Last week, 19 members of the U.S. Congress signed a letter to Bahrain’s king, calling for the release of prominent activist Nabeel Rajab, who was serving a three-month jail sentence for comments he made on Twitter. As have written previously, the Bahraini government has cracked down harshly on dissidents, allegedly utilizing tools such as FinFisher and arresting activists on trumped-up charges.
Today, Rajab was sentenced to three years in prison for a set of three different charges relating to his participation in protests. Rajab is the president of the Bahrain Center for Human Rights (BCHR), the director of the Gulf Center for Human Rights (GCHR), and the vice president of the International Federation for Human Rights (FIDH). In a statement today, the Bahrain Center for Human Rights wrote:
The Bahrain Center for Human Rights (BCHR) and the Gulf Center for Human Rights (GCHR) condemn in the strongest terms the sentence passed today against the detained human rights defender Nabeel Rajab by the Bahraini government on charges related to protesting.
As the violence escalates across Syria, so do the campaigns of targeted malware attacks against Syrian activists, journalists, and members of the opposition, which covertly install surveillance software on their computers. Syrians are growing more aware of the danger these campaigns pose to their security and the security of their friends and loved ones. On Facebook, the Union of Free Students in Syria group has started an album of students holding up signs warning against phishing attacks and malware, with messages that such as, "Assad supporters are sending dangerous files with hacked accounts. Check with your friends before opening an attachment."
The latest malware campaign plays into users' concerns about protecting their security by offering a fake security tool called AntiHacker, which promises to provide "Auto-Protect & Auto-Detect & Security & Quick scan and analysing."[sic] EFF's analysis indicates that this campaign is the work of the same actors behind several malware campaigns that lured their targets in using fake revolutionary documents and a fake Skype encryption tool--campaigns that date back to at least November 2011.
While it proports to provide security against hackers, AntiHacker instead installs a remote access tool called DarkComet RAT, which allows an attacker to capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more. Over a dozen of the attacks EFF has analyzed have installed versions DarkComet. It's increasingly close association with pro-Syrian-government malware, combined with the Human Rights Watch report on the Assad regime's network of torture centers, may have motivated the project's sole developer to shut it down, declaring his intention to work on an alternative tool that more closely resembles VNC and requires administrative access to install.
The AntiHacker tool even has a Facebook group, shown in the screenshot below:
The Facebook group includes a link to a website, shown in the screenshot below. This domain has been disabled, but the website is still up at the following IP: 220.127.116.11.
The site offers a download of AntiHacker.exe (md5sum af8e0815a0f44a78a95a89643f7c9ce6), shown in the screenshot below:
Unlike the fake Skype encryption program, this fake program does not abuse Comic Sans, but it does feature several suspicious errors, including a pop-up that reads: "You Are Running On unprotected Conection You Maybe At Risk !!!!" [sic], shown in the screenshot below:
Once the user has run the program, AntiHacker displays a pop-up that reads "You PC is Protect now thank for using our Product." [sic]
Instead of providing any kind of protection against hackers, AntiHacker connects back to 18.104.22.168 and attempts to download google.exe (md5sum 499d9bb81a79359523c9e6ef05f1b0d0):
Additionally, it creates a keylogger file called C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dclogs.sys once the user begin typing. This file is not shown in the screenshot.
It also creates C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\..lnk, shown in the screenshot below:
This version of DarkComet is not detectable by any anti-virus software as of August 1, 2012. However, it is detectable by the DarkComet RAT removal tool, written by the same developer that originally wrote DarkComet RAT. The screenshot below shows the removal tool detecting DarkComet RAT on an infected computer:
Syrian Internet users should be especially careful about downloading applications from unfamiliar websites. The AntiHacker website showed many signs of being illegitimate, including prolific abuse of English spelling and grammar, but this campaign demonstrates that while Syrian activists are becoming more savvy about efforts to trick them into downloading malware, attackers are also becoming more sophisticated.
As part of an ongoing investigation into a drug trafficking organization, DEA agents obtained approval from a federal magistrate judge to access the "subscriber information, cell site information, GPS real-time location, and 'ping' data" from a pre-paid wireless phone through the use of an admininstrative order (PDF) issued under the Stored Communications Act, which does not require "probable cause" like a search warrant. On appeal the defendant Melvin Skinner, argued that the three day warrantless cell phone tracking violated the Fourth Amendment, but the Sixth Circuit disagreed.
In what can only be described as a results-oriented opinion, the court found Skinner had no reasonable expectation of privacy in the cell phone location data because "if a tool used to transport contraband gives off a signal that can be tracked for location, certainly the police can track the signal." Otherwise, "technology would help criminals but not the police." In other words, because cell phones can be used to commit crimes, there can't be any Fourth Amendment privacy rights in them. If this sounds like an over-simplistic description of the legal reasoning in an opinion we disagree with, the sad reality is that the court's conclusion really did boil down to this shallow understanding of the law.
Completely missing in the court's analysis was any attempt to analyze whether a "search" occurred when the government accessed this data. Traditionally, this has meant that a court must undertake a two step inquiry: first determine whether a person has manifested a subjective expectation of privacy; and second, decide whether society would find that expectation of privacy reasonable. These questions are tricky, and courts that have considered the issue have reached differingresults, including an opinion in the Third Circuit finding a search warrant may be necessary for cell tracking.
But the fact remains that previous courts ruling on the constitutionality of warrantless cell tracking have at least engaged the privacy questions, looking at not only the technology at issue and how precise cell site tracking has become over the years. The opinions have also explored the government's alleged statutory authority to apply for such orders, whether users truly are "voluntarily" turning over their location when they simply turn their cell phone on, and whether privacy rights are extinguished merely by virtue of this information being turned over to the cell phone providers. Its not just courts that are grappling with these issues. Legislation on both the state and federal level have attempted to balance privacy rights with law enforcement needs in order to ensure that cell phone tracking is available to the police without completely eroding privacy.
But rather than engage in any of this analysis, or even acknowledge the prior, conflicting decisions on the issue, the Sixth Circuit took the lazy way out, noting that Skinner was only moving in public streets, and therefore the cell phone tracking was "no more of a comprehensively invasive search" than if the car was "tracked visually and the search handed off from one local authority to another as the vehicles progressed." Of course, earlier this year in her concurring opinion in United States v. Jones, a case deciding the constitutionality of long term GPS surveillance, Justice Sotomayor noted that she did "not regard as dispositive the fact that the Government might obtain the fruits of GPS monitoring through lawful conventional surveillance techniques." And in Kyllo v. United States, Justice Scalia's majority opinion made clear "the fact that equivalent information could sometimes be obtained by other means does not make lawful the use of means that violate the Fourth Amendment."
The court's failure to even distinguish between "subscriber information," "cell site information", "GPS real-time location" and "ping data" only underscores the Court's lack of analysis. This data is not all the same, and it would be foolish for a court to extend the rationale behind allowing police access to "subscriber information"—things like the name on file for a particular account, as well as billing information and method of payment—to allow the police to obtain real time tracking location of a person's movements over a course of three days. After all, a "search" is determined by looking at how intrusive the government's actions are, and little is more intrusive than the government's ability to trace a person's every movement for an extended period of time.
The court's focus on Skinner's involvement in a drug trafficking operation and its emphasis on "burner" phones as being more difficult to trace highlights not only the Court's apparent understanding of The Wire, but what we think is the court's true concern: making sure a criminal charged with serious crimes remains locked up. Even Judge Donaldson, who concurred with the result but not the rationale of the majority, noted he did not agree with his colleagues' characterization of the issue as "whether society is prepared to recognize a legitimate expectation of privacy in the GPS data emitted from a cell phone used to effectuate drug trafficking." He laments that the majority opinion not only "focuses on the criminal conduct in which Skinner was engaged," but implies that possession of a prepaid phone "is somehow illicit or suspicious in itself."
Somehow, the Sixth Circuit lost sight of the fact that its attempt to ensure criminals cannot "use modern technological devices to carry out criminal acts" means that innocent people will have to lose their privacy rights. Judge Berzon of the Ninth Circuit (PDF) recently noted a fear that "understandable abhorrence" of child pornography crimes "can infect judicial judgment" and lead to incorrect legal results that erode constitutional protections against intrusive computer searches for everyone. This fear is even greater when the issue before a court is the scope of privacy protections for a cell phone, a device carried by far more innocent people than criminals. Judge Berzon wrote judges must "remember that the protections of the Fourth Amendment do not depend on the nature of the suspected criminal activity, any more than they do on the race or gender of the suspect."
With the the battle over warrantless cell tracking coming soon to the Fifth Circuit Court of Appeals, who will hear oral argument during the week of October 1 in a case in which we filed anamicus brief, we hope the judges of that court will look beyond the fact that criminals use cell phones, and remember that innocent people use them too.
At the risk of repeating ourselves, the current patent system is broken. There's considerable evidence to support this claim, too—whether it's innovation-destroying patent trolls or certified "chaos" in legal battles among tech giants. More than 10,000 people have signed onto our Defend Innovation campaign, helpfully providing their thoughts on what works and what doesn't with the patent system, and what kinds of changes would really make things better.
These fixes can only come, however, with thorough evidence and analysis, which is why we have kicked off our Defend Innovation campaign. Another crucial ingredient is scholarship on the issue. Professor Colleen Chien of Santa Clara University School of Law is conducting a short Patent Demand Survey, and she's looking for your help in collecting relevant data. Professor Chien's research is an important step in understanding—and teaching others, including policy makers—the scope of the patent problem. It is crucial that those whose lives are affected by patents participate. We can't say it enough: we highly encourage those who have received patent demands to fill this confidential survey out.
We need entrepreneurs and engineers who have been affected by patents to tell their stories. Too often, startups are afraid (oftentimes for good reason) to publicly discuss the undesirable patent situations they find themselves in for fear of being targeted by trolls. And nearly all settlements with trolls require that alleged infringers sign nondisclosure agreements, meaning the world never finds out about the harm that has occurred.
We've been encouraged recently to see fixes to the system coming from within and without. For examples, private parties have developed tools to hack the system, making it work for engineers and companies who would rather not engage in the patent process. The Defensive Patent License (DPL) and Twitter's Innovator's Patent Agreement (IPA) are two prominent examples.
Two Congressmen also recently introduced the SHIELD Act, which creates a fee-shifting scheme for patent lawsuits: a plaintiff must have a good-faith believe that a defendant is infringing a valid patent, otherwise it must pay for the winning party's fees. Though we support this bill, it is an incremental change to a system that needs more sweeping reform. To that end, we've proposed our own additional suggestions on how to fix the system at https://defendinnovation.org.
It is exciting to see so many good ideas for revamping a broken patent system. Anecdotes serve to inspire, but thorough scholarly analysis is necessary too. If you or your business has been affected by patent demands, tell your story. When we are able to cite such scholarship in our legal briefs, our comments, and our blog posts, we make it that much harder for others to deny just how necessary it is to fix our broken patent system.
In the weeks since our post, a number of organizations have come out in support, petitioning the Ethiopian government to free Nega and drop the charges against him. The International Press Institute has submitted a letter signed by prominent journalists from all over the world, while Freedom Now filed a petition with the UN Working Group on Arbitrary Detention. A group of 32 IFEX member organizations has also sent an appeal for Nega's release.
As Martin Luther King, Jr. once wrote, "Injustice anywhere is a threat to justice everywhere." It is imperative that we speak out against threats to freedom of expression wherever they occur.
More Activists Convicted on Protest-Related Charges in Oman
The dozens of writers, activists, and bloggers who have been arrested on charges connected to their calls for greater freedoms in Oman in May and early June of 2012 have been brought to trial, convicted, and sentenced in recent weeks. The latest—a group of twelve activists—were sentenced on Wednesday in Oman’s capital, Muscat. Eleven were given a year’s prison and a 200 Riyal ($520) fine for participating in a peaceful protest. One was given a year’s prison sentence for insulting the Sultan. All twelve are expected to be released on bail pending appeal.
In June, seven other activists were given prison terms and fines, and more than twenty others were arrested in connection with protests calling for change. EFF will keep a close eye on the fate of these activists. If they wind up behind bars, EFF will join Amnesty International in calling for their immediate and unconditional release.
Nepalese Government Website Compromised, Altered to Serve Malware
The same vulnerability was used in the compromise of the Amnesty International UK website and the Institute for National Security Studies site in Israel in May. The Websense report shows evidence that the attack against the Nepalese government websites may be connected to the attack against Amnesty International UK, and that both attacks send data back to a domain in China.
EFF has reported extensively on state-sponsored malware that targets activists and their supporters. We will continue to issue periodic advisories in order to help vulnerable users avoid infection.
Russian Government Wiretaps Dissident Blogger Alexei Navalny
When Russian anti-corruption blogger Alexei Navalny found a bug hidden inside the wall molding in his office last week, he was not surprised. Russian security services have a long history of extensive surveillance of activists and dissidents, especially those who was outspokenly critical of the Putin regime. Before calling the police, Navalny posted this video of himself and his colleagues taking the surveillance device apart.
Upon inspection, the police reportedly found a microphone as well as a hidden camera attached to a power source and a transmitter. Police could be heard on the video saying that the device was being operated remotely. Navalny has faced possible arrest, trial, and ten years in prison on charges stemming from an alleged embezzlement scheme, but which Navalny and his supporters claim is an attempt to silence him.
The wiretapping of Navalny is part of a broader trend of surveillance and intimidation of the Putin regime’s critics in Russia since his re-election as President. The Kremlin has stepped up the arrest of dissidents, including the punk band Pussy Riot and passed new laws aimed at curbing free speech on the Internet. EFF will continue to keep an eye on developments.
In just a few hours, protestors are set to march to the headquarters of Bay Area Rapid Transit (BART) to mark the anniversary of last year's cell service shutdown. A year ago this week, responding to planned protests throughout the BART system, the transit authority cut off cell phone service in four stations in downtown San Francisco. We were among many to draw the connection between BART and Hosni Mubarak, former president of Egypt, who was in the midst of disabling communication networks to quell protests around the same time:
One thing is clear, whether it’s BART or the cell phone carriers that were responsible for the shut-off, cutting off cell phone service in response to a planned protest is a shameful attack on free speech. BART officials are showing themselves to be of a mind with the former president of Egypt, Hosni Mubarak, who ordered the shutdown of cell phone service in Tahrir Square in response to peaceful, democratic protests earlier this year.
Freedom of expression is a fundamental human right. Censorship is not okay in Tahrir Square or Trafalgar Square, and it’s still not okay in Powell Street Station.
It’s important to note that shutdowns of wireless service negatively affect both the public’s First Amendment rights and public safety. ... Safety and free speech are not mutually exclusive; in contrast, they are intertwined, and by shutting down cell phone service in August, BART threatened both.
The final cell service interruption policy (pdf), implemented in December may be an improvement, but it is still problematic. To its credit, this policy would likely have prevented the August shutdowns. It limits the circumstances under which cell service may be interrupted to situations where there is "strong evidence of imminent unlawful activity" and "the interruption will substantially reduce the likelihood of such unlawful activity." It also requires that the interruption is "essential" for the protection of safety, and that it is "narrowly tailored."
That said, BART management could abuse some vague language to curtail legitimate speech without real justification. The document provides "illustrative examples," but acknowledges that other circumstances might qualify. And while BART's new general manager Grace Crunican has made clear that she would not authorize a shutdown in a situation like last August's protest, that promise does little to guarantee, for example, that her successor won't.
For those protesting today, our Cell Phone Guide for Protestors may prove useful. Even a year later, BART's actions still serve as a potent reminder of communication networks and the danger to free speech their cutoff can pose.
Responding to Outreach by EFF and the ACLU of Northern California, Facebook Corrects Error and Affirms its Goal of Providing a Politically-Neutral Platform for Election Issues, Including Marijuana Reform
Last week, news outlets reported that Facebook was rejecting ads by advocacy groups working on marijuana policy reform. The ads in question showed marijuana leaves, sometimes with photos of Barack Obama and Mitt Romney, and urged viewers to join campaigns to make marijuana reform an election issue. Several versions of similar Facebook ads were submitted by Students for Sensible Drug Policy and Just Say Now, but both groups were initially rejected. After EFF and the ACLU of Northern California reached out to Facebook about the issue, Facebook did the right thing and restored the ads.
Facebook has publicly established guidelines that state that a Facebook advertisement "may not promote tobacco or tobacco-related products, including cigarettes, cigars, chewing tobacco, tobacco pipes, hookahs, hookah lounges, rolling papers, vaporized tobacco delivery devices and electronic cigarettes." But the language from the banned ads said simply things like: "Registered to vote? Make your voice heard on historic marijuana ballot measures this November" Another read "Marijuana Reform in 2012 | Obama and Romney are mum on marijuana reform. Learn how to make them start talking." Rather than advocate for marijuana usage, the banned ads urged users to get involved with fighting for reform.
EFF and the ACLU of Northern California reached out to Facebook to draw more internal attention to the fact that the company was censoring speech that was clearly political in nature. Facebook confirmed that the ads were erroneously rejected, that they do not violate Facebook’s policies, and that they would be quickly reinstated.1 EFF is pleased by Facebook’s prompt action to correct this error and we applaud its ongoing commitment to providing a politically neutral platform for political discussion in the approaching election season. However, given this error, and the need for our intervention, we also urge Facebook to carefully audit its ad review program to ensure that similar legitimate speech is not censored from its network.
For instance, those who have advertisements rejected by Facebook can submit an appeal here. This will result in a review by additional members of Facebook, and give Facebook an opportunity to correct any human errors in its policy enforcement. Unfortunately, this form is difficult to find in the help section of the Facebook website. Individuals who have ads rejected are informed via email and provided a link to Facebook’s Prohibited Content – neither the email nor the webpage provide any information about the appeals process. To ensure that individuals whose ad campaigns are erroneously removed can quickly appeal the decision, we urge Facebook to clearly link to the appeal page on its Prohibited Content page. In addition, they should clearly describe the appeals process in the emails rejecting the advertisements, so that similar issues can get resolved more quickly.
Facebook has over 900 million users, including elected officials and even EFF using the platform for political advocacy. It has a legal right to decide whether to permit or censor speech on its own domain, but Facebook also has an opportunity to create an online space where political discussions can flourish. As more of our speech—political and otherwise—moves into online forums like reddit, Facebook, and Twitter, these companies will be faced with the responsibility of arbitrating what type of speech will and won’t be permitted. Valuable political speech such as these policy advertisements, which unequivocally benefit the public discourse, could be subject to the vicissitudes of arbitrary company policies. While we’re glad to see free speech prevailing in this case, we hope that Facebook and other Internet companies continue to rise to the challenge of providing neutral, speech-protecting platforms as political and social engagement moves from town squares to comment threads.