Copyright safe harbors for Internet intermediaries are under attack from Big Media both in the United States and in Europe. Laying the blame for falling revenues on platforms such as YouTube and Facebook (despite that fact that revenues aren't actually falling at all), their aim is to impose new controls over how these platforms allow you to access and share content online. The control at the top of their wish-list is a compulsory upload filter, that would automatically screen everything that you upload. Such a requirement would be a costly imposition on smaller platforms and new innovators, and provide governments with a ready-built infrastructure for content censorship.
In Australia, the situation is a little different—because due to an oversight in implementation of the original U.S.-Australia Free Trade Agreement in 2005, they never had a copyright safe harbor system to begin with; or rather, a much narrower one which only applies to ISPs, but not to other Internet platforms, nor even to other Internet access providers such as libraries and educational institutions. This oversight was due to be remedied with the passage of new amendments to Australia's Copyright Act. (The TPP, had it passed, would also have required Australia to bring in this reform.)
Unfortunately pressure from copyright holders, including a well-orchestrated astroturf campaign, put the kibosh on that this week, when the safe harbor reforms were dropped from the copyright amendment Bill. What does this mean in practice? Essentially it translates into a huge potential legal liability for Internet platforms that allow users to upload content. Because they don't have any protection from liability for user content that infringes copyright, there is the risk that their services could be characterised by a court as inducing or contributing to copyright infringement, much in the same way that file sharing software was accused of doing so in a rash of U.S. lawsuits in the early 2000s.
While much of that file sharing software was driven into extinction, the same fate did not befall America's user generated content websites. This wasn't for lack of trying by Big Media. In the Viacom v. Youtube case, they argued that YouTube was liable for copyright infringements in the videos that its users uploaded. Thanks to the DMCA safe harbor Viacom lost the case (though an appeal was later settled), and to this day websites in the U.S. remain entitled to allow users to upload content of their choice, without taking on advance responsibility for the copyright status of that content. Instead, if a copyright infringement is alleged, the copyright holder issues a takedown notice to the website, which will remove it and leave the next steps up to the user and the copyright holder.
In Australia, a similar case might be decided differently, and content sharing platforms could be shut down in the absence of an adequate safe harbor protection. This leaves platforms with the stark choice to run the risk of being required to pay enormous penalties to copyright holders, or preemptively enter into agreements with copyright holders to pay license fees for all user uploaded content, or exit the Australian market altogether. In short, Australian online innovators face a lot more risk and uncertainty for as long as they lack adequate copyright safe harbor protection.
Australia had the opportunity to bring its laws into line with equivalent laws from the U.S. and Europe, and international standards as encapsulated in the Manila Principles on Intermediary Liability. This week, it squandered that opportunity by sending the proposal back to the drawing board, and it's Australian innovators, libraries, educational institutions, and their users who will suffer. We urge the Australian government to look beyond the copyright lobby to the broad sectors of Australian society who have expressed support for this important reform, and to reintroduce it at the earliest opportunity.
Majority Leader McCarthy Confirms House to Immediately Act on Behalf of the Cable and Telephone Industry Following the Senate Vote
Yesterday, the U.S. Senate by a razor thin margin of 50 to 48 voted to take away the privacy rights of Internet users as a favor to the cable and telephone industry. Now the House is planning to take up the legislation immediately next week before people can discover the damage they are about to inflict to consumer privacy online.
These Are Our Legal Rights To Privacy They Are Dismantling
Americans have enjoyed a legal right to privacy from your communications provider under Section 222 of the Telecommunications Act for more than twenty years. When Congress made that law, it had a straightforward vision in how it wanted the dominate communications network (at that time the telephone company) to treat your data, recognizing that you are forced to share personal information in order to utilize the service and did not have workable alternatives.
Now Congress has begun to reverse course by eliminating your communication privacy protections in order to open the door for the cable and telephone industry to aggressively monetize your personal information. Proponents of such a drastic course change in law would have you believe that a repeal of the Federal Communications Commission's updated privacy rules for broadband providers would still leave your privacy protections intact. This understates the gravity of what H.J. Res. 86 and S.J. Res 34 may do to consumer privacy. Make no mistake, if Congress decides to codify a repeal of consumer privacy under the Congressional Review Act (as opposed to simply amending the law or the FCC changing the privacy rules again), it can have a serious impact on your legal right to privacy in your communications over broadband.
Proponents of eliminating consumer privacy will go even further and say that it is the FCC's fault that they must harm the legal protections you have enjoyed for more than twenty years by stating it was the agency that overreached its legal authority and acted in a manner that was unconnected with the law. But when Congress actually wrote the law, the charge it gave the FCC seemed fairly clear.
The Senate Commerce Committee, for example, expressed a clear intent of specific legal obligations for the communications provider by stating the following:
“In general, a Bell company may not share with anyone customer-specific proprietary information without the consent of the person to whom it relates. Exceptions to this general rule permit disclosure in response to a court order or to initiate, render, bill and collect for telecommunications services.”
“This section defines three fundamental principles to protect all consumers. These principles are: (1) the right of consumers to know the specific information that is being collected about them; (2) the right of consumers to have proper notice that such information is being used for other purposes; and (3) the right of consumers to stop the reuse or sale of that information.”
ISPs have been lobbying for weeks to get lawmakers to repeal the FCC’s rules that stand between them and using even creepier ways to track and profit off of your every move online. Republicans in the Senate just voted 50-48 (with two absent votes) to approve a Congressional Review Action resolution from Sen. Jeff Flake which—if it makes it through the House—would not only roll back the FCC’s rules but also prevent the FCC from writing similar rules in the future.
That would be a crushing loss for online privacy. ISPs act as gatekeepers to the Internet, giving them incredible access to records of what you do online. They shouldn’t be able to profit off of the information about what you search for, read about, purchase, and more without your consent.
The U.S. border has been thrown into the spotlight these last few months, with border agents detaining travelers for hours, demanding travelers unlock devices, and even demanding passwords and social media handles as a prerequisite for certain travelers entering the country. As the U.S. government issues a dizzying array of new rules and regulations, people in the U.S. and abroad are asking: are there meaningful constitutional limits on the ability of border agents to seize and search the data on your electronic devices and in the cloud?
The answer is: Yes. As we’ll explain in a series of posts on the Bill of Rights at the border and discuss in detail in our border search guide, border agents and their activities are not exempt from constitutional scrutiny.
The First Amendment is meant to safeguard five fundamental rights: speech, assembly, religion, press, and petition to the government for redress of grievances. The First Amendment also protects the right to exercise these basic rights anonymously because, as Supreme Court Justice John Paul Stevens wrote:
Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society.
But when border agents scrutinize the massive volume of sensitive information in our digital devices or in the cloud, they infringe on First Amendment rights in at least four distinct ways.
First, device searches may reveal your social media profile handles – inclusive of pseudonymous accounts. This allows border agents to match those handles to your passport identity, which effectively unmasks you and prevents you from being able to speak anonymously online. The same is true if you comply with an agent’s demand that you tell them your social media handles.
Second, device searches may also chill your ability to associate with an expressive institution anonymously, like a political group. Border agents can use a device search or knowledge of your social media handles to unearth a variety of private associational ties that can be mapped and harvested for more personal information and connections. What is worse, the investigation may intrude upon your contacts’ privacy as well as your own.
Third, requiring you to let CBP review your web-browsing history violates your right to access and receive information anonymously. This intrusion also occurs when CBP scrutinizes your shopping histories to reveal your private decisions to acquire expressive materials, such as books and movies.
Finally, requiring journalists to unlock devices that contain confidential journalistic sources and work product inhibits their ability to shield the identity of their sources and undermines the integrity and independence of the newsgathering process.
Border searches of our digital devices and cloud data thus implicate core free speech rights. Therefore, border agents should at least be required to obtain a warrant supported by probable cause before any such search of our private digital information.
Indeed, the First Amendment requires even more. For example, when police officers demand purchasing records from booksellers (implicating the right to access information anonymously), the First Amendment requires not only probable cause, but a compelling need, the exhaustion of less restrictive investigative methods, and a substantial nexus between the information sought and the investigation. Given that a digital device search is far more invasive upon First Amendment rights than disclosure of what books a person buys at a single bookseller, border agents should be required to do the same.
And the government should take special care with respect to journalists. The Privacy Protection Act prohibits the government from searching or seizing a journalist’s materials without probable cause that the journalist has committed a crime. While the statute exempts border searches for the purpose of enforcing the customs laws, it does not exempt border searches for other purposes, such as a criminal investigation.
Unfortunately, so far, courts have refused to recognize the free speech implications of digital border searches. But we hope and expect that will change as courts are forced to weigh the increasing amount of sensitive information easily accessible on our devices and in the cloud, and the increasing frequency and scope of border searches of this information.
Without First Amendment protections at the border, the threat of self-censorship looms large. Travelers faced with the risk of border agent intrusion into such sensitive data are more prone to self-censorship when expressing themselves, when considering private membership in political groups, or when deciding whether to access certain reading or media material. This is especially true for people who belong to unpopular groups, who espouse unpopular opinions, or who read unpopular books or view unpopular movies.
Likewise, confidential sources that provide invaluable information to the public about government or corporate malfeasance may refrain from whistleblowing if they fear journalists cannot protect their identities during border crossings. This is why EFF is calling for stronger Constitutional protection of your digital information and urging people to contact Congress on this issue today.
The good news is there’s a lot you can do at the border to protect your digital privacy. Take the time to review our pocket guides on Knowing Your Rights and Protecting your Digital Data at the border. And for a deeper dive into these issues, take a look at our Border Search Guide on protecting the data on your devices and in the cloud.
The Senate is going to vote on Thursday on a measure from Sen. Jeff Flake that would repeal the broadband privacy rules passed by the FCC last year. According to at least one of the measure’s co-sponsors, it will likely have the votes it needs to pass in the Senate unless we take action right now.
Those rules were a huge win for consumers, and—if Congress doesn’t get in the way—they’ll protect Internet users from creepy tracking by their ISPs when they go into effect later this year.
As we’ve argued, repealing the FCC’s privacy rules is a bad move for consumers. If Congress repeals the rules, your ISP will be able to sell records about what you look at, what you purchase, and who you talk to online. The FCC may not be able to write new privacy rules, and, because of the current legal landscape, it’s not clear that any federal agency would be able to step in and protect consumers when ISPs violate their privacy.
Here in California, we’re in a tough battle over how and when the government can search through the digital devices of teachers and students. A terrible proposal—A.B. 165—seeks to strip over 6-million Californians of privacy safeguards baked into our state laws, giving the government a loophole to rifle through personal digital devices in schools without a warrant issued by a judge.
We’re looking for individuals in California’s public schools who can report on experiences with digital device searches. Are you a student who had a school administrator search your device without your consent? Are you a parent whose son or daughter was punished because of data found on their device? Are you a teacher who has seen or been part of questionable searches in the school context? We want to hear about it.
Types of stories that would be especially useful for us:
Examples in which digital device searches may have violated existing California law and resulted in negative consequences (embarrassment, administrative action, criminal investigation) for students or teachers;
Examples in which digital device searches in schools exposed sensitive details about students, teachers, or their families, including medical concerns; immigration status, economic status, sexual orientation, or political speech;
Other examples of digital devices searches in California schools that you found concerning.
Please report stories using our survey and share this request with your friends.
A.B. 165 is currently scheduled for a hearing before the Assembly Committee on Privacy and Consumer Protection on April 18. That means that right now is a very important time to make sure all our California legislators hear us. Please speak out now against A.B. 165.
Even before U.S. Trade Representative (USTR) nominee Robert Lighthizer takes office, he’s already feeling the heat from Congress and from public interest representatives about improving transparency and public access to trade negotiations.
In written answers given as part of Lighthizer’s confirmation hearing last week, Senator Ron Wyden asked him, “What specific steps will you take to improve transparency and consultations with the public?”. Lighthizer’s reply (which he repeated in similar form in response to similar questions from other Senators) was as follows:
If confirmed, I will ensure that USTR follows the TPA [Trade Promotion Authority, aka. Fast Track] requirements related to transparency in any potential trade agreement negotiation. I will also look forward to discussing with you ways to ensure that USTR fully understands and takes into account the views of a broad cross-section of stakeholders, including labor, environmental organizations, and public health groups, during the course of any trade negotiation. My view is that we can do more in this area to ensure that as we formulate and execute our trade policy, we receive fulsome input and have a broad and vigorous dialogue with the full range of stakeholders in our country.
Senator Maria Cantwell sought to drill down into more specifics, by having Lighthizer address the skewed Trade Advisory Committees that currently advise the USTR. In response to her question:
Do you agree that it is problematic for a select group of primarily corporate elites to have special access to shape US trade proposals that are not generally available to American workers and those impacted by our flawed trade deals?
It is important that USTR’s Trade Advisory Committees represent all types of stakeholders to ensure that USTR benefits fully from a diverse set of viewpoints in considering the positions it takes in negotiations. If confirmed, I will work to ensure that USTR’s Trade Advisory Committees are appropriately constituted in order to achieve this goal.
Cantwell also invited Lighthizer to commit to replacing the advisory system with a new process that invites the American public to help shape U.S. proposals for trade agreements and give input on negotiated texts, as well as to having all proposals and negotiated texts published online in a timely fashion so the workers and the broader public that will be impacted by these agreements have a full understanding of what is being negotiated.
He declined to do so, going only so far as to say that he would look forward to discussing “additional means for ensuring public input into U.S. trade negotiations”, as well as “ways to ensure that USTR fully understands and takes into account the views of all stakeholders during the course of a trade negotiation”.
This rather vague commitment certainly doesn’t close the door on the administration adopting the kind of reforms that EFF has demanded, but it also suggests that we will have to continue fighting hard for them to avoid yet another cop-out by the agency.
Trans-Atlantic Consumer Groups Speak Out
Thankfully, we’re not alone in that fight. EFF has just returned from the annual public forum of the Trans-Atlantic Consumer Dialogue (TACD), a forum of U.S. and European consumer groups, of which we are a member. This diverse group released a Positive Consumer Agenda for trade which includes the following demands:
Any regulatory cooperation dialogue and trade negotiation must be transparent. Agendas of the meetings and rounds must be made publicly available well in advance as well as negotiating documents and minutes of meetings and rounds. For trade negotiations, negotiations should not begin until all parties agree to publish their textual proposals as well as consolidated negotiating texts after each round on publicly available websites. …
US positions on trade deals can be formulated the way other US federal regulations are: through an on-the-record public process established under the Administrative Procedure Act to formulate positions, obtain comments on draft texts throughout negotiations, and seek comments on proposed final texts. In the European Union, the Commission should open a public consultation when drafting negotiating mandates to mirror the legislative process.
Trade Isn’t the Right Tool For Every Internet Problem
A third front in our battle to reform the USTR’s closed and opaque trade negotiation practices is in a submission to the U.S. International Trade Commission (ITC) that we submitted this week. The ITC was seeking public submissions in an enquiry on digital trade, to gather input into a report that it is writing to advise the USTR on the topic.
The submission reiterates our demands that the USTR publish its proposals, publish draft texts, have an independent transparency officer, open up proposals to notice and comments and a public hearing process, and open up Trade Advisory Committees to be more inclusive. But it also points out that the USTR shouldn’t consider trade negotiations as the right tool to regulate every aspect of the Internet that touches on trade:
Whereas the Commission aims to describe regulatory and policy measures currently in force in important markets abroad that may significantly impede digital trade, our bottom line is that not all such measures that impede digital trade are necessarily protectionist. … [They may] also have important non-trade justifications that serve broader social and economic needs such as freedom of expression and access to information, consumer safety and privacy, and preservation of the stability and security of Internet networks.
When the only tool you have is a hammer, every problem looks like a nail—and the USTR has been hammering away like mad at topics as diverse as net neutrality, domain names, encryption standards, and intermediary liability. But because there are many other dimensions of these issues besides the trade dimension, trade negotiations aren’t necessarily the best venue to address them; and certainly not while those negotiations remain as closed and opaque as they are at present.
As the renegotiation of NAFTA is around the corner, the need for USTR to reform its outdated practices is becoming increasingly urgent. With Congress, consumer groups, and international trade experts all demanding similar reforms from the next Trade Representative, we certainly hope that Robert Lighthizer is feeling the heat, and that he will rise to the challenge once he takes office.
It can be difficult to understand the intent behind anti-terrorist security rules on travel and at the border. As our board member Bruce Schneier has vividly described, much of it can appear to be merely "security theater"—steps intended to increase the feeling of security, while doing much less to actually achieve it.
This week the U.S. government, without warning or public explanation, introduced a sweeping new device restriction on travelers flying non-stop to the United States from ten airports in eight Muslim-majority countries, and nine airlines from those countries. Passengers on these flights must now pack large electronics (including tablets, cameras, and laptops) into their checked luggage.
Information is still emerging regarding the rationale behind the ban, which went into effect at 3:00 Eastern Time Tuesday morning. The United Kingdom on Monday joined the United States with a similar regulation aimed at a differing set of flights.
These new restrictions on the transport of digital devices that have provoked a growing sense of insecurity among personal and business travelers flying between America, the Middle East and Turkey, and rightly so. Travelers to and within the United States were already concerned over reports of increasing levels of warrantless inspection of their devices at the border of the United States. Earlier this month, U.S. Customs and Border Protection revealed that there were more device searches in February alone than were conducted in the whole of the 2015 fiscal year.
One of the few consolations is that these invasive searches take place with your knowledge, during security searches of your body and personal items. As we recently described in our guide to digital searches at the border, and in our brief to the Fourth Circuit Federal Court of Appeals, the U.S. border is not a rights-free zone: searches should be noted, and if known about, can be challenged as unlawful. There is also the small compensation that, if officials do not demand access to your laptop, tablet or phone, you can at least be confident that your digital possessions have not been invasively searched.
Requiring digital devices to be checked as luggage removes those reassurances, and adds new concerns. If someone else has physical access to your device almost all information security guarantees are off the table. Data can be cloned for later examination. If you encrypt your stored data, you might limit how much direct data can be extracted—but even so, you cannot stop the examiner from installing new spyware or hardware. New software can be installed for later logging or remote control; protections can be disabled or manipulated.
Under these conditions, it's very hard to make any assurances about how safe your personal data can be in transit. Some security researchers have devised exotic ways to reveal physical tampering; others spend their time defeating those systems. But if your device is out of your possession, all bets are off.
This is not to assert that the new regulations are intended to enable these widespread, unaccountable searches. But given the content of the new regulation and the manner in which it was introduced, it's not surprising that rather than improving the confidence of travelers that their life and possessions remain safe and secure, it's led to even more doubt and uncertainty.
Because the United States authorities has provided little transparency into or notice of their decision, we have no idea what protection this regulation is attempting to provide. It is particularly unclear what the security benefit of limiting the ban to a few airlines and airports achieves. (Even if you believe, as officials within the Trump administration have stated, that some nationalities pose a particular threat, potential terrorists are surely smart enough to fly to an intervening nation which has not imposed the same controls, and take one of the multi-stop flights on which the United States still permits laptops as a carry-on.) At best, it seems like the real threat is so limited that the United States feels it not worth the cost to inconvenience other travelers. At worst, it adds to the sense that some crossing the border—for instance, citizens of these nations and American visitors to them—should have fewer protections and practical opportunities for legal defense against invasive searches at the border than others.
Security theater, or not, improving security at the border includes as a goal ensuring the sense of security and confidence that travelers have that their personal data and devices are safe from unlawful interference. To do that, the United States authorities needs to be more transparent in its reasoning, more protective of the highly personal information held on digital devices, and far less arbitrary in its search and treatment of different groups of travelers. A strong set of legal safeguards consistent governing digital device searches of every traveller—whether they are U.S. citizens, residents, or visitors—would be more secure, and safer for all.