Over the last year, large numbers of Americans have grown politically active for the first time. Reflecting the depth of our constitutional crisis, however, many seem not to know how to meaningfully raise their voices or participate in the political process.
Civic Participation Beyond Elections
Turnout in American elections has remained abysmally low for decades, suggesting some degree of either apathy, suppression, or both. Even Americans who do vote often overlook a litany of further opportunities available to those who pursue them.
Letters from individual constituents are most effective when combined with other strategies.
To their credit, the Indivisible guide's authors acknowledge that their guide “is not a panacea, and it is not intended to stand alone.” While important, letters from individual constituents are most effective when combined with other strategies.
How to Make a Letter Matter
Contacting an elected member of Congress represents an important act of political expression. Even when taking the time to write letters, however, individual constituents can be disregarded, or engaged in passing without commanding attention. Many who do gain the attention of their elected representatives’ offices receive only a form response.
Letters can, however, carry influence, particularly when they include:
An explicit request or demand for a particular vote on a specific piece of proposed legislation,
A request for a meeting in person, and
Support from at least three (and ideally half a dozen to a dozen) neighbors who co-sign the letter, identify themselves as constituents living in that office's legislative district, and attend the meeting together.
Are you part of a community group that gathers to examine the issues and write letters together? Letter writing events can become infinitely more influential when participants simply sign each other's letters, so that they reflect—and are received as indicating—dissent not just by an individual, but rather by an organized group of constituents.
To expand its reach, a grassroots group can easily direct letters not only at its Member of the House of Representatives, but also two U.S. senators, as well as members of the state legislature. It takes only five people writing one letter each to meaningfully raise a shared concern across those layers of federal and state representation.
Groups of more than five can also reach elected officials at the municipal and the county level, where policy opportunities are most fluid and potentially transformative.
Dissent in Public
Even letters written on behalf of groups remain generally private communications. Escalating pressure on elected representatives requires taking one's concerns to the public sphere.
One way to express public dissent is to write and submit an op-ed for publication in a local newspaper. Concise, persuasive, forceful writing of 700 words or fewer can often interest editors seeking commentary to share with a broad audience. Whether or not an op-ed submission is published by a newspaper, social media or outlets like Medium.com can offer an alternative platform for publication. Finally, groups of constituents can sometimes meet a newspaper's editorial board to educate editors who write their own columns.
Beyond press–based public dissent are any number of event–based alternatives, from expressive events like rallies, marches, and protests, to educational ones like teach ins, public discussions, or debates. Even seemingly recreational events like concerts or parties can prompt a public discourse if organized to emphasize substantive themes.
Finally, creative visual stunts, like flash mobs, light brigades, and banner drops—especially when amplified through social media—can offer groups with relatively few participants the chance to reach large audiences.
Events educating a public audience can shift the ground beneath an elected official and ultimately offer more influence than requests or demands made directly to their offices.
Training is available for any of these tactics through the Electronic Frontier Alliance, a network of local grassroots groups across the U.S. that remotely convenes each month. Any network of neighbors who share concerns about digital rights is welcome to explore and apply to join the EFA.
The Alliance offers groups that join access to EFF supporters in their own areas, other grassroots organizers elsewhere, and EFF staff available to provide policy or organizing guidance on request (including a sample letter seeking a meeting with a congressional office). Materials are currently under development offering detailed guidance on various campaign models, from hosting digital security workshops, to seeking legal restrictions on mass surveillance by local police.
Throughout the year, Congress takes occasional recesses, when lawmakers return to their states and districts. During these periods, congressional delegations are most accessible to constituents—and more vulnerable to their criticism. The Senate and House calendars include information about in-district work periods, one of which concludes this week.
During this week’s recess, we urge concerned readers to:
It’s no surprise that Americans were unhappy to lose online privacy protections earlier this month. Across party lines, voters overwhelmingly oppose the measure to repeal the FCC’s privacy rules for Internet providers that Congress passed and President Donald Trump signed into law.
But it should come as a surprise that Republicans—including the Republican leaders of the Federal Communications Commission and the Federal Trade Commission—are ardently defending the move and dismissing the tens of thousands who spoke up and told policymakers that they want protections against privacy invasions by their Internet providers.
Since the measure was signed into law, Internet providers and the Republicans who helped them accomplish this lobbying feat have decried the “hysteria,” “hyperbole,” and “hyperventilating” of constituents who want to be protected from the likes of Comcast, Verizon, and AT&T. Instead they’ve claimed that the repeal doesn’t change the online privacy landscape and that we should feel confident that Internet providers remain committed to protecting their customers’ privacy because they told us they would despite the law.
We’ve repeatedly debunked the tired talking points of the cable and telephone lobby: There is a unique, intimate relationship and power imbalance between Internet providers and their customers. The FTC likely cannot currently police Internet providers (unless Congress steps in, which the White House said it isn’t pushing for at this time). Congress’ repeal of the FCC’s privacy rules does throw the FCC’s authority over Internet providers into doubt. The now-repealed rules—which were set to go into effect later this year—were a valuable expansion and necessary codification of existing privacy rights granted under the law. Internet providers have already shown us the creepy things they’re willing to do to increase their profits.
The massive backlash shows that consumers saw through those industry talking points, even if Republicans in Congress and the White House fell for them.
Now that policymakers have effectively handed off online privacy enforcement to the Internet providers themselves, advocates for the repeal are pointing to the Internet providers’ privacy policies.
“Internet service providers have never planned to sell your individual browsing history to third parties,” FCC Chairman Ajit Pai and FTC acting Chairwoman Maureen Ohlhausen wrote in a recent op-ed. “That’s simply not how online advertising works. And doing so would violate ISPs’ privacy promises.”
Aside from pushing back on oversimplification of the problem at hand, we should be asking: What exactly are the “privacy promises” that ISPs are making to their customers?
In blog posts and public statements since the rules were repealed, the major Internet providers and the trade groups that represent them have all pledged to continue protecting customers’ sensitive data and not to sell customers’ individual Internet browsing records. But how they go about defining those terms and utilizing our private information is still going to leave people upset. These statements should also be read with the understanding that existing law already allows the collection of individual browsing history.
Comcast said it won’t sell individual browsing histories and it won’t share customers’ “sensitive information (such as banking, children’s, and health information), unless we first obtain their affirmative, opt-in consent.” It also said it will offer an opt-out “if a customer does not want us to use other, non-sensitive data to send them targeted ads.” We think leaving browsing history out of the list of information Comcast considers sensitive was no accident. In other words, we don’t think Comcast considers your browsing history sensitive, and will only offer you an opt-out of using your browsing history to send you targeted ads. There’s no mention of any opt-out of any other sharing of your browsing history, such as on an aggregated basis with third parties. While we applaud Comcast’s clever use of language to make it seem like they’re protecting their customers’ privacy, reading between the lines shows that Comcast is giving itself leeway to do the opposite.
Verizon similarly pledged not to sell customers’ “personal web browsing history” (emphasis ours) and described its advertising programs that give advertisers access to customers based on aggregated and de-identified information about what customers do online. By our reading, this means Verizon still plans to collect your browsing history and store it—they just won’t sell it individually.
AT&T pointed to its privacy policies, which carve out specific protections for “personal information … such as your name, address, phone number and e-mail address” but explicitly state that it does deliver ads “based on the websites visited by people who are not personally identified.” So just like Verizon, we think this means AT&T is collecting your browsing history and storing it—they’re just not attaching your name to it and selling it to third parties on an individualized basis.
In a filing to the FCC earlier this year, CTIA—which represents the major wireless ISPs—argued that “web browsing and app usage history are not ‘sensitive information’” and said that ISPs should be able to share those records by default, unless a customer asks them not to.
The common thread here is that Internet providers don’t consider records about what you do online to be worthy of the heightened privacy protections they afford to things like your social security number. Internet providers think that our web browsing histories are theirs to profit off of—not ours to protect as we see fit. And because Congress changed the law, they are now free to change their minds about the promises they make without the same legal ramifications.
These “privacy promises” are in no way a replacement for robust privacy protections enforced by a federal agency. If Internet providers want to get serious about proving their commitment to their customers’ privacy in the absence of federal rules, they should pledge not to collect or sell or share or otherwise use information about the websites we visit and the apps we use, except for what they need to collect and share in order to provide the service their customers are actually paying for: Internet access.
Derechos Digitales, la organización líder en derechos digitales en Chile, ha lanzado un nuevo informe, en colaboración con EFF, evaluando las prácticas de privacidad de los Proveedores de Servicios de Internet chilenos. Este proyecto forma parte de una serie en toda América Latina, y está adaptado de la publicación anual del informe de EFF ¿Quién defiende tus datos?. Los informes tienen por objeto evaluar a los proveedores de servicios de telefonía móvil y fijo para ver cuál se pone del lado de sus usuarios al responder a las solicitudes gubernamentales de información personal. Si bien es cierto que hay margen de mejora, la primera edición chilena del informe ¿Quién defiende sus datos? tiene algunos indicadores esperanzadores.
Los chilenos entran a la red más que cualquier otra nacionalidad en América Latina. Cuando los chilenos utilizan Internet, revelan sus datos más privados, incluyendo sus relaciones en línea, discusiones políticas, artísticas y personales, e incluso sus movimientos minuto a minuto. Y todos esos datos necesariamente tienen que pasar por un puñado de ISP. Eso significa que los chilenos son más propensos a confiar en sus proveedores para defender sus datos que nadie en América Central o del Sur.
El informe de Derechos Digitales se propuso examinar qué proveedores de servicios de Internet y compañías telefónicas chilenas son quienes mejor defienden a sus clientes. ¿Cuáles, entre ellos, son transparentes acerca de sus políticas con respecto a las solicitudes de datos? ¿Cuáles requieren una orden judicial antes de entregar información personal? ¿Alguno de ellos objeta alguna de las leyes de vigilancia o de las demandas individuales de los datos de sus usuarios? ¿Alguna de las compañías notifica a sus usuarios cuando cumplen con las solicitudes judiciales? Derechos Digitales examinó la información publicada públicamente, incluyendo las políticas de privacidad y los códigos de prácticas de cinco de los mayores proveedores chilenos de acceso a telecomunicaciones: Movistar, VTR, Claro, Entel y GTD Manquehue. Entre estos proveedores se cubre la gran mayoría de los mercados móviles, fijos y de banda ancha.
A cada empresa se le dio la oportunidad de responder a un cuestionario, participar en una entrevista privada y enviar cualquier información adicional que considerara apropiada, información que se incorporó al informe final. Este enfoque se basa en el trabajo anterior de EFF con Who Has Your Back? En los Estados Unidos, aunque las preguntas específicas del estudio de Derechos Digitales fueron adaptadas para ajustarse al marco legal de Chile. Investigaciones personalizadas que utilizan metodologías similares están siendo trabajadas por grupos de derechos digitales en toda América Latina. La Fundación Karisma en Colombia está a punto de publicar, por tercera vez, el informe ¿Dónde Están Mis Datos?. Mientras que InternetLab en Brasil está por publicar su segundo reporte anual, ADC en Argentina, R3D en Mexico, y TEDIC en Paraguay están también trabajando en estudios similares.
Abajo encontrará los rankings de Derechos Digitales para los ISP chilenos y las compañías telefónicas; El informe completo, que incluye detalles sobre cada empresa, está disponible en: https://www.derechosdigitales.org/qdtd/
Criterios de evaluación para ¿Quién Defiende tus Datos?
Protección de datos: Un ISP gana una estrella completa en esta categoría si publica su contrato de servicios de Internet para todos los tipos de planes y sus políticas de protección de datos en su sitio web de manera clara y accesible para los usuarios. Las políticas de protección de datos deben ajustarse a las normas nacionales. El cumplimiento parcial fue recompensado con media estrella.
Transparencia: Para ganar una estrella, los ISP deben publicar un informe de transparencia sobre como ellos manejan la información de los usuarios y los requerimientos del gobierno sobre esa información. Los informes de transparencia deben incluir información útil sobre el número especifico de peticiones de información que los ISP han aprobado y rechazado; un resumen de las peticiones ordenado por autoridad investigadora, tipo y propósito, el número específico de individuos durante el último año que han sido afectados por cada solicitud; Y si los terceros que administran datos de usuario lo hacen de una manera que protege la privacidad. Se concedió una media estrella a los ISP que publicaron informes de transparencia, pero no se refirieron específicamente a la protección de datos y al monitoreo de las comunicaciones. Si el proveedor no ha publicado un informe de transparencia, no se otorga ninguna estrella.
Notificación al usuario: Para obtener una estrella en esta categoría, los ISP deben, si están autorizados legalmente a hacerlo, notificar a sus usuarios de manera oportuna cuando las autoridades soliciten acceso a su información personal para que los usuarios puedan solicitar un recurso o apelación según sea necesario. Se otorgó una media estrella a los ISP que notifican a sus clientes cuando las autoridades hacen una solicitud de datos de usuario, pero no lo hacen de manera oportuna, lo que dificulta que los usuarios busquen una solución. Si no hubo evidencia de que un ISP notifica a sus usuarios cuando una autoridad solicita datos de usuario, la compañía no recibió ninguna estrella.
Pautas de privacidad de datos: Un ISP obtuvo una estrella en esta categoría si, en su sitio web, explica cómo maneja los datos del usuario, y especifica específicamente los requisitos y las obligaciones legales que las autoridades solicitantes deben cumplir al solicitar datos de la empresa. La explicación debe ser fácil de entender; Debe especificar los procedimientos que la empresa usa para responder a las solicitudes de datos de las autoridades; Y debe indicar durante cuánto tiempo retiene los datos de usuario. Un ISP ganó media estrella si publicó información sobre cómo maneja los datos del usuario, pero no especificó las obligaciones y procedimientos que requiere a las autoridades que solicitan datos del usuario.
Compromiso con la privacidad: Para ganar una estrella, un ISP debe haber defendido activamente la privacidad de sus usuarios en los tribunales, o ante el Congreso para impugnar alguna legislación invasiva, perjudicial para la privacidad de sus usuarios. Un ISP podría ganar una media estrella si ha defendido a sus usuarios en una de las dos áreas antes mencionadas (en los tribunales o frente al Congreso)
Las compañías en Chile han comenzado bien, pero todavía tienen un camino a seguir para proteger totalmente los datos personales de sus clientes y ser transparentes sobre quién tienen acceso a ellos. Derechos Digitales y EFF esperan publicar este informe anualmente para incentivar a las empresas a mejorar la transparencia y proteger los datos de los usuarios. De esta manera, todos los chilenos tendrán acceso a información sobre cómo se usan sus datos personales y cómo los ISP los controlan para que puedan tomar decisiones más inteligentes del consumidor. Esperamos que el informe brille con más estrellas el próximo año.
Derechos Digitales, the leading digital rights organization in Chile, has launched a new report in collaboration with EFF that evaluates the privacy practices of Chilean Internet Service Providers (ISPs). This project is part of a series across Latin America, adapted from EFF’s annual Who Has Your Back? report. The reports are intended to evaluate mobile and fixed ISPs to see which stand with their users when responding to government requests for personal information. While there’s definitely room for improvement, the first edition of the Chilean ¿Quién Defiende Tus Datos? (Who Defends Your Data?) report has some hopeful indicators.
Chileans go online more than any other nationality in Latin America. When Chileans use the Internet, they put their most private data, including their online relationships, political, artistic and personal discussions, and even their minute-by-minute movements online. And all of that data necessarily has to go through one of a handful of ISPs. That means that Chileans are more likely to be putting their trust in their providers to defend their data than anyone else in Central or South America.
Derechos Digitales’ report set out to examine which Chilean ISPs and telephone companies best defend their customers. Which are transparent about their policies regarding requests for data? Which require a judicial warrant before handing over personal information? Do any challenge surveillance laws or individual demands for their users’ data? Do any of the companies notify their users when complying with judicial requests? Derechos Digitales examined publicly posted information, including the privacy policies and codes of practice, from five of the biggest Chilean telecommunications access providers: Movistar, VTR, Claro, Entel, and GTD Manquehue. Between them, these providers cover the vast majority of mobile, fixed line and broadband markets.
Each company was given the opportunity to answer a questionnaire, to take part in a private interview and to send any additional information they felt appropriate, all of which was incorporated into the final report. This approach is based on EFF’s earlier work with Who Has Your Back? in the United States, although the specific questions in Derechos Digitales’ study were adapted to match Chile’s legal environment. Customized investigations using similar methodologies are being worked on by digital rights groups across Latin America. The Karisma Foundation in Colombia and R3D in Mexico are about to publish their third-annual reports. InternetLab in Brazil is about to publish its second-annual report, and ADC in Argentina and TEDIC in Paraguay are all working on similar studies.
Evaluation Criteria for ¿Quién Defiende tus Datos?
Data Protection: An ISP earned a complete star in this category if they published their Internet service agreement—for all types of plans—and their data protection policies on their website in a clear and accessible way to users. The data protection policies must be aligned with national regulations. Partial compliance was rewarded with half a star.
Transparency: To earn a star, ISPs must have published a transparency report on how they manage their users’ data and handle government requests for data. The transparency report must have included useful information about the specific number of data requests the ISP has approved and rejected; a summary of the requests by investigation authority, type, and purpose; the specific number of individuals over the last year who have been affected by each request; and whether third-parties managing user data do so in a privacy-protective manner. A half star was awarded to ISPs that published transparency reports, but did not specifically refer to data protection and the monitoring of communications. If the provider has not published a transparency report, no star was awarded.
User Notification: To earn a star in this category, ISPs must, if legally permitted, notify their users in a timely manner when authorities request access to their personal information so users may seek remedy or appeal as necessary. A half star was awarded to ISPs that notify their customers when authorities make a request for user data, but do not do so in a timely manner, making it difficult for the users to seek remedy. If there was no evidence that an ISP notifies its users when an authority requests user data, the company was not awarded a star.
Data Privacy Guidelines: An ISP earned a star in this category if, on their website, it explains how it handles user data—and specifically outlines the requirements and legal obligations requesting authorities must comply with when requesting user data from the company. The explanation must be easy to understand; it must specify the procedures the company uses to respond to data requests from authorities; and it must indicate how long it retains user data. An ISP earned a half star if it published information about how it handles user data, but did not specify the obligations and procedures it requires of authorities who request user data.
Commitment to Privacy: To earn a star, an ISP must have actively defended the privacy of their users in the courts, or in front of Congress to challenge broad legislation that is detrimental to the privacy of their users. An ISP could earn a half star if it has defended its users in one of the two areas listed above (in the courts, or in front of Congress).
Companies in Chile are off to a good start but still have a ways to go to fully protect their customers’ personal data and be transparent about who has access to it. Derechos Digitales and EFF expect to release this report annually to incentivize companies to improve transparency and protect user data. This way, all Chileans will have access to information about how their personal data is used and how it is controlled by ISPs so they can make smarter consumer decisions. We hope the report will shine with more stars next year.
A bad review on Yelp is an anathema to a business. No one wants to get trashed online. But the First Amendment protects both the reviewer’s opinion and Yelp’s right to publish it. A California appeals court ran roughshod over the First Amendment when it ordered Yelp to comply with an injunction to take down speech without giving the website any opportunity to challenge the injunction’s factual basis. The case is on appeal to the California Supreme Court, and EFF filed an amicus brief asking the court to overturn the lower court’s dangerous holding.
The case, Hassell v. Bird, is procedurally complicated. A lawyer, Dawn Hassell, sued a former client, Ava Bird, for defamation in California state court over a negative Yelp review. Bird never responded to the lawsuit, so the trial court entered a default judgment against her. The court—at Hassell’s request—not only ordered Bird to remove her own reviews, but also ordered Yelp to remove them—even though Yelp was never named as a party to the suit. (If this kind of abuse of a default judgment sounds familiar, that’s not a coincidence; it seems to be increasingly common—and it’s a real threat to online speech.)
Yelp challenged the order, asserting that Hassell failed to prove that the post at issue was actually defamatory, that Yelp could not be held liable for the speech pursuant to the Communication Decency Act, 47 U.S.C. § 230 (“Section 230”), and that Yelp could not be compelled to take down the post as a non-party to the suit. The trial court rejected Yelp’s arguments and refused to recognize Yelp’s free speech rights as a content provider. The California Court of Appeal affirmed the trial court’s decision, holding that Yelp could be forced to remove the supposedly defamatory speech from its website without any opportunity to argue that the reviews were accurate or otherwise constitutionally protected.
This decision is frankly just wrong—and for multiple reasons. Neither court seemed to understand that the First Amendment protects not only authors and speakers, but also those who publish or distribute their words. Both courts completely precluded Yelp, a publisher of online content, from challenging whether the speech it was being ordered to take down was defamatory—i.e., whether the injunction to take down the speech could be justified. And the court of appeals ignored its special obligation, pursuant to California law, to conduct an “independent examination of the record” in First Amendment cases.
Both courts also seemed to completely ignore the U.S. Supreme Court’s clear holding that issuing an injunction against a non-party is a constitutionally-prohibited violation of due process.
EFF—along with the ACLU of Northern California and the Public Participation Project—urged the California Supreme Court to accept the case for review back in August 2016. The court agreed to review the case in September, and we just joined an amicus brief urging the court to overrule the problematic holding below.
Our brief—drafted by Jeremy Rosen of Horvitz & Levy and joined by a host of other organizations dedicated to free speech—explains to the California Supreme Court that the First Amendment places a very high bar on speech-restricting injunctions. A default judgment simply cannot provide a sufficient factual basis for meeting that bar, and the injunction issued against Yelp in this case was improper. We also explained that the injunction violated clear Supreme Court case law and Yelp’s due process rights, and that the injunction violates Section 230, which prohibits courts from holding websites liable for the speech of third parties.
As Santa Clara University law school professor Eric Goldman noted in a blog post about the case, the appeals court’s decision opens up a host of opportunities for misuse and threatens to rip a “hole” in Section 230’s protections for online speech—protections that already seem to be weakening. If not overturned, as the already pervasive misuse of default judgments teaches, this case will surely lead to similar injunctions that infringe on publishers’ free speech rights without giving them any notice or opportunity to be heard. The California Supreme Court cannot allow this.
It's a great day for digital privacy in California. Confronted with opposition from a powerful and diverse coalition, Assemblymember Jim Cooper has pulled his legislation, A.B. 165, from consideration by the Assembly Privacy and Consumer Protection Committee. EFF joined over 60 civil rights organizations, technology companies, and school community groups in fighting A.B. 165, and we thank all the EFF members and friends who joined us in speaking out. The unrelenting, principled opposition to this anti-privacy bill stopped it from reaching its first committee hearing.
A.B. 165 attempted to create a carve-out in the California Electronic Communications Privacy Act (CalECPA), one of the strongest digital privacy bills in the nation. If A.B. 165 had passed, it would have left millions of Californians who attend our schools without strong protections against invasive digital searches.
California students need privacy on their digital devices in order to research sensitive topics, explore political issues, and connect with friends and family members. That’s especially true in this political moment when many students who come from immigrant families, are exploring their sexuality, or who are engaging in political protest may feel heightened concern around government access to their digital data.
The students of today will be the voters, creators, and policymakers of tomorrow. By teaching students that our laws respect and uphold their digital privacy from a young age, we can help create a future generation of engaged citizens who understand the value of digital privacy.
We thank the California Assemblymembers who responded to the privacy concerns with AB 165 and halted this bill in response to the public outcry, especially Assemblymember Ed Chau, Chair of the Committee.
While there are educational advantages to incorporating technology into the classroom experience, the survey results reflect an overarching concern that children as young as kindergartners are being conditioned to accept a culture of surveillance. EFF maintains that children should not be taught that using the Internet or technology requires sacrificing personal privacy.
The survey, launched in December 2015, elicited responses from over 1000 students, parents, teachers, librarians, school administrators, system administrators, and community members.
We organized the survey results into eight themes:
Lack of transparency: Schools and districts do not provide adequate notice and disclosures to parents about what technology their children use in the classroom, including devices and online applications that require transferring student information to private companies.
Investigative burden: Parents and even students themselves put in significant effort, sometimes over many months, to get information from both schools/districts and ed tech companies, about technology use in the classroom and its implications for student privacy.
Data collection and use: Parents are concerned about the specific data about their children that ed tech companies collect, and what companies do with that data, particularly for non-educational, commercial purposes and without written notice to and consent from parents.
Lack of standard privacy precautions: Survey participants reported 152 apps, software programs, and digital services being used in classrooms. Only 118 of these have published privacy policies online. And far fewer address important privacy issues such as data retention, encryption, and data de-identification and aggregation.
Barriers to opt-out: Many schools and districts do not provide the ability for parents to opt their children out of using certain technologies. Or if administrators are open to providing an opt-out option, many parents and students have found it difficult to make alternative technologies and teaching methods a reality.
Shortcomings of “Privacy by Policy”: Survey participants expressed doubt that the privacy policies of both schools/districts and ed tech companies actually protect student privacy in practice.
Inadequate technology and privacy training for teachers: Survey participants emphatically reported that teachers, those who interface most directly with ed tech and students, lack adequate training to move from “privacy by policy” to “privacy by practice.”
Digital literacy for students: Survey results revealed that there is a ripe opportunity and need to educate students about how to protect their privacy online, operate safely online, and generally be savvy users of technology, which are skills that they should carry into adulthood.
A goal of the “Spying on Students” survey was to highlight the struggles of average people trying to navigate the student privacy issue. So throughout the discussion of the survey results, we present the case studies of a parent, technology director, system administrator, and school librarian.
In addition to summarizing the survey results, the “Spying on Students” report includes an overview of relevant student privacy laws, including the federal laws FERPA and COPPA, and a sampling of state laws from California, Colorado, and Connecticut.
The report also discusses the inadequacy of the leading ed tech industry self-regulatory effort, the Student Privacy Pledge.
Finally, the report includes privacy recommendations and best practices for school/district administrators, teachers, librarians, system administrators, parents, students, and—of course—ed tech companies.
Today’s report is part of our larger student privacy campaign, which aims to educate students, parents, and school officials about digital privacy—and to encourage ed tech companies to institute better privacy policies and practices that actually protect the privacy of minor students, while enabling them to benefit from technology in the classroom.
With the right awareness and will—particularly from an $8 billion dollar industry—technology can be both educationally beneficial and privacy protective.
More than a dozen state legislatures are considering a bill called the “Human Trafficking Prevention Act,” which has nothing to do with human trafficking and all to do with one man’s crusade against pornography at the expense of free speech.
At its heart, the model bill would require device manufacturers to pre-install “obscenity” filters on devices like cell phones, tablets, and computers. Consumers would be forced to pony up $20 per device in order to surf the Internet without state censorship. The legislation is not only technologically unworkable, it violates the First Amendment and significantly burdens consumers and businesses.
Perhaps more shocking is the bill’s provenance. The driving force behind the legislation is a man named Mark Sevier, who has been using the alias “Chris Severe” to contact legislators. According to the Daily Beast, Sevier is a disbarred attorney who has sued major tech companies, blaming them for his pornography addiction, and sued states for the right to marry his laptop. Reporters Ben Collins and Brandy Zadrozny uncovered a lengthy legal history for Sevier, including an open arrest warrant and stalking convictions, as well as evidence that Sevier misrepresented his own experience working with anti-trafficking non-profits.
The bill has been introduced in some form Alabama, Florida, Georgia, Indiana, Louisiana, New Jersey, North Dakota, Oklahoma, South Carolina, Texas, West Virginia, and Wyoming (list here). We recommend that any legislator who has to consider this bill read the Daily Beast’s investigation.
But that’s not why they should vote against the Human Trafficking Prevention Act. They should kill this legislation because it’s just plain, awful policy. Obviously, each version of the legislation varies, but here is the general gist.
Manufacturers of Internet-connected devices would have to pre-install filters to block pornography, including “revenge porn.” Companies would also have to ensure that all child pornography, “revenge pornography,” and “any hub that facilitates prostitution” are rendered inaccessible. Most iterations of the bill require this filtering technology to be turned on and locked in the on position, by default.
This is terrible for consumer choice because it forces people to purchase a software product they don’t necessarily want. It’s also terrible for free speech because it restrains what you can see. Because of the risk of legal liability, companies are more likely to over-censor, blocking content by default rather than giving websites the benefit of the doubt. The proscriptions are also technologically unworkable: for example, an algorithm can hardly determine whether an item of pornography is “revenge” or consensual or whether a site is a hub for prostitution.
To be clear, unlocking such filters would not just be about accessing pornography. A user could be seeking to improve the performance of their computer by deleting unnecessary software. A parent may want to install premium child safety software, which may not play well with the default software. And, of course, many users will simply want to freely surf the Internet without repeatedly being denied access to sites mistakenly swept up in the censorship net.
A Censorship Tax
The model bills would require consumers to pay a $20 fee to unlock each of their devices to exercise their First Amendment rights to look at legal content. Consumers could end up paying a small fortune to unlock their routers, smartphones, tablets, and desktop computers.
Anyone who wants to unlock the filters on their devices would have to put their request in writing. Then they’d be required to show ID, be subjected to a “written warning regarding the potential dangers” of removing the obscenity filter, and then would have to sign a form acknowledging they were shown that warning. That means stores would be maintaining private records on everyone who wanted their “Human Trafficking” filters removed.
The Censorship Machine
The bill would force the companies we rely upon to ensure open access to the Internet to create a massive censorship apparatus that is easily abused.
Under the bill, tech companies would be required to operate call centers or online reporting centers to monitor complaints that a particular site isn’t included in the filter or complaints that a site isn’t being properly filtered. Not only that, but the bill specifically says they must “ensure that all child pornography and revenge pornography is inaccessible on the product” putting immense pressure on companies to aggressively and preemptively block websites to avoid legal liability out of fear of just one illegal or forbidden image making it past their filters. Social media sites would only be immune if they also create a reporting center and “remain reasonably proactive in removing reported obscene content.”
It’s unfortunate that the Human Trafficking Prevention Act has gained traction in so many states, but we're pleased to see that some, such as Wyoming and North Dakota, have already rejected it. Legislators should do the right thing: uphold the Constitution, protect consumers, and not use the problem of human trafficking as an excuse to promote this individual’s agenda against pornography.