DMCA Provision Violates Author’s First Amendment Right to Publish Research About Computer Security
Washington, D.C.—The Electronic Frontier Foundation (EFF) asked a court Thursday for an order that would prevent the government from prosecuting its client, security researcher Matthew Green, for publishing a book about making computer systems more secure.
Green is writing a book about methods of security research to recognize vulnerabilities in computer systems. This important work helps keep everyone safer by finding weaknesses in computer code running devices critical to our lives—electronic devices, cars, medical record systems, credit card processing, and ATM transactions. Green’s aim is to publish research that can be used to build more secure software.
But publishing the book, tentatively entitled Practical Cryptographic Engineering, could land Green in jail under an onerous and unconstitutional provision of copyright law. To identify security vulnerabilities in a device he has purchased, Green must work directly with copyrighted computer code, bypassing control measures meant to prevent the code from being accessed. Even though this kind of research is traditionally a “fair use” permitted by copyright law, Digital Millennium Copyright Act (DMCA) Section 1201 threatens criminal and civil penalties— including jail time—for performing it or publishing information about the methods of security research. The exemptions Congress included in the 1998 DMCA to protect security researchers from prosecution are vague, limited, and provide inadequate assurance against the serious legal ramifications of Section 1201 lawsuits—something the government itself has acknowledged.
“Under Section 1201, computer researchers can face serious penalties just for selling a book that would help people build better, more secure computer systems,” said EFF Legal Director Corynne McSherry. “As we explained when we filed a legal challenge to the law in July, such penalties violate the First Amendment and threaten ordinary people for publishing research or even talking about circumventing computer code that’s embedded in nearly everything we own. With the lawsuit underway, we’re asking the court to bar the government from prosecuting Dr. Green so he can publish a book that’s clearly in the public interest.”
“If we want our communications and devices to be secure, we need to protect independent security researchers like Dr. Green,” said EFF Staff Attorney Kit Walsh. “Researchers should be encouraged to educate the public and the next generation of computer scientists. Instead, they are threatened by an unconstitutional law that has come unmoored from its original purpose of addressing copyright infringement. We’re going to court to protect everyone whose speech is squelched by this law, starting with Dr. Green and his book.”
EFF filed the Section 1201 lawsuit and Thursday's request for a court order with co-counsel Brian Willen, Stephen Gikow, and Lauren Gallo White of Wilson Sonsini Goodrich & Rosati.
For the motion for preliminary injunction:
For more about this case:
Monday Hearing in Lawsuit Against Public.Resource.Org
Update: This hearing will be held at 9:00 am. In an order issued Friday, the court rescheduled arguments in the case for 9:00 am.
Washington, D.C.—On Monday, September 12, Electronic Frontier Foundation (EFF) Legal Director Corynne McSherry will urge a federal court to confirm that the public has a right to access and share the laws, regulations, and standards that govern us and cannot be blocked by overbroad copyright claims.
The court in Washington, D.C., is hearing arguments in two cases against EFF client Public.Resource.Org, an open records advocacy website. In these suits, several industry groups claim they own copyrights on written standards for building safety and educational testing they helped develop, and can deny or limit public access to them even after the standards have become part of the law. Standards like these that are legal requirements—such as the National Electrical Code—are available only in paper form in Washington, D.C., in expensive printed books, or through a paywall. By posting these documents online, Public.Resource.Org seeks to make these legal requirements more available to the public that must abide by them. The industry groups allege the postings infringe their copyright, even though the standards have been incorporated into government regulations and, therefore, must be free for anyone to view, share, and discuss.
McSherry and co-counsel Andrew Bridges at Fenwick & West will argue at the hearing that our laws belong to all of us and private organizations shouldn’t be allowed to abuse copyright to control who can read, excerpt, or share them. They will be assisted by EFF Senior Staff Attorney Mitch Stoltz and Fenwick & West Associate Matthew Becker.
Hearing in ASTM v. Public.Resource.org and AERA v. Public.Resource.org
EFF Legal Director Corynne McSherry
Monday, September 12, 9:00 am
Courtroom 2, 2nd Floor
U.S. District Court for the District of Columbia
333 Constitution Ave. N.W.
Washington, D.C. 20001
Ignoring Duty to Provide Notice When Invading Users’ Privacy Is Unconstitutional
Seattle, Washington—The Electronic Frontier Foundation (EFF) told a federal court today that the government is violating the U.S. Constitution when it fails to notify people that it has accessed or examined their private communications stored by Internet providers in the cloud.
EFF is supporting Microsoft in its lawsuit challenging portions of the Electronic Communications Privacy Act (ECPA) that allow the Department of Justice (DOJ) to serve a warrant on the company to get access to customers’ emails and other information stored on remote servers—all without telling users their data is being searched or seized. In a brief filed in Microsoft v. Department of Justice in U.S. District Court in Seattle, EFF, joined by Access Now, New America’s Open Technology Institute, and legal scholar Jennifer Granick, said Fourth Amendment protections against unreasonable searches and seizures by the government apply to all of our information—no matter what the format or where it’s located.
“Whether the government has a warrant to rifle through our mail, safety deposit boxes, or emails stored in the cloud, it must notify people about the searches,” said EFF Senior Staff Attorney Lee Tien. “When electronic searches are done in secret, we lose our right to challenge the legality of law enforcement invasions of privacy. The Fourth Amendment doesn’t allow that, and it’s time for the government to step up and respect the Constitution.”
Microsoft sued DOJ earlier this year challenging ECPA provisions enacted 30 years ago, long before the emergence of ubiquitous cloud computing that now plays a vital role in the storage of private communications. The government has used the transition to cloud computing as an opening to conduct secret electronic investigations by serving search warrants on Internet service providers seeking users’ emails, the lawsuit says. The government, which wants the case thrown out, doesn’t let account holders know their data is being accessed because of the unconstitutional ECPA provision, while service providers like Microsoft are gagged from telling customers about the searches.
“When people kept personal letters in a desk drawer at home, they knew if that information was about to be searched because the police had to knock on their door and show a warrant,” said EFF Staff Attorney Sophia Cope. “The fact that today our private emails are kept on a server maintained by an Internet company doesn’t change the government’s obligations under the Fourth Amendment. The Constitution requires law enforcement to tell people they are the target of a search, which enables them to vindicate their rights and provides a free society with a crucial means of government accountability.”
EFF thanks Seattle attorney Venkat Balasubramani of FocalLaw P.C. for his assistance as local counsel.
About this case:
Copyright Holders Must Be Held Accountable For Baseless Takedown Notices
Washington, D.C.—The Electronic Frontier Foundation (EFF) today filed a petition on behalf of its client Stephanie Lenz asking the U.S. Supreme Court to ensure that copyright holders who make unreasonable infringement claims can be held accountable if those claims force lawful speech offline.
Lenz filed the lawsuit that came to be known as the “Dancing Baby” case after she posted—back in 2007—a short video on YouTube of her toddler son in her kitchen. The 29-second recording, which Lenz wanted to share with family and friends, shows her son bouncing along to the Prince song "Let's Go Crazy," which is heard playing in the background. Universal Music Group, which owns the copyright to the Prince song, sent YouTube a notice under the Digital Millennium Copyright Act (DMCA), claiming that the family video was an infringement of the copyright.
EFF sued Universal on Lenz’s behalf, arguing that the company’s claim of infringement didn’t pass the laugh test and was just the kind of improper, abusive DMCA targeting of lawful material that so often threatens free expression on the Internet. The DMCA includes provisions designed to prevent abuse of the takedown process and allows people like Lenz to sue copyright holders for bogus takedowns.
The San Francisco-based U.S. Court of Appeals for the Ninth Circuit last year sided in part with Lenz, ruling that that copyright holders must consider fair use before sending a takedown notice. But the court also held that copyright holders should be held to a purely subjective standard. In other words, senders of false infringement notices could be excused so long as they subjectively believed that the material they targeted was infringing, no matter how unreasonable that belief. Lenz is asking the Supreme Court to overrule that part of the Ninth Circuit’s decision to ensure that the DMCA provides the protections for fair use that Congress intended.
“Rightsholders who force down videos and other online content for alleged infringement—based on nothing more than an unreasonable hunch, or subjective criteria they simply made up—must be held accountable,” said EFF Legal Director Corynne McSherry. “If left standing, the Ninth Circuit’s ruling gives fair users little real protection against private censorship through abuse of the DMCA process.”
For more on Lenz v. Universal:
Ceremony for Honorees on September 21 in San Francisco
San Francisco - The Electronic Frontier Foundation (EFF) is pleased to announce the distinguished winners of the 2016 Pioneer Awards: Malkia Cyril of the Center for Media Justice, data protection activist Max Schrems, the authors of the “Keys Under Doormats” report that counters calls to break encryption, and the lawmakers behind CalECPA—a groundbreaking computer privacy law for Californians.
The award ceremony will be held the evening of September 21 at Delancey Street’s Town Hall Room in San Francisco. The keynote speaker is award-winning investigative journalist Julia Angwin, whose work on corporate invasions of privacy has uncovered the myriad ways companies collect and control personal information. Her recent articles have sought to hold algorithms accountable for the important decisions they make about our lives. Tickets are $65 for current EFF members, or $75 for non-members.
Malkia A. Cyril is the founder and executive director of the Center for Media Justice and co-founder of the Media Action Grassroots Network, a national network of community-based organizations working to ensure racial and economic justice in a digital age. Cyril is one of few leaders of color in the movement for digital rights and freedom, and a leader in the Black Lives Matter Network—helping to bring important technical safeguards and surveillance countermeasures to people across the country who are fighting to reform systemic racism and violence in law enforcement. Cyril is also a prolific writer and public speaker on issues ranging from net neutrality to the communication rights of prisoners. Their comments have been featured in publications like Politico, Motherboard, and Essence Magazine, as well as three documentary films. Cyril is a Prime Movers fellow, a recipient of the 2012 Donald H. McGannon Award for work to advance the roles of women and people of color in the media reform movement, and won the 2015 Hugh Hefner 1st Amendment Award for framing net neutrality as a civil rights issue.
Max Schrems is a data protection activist, lawyer, and author whose lawsuits over U.S. companies’ handling of European Union citizens’ personal information have changed the face of international data privacy. Since 2011 he has worked on the enforcement of EU data protection law, arguing that untargeted wholesale spying by the U.S. government on Internet communications undermines the EU’s strict data protection standards. One lawsuit that reached the European Court of Justice led to the invalidation of the “Safe Harbor” agreement between the U.S. and the EU, forcing governments around the world to grapple with the conflict between U.S. government surveillance practices and the privacy rights of citizens around the world. Another legal challenge is a class action lawsuit with more than 25,000 members currently pending at the Austrian Supreme Court. Schrems is also the founder of “Europe v Facebook,” a group that pushes for social media privacy reform at Facebook and other companies, calling for data collection minimization, opt-in policies instead of opt-outs, and transparency in data collection.
The “Keys Under Doormats” report has been central to grounding the current encryption debates in scientific realities. Published in July of 2015, it emerged just as calls to break encryption with “backdoors” or other access points for law enforcement were becoming pervasive in Congress, but before the issue came into the global spotlight with the FBI’s efforts against Apple earlier this year. “Keys Under Doormats” both reviews the underlying technical considerations of the earlier encryption debate of the 1990s and examines the modern systems realities, creating a compelling, comprehensive, and scientifically grounded argument to protect and extend the availability of encrypted digital information and communications. The authors of the report are all security experts, building the case that weakening encryption for surveillance purposes could never allow for any truly secure digital transactions. The “Keys Under Doormats” authors are Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, and Daniel J. Weitzner. Work on the report was coordinated by the MIT Internet Policy Research Initiative.
CalECPA—the California Electronic Communications Privacy Act—is a landmark law that safeguards privacy and free speech rights. CalECPA requires that a California government entity gets a warrant to search electronic devices or compel access to any electronic information, like email, text messages, documents, metadata, and location information—whether stored on the electronic device itself or online in the “cloud.” CalECPA gave California the strongest digital privacy law in the nation and helps prevent abuses before they happen. In many states without this protection, police routinely claim the authority to search sensitive electronic information about who we are, where we go, and what we do—without a warrant. CalECPA was introduced by California State Senators Mark Leno (D-San Francisco) and Joel Anderson (R-Alpine), who both fought for years to get stronger digital privacy protections for Californians. Leno has been a champion of improved transportation, renewable energy, and equal rights for all, among many other issues. Anderson regularly works across party lines to protect consumer privacy in the digital world.
“We are honored to announce this year’s Pioneer Award winners, and to celebrate the work they have done to make communications private, safe, and secure,” said EFF Executive Director Cindy Cohn. “The Internet is an unprecedented tool for everything from activism to research to commerce, but it will only stay that way if everyone can trust their technology and the systems it relies on. With this group of pioneers, we are building a digital future we can all be proud of.”
Awarded every year since 1992, EFF’s Pioneer Awards recognize the leaders who are extending freedom and innovation on the electronic frontier. Previous honorees have included Aaron Swartz, Citizen Lab, Richard Stallman, and Anita Borg.
Sponsors of the 2016 Pioneer Awards include Adobe, Airbnb, Dropbox, Facebook, and O’Reilly Media.
To buy tickets to the Pioneer Awards:
Consumers Need Warning If Movies, Music, Games Restrict When and How They Are Used
San Francisco - The Electronic Frontier Foundation (EFF) and a coalition of consumer groups, content creators, and publishers asked the Federal Trade Commission (FTC) today to require online retailers to label the ebooks, songs, games, and apps that come with digital locks restricting how consumers can use them.
In a letter sent to the FTC today, the coalition said companies like Amazon, Google, and Apple have a duty to inform consumers if products for sale are locked with some kind of "digital rights management" or DRM. Companies use DRM to purportedly combat copyright infringement, but DRM locks can also block you from watching the movie you bought in New York when you go to Asia on vacation, or limit which devices can play the songs you purchased.
"Without DRM labeling, it’s nearly impossible to figure out which products have digital locks and what restrictions these locks impose," said EFF Special Advisor Cory Doctorow. "We know the public prefers DRM-free e-books and other electronic products, but right now buyers are in the dark about DRM locks when they go to make purchases online. Customers have a right to know about these restrictions before they part with their money, not after."
The letter is accompanied by a request that the FTC investigate and take action on behalf of consumers who find themselves deprived of the enjoyment of their property every day, due to a marketplace where products limited by DRM are sold without adequate notice. The request details the stories of 20 EFF supporters who bought products—ebooks, videos, games, music, devices, even a cat-litter box—that came with DRM that caused them grief. They report that DRM left them with broken, orphaned, or useless devices and in some cases even incapacitated other devices.
The FTC oversees fair packaging and labeling rules that are supposed to prevent consumers from being deceived and facilitate value comparisons. Today’s letter argues that the FTC should require electronic sellers to use a simple, consistent, and straightforward label about DRM locks for digital media. For example, "product detail" lists—which appear on digital product pages and disclose such basic information as serial number, file size, publisher, and whether certain technological features are enabled—should include a category stating whether a product is DRM-free or DRM-restricted. The latter designation should include a link to a clear explanation of the restrictions imposed on the product.
"The use of DRM is controversial among creators, studios, and audiences. What shouldn’t be controversial is the right of consumers to know which products have DRM locks. If car companies made vehicles that only drove on certain streets, they’d have to disclose this to consumers. Likewise, digital media products with DRM restrictions should be clearly labeled," said Doctorow.
Signers of today’s letter include the Consumer Federation of America, Public Knowledge, the Free Software Foundation, McSweeney’s, and No Starch Press.
For the full letter to the FTC about labeling:
For the full letter to the FTC with the stories of people who've been harmed by DRM they weren't informed of:https://www.eff.org/files/2016/08/06/eff_request_for_investigation_re_labeling_drm-limited_products.pdf
Editors Who Exposed Corruption, Political Opponents of Authoritarian Government’s President, and Their Legal Teams Were Sent Malware
San Francisco—Journalists and political activists critical of Kazakhstan’s authoritarian government, along with their family members, lawyers, and associates, have been targets of an online phishing and malware campaign believed to be carried out on behalf of the government of Kazakhstan, according to a new report by the Electronic Frontier Foundation (EFF).
Malware was sent to Irina Petrushova and Alexander Petrushov, publishers of the independent newspaper Respublika, which was forced by the government of Kazakhstan to stop printing after years of exposing corruption but has continued to operate online. Also targeted are family members and attorneys of Mukhtar Ablyazov, co-founder and leader of opposition party Democratic Choice of Kazakhstan, as well as other prominent dissidents.
The campaign—which EFF has called “Operation Manul,” after endangered wild cats found in the grasslands of Kazakhstan—involved sending victims spearphishing emails that tried to trick them into opening documents which would covertly install surveillance software capable of recording keystrokes, recording through the webcam, and more. Some of the software used in the campaign is commercially available to anyone and sells for as little as $40 online.
Spearphishing emails and malware sent to members of the Ablyazov family while they were in exile in Italy may have helped track the whereabouts of Mukhtar Ablyazov’s wife and young daughter. Despite having legal European resident permits, the two were taken into custody in Italy in 2013 and forcibly deported to Kazakhastan. Many targets of the malware campaign are also involved in litigation with the government of Kazakhstan, including the publishers of Respublika noted above. EFF represented Respublika in a U.S. lawsuit during the course of which the government has attempted to censor the site and discover Respublika’s confidential sources
Kazakhstan is a former Soviet republic that heavily restricts freedom of speech and assembly, and where torture is a serious problem, according to Human Rights Watch. The republic was ranked 160 out of 180 countries tracked by Reporters Without Borders for attacks on journalistic freedom and independence.
“The use of malware to spy on and intimidate dissidents beyond their borders is an increasingly common tactic employed by oppressive governments,” said Eva Galperin, Global Policy Analyst at EFF and one of the report’s authors. “As we have seen in places like Syria and Vietnam, journalists and political opposition leaders are being attacked in both the physical and digital worlds. Regimes are turning to covertly installed malware to track, harass, and silence those who seek to expose corruption and inform the public about human rights abuses—especially targets that have moved beyond the regime's sphere of control. Based on available evidence, we believe this campaign is likely to have been carried out on behalf of the government of Kazakhstan.”
EFF researchers, along with technologists at First Look Media and Amnesty International, examined data about suspected espionage groups and found overlaps between Operation Manul and Appin Security Group, an Indian company that has been linked with several other attack campaigns.
“Appin has been linked by cybersecurity firm Norman Shark to cyber-attacks against a Norwegian telecom company, Punjabi separatists, and others," said EFF Staff Technologist Cooper Quintin. “We found that some of the technology infrastructure used in those cyber attacks overlapped with the infrastructure used in Operation Manul. “
“Our research shows that such cheap, commercially available malware can have a real impact on vulnerable populations,” said Galperin. “Much of the past research in this area has exposed campaigns carried out by governments using spy software which they have purchased. In this case, the evidence suggests that the government of Kazakhstan hired a company to carry out the attacks on their behalf.”
Thursday Hearing in EFF’s Case Against Patent That Threatened Podcasting
Washington, D.C.—The Electronic Frontier Foundation (EFF) will urge a federal appeals court at a hearing Thursday to find that the U.S. Patent and Trademark Office (USPTO) correctly invalidated key claims of a patent owned by Personal Audio, which had used the patent to threaten podcasters big and small.
EFF is defending a USPTO ruling it won last year in its petition challenging the validity of key claims of Personal Audio’s patent. EFF argued, and the USPTO agreed, that the claimed invention existed before Personal Audio filed its patent application.
Personal Audio maintained that it invented the process of updating a website regularly with new, related content creating a series of episodes—basically podcasting—in 1996. Personal Audio began sending letters to podcasters in 2013, demanding licensing fees from creators such as comedian Adam Carolla and three major television networks. In its challenge to the patent, EFF showed that putting a series of episodes online for everyone to enjoy was not a new idea when the patent application was filed.
Personal Audio asked the U.S. Court of Appeals for the Federal District in Washington D.C. to overturn the USPTO ruling. At a hearing on Thursday, EFF's pro bono counsel will ask the court to reject Personal Audio’s argument that the USPTO erred when it invalidated the patent claims.
What: Court hearing in Personal Audio LLC v. Electronic Frontier Foundation
When: Thursday, August 4, 10 am
Where: U.S. Court of Appeals for the Federal Circuit
Courtroom 401, Panel J
717 Madison Place, N.W.
Washington, D.C. 20439
For more on EFF’s Personal Audio challenge:
Future of Technology and How It’s Used Is At Stake
Washington D.C.—The Electronic Frontier Foundation (EFF) sued the U.S. government today on behalf of technology creators and researchers to overturn onerous provisions of copyright law that violate the First Amendment.
EFF’s lawsuit, filed with co-counsel Brian Willen, Stephen Gikow, and Lauren Gallo White of Wilson Sonsini Goodrich & Rosati, challenges the anti-circumvention and anti-trafficking provisions of the 18-year-old Digital Millennium Copyright Act (DMCA). These provisions—contained in Section 1201 of the DMCA—make it unlawful for people to get around the software that restricts access to lawfully-purchased copyrighted material, such as films, songs, and the computer code that controls vehicles, devices, and appliances. This ban applies even where people want to make noninfringing fair uses of the materials they are accessing.
Ostensibly enacted to fight music and movie piracy, Section 1201 has long served to restrict people’s ability to access, use, and even speak out about copyrighted materials—including the software that is increasingly embedded in everyday things. The law imposes a legal cloud over our rights to tinker with or repair the devices we own, to convert videos so that they can play on multiple platforms, remix a video, or conduct independent security research that would reveal dangerous security flaws in our computers, cars, and medical devices. It criminalizes the creation of tools to let people access and use those materials.
Copyright law is supposed to exist in harmony with the First Amendment. But the prospect of costly legal battles or criminal prosecution stymies creators, academics, inventors, and researchers. In the complaint filed today in U.S. District Court in Washington D.C., EFF argues that this violates their First Amendment right to freedom of expression.
“The creative process requires building on what has come before, and the First Amendment preserves our right to transform creative works to express a new message, and to research and talk about the computer code that controls so much of our world,” said EFF Staff Attorney Kit Walsh. “Section 1201 threatens ordinary people with financial ruin or even a prison sentence for exercising those freedoms, and that cannot stand.”
EFF is representing plaintiff Andrew “bunnie” Huang, a prominent computer scientist and inventor, and his company Alphamax LLC, where he is developing devices for editing digital video streams. Those products would enable people to make innovative uses of their paid video content, such as captioning a presidential debate with a running Twitter comment field or enabling remixes of high-definition video. But using or offering this technology could run afoul of Section 1201.
“Section 1201 prevents the act of creation from being spontaneous,’’ said Huang. “Nascent 1201-free ecosystems outside the U.S. are leading indicators of how far behind the next generations of Americans will be if we don’t end this DMCA censorship. I was born into a 1201-free world, and our future generations deserve that same freedom of thought and expression.”
EFF is also representing plaintiff Matthew Green, a computer security researcher at Johns Hopkins University who wants to make sure that we all can trust the devices that we count on to communicate, underpin our financial transactions, and secure our most private medical information. Despite this work being vital for all Americans' safety, Green had to seek an exemption from the Library of Congress last year for his security research.
“The government cannot broadly ban protected speech and then grant a government official excessive discretion to pick what speech will be permitted, particularly when the rulemaking process is so onerous,” said Walsh. “If future generations are going to be able to understand and control their own machines, and to participate fully in making rather than simply consuming culture, Section 1201 has to go.”
For the complaint:
Iris Scans, Palm Prints, Face Recognition Data, and More Collected From Millions of Innocent Citizens
San Francisco—The FBI, which has created a massive database of biometric information on millions of Americans never involved in a crime, mustn’t be allowed to shield this trove of personal information from Privacy Act rules that let people learn what data the government has on them and restrict how it can be used.
The Electronic Frontier Foundation (EFF) filed comments today with the FBI, on behalf of itself and six civil liberties groups, objecting to the agency’s request to exempt the Next Generation Identification (NGI) database from key provisions of federal privacy regulations that protect personal data from misuse and abuse. The FBI has amassed this database with little congressional and public oversight, failed for years to provide basic information about NGI as required by law, and dragged its feet to disclose—again, as required by law—a detailed description of the records and its policies for maintaining them. Now it wants to be exempt from even the most basic notice and data correction requirements.
NGI includes prints and face recognition data from millions of everyday people who’ve committed no crime but have had their biometric data collected when they needed a background check for a job, applied for welfare benefits, registered for immigration, or obtained state licenses to be a teacher, realtor, or dentist. For example, NGI holds millions of photographs searchable through facial recognition and accessible by 20,000 foreign, federal, state, and municipal-level law enforcement agencies.
The public’s understanding of the FBI’s collection of biometric information is only now coming to light because the agency has been less than forthcoming about its data gathering. In June, the Government Accountability Office published an exhaustive report revealing that the FBI has access to hundreds of millions more photos of Americans than we ever thought and has been hiding that from the public in violation of federal and agency laws for years. Previously, many believed that NGI just contained criminal case records such as fingerprints and mug shots collected during arrests.
“The FBI has sidestepped the Privacy Act as it has expanded NGI, essentially saying ‘just trust us’ with highly personal and private data,” said EFF Senior Staff Attorney Jennifer Lynch. “But the FBI hasn’t proved itself to be worthy of the public’s trust. Exempting NGI from the Privacy Act will eliminate our rights to access our own records and take action against the government when it make mistakes with that data. The Privacy Act is only the barest of protection for Americans, but the FBI wants to escape from even that basic responsibility.”
The FBI refuses to recognize accuracy is an issue with face recognition or to publish any data on NGI’s accuracy rates. However, research has shown that face recognition misidentifies African Americans, ethnic minorities, women, and young people at higher rates than whites and men. This means that potential errors within NGI will likely impact people of color more frequently, especially because FBI databases include a disproportionate number of African Americans, Latinos and immigrants, thanks to well-documented racial bias among law enforcement.
This is why it’s particularly important that people be able to use the Privacy Act to learn about NGI—it ensures that people can access records the FBI has on them and allows them to take the FBI to court, if needed, to correct any inaccurate information.
“Over 2,000 Americans have signed an EFF petition objecting to the FBI’s exemption proposal, including the vague, incomplete explanation of how the FBI is maintaining our private records,” said Lynch. “Our message to the FBI is that citizens deserve the right to know what information it has on them, and the bureau must be obligated to correct inaccurate data. Its attempt to skirt these rules must be rejected.”
EFF was joined in its comments by American Civil Liberties Union, Advocacy for Principled Action in Government, Council on Arab-Islamic Relations (CAIR), Fight for the Future, National Immigration Law Center, and National Immigration Project of the National Lawyers Guild.
For our comments:
Changes to Rule 41 Will Greatly Increase Law Enforcement Hacking, Surveillance
San Francisco—The Electronic Frontier Foundation (EFF), the Tor Project, and dozens of other organizations are calling today on citizens and website operators to take action to block a new rule pushed by the U.S. Justice Department that would greatly expand the government’s ability to hack users’ computers and interfere with anonymity on the web.
EFF and over 40 partner organizations are holding a day of action for a new campaign—noglobalwarrants.org—to engage citizens about the dangers of Rule 41 and push U.S. lawmakers to oppose it. The process for updating these rules—which govern federal criminal court processes—was intended to deal exclusively with procedural issues. But this year a U.S. judicial committee approved changes in the rule that will expand judicial authority to grant warrants for government hacking.
“The government is attempting to use a process designed for procedural changes to expand its investigatory powers,” said EFF Activism Director Rainey Reitman. “Make no mistake: these changes to Rule 41 will result in a dramatic increase in government hacking. The government is trying to avoid scrutiny and sneak these new powers past the public and Congress through an obscure administrative process.”
Right now, Rule 41 only authorizes federal magistrate judges to issue warrants to conduct searches in the judicial district where the magistrate is located. The new Rule 41 would for the first time authorize magistrates to issue warrants when “technological means,” like Tor or virtual private networks (VPNs), are obscuring the location of a computer. In these circumstances, the rule changes would authorize warrants to remotely access, search, seize, or copy data on computers, wherever in the world they are located.
“Tor users worldwide could be affected by these new rules,” said Kate Krauss, Director of Public Policy and Communications for the Tor Project. “Tor is used by journalists, members of Congress, diplomats, and human rights activists who urgently need its protection to safeguard their privacy and security—but these rules will give the Justice Department new authority to snoop into their computers."
The changes to Rule 41 would also take the unprecedented step of allowing a court to issue a warrant to hack into the computers of innocent Internet users who are themselves victims of a botnet, EFF and its partners said in a letter to members of Congress today.
EFF and its partners launched noglobalwarrants.org, a campaign page outlining problems with the changes to Rule 41 and listing over 40 Internet companies, digital privacy providers, and public interest groups that support the project. The coalition is asking website owners to embed on their sites unique code that will display a banner allowing people to email members of Congress or sign a petition opposing Rule 41. The groups are also calling on citizens to speak out against Rule 41 on social media and blogs. The aim is to send a message to Congress that it should not authorize this expansion of government hacking and must reject Rule 41 changes.
For the coalition letter:
‘Total Profits’ Damage Awards For Infringing Design Patents Are Excessive, Unfair
Washington, D.C.—The Electronic Frontier Foundation (EFF) asked the U.S. Supreme Court today to reverse a ruling that required Samsung to pay Apple all the profits it earned from smartphones that infringed three basic design patents owned by the iPhone maker.
The $399-million damage award against Samsung, upheld by the United States Court of Appeals for the Federal Circuit in the Apple v. Samsung patent lawsuit, should be thrown out, EFF told the court in an amicus brief filed today with Public Knowledge and The R Street Institute. Forcing defendants to give up 100% of their profits for infringing designs that may only marginally contribute to a product’s overall look and functionality will encourage frivolous lawsuits and lead to excessive damage awards that will raise prices for consumers and deter innovation.
The smartphone design patents at issue in the case include a black rectangular front face with round corners, another for a similar face with a rim and a colorful grid of 16 icons.
"The patent system is supposed to offer fair reward for inventors, not excessive, unfair compensation that threatens our access to technology,” said Vera Ranieri, EFF Staff Attorney. "Such massive windfalls for patent holders will encourage more frivolous lawsuits."
A jury in 2012 held that Samsung’s phones infringed Apple’s utility and design patents; Apple was originally granted $1.05 billion in damages—that amount was later reduced. Samsung appealed to the Federal Circuit, which interpreted, wrongly EFF asserts, that under the Patent Act patent owners are entitled to the entire profit from products that use the patented design. Samsung, EFF, and other technology companies and public interest groups sought and won Supreme Court review of the case.
A more balanced alternative to the improper "winner takes all" approach adopted by the Federal Circuit would be to base damages on how much the infringing designs contributed to the overall value of the smartphones Samsung sold, EFF said.
If the Federal Circuit’s decision is allowed to stand it will create incentives for more design patent lawsuits to flood the courts. Any product or technology that may infringe on a design patent—regardless of whether the infringed design contributes just 1% of the value of a complex product and or whether the patent was intentionally infringed—could trigger the “total profit” rule and allow the patent holder claim 100% of all the profits from the product.
"The Federal Circuit’s reading of the Patent Act was flawed, and we’re asking the Supreme Court to adopt an interpretation that more appropriately balances the interests of patent holders, the industry, and the public," said Ranieri. "There’s good reason to believe that the Federal Circuit’s interpretation will create a cottage industry of abusive patent lawsuits that will enrich clever lawyers at the expense of the public."
Serial Troll Tries To Extort Money From Mail-Order Business with Frivolous Infringement Claims
West Palm Beach, Florida—The Electronic Frontier Foundation (EFF) filed a lawsuit today against a well-known patent troll that tried to shake down a small business owner for tens of thousands of dollars on bogus claims of infringement on patents that were never used and were expired or invalid.
Defendant Shipping & Transit LLC has filed hundreds of lawsuits asserting frivolous patent infringement claims as part of its business model to intimidate and extort money from people, EFF alleged in a complaint filed with co-counsel Julie Turner of California-based Turner Boyd and Matthew Sarelson with Miami-based Kaplan Young & Moll Parrón. Shipping & Transit sends out letters accusing businesses of patent infringement and demanding thousands of dollars to license the patents or settle the matter. It then routinely sues those who don’t pay up to extort “nuisance value” settlements.
In a lawsuit filed in the U.S. District Court for the Southern District of Florida, EFF is representing Jason Cugle, who last year began running a small business selling accessories for electronic cigarettes. Cugle, a Maryland resident, received a letter accusing his company and website (Triple7vaping.com) of violating Shipping & Transit’s patents, which relate to ideas for monitoring and reporting the status of delivery vehicles. Cugle simply sent customer shipments through the U.S. Postal Service (USPS) and manually emailed each customer a message saying the package had been shipped and providing the USPS tracking number. Florida-based Shipping & Transit claims its patents cover a variety of methods of notifying people when a vehicle is about to reach its destination, including Cugle’s.
“The claims are absurd. Not only did three of the four patents expire two years before Mr. Cugle started his mail order business, they are not valid in the first place and he hasn’t infringed anything,” said EFF Staff Attorney Vera Ranieri. “What is worse, Shipping & Transit tried to force Mr. Cugle to sign a vaguely-worded affidavit swearing that he wasn’t using ‘monitoring systems’ and threatened him with a document that made it look like there was a lawsuit against him, though the complaint wasn’t filed in any court. These are the tactics of patent trolls who hope to intimidate and bully innocent people and businesses into paying them money to avoid the high costs of a lawsuit.”
Shipping & Transit used to be known as ArrivalStar, a notorious patent troll that sued towns and cities claiming that notifying citizens when a bus was due to arrive infringed its patents.
“Filing complaints in bad faith, asserting infringement of unenforceable patents, falsely accusing people of infringing, and abusing the court system to wrangle settlements out of people violate Maryland law,” said Ranieri. “We are asking the court to hold Shipping & Transit accountable for its improper tactics, and also rule that the patents aren’t valid and were not infringed. Shipping & Transit’s baseless patent infringement claims and shady tactics must be stopped.”
For the complaint:
Broadband Providers Have Unique Ability to Spy on Customers
San Francisco - The Electronic Frontier Foundation (EFF) urged the Federal Communications Commission (FCC) today to update privacy rules to prevent broadband Internet access service providers from recording and sharing their customers’ every move online.
EFF’s comments are part of the FCC’s rulemaking on consumer privacy and telecommunications services. As broadband providers are uniquely positioned to track every communication and activity—often in real time—the FCC is proposing to update current telecom policy to protect the privacy and security of consumers.
As part of this update, EFF calls on the FCC to enact rules that clearly protect customers’ confidentiality, curtailing data collection to only what is needed to provide Internet access. The current FCC plan includes a tiered consent system, allowing for “implied approval” for sharing personal information, as well as some “opt-in” and “opt-out” sharing. But “implied approval” amounts to treating “no approval” as “approval.” That opens the door to scores of other companies getting information about your online activities without your consent.
“Many decisions about what to do with personal data are done behind customers’ backs, exposing their information to marketers and data brokers without any transparency in the process,” said EFF Staff Technologist Jeremy Gillula. “To protect privacy, you have to have true consent, along with clear data sharing policies and retention and deletion practices. We are asking the FCC to make sure that customers have real control, instead of just an illusion of it.”
Furthermore, EFF advised the FCC to prohibit broadband companies from offering financial inducements in exchange for consent to collect and share personal information.
“Privacy isn’t just for people who can afford it,” said EFF Legislative Counsel Ernesto Falcon. “Customers often don’t understand the implications of giving up personal information—and telecoms aren’t eager to explain the situation clearly—and that’s simply unfair.”
For the full comments to the FCC:
User Advocates, Tech Companies, and Studios Debate Impact of Copyright Law on the ‘Internet of Things’
San Francisco—On Tuesday and Wednesday, May 24-25, Electronic Frontier Foundation (EFF) Staff Attorney Kit Walsh and Senior Staff Attorney Mitch Stoltz will participate in public roundtable discussions about the impact of U.S. copyright law on freedoms to investigate and improve the software embedded in everyday products, devices, and appliances.
The discussions, being held at University of California Hastings College of the Law in San Francisco, are hosted by the U.S. Copyright Office, which is studying copyright issues related to the “Internet of Things” and the consequences of Section 1201 of the Digital Millennium Copyright Act (). Section 1201, while intended to prevent infringement of copyrighted media, has also blocked people from accessing software that controls everything from their mobile phones and video games to cars and insulin pumps.
Section 1201 was enacted to combat copyright infringement of digital works by making it unlawful to circumvent access controls on those works, such as the encryption on a DVD. Because of the broad definition of a copyrighted work, however, Section 1201 gives legal teeth to manufacturers who want to lock product owners out of the ability to tinker with, repair, or modify their own software-enabled devices. The restrictions have also prevented independent researchers from evaluating the software in cars and other devices for impacts on security, safety, privacy, and even the environment.
At the roundtable discussions, Walsh will speak about how overly-broad copyright restrictions on everyday products combine with one-sided end user license agreements to frustrate user freedom, research, and innovation. Stoltz will speak about Section 1201's overreaching restriction on circumventing technologies that control devices and products, and the burdensome, every-three-year procedure to get exemptions from Section 1201.
U.S. Copyright Office Roundtables for Software-Enabled Computer Products and Section 1201 Studies
EFF Staff Attorney Kit Walsh
EFF Senor Staff Attorney Mitch Stoltz
Tuesday, May 24, 9 am to 2:45 pm
Wednesday, May 25, 9 am to 4:15 pm
UC Hastings College of the Law
Alumni Reception Center
200 McAllister St.
San Francisco, CA 94102
Wikileaks Prosecution Included Unfair Charge Under CFAA
Fort Belvoir, Virginia—The Electronic Frontier Foundation (EFF) asked a U.S. Army Court of Criminal Appeals Wednesday to overturn Chelsea Manning’s conviction for violating the Computer Fraud and Abuse Act (CFAA), arguing that the law is intended to punish people for breaking into computers systems—something Manning didn’t do.
Manning is serving a 35-year sentence for her role in the release of approximately 700,000 military and diplomatic records to Wikileaks. She was convicted of 19 counts in all, including one under the CFAA. Her CFAA conviction stems from using unauthorized software to access a State Department database, which was prohibited by the database’s acceptable use policy.
The CFAA makes it illegal to intentionally access a computer connected to the Internet without authorization, but it doesn’t specify what “without authorization” means. Although the CFAA is aimed at computer break-ins, data theft, and destruction of computer systems, overzealous prosecutors have taken advantage of the law’s vague language to bring criminal charges that go beyond Congress’s anti-“hacking” purpose.
"Congress intended to criminalize the act of accessing a computer that you aren’t authorized to access, such as breaking into a corporate computer to steal user data or trade secrets or to spread viruses. The law should not be used to turn a violation of an employer’s computer use restrictions into a federal crime. That’s what happened here," said EFF Legal Fellow Jamie Williams.
In an amicus brief filed Wednesday, EFF told the U.S. Army Court of Criminal Appeals that violating a written policy, which restricted Manning from using unauthorized software to access a State Department database, is not a crime under the CFAA. Because most employers impose one-sided computer use policies on their employees, such an interpretation would potentially turn millions of Americans into criminals on the basis of innocuous activities, like browsing Facebook or viewing online sports scores at work in violation of company policy.
"Three federal circuit courts have recognized that violating computer use policies isn’t a crime under the CFAA, and we’re urging the Army court to follow suit,” said EFF Staff Attorney Andrew Crocker. “We have also urged Congress to adopt Aaron’s Law, named after late programmer and activist Aaron Swartz, who faced CFAA charges. The law which would ensure that people won't face criminal liability for violating terms of service agreements or other solely contractual agreements.”
The Center for Democracy & Technology and the National Association of Criminal Defense Lawyers joined EFF in filing the brief.
For our amicus brief:
Correction: an earlier version of this press release misstated the number of documents leaked. It's approximately 700,000 records.
Government Withholding Records About ‘Walled Off’ Law Enforcement Program
Update: This hearing has been vacated. In an order issued late Tuesday, the judge asked for supplemental briefing from the parties. A new hearing date may be set once that briefing is complete.
San Francisco – On Thursday, May 19, at 10 am, the Electronic Frontier Foundation (EFF) will urge a federal judge to let the public see records about “Hemisphere,” a massive drug enforcement database containing decades of telephone metadata.
Reporters at the New York Times uncovered the Hemisphere program in 2013. Funded by the Drug Enforcement Agency (DEA) and the White House’s Office of National Drug Control Policy, Hemisphere places AT&T employees inside law enforcement agencies to facilitate quick access to call records data—including who called who, when, and how long they spoke—typically without any court oversight. The New York Times found that investigators were encouraged to keep Hemisphere “under the radar” by using “parallel subpoenas” and then “walling off” Hemisphere information from public scrutiny.
EFF filed a Freedom of Information Act (FOIA) request to learn more about the program and how it was used by law enforcement, but the government released only a small amount of heavily redacted records in response. At Thursday's hearing, EFF Senior Staff Attorney Adam Schwartz will argue that the government must stop misusing public records law to hide information about Hemisphere.
Electronic Frontier Foundation v. Department of Justice
EFF Senior Staff Attorney Adam Schwartz
Thursday, May 19
United States District Court
450 Golden Gate Avenue, 15th Floor, Courtroom B
San Francisco, CA
For more about Hemisphere and EFF’s FOIA lawsuit:
User Advocates, Studios, Artists, Tech Companies Debate DMCA Protections
San Francisco—On Thursday and Friday, May 12-13, Electronic Frontier Foundation (EFF) Legal Director Corynne McSherry will participate in public roundtable discussions about the effectiveness of safe harbor provisions of the Digital Millennium Copyright Act (DMCA) at the United States Ninth Circuit James R. Browning Courthouse in San Francisco. The discussions are hosted by the U.S. Copyright Office, which is studying how the provisions impact copyright owners, internet service providers (ISPs) and users—including the ongoing problem of takedown abuse.
Congress passed the provisions—known as Section 512—two decades ago to establish safe harbors that allow service providers to avoid liability for copyright infringing material. Innovation, creativity, and free expression on the Internet are thriving as a result. Section 512 safe harbors have been essential to the modern Internet; without them we couldn’t have a YouTube, a Twitter, a Facebook or whatever comes next.
At the roundtable discussions McSherry will speak about continued takedown abuses, including problems with automated systems and filters for flagging and removing content. She will also discuss EFF’s opposition to proposals requiring ISPs to permanently remove allegedly infringing content, which would amount to the kind of Internet blacklist contemplated by the congressional bills SOPA and PIPA, both promoted by Hollywood but soundly defeated in 2012.
U.S. Copyright Office Section 512 Study Roundtable
EFF Legal Director Corynne McSherry
Thursday, May 12, 9 a.m. and 1:30 p.m.
Friday, May 13, 1:30 p.m.
United States Court of Appeals for the Ninth Circuit
James R. Browning Courthouse
95 Seventh St.
San Francisco, California
EFF’s ‘Who Has Your Back’ Report Takes on Uber, Taskrabbit, Airbnb, and More
San Francisco - The “sharing” or “gig” economy is booming—you can get rides with companies like Uber, hire people to run errands with services like Taskrabbit, or find a place to stay on websites like Airbnb. These companies connect people offering services to people purchasing them, and in the process they have access to vast amounts of personal data. But how well do these companies protect your information from the government? The sixth annual “Who Has Your Back” report from the Electronic Frontier Foundation (EFF) surveyed the biggest providers in the gig economy to find out.
“These companies collect information on what you buy, where you sleep, and where you travel—whether you are offering services, or purchasing them,” said EFF Activism Director Rainey Reitman. “Often they go even further, collecting contents of communications and geolocation information from your cell phone. But are these companies respecting their users’ rights when the government comes knocking? For much of the gig economy, the answer is no.”
This year’s report analyzed ten companies, and only Uber and Lyft earned credit in all the categories we assessed, including transparency around government access requests, advocacy on the federal level for user privacy, and commitment to providing users with notice about law enforcement data requests. FlipKey, Airbnb, and Instacart also received stars in some categories, but Getaround, Postmates, Taskrabbit, Turo, and VRBO received no credit in any category.
“We see a clear trend in our report: while some sharing economy companies have prioritized standing up for user privacy in the face of government demands, many others have not,” said EFF Senior Staff Attorney Nate Cardozo. “This is a wake-up call to the gig economy companies and the people who use them. It’s time for these services to catch up with the rest of the industry and safeguard our data from government overreach—ensuring that law enforcement access to this trove of information is fair, just, and only in accordance with the rule of law.”
EFF has published its Who Has Your Back report—an annual overview of the public policies and practices of major technology and communications companies in response to law enforcement requests—for six years. While no company achieved credit in every category in the first report back in 2011, more than half of the companies got stars in four or five categories in 2015, and 23 of 24 followed industry best practices. As the first set of companies we looked at has improved so substantially, we decided it was time to turn to the sharing economy.
“Shifts in industry momentum can take time. It took several years before we saw widespread adoption of the best practices promoted in our first Who Has Your Back reports,” said EFF Deputy Executive Director Kurt Opsahl. “The users are the lifeblood of these companies, and next year’s report will provide them an opportunity to adopt best practices and stand up for the people who make their businesses work.”
For the full Who Has Your Back report:
Copyright Laws Are No Obstacle to New Devices, Despite Cable Company Claims
Washington, D.C.—The Electronic Frontier Foundation (EFF) urged the Federal Communications Commission (FCC) to adopt robust, consumer-friendly “Unlock the Box” rules that will give Americans access to more innovative, useful, and creative devices and software for watching pay cable and satellite television.
The FCC’s proposed “Unlock the Box” rules will allow any manufacturer to create and market devices or apps that will connect consumers to their cable or satellite TV feeds. The proposal will lead to a new generation of navigation devices that let viewers search and play shows on cable, online services, or over-the-air broadcasts from a single clicker, app, or box.
“Unlock the Box” is a long-overdue effort to open up the closed world of TV set-top boxes to competition. For decades pay-TV customers have had no choice but to rent set-top boxes—and while the cost of the TVs and computers they use for viewing has dropped by 90 percent, the cost of cable set-top boxes that often contain three-generations-old technology have risen 185 percent. Recently, some pay-TV companies have begun making some programming available through apps on other devices, but they remain in complete control of the design and function of those apps, while competitors are locked out.
In comments to the FCC today, EFF urged adoption of “Unlock the Box” rules that maintain user privacy, allow testing by security researchers, and steer clear of loopholes that would enable cable and satellite TV companies to use copyright and other laws to maintain control over consumer devices for navigating TV viewing.
“Clunky, technologically-backwards rental set-top boxes that cost consumers an average of $231 a year and earn billions for cable companies are a frozen artifact of a bygone era. A handful of companies now maintain a monopoly over how consumers access the programming they pay for,’’ said EFF Senior Staff Attorney Mitch Stoltz. “Competition will drive innovation in features and allow consumers to vote with their dollars for devices that are easier to use, have more sophisticated search functions, and integrate multiple sources of programming.”
Cable and satellite companies, movie studios and other major media companies allege “Unlock the Box” rules will lead to unauthorized access to their content, and that building tools for finding and viewing TV content should require permission.
This is nonsense, EFF told the FCC today. The proposed rules don’t permit consumers to access content they haven’t paid for or authorize copying or distribution of TV programming. Copyright laws don’t give rightsholders the power to control the features of your home video devices, or to dictate how you can find and watch the programming that you pay for.
EFF is also urging the FCC to ensure that manufactures of new navigation tools are subject to strong privacy standards that will give consumers the same protections they currently have. EFF warned against giving cable and satellite TV companies authority to decide which devices comply with consumer protection rules—this would only give them another opportunity to attempt to control the device market or exclude competition.
“Consumers need privacy protections, and while competitive device makers aren’t subject to FCC regulations we believe they should be subject to the same legal standards for privacy as cable and satellite TV companies,” said EFF Senior Staff Attorney Lee Tien. “For too long every effort to improve the pay-TV experience for consumers has been derailed by companies that control set-top boxes. If ‘Unlock the Box’ rules are implemented, consumers will be the winners.”
EFF Will Appeal to Protect First Amendment Rights
San Francisco - A federal judge has unsealed her ruling that National Security Letter (NSL) provisions in federal law—as amended by the USA FREEDOM Act—don’t violate the Constitution. The ruling allows the FBI to continue to issue the letters with accompanying gag orders that silence anyone from disclosing they have received an NSL, often for years. The Electronic Frontier Foundation (EFF) represents two service providers in challenging the NSL statutes, who will appeal this decision to the United States Court of Appeals for the Ninth Circuit.
“Our heroic clients want to talk about the NSLs they received from the government, but they’ve been gagged—one of them since 2011,” said EFF Deputy Executive Director Kurt Opsahl. “This government silencing means the service providers cannot issue open and honest transparency reports and can’t share their experiences as part of the ongoing public debate over NSLs and their potential for abuse. Despite this setback, we will take this fight to the appeals court, again, to combat USA FREEDOM’s unconstitutional NSL provisions.”
This long-running battle started in 2011, after one of EFF’s clients challenged an NSL and the gag order it received. In 2013, U.S. District Court Judge Susan Illston issued a groundbreaking decision, ruling that the NSL power was unconstitutional. However, the government appealed, and the Ninth Circuit found that changes made by the USA FREEDOM Act passed by Congress last year required a new review by the District Court.
In the decision unsealed this week, the District Court found that the USA FREEDOM Act sufficiently addressed the facial constitutional problems with the NSL law. However, she also ruled that the FBI had failed to provide a sufficient justification for one of our client’s challenges to the NSLs. After reviewing the government’s justification, the court found no “reasonable likelihood that disclosure … would result in danger to the national security of the United States,” or other asserted dangers, and prohibited the government from enforcing that gag. However, the client still cannot identify itself because the court stayed this portion of the decision pending appeal.
“We are extremely disappointed that the superficial changes in the NSL statutes were determined to be good enough to meet the requirements of the First Amendment,” said EFF Staff Attorney Andrew Crocker. “NSL recipients still can be gagged at the FBI’s say-so, without any procedural protections, time limits or judicial oversight. This is a prior restraint on free speech, and it’s unconstitutional.”
The NSL statutes have been highly controversial since their use was expanded under the USA PATRIOT Act. With an NSL, the FBI—on its own, without any judge’s approval—can issue a secret letter to communications service providers, requiring the service to turn over subscriber and other basic non-content information about their customers. The gag orders that the FBI routinely issues along with an NSL have hampered discussion and debate about the process.
For the full unsealed order:
For more on National Security Letters:
All Significant FISC Orders Must Be Declassified Under USA FREEDOM
San Francisco—The Electronic Frontier Foundation (EFF) filed a Freedom of Information (FOIA) lawsuit today against the Justice Department to shed light on whether the government has ever used secret court orders to force technology companies to decrypt their customers’ private communications, a practice that could undermine the safety and security of devices used by millions of people.
The lawsuit argues that the DOJ must disclose if the government has ever sought or obtained an order from the Foreign Intelligence Surveillance Court (FISC) requiring third parties—like Apple or Google—to provide technical assistance to carry out surveillance.
The suit separately alleges that the agency has failed to turn over other significant FISC opinions that must be declassified as part of surveillance reforms that Congress enacted with the USA FREEDOM Act.
EFF filed its FOIA requests in October and March amid increasing government pressure on technology companies to provide access to customers’ devices and encrypted communications for investigations. Although the FBI has sought orders from public federal courts to create a backdoor to an iPhone, it is unclear to what extent the government has sought or obtained similar orders from the FISC. The FISC operates mostly in secret and grants nearly every government surveillance request it receives.
The FBI’s controversial attempt to force Apple to build a special backdoor to an iPhone after the San Bernardino attacks underscored EFF’s concerns that the government is threatening the security of millions of people who use these devices daily. Many citizens, technologists and companies expressed similar outrage and concern over the FBI’s actions.
Given the public concern regarding government efforts to force private companies to make their customers less secure, EFF wants to know whether similar efforts are happening in secret before the FISC. There is good reason to think so. News outlets have reported that the government has sought FISC orders and opinions requiring companies to turn over source code so that federal agents can find and exploit security vulnerabilities for surveillance purposes.
Whether done in public or in secret, forcing companies to weaken or break encryption or create backdoors to devices undermines the safety and security of millions of people whose laptops and smartphones contain deeply personal, private information, said EFF Senior Staff Attorney Nate Cardozo.
“If the government is obtaining FISC orders to force a company to build backdoors or decrypt their users’ communications, the public has a right to know about those secret demands to compromise people’s phones and computers,” said Cardozo. “The government should not be able to conscript private companies into weakening the security of these devices, particularly via secret court orders.”
In addition to concerns about secret orders for technical assistance, the lawsuit is also necessary to force the government to comply with the USA FREEDOM Act, said EFF Senior Staff Attorney Mark Rumold. Transparency provisions of the law require FISC decisions that contain significant or novel legal interpretations to be declassified and made public. However, the government has argued that USA FREEDOM only applies to significant FISC decisions written after the law was passed.
“Even setting aside the existence of technical assistance orders, there’s no question that other, significant FISC opinions remain hidden from the public. The government’s narrow interpretation of its transparency obligations under USA FREEDOM is inconsistent with the language of the statute and Congress’ intent,’’ said Rumold. “Congress wanted to bring an end to secret surveillance law, so it required that all significant FISC opinions be declassified and released. Our lawsuit seeks to hold DOJ accountable to the law.”
For the full complaint:
Safe Harbors Work for Rightsholders and Service Providers
Washington, D.C. - Content takedowns based on unfounded copyright claims are hurting online free expression, the Electronic Frontier Foundation (EFF) told the U.S. Copyright Office Friday, arguing that any reform of the Digital Millennium Copyright Act (DMCA) should focus on protecting Internet speech and creativity.
EFF’s written comments were filed as part of a series of studies on the effectiveness of the DMCA, begun by the Copyright Office this year. This round of public comments focuses on Section 512, which provides a notice-and-takedown process for addressing online copyright infringement, as well as “safe harbors” for Internet services that comply.
“One of the central questions of the study is whether the safe harbors are working as intended, and the answer is largely yes," said EFF Legal Director Corynne McSherry. “The safe harbors were supposed to give rightsholders streamlined tools to police infringement, and give service providers clear rules so they could avoid liability for the potentially infringing acts of their users. Without those safe harbors, the Internet as we know it simply wouldn’t exist, and our ability to create, innovate, and share ideas would suffer.”
As EFF also notes in its comments, however, the notice-and-takedown process is often abused. A recent report found that the notice-and-takedown system is riddled with errors, misuse, and overreach, leaving much legal and legitimate content offline. EFF’s comments describe numerous examples of bad takedowns, including many that seemed based on automated content filters employed by the major online content sharing services. In Friday’s comments, EFF outlined parameters endorsed by many public interest groups to rein in filtering technologies and protect users from unfounded blocks and takedowns.
“A significant swath of lawful speech is getting blocked from the Internet, just because it makes use of a copyrighted work,” said EFF Staff Attorney Kit Walsh. “The Internet needs fewer bad copyright claims—not more burdensome copyright laws—to protect speech.”
For EFF’s full comments to the copyright office:
Fox News Claims Broadcast TV Database Infringes Copyright
San Francisco - A media monitoring service that creates a text-searchable database of television and radio content is defending its fair use rights before a federal appeals court. The Electronic Frontier Foundation (EFF), New York University’s Technology Law and Policy Clinic, and Public Knowledge urged the court Wednesday to protect this innovative technology—and others that have yet to be developed—from being shut down by copyright infringement claims.
“Search engines and book digitization have proven the enormous social benefits of indexing and archiving the media,” said EFF Staff Attorney Kit Walsh. “This case is the latest in a long line of copyright-based challenges to these important tools, and it should fail just as the others have.”
In this case, Fox News sued a company called TVEyes, claiming the company’s broadcast content database—used by journalists, scholars, and political campaigns to study and monitor the national media—infringed its copyright in its programming. The district court acknowledged that the service is generally a fair use of copyrighted material, but then, in a second ruling, held that some of the features of the TVEyes database could facilitate infringement, including the ability to share links or search by date and time. In a departure from established legal precedent, the court ruled that this was enough to defeat TVEyes’ fair use defense.
TVEyes appealed to the United States Court of Appeals for the Second Circuit. In an amicus brief filed Wednesday, EFF and its partners argued that the law does not impose liability on a toolmaker based on the possibility that users will misuse a tool, except in limited circumstances not present here and not even alleged by Fox News.
“TVEyes’ liability should not turn on the hypothetical conduct of its users,” said EFF Legal Director Corynne McSherry. “If the district court decision is upheld, all kinds of new technologies could be at risk. We are asking the appeals court to follow the law and reject Fox News’ claims.”
For the full amicus brief:
For more on Fox News v. TVEyes:
Forcing Apple to Write and Sign Code Undermining iPhone Security Violates First Amendment
Riverside, California—The Electronic Frontier Foundation (EFF) and 46 technology industry experts, including inventors of modern cryptography, told a federal court today that forcing Apple to write and sign computer code disabling crucial iPhone security features that protect millions of users violates the company’s free speech rights.
The Federal Bureau of Investigation (FBI) should not be allowed to, in effect, stand over the shoulders of Apple programmers and force them to create and sign off on code that would decimate the iPhone’s security, EFF said. The signed code would send a clear message that it’s OK to undermine encryption that users rely on—a view the government endorses but Apple fiercely opposes. EFF made its arguments in a friend-of-the-court brief filed today in U.S. District Court for the Central District of California. The brief was signed by 46 technologists, security researchers, and cryptographers, including digital signature pioneers Martin Hellman and Ronald Rivest.
The phone at issue was used by a suspect in December’s San Bernardino mass shooting who was killed after the attack. A federal court issued a preliminary order that would require Apple to edit iOS to disable security features that protect the phone’s contents from surveillance, hackers, and thieves. The code must be digitally signed by Apple in order to run on the iPhone—a signature that guarantees the code is approved and endorsed by Apple.
“The court order is akin to the government dictating a letter endorsing backdoors and forcing Apple to sign its forgery-proof name at the bottom,’’ said EFF Civil Liberties Director David Greene. “In our democracy, no one—not technology companies, coders, or average citizens—can be forced to write an article, carry a sign, post an update on Facebook or write and sign computer code that communicates or endorses a government idea that they don’t agree with. What the FBI asked the court to do violates free speech rights and puts the security and privacy of millions of people at risk. We are asking the court to throw out this dangerous and unconstitutional order.”
EFF has particular expertise in the First Amendment issues in this court battle, as it spearheaded cases in the early 1990s and 2000s leading courts to recognize computer code merited protection under the Constitution.
A magistrate judge in Riverside, California, granted the FBI’s request under the All Writs Act—a statute that gives judges the ability to command an entity or person assist in the enforcement of an order, as long as it’s necessary and legal. But the order fails to meet that standard for many reasons, including that it violates Apple’s constitutionally guaranteed right against being compelled to speak for the government.
“Apple has said that it believes the best thing for the world is for all of us to have uncompromised security, not compromised security,” said EFF Executive Director Cindy Cohn. “What the FBI is demanding is that Apple publicly capitulate to the government’s views, and the fact that it would have to do so through writing and signing code makes no difference. This is far more than simply requiring Apple to turn over evidence that it has in its custody; this violates the First Amendment.”
For the full amicus brief:
For more on this case:
As EFF’s Jewel v. NSA Presses Forward, Other Plaintiffs Also Have Standing to Sue
San Francisco - The Electronic Frontier Foundation (EFF) urged the United States Court of Appeals for the Fourth Circuit Wednesday to permit Wikimedia and other groups to continue their lawsuit against the NSA over illegal Internet surveillance. A ruling in favor of the plaintiffs in Wikimedia v. NSA would follow the lead of the Ninth Circuit, which allowed EFF’s Jewel v. NSA to go forward despite years of stalling attempts by the government.
In Wikimedia, the American Civil Liberties Union (ACLU) represents nine plaintiffs, including human rights organizations, members of the media, and the Wikimedia Foundation. A federal district judge in Maryland dismissed the case last fall, ruling that the plaintiffs did not have standing to sue. In EFF’s long-running challenge to NSA spying, Jewel, a separate appeals court rightly rejected a similar argument in 2011, and the case is ongoing in federal court. In fact, last Friday, after eight years of litigation in Jewel, a judge authorized EFF to conduct discovery—meaning, for the first time, EFF can begin to compel the government to produce evidence related to the NSA’s surveillance of the nation’s fiber optic Internet backbone.
“We’re well past the point where the government can simply utter ‘national security’ and get these cases dismissed at their outset,” said EFF Staff Attorney Mark Rumold. “We battled back these arguments in Jewel, and now we are asking another appeals court to do the same thing in Wikimedia.”
In the amicus brief filed Wednesday, EFF urges the Fourth Circuit to recognize standing for allegations of harm based on actual past and ongoing surveillance, like those alleged in both Wikimedia and Jewel.
“Jewel, and our recent order allowing us to move forward with discovery, is all the evidence the Fourth Circuit needs to know that cases challenging NSA surveillance can and should go forward,” said Rumold. “The government makes litigating these cases as difficult as possible, but that difficulty doesn’t mean the courts should turn their back on violations of people’s constitutional rights.”
For the full amicus brief:
For more on Wikimedia v. NSA:
For more on Jewel v. NSA:
Secretive and Closed Treaty Negotiations Leave Out Important Voices in Trade Debates
San Francisco - The Electronic Frontier Foundation (EFF) and an international coalition of groups representing Internet users, consumers, and scholars are calling for reform of the negotiation of global trade agreements in order to protect Internet and other digital rights for communities around the world.
The “Brussels Declaration on Trade and the Internet” was signed by 20 groups and individuals concerned about secretive and closed trade negotiations, like the ones that were behind the Trans-Pacific Partnership agreement (TPP). The TPP is now awaiting ratification from 12 countries but was under development for seven years before the completed text was released for the public to see. However, advisors for big corporations were allowed to view and comment on draft texts. As a result, TPP includes restrictive copyright enforcement regulations that will hurt free expression, innovation, and privacy on the Internet and elsewhere.
“We need an international trading system that is fair, sustainable, democratic, and accountable,” said EFF Global Policy Analyst Jeremy Malcolm. “But you can only achieve that result through public participation. The secrecy we’ve seen in the TPP and similar agreements locks out important views from the global digital rights community and other experts. That’s insight we need to make sure we are protecting rights for everyone around the world.”
The declaration makes six specific recommendations for countries participating in global trade agreements, including regular releases of draft proposals, ample opportunity for public comment and feedback, and engagement of organizations and experts representing Internet users and consumers.
“Digital policy must be shaped through open and participatory means,” said Steve Anderson from OpenMedia. “If trade agreements are going to impact Internet governance they must ensure effective participation from experts and the public.”
“Trade agreements like the Trans-Pacific Partnership are shaping complex aspects of Internet policy but Internet users have no insight into the negotiations," says Denelle Dixon-Thayer, Mozilla’s Chief Legal and Business Officer. "At Mozilla, we believe that when policy is not developed in the open, users lose as a result. We want to change that.”
The Brussels Declaration on Trade and the Internet stems from a meeting in Belgium earlier this year on catalyzing reform of trade negotiation processes. Experts from four continents took part.
For the Brussels Declaration on Trade and the Internet:
For more on the declaration and its importance:
Citizens Rightfully Expect Privacy in Data That Reveals Their Whereabouts
Chicago—The Electronic Frontier Foundation (EFF) is urging a federal appeals court in Chicago to rule that police need a warrant to access cell phone location records that can reveal our everyday travels—when we leave home, where we go and whom we visit.
In an amicus brief filed Friday in the United States Court of Appeals for the Seventh Circuit, EFF, the American Civil Liberties Union (ACLU), and ACLU of Wisconsin said cell phone location information—data that show where our phones are at a given time and date—generates a comprehensive picture of a person’s movements. Because we carry our phones with us wherever we go, these data can reveal intensely personal information like when we see the doctor, attend a political meeting, or visit friends. Americans have the right to expect that this information remain private and beyond the reach of law enforcement officers unless they first obtain a search warrant.
In this case, U.S. v. Patrick, a Wisconsin man was charged with being a felon in possession of a weapon. Police tracked the man down in real time using location information from his cell phone—obtained either from a phone company or possibly collected using a cell-site simulator, devices known as Stingrays that trick mobile phones into connecting with them. He was located in a car where a gun was found at his feet and arrested. In the brief filed Friday, EFF and the ACLU explain to the court that real-time cell phone location tracking violates the Fourth Amendment’s prohibition against unreasonable search and seizures.
“This is the first time this federal appeals court, whose rulings affect Illinois, Wisconsin and Indiana, is considering whether citizens have an expectation of privacy in real-time cell phone location records,’’ said EFF Senior Staff Attorney Jennifer Lynch. “This case comes as we are seeing a groundswell of recognition that this information is private. Legislatures in the three states covered by the Seventh Circuit have all now prohibited warrantless real-time cell phone. California and at least eight other states also require warrants for real-time tracking.”
There have been conflicting rulings over this issue on the federal level. In 2014 the U.S. Court of Appeals for the Eleventh Circuit in Atlanta ruled that there’s no expectation of privacy in historical cell site location records, so police don’t need a warrant to get them, while the U.S. Court of Appeals for the Fourth Circuit in Richmond, Virginia, last year ruled the opposite.
The U.S. Supreme Court has already recognized that data about where we go can be incredibly revealing and that cell phones hold vast amounts of private information—potentially the sum of an individual’s private life. The court ruled that searching a cell phone found during an arrest and tracking a car using GPS now both require a search warrant.
“The Seventh Circuit should follow the Supreme Court’s lead and recognize that police shouldn’t have unfettered access to records that that can reveal our every move. Law enforcement must be required to get a warrant before accessing the vast amount of private information generated by cell phone location records,’’ said EFF Senior Staff Attorney Adam Schwartz.
EFF Urges Department of Education to Uphold First Amendment Rights in University Anti-Harassment Policies
San Francisco - The Electronic Frontier Foundation (EFF) urged the Department of Education today to protect university students’ right to speak anonymously online, warning that curtailing anonymous speech as part of anti-harassment regulations would not only violate the Constitution but also jeopardize important on-campus activism.
“Battling gender and racial harassment and threats on college campuses is vitally important,” said EFF Legal Director Corynne McSherry. “But some are calling for blanket bans on the use of platforms that allow anonymous comments, and that’s a counterproductive strategy. Online anonymity is crucial for students who fear retaliation for their political and social commentary. It helps many people avoid being targets of harassment in the first place.”
EFF’s letter to the Department of Education comes after a number of groups pressed for new federal guidelines for fighting online harassment. EFF agrees with the majority of the recommendations, including ensuring prompt reporting and investigation of all reports of harassment, and disciplining and/or prosecuting perpetrators. However, preemptively removing access to anonymous online speech platforms violates all students’ First Amendment rights—threatening projects like the USG Girl Mafia at the University of Southern California, where students anonymously map locations of assault reports on campus. Anonymity was also essential for student activists at Guilford College in North Carolina, who used an online form to collect anonymous testimonials about racial violence from those who felt unsafe revealing their identities.
Additionally, online speech bans are problematic because any technical restriction—like blocking on-campus access through the university’s wireless network, or limiting where students can access particular mobile applications or websites—will not prevent any student from going off-campus or joining another wireless network to comment anonymously.
“The Internet has an unmatched ability to help groups of people organize and communicate and be a force for positive social change,” said EFF Frank Stanton Legal Fellow Aaron Mackey. “Taking away choices for anonymous speech will curtail these activities without meaningfully preventing illegal harassment and threats. We urge the Department of Education to find solutions that protect all students.”
For the full letter to the Department of Education:
Company Built Customized ‘Golden Shield’ System to Identify Falun Gong Members Who Were Later Tortured
San Francisco—The Electronic Frontier Foundation (EFF) is urging a federal appeals court to reinstate a lawsuit seeking to hold Cisco Systems accountable for aiding in human rights abuses by building the Chinese government a system that Cisco officials knew was intended to identify—and facilitate the capture and torture of—members of the Falun Gong religious minority.
In an amicus brief filed Monday with the United States Court of Appeals for the Ninth Circuit, EFF and the groups ARTICLE 19 and Privacy International argue that the plaintiffs sufficiently alleged that Cisco understood that the “Golden Shield” system (also known as The Great Firewall) it custom-built for China was an essential component of the government’s program of persecution against the Falun Gong—persecution that included online spying and tracking, detention, and torture.
In Doe v. Cisco Systems Inc., Falun Gong victims and their families sued Cisco under a law known as the Alien Tort Statute, which allows noncitizens to bring claims in U.S. federal court for violations of human rights laws. A federal judge dismissed the case, saying the plaintiffs didn’t offer enough support for their claim that Cisco knew the customized features of the Golden Shield enabling the identification and apprehension of Falun Gong practitioners specifically would ultimately lead to torture.
As EFF explains in its brief, the judge misapplied the law.
“The facts alleged by the plaintiffs are sufficient to proceed with a lawsuit claiming Cisco knew that technologies it designed from its offices in San Jose, California, would facilitate human rights abuses, and purposefully built its products to help the Chinese government carry out its program of repressing, capturing, and abusing Falun Gong members,” said EFF Staff Attorney Sophia Cope. “Company officials didn’t have to be present in China in order to assist human rights violations, and victims have a right to their day in court.’’
The Golden Shield system included a library of Falun Gong Internet activity enabling the Chinese government to identify Falun Gong members online, according to the lawsuit. The case also contains strong evidence that Cisco created systems for storing and sharing information about “forced conversion”—i.e. torture—sessions for use as training tools. The cooperation was also documented in internal marketing literature, where a Cisco engineer described the company’s commitment to China’s security objectives, including the “douzheng” of Falun Gong practitioners. Douzheng is a term describing abuse campaigns against disfavored groups comprising of persecution and torture.
“Cisco’s conduct is part of a growing trend of U.S. and European technology companies helping repressive governments become highly efficient at committing human rights violations,” said Cope. “We are asking the Ninth Circuit to recognize that victims of such abuses can seek to hold accomplices like Cisco accountable for their role in brutal persecutions.”
Government Has Created Impermissible Licensing Regime for Computer-Readable Designs
San Francisco - The government cannot require Americans to go through an export licensing scheme prior to posting and sharing 3-D printer design files online, because publishing technical information is a form of speech protected by the First Amendment, the Electronic Frontier Foundation (EFF) told a federal appeals court Thursday.
The case is Defense Distributed v. United States Department of State, in which the Texas company sued the State Department after officials warned that criminal sanctions could be brought for publishing a 3-D printable file for a one-shot plastic gun, as well as other design and documentation files without a license. The State Department claimed that publishing the files on the Internet could violate the International Traffic in Arms Regulations (ITAR), which controls the international export of defense-related technology. After suggesting Defense Distributed put in an administrative request to determine whether the files were, in fact, controlled, the State Department sat on the request for nearly two years—only acting after Defense Distributed sued. It then concluded that a license was required to publish most of the files at issue.
The export controls regime provides no opportunity for a would-be publisher to challenge in court the State Department’s determination that a license is required, or the denial of a license. In an amicus brief filed in the United States Court of Appeals for the Fifth Circuit, EFF said that the State Department’s licensing regime for speech about defense-related technologies—many of which have civilian applications—violates the First Amendment.
“The First Amendment requires that speech be allowed except in the narrowest circumstances. Here, the export controls regime does not provide for judicial oversight or require the government to prove the appropriate conditions for a prior restraint of speech. Rather, the law criminalizes as a general matter the online publication of unclassified designs and documentation about a wide range of technologies,” said EFF Staff Attorney Kit Walsh. “The Supreme Court has been very clear that any speech licensing regime has to be governed by definite standards of review, judicial oversight, and prompt deadlines. This process doesn’t contain any of those safeguards to prevent capricious censorship.”
The questions at issue in this lawsuit are a direct parallel to one of EFF’s first cases, the landmark Bernstein v. U.S. Department of State. In Bernstein, the court found that the source code for the first freely available encryption software was constitutionally protected free speech and that the government’s attempt to suppress it via export control licensing violated the First Amendment.
“The government is trying to use the same tactic it used in the 1990s to block researchers from sharing computer code online,” said Walsh. “A court first ruled more than 15 years ago that source code was speech protected by the First Amendment, in a case that held the government’s export regulations preventing its publication were unconstitutional. The Fifth Circuit should do the same for design files.”
For the full amicus brief:
New Feature Analyzes Your Web Browser and Add-Ons for Successful Tracker Blocking
San Francisco - The Electronic Frontier Foundation (EFF) launched new online tracker-testing in its Panopticlick tool today, helping you analyze the privacy protections in your Web browser.
When you visit a website, online trackers and the site itself may be able to identify you, and the records of your online activity can then be distributed among a vast network of advertising exchanges, data brokers, and tracking companies. Many people install ad- or tracker-blockers to try to protect themselves, but it can be hard to know how effective they are. Panopticlick will check your browser and your add-ons and assess the privacy protections users have in place. It can also suggest remedies for under-protected browsers.
But even if you have strong tracker blocking installed on your computer, you could still be identified by what’s called a “browser fingerprint.” That’s the combination of factors such as your operating system, your browser, and plug-ins. Panopticlick also analyzes the uniqueness of your browser to see if you are still at risk from this kind of data-gathering, even if you have privacy-protective software installed.
“Have you ever felt like ads you see online have an uncanny knowledge of your browsing habits? It’s creepy, and a sign you are being tracked,” said EFF Chief Computer Scientist Peter Eckersley. “When you visit Panopticlick and click on the ‘test me’ button, the site simulates the loading of various tracking technologies. Then you get a report to help you understand what protections you have in place, and what’s missing. Panopticlick is a great way to boost your privacy as you read, shop, and interact with websites throughout your day.”
Fighting for user privacy on the Web can feel like an uphill battle, with advertisers and marketers changing their tactics and technologies at a lightning pace. Panopticlick will also do double-duty as a research project for EFF, collecting anonymous data for technologists to analyze so they can improve privacy tools like EFF’s Privacy Badger and develop others down the road.
“Online data-gatherers use tactics that are complex, subtle, and ever-evolving,” said EFF Software Engineer Bill Budington. “Panopticlick is a way for you to help protect yourself, as well as help contribute to our understanding of online tracking more generally.”
EFF Battles Facebook’s Claims That It’s a Crime to Bypass an IP Block
San Francisco—The Electronic Frontier Foundation (EFF) will urge a federal appeals court Wednesday to reject Facebook’s claims that it’s a crime to workaround an IP address block—an interpretation of the law that could criminalize routine online behavior. EFF Legal Fellow Jamie Williams will participate in oral argument in the case, Facebook v. Power Ventures, set for 9:30 am on Dec. 9 before the United States Court of Appeals for the Ninth Circuit in San Francisco, California.
Power Ventures made a web-based tool that allowed users to log into all of their social networking accounts in one place and aggregate messages, friend lists, and other data. Facebook sued Power, claiming it violated a federal anti-hacking statute, the Computer Fraud and Abuse Act (CFAA), when it provided Facebook users a way to access their data through Power after Facebook blocked a specific IP address the company was using to connect to Facebook data. A district court sided with Facebook, finding that designing a system to work around IP address blocks could be a crime under the CFAA.
The CFAA targets unauthorized acts of breaking into computer systems to steal data and cause other harm. In Wednesday’s hearing, Williams will argue that the Ninth Circuit has already ruled that the CFAA must be interpreted narrowly to avoid transforming what was intended to be an anti-hacking statute into a law that could sweep up innocuous conduct. Criminalizing a routine process like switching IP addresses stifles innovation and harms consumers—and it’s not what Congress had in mind.
Facebook v. Power Ventures and Steven Vachani
EFF Frank Stanton Legal Fellow Jamie Williams
Wednesday, Dec. 9
Ninth Circuit Court of Appeals-James R. Browning Courthouse
Courtroom 2, 3rd Fl, Room 330
95 7th St.
San Francisco CA 94103
EFF Launches 'Spying on Students' Campaign to Raise Awareness About Privacy Risks of School Technology Tools
San Francisco—The Electronic Frontier Foundation (EFF) filed a complaint today with the Federal Trade Commission (FTC) against Google for collecting and data mining school children’s personal information, including their Internet searches—a practice EFF uncovered while researching its “Spying on Students” campaign, which launched today.
The campaign was created to raise awareness about the privacy risks of school-supplied electronic devices and software. EFF examined Google’s Chromebook and Google Apps for Education (GAFE), a suite of educational cloud-based software programs used in many schools across the country by students as young as seven years old.
While Google does not use student data for targeted advertising within a subset of Google sites, EFF found that Google’s “Sync” feature for the Chrome browser is enabled by default on Chromebooks sold to schools. This allows Google to track, store on its servers, and data mine for non-advertising purposes, records of every Internet site students visit, every search term they use, the results they click on, videos they look for and watch on YouTube, and their saved passwords. Google doesn’t first obtain permission from students or their parents and since some schools require students to use Chromebooks, many parents are unable to prevent Google’s data collection.
Google’s practices fly in the face of commitments made when it signed the Student Privacy Pledge, a legally enforceable document whereby companies promise to refrain from collecting, using, or sharing students’ personal information except when needed for legitimate educational purposes or if parents provide permission.
“Despite publicly promising not to, Google mines students’ browsing data and other information, and uses it for the company’s own purposes. Making such promises and failing to live up to them is a violation of FTC rules against unfair and deceptive business practices,” said EFF Staff Attorney Nate Cardozo. “Minors shouldn’t be tracked or used as guinea pigs, with their data treated as a profit center. If Google wants to use students’ data to ‘improve Google products,’ then it needs to get express consent from parents.”
Google told EFF that it will soon disable a setting on school Chromebooks that allows Chrome Sync data, such as browsing history, to be shared with other Google services. While that is a small step in the right direction, it doesn’t go nearly far enough to correct the violations of the Student Privacy Pledge currently inherent in Chromebooks being distributed to schools.
EFF’s filing with the FTC also reveals that the administrative settings Google provides to schools allow student personal information to be shared with third-party websites in violation of the Student Privacy Pledge. The ability to collect and potentially share student information follows children whenever they use Chrome to log into their Google accounts, whether on a parents’ Apple iPad, friend’s smartphone or home computer.
“We commend schools for bringing technology into the classroom. Chromebooks and Google Apps for Education have enormous benefits for teaching and preparing students for the future. But devices and cloud services used in schools must, without compromise or loopholes, protect student privacy,” said EFF Staff Attorney Sophia Cope. “We are calling on the FTC to investigate Google’s conduct, stop the company from using student personal information for its own purposes, and order the company to destroy all information it has collected that’s not for educational purposes.”
EFF’s “Spying on Students” project aims to educate parents and school administrators to the risks of data collection by companies supplying technology tools used by students. The website provides facts on how data is collected, a case study, links to resources for parents and school officials, and tips for improving privacy.
Michael Godbe, a Fall 2015 EFF Legal Intern, helped prepare the FTC complaint, and Annelyse Gelman, EFF activist intern, helped prepare education material for the project.
To view the FTC complaint:
For more information on EFF’s “Spying on Students” project:
New Project Will Gather Users' Stories of Censorship from Around the World
San Francisco – The Electronic Frontier Foundation (EFF) and Visualizing Impact launched Onlinecensorship.org today, a new platform to document the who, what, and why of content takedowns on social media sites. The project, made possible by a 2014 Knight News Challenge award, will address how social media sites moderate user-generated content and how free expression is affected across the globe.
Controversies over content takedowns seem to bubble up every few weeks, with users complaining about censorship of political speech, nudity, LGBT content, and many other subjects. The passionate debate about these takedowns reveals a larger issue: social media sites have an enormous impact on the public sphere, but are ultimately privately owned companies. Each corporation has their own rules and systems of governance that control users’ content, while providing little transparency about how these decisions are made.
At Onlinecensorship.org, users themselves can report on content takedowns from Facebook, Google+, Twitter, Instagram, Flickr, and YouTube. By cataloging and analyzing aggregated cases of social media censorship, Onlinecensorship.org seeks to unveil trends in content removals, provide insight into the types of content being taken down, and learn how these takedowns impact different communities of users.
“We want to know how social media companies enforce their terms of service. The data we collect will allow us to raise public awareness about the ways these companies are regulating speech,” said EFF Director for International Freedom of Expression and co-founder of Onlinecensorship.org Jillian C. York. “We hope that companies will respond to the data by improving their regulations and reporting mechanisms and processes—we need to hold Internet companies accountable for the ways in which they exercise power over people’s digital lives.”
York and Onlinecensorship.org co-founder Ramzi Jaber were inspired to action after a Facebook post in support of OneWorld’s “Freedom for Palestine” project disappeared from the band Coldplay’s page even though it had received nearly 7,000 largely supportive comments. It later became clear that Facebook took down the post after it was reported as “abusive” by several users.
“By collecting these reports, we’re not just looking for trends. We’re also looking for context, and to build an understanding of how the removal of content affects users’ lives. It’s important companies understand that, more often than not, the individuals and communities most impacted by online censorship are also the most vulnerable,” said Jaber. “Both a company’s terms of service and their enforcement mechanisms should take into account power imbalances that place already-marginalized communities at greater risk online.”
Onlinecensorship.org has other tools for social media users, including a guide to the often-complex appeals process to fight a content takedown. It will also host a collection of news reports on content moderation practices.
Law Allows DNA Collection From Arrestees Before They’re Charged, Convicted
San Francisco—Californians who’ve merely been arrested and not charged, much less convicted of a crime, have a right to privacy when it comes to their genetic material, EFF said in an amicus brief filed Nov. 13 with the state’s highest court.
EFF is urging the California Supreme Court to hold that the state’s arrestee DNA collection law violates privacy and search and seizure protections guaranteed under the California constitution. The law allows police to collect DNA from anyone arrested on suspicion of a felony—without a warrant or any finding by a judge that there was sufficient cause for the arrest. The state stores arrestees’ DNA samples indefinitely, and allows access to DNA profiles by local, state, and federal law enforcement agencies.
EFF is weighing in on People v. Buza, a case involving a San Francisco man who challenged his conviction for refusing to provide a DNA sample after he was arrested. EFF argues that the state should not be allowed to collect DNA from arrestees because our DNA contains our entire genetic makeup—private and personal information that maps who we are, where we come from, and who we are related to. Arrestees, many of whom will never be charged with or convicted of a crime, have a right to keep this information out of the state’s hands.
“Nearly a third of those arrested for suspected felonies in California are later found to be innocent in the eyes of the law. Hundreds of thousands of Californians who were once in custody but never charged still have their DNA stored in law enforcement databases, subject to continuous searches,” said EFF Senior Staff Attorney Jennifer Lynch. “This not only violates the privacy of those arrested, it could impact their family members who may someday be identified through familial searches. The court must recognize that warrantless and suspicionless DNA collection from arrestees puts us on a path towards a future where anyone’s DNA can be gathered, searched, and used for surveillance.”
California officials argue that the court should follow the lead of the U.S. Supreme Court, which ruled in Maryland v. King that citizens’ privacy rights are outweighed by the government’s need to use DNA to identify arrestees, just as it uses fingerprints.
But DNA samples contain our entire genome—fingerprints don’t. What’s more, Maryland limits DNA collection to those arrested and subsequently charged for serious offenses—in 2013 that amounted to 17,400 arrests. In California, all of the nearly 412,000 felony arrests that same year were subject to DNA collection. Maryland also prohibits familial searches and requires DNA samples to be automatically expunged from databases and destroyed if a person is never charged with or convicted of the crime leading to arrest. California law doesn’t prohibit familial searches, and the state makes it extremely difficult for citizens to have their DNA records removed from the system.
“A lower court in this case correctly recognized that California’s DNA collection law deeply intrudes on the privacy interests of arrestees. The California Supreme Court should come to the same conclusion and strike it down,” said Lynch.
Law professors at UC Davis School of Law, New York University School of Law, Georgia State University College of Law, and UC Berkeley School of Law, as well the Office of the Maryland Public Defender and the National Association of Criminal Defense Lawyers joined EFF in filing the brief.
U.S. House Judiciary Committee Hosts Discussion in Santa Clara
Santa Clara, California—On Monday, Nov. 9, at 2 p.m., Electronic Frontier Foundation (EFF) Staff Attorney Kit Walsh will participate in a roundtable discussion about U.S. copyright laws convened by the House Judiciary Committee, which is undertaking the first comprehensive review of the nation’s copyright laws since the 1960s.
Copyright was intended to promote creativity, but the law has not developed to support the explosion of creativity enabled by new technologies. Too often, copyright is instead being abused to shut down innovation, creative expression, and even everyday activities like tinkering with your car. At the roundtable discussion being held at Santa Clara University on Monday, Walsh will speak about reforming Section 1201 of the Digital Millennium Copyright Act (DMCA), an overbroad law that locks device owners out of their software and media. Walsh will also discuss the need to reduce the exorbitant “statutory damages” available to copyright claimants—even when rightsholders suffered no harm—so that users of copyrighted works do not face a financial death sentence if they misstep in exercising their rights to remix and tinker. Finally, she will discuss how Congress can ensure that one-sided click-through agreements don’t strip users of their freedoms under copyright law or the right to resell things they’ve purchased.
Monday’s roundtable discussion is the latest in a series of hearings and talks, hosted by House Judiciary Committee Chairman Bob Goodlatte, and joined by creators, innovators, technology professionals, and users of copyrighted works. Goodlatte announced in 2013 that the committee would conduct a review of U.S. copyright laws to determine whether they are still working in the digital age to reward creativity and innovation.
House Judiciary Committee Roundtable Discussion on U.S. Copyright Laws
EFF Staff Attorney Kit Walsh
Monday, Nov. 9, 2015, 2 p.m.
Santa Clara University
500 El Camino Real
Santa Clara, California
Exemption Requests Also Approved for Tweaking Abandoned Videogames, Jailbreaking Phones and Tablets, and Remixing Videos
Washington, D.C. - The Librarian of Congress has granted security researchers and others the right to inspect and modify the software in their cars and other vehicles, despite protests from vehicle manufacturers. The Electronic Frontier Foundation (EFF) filed the request for software access as part of the complex, triennial rulemaking process that determines exemptions from Section 1201 of the Digital Millennium Copyright Act (DMCA).
Because Section 1201 prohibits unlocking “access controls” on the software, car companies have been able to threaten legal action against anyone who needs to get around those restrictions, no matter how legitimate the reason. While the copyright office removed this legal cloud from much car software research, it also delayed implementation of the exemption for one year.
“This ‘access control’ rule is supposed to protect against unlawful copying,” said EFF Staff Attorney Kit Walsh. “But as we’ve seen in the recent Volkswagen scandal—where VW was caught manipulating smog tests—it can be used instead to hide wrongdoing hidden in computer code. We are pleased that analysts will now be able to examine the software in the cars we drive without facing legal threats from car manufacturers, and that the Librarian has acted to promote competition in the vehicle aftermarket and protect the long tradition of vehicle owners tinkering with their cars and tractors. The year-long delay in implementing the exemptions, though, is disappointing and unjustified. The VW smog tests and a long run of security vulnerabilities have shown researchers and drivers need the exemptions now.”
EFF also won an exemption for users who want to play video games after the publisher cuts off support. For example, some players may need to modify an old video game so it doesn’t perform a check with an authentication server that has since been shut down. The Librarian also granted EFF’s petition to renew a previous exemption to jailbreak smartphones, and extended that to other mobile devices, including tablets and smartwatches. This clarifies the law around jailbreaking, making clear that users are allowed to run operating systems and applications from any source, not just those approved by the manufacturer. EFF also won the renewal and partial expansion of the exemptions for remix videos that use excerpts from DVDs, Blu-Ray discs, or downloading services.
“We’re pleased that the Librarian of Congress and the Copyright Office have expanded these legal protections to users of newer products like tablets, wearable computers, and Blu-Ray discs,” said EFF Senior Staff Attorney Mitch Stoltz.
Today’s ruling is a victory for users, artists, and researchers. However, the laborious process required to remove a legal cloud over clear fair uses highlights the need for fundamental reforms.
“It’s absurd that we have to spend so much time, every three years, filing and defending these petitions to the copyright office. Technologists, artists, and fans should not have to get permission from the government—and rely on the contradictory and often nonsensical rulings—before investigating whether their car is lying to them or using their phone however they want,” said EFF Legal Director Corynne McSherry. “But despite this ridiculous system, we are glad for our victories here, and that basic rights to modify, research, and tinker have been protected.”
EFF's remix petition was drafted and co-submitted with the Organization for Transformative Works. EFF’s remaining petitions received invaluable assistance from the NYU Technology Law & Policy Clinic, attorney Marcia Hofmann, and former EFF intern Kendra Albert.
For the full ruling from the Library of Congress:
For more on the DMCA rulemaking:
EFF Battles Against Government Stalling in Jewel v. NSA
Pasadena, CA - The Electronic Frontier Foundation (EFF) will urge an appeals court Wednesday to reject the government’s attempts to block an appeal in Jewel v. NSA, EFF’s long-running lawsuit battling unconstitutional mass surveillance of Internet and phone communications. The hearing is set for 2:00 pm on October 28 before the United States Court of Appeals for the Ninth Circuit in Pasadena, California.
At issue in the appeal is the NSA’s tapping into the fiber optic cables of America’s telecommunications companies—a digital dragnet that subjects millions of ordinary people to government spying on their online activities. A mountain of evidence from whistleblowers and the government itself confirms the Internet backbone spying, yet a district court judge ruled earlier this year that there wasn’t enough publicly available information to rule if the program is constitutional.
EFF appealed to the Ninth Circuit, but the government claims that the appeal is premature and entwined with other issues that are still being litigated in the lower court. EFF Special Counsel Richard Wiebe will argue Wednesday that the appeals court should reject the government’s delay tactics, and finally address whether backbone spying is legal and constitutional.
Jewel v. NSA
EFF Special Counsel Richard Wiebe
Wednesday, Oct. 28
Richard H. Chambers US Court of Appeals
125 South Grand Avenue
Pasadena, CA 91105
Groups Appeal Lower Court Ruling Finding Police Agencies Don’t Have To Disclose Records
San Francisco—The Electronic Frontier Foundation (EFF) and the ACLU Foundation of Southern California (ACLU SoCal) are urging California’s highest court to rule that license plate data, collected indiscriminately on millions of drivers by police across the state, are not investigative records and should be made available to the public.
EFF and ACLU SoCal argued in a brief filed today with the California Supreme Court that citizens need access to automated license plate reader (ALPR) records to understand exactly how this intrusive technology is used.
ALPRs are high-speed cameras mounted on light poles and police cars that continuously scan the plates of every passing car. They collect not only the license plate number but also the time, date, and location of each plate scanned, along with a photograph of the vehicle and sometimes its occupants. The Los Angeles Police Department (LAPD) and the Los Angeles County Sheriff's Department (LASD) collect, on average, three million plate scans every week and have amassed a database of half a billion records.
EFF filed public records requests for a week’s worth of ALPR data from the agencies and, along with ACLU SoCal, sued after both refused to release the records.
EFF and ACLU SoCal are now asking the state supreme court to overturn a ruling in the case from a lower court that said all license plate data—collected indiscriminately and without suspicion that the vehicle or driver was involved in a crime—could be withheld from disclosure as “records of law enforcement investigations.”
“That argument is tantamount to saying all drivers in Los Angeles are under criminal investigation at all times,’’ said EFF Senior Staff Attorney Jennifer Lynch. “The ruling sets a troubling standard that would not just allow these agencies to keep ALPR data from the public but could also allow the police to keep data and footage from other surveillance technologies—from body cameras to drones to face recognition—from ever being scrutinized.”
“Drivers would be surprised to learn that they are under investigation every time they drive in public,” said Peter Bibring, director of police practices at the ACLU SoCal. “The Fourth Amendment was added to the U.S. Constitution exactly to prevent law enforcement from conducting mass, suspicionless investigations under ‘general warrants’ that target no specific person or place and never expire.”
Senior Staff Attorney
Electronic Frontier Foundation
Director of Communications
ACLU of Southern California
+1 213-977-9500 x247
Police Should Not Have Unfettered Access To Patients’ Sensitive Prescription Drug Records
San Francisco—The Electronic Frontier Foundation (EFF) is urging the California Supreme Court to rule that law enforcement agents need a warrant to search records revealing which Californians were prescribed controlled substances to treat conditions such as anxiety, pain, attention disorders, and insomnia.
In an amicus brief filed today, EFF told the state’s highest court that law enforcement agencies should be required to seek a judge’s approval to access such records. Controlled substance prescription records contain highly sensitive information about patients’ medical history and should be afforded the same degree of privacy as any other medical records.
“Patients are prescribed controlled substances to treat post-traumatic stress disorder, ADHD, and extreme pain from surgeries. They should be secure that no one but their medical professionals can access that information without a judge’s approval,” said EFF Frank Stanton Legal Fellow Jamie Williams. “Granting law enforcement unfettered access to prescription drugs records violates the Fourth Amendment and the California Constitution and puts the privacy of all Californians at risk.”
In the case Lewis v. Superior Court (Medical Board of California), a doctor sued the medical board for accessing his patients’ prescription records from the Controlled Substance Utilization Review and Evaluation System (CURES) database without a warrant or any suspicion of patient wrongdoing.
A state court in Los Angeles found that the patients’ privacy rights hadn’t been violated. An appeals court agreed, holding that patients can’t expect prescription records to be as private as medical records because they know, or should know, that California monitors the flow of controlled substances.
“The California Supreme Court should overrule the decision to downgrade patients’ expectation of privacy over controlled substance prescription records,’’ said EFF Senior Staff Attorney Lee Tien. “The court should require law enforcement to obtain a warrant supported by probable cause to access these sensitive records.”
Wednesday Hearing On EFF Demand to Disclose Export Applications for Surveillance Technology
Stanford, California—On Wednesday, October 21, at 12:45 pm, the Electronic Frontier Foundation (EFF) will urge a federal appeals court to order the U.S. government to disclose information about its role in facilitating exports of American-made surveillance tools to foreign nations.
The hearing is part of a Freedom of Information Act (FOIA) lawsuit against the U.S. Commerce Department, which denied a request seeking disclosure of export applications for surveillance technologies. The agency has argued that it could withhold the documents under a 1979 law—even though that law expired in 2001. In July 2013, a federal judge agreed with EFF, finding the lapsed law did not justify withholding the information. He ordered the records disclosed, and the government appealed that decision.
At Wednesday’s hearing, EFF Staff Attorney Mark Rumold will argue that the government can’t resurrect dead laws to keep information from the public. “EFF’s FOIA request would shed light on the role our government plays when technology companies export spying equipment to nations that don’t respect human rights. The government can’t rely on a law that expired almost 15 years ago to hide this critical information from the public,’’ said Rumold.
The hearing is being held at Stanford Law School in a special sitting of the U.S. Court of Appeals for the Ninth Circuit.
EFF v. U.S. Department of Commerce
Wednesday, Oct. 21
Stanford Law School
Room 80 Moot Courtroom
559 Nathan Abbott Way
Stanford, CA 94305
For more on this case:
Adzerk Joins Coalition Delivering Stronger Privacy and a Way Forward in the Ad Blocking Impasse
San Francisco – Online advertising company Adzerk will offer compliance with EFF's new “Do Not Track” (DNT) standard for Web browsing starting this week, significantly strengthening the coalition of companies using the policy standard to better protect people from sites that try to secretly follow and record users’ Internet activity. Adzerk serves billions of ad impressions per month, and customers using its technology include Reddit, BitTorrent, and Stack Overflow.
The Electronic Frontier Foundation (EFF) and privacy company Disconnect launched the new DNT standard last month, joined by innovative publishing site Medium, major analytics service Mixpanel, popular ad- and tracking-blocking extension AdBlock, and private search engine DuckDuckGo.
“Adzerk is an important new member of the Do Not Track coalition, helping to protect millions of Internet users and others from stealthy online tracking and exploitation of their reading history,” said EFF Chief Computer Scientist Peter Eckersley. “We are thrilled that consensus keeps growing in the online advertising community: clear and fair practices are essential not only for privacy, but for the ongoing health of the industry.”
DNT is a preference you can set on Firefox, Chrome, or other Web browsers as well as in the iOS or FirefoxOS mobile operating systems, which signals to websites that you want to opt-out of tracking of your online activities. DNT works in tandem with software like Privacy Badger and Disconnect, which not only set the DNT flag but also block trackers and ads that do not respect it. Adzerk is the first online advertising company that is offering its customers—the websites and other online services that show ads—the ability to opt-in to using DNT, which would pass the extra tracking protection on to the sites’ users.
Tracking by advertisers and other third parties is ubiquitous on the Web today, and typically occurs without the knowledge, permission, and consent of Internet users. However, you can see the evidence of this tracking when the online ads you see on one site seem to be based on what you looked at on another site. Meanwhile, the underlying records and profiles of your online activity are distributed between a vast network of advertising exchanges, data brokers, and tracking companies.
“Many websites get much of their operating revenue from online ads, yet the groundswell of discomfort from users about how their private information is being collected and used is leading to a boom in ad-blocking technologies. We need to find a way for privacy and advertising to work together,” said Adzerk Chief Executive Officer James Avery. “The new Do Not Track gives us a way to provide publishers with ads that respect users' privacy and online choices, and which as a result will be visible in more users' browsers”
For more on Do Not Track:
For more on the ad-blocker debate:
Activists Targeted by Governments Need Support From Global Digital Community
San Francisco—The Electronic Frontier Foundation (EFF) today launched the Offline project, a campaign devoted to digital heroes—coders, bloggers, and technologists—who have been imprisoned, tortured, and even sentenced to death for raising their voices online or building tools that enable and protect free expression on the Internet.
The Offline project initially presents five cases of silenced pioneers, including the personal stories of technologists like Saeed Malekpour, a Canadian programmer who wrote software for uploading photos to the Web. While visiting Iran, Malekpour was kidnapped, thrown in prison, beaten, tortured, and given a death sentence by an Iranian court. His case, and other cases of coders and online journalists imprisoned by governments for their work in the digital world, have received little attention in the mainstream media and online community.
Offline aims to change that by collecting these important stories and providing links and resources about what the online community can do to support them, defend their names, and keep them safe. More cases will be added to the project in the future.
“Oppressive regimes are silencing those whose work or voices they wish to squelch by throwing them in jail. Offline will shed much-needed attention on these technologists and encourage digital citizens to join campaigns advocating for their freedom," said Danny O’Brien, EFF’s international director. “We see a clear connection between innovators who work to build an open Internet in relative safety and colleagues doing similar work who have been silenced and cut off from the online world we share. We hope to strengthen that association in order to help keep all technologists safe regardless of where they live or travel."
Offline was created in response to an alarming increase in the number of technologists detained or threatened with prison for their work. Another example is tech pioneer Bassel Khartabil, a Palestinian-Syrian software developer who wrote and shared free code as well as information about his home country of Syria. He was arrested and charged in a bid to stifle access to news and free expression.
“It's a tragedy that our friend and co-developer Bassel is imprisoned, when Syria and the world so badly need his skills and commitment to open, peaceful collaboration," said Jon Phillips, Bassel’s colleague and organizer of the #freebassel campaign. “Until he is free, maintaining the visibility of his situation is vital to shielding him from harm and keeping his spirits up."
Advocacy and campaigns on behalf of imprisoned technologists can make a difference. Saeed Malekpour’s original death penalty was reduced to life imprisonment in 2012 after an international outcry over his sentencing.
“Our past experience has shown that when you shine a light on these prisoners of conscience, sentences are often reduced and conditions improved," said Jillian C. York, EFF’s director for international freedom of expression.
Net Neutrality Rules Under Attack by U.S. Telecommunications Providers
Washington—The Electronic Frontier Foundation (EFF) is asking a federal appeals court to approve Federal Communications Commission (FCC) net neutrality rules that prevent Internet service providers from interfering with and censoring content on the Web.
U.S. telecommunication providers sued the FCC in Washington D.C. federal circuit court after the FCC published the rules, called the Open Internet Order, earlier this year. Among other things, service providers and their supporters argue that the order strips telecom companies of control over which speech they transmit.
In an amicus brief filed in the case today, EFF and the American Civil Liberties Union (ACLU) explain that the order is an appropriately-tailored measure that protects the Internet’s open and robust "marketplace of ideas" without placing excessive or inappropriate restrictions on telecommunications providers or regulating their speech or messages.
"The openness of the Internet has transformed our civic life, our culture, and our economy, and net neutrality is essential to ensuring that ISP gatekeepers do not undermine the freedom of speech and access to knowledge we enjoy online," said EFF Staff Attorney Kit Walsh. "Internet service providers stand between subscribers and the rest of the world, giving them the power to interfere with our communications in order to further their own interests. We’re urging the court to approve rules that protect users’ rights to freely express themselves and access information online."
The FCC net neutrality order prohibits ISPs from blocking or degrading service—which they may do to thwart competition or increase profits—or charging tolls for speedier traffic to certain websites. By narrowly focusing regulation on ISPs acting as conduits for the speech of others and operating in a dysfunctional market shaped by government subsidies, the net neutrality order appropriately protects customers’ freedoms.
"In addition to supporting the order’s bright-line rules against blocking, throttling, and paid prioritization, we are also urging the court to clarify other aspects of the order so as to provide clear boundaries on the FCC’s discretion," said EFF Legal Director Corynne McSherry. "The FCC should focus on whether ISPs interfere with freedom of expression and whether they discriminate with respect to the content and sources of web traffic. That focus will help strike the right balance and limit the risk that the FCC might abuse its power to impede, rather than promote, innovation and free speech."
Appeals Court Affirms That Copyright Owners Must Consider Fair Use in Online Takedowns
San Francisco – A federal appeals court in San Francisco today affirmed that copyright holders must consider whether a use of material is fair before sending a takedown notice. The ruling came in Lenz v. Universal, often called the “dancing baby” lawsuit.
The Electronic Frontier Foundation (EFF) represents Stephanie Lenz, who—back in 2007—posted a 29-second video to YouTube of her children dancing in her kitchen. The Prince song “Let’s Go Crazy” was playing on a stereo in the background of the short clip. Universal Music Group sent YouTube a notice under the Digital Millennium Copyright Act (DMCA), claiming that the family video infringed the copyright in Prince’s song. EFF sued Universal on Lenz’s behalf, arguing that Universal abused the DMCA by improperly targeting a lawful fair use.
Today, the United States Court of Appeals for the Ninth Circuit ruled that copyright holders like Universal must consider fair use before trying to remove content from the Internet. It also rejected Universal’s claim that a victim of takedown abuse cannot vindicate her rights if she cannot show actual monetary loss.
“Today’s ruling sends a strong message that copyright law does not authorize thoughtless censorship of lawful speech,” said EFF Legal Director Corynne McSherry. “We’re pleased that the court recognized that ignoring fair use rights makes content holders liable for damages.”
Today’s ruling in the Lenz case comes at a critical time. Heated political campaigns—like the current presidential primaries—have historically led to a rash of copyright takedown abuse. Criticism of politicians often includes short clips of campaign appearances in order to make arguments to viewers, and broadcast networks, candidates, and other copyright holders have sometimes misused copyright law in order to remove the criticism from the Internet.
“The decision made by the appeals court today has ramifications far beyond Ms. Lenz’s rights to share her video with family and friends,” said McSherry. “We will all watch a lot of online video and analysis of presidential candidates in the months to come, and this ruling will help make sure that information remains uncensored.”
Keker & Van Nest LLP serves as co-counsel on Lenz v. Universal.
For the full decision from the Ninth Circuit:
For more on this case:
Warrants Should Be Required to Search Cell Phones, Computers
Richmond, Virginia—The Electronic Frontier Foundation (EFF) is urging a federal appeals court to rule that government agents need a warrant to search cell phones, computers, and other personal electronic devices at the border.
In an amicus brief filed today in the United States Court of Appeals for the Fourth Circuit, EFF said that digital devices hold the most intimate details of our personal and professional lives—from conversations with friends and coworkers, to our financial information, and photos and videos of our family. This highly sensitive and personal information, stored on the devices themselves or on computer servers located miles away, can be accessed in just a few clicks, putting electronic devices in a totally different category than the suitcases, backpacks or wallets we travel with.
''Anyone coming back into the country from vacation or a business trip can have his or her smartphone, laptop, or tablet seized, and emails, texts, photos, videos, and voicemails rifled through and retained, without a warrant or any suspicion that a crime has been committed,’’ said EFF Staff Attorney Sophia Cope. “This violates Fourth Amendment protections against unreasonable searches and seizures. The Supreme Court recognized last year in Riley v. California that modern digital devices contain unprecedented amounts of highly personal information and ruled that police need a warrant to search devices found on people they arrest. The same standard should apply when border agents want to search devices we carry with us while traveling.’’
EFF is weighing in on the Maryland case of U.S. v. Saboonchi, which involves evidence taken without a warrant from cell phones and a flash drive belonging to an Iranian-American U.S. citizen returning from vacation at Niagara Falls. Law enforcement officials used information found on the devices—which could hold the equivalent of dozens of suitcases worth of documents—to charge him with violating export control laws.
EFF’s brief explains that the Fourth Amendment’s border search exception allows warrantless searches at the U.S. border only for the purposes of enforcing immigration and customs laws. That means agents may check travelers’ passport and immigration documents, and search luggage for physical contraband like drugs or items subject to import duties.
''Searches conducted for the purpose of ordinary criminal law enforcement aren’t covered by the border search exception,’’ said EFF Senior Staff Attorney Hanni Fakhoury. “The border search exception is not meant to be a loophole for law enforcement to obtain troves of personal information without a warrant.’’
Florida Case Allowing Unconstitutional Mobile Phone Tracking Needs Review by High Court
Washington D.C.—Americans have the right to expect that digital records of their daily travels—when they left home, where they went, and how long they stayed—is private information, the Electronic Frontier Foundation (EFF) said in an amicus brief filed with the Supreme Court of the United States.
Weighing in on one of the most important digital privacy rights cases of the year, EFF is asking the court to hear arguments in Davis v. U.S., a federal criminal case from Florida that examines whether police need a search warrant to obtain historical cell site location information (CSLI). These records show law enforcement which cell phone towers your phone has connected to in the past. In this case, police obtained 67 days of records about defendant Quartavious Davis without a warrant and used them to implicate him in various robberies.
In the brief filed Monday, EFF and other advocacy groups argue that the ubiquity of cell phone use in this country—along with a clear increase in law enforcement demands for cell site records and conflicting court rulings about the need for search warrants—means the U.S. Supreme Court should grant review in Davis’s case.
“It’s time for law enforcement to recognize that Americans’ physical location information is sensitive, and private, and protected by the Fourth Amendment’s guarantee against unreasonable searches and seizures,’’ said EFF Senior Staff Attorney Hanni Fakhoury. “Cell phones are an integral part of modern life and carry detailed information about where we go and when we travel. Many federal and state courts have already ruled that cell site information is protected under the Fourth Amendment. We are urging this country’s highest court to afford all Americans this important protection from law enforcement unless there’s a search warrant.’’
The request for Supreme Court review comes after the U.S. Court of Appeals for the Eleventh Circuit found Davis did not have an expectation of privacy in historical cell site records, meaning police did not need to obtain a search warrant before requesting and receiving his location data. This decision conflicts both with an earlier decision from the Florida Supreme Court, and a later decision from the U.S. Court of Appeals for the Fourth Circuit, which found people do have an expectation of privacy in these records, so police need a warrant to get them. More critically, the Eleventh Circuit’s decision ignores the modern reality of cell phone use: nearly everyone carries one, leaving a digital trail that could potentially be accessed at any time. Without a strong ruling from the highest court, the public and police are left with conflicting guidance about the level of constitutional protection for this sensitive location information.
“The U.S. Supreme Court has already ruled in Riley v. California that cell phones hold vast amounts of private information, potentially the sum of an individual’s private life, and searching that data requires a search warrant,’’ said EFF Senior Staff Attorney Jennifer Lynch. ‘’We believe it’s high time that the government recognize that cell phones not only hold our private data, they also generate data—stored with cell phone companies—about our private movements and travels. The government shouldn’t be allowed unfettered access to this information without first going to court and obtaining a warrant.’’
Ceremony for Honorees on September 24 in San Francisco
San Francisco - The Electronic Frontier Foundation (EFF) is pleased to announce the distinguished winners of the 2015 Pioneer Awards: the late international privacy expert Caspar Bowden, the human rights and global security researchers at The Citizen Lab, international Internet access champions Anriette Esterhuysen and the Association for Progressive Communications (APC), and digital community advocate Kathy Sierra.
The award ceremony will be held the evening of September 24 at Delancey Street’s Town Hall in San Francisco. Tickets will be $125 for current EFF members, or $175 for non-members.
The late Caspar Bowden was a visionary and advocate for privacy, pressing for solutions to the greatest surveillance challenges of our generation long before others even saw the problem. In the 1990s, he worked within Britain’s Labour Party, encouraging it to adopt an explicitly pro-encryption political platform. When the party backed down from that stance, Bowden co-founded the Foundation for Information Policy Research, which worked independently to fix the damage of Britain's new surveillance laws. For many years, Bowden was a chief privacy adviser at Microsoft. In that capacity he cautioned the company and others that the increasing use of “the cloud” would leave billions vulnerable to pervasive surveillance. He warned the world about the global dangers of corporate data collection, retention, and easily abused American surveillance law. Before Bowden’s untimely death earlier this year, he worked as an independent advocate for information privacy rights, advised the European Parliament, and served as a Tor board member.
The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, Canada focusing on advanced research at the intersection of information and communication technologies, human rights, and global security. In recent years, it has become a powerful force in identifying and examining state-sponsored surveillance malware, drawing much-needed public attention to the role that surveillance and malware technologies play in facilitating human rights abuses worldwide. Their groundbreaking and peer-reviewed research has put a spotlight on both the companies that sell the technologies and the governments that use these tools to facilitate repression. Citizen Lab has produced numerous independent reports on censorship and surveillance in popular social media platforms, instant messaging applications, and search engines. It has also refined network measurement methods for performing Internet-wide scans to “fingerprint” country-level installations of Internet filtering, deep packet inspection, and surveillance products. Founded in 2001, the Citizen Lab is a recipient of the 2014 MacArthur Foundation Award for Creative and Effective Institutions, among many other awards.
Anriette Esterhuysen is the executive director of the Association for Progressive Communications (APC), an international network working with information and communications technologies to support social justice and development around the world. APC’s 68 members in 46 countries—primarily in the global south—have pioneered access to email and online information tools for activists across the globe. APC’s women's rights program has been a leader in the use of technology for women’s empowerment, and its groundbreaking Internet Rights Charter has endeavored to keep human rights on the agenda in Internet policy at national, regional, and global levels. Prior to joining APC, Esterhuysen was a human rights activist in South Africa and helped establish email and Internet connectivity in Africa. She served on the Advisory Committee of the UN Economic Commission for Africa’s African Information Society Initiative and was a member of the UN's Information and Communications Technologies Task Force. Esterhuysen was inducted into the Internet Hall of Fame in 2013, and she currently serves on the Global Commission on Internet Governance.
Kathy Sierra has been teaching programming and interaction design since the late 1980s. She founded the award-winning developer community Javaranch in 1996, a site that went on to become the largest online programmer community for more than a decade. She designed the innovative Head First series of programming books, whose adoption of a broad array of teaching methods widened the range of computer users who learned to take full control of their devices, and included the longest-running technology best-seller on Amazon. Sierra’s work has focused on creating skillful users and building sustainable communities of those users, guiding people up the learning curve and advising on how to keep disagreements from sabotaging online groups. She was one of the first community leaders to address and describe in detail how to cultivate and navigate community growth: balancing clear rules with freedom of expression and privacy to support continuous learning. Sierra has devoted the last 20 years to urging others to create more humane software and online services, working to widen the digital world to a larger audience.
“This extraordinary group of winners have all focused on the users, striving to give everyone the access, power, community, and protection they need in order to create and participate in our digital world,” said EFF Executive Director Cindy Cohn. “This group has worked tirelessly to bring to life a future where new technologies don’t compromise privacy or safety, or leave anyone behind. We are so proud to honor them with Pioneer Awards, and we’re deeply grateful for the work they’ve done.”
Awarded every year since 1992, EFF’s Pioneer Awards recognize the leaders who are extending freedom and innovation on the electronic frontier. Previous honorees have included Aaron Swartz, Glenn Greenwald and Laura Poitras, Richard Stallman, and Anita Borg.
Sponsors of the 2015 Pioneer Awards include Adobe, Automattic, Facebook, No Starch Press, and O’Reilly Media.
To buy tickets to the Pioneer Awards:
For more on the Pioneer Awards:
FBI Says It Can’t Find Any Documents Responsive to FOIA Requests Even Though Congress Has Been Briefed For Years
San Francisco—The Electronic Frontier Foundation (EFF) filed a Freedom of Information Act (FOIA) lawsuit against the Department of Justice (DOJ) and the FBI to gain access to documents revealing the government’s plans to use Rapid DNA. The FBI said it found no records responsive to EFF’s FOIA requests, even though it’s been working to roll out Rapid DNA and lobbying Congress to approve nationwide use for more than five years.
Rapid DNA analyzers—laser printer-sized, portable machines that allow anyone to process a DNA sample in as little as 50 minutes—are the newest frontier in DNA collection and profiling in law enforcement. With Rapid DNA, the police can collect a a DNA sample from a suspect, extract a profile, and match that profile against a database in less time than it takes to book someone—and it’s all done by non-scientists in the field, well outside an accredited lab.
“EFF has long been concerned about the privacy risks associated with collecting, testing, storing and sharing of genetic data. The use of Rapid DNA stands to vastly increase the collection of DNA, because it makes it much easier for the police to get it from anyone they want, whenever they want. The public has a right to know how this will be carried out and how the FBI will protect peoples’ privacy,” said Jennifer Lynch, EFF senior staff attorney. ‘’Rapid DNA can’t accurately extract a profile from evidence containing commingled body fluids, increasing the risk that people could be mistakenly linked to crimes they didn’t commit.’’
The FBI has been working with manufacturers for years on a program to develop Rapid DNA and incorporate Rapid DNA profiles into a national DNA database used by crime labs and law enforcement agencies across the country. While some local police stations are already using Rapid DNA, the FBI can’t allow Rapid DNA profiles generated outside accredited laboratories into the database or the Combined DNA Index System (CODIS) until lab validation rules are modified and Congress amends DNA laws—something the agency and Rapid DNA technology makers have been lobbying lawmakers for.
Despite briefing Congress and discussing plans at biometric conferences, the FBI hasn’t disclosed full information about its Rapid DNA project. EFF filed FOIA requests with the FBI seeking documents from 2012 to the present about these plans.
“Incredibly, the FBI told us it found no records responsive to our requests. Even though it has been funding and working with manufacturers to develop the technology, and has a whole webpage devoted to the subject, the FBI said it couldn’t locate a single document about this major effort to use Rapid DNA,” said Lynch. “The FBI shouldn’t be allowed to hide its plans to develop a technology that could have a huge impact on genetic privacy. We are asking a court to order DOJ to turn over documents we requested so we and the communities where Rapid DNA is being deployed can review the program.”
For this complaint:
For more on DNA collection: