Online Spying Accusations Lobbed at Australia’s Telstra
Telstra, an Australian telco, has been accused of tracking its Next G mobile phone users’ Internet use without their consent, and then sending the data to a United States office of Netsweeper Inc., a Canadian company. A Telstra representative confirmed the practice in comments given to the press, saying the data was being collected “for a new tool to help parents and kids when they're surfing the net."
The practice came to light after a user noticed that a server in the U.S. accessed a given webpage at the exact instant that he visited the page on his mobile device. The systematic tracking and sharing of user data has sparked outrage, and Internet users are now calling for the Australian Privacy Commissioner to investigate.
Netsweeper, meanwhile, has drawn the ire of activists before, both for its role in providing Internet filtering software to foreign governments and for refusing to publicly commit not to respond to a request for proposals floated by Pakistan earlier this year for a net-filtering program geared toward enabling Internet censorship.
If Telstra’s Tracking Didn’t Get You …
It was a spectacularly bad news week for Telstra. Two days after the news broke that it was sending Internet data to the U.S., the media also revealed that the telco had inadvertently published personal information of 700,000 of its customers online.
Due to a problem with the company’s system for tracking orders for bundled services, personal details such as names, addresses, drivers’ license details and places of birth were rendered publicly accessible for a full eight months. The Australian Communications and Media Authority (ACMA) found that the company violated the Telecommunications Consumer Protections (TCP) Code and the Australian Privacy Act by failing to protect its clients' information and being too slow to respond to a flaw in the web-based management system, called Visibility Tool.
If Police Can Ignore Privacy Rules, What’s The Point In Having Them?
Peter Hustinx, Data Protection Supervisor for the European Union, made it clear at a June 21 press conference that the new proposed EU Data Protection Regulation would be ineffective if police and law enforcement were excluded from the scope of the law.
The European Union is currently in the process of revisiting the EU’s data protection directive, a major project that isn’t expected to be complete until the summer of 2013. Members of the European Parliament want to ensure that the new data protection rules extend to government agencies, but some member states want individual governments to have the power to decide where to draw the line between privacy and police investigations.
Notably, the proposed text would establish a regulation, rather than a directive. While member states are granted discretion when transposing a Directive into national law, Regulations have more teeth since they become immediately enforceable as law in EU member states.
Hustinx was speaking at an event held to mark the release of the European Data Protection Supervisor’s annual report, which outlined the actions of the data protection agency. The report noted that 107 complaints were filed in 2011, with allegations ranging from violations of data confidentiality to illegal use of data. Of those, 26 were deemed admissible .
“In its support of technological advances and economic development, particularly in an age of austerity, it is important that the EU administration does not lose sight of the right of the European citizen to privacy and data protection,” the report noted. “Only a joint effort to apply a consistent and effective approach will maintain this fundamental right.”
Loss of privacy at the hands of law enforcement has been taken to the extreme in some cases. In mid-June, the British government unveiled a far-reaching proposal for a surveillance bill that would vastly expand police powers to intercept every email, phone call or text message.
Twitter Gets Transparent
Twitter has released its Transparency Report, modeled after Google’s, to demonstrate its commitment to “hold governments accountable, especially on behalf of those who may not have a chance to do so themselves.” The data -- which spans from Jan. 1 to July 1 of this year -- provides some heretofore unseen, juicy details on how many user information requests the social media company received from governments around the world, along with some reporting on how often those requests were honored. There’s also information on the total number of court orders seeking content removal, plus a tally of copyright takedown requests. First, a nod of approval: Kudos on letting the sun shine in, Twitter!
Here’s the quick takeaway on government requests for user data. Since Twitter is an American company based right here in San Francisco, it should come as little surprise that the authorities most interested in user information are located in the U.S.
Twitter received 679 governmental requests for user information from within the U.S., pertaining to 948 user accounts, according to this handy chart. The company responded, either in part or in full, to 75 percent of them.
Japan was the next most likely country to come knocking on Twitter’s door, with 98 requests filed for information pertaining to 147 accounts since the beginning of 2012. Twitter turned over the records, in part or in full, 20 percent of the time. Canada and the UK were tied for third place, meanwhile, with 11 user information requests each, pertaining to 12 and 11 accounts, respectively. Twitter responded 18 percent of the time to each of them. Finally, a long list of other world governments, from Austria, to India, to Korea, to Turkey, filed fewer than 10 requests each.
This kind of transparency is needed now more than ever. Google’s own Transparency Report, which spans from July to December of 2011, reveals a 37 percent spike in U.S. government requests for users’ private data as compared to the previous year.
In January, we filed suit against the FAA under the Freedom of Information Act requesting information on the recipients of authorization to fly drones in the U.S. The FAA responded by releasing a list of approximately 60 entities that have applied for drone certificates, including over 30 local law enforcement agencies. Unfortunately, the FAA refused to release information about the types of drones these agencies were flying and for what purpose.
EFF already received a response from the Miami-Dade police department from a request we previously filed. The result was good news. It was the first unredacted drone Certificate of Authorization made public, and the department laid out restrictions on its use: they could not fly a drone within city limits or over populated areas, and it does not store images. Similarly, we've heard from the Texas Department of Public Safety that it hasn't flown its drones since completing training flights in August 2010.
Now, we want to find out if other agencies are restricted in the same sorts of ways.
Remember, while we currently only know of 60 public agencies with drones, the number of drone authorizations in the US is predicted to explode over the next few years—as many as 30,000 by the end of the decade. Congress passed a law in February mandating the FAA authorize use to public agencies if the applicant prove they can operate them safely, and Homeland Security Department is spending millions of dollars on a program to “facilitate and accelerate” their use by local law enforcement.
As we’ve explained before, the privacy implications are unprecedented. They can operate undetected and use sensors ranging from high-resolution cameras to heat detectors and more, and may not be subject to the same Fourth Amendment restrictions as human investigators. Ryan Calo, a prominent researcher who has written extensively about drones, has argued that drones could provide a necessary "visceral jolt" to our conception of privacy. But in order to shape policy around drones and surveillance, Americans must know the scope of law enforcement intentions.
As with any new technology, drones present both possibilities and potential for abuse by law enforcement. A transparent and public discussion about how law enforcement agents will use them — that starts with real information from the agencies — is the only way to ensure that this new technology doesn't encroach upon our civil liberties.
HOPE Number Nine is fast approaching, and EFF staff members are excited to give a slew of talks on everything from drones to location privacy to privacy tricks for web developers. We'll also have attorneys on site to provide information about reverse engineering, vulnerability reporting, copyright, free speech, and more.
If you're planning to attend HOPE Number 9 and you'd like to set up an appointment to speak with us there, please contact us by Monday, July 9. If you'd like to discuss any concerns about talks you plan to give at HOPE, let us know by Friday, July 6. If we can't assist you, we'll make every effort to put you in touch with an attorney who can.
Secret, undemocratic trade agreements could put shackles on our free open Internet and they need to be stopped before they do. The Trans-Pacific Partnership (TPP) agreement is being negotiated behind closed doors in a process that not only excludes civil society and public, but also elected representatives that already have proper security clearance are denied the ability to view and participate in the negotiations. Meanwhile, corporate representatives have full access to the text online. This process is not only lacks any transparency, it’s completely incompatible with our democratic notion of society.
This week, the Office of the United States Trade Representative (USTR) will host the 13th round of negotiations over the TPP in San Diego at the Hilton Hotel. EFF will be attending the first days of the meeting, both to engage with the negotiators at the USTR-run stakeholder events and to speak and rally outside the meetings to raise public awareness of these shady proceedings.
The TPP carries provisions that would enact the global norms of copyright policy lobbied for by content industry lobbyists. Those provisions would override sovereign national laws and prevent countries from passing, or even retaining, pragmatic copyright legislation appropriate for their own national needs. It’s a secretive plurilateral1 agreement that includes provisions dealing with intellectual property (IP) including online copyright enforcement, anti-circumvention measures, and liability for Internet intermediaries like Internet service providers and hosting providers. Due to the secrecy of the negotiations, we don’t know what’s in the current version of the TPP’s IP chapter; the general public has only seen a leaked February 2011 version of the U.S. IP chapter proposal [pdf]. Given the corrupt process we’ve observed and what we've seen in this leak, we have every right to be furious that government representatives are negotiating an agreement that will harm online expression, privacy, and innovation on the Internet.
Within the past month, Canada and Mexico have been invited to join the agreement. So while 11 countries are currently involved, the TPP will likely continue to expand to include other nations. Worst of all, it creates a global standard of intellectual property enforcement that is even more flawed than the broken copyright laws established in the United States.
Events Planned At the Negotiations
Many events and actions are planned around this week’s TPP negotiations in San Diego. Seeing how eventful the last round of negotiations went in Dallas and the great number of new organizations that have joined the fight against this secret corporate-fueled agreement, we’re excited to see how the week will play out.
EFF’s International Intellectual Property team is in San Diego to speak out against this international trade agreement and its impacts on Internet freedom, access to knowledge, and innovation. The first day of negotiations begins on Monday July 2, when an internal stakeholder presentation and tabling event is scheduled inside the Hilton hotel. EFF’s International Intellectual Property Director—Carolina Rossini— will present directly to stakeholders about the problems with the TPP’s provisions relating to technological protection measures (AKA digital rights management [DRM]). A public kick-off rally and press event will be held outside the hotel where EFF’s International Intellectual Property Coordinator—Maira Sutton— will rally and give a brief speech to raise awareness within the general public. On Tuesday July 3, the EFF team and Francisco Vera from Chilean digital rights organization, ONG Derechos Digitales, will discuss the TPP’s IP chapter and its impact on the Internet. For more information on these events, visit this link.
Organizations Uniting Against the TPP’s IP Provisions
Congress members are finally turning the heat on the USTR to halt these secretive TPP negotiations. Last Wednesday, over 130 House representatives sent a letter to US Trade Representative Kirk demanding transparency in the negotiations process. Also last week, four Senators, including Ron Wyden2, sent a letter to the USTR requesting congressional access to all negotiation documents, in addition to permitting access for groups advocating Internet freedom policies. Representative Issa formally asked to "observe" the negotiations in San Diego, in a move to encourage inclusion of representatives and other stakeholders in the negotiation process.
If you're in the US, please call on your representatives to oppose Fast Track for TPP and other undemocratic trade deals with harmful digital policies.
1. A plurilateral agreement is an agreement between more than two countries, but not a great many, since that would make it a multilateral agreement.
Today, EFF joins a broad, international coalition of civil society groups calling on elected officials to sign the new Declaration of Internet Freedom and uphold basic rights in the digital world. The Declaration is simple; it offers five core principles that should guide any policy relating to the Internet: stand up for online free expression, openness, access, innovation and privacy. Sign it here.
For too long in the US, Congress has attempted to legislate the Internet in favor of big corporations and heavy-handed law enforcement at the expense of its users’ basic Constitutional rights. Netizens’ strong desire to keep the Internet open and free has been brushed aside as naïve and inconsequential, in favor of lobbyists and special interest groups. Well, no longer.
That all changed on January 18th when users around the country joined together in protest of the Stop Online Piracy Act (SOPA)—the misguided copyright legislation that would have allowed for censorship of broad swaths of the Internet, while stifling innovation and threatening Internet security. SOPA, though its passage was once characterized as inevitable by the deep-pocketed content industry, was stopped in its tracks when millions of ordinary citizens told their representatives in one voice: Don’t mess with the Internet.
Why were Internet users so empowered for the first time? For one reason, Internet freedom now affects virtually all of the American public—young and old—given the web’s importance to everyone’s daily life. It’s also nonpartisan: elected officials from both sides of the aisle worked together to stop SOPA. Members of Congress in both parties now need to compete for the bragging rights as Internet defenders instead of taking every opportunity to erode ordinary users’ rights.
But while the power Internet users possess to shape public policy has never been greater, unfortunately, digital civil liberties have never been under more threat from Congress. SOPA was just the first of many pieces of legislation that Congress has debated this year with potential consequences for the Internet and digital civil liberties.
A month ago, the House of Representatives passed CISPA, a bill intended to address cybersecurity concerns, but which carves out a giant exception to all existing privacy laws, allowing companies to hand over your communications to the government voluntarily without a warrant. The Senate is currently debating their version and needs your input.
The FBI also wants Congress to pass an expansion of CALEA—also known as the Internet wiretapping law—that would force Internet companies to install backdoors into all their services so that the government can get real time access to Facebook private messages, email conversations and Skype calls. The FISA Amendments Act—which gutted privacy protections of Americans emailing overseas in the wake of the NSA warrantless wiretapping program—is also up for renewal this year. Congress has so far refused to reform the bill, despite evidence it has allowed dragnet surveillance of American citizens’ communications without a warrant. Rep. Lamar Smith, the author of SOPA, has proposed a data retention bill, requiring every ISP to keep data on individual Internet users not suspected of any crime and allow law enforcement access to it. Other members of Congress have called for charges against WikiLeaks that threaten online press freedom.
Meanwhile, positive Internet legislation has been all but ignored. Patent reform is desperately needed to stop crippling lawsuits that are stifling software innovation. The Electronic Communications Privacy Act—the primary law which governs email—was written before the world wide web even existed, and Congress has yet to update it to give warrant protections that has always been given to physical letters. Similarly, a bill requiring a warrant for cell phone and GPS tracking has been stuck in committee for years, despite the Supreme Court recently ruling that attaching a GPS device to a car with no court oversight is unconstitutional. The Global Online Freedom Act also has yet to see a floor vote, and positive cybersecurity or copyright legislation is nowhere to be seen.
Many international lawmakers have similarly attempted to legislate away Internet freedoms, and EFF will explain in more detail in the coming days, the pledge can also be used to positively affect the Internet globally.
But right now, we are asking for your help in getting Congress to respect digital civil liberties and work for the Internet rather than against it. Sign the Declaration of Internet Freedom so we all can build a movement for a censorship-free, open, and innovative Internet. You can also join the conversation on Reddit and propose your own changes. But most importantly, at the next 2012 election campaign stop in your hometown, hand it to candidates running for office and ask them to sign it.
Inman started his campaign last month as part of his response to a legal threat letter he received from the website FunnyJunk.In 2011, Inman published a blogpost condemning FunnyJunk for posting hundreds of his comics without crediting or linking back to The Oatmeal.A year later, Carreon – the attorney for FunnyJunk – served Inman with a letter claiming the post was defamatory and demanding The Oatmeal pay $20,000 and agree to never speak the words Funny Junk again.
Inman crafted a humorous and creative response, publicly annotating the cease and desist letter with a scathing critique of its facts and logic. He could have stopped there, but he also tried to make some good come of the situation. Instead of paying the baseless demand, Inman decided instead to ask people to give money to Operation BearLove Good, Cancer Bad. As he explained:
Instead of mailing the owner of FunnyJunk the money, I'm going to send the above drawing of his mother. I'm going to try and raise $20,000 and instead send it to the National Wildlife Federation and the American Cancer Society.
I’m hoping that philanthropy trumps douchebaggery and greed.
The Internets stood up and cheered, the campaign on Indiegogo met its initial goal of $20,000 in 64 minutes, and over $100,000 in the first day. Incensed, Carreon demanded that Indiegogo put a stop to the campaign, but the crowdsourcing website refused to halt the fundraiser. So Carreon filed suit - against Inman, Indiegogo, the two charities and later, for good measure, the California Attorney General. Nevertheless, the campaign continued, raising over $200,000 for NWF and ACS.
So what is standing in the way of getting that money to the good folks who protect bears and fight cancer? Carreon, and his outrageous demand for a temporary restraining order, filed yesterday.
Why outrageous?Let us count the ways:
Carreon's claim runs contrary to the Constitution. As Carreon is well aware, freedom of speech is a cornerstone of our legal system. Carreon wants the court to shut down Inman's speech: a comic response to the letter. Sorry, Charlie, the First Amendment protects Inman's right to challenge your legal threat.
Carreon is wrong on the law. Carreon based his claim on the notion that Inman, a full-time webcomic artist based in Seattle, violated false advertising law because he was allegedly required to register with the California Attorney General as a professional fundraiser. No, Inman is not a commercial fundraiser and not required to register, and he certainly did not falsely advertise to anyone that he was registered.
Ten bucks may help bears and fight cancer, but it doesn't give Carreon control of the funds. The night before Carreon filed suit, he donated $10 to Operation BearLove Good, Cancer Bad, claiming this gave him standing to stop the distributiuon of the money, and keep Inman from taking the photo of cash. The law does not permit this.
A TRO would only cause undue delay.Carreon claims he needs to take control and put the money in a charitable trust for the charities.Yet all his gamesmanship would do is delay the money for the charities - much of which has already been sent. There simply is no basis for the court to get involved.
There are many other reasons, explained in detail in our opposition. Indiegogo has also opposed the restraining order, expaining why the suit should never have been brought against them in the first place.
Since last year, a few members of Congress—led by Senator Ron Wyden—have been trying to get the Obama administration to answer a simple question: how many Americans’ phone calls or emails have been and are being collected and read without a warrant under the authority of the FISA Amendments Act of 2008 (FAA)? Unfortunately, no one else in the government seems to want that question answered.
The question arose soon after Congress passed the FAA, which among other things sought to create immunity for telecoms that helped the NSA conduct warrantless wiretapping and gutted privacy protections for Americans communicating overseas. A New York Times investigation described how, under the FAA, a “significant and systemic” practice of “overcollection” of communications resulted in the NSA’s intercepting millions of purely domestic emails and phone calls between Americans. In addition, documents obtained via a Freedom of Information Act request by the ACLU, although heavily redacted, revealed “that violations [of the FAA and the Constitution] continued to occur on a regular basis through at least March 2010”— the last month anyone has public data for.
The FISA Amendments Act is currently up for renewal, and Sen. Wyden, along with Sen. Mark Udall, wants the NSA to answer questions about these violations before Congress extends the law for five more years. “We have concluded… that section 702 [of the Act] currently contains a loophole that could be used to circumvent traditional warrant protections and search for the communications of a potentially large number of American citizens,” the Senators alleged.
Yet not only have changes not been made to the law to address this vital concern, but the administration refuses to give the Senators any information on whether they're correct. Back in July 2011, the Office of the Director of National Intelligence told them “it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed” under the FAA.
Well, what about just a rough estimate? Last week, the Inspector General of the Intelligence Community officially responded for himself and the NSA Inspector General: “such an estimate was beyond the capacity of his [the NSA IG’s] office and dedicating sufficient additional resources would likely impede the NSA’s mission.” Then, almost unbelievably, the NSA IG excused itself further from oversight by saying that “an IG review of the sort suggested would itself violate the privacy of U.S. persons.”
That’s right. The government says that it would violate Americans’ privacy for the NSA’s inspector general to estimate how many Americans’ privacy have been violated by the NSA.
The loophole that Wyden is likely talking about appears to be so-called “back door” searches. As Wyden explains it, since communications are sucked up without an individual warrant under the FAA, there must “be clear rules prohibiting the government from searching through these communications in an effort to find the phone calls or emails of a particular American, unless the government has obtained a warrant or emergency authorization permitting surveillance of that American.” The Senate Select Committee on Intelligence (SSCI) rejected an amendment stating that as well. SSCI chairman Dianne Feinstein insisted no such loophole existed, but still refused to support the amendment that would have cleared up any ambiguity.
In response, Sen. Ron Wyden commendably put a ‘hold’ on the FAA’s reauthorization in the Senate—a procedural maneuver that will at least temporarily keep the bill from going forward without debate—citing the potential massive privacy violations that the government will not explain to the American public.
Unfortunately, the House has so far refused to compel such information as well. Two weeks ago, the House Judiciary Committee passed the re-authorization of the FISA Amendments Act 23-11, yet voted down all amendments that would have forced the government to be more transparent about the communications it had collected.
Rep. Jackson-Lee’s amendment—similar to Sen. Wyden’s request—for an “estimate” on how many times Americans’ emails have been read without a warrant was rejected, despite testimony from ACLU’s Jameel Jaffer laying out all the evidence that dragnet surveillance of American's communcations was rampant. The Judiciary committee also rejected an amendment requiring the release of redacted FISA rulings—which are all classified—and a shorter re-authorization period.
Yesterday, the House Permanent Select Committee on Intelligence (HPSCI) did the same thing, unanimously voting to extend the law for five years as well—again, with no known changes—and in secret.
These bills both still need to be voted on by the full House and Senate before going to the President’s desk, and without amendments adding robust oversight, transparency, and privacy protections, they should be voted down. Please call your member of Congress and tell them you strenously oppose the reauthorization of the FISA Amendments Act.