More than a dozen state legislatures are considering a bill called the “Human Trafficking Prevention Act,” which has nothing to do with human trafficking and all to do with one man’s crusade against pornography at the expense of free speech.
At its heart, the model bill would require device manufacturers to pre-install “obscenity” filters on devices like cell phones, tablets, and computers. Consumers would be forced to pony up $20 per device in order to surf the Internet without state censorship. The legislation is not only technologically unworkable, it violates the First Amendment and significantly burdens consumers and businesses.
Perhaps more shocking is the bill’s provenance. The driving force behind the legislation is a man named Mark Sevier, who has been using the alias “Chris Severe” to contact legislators. According to the Daily Beast, Sevier is a disbarred attorney who has sued major tech companies, blaming them for his pornography addiction, and sued states for the right to marry his laptop. Reporters Ben Collins and Brandy Zadrozny uncovered a lengthy legal history for Sevier, including an open arrest warrant and stalking convictions, as well as evidence that Sevier misrepresented his own experience working with anti-trafficking non-profits.
The bill has been introduced in some form Alabama, Florida, Georgia, Indiana, Louisiana, New Jersey, North Dakota, Oklahoma, South Carolina, Texas, West Virginia, and Wyoming (list here). We recommend that any legislator who has to consider this bill read the Daily Beast’s investigation.
But that’s not why they should vote against the Human Trafficking Prevention Act. They should kill this legislation because it’s just plain, awful policy. Obviously, each version of the legislation varies, but here is the general gist.
Manufacturers of Internet-connected devices would have to pre-install filters to block pornography, including “revenge porn.” Companies would also have to ensure that all child pornography, “revenge pornography,” and “any hub that facilitates prostitution” are rendered inaccessible. Most iterations of the bill require this filtering technology to be turned on and locked in the on position, by default.
This is terrible for consumer choice because it forces people to purchase a software product they don’t necessarily want. It’s also terrible for free speech because it restrains what you can see. Because of the risk of legal liability, companies are more likely to over-censor, blocking content by default rather than giving websites the benefit of the doubt. The proscriptions are also technologically unworkable: for example, an algorithm can hardly determine whether an item of pornography is “revenge” or consensual or whether a site is a hub for prostitution.
To be clear, unlocking such filters would not just be about accessing pornography. A user could be seeking to improve the performance of their computer by deleting unnecessary software. A parent may want to install premium child safety software, which may not play well with the default software. And, of course, many users will simply want to freely surf the Internet without repeatedly being denied access to sites mistakenly swept up in the censorship net.
A Censorship Tax
The model bills would require consumers to pay a $20 fee to unlock each of their devices to exercise their First Amendment rights to look at legal content. Consumers could end up paying a small fortune to unlock their routers, smartphones, tablets, and desktop computers.
Anyone who wants to unlock the filters on their devices would have to put their request in writing. Then they’d be required to show ID, be subjected to a “written warning regarding the potential dangers” of removing the obscenity filter, and then would have to sign a form acknowledging they were shown that warning. That means stores would be maintaining private records on everyone who wanted their “Human Trafficking” filters removed.
The Censorship Machine
The bill would force the companies we rely upon to ensure open access to the Internet to create a massive censorship apparatus that is easily abused.
Under the bill, tech companies would be required to operate call centers or online reporting centers to monitor complaints that a particular site isn’t included in the filter or complaints that a site isn’t being properly filtered. Not only that, but the bill specifically says they must “ensure that all child pornography and revenge pornography is inaccessible on the product” putting immense pressure on companies to aggressively and preemptively block websites to avoid legal liability out of fear of just one illegal or forbidden image making it past their filters. Social media sites would only be immune if they also create a reporting center and “remain reasonably proactive in removing reported obscene content.”
It’s unfortunate that the Human Trafficking Prevention Act has gained traction in so many states, but we're pleased to see that some, such as Wyoming and North Dakota, have already rejected it. Legislators should do the right thing: uphold the Constitution, protect consumers, and not use the problem of human trafficking as an excuse to promote this individual’s agenda against pornography.
Was there a moment in your life when you had an awakening about the importance of digital privacy?
Maybe your parents snooped around an email account when you forgot to log out. Maybe photos you thought were private ended up online. Maybe you didn’t land your dream job, and you suspect an old LiveJournal account still visible in search results of your name may be the culprit. Maybe you got hacked.
We’re collecting stories from people about the moment digital privacy first started mattering in their lives. Through this collection, we’re hoping to illustrate the varied, often deeply personal reasons that people care about digital privacy. This isn’t a dry policy issue; corporate data practices have lasting ramifications on people’s everyday lives. And the recent vote by Congress to allow companies like Comcast and Time Warner to have unfettered access to our browsing habits puts our privacy even more at risk.
We launched the project by sending reporter David Spark to the Security BSides conference in San Francisco, where many fans of digital liberty often come to see EFF and others speakers discuss topics like security, privacy, and online freedom. In the video above, we collected some of those stories.
Want to add to the conversation? Post a blog post, article, tweet, or short video, and then share it on Twitter using the hashtag #privacystory. We’ll be collecting these, blogging about them and retweeting them to help spur a broader public conversation about the value of privacy in our digital world.
Starting today, Congress is closed for the next two weeks so members of Congress can be home. That means if you want to tell your member of Congress how you feel on any specific topic, such as your thoughts on the repeal of your broadband privacy rights or the upcoming debate on network neutrality, you have enormous opportunities that will not last long.
Hearing directly from constituents is the most direct way to influence a member of Congress to change his or her vote as well as highlight issues that are critical to you. These next two weeks present a special opportunity to attend a town hall or district event near you. If you can't make the time to talk to your legislator or his staff in the next two weeks then make a plan to voice your opinion in the coming months. We've written this guide on how best to communicate your voice to Congress.
How to Find Out Where to Meet Your Member of Congress
The best way to meet your federal Representative is to contact the local office by phone and ask where you can meet your elected official. The staff is in a position to inform you where you can meet them because they are given the schedule for their time back home. Most times, this will be at a town hall or at a district event where the member of Congress will provide an update on current events and take questions. Other times, it will be at an event in the district where they deliver a keynote address and stay afterwards to talk to constituents. You should also consider subscribing to the online newsletters of your House member, as well as your state’s two senators, since they often email their local events directly to constituents and subscribers.
Tell Them You Opposed the Broadband Privacy Repeal
Congress was nearly evenly split on whether or not to keep your broadband privacy rights, with 50 votes in favor of repeal against 48 in the Senate and 215 in favor with 205 against in the House. That means the final vote ultimately came down to just eight votes in total (three in the Senate and five in the House). Ultimately, forcing Congress to correct its course would require flipping a very small number of those who sided with the cable and telephone industry over the Internet and Americans who use it.
Some in Congress are staunchly defending their vote by relying on myths or persuasive sounding—but ultimately superficial—claims that their votes to strip the FCC of jurisdiction perversely supported your right to privacy.
For example, expect to hear proponents of repeal to argue that the FTC is better situated than the FCC to handle privacy. It may be confusing to hear that the cable and telephone industry also prefer the FTC, until you find out that the Federal Trade Commission may not have the legal power to do anything: in 2016 AT&T's lawyers were successful in prompting the 9th Circuit Court of Appeals to declare that the FTC cannot enforce privacy law on cable and telephone companies because they are common carriers. When lawyers working for the cable and telephone industry attempt to replicate that legal victory across the country in the coming years it will render any contemporary push for FTC oversight really a play for no oversight.
So make no mistake: when you hear from your elected official about how greatthe FTC is and how they voted to help the FCC become the primary agency in charge of privacy, the fact of the matter is they voted to hamstring the only federal agency that has direct and explicit legal authority to oversee the activities of the cable and telephone industry—the FCC.
The other common refrain from proponents was voting to “level the playing field” because some members of Congress entertain the notion that your social media and email is on the same footing as your cable or telephone company. This ignores the fact that a majority of Americans have only one choice for high speed broadband access, in comparison to many choices among social media and email platforms. This false equivalence between dramatically different industry sectors was contrived by a narrative created by the cable and telephone lobby years ago. Moreover, the FCC is legally restricted to apply privacy protections to just cable and telephone companies because Congress wrote the law to apply to them due to their special position in the market. It has long been a legal tradition that communications platforms (in the past telephone, now broadband) are required to keep private information you disclose when you use the service confidential unless you grant it permission otherwise.
Cable and telephone companies have long wanted to remove legal restrictions that, for decades, had prevented them from selling your personal information to third parties. First, the Internet services you utilize typically do not charge you money, whereas you more than compensate your cable and telephone company with monthly subscription fees.
Tell Them to Protect Internet Freedom
Just last week, it was reported that the new FCC Chairman met with the cable and telephone industry to discuss how best to hand over the Internet to them. According to media accounts, FCC Chairman Ajit Pai intends to surrender the Internet to the cable and telephone industry by no longer enforcing net neutrality protections under Title II of the Telecommunications Act.
The worst part about this plan is the FCC intends to do it in exchange for the cable and telephone industry promising they will not actively harm the free and open Internet for their corporate gain. Do you trust your cable and telephone company to not prioritize their own interests over yours?
Not only are these “promises” dubious as a legal matter, they cannot be held to keeping them once the FCC surrenders. Worst yet, no federal agency will be able to do anything about their activities. It is not surprising that this is the kind of plan that would be the product of a meeting with only cable and telephone executives. Since the FCC Chairman appears to be heading down a very destructive course of action for the free and open Internet, we need to mobilize to pressure Congress to push back on the FCC.
Here is what you need to do to pressure your elected represented to push back on the FCC plan:
Explain that you are a constituent, that you want to hear your Representative (or Senator) speak while home from Washington, and that you’d like the time & place for any town halls scheduled this week.
Also ask to whom you should address a letter seeking a meeting with a staffer after this week’s recess is over.
Recruit at least two neighbors, friends, or colleagues who live in your congressional district to join you.
Attend a town hall, and ask a question of the speaker (ideally while an ally records video). Ask why they want ISPs to have the power to sell your browsing history, and whether they want to force the FCC to hand the Internet over to Comcast, Verizon, and AT&T.
Publish your video online and share it through social media and encourage your friends to participate.
Congress as a whole shares responsibility for overseeing and funding the activities of federal agencies. That power offers frequent opportunities to assert influence over the agencies’ plans. That means in the coming months as we fight back on terrible ideas from the FCC, it becomes imperative that you enlist your elected officials as defenders of a free and open Internet and make it explicit that it would be unacceptable for the FCC to stand down in the face of self-serving demands from cable and telephone companies.
The case involves LiveJournal, a social media platform that allows users to create “communities” based on a common theme or subject. The communities are partly managed by moderators, who review posts (including photos) that users submit to make sure they follow the rules for posting and commenting created by the community. A community focused on celebrity news, called “Oh No They Didn’t” (ONTD), became particularly popular, garnering millions of views every month.
Enter Mavrix Photography, a photo agency that specialized in celebrities. Mavrix discovered that several of its celebrity photos had been posted on ONTD between 2010 and 2014. Rather than sending a DMCA takedown notice, Mavrix went straight to court to sue for copyright infringement. LiveJournal took the posts down immediately, and invoked the DMCA safe harbors, asserting that it was simply “hosting content at the direction of a user.” The district court agreed.
The Ninth Circuit took another view, based in large part on LiveJournal’s reliance on moderators to review and delete content. Those moderators, the court said, (1) might be LiveJournal’s agents; and, as such, (2) might have played such an active role in shaping the content of the ONTD community that content hosted on LiveJournal was not “at the direction of the user” (as required by the DMCA) but rather “at the direction of LiveJournal;” and (3) might have acquired actual or “red flag” knowledge of infringement that could be attributed to LiveJournal. So the court sent the case back to district court to let a jury figure it out—a very expensive proposition.
The court’s approach was surprising as a matter of law and policy. There is no dispute that LiveJournal users initially submitted the allegedly infringing content. As the district court held (PDF), “[U]sers of the LiveJournal service, not LiveJournal, select the content to be posted, put that content together into a post, and upload the post to LiveJournal’s service. LiveJournal does not solicit any specific infringing material from its users or edit the content of its users’ posts.”
The fact that moderators reviewed those submissions shouldn’t change the analysis. The DMCA does not forbid service providers from using moderators. Indeed, as we explained in the amicus brief (PDF) we filed with CCIA and several library associations, many online services have employees (or volunteers) who review content posted on their services, to determine (for example) whether the content violates community guidelines or terms of service. Others lack the technical or human resources to do so. Access to DMCA protections does not and should not turn on this choice.
The irony here is that copyright owners are constantly pressuring service providers to monitor and moderate the content on their services more actively. This decision just gave them a powerful incentive to refuse.
Want to spend your days fighting for digital rights and building a grassroots movement across the U.S.? You’re in luck! EFF is hiring.
We’re expanding the grassroots advocacy team at EFF. Part of our larger activism team dedicated to defending digital liberty in the public sphere, the grassroots team focuses on outreach to campus and community groups across the country and connecting them to advocacy opportunities, training resources, community organizing best practices and guidance, and allies both nearby and across the country.
The team’s signature project is the Electronic Frontier Alliance. Launched in 2016, the Alliance includes 52 autonomous local groups across the country, from small nonprofits dedicated to civil rights to campus student groups and hacker spaces. Every group in the Alliance embraces a shared set of digital liberty principles including privacy, security, access to knowledge, creativity, and freedom of expression.
Groups in the Alliance each set their own agendas and organize their own programs. EFF's grassroots team coaches them in pursuing various forms of public education (including discussion events, teach-ins, movie screenings, and interactive workshops), as well as advocacy opportunities (such as engaging policymakers at both the federal and local level, writing op-eds, and organizing the occasional protest). The team at EFF strives to inspire, coordinate, and amplify their work.
The Alliance is the grassroots wing of EFF’s traditional digital advocacy strategy. We’re building these connections in offline spaces to strengthen the digital rights movement beyond EFF and defend the rights of all Internet users.
EFF's grassroots team, and our work building and coordinating the Alliance, are also diversifying our community, ensuring that the digital rights movement of tomorrow engages technology users across gender, orientation, race, socio-economic background, age, political affiliation, and location.
The Activist role focuses on building local communities and support their independent efforts to defend digital rights. Every day includes opportunities to connect, encourage, inspire, and support people passionately concerned about free speech, privacy, and technology.
Sometimes those opportunities entail acting as a mentor to a student who wants to make a difference on their college campus. At other times, they involve connecting supporters seeking digital security training to others in their respective areas poised to address their needs. Others include speaking to public audiences about why free speech is vital to a functional democracy, why both values require privacy, and how individuals can meaningfully defend those values in their respective communities.
If you appreciate freedom, share our concerns about how freedom is threatened online, and enjoy facilitating workshops, hosting conference calls, speaking in public, writing articles, connecting allies to each other, and meeting with local digital rights activists to coach and guide their advocacy, you’ll love this job.
This position offers a chance for frequent travel and speaking engagements, so it is ideal for someone who is curious about seeing new places and eager to connect with new people. When you’re in town, you’ll work from the funky, fun, and fabulous EFF headquarters in San Francisco, a dog-friendly environment with flexible working hours, people from all walks of life, and staff-organized communities united around everything from weekend bike rides and board games to learning Spanish and baking pies. EFF offers unparalleled benefits, including dental & vision coverage, competitive pay, and retirement savings. We also offer further assistance with housing to ensure that employees (both renters and home buyers) can afford to live in the beautiful Bay Area, as well as relocation expenses for candidates moving from elsewhere.
What are you waiting for? Apply today and help us build the future of the digital rights movement.
Update (April 7, 2017): According to a new filing [.pdf], the Justice Department told Twitter that CBP's request had been withdrawn, and the government no longer seeks to identify the Twitter user. In response, Twitter dropped its suit.
Twitter is fighting an attempt by the Customs and Border Protection (CBP) agency to obtain identifying information about an “alternative agency” Twitter account, @ALT_uscis. EFF applauds Twitter for standing up for users’ free speech and swiftly pushing back on the government's attempts to identify a prominent critic. The government must not be able to use its formidable investigatory powers to intimidate and silence its critics, and CBP made almost no effort to justify its request. As Twitter’s complaint [.pdf] explains, the request should be barred by the First Amendment.
Since January, accounts like @ALT_uscis have sprung up to criticize Trump administration policy on several fronts, including climate change, foreign relations, and immigration. Although some of these accounts purport to be operated by employees of government agencies, they usually tweet without identifying themselves.
Anonymous political speech has a proud place in American history, going back to the country’s founding. It includes the pseudonymous publication of the Federalist Papers, and the first editions of Common Sense, which did not identify Thomas Paine. Not surprising, therefore, that the First Amendment places a high bar on any attempt to unmask anonymous or pseudonymous speakers to protect them from “the tyranny of the majority,” as the Supreme Court put it in 1995.
EFF has long defended the right to anonymous speech, including representing users who have sought to protect themselves against unmasking. As this case demonstrates, though, tech companies have a crucial role to play in this fight. We’ve called on companies to fight back against illegitimate or overbroad requests for user data, and to notify users of requests in all cases, unless specifically barred from law. Here, Twitter did both. We stand ready to help both Twitter and the user, and we hope other companies will follow their lead.
Border Searches of U.S. Persons’ Digital Devices Would Require a Warrant
As promised by Sen. Wyden in February, a bill was introduced this week in Congress that would require U.S. Customs and Border Protection or other government agents to obtain a probable cause warrant before searching the digital devices of U.S. citizens and legal permanent residents at the border.
This bill is timely. As NBC News recently reported:
Data provided by the Department of Homeland Security shows that searches of cellphones by border agents has exploded, growing fivefold in just one year, from fewer than 5,000 in 2015 to nearly 25,000 in 2016. According to DHS officials, 2017 will be a blockbuster year. Five-thousand devices were searched in February alone, more than in all of 2015.
We have been arguing for a while that the Fourth Amendment requires a warrant based on probable cause for border searches of cell phones, laptops, and other digital devices that contain gigabytes of highly personal information.
We most recently made these arguments in an amicus brief before the U.S. Court of Appeals for the Fourth Circuit in the case U.S. v. Kolsuz. We have not distinguished between U.S. persons and foreign nationals—for example, Mr. Kolsuz, whose iPhone was searched twice by CBP and Department of Homeland Security officials without a warrant, is a Turkish citizen. We nevertheless support the Protecting Data at the Border Act, even though it more narrowly focuses on the rights of U.S. citizens and green card holders.
CBP unreasonably argues that the privacy interest travelers have in digital devices is no different than that of luggage or other physical items travelers may bring with them across the border, thus CBP applies to digital devices the traditional “border search exception” to the Fourth Amendment, which permits warrantless and suspicionless “routine” border searches.
However, there is nothing “routine” about unregulated government intrusion into a device that contains, as the Supreme Court has said, “the sum of an individual’s private life.” As the bill’s findings state, the privacy interest in digital data “differs in both degree and kind from [the] privacy interest in closed containers.”
In addition to the warrant requirement, the Protecting Data at the Border Act would prohibit the government from delaying or denying entry or exit to a U.S. person based on that person’s refusal to hand over a device passcode, online account login credentials, or social media handles to a border agent.
During an April 5 hearing in the Senate Homeland Security & Governmental Affairs Committee, Sen. Paul grilled DHS Secretary John Kelly (starting at 2:15) on CBP agents denying entry to Americans, or threatening to do so, for refusing to provide access to their cell phones. Sen. Paul said, “That’s obscene.” Secretary Kelly appeared woefully ignorant about what is happening with privacy at the border and even incorrectly asserted that border searches of digital devices have not “significantly” increased since President Trump took office. He promised to look into the issue and get back to Sen. Paul.
utomated License Plate Readers (ALPRs) may be the most common mass surveillance technology in use by local law enforcement around the country—but they're not always used in the same way.
Typically, ALPR systems are comprised of high-speed cameras connected to computers that photograph every license plate that passes. The photo is converted to letters and numbers, which are attached to a time and location stamp, then uploaded to a central server. This allows police to identify and record the locations of vehicles in real time and also identify where those vehicles have been in the past. Using this information, police could establish driving patterns for individual cars. The type of data ALPRs collect, analyze, and access often depends on what kind of systems they use and how they combine the data.
Whether you’re a policymaker, journalist, or a citizen watchdog, it is important to note the specifics about how these technologies are used.
Many law enforcement agencies install ALPR cameras in a fixed location, such as permanently affixing the cameras to traffic lights, telephone polls, or at the entrances of facilities. The city of Paradise Valley, Ariz. even disguises ALPRs at cacti. Often a city or county will attach these on freeway exit ramps to capture the plates of every vehicle entering or leaving. With stationary cameras, law enforcement are able to capture only vehicles passing through that specific location. If cameras are pointed opposite each other, or can be repositioned remotely, law enforcement can know which direction a driver is traveling.
2) Semi-Stationary ALPR Cameras
Some law enforcement agencies acquire truck trailers or special surveillance vans outfitted with ALPR systems that they will tow and place at strategic locations. When parked, they function much like stationary cameras, capturing the plates of moving vehicles that pass within view. For example, law enforcement agencies have placed these vehicles at fairgrounds during high-traffic events like gun shows and political rallies to capture information on attendees and to screen them against existing databases. The big difference is that semi-stationary ALPR cameras can easily be moved to different locations as police feel their surveillance needs change.
3) Mobile ALPR Cameras
Police patrol cars can also be outfitted with ALPR cameras, allowing law enforcement officers to capture and screen plates as they drive along their normal beat or from crime scene to crime scene. Mobile ALPR cameras are also more effective at capturing the license plates of parked cars than stationary or semi-stationary cameras. With mobile ALPRs, officers can drive around a mall parking lot and pick up the plates of everyone shopping at that moment. Of more concern to civil libertarians is the ability for law enforcement to target sensitive places, such as centers of religious worship, health facilities, immigration clinics, union halls, political headquarters, and gun shops. Only two patrol cars in Oakland, for example, were able to cover most of the city in a week of driving around, with a disproportionate amount of coverage in Black and Hispanic neighborhoods.
4) ALPR Databases
A law enforcement agency does not even need to acquire its own ALPR cameras to access ALPR data. Private companies, such as Vigilant Solutions, deploy their own fleet of vehicles equipped with ALPR cameras. The companies then make this data available to law enforcement on a subscription basis. Unlike the other three types of ALPR, this private collection does not include many of the safeguards sometimes found in the government sector, such as transparency requirements, retention limits, and policies approved by an elected body. These four configurations aren't the end of the story.
It is not unusual for a law enforcement agency to deploy multiple flavors of ALPR, such as a combination of mobile and stationary cameras. A large number of agencies that use ALPR also feed data into privately hosted data systems, such as those offered by Vigilant Solutions. This allows agencies to share with one another, but also to draw information collected by the private company itself. Many agencies also share data through a central government system, such as those operated by fusion centers.
One common practice is for law enforcement to create targeted “hot lists” of vehicles, such as plate numbers of stolen cars or cars suspected of being involved in crimes or gang activity. In some cases, especially in Texas, law enforcement will create a list of individuals with overdue court fees. That way, police receive real time updates when particular vehicles are spotted by an ALPR camera.
While the above illustrates the four main ways ALPR is used by police, it is important to recognize some of the adjacent technologies. For example, red light cameras and automated speed traps often use ALPR technology. However, they are usually designed to only collect data on suspected violators, not the public at large. Toll roads and bridges also deploy ALPR technologies to make it more convenient to send bills to drivers. In addition, agencies are combining biometric technology with ALPRs, such as facial recognition or the ability to determine whether someone in the carpool lane actually has a passenger. Cities are also installing motion-sensor cameras that capture plates, but do not digitize them, allowing law enforcement to go back and search only after a crime has occurred. However, it is not difficult to apply software to extract license plate data from the images after the fact.
The Devil Is in the Details
When policymakers are considering whether to adopt ALPR technology, it is not a simple yes-no question. Constituents must pressure their representatives on the specifics: will these cameras be mobile or stationary, and does the purchase include access to a third-party database? Policies should specify how long data will be retained, who outside the agency can access the data, and the specific circumstances that allow an officer to search the data or add a vehicle to a hot list. No police chief or elected official should sign off on an ALPR purchase without first answering these questions and balancing them against their constituents’ rights to privacy.
ALPR tech poses a unique threat to privacy because it collects information on everyone, not just those connected to crimes. These systems wouldn’t work at all if the government did not require drivers to post identifying numbers in public view. But unlike an officer writing down plate numbers by hand, the collection and storage on a massive, automated scale can reveal intimate details of our travel patterns that should be none of the government’s business.