supreme Court issued a good decision cutting back on out of control damages in design patent cases. Meanwhile, the Federal Circuit issued a very disappointing decision that allows patent owners to undermine ownership by asserting patent rights even after selling a patented good. Fortunately, the Supreme Court has agreed to review that ruling. We will file an amicus brief supporting the fundamental principle that once you buy something, you own it. At EFF, we continued to battle patent trolls in the courts. We responded to the appeal of our successful challenge to Personal Audio’s podcasting patent and are now waiting for a ruling from the Federal Circuit. We filed a lawsuit on behalf of a small business and its owner targeted by one of the most litigious trolls out there. We also worked to bring more transparency to patent litigation. Despite opposition from patent trolls determined to operate in the shadows, we convinced judges in the Eastern District of Texas to unseal important documents in two cases. We also supported a LARP arrow supplier’s First Amendment right to criticize a patent troll. Outside the courts, we launched our Reclaim Invention campaign urging universities not to sell patents to trolls and to focus on commercialization and real partnerships. We held events around the country with university groups and hope to continue to build momentum for the campaign into next year. We also continued to cover the crisis in patent quality with our Stupid Patent of the Month series. Next year may see a backlash against the small improvements the patent system has made recently. Ultimately, we should reward true innovators and not those who game a broken patent system to get vague and overbroad software patents. We will fight hard against any efforts to undermine post-grant review of patents or recent Supreme Court decisions cutting back on abstract patents. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016.   Like what you're reading? Support digital freedom defense today! donate to EFF Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

DRM vs. Civil Liberties: 2016 in Review (Di, 27 Dez 2016)
Imagine a world where your Internet-connected car locks you in at the behest of its manufacturer—or the police. Where your media devices only let you consume mass media, not remix it to publish a counter-narrative or viral meme. Where your phone is designed to report on your movements and communications. Where your kid's toy tells them it's their friend, then talks about how much it loves sponsored products and transmits everything it hears in your home back to its manufacturer. Where your phone stops working if the police or the manufacturer ask it to. Where these backdoors are vulnerable to hacking, so anyone with the right resources can take advantage of them. Now imagine that you could configure your devices to be loyal to you, to stop snitching, to run video publishing software, and to be more secure against hacking, except that the law forbids looking at the code or modifying it. It shouldn't be hard to imagine. These examples are real and the law in question is Section 1201 of the Digital Millennium Copyright Act. Regulators and companies have gravitated towards the power that comes from code-based restrictions on user activity. Your conscience is irrelevant, the legality of what you want to do is irrelevant, your rights are irrelevant; you simply cannot use your device in a way contrary to its programming. Unless you change that programming—or someone inspects the code and warns you about what the device is programmed to do so you can choose an alternative. In July 2016, we sued the federal government to establish your right to do just that: to look at and change the code in your devices and to share the tools needed to do so. Traditional copyright law allowed such modifications; it's only since the 1998 DMCA that your traditional rights have been swallowed up by what amounts to a blanket prohibition on accessing the software in your devices. In our suit, we focus on the First Amendment problems with Section 1201—and there are many. The law directly prohibits protected speech in the form of instructions for how to access restricted code (or other copyrighted works). The law also prevents people from creating their own speech using copyrighted works of others, such as fair use remixes of media or compatible software. Finally, the law includes an unconstitutional regime for the Library of Congress to decide what speech will or will not be permitted every three years. We and the government have both briefed the issues on a preliminary basis, and we await a ruling on whether this case can move forward. In the meantime, we're continuing to push for legislative reform. In October, we sent in comments—supported by 11,000 of you—telling the Copyright Office that Section 1201 needs to change to protect our right to inspect and use the software in our life, and to promote accessibility and free speech. Piecemeal proposals aren't enough, we told them; it's time for a comprehensive overhaul of Section 1201. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016.   Like what you're reading? Support digital freedom defense today! donate to EFF Related Cases:  Green v. U.S. Department of Justice Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen

The Fight to Rein in NSA Surveillance: 2016 in Review (Di, 27 Dez 2016)
It’s been a busy year on a number of fronts as we continue to fight to rein in the National Security Agency’s sweeping surveillance of innocent people. Since the 2013 leaks by former government contractor Edward Snowden, the secretive and powerful agency has been at the top of mind for those thinking about unconstitutional surveillance of innocent Americans and individuals abroad. In 2016 the courts, lawmakers, and others continued to grapple with questions of how much we know about NSA surveillance.  In the Courts Early this year, one of EFF’s key cases in the fight to rein in government surveillance saw fallout from Congress’ 2015 passage of the modest surveillance reform bill, the USA FREEDOM Act, which formally ended a controversial program that collected records about Americans’ phone calls in bulk. In a March decision, the Ninth Circuit Court of Appeals ruled in Smith v. Obama—a case brought by Idaho neonatal nurse Anna Smith challenging the constitutionality of the phone records program—that, because the program was ended by the USA FREEDOM Act, a court could not order the government to stop collecting phone records in bulk. The ruling also sent back to a lower trial court in Idaho the question of whether the U.S. government must delete Smith’s records. We saw progress in another one of EFF’s flagship cases against government surveillance in June, when a federal judge in California gave us the green light to start asking the NSA questions related to Jewel v. NSA, a case challenging the dragnet surveillance of AT&T customers’ communications and communications records. First filed in 2008, Jewel was stymied for years as the U.S. government repeatedly sought to have it thrown out, arguing that our clients did not have standing to bring the case. The government also said that publicly available information was inadequate and could not inform a court about the legality of the NSA’s surveillance but refused to provide any clarity or explanation that would help a court address that question. While we’ve been able to glean considerable information about NSA surveillance through leaks, the work of investigative journalists, and public officials’ statements, we are finally able to pursue discovery and pose questions to the NSA about its surveillance activities over the years. In April, we saw two disappointing actions by the Foreign Intelligence Surveillance Court. First, the court unsealed a ruling from November 2015 that formally approved the FBI to use information collected through the NSA’s warrantless surveillance programs in general criminal investigations.  While we applaud the court’s move to unseal the ruling in the first place, we’re disappointed that this virtually un-appealable decision condones the use of information collected without a warrant—under a sweeping surveillance program for “foreign intelligence” purposes—in domestic criminal investigations. The court also made public a ruling granting the FBI’s request to obtain and retain call records, even if those records were not relevant to an investigation. In the first ruling on call records since the enactment of USA FREEDOM, the court showed how limited the law’s restraints on government surveillance really are. The law requires the government to prove it has “reasonably articulable suspicion” that an “individual, account, or personal device” is relevant to an investigation. But the court ruled that the FBI could obtain not only “first hop” records—or those about a person, device, or account relevant to an investigation—but also the “second hop” records of any person, device, or account that communicated with the first hop, regardless of whether the second hops were relevant to an investigation. The ruling also flew in the face of the USA FREEDOM Act’s requirements that the government promptly destroy call records that are not foreign intelligence related. Instead, the court ruled that the FBI could keep the records for six months and possibly longer. Again, it’s a step in the right direction that the public see these rulings at all, but we are disappointed in the way the court has narrowly applied the already-narrow restraints in the USA FREEDOM Act. Most recently, we saw a troubling decision out of the Ninth Circuit Court of Appeals in the case United States v. Mohamud that further eroded Fourth Amendment protections by allowing the warrantless surveillance of a U.S. citizen under Section 702 of the FISA Amendments Act. The case centered on Mohammed Mohamud, who in 2012 was convicted of plotting to bomb a Christmas tree lighting ceremony and was later notified that he had been subject to Section 702 surveillance. In an amicus brief last year, we argued that the surveillance in this case was unconstitutional because information about Mohamud was “incidentally” collected through a surveillance authority intended to target foreigners and then searched without a warrant, despite Mohamud’s Fourth Amendment protections as an American citizen. We think the Ninth Circuit erred in upholding this warrantless surveillance, effectively signing off on stripping fundamental privacy protections from American citizens who communicate with people abroad. On the Hill Congress started off 2016 particularly attuned to concerns about NSA surveillance after The Wall Street Journal reported at the very tail end of 2015 that the NSA was eavesdropping on phone calls between members of Congress, Israeli officials, and interest groups. This is just one example of the troubling surveillance the NSA conducts under overly broad and often mysterious authorities like Section 702 and Executive Order 12333. Both of those can be used to “target” sweeping groups of people and types of communications. At the time, we pointed out the many other reasons congressional communications could end up in the hands of the NSA—including communicating with officials at the United Nations or discussing trade issues with foreign trading partners—and we urged members of Congress to ask tough questions about how their communications were collected and shared by the NSA. Section 702 is not set to expire until the end of 2017, but Congress started thinking about reauthorizing as early as January, when the House Judiciary Committee announced a closed-door, members only meeting to discuss the surveillance authority. The committee briefly debated—but failed to pass—Section 702 reforms when it considered the USA FREEDOM Act in 2015, and we looked forward to the debate around many much-needed changes to the law. But the closed-door meeting shut out participation from everyone except members of the intelligence community, so we joined two-dozen other organizations in calling on the committee to hold open hearings. A closed meeting “continues the excessive secrecy that has contributed to the surveillance abuses we have seen in recent years and to their adverse effects upon both our civil liberties and economic growth,” we wrote, arguing instead for open hearings to allow input from privacy and civil liberties advocates and promote transparency. Months later, the Senate Judiciary Committee held an open hearing on Section 702, featuring testimony from civil liberties advocates and highlighting crippling knowledge gaps around the law’s implementation, which make it impossible to conduct effective oversight of the surveillance programs. One point driven home during the hearing was the fact that no one—including members of Congress tasked with overseeing these surveillance programs—seems to know how many Americans have their communications swept up by surveillance under Section 702, which is supposed to be aimed at individuals abroad. “When the public lacks even a rough sense of the scope of the government’s surveillance program, they have no way of knowing if the government is striking the right balance, whether we are safeguarding our national security without trampling on our citizens’ fundamental privacy rights,” committee member and vocal privacy advocate Sen. Al Franken said during the hearing. “But the public can’t know if we succeed in striking that balance if they don’t even have the most basic information about our major surveillance programs. The hearing also highlighted concerns about minimization procedures—or steps taken to ensure that irrelevant data about Americans incidentally swept up is deleted—applied to information collected under Section 702. Then-Chairman of the Privacy and Civil Liberties Oversight Board told lawmakers that intelligence officials don’t follow minimization procedures, which call for deletion of information about innocent Americans. “What the Board’s report found is that in fact information is never deleted,” he said. “It sits in the databases for five years, or sometimes longer.” As Congress continues to debate reauthorizing Section 702 ahead of the 2017 deadline, we hope lawmakers will push for more information about how many innocent Americans are impacted by these sweeping programs and what measures, if any, effectively protect their privacy. We suffered a blow on Section 702 surveillance in June when, in the wake of the tragic nightclub shooting in Orlando, surveillance defenders in the House urged members to vote against a previously popular measure to curtail spying on Americans. In past years, the House passed similar measures from Reps. Thomas Massie and Zoe Lofgren to prevent warrantless searches of Americans’ information and keep the intelligence community from undermining encryption, including by an overwhelming 293-123 vote in 2014. But the vote fell short of the needed majority in 2016 after some lawmakers, including House Intelligence Committee Chairman Devin Nunes, launched a campaign against the amendment, dishonestly tying it to the tragedy in Orlando. We noted that the claims that this amendment would somehow stop a warranted search of the Orlando shooter’s communications to see if he was in contact with known terrorists had been debunked, and we encouraged our supporters to voice their concerns about the vote to their representatives in Congress. We stand ready to fight similar misinformation campaigns and scare tactics as the debate continues next year. Looking Abroad The privacy of individuals abroad suffered a setback in 2016 when the European Commission and the U.S. Department of Commerce reached an agreement on a new deal to let companies transfer users’ data across the Atlantic. While many voiced concerns that a new cross-border data deal would pose the same privacy problems as the previous Safe Harbor agreement—which the European Court of Justice threw out in 2015 citing U.S. government surveillance—U.S. and E.U. officials went ahead with a new agreement. We criticized the new Privacy Shield, saying the agreement “will not prevent the collection of hundreds of millions of law abiding Europeans by U.S. intelligence agencies and their partners.” We also noted that the much-lauded Judicial Redress Act—which allows European citizens and others to use the U.S. court system to defend their privacy rights—provides little in the way of actual redress for Europeans’ whose data is swept up in NSA surveillance. We’re waiting to see if European courts reject the new deal like they did the old one. If and when the deal is struck down, we will continue the fight to protect individuals abroad from sweeping surveillance by the NSA. This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016. Like what you're reading? Support digital freedom defense today! donate to EFF Related Cases:  Smith v. Obama Jewel v. NSA Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF
>> mehr lesen