New legislation in the Netherlands makes it the first country in Europe to establish a legal framework supporting net neutrality. In addition to the net neutrality provisions, the law contains language that restricts when ISPs can wiretap their users, and limits the circumstances under which ISPs can cut off a subscriber's Internet access altogether.
The anti-wiretapping section of the new law specifies that ISPs may not use technologies like deep packet inspection (DPI), except under limited circumstances, or with explicit consent from the ISP’s customer, or to comply with a court order or other legislative provisions. One Dutch ISP, KPN, came under fire last year for using DPI to determine whether its subscribers were using VoIP on mobile devices.
The new law sets out an exhaustive list of six circumstances in which an ISP can disconnect or suspend the Internet access of subscribers. These include: termination at the request of the subscriber, non-payment by a subscriber, in cases of deception, at the expiry of a fixed contract, force majeure, or if the ISP is required to terminate by law or a court order. In addition, the network neutrality provisions also permit blocking of an Internet connection where necessary for the integrity and security of a network.
The provisions are the Dutch government’s implementation of the 2009 EU Telecoms Package revision framework. Article 1(3a) of the Framework Directive states that EU Member States may only adopt measures interfering with citizens’ ability to access and use the Internet in limited circumstances. In particular measures may only be imposed if they are “appropriate, proportionate and necessary within a democratic society, and their implementation shall be subject to adequate procedural safeguards in conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Community law, including effective judicial protection and due process.”
As Dutch digital rights group Bits of Freedom notes, the new provisions are needed because “[c]urrently, Internet providers on the basis of their terms and conditions may terminate or suspend the Internet connection for various reasons.” This law ensures that ISPs cannot disconnect users for nebulous terms of service violations. This gives Internet users some protection against ISPs adopting voluntary or semi-voluntary measures, such as policies to disconnect Internet users on three allegations of copyright infringement.
This is important as voluntary three strikes policies become an increasingly real danger. In the United States, for example, ISPs and major media trade groups have developed a voluntary "graduated response" program — the so-called "six strikes" deal — that is set to go into effect this July. EFF is now calling on Internet users to pressure the participating ISPs for a public commitment not to cut users off under the new program.
The Dutch law comes after vigorous campaigning by civil society groups including influential digital rights group, Bits of Freedom. Ot van Daalen, the Director of that organization, hopes it will spark similar legislation elsewhere. "Bits of Freedom campaigned hard for these provisions and our work paid off. The law sets an example for other countries, and we call on the rest of Europe to follow."
The International Telecommunication Union (ITU) will hold the World Conference on International Telecommunications (WCIT-12) in December in Dubai, an all-important treaty-writing event where ITU Member States will discuss the proposed revisions to the International Telecommunication Regulations (ITR). The ITU is a United Nations agency responsible for international telecom regulation, a bureaucratic, slow-moving, closed regulatory organization that issues treaty-level provisions for international telecommunication networks and services. The ITR, a legally binding international treaty signed by 178 countries, defines the boundaries of ITU’s regulatory authority and provides "general principles" on international telecommunications. However, media reports indicate that some proposed amendments to the ITR—a negotiation that is already well underway—could potentially expand the ITU’s mandate to encompass the Internet.
In similar fashion to the secrecy surrounding ACTA and TPP, the ITR proposals are being negotiated in secret, with high barriers preventing access to any negotiating document. While aspiring to be a venue for Internet policy-making, the ITU Member States do not appear to be very open to the idea of allowing all stakeholders (including civil society) to participate. The framework under which the ITU operates does not allow for any form of open participation. Mere access to documents and decision-makers is sold by the ITU to corporate “associate” members at prohibitively high rates. Indeed, the ITU’s business model appears to depend on revenue generation from those seeking to ‘participate’ in its policy-making processes. This revenue-based principle of policy-making is deeply troubling in and of itself, as the objective of policy making should be to reach the best possible outcome.
Release the documents
The ITU Member States should urgently lift restrictions on sharing the preparatory materials and ITR amendments, and release the documents. The current preparatory process lacks the transparency, openness of process, and inclusiveness of all relevant stakeholders that is the hallmark of Internet policy-making. A truly multi-stakeholder participation model requires equal footing for each relevant stakeholders including civil society, the private sector, the technical community, and participating governments. These principles are the minimum that one could expect following commitments made at the World Summit on Information Society (WSIS). The ITU Secretary-General Dr. Hamadoun I. Touré reiterated these commitments last year at the Internet Governance Forum in Kenya:
In its own words, the "ITU remains firmly committed to the WSIS process," and it considers itself to have "made considerable progress in many areas in advancing the implementation of the WSIS outcomes."
And in practice? Not likely. This is why EFF, European Digital Rights, CIPPIC and CDT and a coalition of civil society organizations from around the world are demanding that the ITU Secretary General, the WCIT-12 Council Working Group, and ITU Member States open up the WCIT-12 and the Council working group negotiations, by immediately releasing all the preparatory materials and Treaty proposals. If it affects the digital rights of citizens across the globe, the public needs to know what is going on and deserves to have a say. The Council Working Group is responsible for the preparatory work towards WCIT-12, setting the agenda for and consolidating input from participating governments and Sector Members.
We demand full and meaningful participation for civil society in its own right, and without cost, at the Council Working Group meetings and the WCIT on equal footing with all other stakeholders, including participating governments. A transparent, open process that is inclusive of civil society at every stage is crucial to creating sound policy.
Respect the multi-stakeholder process
Civil society has good reason to be concerned regarding an expanded ITU policy-making role. To begin with, the institution does not appear to have high regard for the distributed multi-stakeholder decision making model that has been integral to the development of an innovative, successful and open Internet. In spite of commitments at WSIS to ensure Internet policy is based on input from all relevant stakeholders, the ITU has consistently put the interests of one stakeholder—Governments—above all others. This is discouraging, as some government interests are inconsistent with an open, innovative network. Indeed, the conditions which have made the Internet the powerful tool it is today emerged in an environment where the interests of all stakeholders are given equal footing, and existing Internet policy-making institutions at least aspire, with varying success, to emulate this equal footing. This formula is enshrined in the Tunis Agenda, which was committed to at WSIS in 2005:
83. Building an inclusive development-oriented Information Society will require unremitting multi-stakeholder effort. We thus commit ourselves to remain fully engaged—nationally, regionally and internationally—to ensure sustainable implementation and follow-up of the outcomes and commitments reached during the WSIS process and its Geneva and Tunis phases of the Summit. Taking into account the multifaceted nature of building the Information Society, effective cooperation among governments, private sector, civil society and the United Nations and other international organizations, according to their different roles and responsibilities and leveraging on their expertise, is essential.
84. Governments and other stakeholders should identify those areas where further effort and resources are required, and jointly identify, and where appropriate develop, implementation strategies, mechanisms and processes for WSIS outcomes at international, regional, national and local levels, paying particular attention to people and groups that are still marginalized in their access to, and utilization of, ICTs.
Indeed, the ITU’s current vision of Internet policy-making is less one of distributed decision-making, and more one of ‘taking control.’ For example, in an interview conducted last June with ITU Secretary General Hamadoun Touré, Russian Prime Minister Vladimir Putin raised the suggestion that the union might take control of the Internet: “We are thankful to you for the ideas that you have proposed for discussion,” Putin told Touré in that conversation. “One of them is establishing international control over the Internet using the monitoring and supervisory capabilities of the International Telecommunication Union (ITU).”
Perhaps of greater concern are views espoused by the ITU regarding the nature of the Internet. Yesterday, at the World Summit of Information Society Forum, Mr. Alexander Ntoko, head of the Corporate Strategy Division of the ITU, explained the proposals made during the preparatory process for the WCIT, outlining a broad set of topics that can seriously impact people's rights. The categories include "security," "interoperability" and "quality of services," and the possibility that ITU recommendations and regulations will be not only binding on the world’s nations, but enforced.
In this sense, it is somewhat concerning that the ITU appears to draw its inspiration for Internet reform from the earliest days of the network. For example, earlier this year, Ntoko zeroed in on online anonymity, which EFF has fought to protect in the past. Citing the early days of ARPAnet, when the Internet consisted of a number of academic institutions who could identify each other by IP address, Ntoko has expressed his view regarding the anonymous nature of the Internet as: "[it] wasn't always that way, and shouldn't be in the future."
Rights to online expression are unlikely to fare much better than privacy under an ITU model. During last year’s IGF in Kenya, a voluntary code of conduct was issued to further restrict free expression online. A group of nations (including China, the Russian Federation, Tajikistan and Uzbekistan) released a Resolution for the UN General Assembly titled, “International Code of Conduct for Information Security.” The Code seems to be designed to preserve and protect national powers in information and communication. In it, governments pledge to curb “the dissemination of information that incites terrorism, secessionism or extremism or that undermines other countries’ political, economic and social stability, as well as their spiritual and cultural environment.” This overly broad provision accords any state the right to censor or block international communications, for almost any reason.
Promote openness and transparency
Currently, there are several organizations dealing with Internet Policy at the global and regional level. The Committee of Ministers of the Council of Europe issued guidance on Internet governance in a Declaration on Internet Governance Principles. It emphasizes the need for openness and transparency:
The development and implementation of Internet governance arrangements should ensure, in an open, transparent and accountable manner, the full participation of governments, the private sector, civil society, the technical community and users, taking into account their specific roles and responsibilities.The development of international Internet-related public policies and Internet governance arrangements should enable full and equal participation of all stakeholders from all countries.
The decentralised nature of the responsibility for the day-to-day management of the Internet should be preserved. The bodies responsible for the technical and management aspects of the Internet, as well as the private sector should retain their leading role in technical and operational matters while ensuring transparency and being accountable to the global community for those actions which have an impact on public policy.
There are some factors in place that may, perhaps, insulate strong democracies such as the United States from the more harmful elements of the ITU proposal. As with all international policy-making venues, ITU outputs will not become law until enacted domestically by Member States such as the United States, Canada o Sweden. This means that any ITU policies antithetical to a free and democratic society might not necessarily make it into domestic law. Central to this will be the legitimacy of the institution, and the United States government, for example, has already stated that the ITU’s lack of adherence to multi-stakeholder principles is deeply problematic and a barrier to the institution’s legitimacy.
In spite of this, a closed and expanded ITU policy-making role remains a threat to an already fragile public interest. Several governments have continuously sought to launder unpopular measures through international intergovernmental venues that would subvert democratic Internet principles or hard-won international human rights law protections. The Council of Europe’s Cybercrime Treaty is a good example of policy laundering at an international level. Similarly, multi-lateral or pluri-lateral agreements, like ACTA and TPP, are a way to bypass national and global inter-governmental institutions that are more transparent and open to civil society participation as well as democratic checks and balances.
The ITU proposal will establish an ongoing source of international policy that does not have the interests and rights of Internet users in mind. Further, unlike other venues which recognize the importance of ongoing flexibility in Internet policy-making, the ITRs are a treaty, legally binding on its signatories. While the ITU’s refusal to commit to a multi-stakeholder model may act to safeguard strong democracies from its more harmful policy outputs, democratic countries with weaker internal checks and balances will find it more difficult to provide such insulation. Even countries with well-entrenched safeguards for human rights may be tempted to adopt laws that conflict with human rights where these align with powerful domestic interests, as was demonstrated by recent attempts to pass SOPA/PIPA and CISPA in the United States.
We urge the ITU Secretary General et al to ensure that the outcomes of the WCIT and its preparatory process truly represent the common interests of all who hold a stake in the future of our information society. If your government is a member of ITU, demand transparency and tell them to open the process and disclose the WCIT preparatory documents and Treaty amendments.
According to a recent investigation by the Swedish news show Uppdrag Granskning, Sweden’s telecommunications giant Teliasonera is the latest Western company revealed to be colluding with authoritarian regimes by selling them high-tech surveillance gear to spy on its citizens. Teliasonera has allegedly enabled the governments of Belarus, Uzbekistan, Azerbaijan, Tajikistan, Georgia and Kazakhstan to spy on journalists, union leaders, and members of the political opposition. One Teliasonera whistle-blower told the reporters, “The Arab Spring prompted the regimes to tighten their surveillance. ... There’s no limit to how much wiretapping is done, none at all.”
The investigative report, titled “Black Boxes,” in reference to the black boxes Teliasonera allowed police and security services to install in their operation centers--which granted them the unrestricted capability to monitor all communications—including Internet traffic, phone calls, location data from cell phones, and text messages—in real-time. This has caused concern among Swedish citizens and Teliasonera shareholders, who had previously been assuaged by assurances from the telecommunications company that they follow the law in the countries in which they are operating. After a meeting with Peter Norman, Sweden’s Minister of Financial Markets, the chairman of Teliasonera’s board of directors issued a statement, announcing that they had launched “an action programme for handling issues related to protection of privacy and freedom of expression in non-democratic countries, in a better and more transparent way.”
Teliasonera’s declaration of good intentions may be too little too late after the damning evidence of abuse compiled by Uppdrag Granskning. Documents obtained by their investigators showed an Azerbaijani had his phone tapped after he published a piece about being beaten at the hands of government security agents while covering a story. The report also found that black-box surveillance was used in Belarus to track down, arrest, and prosecute protesters who attended an anti-government protest rally following the 2010 Belarusian presidential election. One Azerbaijani citizen says he was interrogated solely due to the fact that he voted for the Armenian representative in the 2009 Eurovision song contest.
In the post-Soviet state of Georgia, these recent revelations have prompted the Georgian Young Lawyers Association (GYLA) to challenge indiscriminate wiretapping in their country, alleging that far from complying with local statutes, Teliasonera was breaking Georgian law.
GYLA points out that the Georgian criminal code and constitution protect personal information such as private phone calls. Police must obtain a court order before they can listen in to a citizen’s private phone conversations. GYLA attorney Maya Khutsishvili says that companies can only provide private information about a person to investigative bodies based on such a court order—and that a court’s ruling must indicate why the investigative body needs to listen to a specific person or receive other kinds of personal information.
EFF believes that for Western countries providing telecommunications equipment or services, merely complying with the law is insufficient. Authoritarian regimes can interpret the law in ways that justify unlimited spying on journalists and political dissidents. Or, as is the case in Georgia, the laws on the books are not enforced—unrestricted surveillance is the order of the day. If tech companies want to avoid being repression’s little helper, they must know their customer and refrain from cooperating with governments that they believe will use their technology to facilitate human rights violations.
A series of events in the last two weeks have set the stage for how surveillance drones will be operated by local law enforcement in the United States and how citizens can demand privacy protections as domestic use escalates.
We know that dozens of law enforcement agencies already have drones, based on information from EFF’s Freedom of Information Act lawsuit over the FAA’s initial refusal to release the list of authorizations. And one of the biggest cities with a police department on the list was Seattle.
It turned out Seattle’s city council—which oversees the police department—was just as surprised as many citizens to see Seattle Police Department’s name on the list. The city council learned about the drones through a reporter asking questions related to EFF’s lawsuit, not through official channels. After front page stories in the Seattle Times and an official apology from the Seattle police department, Seattle is now the first city to consider privacy safeguards for drone use by law enforcement.
The ACLU of Washington has asked the city council to pass a legally binding ordinance detailing “what kind of information can be collected, who can collect it, how the information can be used, and how long it can be kept,” along with “an auditing process to make sure the policies are followed.” The Seattle Times agreed. In an editorial written on May 6, the city’s largest paper urged city council to adopt “usage restrictions, image-retention limits, and regular audits and reviews of drones as a law-enforcement tool.”
Seattle’s Police Department has already pledged drones would not be used for surveillance, and only “for situations like crime scene photography, missing person searches, and barricaded person scenarios.” They’ve also indicated they would work with the FAA to develop privacy policies. But as the Seattle Times noted, privacy safeguards must be implemented by binding ordinance, “not by policy nods, promises and good intentions.”
In a similar incident just yesterday, after the Shelby County Tennessee sheriff’s office requested two drones as part of a $400,000 Homeland Security grant, the Shelby county commission questioned the Sheriff’s Office on how they would be using the drone and asked them to draw up privacy guidelines. The sheriff’s office promptly withdrew its request for drones. But encouragingly, the commission is still pushing the sheriff’s office for privacy policies. As the Memphis Daily Newsreported, “several commissioners said they might still pursue setting some guidelines on the use of such surveillance through a memorandum of understanding with the sheriff’s office.”
Responding to an EFF public records request, Miami-Dade County also released information about its drones earlier this week, which it bought using a grant from the Justice Department (DOJ).
The FAA itself estimates that there may be as many as 30,000 drones in the US by the year 2020, and with the loosened restrictions coupled with the Department of Homeland Security and DOJ issuing grants for local police forces to buy drones, it’s imperative that local governments act swiftly to ban surveillance drones outright or institute robust safeguards for their citizens. Americans cannot afford to wait for the FAA or Congress to act.
EFF would also like your help. In the coming days, we’re going to announce a crowd-sourcing campaign aimed at finding out as much information as possible on each law enforcement agency’s use of drones and how citizens can voice their concerns to their local governments. Right now, if you have any information on how your local law enforcement plans to use drones, email email@example.com. You can get this information by calling your local police department.
And stay tuned for more, as we plan on announcing a detailed campaign soon.
Civil Society Seeks Access to Planning Documents for Secret Negotiations Around Internet Regulation
An upcoming treaty renegotiation process could prove to have dire implications for digital civil rights. As we have explained, the World Conference on International Telecommunications – "WCIT" for short, pronounced “wicket” by insiders – will be held in Dubai this coming December, and preparations for this important treaty-writing conference are in full swing. The forum is being organized by a secretive United Nations agency called the International Telecommunication Union (ITU).
The fear that’s been bouncing around the blogosphere amid civil society organizations this week is that the WCIT could be used to push through expansion of the ITU’s mandatebeyond telecommunications, to encompass the Internet.
This does not bode well for the future of the Internet.
At the WCIT, member states will hash out revisions to a set of regulations that make up a treaty called the International Telecommunication Regulations, or ITRs. Some proposed revisions to the ITRs have already been made, but they haven’t been made public. This renegotiation process could prove to have a serious impact on online civil liberties – yet the talks are being held in secret, without adequate input from the organizations that represent the public interest.
If negotiations continue down this path, we could end up with a treaty that allows for greater governmental control over the Internet.
That’s why EFF and 30+ civil society organizations issued a letter May 17 demanding that the ITU ends its secrecy. We are calling for the immediate release of all the documents describing preparations for WCIT and proposed ITR revisions. Since it’s prohibitively expensive to obtain the planning documents that are being drafted in advance of the WCIT, it’s impossible for most public interest participants to review them and weigh in with informed opinions.
Joe McNamee,Executive Director, European Digital Rights (EDRi), a coalition of 32 privacy and civil rights organisations based in Europe, told EFF:
Beyond the creaking bureaucracy, the undemocratic procedures and the fact that the ITU effectively sells access to decision-makers through exorbitant corporate membership fees, the single biggest practical problem with the ITU is that it moves extremely slowly and cannot readily remedy any mistakes that it makes. Any damaging policy adopted under this process will burden global freedom of communications for years to come.
Jérémie Zimmermann, co-founder and spokesperson of citizen advocacy group La Quadrature du Net, told EFF:
This trend by governments to increasingly use trade agreements and treaties to try to control a free, open and universal Internet is alarming. Citizens must take action and expose their governments' roles in these negotiations, in order to protect the networked public sphere that we all share as a common good.
The secrecy surrounding these talks brings to mind the closed-door negotiations that civil society has condemned throughout negotiations of ACTA and the TPP, as Milton Mueller of the Internet Governance Project pointed out in a recent blog. Mueller noted that ACTA was negotiated in secret to appease the copyright and intellectual property lobbies, but this tactic ultimately backfired because “the closed process … gave the resulting treaty a lack of legitimacy,” triggering organized opposition.
It’s time for ITU to respect the multi-stakeholder process and let the sun shine in. All restrictions on sharing the preparatory materials and proposed ITR amendments should be lifted, and the documents should be released and subjected to public scrutiny.
We demand transparency, and call upon the ITU to open the process and disclose the WCIT preparatory documents and treaty proposals. The public should not be kept in the dark.
Letter from Civil Society
Civil society organizations and academics are invited to join this call to address deficiencies in the WCIT process. For more information, contact firstname.lastname@example.org.
17 May 2012
To Secretary-General Dr. Hamadoun Touré, the Council Working Group to Prepare for the WCIT-12, and ITU Member States:
The undersigned human rights advocates, academics, freedom of expression groups, and civil society organizations write to express our desire to participate in the preparatory process undertaken for the World Conference on International Telecommunications (WCIT). The current preparatory process lacks the transparency, openness of process, and inclusiveness of all relevant stakeholders that are imperative under commitments made at the World Summit on Information Society (WSIS). We ask that the Secretary-General, the Council Working Group, and Member States work to resolve these process deficiencies in several concrete ways.
The continued success of the information society depends on the full, equal, and meaningful participation of civil society stakeholders (along side the private sector, the academic and technical community, and governments) in the management of information and communications technology, including both technical and public policy issues. Indeed, WSIS outcome documents recognize the need for a multi-stakeholder approach in technical management and policy decision-making for ICTs. The Tunis Agenda for the Information Society urges international organizations “to ensure that all stakeholders, particularly from developing countries, have the opportunity to participate in policy decision-making … and to promote and facilitate such participation.” And such participation depends on transparency and openness of process at every stage of substantive and procedural dialogue.
Yet there has been scant participation by civil society in the Council Working Group’s preparatory process for the WCIT so far, even as media reports indicate that some Member States have proposed amending the International Telecommunication Regulations to address issues that could impact the exercise of human rights in the digital age, including freedom of expression, access to information, and privacy rights. Under the current process, civil society participation is severely limited by restrictions on sharing of preparatory documents, high barriers for ITU membership (including cost), and lack of mechanisms for remote participation in preparatory meetings.
As an important step towards fulfilling WSIS commitments for building a more inclusive information society, the undersigned request that the Secretary-General, the Council Working Group, and Member States:
Remove restrictions on the sharing of WCIT documents and release all preparatory materials, including the Council Working Group’s final report, consolidated reports from all preparatory activity, and proposed revisions to the International Telecommunication Regulations;
Open the preparatory process to meaningful participation by civil society in its own right and without cost at Council Working Group meetings and the WCIT itself, providing formal speaking opportunities and according civil society views an equal weight as those of other stakeholders. Facilitate remote participation to the extent possible; and
For Member States, open public processes at the national level to solicit input on proposed amendments to the International Telecommunication Regulations from all relevant stakeholders, including civil society, and release individual proposals for public debate.
We welcome Secretary-General Touré’s commitment to creating a more inclusive information society and ensuring equitable access to ICT around the world. Collectively and individually, the undersigned human rights advocates, academics, freedom of expression groups, and civil society organizations work to fulfill this vision through a range of national and global institutions and we call for the same opportunity to engage at the WCIT, consistent with WSIS commitments. We urge you to ensure the outcomes of the WCIT and its preparatory process truly represent the common interests of all who have a stake in the future of our information society.
Association for Progressive Communications (APC)
Eduardo Bertoni, Centro de Estudios en Libertad de Expresión y Acceso a la
Información (CELE), Universidad de Palermo, Argentina
Bytes for All, Pakistan
Canadian Internet Policy & Public Interest Clinic (CIPPIC)
Center for Democracy & Technology
Center for Technology and Society (CTS/FGV), Brazil
Centre for Internet & Society (CIS), India
Digitale Gesellschaft e.V.
Egyptian Initiative for Personal Rights
Electronic Frontier Foundation
European Digital Rights
Global Partners & Associates
Global Voices Advocacy
Human Rights in China
Human Rights Watch
Internet Democracy Project, India
Internet Governance Project (IGP)
New America Foundation’s Open Technology Institute
ONG Derechos Digitales, Chile
Open Rights Group
Panoptykon Foundation, Poland
Reporters sans frontières / Reporters Without Borders
Under a new policy announced today, Twitter will be suggesting accounts for Twitter users to follow based on data collected from an individual’s browsing habits on websites that have embedded Twitter buttons. While this is sure to garner scrutiny from the press and public, Twitter is also taking a pioneering step toward respecting users’ privacy choices: it has committed to respecting Do Not Track -- a simple browser setting users can turn on to tell website they don’t want to be tracked. Often framed as a signal from users to behavioral advertisers, Do Not Track isn’t actually about ads we see online; it’s about user control over tracking of our web usage that could be used to build an intimate portrait of our online lives. Twitter is showing an inventive way that websites other than behavioral advertisers can respect Do Not Track. We’re heartened to see this forward-thinking approach and hope other sites with embedded widgets will follow suit.
If you haven’t done so already, this is a great reminder to turn on Do Not Track; Twitter has a tutorial for doing this on different browsers.
For example, many of those who visit BoingBoing.net likely follow the account of @doctorow, the digital-rights-loving BoingBoing founder Cory Doctorow. If you sign up for Twitter and you’ve got a browser cookie from Twitter showing that you recently visited BoingBoing, you might see @doctorow listed as a suggested user even before you’ve started interacting with Twitter. Twitter will be relying on data collected about your browsing habits within the last 10 days (after 10 days, they start discarding data). When you start a Twitter account, you’ll have the option to turn off the tailored suggestions. Unchecking this box won’t just stop the suggestions from appearing – it’ll actually remove the unique cookie that Twitter uses to track your browsing habits and show you tailored user suggestions.2
Established Twitter users may find suggested users under the "Who To Follow" sections of Home and Discover. Just like with new users, established users can uncheck the “tailor” Twitter box in their account settings to stop the data collection about their web browsing.
Do Not Track makes this a lot simpler – no messing with account settings or unchecking any boxes to keep your privacy. If you’ve got Do Not Track selected in your browser settings, then Twitter assumes you just don’t want them collecting details of your online browsing habits in an identifiable way. Users who have turned on Do Not Track will find, upon signing up for Twitter, that the “tailor Twitter” button is unchecked by default. Similarly, established users who had Do Not Track already enabled in the days before the new policy took effect will also find the account personalization turned off by default. Users who enable Do Not Track must change their privacy settings if they want the “tailored” Twitter experience.
As with Facebook, Twitter also treats users differently depending on whether or not they are logged out. If you’re a Twitter user wanting to protect your browsing privacy, then remember to log out when you leave the site so that Twitter won't associate your online browsing habits with your Twitter account.
There’s sure to be a lot of discussion about Twitter’s decision to use data collected through social widgets for increased site personalization. If nothing else, this is a good opportunity for everyone to reconsider the nature of our highly trackable online lives, where corporations we do and don’t have relationships with can vacuum up highly sensitive data about what we do on the web and even a savvy user can’t win the arms race against online tracking. This is exactly the promise of Do Not Track: to make it easy for everyday Internet users to clearly indicate a preference not to be tracked around the web, whether it’s by a social network or an advertiser or another data-hungry corporate entity.
We’ve previously examined Facebook’s practices when it comes to collecting browsing data on users and urged it to respect the Do Not Track flag. So, in the wake of Twitter’s decision to respect Do Not Track, we’re calling on other social networking sites to start respecting user choice as well. The time has come for websites to start listening to users when it comes to privacy, and there’s no easier way for a user to tell companies “Don’t track me” than to turn on Do Not Track.
Get started now by checking out the tutorial Twitter created for turning on Do Not Track.
1. Eff.org has Twitter icons that allow visitors to share content from our site on Twitter but we have chosen not to embed Twitter code on our site, so visiting eff.org will not result in data about your visit going to Twitter.
2. Note: this doesn’t mean Twitter will stop collecting all data on you. They’ll still be able to collect aggregate data about your browsing habits for analytics and security, but they won’t set a cookie and they won’t use data to suggest users to you or tailoring your Twitter experience.
Fifty leading U.S. legal scholars cast fresh doubt on the constitutionality of the Anti-Counterfeiting Trade Agreement in an open letter to the Senate Finance Committee today. (Press Release). At issue is whether the Office of the United States Trade Representative (USTR) had authority to enter into the controversial IP enforcement agreement on behalf of the United States when the Deputy U.S. Trade Ambassador signed ACTA in October 2011. The law professors say no, and call on the Senators to “exercise your constitutional responsibility to ensure that the Anti-Counterfeiting Trade Agreement (ACTA) is submitted to the Senate for approval as an Article II treaty, or to the Congress as an ex-post Congressional-Executive Agreement.”
We, too, have wondered about the USTR’s authority to enter into this agreement. That’s why we made a request under the U.S. Freedom of Information Act to the State Department in February for key documents that set out the State Department’s analysis of the constitutional basis for ACTA – the “Circular 175” memorandum, and the accompanying Memorandum of Law.
As the State Department’s website states, the Circular 175 procedure is the way that the State Department “seeks to confirm that the making of treaties and other international agreements by the United States is carried out within constitutional and other legal limitations, with due consideration of the agreement's foreign policy implications, and with appropriate involvement by the State Department.” Circular 175 memoranda must be accompanied by a Memorandum of Law prepared by the Office of the Legal Advisor in the State Department, which generally includes a discussion of the appropriate legal analysis underlying implementation of the treaty at issue.
The State Department is required to prepare these documents for all treaties and other international instruments that bind the United States as a matter of international law under 22 CFR Part 181. No agencies can conclude an international agreement in the name of the United States without first consulting with the State Department, and the determination of whether an agreement is an international agreement for this purpose must be made by the Office of the Legal Advisor to the State Department.
We have now received the State Department’s response. It’s short: the State Department has not created a Circular 175 memorandum and accompanying Memorandum of Law for ACTA:
“Based on the subject matter of your request, we consulted with subject matter experts in the Office of the Legal Advisor. These officials advised us that no Circular 175 Memorandum or Memorandum of Law were ever issued for the Anti-Counterfeiting Trade Agreement. The officials also told us that USTR has lead within the U.S. Government for this issue.”
This suggests that ACTA was not submitted to the normal State Department review process to determine its constitutionality before it was signed by the Deputy Trade Ambassador.
Since the State Department’s Legal Office must decide whether a proposed instrument is an “international agreement” for this process, it’s possible that the State Department was consulted but decided that ACTA was not an “international agreement”.If so, where is the Memorandum explaining why ACTA should not be considered an “international agreement” despite all appearances to the contrary?
Given that, the FOIA response appears to confirm what we’ve long suspected – that USTR was acting on a folly when it negotiated and signed ACTA, in the absence of Trade Promotion Authority which had expired on July 1, 2007, and without consulting the US government agency that is entrusted with ensuring that international agreements abide by appropriate constitutional process.
It is important to understand that the way that ACTA was negotiated and subsequently signed by the USTR raises fundamental questions about the separation of powers set out in the U.S. Constitution. ACTA deals with powers over subject matter – intellectual property and foreign trade –that the Constitution’s Article I gives exclusively to Congress. Specifically, there are three ways that the U.S. can bind itself to international agreements dealing with Article 1 subject matter. First, an agreement can be ratified under the Treaty Clause, which requires a vote by two-thirds of the Senate. Second, Congress can pass a law that authorizes the negotiation of an international agreement (ex ante authorization). Third, Congress can approve an agreement that has been negotiated by the Executive Branch after the fact, or “ex post”, by passing the agreement, subject to amendment, through both houses of Congress and having the President sign it into law. These agreements are known as ex-post Congressional-Executive Agreements.
As we’ve reported before, during the ACTA negotiations, the USTR consistently maintained that it was a Sole Executive Agreement dealing with matters delegated to the President and, on that basis, did not need Congressional review and approval. Then, in a surprising about-face, the Executive changed its explanation of the constitutional basis for ACTA in March 2012. In a letter responding to a request from the Chair of the Senate Finance Committee's Trade Subcommittee, Senator Wyden, on March 6, the Legal Advisor to the State Department, Howard Koh, implied that Congress had authorized the Executive to negotiate ACTA in response to the 2008 Prioritizing Resources and Organization for Intellectual Property Act (PRO-IP Act).On March 7, the U.S. Trade Ambassador followed that line, and testified in a Senate hearing that ACTA was negotiated with the authorization of Congress, quoting directly from Koh’s letter.
As we noted at the time, it seemed implausible that Congressional authorization was granted in legislation that was enacted the year after ACTA negotiations were announced, on October 23, 2007. In addition, as the legal scholars’ letter notes, the provision cited in the State Department Legal Advisor’s letter – section 8113(a)(6) of the PRO-IP Act– does not actually direct the USTR to negotiate an international agreement, let alone one with ACTA’s far-reaching characteristics. ACTA requires creation of an unelected ACTA Committee that has the final say on ACTA implementation in U.S. law, ousting any role for Congress. If Congress had intended to grant ex ante authorization to the USTR to negotiate an international agreement that would limit Congress’ role and impede its ability to legislate, it seems more likely that it would have chosen to do so expressly.
The legal scholars conclude that:
“..the Administration currently lacks a means to constitutionally enter ACTA without ex post Congressional approval. The present issue reaches far beyond the topical matters covered by ACTA, into the fundamental Constitutional issue of separation of powers. If Congress allows the executive to claim that ACTA was authorized by language that clearly does not authorize the agreement, it will be ceding unprecedented power to the executive."
The legal scholars also call on the members of the Senate Finance Committee to act, noting that:
“Remedying this state of affairs is uniquely within Congress’s province. Congress, and specifically the Senate as the Constitutionally recognized chamber with responsibilities for the approval of treaties, should secure from the administration a public pledge to send ACTA to the Senate as a treaty, or to the Congress as an ex-post Congressional-executive Agreement. Absent a pledge to this effect, we encourage the Committee to hold hearings and to pass legislation that would prevent the United States from binding itself to ACTA without express Congressional consent.”
Now it’s up to the members of the Senate Finance Committee to rectify this unconstitutional power grab by an unaccountable Executive Branch agency, and protect the fundamental separation of powers embodied in the U.S. Constitution.
Meanwhile, the process of ratifying ACTA has noticeably slowed down in the rest of the world. As Sean Flynn from American University’s Program on Information Justice and the Public Interest notes, the fresh doubt about ACTA’s constitutionality under U.S. law is “one component of the larger context casting increasing doubt that ACTA can ever go into force.” In recent months we’ve witnessed growing concerns about ACTA’s impact that have led to delays in the signing and ratification of ACTA in the EU, Switzerland, Mexico, Australia, and New Zealand. Let's hope that the members of the Senate Finance Committee heed the law professors' call to action and ensure that the U.S. undertakes the same rigorous public process that is underway in other countries.
For more about the broader implications of the constitutional problems with ACTA, check out this insightful op-ed from Margot Kaminski, Executive Director of the Information Society Project at Yale Law School.
This past weekend, Iran’s minister of telecommunications announced that domestic institutions including banks, telecom companies, insurance firms, and universities are now prohibited from dealing with emails that do not come from an “.ir” domain name. This means that customers who use foreign email clients such as Gmail, Yahoo!, and Hotmail will have to switch to domestic Iranian accounts, which are subject to Iranian legal jurisdiction.
While the announcement suggests that the use of foreign email clients leaves Iranian data vulnerable security breaches, the forced move to domestic email services makes it easier for the government to monitor its own citizens. The Telecommunications Ministry insists “that the crackdown is an attempt to ensure confidential information is safe” from foreign email providers who allegedly collect user data, making them insecure for Iranian institutional use.
The foreign email ban is the latest development in what is widely thought to be a transition towards a “Halal” Iranian Internet. The Iranian Telecommunications Ministry has denied “shutting off the Internet” for its residents, but what differentiates this email limitation from previous ones such as the restriction on secure (HTTPS) traffic is its overt nature.
Ustream Adds Russian-Language Option In Response to Crippling DDoS Attack
Livestreaming website Ustream.tv received a massive distributed denial of service (DDoS) attack on the morning of May 9 that reportedly targeted the prominent user “reggamortis1,” a Russian citizen journalist who covers opposition protests and rallies, and is associated with Occupy Moscow. The attack rendered Ustream unavailable for about 10 hours—and the reggamortis1 channel continued to be inaccessible for several hours afterwards.
This most recent attack is consistent with other DDoS attacks launched at Russian opposition websites and social networks, but it is difficult to prove a direct link between these attacks and the Kremlin. In interviews following the episode, UStream’s CEO Brad Hunstable revealed that two similar attacks have previously taken the site offline for around 9 hours each time.
UStream has become an international household name among activists, as citizen journalists use it to cover protests in places as far flung as Oakland and Tunisia. Immediately after the attack, Ustream underscored its commitment to freedom of expression in Russia by adding a Russian-language option to the website.
Brazilian Paper Uses Trademark Law to Silence Parody Website
Falha de São Paulo, a parody website of the major Brazilian newspaper Folha de São Paulo, has been engaged in an ongoing legal struggle with its object of its satire. In September 2010, Folha filed a lawsuit against the Falha website for “moral damages” to its reputation as a news organization. Folha also sought financial compensation for Falha’s mimicry of their layout and copy-editing. This case resulted in a “tie” for both parties: Falha’s domain remained frozen for unauthorized use of Folha’s intellectual property, but the rest of the suit was dropped in accordance with existing Brazilian legal precedent.
Falha is now suingFolha in return, in order to unfreeze its domain: falhadespaulo.com.br. A new injunction from Folha against the domain name registrar Regirstro.br led to the current website freeze. Folha describes its position as an intellectual property issue, rather than one of freedom of expression, by claiming that critical bloggers cannot use domain names or logos resembling its own. On the other hand, Falha’s appeal responds that other Brazilian websites continue to use logos and copy similar to those of Folha.
Intellectual property claims have often been invoked to curtail free expression, not just in the Brazil, but in the United States. In 2008, the EFF represented the activist duo The Yes Men when the South African diamond conglomerate De Beers, the target of a critical fake ad on an online spoof of the New York Times, sued the website’s domain name registrar for trademark infringement. Meanwhile, The Brazilian blogosphere has been strongly supportive of Falha’s cause as they continue to take on the country’s largest newspaper.
Indian Government Demands VoIP Interception Capability In the Next Month
Indian government has ordered Internet service providers to provide a way to intercept and identify the end user on unregistered VoIP calls within the next month. Currently, ISPs do not have to keep track of real-time user data, which, according to the government, exacerbates security risks in a world of proliferating VoIP service providers who use varying connection frequencies.
India’s decree is steeped in national security rhetoric: The government is targeting its request towards ISPs in the states of Jammu and Kashmir, a move based on allegations that members of Lashker-e-Taiba, a Pakistani Islamist organization that supports the integration of these states with Pakistan, frequently communicate through VoIP. This move is part of the ongoing erosion of civil liberties in India, a trend that includes Internet censorship of religious and political content and the collection of biometric data for India’s national ID program, which raises considerable privacy and security concerns.
Ayatollah Ali Khameni Victim of Iran’s Internet Censorship
Iran’s Ayatollah Ali Khameni has become the latest victim of Iran's Internet censorship regime. Indeed, the keywords that Khameni chose for the fatwa announcement last week against anti-filtering tools led to his own decree being blocked along with the Iranian websites where it was published.
In response to this Kafkaesque turn of events, the conservative opposition website Tabnak wrote:
“The filtering of a [religious] order is so ugly for the executive [branch] that it can bring into question the whole philosophy of filtering.”
Currently, the Iranian Ministry of Telecommunications is choosing ignore these questions while looking for ways to improve its filtering and censorship systems. Khameni’s announcement has serious press freedom implications for journalists in the country who often need access to blocked websites.