The U.S. government’s warrantless Internet spying is in the hot seat today.
The House Judiciary Committee is holding a two-part hearing this morning about the Section 702, created by the FISA Amendments Act, which the government uses to justify the unconstitutional mass surveillance of Americans’ online activity. EFF opposes the sweeping surveillance that happens under Section 702, and we’re calling on Congress to let the authority lapse when it is set to expire at the end of the year.
Cities across the country are switching to wireless smart meters. You may even have one in your home. Utility companies say the new technology helps consumers monitor their energy use and potentially save money. But smart meters also reveals intimate details about what’s going on inside the home. By collecting energy use data at high frequencies—typically every 5, 15, or 30 minutes—smart meters know exactly how much electricity is being used, and when. Patterns in your smart meter data can reveal when you are home, when you are sleeping, when you take a shower, and even whether you cook dinner on the stove or in the microwave. These are all private details about what’s going on inside your home—details that should be clearly within the bounds of Fourth Amendment protection.
UPDATE: 3/2/17 Updated to include which types of consumer data were impacted by these changes.
Your ISP knows a lot about who you are and what you do online. Their records just got a whole lot less secure.
Newly minted Republican FCC Chairman Ajit Pai just granted the telecom industry its wish: he has blocked new requirements that Internet service providers (ISPs) like Comcast apply common sense security practices to protect your private data. By suspending the FCC's proposed data security rules for ISPs, Pai is pitting Internet users against the very companies we trust to get us online. And the ISPs will continue to win—unless we fight back.
In a major victory for transparency, the California Supreme Court ruled today that when government officials conduct public business using private email or personal devices, those communications may be subject to disclosure under the California Public Record Acts (CPRA).
In the unanimous opinion, the court overturned an appellate court ruling, writing:
Users scored an exciting victory over copyright-based censorship last month, when the Domain Name Association (DNA) and the Public Interest Registry (PIR), in response to criticism from EFF, both abruptly withdrew their proposals for a new compulsory arbitration system to confiscate domain names of websites accused of copyright infringement.
The latest episode of the technology podcast Reply All features an excellent summary of some of the issues with the World Wide Web Consortium's current project to create a standard for restricting the use of videos on the web; we've created this post for people who've just listened to the episode and want to learn more.
What's going on?
The World Wide Web Consortium (W3C) is a standards body: they work to create open standards, rules for connecting up the web that anyone can follow, guaranteeing that anyone can make a web browser, web server, or website.
President Donald Trump’s pick for Director of National Intelligence has laid out his vision for the country’s surveillance, and it’s not good for technology users.
In his confirmation in front of the Senate Intelligence Committee this week, former-Sen. Dan Coats, a Republican from Indiana, said there need to be continued conversations about legal authorities to undermine encryption and called reauthorizing an authority that the government uses to spy on Americans’ Internet activities without a warrant his “top legislative priority.”
Two members of the New York City Council introduced a bill on Wednesday, March 1 to enact long overdue transparency rules for the NYPD’s procurement and deployment of electronic surveillance technology. It is the latest in a series of similar proposals around the country modeled on a Silicon Valley law adopted in 2016, which was crafted to impose municipal checks and balances to constrain on executive power and address the metastasis of surveillance.
The police cannot force you to tell them the passcode for your phone. Forcing you to turn over or type in your passcode violates the Fifth Amendment privilege against self-incrimination—the privilege that allows people to “plead the Fifth” to avoid handing the government evidence it could use against them. And if you have a phone that’s encrypted by default (which we hope you do), forcing you to type in your passcode to unlock the device means forcing you to decrypt your phone, too. That forced translation—of unintelligible information to intelligible—also violates the Fifth Amendment.
And Proves What Time Warner Cable Can Do Worse
Back in 2013, a couple of Internet pranksters who were fed up with Time Warner Cable’s (TWC) dismal customer service released a parody video and website that asked, “What Can We [TWC] do Worse?” In response, the company launched an aggressive takedown campaign against the parodists. But thanks to the New York Attorney General (AG) Eric Schneiderman, we now know exactly what Time Warner Cable did “do worse.”
Last month we wrote about the adoption of a new secret agreement between copyright holders and the major search engines, brokered by the U.K. Intellectual Property Office, aimed at making websites associated with copyright infringement less visible in search results. Since the agreement wasn't publicly available, we simultaneously issued a request under the U.K.'s Freedom of Information Act (FOIA), asking for a copy of the text. Today we received it.1
The agreement requires search engines to:
A dangerous bill in California would make it easy for the government to search the cell phones and online accounts of students and teachers. A.B. 165 rips away crucial protections for the more than 6-million Californians who work at and attend our public schools. Under the proposed law, anyone acting “for or on the behalf of” a public school—whether that’s the police or school officials—could search through student, teacher, and possibly even parent digital data without a court issuing a warrant or any other outside oversight.
Wikileaks today released documents that appear to describe software tools used by the CIA to break into the devices that we all use at home and work. While we are still reviewing the material, we have not seen any indications that the encryption of popular privacy apps such as Signal and WhatsApp has been broken. We believe that encryption still offers significant protection against surveillance.
The worst thing that could happen is for users to lose faith in encryption-enabled tools and stop using them. The releases do reaffirm that users should make sure they are using the most current version of the apps on their devices. And vendors should move quickly to patch these flaws to protect users from both government and criminal attackers.
Imagine this: the government, for reasons you don't know, thinks you're a spy. You go on vacation and, while you're away, government agents secretly enter your home, search it, make copies of all your electronic devices, and leave. Those agents then turn those devices upside down, looking through decades worth of your files, photos, and online activity saved on your devices. They don't find any evidence that you're a spy, but they find something else—evidence of another, totally unrelated crime. You're arrested, charged, and ultimately convicted, yet you're never allowed to see what prompted the agents to think you were a spy in the first place.
On March 2, EFF Executive Director Cindy Cohn sat down with Alexander Macgillivray and Nicole Wong, both former U.S. Deputy Chief Technology Officers (CTO) under President Obama as well as former legal counsel for Google and Twitter. The panel explored the development of the Obama administration’s policies on the Internet, intellectual property, and digital privacy and speculated on the future of the White House CTO position under President Trump. On March 3rd, we learned that Peter Thiel's former chief of staff Michael Kratsios will be stepping in to the role formerly held by Macgillivray and Wong.
In the wake of the European Commission’s dangerous proposal to require user-generated content platforms to filter user uploads for copyright infringement, European digital rights advocates are calling on Internet users throughout Europe to stand up for freedom of expression online by urging their MEP (Member of European Parliament) to stop the #CensorshipMachine and “save the meme.”
The collapse of the Trans-Pacific Partnership (TPP) was the worst defeat suffered by big content since we killed SOPA and PIPA five years ago. But our opponents are persistent, well-funded, and stealthy, and we can't expect them to give up that easily. So, just as they have continued to push for SOPA-like Internet censorship mechanisms in various other fora, so too we have been keeping a watchful eye for the recycling of TPP proposals into other trade negotiations.
The number of Internet-enabled sensors in homes across the country is steadily increasing. These sensors are collecting personal information about what’s going on inside the home, and they are doing so in a volume and detail never before possible. The law, of course, has not kept up. There are no rules specifically designed for law enforcement access to data collected from in-home personal assistants or other devices that record what’s going on inside the home, even though the home is considered the heart of Fourth Amendment protection. That’s why it’s critical that companies push back on requests via currently existing rules for data collected via these new in-home devices. EFF applauds Amazon for doing just that—pushing back on a law enforcement request for in-home recordings from its Echo device.
Earlier this week we explained how the tide is turning against the European Commission's proposal for Internet platforms to adopt new compulsory copyright filters as part of its upcoming Directive on Copyright in the Digital Single Market. As we explained, users and even the European Parliament's Committee on the Internal Market and Consumer Protection (IMCO) have criticized the Commission's proposal, which could stifle online expression, hinder competition, and suppress legal uses of copyrighted content, like creating and sharing Internet memes.
If you’re a student who is passionate about emerging Internet and technology policy issues, come work with EFF this summer as a Google Public Policy Fellow! This is the tenth year we’ve offered this Fellowship1, an opportunity for undergraduate, graduate, and law students to work alongside EFF’s international team for 10 weeks on projects advancing debate on key public policy issues.
If gaining control of hundreds of Internet domains that resemble your business name at a single stroke sounds like a trademark lawyer's wet dream, you may be surprised to learn that this is just one of the special powers that brand owners have under a little-known ICANN mechanism, the Trademark Clearinghouse. A letter released today by twenty-one law professors and practitioners exposes this and other privileges that ICANN bestows on brand owners, and sounds an urgent note of caution to the ICANN working group that is currently reviewing these special powers.
Recognizing the Year’s Worst in Government Transparency
A thick fog is rolling in over Sunshine Week (March 12-18), the annual event when government transparency advocates raise awareness about the importance of access to public records. We are entering an age when officials at the highest levels seek to discredit critical reporting with “alternative facts,” “fake news” slurs, and selective access to press conferences—while making their own claims without providing much in the way to substantiate them.
The United States Court of Appeals for the District of Columbia Circuit today held that foreign governments are free to spy on, injure, or even kill Americans in their own homes--so long as they do so by remote control. The decision comes in a case called Kidane v. Ethiopia, which we filed in February 2014.
Eighteenth century writer and philosopher the Marquis de Sade spent the last 13 years of his life in prison for his crimes of writing pornographic novels such as Justine and Juliette.
Today those who explore and write about similar sexual fantasies online—now known as BDSM and grounded in the consent of all participants—are suffering similar acts of censorship as the eponymous literary sadist who preceded them by two centuries. The biggest difference is that the church and state have been supplanted as chief censors by private companies such as payment service providers Visa, Mastercard, and PayPal.
It’s 2017, and climbers can tweet from Mount Everest, astronauts can post YouTube videos from the International Space Station, and ocean explorers can live stream from the Mariana Trench. Considering the ability for technology to overcome those harsh environments, we see no reason that California can’t develop a way to ensure that youth in our state have secure and supervised access to the internet in juvenile detention and foster care programs.
Back in October of 2016, the FCC passed some pretty awesome rules that would bar your internet service provider (ISP) from invading your privacy. The rules would keep ISPs like Comcast and Time Warner Cable from doing things like selling your personal information to marketers, inserting undetectable tracking headers into your traffic, or recording your browsing history to build up a behavioral advertising profile on you—unless they can get your consent. They were a huge victory for everyday Internet users in the U.S. who value their privacy.
Last year, EFF, along with our partner organizations, launched Reclaim Invention, a campaign to encourage universities across the country to commit to adopting patent policies that advance the public good. Reclaim Invention asks universities to focus on by bringing their inventions to the public, rather than selling or licensing them to patent assertion entities whose sole business model is threatening other innovators with patent lawsuits.
“Californians cannot afford to go back to the digital dark ages,” groups warn.
EFF and a diverse coalition of advocacy groups sent a letter to the California legislature urging elected officials to oppose A,B, 165. This bill would roll back privacy protections for students and teachers by exempting California public schools from the prohibition on warrantless digital searches lawmakers enacted two years ago.
The letter calls for the legislature to protect the legal rights of the 6-million Californians who study and work in public schools. Signers included Transgender Law Center, Courage Campaign, Council on American-Islamic Relations, Health Connected, California Latinas for Reproductive Justice, the American Library Association, and many others.
So far we've seen no response from the Domain Name Association (DNA) to our criticisms from earlier this month about its self-styled Registry/Registrar Healthy Practices [PDF]. Part of its plan is that domain registries ought to yank online pharmacy domains from the Internet without due process on Big Pharma's say-so.
Copyright rules don't belong in trade agreements—so where do they belong? For the most part, the World Intellectual Property Organization (WIPO) is probably the right place; it's a fully multilateral body that devotes its entire attention to copyright, patent, and other so-called intellectual property (IP) rules, rather than including them as an afterthought in agreements that also deal with things like dairy products and rules of origin for yarn.
Why are we so worried about Congress repealing the FCC’s privacy rules for ISPs? Because we’ve seen ISPs do some disturbing things in the past to invade their users’ privacy. Here are five examples of creepy practices that could make a resurgence if we don’t stop Congress now.
In a ruling today that will cheer up patent trolls, the Supreme Court said patent owners can lie in wait for years before suing. This will allow trolls to sit around while others independently develop and build technology. The troll can then jump out from under the bridge and demand payment for work it had nothing to do with.
Today, the Supreme Court heard arguments in a case that could allow companies to keep a dead hand of control over their products, even after you buy them. The case, Impression Products v. Lexmark International, is on appeal from the Court of Appeals for the Federal Circuit, who last year affirmed its own precedent allowing patent holders to restrict how consumers can use the products they buy. That decision, and the precedent it relied on, departs from long established legal rules that safeguard consumers and enable innovation.
It can be difficult to understand the intent behind anti-terrorist security rules on travel and at the border. As our board member Bruce Schneier has vividly described, much of it can appear to be merely "security theater"—steps intended to increase the feeling of security, while doing much less to actually achieve it.
This week the U.S. government, without warning or public explanation, introduced a sweeping new device restriction on travelers flying non-stop to the United States from ten airports in eight Muslim-majority countries, and nine airlines from those countries. Passengers on these flights must now pack large electronics (including tablets, cameras, and laptops) into their checked luggage.
Even before U.S. Trade Representative (USTR) nominee Robert Lighthizer takes office, he’s already feeling the heat from Congress and from public interest representatives about improving transparency and public access to trade negotiations.
In written answers given as part of Lighthizer’s confirmation hearing last week, Senator Ron Wyden asked him, “What specific steps will you take to improve transparency and consultations with the public?”. Lighthizer’s reply (which he repeated in similar form in response to similar questions from other Senators) was as follows:
Here in California, we’re in a tough battle over how and when the government can search through the digital devices of teachers and students. A terrible proposal—A.B. 165—seeks to strip over 6-million Californians of privacy safeguards baked into our state laws, giving the government a loophole to rifle through personal digital devices in schools without a warrant issued by a judge.
Congress is getting serious about taking away your online privacy. We have to get serious about stopping them.
The Senate is going to vote on Thursday on a measure from Sen. Jeff Flake that would repeal the broadband privacy rules passed by the FCC last year. According to at least one of the measure’s co-sponsors, it will likely have the votes it needs to pass in the Senate unless we take action right now.
The U.S. border has been thrown into the spotlight these last few months, with border agents detaining travelers for hours, demanding travelers unlock devices, and even demanding passwords and social media handles as a prerequisite for certain travelers entering the country. As the U.S. government issues a dizzying array of new rules and regulations, people in the U.S.
The Senate just voted to roll back your online privacy protections. Speak up now to keep the House from doing the same thing.
Majority Leader McCarthy Confirms House to Immediately Act on Behalf of the Cable and Telephone Industry Following the Senate Vote
Yesterday, the U.S. Senate by a razor thin margin of 50 to 48 voted to take away the privacy rights of Internet users as a favor to the cable and telephone industry. Now the House is planning to take up the legislation immediately next week before people can discover the damage they are about to inflict to consumer privacy online.
These Are Our Legal Rights To Privacy They Are Dismantling
Copyright safe harbors for Internet intermediaries are under attack from Big Media both in the United States and in Europe. Laying the blame for falling revenues on platforms such as YouTube and Facebook (despite that fact that revenues aren't actually falling at all), their aim is to impose new controls over how these platforms allow you to access and share content online. The control at the top of their wish-list is a compulsory upload filter, that would automatically screen everything that you upload.
Another court has ruled that streaming local broadcast TV channels to mobile devices is something that only traditional pay-TV companies can do—startups need not apply. The Ninth Circuit appeals court has ruled that FilmOn, an Internet video service, cannot use the license created by Congress for “secondary transmissions” of over-the-air TV broadcasts. That likely means that FilmOn and other Internet-based services won’t be able to stream broadcast TV at all. That’s a setback for local TV and the news, weather, local advertising, and community programming it carries.
EFF is pleased to announce a series of community security trainings in partnership with the San Francisco Public Library. High-profile data breaches and hard-fought battles against unlawful mass surveillance programs underscore that the public needs practical information about online security. We know more about potential threats each day, but we also know that encryption works and can help thwart digital spying. Lack of knowledge about best practices puts individuals at risk, so EFF will bring lessons from its comprehensive Surveillance Self-Defense guide to the SFPL.
This is our last chance to save critical online privacy protections.
We are one vote away from a world where your ISP can track your every move online and sell that information to the highest bidder. Call your lawmakers now and tell them to protect federal online privacy rules.
Back in October of 2016, the Federal Communications Commission passed some pretty awesome rules that would bar your Internet provider from invading your privacy. The rules would keep Internet providers like Comcast and Time Warner Cable from doing things like selling your personal information to marketers, inserting undetectable tracking headers into your traffic, or recording your browsing history to build up a behavioral advertising profile on you—unless they got your permission first. The rules were a huge victory for U.S. Internet users who value their privacy.
I am committed to protecting the personal privacy of individuals who use the Internet, including website visitors like you.
The Internet is up in arms over Congress's plan to drastically reduce your privacy online, and that includes small Internet providers and networking companies. Many of them agree that we need the Federal Communication Commission's rules to protect our privacy online, and seventeen of them have written to Congress today to express their concerns.
Update (12:00 p.m., March 28, 2017): A.B. 1104 has been pulled and will not be heard in committee today.
Memo to California Assemblymember Ed Chau: you can’t fight fake news with a bad law.
On Tuesday, the California Assembly’s Committee on Privacy and Consumer Affairs, which Chau chairs, will consider A.B. 1104—a censorship bill so obviously unconstitutional, we had to double check that it was real.
It’s real. The proposed law reads:
18320.5. It is unlawful for a person to knowingly and willingly make, publish or circulate on an Internet Web site, or cause to be made, published, or circulated in any writing posted on an Internet Web site, a false or deceptive statement designed to influence the vote on either of the following:
(a) Any issue submitted to voters at an election.
After three years of discussing changes to copyright law, Congress’s first bill is a strange one. House and Senate Judiciary Committee leaders have introduced a bill that would radically change the way the Register of Copyrights is picked – taking the process out of the hands of the Librarian of Congress and putting it into the hands of Congress and the President. That sounds like a pretty technical move, but it could have real consequences for future innovation and creativity. Let’s break it down.