Google in China: Unanswered Questions

It will be a long time before we understand all the ramifications of Google's decision to cease censoring their Chinese services — and the cyber-attack on their corporate and user data that prompted that change of heart. The story is still confusing in parts (Sky Canaves at the WSJ clarifies some of the more muddled reports). Nonetheless some intriguing new details have emerged since the initial announcement — but they raise as many questions as they answer.

Reporting by the New York Times has fleshed out the implication in Google's announcement that the attacks were co-ordinated, or at least conducted with the approval of, Chinese government agencies. And in a detailed analysis, Computer World writes that the security breach included an attack on Google's internal intercept systems, used to comply with requests from United States law enforcement.

Security experts have long warned that systems designed to make compliance with lawful interception more convenient can also create security vulnerabilities of their own. By providing an attractive one stop shop for outside attackers, surveillance compliance systems by their very nature often override the secure compartmentalization of data.

Security breaches that involve lawful interception systems are not new (see the Greek mobile eavesdropping scandal in 2005), and we're sure it will happen again. When a security conscious company like Google can get hit, it is a wake up call to all corporations about the dangers of hosting systems designed to snoop of their customers. What would the agent of a foreign power do with full access to Sprint Nextel's convenient live web interface for GPS location data on its fifty million subscribers?

We know that Google was not the only company targeted by this attack: other names mentioned have included Yahoo, Symantec, Juniper, Northrop Grumman and Dow Chemical. We don't know whether those attacks obtained proprietary information or personal user data. But users of these companies' products are rightfully concerned and we'd hope and expect more public statements that clarify this important difference.

The Obama Administration is also reacting to the Google China news. Secretary Clinton was already booked to make a detailed policy announcement on global Internet freedom next week; the White House has already said it supports Google. But what does government support for a censorship-free Internet look like? Advocacy groups and think-tanks have long suggested that blocking Internet traffic at the border of a country may be a violation of WTO free trade agreements. Foreign Policy runs with the idea, and looks in detail at the idea of "Firewall Protectionism".

If China were attempting to block the import of American tires, instead of American Internet media, would Americans applaud Goodyear and Congress for not putting up a fight against blatant WTO violations?

Reuters also reports that lawmakers are using the Google announcement as impetus for a proposed US law that, among other measures, would require Internet companies to keep records of requests for information from violating countries, and report them to the State department.

Will more United States government involvement in online free speech issues lead to greater international pressure on censorious countries like China? Or will it serve to aggravate US allies who have their own less visible systems of censorship, which as Rebecca MacKinnon notes, now includes traditional allies like France and Italy?

[Permalink]

The World Reacts to The New Facebook

It's been a little over a week since Facebook debuted a massive revamp of its privacy settings. EFF immediately followed that release with a detailed critique, concluding that the changes were "clearly intended to push Facebook users to publicly share even more information than before [and] will actually reduce the amount of control that users have over some of their personal data."

Since then, EFF's criticisms — and those of other vocal privacy advocates like ACLU, CDT, and EPIC — have been echoed throughout the mainstream press and across the web. As a Boston Globe editorial titled "Facebook's Privacy Downgrade" correctly pointed out, "Most people who join Facebook do so because they want to share photos and messages with friends and family, not to expose their lives to the entire world."

Notably, in a testament to the even-handedness of EFF's critique, The Atlantic cited our blog post both in a story collecting negative reactions and in another story collecting positive reactions to the Facebook privacy revamp.

Not to be outdone by the media, Facebook users themselves were also immediately up in arms over the new changes. Negative comments flooded the Facebook Blog and the Facebook Site Governance page. Several of those comments were collected by the San Francisco Chronicle in a story titled "Facebook users speak out against new privacy settings". Meanwhile, unhappy users used Facebook itself to organize opposition to the changes, with new groups being formed to protest the privacy revamp and older groups seeing renewed activity.

The past week's privacy backlash culminated today with the filing of a complaint with the Federal Trade Commission by the Electronic Privacy Information Center (EPIC), joined by several other consumer and privacy groups. In the complaint, EPIC alleges that Facebook's latest privacy changes are deceptive and unfair and asks that the FTC open an investigation and order Facebook to restore to its users the control over their privacy that has been lost in the transition. Considering the many tens of millions of American consumers who use Facebook, we hope and expect that the FTC will seriously consider the important questions raised by today's complaint.

[Permalink]

The Distraction of Transparency: an ACTA News Roundup

Alerted in part by your letters and calls, Senators have begun to express concern over the secrecy and content of ACTA, while the MPAA, RIAA and other established groups rush to reassure them that ACTA — while of course they know nothing of its actual content — will be good for business and that "transparency is a distraction". Once again, it seems like one incumbent subset of the tech, content, and communications sector is banging the drum for ACTA while claiming to speak for creators, consumers, and everyone else affected in those large and increasingly diverse industries.

Meanwhile, from within the negotiations, it seems that the US proposals for an Internet chapter did not receive instant assent from other countries. Inside US Trade (for-pay article here) reports that the negotiators may not have successfully settled on a text for the Internet chapter of ACTA:

At the Nov. 4 to 6 negotiating round of the Anticounterfeiting Trade Agreement (ACTA), ACTA partners reviewed the United States proposal for an Internet chapter but did not agree to adopt the language, sources said.

If pressure from the Senate successfully reveals the provisional ACTA text, what should you expect to see? Public Knowledge's Sherwin Siy has an excellent piece on how dry diplomatic language can hide major IP changes, while Glynn Moody expands on the ratchet effect that occurs when countries decide to "harmonize" enforcement, but refuse to internationalize fair use or copyright exceptions and limitations.

The contrast between those two processes is evident in a current US Copyright Office Consultation on a proposed WIPO Treaty for the Reading Disabled, when the same groups that declared that it would be just fine that ACTA "codify best practices for enforcement" opposed attempts to codify the world's system for the protection of the public interest, such as for copyright exceptions for the blind, visually impaired and those with reading disabilities.

In the U.S. Copyright Office's WIPO treaty consultation, they are claiming that such a harmonization of standard copyright limitations would "begin to dismantle the existing global treaty structure of copyright law, through the adoption of an international instrument at odds with existing, longstanding and well-settled norms." It makes one wonder: would rightsholders be as flippant about the transparency "distraction" if it was the Treaty for the Blind and Visually Impaired that was an executive instrument being negotiated in secret, and not ACTA?

[Permalink]

Fact Check on FOX News' Misleading PATRIOT Act Reporting

Unfortunately, it appears that the only television news network that's been regularly covering the PATRIOT Act renewal process in Congress has been FOX News, and their coverage has seemed a lot more like pro-PATRIOT propaganda than unbiased news reporting. Fortunately, Julian Sanchez of The Cato Institute has been fact-checking them closely, in this detailed blog post and in this illuminating video:

Privacy info. This embed will serve content from youtube.com.

Once you're done watching Sanchez's video, you may also want to check out his roundup of the latest PATRIOT news and analysis from around the web. You should also take a look at — and consider participating in — the Facebook and Twitter activism that's brewing around the Get FISA Right grassroots group.

Finally, if you haven't already, visit our action center to contact your Senators and demand PATRIOT reform!

[Permalink]

More Seek Privacy from Google Book Search Settlement

Concerns about Google Book Search and its potential effects on reader privacy are spreading widely in the wake of the joint action alert issued by EFF and the ACLU of Northern California.

Copyright scholar Pam Samuelson recently investigated the scope of the settlement in an editorial titled "The Audacity of the Google Book Search Settlement," noting that "...Google has negotiated a settlement agreement designed to give it a compulsory license to all books in copyright throughout the world forever."

The massive potential reach of Google's service makes the company's relative silence on privacy all the more problematic. A New York Times editorial praises the potential of more equitable, complete access to the world's knowledge, but cautions against the immense power that Google will then have:

Google could collect data on what books people read and create a dossier of their political views and other information. Google should generally do a better job of showing how it will respect privacy, and [Google Book Search] is no exception.

Libraries are keenly familiar with the fact that intellectual freedom depends on the ability to read books privately -- there is a long-standing tradition of libraries upholding the privacy of patrons and defending against invasive requests for reading histories. The American Library Association recently participated in a panel discussion of the Google Book Search Settlement and expressed concerns about the chilling effects proliferated by a lack of privacy protections:

[Dr. Inouye, Director of the ALA Office for Information Technology Policy,] went on to say that inadequate privacy protections could also produce a chilling effect on intellectual freedom, as users are less likely to explore particular lines of inquiry if they feel uncomfortable with uncertain information gathering techniques employed by Google or the Book Rights Registry. As a contrast to the paltry user privacy protections in the settlement, Inouye noted the extensive sections outlining cumbersome security provisions inserted to make sure rightholders content is secure.

And yesterday, we posted about an NPR story on Google Book Search, which featured author Jonathan Lethem's perspective on privacy's unique role in shaping a reader's relationship with books.

The growing chorus of voices shows that Google must make some serious, concrete commitments to privacy if it wants to adopt the responsibility of serving the world's books. You can join us -- tell Google to build privacy protections in Google Book Search. And if you know authors or publishers that may want to join in the effort to protect reader privacy, tell them to contact us directly at authors@eff.org or review the more detailed information we've put together for authors and publishers.1

1. 1. Authors and publishers may be interested in knowing that they can still participate in the settlement proceeds (that is, get paid based on use of their books in Google Books Products) if they join in the privacy objection and the settlement is ultimately approved.

[Permalink]

News Round-Up: Jewel v. NSA Hearing

On Wednesday, EFF argued in federal court against the government's motion to dismiss Jewel v. NSA, EFF's case seeking to end the dragnet government surveillance of millions of ordinary Americans. EFF lawyers told federal judge Vaughn Walker that the lawsuit cannot be dismissed based on the government's blanket secrecy assertion, as made clear in previous court decisions concerning NSA spying and the CIA's special rendition program, and that the government is not immune against suit for violating federal wiretapping statutes.

The San Francisco Chronicle's coverage of the hearing made note of the Obama administration's defense of the Bush program:

President Obama is adamant about maintaining the secrecy of a wiretapping program authorized by George W. Bush, an administration lawyer told a federal judge in San Francisco on Wednesday.

Obama "does not intend to use the state-secrets privilege to cover up illegal activities," said Justice Department attorney Anthony Coppolino. But in exceptional circumstances, he said, the president will invoke secrecy to protect "the sources and methods of detecting terrorist attacks ... the crown jewel of the United States national security administration."

Coppolino said the administration will cite national security in seeking dismissal of a lawsuit by telephone customers accusing the government of illegally intercepting phone calls and obtaining phone company records.

Wired's Threat Level blog featured this exchange between Judge Walker and Mr. Coppolino:

“What has changed between now and 2006 that suggests I should take a different view of this argument?” Walker asked Coppolino about the government’s state secrets assertion.

Coppolino said Walker should end the case now before it gets to the discovery stage, when the EFF would demand the government turn over classified information.

“The discovery they seek goes right to the heart of the state secrets privilege,” Coppolino responded. “They want to know, is the government engaged in a content dragnet, a communications dragnet.”

PC World covered the hearing as well, noting the government's extreme claims of immunity:

On Wednesday, DoJ lawyer Anthony Coppolino argued that federal laws allow people to sue government employees who leak information, but do not let them sue the government itself. Coppolino added that litigating such cases could put state secrets at risk by exposing details of the government's anti-terrorist programs.

In closing, EFF Legal Director Cindy Cohn reminded the judge that the principal of judicial oversight is at stake in the motion to dismiss: "What the government is arguing is that the president decides what is legal or not." Judge Walker will consider the arguments and deliver a ruling some time in the coming months.

[Permalink]

New Wiretapping Revelations Should Prompt New Action from Congress and the White House

The New York Times story with new revelations of surveillance abuses under the NSA's warrantless wiretapping program is making big news today (Associated Press, Washington Post, Salon,) as well it should. Beyond the allegations of an out-of-control spying program, the story casts new light on last spring's surveillance battle in Congress.

That battle culminated in the passage in July of the FISA Amendments Act, which substantially reformed US surveillance law. The Act's proponents on the left claimed it would "respect the rule of law and the privacy and civil liberties of the American people." Its proponents on the right compared critics to "those who wear tinfoil hats around the house."

In contrast, EFF and others, said that the Act would weaken civil liberties protections and fail to stop surveillance abuses.

Which side do you think turned out to be correct?

It's only nine months later, and we're already starting to hear of the consequences. Here's today's report:

The National Security Agency intercepted private e-mail messages and phone calls of Americans in recent months on a scale that went beyond the broad legal limits established by Congress last year, government officials said in recent interviews.

This is confirmation of what we've been saying all along: That, contrary to the statements of many who supported its passage, last July's legislation has substantially eroded Americans' privacy and only led to further abuse.

The article also provides details of an NSA attempt in 2005 or 2006 "to wiretap a member of Congress, without court approval, on an overseas trip." As EFF and others have pointed out before, allowing the NSA unchecked access to our domestic telecommunications network will inevitably lead to this kind of political abuse.

These revelations underline the need for new action on NSA surveillance abuses, both from Congress and from the White House.

Congress should repeal or reform the FISA Amendments Act, as it has now become undeniable that the checks it set on surveillance power are insufficent and dysfunctional. In addition, Congress should establish a comission or a select committee to fully and publicly investigate the NSA program, past and present.

As for the White House and the DOJ — First, they should do as Senator Feingold recommended earlier today, and waive the state secrets privilege in pending surveillance litigation. Second, they should withdraw their baseless claims of sovereign immunity. These simple actions would clear the way for true accountability through an independent judicial ruling on the legality of the program.

[Permalink]

Jewel v. NSA Roundup: The Media on Obama's Position on State Secrecy and Warrantless Wiretapping

The Obama Administration’s shocking decision to assert Bush-era arguments in its motion to dismiss EFF’s case against the government for warrantless wiretapping, Jewel v. NSA, has been slowly working its way into the mainstream news. We’re still hoping for more coverage, but for now there are several examples of recent reporting that are worth pointing to.

Salon blogger Glenn Greenwald and others in the left blogosphere were on the story early, just as they were throughout the fight over telecom immunity last year. Greenwald declared the Obama position to be worse than Bush:

It is hard to overstate how extremist is the "sovereign immunity" argument which the Obama DOJ invented here in order to get rid of this lawsuit. I confirmed with both ACLU and EFF lawyers involved in numerous prior surveillance cases with the Bush administration that the Bush DOJ had never previously argued in any context that the Patriot Act bars all causes of action for any illegal surveillance in the absence of "willful disclosure." This is a brand new, extraordinarily broad claim of government immunity made for the first time ever by the Obama DOJ -- all in service of blocking EFF's lawsuit against Bush officials for illegal spying.

The Raw Story weighed in on the case, and TPM Muckraker checked in with constitutional scholars Ken Gude, Amanda Frost and Lewis Fisher to see if they agreed with Greenwald’s analysis:

Is it a sweeping power grab by the executive branch, that sets set a broad and dangerous precedent for future cases by asserting that the government has the right to get lawsuits dismissed merely by claiming that state secrets are at stake, without giving judges any discretion whatsoever?

In a word, yes.

But the criticism of the government’s position wasn’t limited to the left side of the blogosphere. Law professor and Volokh Conspiracy blogger Orin Kerr – no friend of Greenwald’s -- called the government's sovereign immunity claim “a terrible argument....The statute just doesn't say that.” And Reagan appointee Bruce Fein at Slate argued that the state secrets privilege claim “wars” with the president’ pledge to “restore the rule of law.” Prompted by the Jewel news, the Atlantic also ran a series of posts on Obama and state secrets, here, here, and here.

As we noted last week, MSNBC’s Keith Olbermann made the story the subject of commentary two nights in a row. On the second night, in addition to interviewing EFF Senior Staff Attorney Kevin Bankston, Olbermann also managed to get House Speaker Nancy Pelosi on tape suggesting that Congress clarify that the PATRIOT Act did not immunize the government as the Obama Administration claims — "it shouldn't be that way," she said.

By the end of the week, Press Secretary Robert Gibbs, facing questions about the government’s claims, highlighted the hypocrisy of the administration’s legal position by claiming that President Obama still believes the Bush administration abused the state secrets privilege — even though President Obama is now using the privilege to try and get cases thrown out of court just as the Bush administration did:

Q: Does the President support the Justice Department's positions in that case?

MR. GIBBS: Yes, absolutely. It's the -- absolutely does. Obviously, these are programs that have been debated and discussed, but the President does support that viewpoint.

Q Before he was elected, the President said that the Bush administration had abused the state secrets privilege. Has he changed his mind?

MR. GIBBS: No. I mean, obviously, we're dealing with some suits, and the President will -- and the Justice Department will make determinations based on protecting our national security.

Q So he still thinks that the Bush administration abused the state secrets privilege?

MR. GIBBS: Yes.

On Friday, Senator Russ Feingold was the first legislator to issue a statement confirming his opposition to the Administration’s state secrets position, hopefully the first such statement of many:

I am troubled that once again the Obama administration has decided to invoke the state secrets privilege in a case challenging the previous administration's alleged misconduct. The Obama administration's action, on top of Congress's mistaken decision last year to give immunity to the telecommunications companies that allegedly participated in the warrantless wiretapping program, will make it even harder for courts to rule on the legality of that program.

All this coverage is a good start. But the government’s claim of immunity from any judicial inquiry into the legality of its spying programs is so sweeping, so unprecedented, and so dangerous to democratic governance that it warrants further coverage, from bloggers and mainstream media alike. We look forward to reading more reports and analysis in coming weeks from our friends in the media on this important issue.

Meanwhile, if you haven't donated to EFF to help us fight back against the wiretapping coverup, now is the time!

[Permalink]

EFF's Kevin Bankston on MSNBC's "Countdown With Keith Olbermann"

Wednesday evening, EFF Senior Staff Attorney Kevin Bankston was a guest on Countdown With Keith Olbermann. He spoke about the Obama Justice Department's recent disappointing arguments in Jewel v NSA.

Privacy info. This embed will serve content from msn.com.

Also notable was House Speaker Nancy Pelosi's appearance on the same program, in which she suggested that Congress clarify that the PATRIOT Act did not immunize the government as the Obama Administration claims — "it shouldn't be that way," she said. We wholeheartedly agree, Madam Speaker.

[Permalink]

Observations from the Three-Strikes Rumor Storm

Earlier this week, reports that ISPs were going to be cooperating with the RIAA's "three strikes" plans triggered alarm bells. Three-strikes proposals to kick customers off the Internet for alleged file-sharing have struggled to find acceptance across the world, so it seemed unusual for American ISPs to be contemplating plans that would result in the termination of paying customers. Major ISPs must have seen the storm clouds of user dissent brewing as well, as AT&T and Comcast quickly issued emphatic denials to the rumors that they were interested in becoming IP enforcers for copyright holders. Though there appears to be no need for immediate concern that you, the customer, could be targeted for disconnection, the rumors and subsequent responses from ISPs reveal important information about the state of play for three strikes, or "graduated response," as the entertainment industry prefers to call it.

The worries began when ISP representatives at a digital music conference talked about cooperating with the RIAA and forwarding copyright infringement notices from the RIAA onwards to customers. Soon after, clarifications came spilling forth: AT&T is participating in the RIAA plan, but the notice-forwarding scheme is a geographically limited trial program that has no punishment component; Comcast has been forwarding notices of alleged infringement for years, but won't be disconnecting users; Cox has been forwarding notices and occasionally limits or disconnects users, but not because of the RIAA.

For now, it seems like most major ISPs are not interested in disconnecting customers' Internet connections at the entertainment industry's request. In a statement, Comcast said, "While we have always supported copyright holders in their efforts to reduce piracy under the Digital Millennium Copyright Act (DMCA), and continue to do so, we have no plans to test a so-called 'three-strikes-and-you're-out' policy." Similarly, an AT&T spokesman told Wired, "We are not suspending or terminating our customers. We are not testing a three-strikes plan."

It's a good thing that ISPs don't seem to be considering customer termination yet, and ISPs are right to suspect that cooperating with the RIAA's desires for three strikes will make them incredibly unpopular with the public. But though there's no specific reason to think that ISPs will escalate to sanctions and termination, we've heard early denials before that turned out to have masked some bad behavior. So, now might be a good time to reiterate that transparency is the best policy -- we shouldn't have to reach the point of protest before learning about ISP policies that affect our rights as users and customers.

The fact that there's an RIAA "program" being architected means that broadband providers are already facing considerable pressure from the music industry to turn on their customers. But from this episode alone, it's clear that all eyes are on the ISPs. They should carefully consider the business consequences of cooperation with the RIAA's whims.

[Permalink]