We feel compelled to add our comments about Bono's recent New York Times column, in which he appeared to express a strange hope that ISPs would start spying on their users in the name of protecting America's intellectual property. "We know," says Bono, "from America's noble effort to stop child pornography, not to mention China's ignoble effort to suppress online dissent, that it's perfectly possible to track content." He continues by hoping that "movie moguls will succeed where musicians and their moguls have failed so far, and rally America to defend the most creative economy in the world, where music, film, TV and video games help to account for nearly 4 percent of gross domestic product."
But Bono's new-found embrace of tracking Internet activity is in direct conflict with his own positions (expressed in the same article) about global freedom and equity.
A few weeks ago, EFF published its first draft of a Buyer's Guide to E-Book Privacy, which summarized and commented on the privacy-related policies and behaviors of several e-readers. In that first draft we incorporated the actual language of the privacy policies as much as possible, which unfortunately created some confusion since companies generally use different language to address similar issues. We also did a few other things clumsily.
Over the holidays, a New Jersey court issued an order requiring upstream providers to shut down three anti-H1-B websites that is deeply dangerous and wrong. The order not only tries to remove allegedly defamatory messages but also requires a complete shutdown of the websites and even purports to require the cooperation of the hosting companies and domain registrars of the websites to do so and for other service providers to identify anonymous speakers.
Sometimes an idea is so blindingly, obviously good that you have to wonder why it hasn’t already been implemented.
The closing months of 2009 saw the beginning of an unfortunate legal dispute in which a trademark owner, the U.S. Chamber of Commerce, ran to court to punish political activists for using its marks in a political parody. Sadly, less than a week into 2010, another trademark owner, Peabody Energy, is also using legal threats to attempt to silence criticism.
Google has publicly announced that that it will cease censorship of its Chinese language, Google.cn website, and is reviewing the feasibility of its entire operation in that country. This follows its detection of malicious attacks on the Gmail accounts of Chinese human rights activists and what Google calls an "attack on their corporate infrastructure originating from China."
When Google first launched a filtered search engine in China, EFF was one of the first to criticize it; we'd now like to be one of the first to commend Google for its brave and forthright declaration to provide only an uncensored Chinese language version of its search engine.
Last night, Google announced that Gmail sessions will now be fully encrypted with HTTPS by default. This is excellent news — EFF congratulates Google for taking this significant step to safeguard their users' privacy and security.
Previously, it was possible to encrypt your access to Gmail, but it required altering the default configuration. Now every Gmail user will get the benefits of encryption without needing to know that they need it.
EFF has long fought for the privacy of your laptop and other digital devices at the border. U.S. Customs and Border Protection has implemented program that authorizes searches of the contents of travelers’ laptop computers and other electronic storage devices at border crossings, notwithstanding the absence of probable cause, reasonable suspicion or any indicia of wrongdoing.
In U.S. v. Arnold we fought for a requirement that customs agents have some reason before searching your computer and in our FOIA work on border searches, we have pushed the government to reveal its policies and practices in this area.
It's the dawn of a new year. From our perch on the frontier of electronic civil liberties, EFF has collected a list of a dozen important trends in law, technology and business that we think will play a significant role in shaping online rights in 2010.
In December, we'll revisit this post and see how it all worked out.
1. Attacks on Cryptography: New Avenues for Intercepting Communications
In 2010, several problems with cryptography implementations should come to the fore, showing that even encrypted communications aren't as safe as users expect. Two of the most significant problems we expect concern cellphone security and web browser security.
Today marks the deadline for the first round of comments to the FCC regarding its proposed "net neutrality" regulations. Here's a quick summary of what EFF had to say in its comments to the Commission:
It will be a long time before we understand all the ramifications of Google's decision to cease censoring their Chinese services — and the cyber-attack on their corporate and user data that prompted that change of heart. The story is still confusing in parts (Sky Canaves at the WSJ clarifies some of the more muddled reports). Nonetheless some intriguing new details have emerged since the initial announcement — but they raise as many questions as they answer.
(The Streisand Effect describes the phenomenon by which an attempt to suppress information results in faster, broader dissemination of that information. Roughly explained, attempted censorship -- particularly by a famous or well-known entity -- can flag the information as more interesting.)
Last October, we launched the Takedown Hall of Shame to highlight the most egregious attempts to silence speech online with bogus intellectual property complaints. Today, we’re inducting four more would-be censors into the pantheon of speech bullies. They are:
The Washington Post reported today that the "FBI illegally collected more than 2,000 U.S. telephone call records," using methods that FBI general counsel Valerie Caproni admitted "technically violated the Electronic Communications Privacy Act when agents invoked nonexistent emergencies to collect records."
Of all the bands experimenting with the Internet and its role in enriching their creativity and commerce, OK Go has become one of the canonical success stories, having produced two low-budget, immensely successful viral videos ("A Million Ways" and "Here It Goes Again" in 2006) that together drew more than 50 million views and broadened their fan base considerably. With their status as the de facto princes of the viral music video, imagine the fans' surprise in seeing OK Go's new video branded with this handy instruction to anyone interested in spreading the word: "Embedding disabled by request."
In a revealing rant detailing the modern woes of a band under the thumb of a major label, OK Go singer Damian Kulash writes:
Last week the MPAA and RIAA submitted their comments in the FCC's net neutrality proceeding. As anticipated in EFF's comments, the big media companies are pushing for a copyright loophole to net neutrality. They want to be able to pressure ISPs to block, interfere with, or otherwise discriminate against your perfectly lawful activities in the course of implementing online copyright enforcement measures.
Today, the DOJ's Office of the Inspector General issued a long awaited report on the FBI's use of 'exigent letters' to obtain phone records. While the report has many interesting and shocking revelations, three issues jumped out at us: Post-it note process; a secret new legal theory; and the need for accountability for the telecoms.
Post-it notes. Seriously.
While we had known since 2007 that the FBI improperly sought phone records by falsely asserting emergency circumstances, the report shows the situation inside the FBI's Communications Analysis Unit (CAU) degenerated even further, sometimes replacing legal process with sticky notes.
Over the weekend, there was an odd story about people using AT&T's wireless network trying to log in to Facebook, and suddenly finding themselves logged in to somebody else's Facebook account. What could have caused such a strange phenomenon to occur? What does it tell us about the innards of the mobile web, and what lessons might it convey for network and application design?
[Warning - this post gets fairly technical]
Every year we put together a birthday fund-raiser to commemorate another 365 days of fighting for your digital civil liberties. This year, we're celebrating two decades of determined advocacy for freedom wherever bits are found, and the revelry will be unmatched by celebrations past!
So on February 10, 2010, come join the celebration of EFF's 20th year defending your digital rights! The fundraiser will be hosted by beloved TV geek Adam Savage at the DNA Lounge in San Francisco, where he will celebrate EFF's two decades as only he can, with the help of many EFF legends and luminaries.
Earlier this week, the DOJ’s Inspector General issued a heavily redacted report about the FBI’s Communications Analysis Unit (CAU), which found "shocking" violations, including embedded telecom employees providing customer phone records in response to post-it notes.
While the underlying violations are egregious enough, the report itself is problematic because it redacts huge swaths of information that is already publicly known.
Secretary Clinton's speech last week on Internet Freedom was an important step in bringing online free expression and privacy to the forefront of the United States' foreign policy agenda.
But for all the strong language, it was also a speech of caveats: powerful statements like "we stand for a single internet where all of humanity has equal access to knowledge and ideas" sat close to hedges about the dangers of anonymous speech, and how it might be used to distribute "stolen intellectual property". Clinton expressed concern at those who "violate the privacy of citizens who engage in non-violent political speech", but she also spoke of "redoubl[ing] efforts" similar to the Convention on Cybercrime, a document which provides scant protections for the privacy of anyone being investigated by a foreign government.
TechDirt's Mike Masnick is at the Midem music industry conference in Cannes this week. He put together a fantastic memo to the International Association of Entertainment Lawyers: "The Future Of Music Business Models (And Those Who Are Already There)".
Masnick writes that the mainstream entertainment industry's formula for contending with the Internet — desperately trying to invent "new copyright laws or new licensing schemes or new DRM or new lawsuits or new ways to shut down file sharing" — is counterproductive.
However, there is another solution. Stop worrying and learn to embrace the business models that are already helping musicians make plenty of money and use file sharing to their advantage, even in the absence of licensing or copyright enforcement.
In simplest terms, the model can be defined as:
The next round of negotiations on the Anti-Counterfeiting Trade Agreement (ACTA) — the secret copyright treaty that targets the Internet — starts tomorrow in Guadalajara, Mexico. From January 26-29, negotiators from Australia, Canada, the European Union, Japan, Jordan, Mexico, Morocco, New Zealand, the Republic of Korea, Singapore, Switzerland, and the United States will discuss civil enforcement, border measures, enforcement procedures in the digital environment (a.k.a. "the Internet chapter" of ACTA) and transparency.
It's been over two years since the ACTA negotiations were first announced in October 2007, and yet no one outside of these negotiators and a cherry-picked handful of U.S. lobbyists have seen the draft ACTA text. However, leaked information shows that ACTA raises significant concerns for citizens' rights and the future of the open Internet.
The next round of negotiations on ACTA start today in Guadalajara, Mexico. This week’s negotiations will apparently focus on civil enforcement, border measures, and enforcement procedures in the digital environment, and briefly, transparency.
Chris Riley, Policy Counsel for Free Press (and former EFF legal intern), has worked up an illuminating multi-part series of blog posts explaining some of the key issues that have been raised in the FCC's net neutrality proceedings (EFF's comments to the FCC echo many of the points discussed).
If you don't have time to dig through the huge volume of submissions piling up on the FCC's servers, his blog posts are a good place to start:
Every major country in the ACTA negotiations claims that its own laws will remain unchanged by the treaty. But without changing a word of domestic law, ACTA can still be dangerous to a country's — or a continent's — economy. This week at Deeplinks, we've asked guest bloggers from around the world to give their perspective on the trade agreement. Today, giving the view from the heart of the European Union, is Ante Wessels, analyst for the Foundation for a Free Information Infrastructure, a group best known for their work in Europe's debate over software patents.
Negotiations on the highly controversial Anti-Counterfeiting Trade Agreement are now in mid-flow in Guadalajara, Mexico. Topics for this round of closed negotiations will be civil enforcement, border measures and enforcement procedures in the digital environment.
If we ask whether a fact about a person identifies that person, it turns out that the answer isn't simply yes or no. If all I know about a person is their ZIP code, I don't know who they are. If all I know is their date of birth, I don't know who they are. If all I know is their gender, I don't know who they are. But it turns out that if I know these three things about a person, I could probably deduce their identity! Each of the facts is partially identifying.
Whenever you visit a web page, your browser sends a "User Agent" header to the website saying precisely which operating system and web browser you are using. This information could help distinguish Internet users from one another because these versions differ, often considerably, from person to person. We recently ran an experiment to see to what extent this information could be used to track people (for instance, if someone deletes their browser cookies, would the User Agent, alone or in combination with some other detail, be unique enough to let a site recognize them and re-create their old cookie?).
What fingerprints does your browser leave behind as you surf the web?
Traditionally, people assume they can prevent a website from identifying them by disabling cookies on their web browser. Unfortunately, this is not the whole story.
When you visit a website, you are allowing that site to access a lot of information about your computer's configuration. Combined, this information can create a kind of fingerprint — a signature that could be used to identify you and your computer. But how effective would this kind of online tracking be?
Remember what put the debate over net neutrality into high gear? In 2007, EFF and the Associated Press confirmed suspicions that Comcast was clandestinely blocking BitTorrent traffic. It was one of the first clear demonstrations that ISPs are technologically capable of interfering with your Internet connection, and that they may not even tell you about it. After receiving numerous complaints, the FCC in 2008 stepped in and threw the book at Comcast, requiring them to stop blocking BitTorrent. The Comcast-BitTorrent experience put net neutrality at the top of the FCC agenda.
In yesterday's State of the Union address, President Obama made an important commitment to openness and transparency in government:
It's time to require lobbyists to disclose each contact they make on behalf of a client with my Administration or Congress.
Today is day three of the seventh round of ACTA negotiations, currently taking place in Guadalajara, Mexico.
La Quadrature Du Net is a French advocacy group formed to promote digital rights and online freedom. Its name comes by analogy between the unsolvable mathematical problem of "squaring the circle", and similarly impossible attempts to "effectively control the flow of information in the digital age by the law and the technology without harming public freedoms, and damaging economic and social development". In our ongoing series of perspectives on ACTA from around the globe, today Jérémie Zimmermann and Félix Tréguer of La Quadrature du Net describe how the trade agreement undermines democratic challenges to IP policies in France and beyond.
ACTA: An agreement between lobbyists who hate democracy
If there's one country that might have insight into what a post-ACTA future may look like, it's the Republic of Korea. Korea is known as having one of the most advanced networks in the world, but more recently it has also been the recipient of some of the strongest foreign pressure to ramp up its IP laws. Heesob Nam is a member (and former Chair) of IPLeft, a Korean digital rights activist group founded in 1999 to critique the increasingly maximalist IP rights agenda in that country, and research and present alternative policy proposals. He writes of the impact on Korea of ACTA and other international IP agreements.
For Korea, ACTA is the Anti-Commons Trade Agreement