This week EFF is in Geneva, at the Thirty-Fourth session of the Standing Committee on Copyright and Related Rights (SCCR) of the World Intellectual Property Organization (WIPO), to oppose a Broadcasting Treaty that could limit the use of video online. Ahead of this meeting, word was that delegations would be pushing hard to have a diplomatic conference to finalize the treaty scheduled at WIPO's October Assembly. In combination with initial uncertainty about whether the new United States administration would be maintaining its opposition to a diplomatic conference, we knew that it was important for EFF to be there to speak up for users.
The Broadcasting Treaty proposal simply doesn't make sense. It proposes to create a new layer of rights over material that has been broadcast over the air or over cable, in addition to any underlying copyrights over such material. Such rights would increase the cost and complexity of licensing broadcast content for use online, and create new and artificial barriers to the reuse of material that isn't protected by copyright at all, such as governmental and public domain works.
We'd like to be able to tell the delegates what we think about this, and normally we would be able to do that, because WIPO generally allows NGOs to deliver statements in its plenary meeting sessions. However this meeting has a new chair, whose working style involves fewer plenary sessions, and more informal sessions where which NGOs are only permitted to listen, not to speak or report. As as result, it's likely we won't have the opportunity to address delegates about until later in the week, if at all. But here is what we plan to say:
This week the Standing Committee has worked very hard to move the negotiations over the Broadcasting Treaty towards a diplomatic conference. Yet it appears to us that disagreements continue to exist at such a fundamental level, extending to the very objects of the treaty, that agreement remains unattainable.
The closest this Committee has ever come to agreement was when it narrowed the Treaty to cover only broadcasting organizations in the traditional sense from broadcast signal piracy. But as soon as the discussion is broadened to include transmissions over computer networks or post-fixation rights, it inevitably falls apart.
This is because there is no logic in granting exclusive rights to broadcasting organizations over Internet transmissions, without granting similar rights to other online video platforms. And if that is done, the new layers of rights and rightsholders will increase the complexity and risk of licensing video content, raising costs and barriers to innovation that outweigh any possible benefit to broadcasters.
We also have specific concerns that the current chairman's draft moves the proposal in the wrong direction, by eliminating previous text on limitations and exceptions, entrenching the inimical effects of Technological Protection Measures that criminalize fair use and innovation, and proposing a 50 year term -- 30 years longer than the term of protection under the Rome Convention.
More fundamentally, this treaty creates an unnecessary impediment to the legitimate reuse of broadcast material that is in the public domain, with little corresponding benefit. In our view the committee's time would be better invested by removing this item from the agenda to make more room for other relevant issues, such as the analysis of copyright related to the digital environment.
Overturning the Supreme Court Decision Would Allow Abstract Patents to Hurt innovation
One of the most important cases to cut back on the availability of vague, abstract patents was the 2014 decision Alice v. CLS Bank. In Alice, the U.S. Supreme Court reaffirmed the long-standing law that patents could not be granted on "laws of nature, natural phenomena, and abstract ideas." The decision reinvigorated the use of 35 U.S.C. § 101 to invalidate abstract patents based on the fact that they claim unpatentable subject matter.
Alice was a watershed moment. In the decades before Alice, the Court of Appeals for the Federal Circuit—the court that hears all patent appeals—had consistently expanded the scope of patentable subject matter. The case law was to the point that it seemed that so long as something was done "automatically," anything could be patented, including business methods, investment strategies, and patenting itself.
Since Alice, lower courts have routinely invalidated some of the worst abstract and vague patents. We've highlighted many of these abstract patents in our Stupid Patent of the Month series. There was also the patent on a "picture menu" that was used to sue over 70 companies. And the patent on using labels to store information in a data structure that, on being invalidated as abstract, ended an astonishing 168 cases.
Recently, we've heard that certain patent owners are lobbying Congress to modify 35 U.S.C. § 101 and legislatively overrule Alice. Many of these advocates like to claim that the software industry and innovation have been seriously harmed by Alice. But what has really happened?
Currently, five of the top 10 companies by market capitalization are information technology focused, a significant shift from ten years ago when only Microsoft made the cut. Tesla, who famously announced they were abandoning patents, is now the highest valued U.S. car maker. The 2017 Silicon Valley Report from Joint Venture Silicon Valley noted “seven straight years of economic expansion” in the Bay Area, a region known for its innovation.
Smaller innovators are also going strong. The Kauffman Index of Startup Activity shows a sharp increase in activity between 2014, the year Alice was decided, and 2016. Employment in the innovation and information products field in Silicon Valley grew by 5.2% between 2015 and 2016, more than any other category, and venture capital investment remains strong. Thus if Alice were in fact "decimating" the industry as one judge on the Federal Circuit predicted, there is little evidence of it. To be clear, this isn’t to say that Alice is the only reason the industry is thriving, but it is a reminder that software patents and the software industry are not the same thing.
Not only do current trends in the industry show that Alice did not harm the technology sector, but past trends confirm it. When the Federal Circuit dramatically expanded the scope of patentable subject matter, first in 1994 and again in 1998, there is no indication the shift provided additional stimulus to the already growing economy. Indeed, there is evidence that patenting has little effect on innovation. A 2014 Congressional Budget Office report noted that "the large increase in patenting activity since 1983 may have made little contribution to innovation," and in fact, "the proliferation of low-quality patents" were working to prevent small innovators from easily entering the market.
Alice has not harmed the technology industry and the argument for overturning it just isn't based in fact. If anything the evidence shows abstract patents do more to harm the technology industry than help it. Alice is working to rid the system of vague and overbroad abstract patents, without any serious negative effect on the technology sector, and should remain the law.
Republicans in Congress recently voted to repeal the FCC’s broadband privacy rules. As a result, your Internet provider may be able to sell sensitive information like your browsing history or app usage to advertisers, insurance companies, and more, all without your consent. In response, Internet users have been asking what they can do to protect their own data from this creepy, non-consensual tracking by Internet providers—for example, directing their Internet traffic through a VPN or Tor. One idea to combat this that’s recently gotten a lot of traction among privacy-conscious users is data pollution tools: software that fills your browsing history with visits to random websites in order to add “noise” to the browsing data that your Internet provider is collecting.
One of the goals of this post is to dispel misconceptions about these tools regarding problems users may think they solve.
While we want to be optimistic and encourage more user-friendly technology, it’s important to evaluate new tools with caution, especially when the stakes are high. Additionally, one of the goals of this post is to dispel misconceptions about these tools regarding problems users may think they solve.
Limitations of ISP Data Pollution Tools
After reviewing thesesorts oftools, we’ve come to the conclusion that in their current form, these tools are not privacy-enhancing technologies, meaning that they don’t actually help protect users’ sensitive information.
To see why, let’s imagine two possible scenarios that could occur if your browsing history were somehow leaked.
First, imagine the tool visited a website you don’t want to be associated with. Many data pollution tools try to prevent this by blacklisting certain potentially inappropriate words or websites (or only searching on whitelisted websites) and relying on Google’s SafeSearch feature. However, even with these protections in place, the algorithm could still visit a website that might not be embarrassing for everyone, but could be embarrassing for you (say, a visit to an employment website when you haven’t told your employer you’re thinking of leaving). In this case, it might be difficult to prove it was the automated tool and not you who generated that traffic.
Second, sensitive data is still sensitive even when surrounded by noise. Imagine that your leaked browsing history showed a pattern of visits to websites about a certain health condition. It would be very hard to claim that it was the automated tool that generated that sort of traffic when it was in fact you.
It’s reasonable to assume that whoever is analyzing this data will put some effort into filtering out noise when looking for trends—after all, this is a standard industry-wide practice when doing data analysis on large data sets. This doesn’t necessarily mean that the data analysis will always beat the noise generation, but it’s still an important factor to consider. Likewise, layering noise onto a prominent pattern will not make that pattern any less prominent. Additionally, your Internet provider may already have years of data about your browsing habits from which it can extrapolate to help with its noise-filtering efforts.
In other words, there are currently too many limitations and too many unknowns to be able to confirm that data pollution is an effective strategy at protecting one’s privacy. We’d love to eventually be proven wrong, but for now, we simply cannot recommend these tools as an effective method for protecting your privacy.
Changing Internet Provider Behavior is a Worthy Goal, but Your Energy is Better Spent Calling Congress
Data pollution tools aren’t likely to succeed at their other primary goal besides protecting privacy: convincing Internet providers to stop mining our data to sell targeted ads. The theory here is that if enough people used these tools, then the vast majority of browsing data Internet providers collected would be inaccurate. Inaccurate data is worthless for targeting ads, so there would no longer be any monetary incentive for Internet providers to try to sell targeted ads—and thus no incentive to keep collecting browsing data in the first place.
Unfortunately, a huge fraction of customers would have to be using data pollution tools for them to have an impact on major Internet providers’ bottom lines. And while it's wonderful to imagine the majority of Internet users up in arms and installing one of these projects, it'd be as useful (if not more so) for all these users to call their lawmakers directly and convince them to pass privacy-protecting legislation instead. In fact, it would probably take far fewer people to get Congress to change its mind than it would to affect a large Internet provider’s bottom line.
Culture Jamming for the Web
With all of that said, these tools could potentially be effective at one thing: confusing your Internet provider’s ad-targeting algorithms and making the ads they show you less relevant. If this sort of culture jamming appeals to you, then these tools could help you accomplish that. Just keep in mind that you’ll have to rely on other techniques to protect your privacy from your Internet provider, and that to really achieve the sort of change we need, we also need to take the time to talk to our lawmakers and make our voices heard directly. Only through a combination of activism, technology, and legislation will we truly be able to protect our privacy online.
For years, U.S. government surveillance of innocent Americans has been a topic of heated debate, especially for those in the tech community.
With Congress gearing up for a fight over the 2017 reauthorization of a surveillance authority that lets the NSA spy on innocent Americans without a warrant—Section 702, enacted as part of the FISA Amendments Act—that debate is sure to rage on in the coming months.
So we sent reporter David Spark to the RSA Conference in San Francisco, California in February to ask one simple question: What don’t you want the NSA to know about you?
The answers spanned the spectrum, from emails, to phone calls, to web browsing records, to financial information, to information about individuals’ children, to nothing.
Some got philosophical. “Everyone says, ‘I have nothing to hide,’ and that’s not the point,” one attendee told us. “The point is that I want to control what people know about me.”
Others turned the question on its head, asking instead why the NSA is conducting surveillance on Americans. “I don’t think their charter is to spy on Americans, so why are they?” one asked.
And some got blunt. One attendee said he already assumes the NSA knows a lot about him already. “It scares me and offends me,” he said.
If the warrantless spying on Americans scares and offends you, contact your representatives in Congress and tell them to pull the plug on Section 702 surveillance. And watch the video to see other RSA Conference attendees’ responses.
Special thanks to David Spark (@dspark) and Spark Media Solutions for their support and production of this video. The background music heard at the end—the song Hydrated—is licensed CC BY-NC-SA 3.0 by Kronstudios. EFF original work (i.e., every thing but the background music heard at the end) is licensed CC BY 4.0.
Online platforms must be allowed to assert their anonymous users’ First Amendment rights in court, EFF argued in a brief filed Monday in a California appellate court.
The case, Yelp v. Superior Court, concerns whether online review website Yelp has the legal right to appear in court and make arguments on behalf of its users.
Courts across the country have increasingly recognized that online platforms do have the right to argue for their users’ free speech rights, particularly when private litigants or government officials seek to learn the speakers’ identities.
A California trial court, however, ruled in December 2016 that Yelp could not assert a user’s First Amendment rights after the platform received a subpoena seeking the identity of a Yelp user that a plaintiff alleged had defamed him and his business.
But as EFF’s brief [.pdf] argues, online platforms have both a legal right and an important role to play in asserting their users’ free speech rights.
Besides anonymous speakers asserting their own rights to directly challenge the legal demands to unmask them, online platforms are increasingly asserting their users’ rights in court. Platforms assert their users’ rights for a variety of reasons, including deterring frivolous efforts to unmask speakers and upholding their own platforms’ views on the importance of free speech. They also seek to make their platforms hospitable to important speech that may only be offered under the veil of anonymity. Simply put, many online platforms recognize that a key to maintaining the robust forum their users rely upon requires having their users’ backs.
The trial court’s ruling is dangerous, EFF argues, because it “threatens to undermine online platforms’ standing to assert their users’ First Amendment rights and thereby erode the ability for the Internet to serve as a forum for anonymous speakers.”
If platforms do not have a legal right to stand up for their users, “defense of these vexatious requests will fall solely to users themselves, many of whom may not know their rights or may otherwise not be in a position to fight for them,” EFF’s brief argues.
Two weeks ago the Copyright Society of China (also known as the China Copyright Association) launched its new 12426 Copyright Monitoring Center, which is dedicated to scanning the Chinese Internet for evidence of copyright infringement. This frightening panopticon is said to be able to monitor video, music and images found on "mainstream audio and video sites and graphic portals, small and medium vertical websites, community platforms, cloud and P2P sites, SmartTV, external set-top boxes, aggregation apps, and so on."
When it finds content that matches material submitted to it by a copyright holder, the Center provides them with a streamlined notification and takedown machine, from the issuance of warning notices through to the provision of mediation services. The Center's technology service provider also provides platforms with filtering technology that can allow infringing materials to be blocked from upload or download to begin with, obviating the need for a separate takedown procedure.
The Copyright Society of China, which instituted the 12426 initiative, is formally a private association, and lists amongst the venture's partners American media companies such as 21st Century Fox and Warner Bros. On the other hand, the Society is headed by a representative of the National Congress of the Communist Party of China, and includes within its mission "to provide technical support for the government to carry out network copyright supervision according to law."
The 12426 service utilizes proprietary commercial technology for its copyright monitoring, and much of the same technology is used by Chinese Internet companies for complying with Chinese government mandates for political censorship. For example, earlier this month it came to light that the Chinese government, at least at a provincial level and possibly at a national level, requires every provider of non-residential public Wifi hotspots to monitor and record their users' activity. This is in addition to the well-documented surveillance and censorship of Chinese online platforms such as Weibo and WeChat.
Copyright Surveillance and Censorship Closer to Home
Although this stifling surveillance machine is a human rights crisis in its own right for China's 720 million Internet users, it also provides a cautionary tale for the West, where copyright holder lobbyists are advocating for very similar filtering and surveillance mechanisms to be made mandatory. In that sense, China's copyright surveillance machine of today may warn of the European or American Internet of tomorrow.
This European proposal would put into place exactly the same kind of filtering that China's copyright surveillance industry provides today, repurposing technologies that the authoritarian regime also uses for the repression of political dissent. And this kind of repurposing goes both ways—technologies and legal processes developed in the first instance for copyright enforcement are also misused for political censorship and repression.
Another uncomfortable similarity between the Chinese Internet censorship regime and developments in the West is the close intermingling of public and private initiatives. Just as the Chinese Community Party sits at the head of the Copyright Society of China, so too the heavy hand of government can be found behind many notionally self-regulatory industry schemes from North America and Europe that aim to address copyright infringement. These government-led arrangements, that we call Shadow Regulation, are notoriously lacking in transparency, accountability, and user participation. The above mentioned European proposal, which pushes platforms and copyright owners into "voluntary" agreements concerning upload filtering, is a textbook case in point.
The announcement of China's government-linked 12426 Copyright Monitoring Center is absolutely chilling. It is just as chilling that the governments of the United States and Europe are being lobbied by copyright holders to follow China's lead. Although this call is being heard on both sides of the Atlantic, it has gained the most ground in Europe, where it needs to be urgently stopped in its tracks. Europeans can learn more and speak out against these draconian censorship demands at the Save the Meme campaign website.
Last Friday the United States Trade Representative (USTR) released the 2017 edition of its Special 301 Report [PDF], which the USTR issues each year to "name and shame" other countries that the U.S. claims should be doing more to protect and enforce their copyrights, patents, trademarks, and trade secrets. Most of these demands exceed those countries' legal obligations, which makes the Special 301 Report an instrument of political rhetoric, rather than a document with any international legal status.
Last year's Special 301 Report included 45 references to the Trans-Pacific Partnership, which was at the time soon expected to become the jewel in the USTR's crown. This year, following the TPP's humiliating defeat, it is not mentioned in the Special 301 Report even once. Indeed, not only has the TPP been expunged from the text as if it never happened at all, but the USTR has also finally ceased touting the Anti-Counterfeiting Trade Agreement (ACTA), another dead IP treaty that it had nonetheless included as a supposed global standard in its previous Special 301 Reports.
Instead, the USTR reports on its work at the World Trade Organization (WTO), which has opened up as a possible new front for the USTR to push former TPP standards. The Special 301 Report scolds certain countries for "server localization mandates, cross-border data flow restrictions, [and] programs to support only local data hosting firms," all of which were concerns previously addressed by the TPP, and now proposed for resolution at the WTO. Whether the WTO has the appetite to address such issues, however, remains to be seen; we'll know more following its Ministerial Conference at Buenos Aires in December this year.
Other than the omission of the TPP shibboleth, it's surprising how little else has changed in this year's Special 301 Report compared to last year's. In fact, this is the first time ever that the exact same 11 countries have been nominated for the Priority Watch List as last year, along with the exact same list of 23 countries for the regular Watch List. The topics on copyright that are treated in the Special 301 Report are also a repetition of last year, including complaints about stream ripping, mod chips, and media players that are configured to access infringing streams. China, in particular, is singled out for criticism in this regard:
China remains a leading source and exporter of systems that facilitate copyright piracy, including websites containing or facilitating access to unlicensed content, and illicit streaming devices configured with apps to facilitate access to such websites. These systems also include devices and methods that facilitate the circumvention of technological protection measures, which enable the delivery of services via the cloud and protect video games and other licensed content.
In addition to this, the USTR continues to complain about countries that fail to adequately protect trademarks used in domain names, and India in particular is criticized for "the issuance of problematic guidelines that appear to restrict the patentability of computer implemented inventions."
None of these complaints have any legal basis. The technologies mentioned in the paragraph about China all have substantial non-infringing uses, such as the use of circumvention tools for backup, archival, compatibility, and repair. The question of how and to what extent trademarks should be protected in domain names is a question for multi-stakeholder bodies such as ICANN and its national-level equivalents, not for governmental horse-trading. And India's position on computer implemented inventions (which prohibit computer software from being patented per se, but allow software in combination with new hardware to be patented) is broadly in line with similar policies held in Europe and elsewhere.
Then again, nobody in the know ever read the Special 301 Report expecting it to be legally accurate. Rather, it's just a document used to threaten other countries into submission to unilateral U.S. demands. And with the demise of the TPP, those threats are now emptier than ever before.
The NSA is stopping its use of one controversial surveillance technique that impacts Americans' privacy.
Make no mistake. This is good news for anyone who wants government surveillance to follow the law. But there’s much more to be done to rein in unconstitutional spying.
Initially reported by The New York Times today and confirmed by the agency itself, the NSA will no longer conduct “about” searches of the full content of Internet communications, including to and from innocent Americans, that are "about" -- or mention -- a foreign intelligence target’s email address or other identifier. The NSA said the changes were a result of “inadvertent compliance incidents,” or violations of court-imposed restrictions.
These searches happen as part of the NSA’s Upstream program, through which the agency taps directly into the Internet backbone to seize and search Internet traffic. The U.S. government has claimed these warrantless searches of Americans’ email are allowed under Section 702, enacted as part of the FISA Amendments Act, which is set to expire at the end of the year.
In the NSA’s own words:
“NSA will no longer collect certain internet communications that merely mention a foreign intelligence target. … Instead, NSA will limit such collection to internet communications that are sent directly to or from a foreign target.
Even though NSA does not have the ability at this time to stop collecting ‘about’ information without losing some other important data, the Agency will stop the practice to reduce the chance that it would acquire communications of U.S. persons or others who are not in direct contact with a foreign intelligence target.
Finally, even though the Agency was legally allowed to retain such ‘about’ information previously collected under Section 702, the NSA will delete the vast majority of its upstream Internet data to further protect the privacy of U.S. person communications.”
For nearly a decade, EFF has argued in court that these and other warrantless searches and seizures through Upstream are unconstitutional. Although today's announcement is a welcome one, the NSA has demonstrated, time and time again, that it will only institute meaningful reforms after it gets caught in serious and repeated violation of the law.
We demand better from our country’s intelligence community. With the looming sunset of Section 702, Congress is in the perfect position to demand more too, starting with a full and public explanation the scope of Section 702 surveillance, including the long-overdue accounting for how many Americans have been impacted by NSA surveillance.
When it comes to reforms, Congress should codify the changes the NSA announced today. If “about” searches are so privacy-invasive for innocent Americans, they should be explicitly prohibited by law.
But that’s not the only way Congress can work to reduce the risk of collecting information about innocent people. Lawmakers should also curtail surveillance programs under Section 702 including by limiting collection to information about true national security concerns instead of allowing the programs to collect the much broader category of “foreign intelligence information.” Lawmakers should also work to reduce “incidental collection,” or the collection of communications to and from Americans who interact with individuals located outside of the United States.
And that’s just on the intelligence collection side. Congress should limit what the intelligence community can do with information that has been collected under Section 702. One obvious move would be to close the “backdoor search loophole,” or the gap in privacy protections that allows the FBI to search for information about Americans in databases containing information collected under Section 702 without getting a warrant. Efforts to close this loophole have been widely supported on the Hill in the past and should be included in any reform package Congress considers this year.
Outside of what information is collected and how it’s used, lawmakers should push for increased transparency into and oversight of the intelligence community’s use of Section 702. That includes things like declassifying more information about the NSA’s surveillance programs, letting companies publish more specific information about the government requests they receive for customer data, and making it easier for Americans to bring lawsuits against the U.S. government if they feel their constitutional privacy protections have been violated.
The NSA’s announcement today is a win for constitutional privacy protections, for those of us fighting unlawful surveillance in the courts, and for anyone who pushed for surveillance reform by signing a petition, contacting their lawmakers, or otherwise voicing their concerns about warrantless spying on innocent Americans.
With the 702 reauthorization debate set to unfold in the coming weeks and months, we need to tell Congress to keep fighting to rein in this warrantless spying.