Yesterday morning, the House Subcommittee on Communications and Technology held a hearing on "International Proposals to Regulate the Internet," focusing on the World Conference on International Telecommunications (WCIT), an important treaty-writing event set to take place in Dubai this December. The WCIT is organized by an UN agency called the International Telecommunication Union (ITU), a slow-moving and bureaucratic regulatory organization established in 1865 to oversee telegraph regulations. The ITU Member States adopted a legally binding set of telecommunication regulations in 1988, and now some countries are seeking to expand those regulations to cover the Internet.
We're happy to report that the California Location Privacy Act we're sponsoring with the ACLU of Northern California passed the California Senate on a bipartisan vote of 30 to 6, and is now headed on to the California Assembly.
SB 1434 protects the privacy of Californians by requiring law enforcement to get a search warrant before obtaining location information from any electronic device. The bill is an attempt to codify the Supreme Court's decision in United States v. Jones, which ruled that the warrantless installation of a GPS device on a car was an unlawful "search" under the Fourth Amendment.
DNA is the most intimate and revealing part of the human body, with the potential to reveal a person -- and their family's -- medical history and predisposition to disease. Because it's so sensitive, we've filed an amicus brief (PDF) in the California Supreme Court urging it to rule that the Fourth Amendment prohibits the warrantless collection of DNA from individuals presumed innocent who are not yet convicted of a crime.
China: Weibo Ratchets Up Censorship for Tiananmen Square Anniversary; Google Helps Users Avoid Blocked Search Terms
Chinese social media outlets expanded their lists of censored words in anticipation of the 23rd anniversary of the Tiananmen Square protests. On June 4, the date of the anniversary, Twitter-clone Weibo went so far as to block searches of the characters for “today” (今天) and “tomorrow” (明天). Weibo also removed its candle emoticon and blocked searches for the character for candle (烛) to prevent references to the annual candlelight vigil in Hong Kong’s Victoria Park. After users questioned the disappearance, Weibo’s parent company Sina announced that the icon was being “optimized” and replaced the emoticon with an Olympic torch.
Once again, the federal government is trying its hardest to prevent the courts from determining whether it has broken (or is still breaking) the law through the NSA’s wiretapping program.
For nearly four years, the Obama Administration has followed in the Bush administration’s footsteps, invoking national security and a variety of procedural hurdles to shield itself from accountability in courts. In three separate lawsuits that have been churning in the federal courts, the government has used a menu of dodges to block the courts from considering the key underlying question — have they been breaking the law and violating the constitution by warrantlessly surveilling American citizens — over and over again.
And now the Obama Administration wants Congress to extend the broader surveillance powers passed by Congress in 2008.
Al-Haramain v. Obama
In an important ruling for free speech, the Court of Appeals for the Seventh Circuit today affirmed that a parody of a popular online video called "What What (In the Butt)" (NSFW, unless you happen to work at EFF!) was a clear case of fair use and that the district court's early dismissal of the case was correct.
Worried about the Lieberman-Collins Cybersecurity Act? You should be. As we've explained before, it poses serious threats to online rights. Here's a one-page handout you can use as a reference. It's great for sharing with friends, handing to Senate staffers, publishing online, or using as talking points when explaining the issue to someone for the first time. Download it here and please spread it around!
The Cybersecurity Act (S. 2105) Threatens Online Rights
Editor's note: On Tuesday, June 12, it was reported (in Persian) that Ronaghi Maleki had ended his hunger strike and that his demands had been met.
Earlier this week, an Access2Research petition supporting open access — specifically free access over the Internet to academic articles arising from taxpayer-funder research — crossed its target of 25,000 signatures, two weeks ahead of schedule.1 The Obama administration has promised to respond to petitions that pass that threshold, so the issue of access to research should be firmly on the White House agenda.
The US Public Policy Council of the Association of Computing Machinery (ACM), representing ACM, came out against CISPA, the cybersecurity legislation recently passed by the US House. ACM is the world's largest organization for computer professionals. They are joining a diverse group of individuals and organizations opposing this bill, including a wide array of digital civil liberties organizations like EFF, computer scientists like Bruce Schneier and Tim Berners-Lee, and companies like the Mozilla Foundation.
Let's start with the obvious: The patent system is broken. Inventors are shutting down their businesses, small developers are removing their products from the U.S. market to avoid bogus legal threats, and industry groups are warning members that obvious technological improvements might draw lawsuits.
In light of the data breach at LinkedIn last week, in which 6.5 million unsalted SHA-1 hashes of account passwords were leaked publicly, we thought this would be a good opportunity to remind users about best practices for managing passwords online in order to stay safe. In particular, we want to emphasize that users should never re-use passwords across multiple accounts, and that using a password safe provides an easy way to manage lots of strong passwords across multiple online accounts.
As the U.S. and European consumer organizations met with intellectual property (IP) and trade agencies last week, interactions with state agency representatives over U.S. IP policies helped to further expose some underlying flaws in state policy approaches regulating global IP enforcement. It is clear that IP/trade agencies’ biased understanding of what constitutes a “stakeholder” and a “key interest” in agreements like the Anti-Counterfeiting Trade Agreement (ACTA), as well as their unfounded high valuation of what they call “IP-intensive” industries, are some of the problems that underlie the U.S. global IP enforcement agenda.
Since last month, when EFF released a list of the sixty-odd public agencies that have already received from the FAA approval to fly domestic drones, the issue of drone surveillance has reached front and center in many Americans’ mind. Yet barely any information is known about what law enforcement agencies plan to do with these unmanned flying vehicles. So we want your help to gather this information into one place.
Internet shutdowns, content filtering, arrests of bloggers, and online surveillance in North Africa have been headline news for the past year and a half, but internet issues in the rest of the African continent haven’t received quite as much press coverage. This silence is partly because there is simply less internet penetration south of the Sahara, but there may also be a paralyzing current of opinion whereby stories that highlight human rights issues or a lack of democracy in the region are either dismissed as old news or written off as paternalistic.
Syrian blogger and human rights activist Razan Ghazzawi, who in December was charged with, among other things, "weakening national sentiment" for her work with the Syrian Center for Media and Freedom of Expression, received the Front Line Defenders' human rights defenders at risk award last week. EFF extends our utmost congratulations to Ghazzawi, whose work we have defended.
Ghazzawi was first arrested in December, then released along with other members of her organization, only to be re-arrested in a raid on their office in February (and released again shortly after). She still faces charges of "possessing prohibited materials with the intent to disseminate them."
With weeks left to go on our third annual fundraising contest, supporters have already raised over $4,000 in donations to help support EFF and the Coders’ Rights Project! Our thanks to The Holy Handgrenades leading the pack at $1,410.78, with last year’s Grand Prize Winners InfoSec Daily Podcast (ISDPodcast) at $801, followed closely by the dc404 crew at $675. You’re doing great! EFF’s annual D(EFF)CONtest helps fund tireless legal defense, activism, counseling, and community education for professional security researchers and tinkerers alike. Through these donor-supported efforts, EFF stands behind everyone who values knowledge and the freedom to innovate.
Nominations are now open for EFF’s 21st Annual Pioneer Awards, to be presented this Fall in San Francisco. EFF established the Pioneer Awards in 1992 to recognize leaders on the electronic frontier who are extending freedom and innovation in the realm of information technology. Nominations will be open until Monday, August 6th. Nominate the next Pioneer Award winner today!
DHS’s Office of Inspector General (OIG) recently released a report (pdf) detailing multiple problems with the drones used to patrol US borders. This report, combined with the Federal Aviation Administration’s lack of openness about its drone authorization program and failure to disclose the true number of entities flying drones, shows that the federal government is moving far too quickly in its plans to dramatically expand the number of domestic drones flying in the United States over the next few years.
EFF has been monitoring governmental proposals for national identification schemes, with an eye toward evaluating the privacy implications of these new systems. In Japan, where an existing program issues unique ID numbers to citizens at the municipal level and shares information on a national network, a bill is under consideration that would create a new ID framework. Submitted by the Japanese Cabinet in February of 2012, the “My Number Bill” would issue new unique ID numbers to participating citizens. The stated purpose is to streamline information sharing between governmental bodies administering tax, social security, and disaster mitigation programs. If the law is enacted, the My Number system will begin operating in 2015.
In recent years, online tracking companies have begun to monitor our clicks, searches and reading habits as we move around the Internet. If you are concerned about pervasive online web tracking by behavioral advertisers, then you may want to enable Do Not Track on your web browser. Do Not Track is unique in that it combines both technology (a signal transmitted from a user) as well as a policy framework for how companies that receive the signal should respond. As more and more websites respect the Do Not Track signal from your browser, it becomes a more effective tool for protecting your privacy.
By Molly Sauter
Earlier this month, an inmate in Texas was denied access to computers and an electronic messaging system because he ordered a copy of the information security handbook Hacking Exposed. Does simply ordering a copy of an information security handbook render an individual a threat to the safe, secure, and orderly operation of a federal prison? Almost certainly not.
Privacy loomed large as a discussion topic at the 13th Annual Meeting of the Trans Atlantic Consumer Dialogue (TACD), an event held in Washington, D.C. last week that brought together consumer advocacy organizations and regulatory agency heavyweights from both sides of the Atlantic for some in-depth policy discussions. The TACD’s annual meeting helps foster alliances between TACD member organizations (EFF is counted among them) working in the U.S. and the EU. While the overarching group tackles such broad-ranging issues as food policy and financial services, TACD’s Information Society division has been especially concerned with protecting Americans’ and Europeans’ privacy rights in the digital era.
New Draft of Vietnamese Internet Decree is Still Bad News for Freedom of Expression
Bahrain's Minister of State for Information Affairs, Samira Rajab, has announced that the government is preparing to introduce tough new laws to combat the "misuse" of social media. Like many Gulf states, Bahrain is doubling down on state censorship in response to a year of ongoing protests connected to the Arab Spring. In case the target of this upcoming legislation was in any way unclear, Ms. Rajab went on to call out human rights activists:
It is these activists who have labelled drowning victims as those killed by torture. They have labelled sickle cell victims as being killed by security forces and they have used these media to completely distort the true picture of Bahrain. This cannot be tolerated. The rule of law shall prevail."
Ms. Rajab justified the upcoming laws by pointing to sedition laws in the United States, United Kingdom, and France.
Today, EFF launched a new campaign against software patents (https://defendinnovation.org). In this campaign, we outline seven proposals that we think will address some of the greatest abuses of the current software patent system, including making sure that folks who independently arrived at an invention can’t be held liable for infringing on a software patent. But our campaign isn't just about our proposals — we also want to hear, and amplify, the views of the technical community. Many engineers, researchers, and entrepreneurs have suggested that reform is not enough and that software should not be patentable, period. We want to record these views, which is why our Defend Innovation campaign is designed to solicit comments from all of the stakeholders.
Since March of this year, EFF has reported extensively on the ongoing campaign to use social engineering to install surveillance software that spies on Syrian activists.
People tend to think that digital copies of our biological features, stored in a government-run database, are problems of a dystopian future. But governments around the world are already using such technologies. Several countries are collecting massive amounts of biometric data for their national identity and passport schemes—a development that raises significant civil liberties and privacy concerns. Biometric identifiers are inherently sensitive data.
If you thought passing the bar was hard, try winning one of the coveted EFF Cyberlaw Pub Quiz victory steins. Last night, the best legal minds in San Francisco scrambled to answer 7 rigorous rounds of cyberlaw trivia (one of Fenwick & West's teams pictured left). EFF's attorneys, technologists and activists worked tirelessly for weeks to construct quiz questions, delving deep into the rich canon of privacy, free speech, and intellectual property law, and then uncovering the supremely trivial facts.
For many of the contestants, winning means more than just a fancy cup. It proves that you have lived and breathed the most important cases for digital rights of our time. The competition was fierce, and every team acquitted themselves well in the face of tough questions.
Coders have never been more important to the security of the Internet. By identifying and disclosing vulnerabilities, coders are able to improve security for every user who depends on information systems for their daily life and work. Yet this week, European Parliament will debate a new draft of a vague and sweeping computer crime legislation that threatens to create legal woes for researchers who expose security flaws.
by Molly Sauter
Two days ago, EFF launched Defend Innovation, outlining seven proposals to address the egregious abuses of software patents. Since we launched, we’ve already received an amazing response (the initial traffic overwhelmed our servers) and now we’re watching as more and more people sign the petition and leave comments. This campaign isn’t just about our proposals – it’s also about creating a space for the tech community, inventors, academics, and others to express their concerns and suggestions for dealing with the patent system. The comments we collect will be the basis for a whitepaper we’ll use to educate lawmakers and the public about the problems with the software patent system – and how we can address them.
Here is a sample of what we've seen so far:
Yesterday, a House Committee grabbed national attention by voting to approve a recommendation that Attorney General Eric Holder be held in contempt of Congress. The vote stemmed from the Department of Justice’s repeated refusals to release documents concerning the handling of an investigation known as “Fast and Furious” – a botched DOJ law enforcement operation aimed at slowing the flow of illegal weapons from the United States to drug cartels in Mexico. In an effort to head off a contempt vote, President Obama asserted “executive privilege” on Wednesday in an attempt to legitimize the DOJ’s refusal to disclose the requested documents.
In recent weeks, the corner of the blogosphere that concerns itself with Internet-related policy has come alive with posts, comments and op-eds addressing the theory that a little-known United Nations telecom agency, the International Telecommunication Union (ITU), is gearing up for an Internet power grab. Concerns about this possibility spurred a U.S. Congressional hearing last month, and across the Atlantic, a June 19 workshop hosted at the European Parliament in Brussels provided a forum to sort out “Challenges to the Internet Governance Regime” as they relate to the ITU.
The decision faced by dictators to shut off the Internet (and risk economic loss) or keep their citizens online (and risk an Internet-assisted revolt) has been referred to by some as the "dictator's dilemma." In the case of Sudan, where anti-austerity protests have been raging for five days and calls to overthrow the regime have been reported, the dictator's decision is made a bit easier by the fact that only about one in ten citizens has access to the Internet.1
As we’ve acknowledged before, our lives are increasingly contained on our digital devices, which makes travel—and the decisions we make about what to carry with us—increasingly complicated.
A recent case in which two young travelers to Israel were requested not simply to provide their laptops for arbitrary searches, but to log in to their e-mail accounts and allow Israeli officials to search through their e-mail for specific strings and correspondence highlights the increasing obstacles to privacy that travelers face, as well as the increasingly global nature of security theatre.
If you buy something, you can do with it—and do away with it—as you want. Right? The digital age is challenging this most basic of expectations in a few ways, and EFF and its allies are on the lookout. The Supreme Court will soon review a court decision that, if upheld, could put handcuffs on our ability to sell digital goods, or even physical goods with copyrighted logos or artwork, simply because the goods were manufactured outside the U.S. This case is important, but its also just a small piece of a larger assault on ownership rights. Over the past decade, courts and copyright owners have quietly been creating a world in which digital goods are never truly owned, but only licensed. And those licenses inevitably contain a plethora of legal restrictions on your ability to fully use the goods you "buy."
Since late last year, independent newspaper Occupied Chicago Tribune (OCT) has been reporting and commenting on the Occupy movement. One glance at the website makes it very clear that OCT is not affiliated with the “original” Chicago Tribuneindeed, OCT is often critical of the paper and its coverage. This hasn’t stopped the Tribune from claiming OCT infringes its trademarks, and launching proceedings that could cause OCT to lose its domain name.
On Thursday, the fifth and final European Union Parliamentary committee voted to reject the Anti-Counterfeiting Trade Agreement (ACTA). This signifies a major blow to ACTA, but its standing in the EU still comes down to the European Parliament vote scheduled during the first week of July. After this final vote decides the agreement’s adoption in Europe, however, the future of ACTA for the rest of the signatory countries unfortunately remains cloudy.
Several years ago, a professor at Holland's Radboud University Nijmegen, Dr. Bart Jacobs, landed in legal trouble. He'd attempted to publish an article exposing security flaws in the widely used MIFARE Classic wireless smart card chip, which is employed by transit systems around the world. Using an ordinary laptop, he was able to clone paying customers' cards to access transit systems for free. The point of his research was to demonstrate that the cards were vulnerable to attack.
The chip's owner, NXP Semiconductors, argued that it would have been irresponsible to make this information public. But a Dutch court ultimately ruled that clamping down on his research would have violated the scientist's rights to freedom of expression.
The patent system is broken. We’ve been talking about it for years, and we just rolled out a new site (defendinnovation.org) to do something about it, where we hope you’ll join us in coming up with solutions that make sense for innovation.
Now we've got some new developments that further prove just how flawed the modern software patent system is:
Sudan may not have "pulled a Mubarak" and shut off the Internet, but that hasn't stopped the government's attempts to silence vocal citizens online. Four days after we first reported his arrest, Usamah Mohammed Ali (better known as @simsimt) remains in detention, his whereabouts unknown, while Maha El-Sanosi was released over the weekend only to be arrested again today.
For quite some time, EFF has campaigned for changes to the export controls that prevent important communications technologies from reaching activists and dissidents. These export controls—enacted by the Departments of Treasury and Commerce and detailed here—often hurt the very individuals they’re meant to help, by restricting access for citizens while doing little to stop authoritarian regimes from getting ahold of products via third parties or on the black market.
Follow Thursday's Senate Hearing on Do Not Track Through the EFFLive Twitter Account
Do Not Track (DNT) will be in the news yet again this week. In the wake of Microsoft's decision to ship Internet Explorer 10 with Do Not Track on (DNT-1) by default and following face-to-face negotiations last week in Bellevue, Washington, the Senate Commerce Committee will take up Do Not Track at a hearing on Thursday at 10 am EST.
D(EFF)CONtestants have until Wednesday, July 4, 2012 at 11:59:59 PM PDT to claim one of the top prizes in our third annual DEF CON fundraising contest! Included with this year's l33t loot for the top three: a stay at the Rio Hotel and Casino, DEF CON 20 Human Badges, Ninja Party badges, and passes to theSummit. In addition, every D(EFF)CONtestant who encourages their peers to raise at total of $500 or more will automatically receive a limited edition EFF DEF CON 20 Script Kitty t-shirt!
Hackers On Planet Earth (HOPE), one of the most creative and diverse hacker events in the world. HOPE Number Nine will be taking place on July 13, 14, and 15, 2012 at the Hotel Pennsylvania in New York City. Several EFF staffers from the legal, tech, and activism teams will be giving presentations. Stop by the EFF booth at HOPE for an invite to our Speakeasy meetup at a secret location on Friday night. Here is a round-up of talks you should make sure not to miss.
Destroying Evidence Before It's Evidence
Hanni Fakhoury, Staff Attorney
Friday 5:00pm Sassaman Room
Several governments are pushing for proposals that seek to draw borders around the global Internet. With big decisions at stake, it’s critical that Internet users understand the threats and have a meaningful say in the final outcome. At a panel held in Washington, D.C. June 26 to highlight global threats to Internet governance, much of the discussion revolved around multistakeholder processes, or the involvement of all stakeholders in Internet policy making discussions on equal footing.
Crossposted from Techpresident
We are living in an era where transparency — be it from government, corporations, or individuals — has come to be expected. As such, social media platforms have come under scrutiny in recent years for their policies around content moderation, but perhaps none have received as much criticism as Facebook.