Law Enforcement Demands User Cell Phone Data 1.3 Million Times
Yesterday, Rep. Ed Markey (D-MA) revealed that federal, state and local law enforcement agencies demanded user cell phone data 1.3 million times last year. The demands sought “text messages, caller locations, and other information.” The New York Times called the new findings proof of “an explosion in cellphone surveillance” in the United States—much of it done without a warrant. Worse, the eye-popping figure is a significant underestimate; the actual number is “almost certainly much higher" than reported. For further detail, read EFF’s analysis of this story from Monday.
Twitter Release First Ever Transparency Report
Twitter has released its Transparency Report to demonstrate its commitment to “hold governments accountable, especially on behalf of those who may not have a chance to do so themselves.” It was the first such report from the company. As Google's Transparency Report similarly showed, the US led all countries in user information requests: almost 80% of the 849 requests came from the US government. The company responded either in part or in full to 75 percent of the requests. Commendably, Twitter did not take down a single post in response to a government request. Another interesting number: Twitter fulfilled only 38% of the 3378 takedown requests sent for alleged copyright violations, showing how often bogus requests are sent out in response to protected free speech. In its blog post, the company reported that it has received more government requests for user information in the first half of 2012 than it did all of last year.
Costs to Protect Classified Information Now Up to $11.4 Billion Dollars
Despite its commitment to become “the most transparent administration in history,” the Obama administration again raised spending this year on government secrecy. The government spent $11.4 billion dollars to protect classified information systems, double the cost of decade ago. The costs, which include both physical and virtual security precautions, are up 12 percent from 2010 and almost 30 percent over 2009. And that figure doesn't even include spending from the Office of the Director of National Intelligence, the CIA, the National Reconnaissance Office and three other intelligence agencies because those figures are classified. Unfortunately, the rising costs come as no surprise as the Obama administration, despite campaign promises to the contrary, continues to expand the country's bloated classification system. The figure was released in a report by the Information Security Oversight Office (ISOO), which oversees the security classification system.
Government Requests Official FOIA An Already-Declassified Email
J. William Leonard, Bush’s former classification czar, was rebuffed by the NSA in his attempt to force the release of a document he alleged was classified improperly against US policy. The email, which is now declassified, was part of the documents cited in charges against Thomas Drake. Leonard reviewed the email while serving as an expert witness in the case, and, since leaving office, has become a critic of the government’s broken secrecy system. Leonard wants to discuss the contents of the email as a classic example of overclassification, but is unable to because of a court order. With the case now over, Drake's lawyers asked the court to lift the order. The government responded to the request by telling Leonard to file a Freedom of Information Act (FOIA) request for the contents of the email. Leonard filed such a FOIA request over a year ago, yet the document remains secret.
Even after millions rallied against the passage of SOPA/PIPA, the House is still quietly trying to pass a related bill that would give the entertainment industry more permanent, government-funded spokespeople. The Intellectual Property, Competition, and the Internet Subcommittee of the House Judiciary Committee recently held a hearing on Lamar Smith's IP Attaché Act (PDF), a bill that increases intellectual property policing around the world. The Act would create an Assistant Secretary of Commerce for Intellectual Property, as well as broaden the use of IP attachés in particular U.S. embassies. (The attachés were notably present in Sec. 205 of SOPA—which was also introduced by Smith.)
The major issue with this bill—and all similar bills—is that the commissioning of people in the executive branch who are solely dedicated to "intellectual property enforcement" caters to Big Content. The IP attachés are charged with "reducing intellectual property infringement" and "advancing intellectual property rights" around the world, but not to critically engage IP complexities and limitations. From our perspective, this bill is nothing more than the government giving Hollywood traveling foot soldiers.
The presence of people with such a narrow cause as "intellectual property enforcement" fosters a single perspective in the federal government. In an environment where the deep-pocketed copyright lobby is pushing through favorable legislation on both a domestic and international level, this is the last thing we need. As Techdirt and Public Knowledge rightly state: trying to squeeze bits of SOPA past the people—the same people who rejected the bill earlier this year—is an awful idea. Big Content and sympathetic congressmen may think we've stopped watching their actions in Washington, but let's prove them wrong by remaining vigilant about these bad bills.
Copyright trolls lost one of their knobby clubs this week. Judge Lewis Kaplan of the U.S. district court in Manhattan ruled that the owner of an Internet connection cannot be found liable for "negligence" simply because another person uses his wifi connection to commit copyright infringement -- even if he knows about it. After this decision, copyright trolls should find it harder to coerce settlement payments from innocent people for the commonplace act of sharing an Internet connection.
In this case, Liberty Media Holdings v. Tabora, a well-known copyright troll (also known as Patrick Collins) sued a Comcast Internet subscriber for negligence based on his housemate's alleged BitTorrent downloads. The owner of the Internet connection allegedly confessed to the troll that he knew his housemate was doing some infringing downloads.
Copyright law has a complex set of rules and cases dealing with when and how someone can be held responsible for another person's infringement. These "secondary liability" doctrines come up frequently in suits against electronics makers like Dish Networks and Internet sites like blogs and user-generated content forums. As regular Deeplinks readers know, these laws are far from perfect. But they do contain strong protections for Internet providers and Internet services - especially Section 512 of the Digital Millennium Copyright Act.
Liberty Media and its attorneys tried to avoid even dealing with federal law's secondary liability doctrines by bringing a claim based on negligence, which is a state law. A negligence claim requires only that a person disregard a legal duty, causing injury to someone. Liberty's attorney has made this argument before. But when federal and state laws conflict, the Constitution says federal law trumps ("preempts") the state law. In the Liberty Media case, the defendant and EFF argued for preemption. EFF also explained why allowing "copyright negligence" lawsuits would devastate the open Wi-Fi movement that EFF is building. After less than a week of deliberation, Judge Kaplan dismissed Liberty's negligence claim from the outset, reasoning that "the right that Liberty seeks to vindicate by its state law negligence claim – the imposition of liability on one who knowingly contributes to a direct infringement by another – already is protected by the Copyright Act under the doctrine of contributory infringement."
Liberty can re-file the case as a secondary liability case under federal law, but Judge Kaplan suggested that they won't get too far with that strategy, either. Merely providing a tool, like Internet access, that is used for infringement doesn't put you at fault if, as here, the tool is "capable of substantial noninfringing uses." Also, in many cases, the provider will be protected by the DMCA's safe harbors.
Other prolific trolls are pursuing "copyright negligence" claims in other courts, and regularly make this legal claim in their settlement demand letters. We're hoping that other courts follow Judge Kaplan, sending a clear message that the federal laws protecting Internet providers can't be bypassed with artful pleading and that using bogus legal arguments to coerce settlements from innocent Internet subscribers won't be tolerated.
With commercial use of biometrics and online tracking on the rise, emerging customer service products threaten to sacrifice consumer privacy for the sake of convenience and security.
Take, for example, the mobile “solution” a home-delivery services company called Blackbay dreamed up to solve the problem of missed package deliveries in the UK. The company has developed a smartphone app that can utilize social media networks to track recipients’ locations, enabling delivery drivers to zip packages straight to the customer – wherever they happen to be. Upon arrival, mobile face recognition technology could be used to ensure the parcel is delivered to the right person, according to this article.
Although customers could opt in to the tracking, and would be able to specify a time limit for tracing their whereabouts, the concept still raises serious privacy questions about whether this sensitive personal information would be made available to third parties, used for other purposes, or stored by the delivery companies, let alone how private entities and hundreds of delivery drivers would go about securing the data. At the moment, the app is still a work in progress, but Blackbay aims to make it available to courier firms within a year.
Meanwhile, if any package recipients also happen to fly regularly with British Airways, delivery drivers won’t be the only ones tracking them down online. British Airways drew the ire of privacy advocates when it unveiled a new practice of scouring Google images for customer information to create passenger files, purportedly to provide customer service with a “more personal touch.” (Given certain high-profile episodes in the recent history of airport security, this P.R. statement would seem to be ill advised.) A few days after the backlash became apparent, the airline revised its plan, saying it would only track its V.I.P. customers.
Speaking of businesses that take the know-your-customer mantra way too far, Intel just acquired a company that specializes in heartbeat recognition. PC World reports that Intel confirmed its acquisition of the Isreali biometrics company Idesia, which “provides technology through which heartbeats can be used to recognize users on PCs and mobile devices.” (Idesia should not be confused with the Israeli biometrics company recently acquired by Facebook, called Face.com.)
Nathan Brookwood, an analyst quoted in the article, speculated on how the software could be used: "Intel could possibly create a relatively easy sensor that could go into a smartphone or tablet that could monitor the heartbeat," he noted. Apparently, this isn’t the first time heartbeat recognition technology has made the news. And while it’s not expected to be incorporated into Intel processors anytime soon, “Intel has a crack team of processor developers in Israel that could make good use of this technology,” PC World notes.
UK “Snoopers’ Charter” Faces Tough Critics
Nearly a month after the UK Parliament unveiled its sweeping draft Data Communications Bill, increasingly referred to by the shorthand “Snoopers’ Charter,” privacy advocates continue to blast the bill while formal comments stream in to Parliament. The Snoopers’ Charter would broaden the range of data stored by Communication Service Providers to include social media messages, webmail, voice calls over the Internet, and gaming – in addition to emails and phone calls. The data would be made available to various police and intelligence agencies. None of them would need permission from a judge to view details on the time and place, but not content, of personal messages.
Here’s a smattering of responses to the Snoopers' Charter so far:
“The crucial undemocratic element is that the monitoring will be done without the need for the police or agencies to apply for a warrant. No one will know the extent of the monitoring, its effects, nor the conclusions that the authorities may draw from the data. [Home Secretary Theresa May's] bill is, by definition, disproportionate and self-evidently breaches the Human Rights Act's guarantees on the right to a private life.” – Henry Porter, columnist, The Observer
"It's not content, but it's incredibly intrusive. If they really want to do things like this – and we all accept they use data to catch criminals – get a warrant. Get a judge to sign a warrant, not the guy at the next desk, not somebody else in the same organization." – David Davis, Conservative MP, speaking on BBC Radio 4's Today program
“Ispa has concerns about … the scope and proportionality, privacy and data protection implications and the technical feasibility. Whilst we appreciate that technological developments mean that government is looking again at its communications data capabilities, it is important that powers are clear and contain sufficient safeguards.” – Internet Service Providers Association, as quoted by BBC News
“By gathering, automatically and for all people, ‘communications data’, we would be gathering the most personal and intimate information about everyone. When considering this bill, that must be clearly understood. This is not about gathering a small amount of technical data that might help in combating terrorism or other crime – it is about universal surveillance and ultimately profiling.” – Dr. Paul Bernal, blogger and Lecturer in Information Technology at University of East Anglia
Meanwhile, as European Digital Rights (EDRi) points out, European Commission Vice President Viviane Reding signaled to the press that the Snoopers’ Charter might be at odds with European Commission’s position on citizen’s rights. The states’ obligation to preserve the rights of the individual and the rights of society as a whole “is a balancing act,” Reding noted in response to a question on the draft Communications Data Bill. “You cannot make them clash.”
The draft Bill will go before a Joint Committee of both Houses of Parliament, and will also be considered by the Joint Committee on Human Rights (JCHR) and the Intelligence and Security Committee (ISC). The Joint Select Committee on the draft Communications Data Bill has issued a call for comments, with a deadline for submissions of August 23, 2012. Now is the time to have your say.
Drones in Latin America
With Mexico’s election results in, it now appears that Enrique Peña Nieto will be the country’s next president, restoring power to the Institutional Revolutionary Party (PRI). While the political transition raises a host of questions about what comes next, one item in particular caught our attention:
“[Nieto] approves of the continuation of flights by U.S. surveillance drones over Mexico to gather intelligence on drug trafficking, but future missions would be run by Mexico with U.S. assistance and technology, he said.”
Mexico isn’t the only Latin American country where drone flights are occurring. A few weeks ago, Venezuelan President Hugo Chavez announced that his government had started producing unmanned aerial surveillance drones, purportedly to monitor pipelines, dams and other rural infrastructure for defensive purposes. The BBC quotes Chavez as saying: "We do not have any intentions of attacking anybody."
Last week, at the latest round of Trans-Pacific Partnership (TPP) negotiations in San Diego, California, the U.S. Trade Representative (USTR) announced that it has proposed a new provision on limitations and exceptions to copyright. It's nice to hear about a proposal that seems to expand limitations like fair use, and it is also nice to see that – finally - the USTR is listening to the technology industries. However, the draft treaty itself is still secret so the implications of this new provision are in fact ambiguous. We can’t know what their proposal means for copyright without knowing what’s in the rest of the chapter. It could be good, it could be bad, it could be indifferent, it could be LOLCATs.
Negotiators sitting at the table at the stakeholder briefing event
The TPP is a major threat because it will rewrite the global rules on IP enforcement. It will begin with the APEC members, binding the U.S. and other nations to SOPA-like standards. EFF was in San Diego raising awareness about the risks of an IP-maximalist agenda that has been pushed forward by powerful U.S. government. At the stakeholder events, we spoke to an audience of negotiators on the risks of technological protection measures (TPMs) and interacted with delegates and distributed material with detailed policy analysis of what we know about the TPP’s intellectual property provisions .
International Intellectual Property Director, Carolina Rossini, speaking with a stakeholder.
International Intellectual Property Coordinator, Maira Sutton, with a representative of Occupy San Diego.
Expanding limitations and exceptions (L&E) are a key part of EFF's international IP policy agenda. L&E are legal flexibilities in copyright that provide balance in a copyright system between users and creators of protected works. Fair use, first sale, and special provisions for software backups and interoperability, education, and libraries are all L&Es. They are fundamental for access to knowledge and for human, social, and economic development. They ensure that copyright policy functions for both the creators and the users. This spirit of balance is supposed to flow through all copyright laws, so that the law guarantees both the incentive to create new works and the ability of society to use and comment on them.
The World Intellectual Property Organization and the Asia-Pacific Economic Cooperation (APEC)—organizations that all of the TPP countries are members of – have at least recognized the idea of such balance to be essential for society. APEC developed a comparative survey in 2009 stating that “of the responding Member Economies, developed Economies tend to have a larger number of L&E in comparison to the developing Economies” and concluded “Finally, the fact that knowledge based Economies are those that have developed and adapted, in an appropriate manner, their L&E to the requirements of the digital economy, is one aspect that should be taken into account by APEC Member Economies when considering what L&E would be adequate to achieve an intellectual property system that ensure both enhancing access to knowledge and promoting creation of knowledge.”
The balance is supposed to be created through ideas like exceptions and limitations, including fair use   . This balance allows journalists, scholars and the general public to quote from and comment on others' writings, and artists and the general public, to create parodies and to practice basic rights of free expression. And it also generates economic value and jobs. But the rights of owners have grown far faster and larger than the limitations, and that is one of several reasons why the current state of copyright is so completely out of balance.
In the USTR blog post, the provision proposed will supposedly obligate Parties “to seek to achieve an appropriate balance in their copyright systems in providing copyright exceptions and limitations for purposes such as criticism, comment, news reporting, teaching, scholarship, and research.” Remember, we haven’t been able to read it yet. The actual language isn't yet accessible by anyone other than the delegates and a few industry representatives.
The Three-Step Test
One key part of the proposed provision may be based on the internationally-recognized "3-step test."
The 3-step test is a classic piece of copyright jargon. It is a piece of law that emerges from one of the most important international copyright instruments, the Berne Convention for the Protection of Literary and Artistic Works. And what it does is create a set of minimum restrictions on copying that cannot be lowered by individual member countries in their own copyright laws. Even if the U.S. eventually flips from its current position and wants to radically rebalance copyright law to bring it into the 21st century, the international community could apply this vague 3-step test against it and prevent the U.S. from doing so. William Patry has written extensively on the 3-step test, the debate around it, and its potential to chill the expansion of limitations and exceptions as part of rebalancing copyright law. KEI also provides some history on the 3-step-test.
The Three-Step Test has already established an effective means of preventing the excessive application of limitations and exceptions. However, there is no complementary mechanism prohibiting an unduly narrow or restrictive approach. For this reason, the Three-Step Test should be interpreted so as to ensure a proper and balanced application of limitations and exceptions. This is essential if an effective balance of interests is to be achieved.
EFF agrees with that and believes that it is vitally important that exceptions and limitations to copyright be protected in international trade agreements.
So, in summary, the USTR has released a public blog post about a secret proposal to expand something – a filtering mechanism on copyright limitations and exceptions – which might have real social, moral, and economic value. And all we know is that the only thing the authors of the proposal really wanted to make public was the fact that no matter what the content was, it was subject to enough international restrictions that it could be effectively gutted. The only thing 21st century about that is they used a blog to tell us about it.
Today, Russian-language Wikipedia, Livejournal, and other prominent RuNet websites have gone dark to protest Bill № 89417-6, which is currently being considered in the Duma. The bill is comprised of amendments that create an Internet blacklist which opponents say poses a serious threat to freedom of expression in Russia. The blackout follows in the footsteps of other similar high-profile protests against Internet censorship bills, including SOPA/PIPA in the United States, and DDL Intercettazioni in Italy.
The Russian State Duma began initial hearings on the bill earlier this week. The legal amendments propose a national digital blacklist of websites with an .ru domain name that contain pornography, host drug advertisements, condone suicide, or include “extremist ideas,” purportedly to protect children. Criticism of the bill bears some striking similarities to criticism of other proposed Internet blacklists. Opponents have expressed concern over lack of effectiveness, the burden on Internet intermediaries, and lack of oversight and accountability that leaves the blacklist open to abuse.
The list of banned content is non-exhaustive; according to the draft document that was submitted last month on June 7, the Russian Federal Service for Supervision of Communications, IT and Mass Media will have the power to ban more items, and will charge a non-profit organization with monitoring compliance. If it finds illegal content on a website, the agency will give the site owner 24 hours to remove it. Otherwise the site will be entered onto the blacklist, or--in some cases--face a court injunction.
Multiple branches of the Russian government remain in conflict over the draft law. All four party factions in the State Duma support the bill, but Russia’s presidential Human Rights Council (HRC) harshly condemned it in a statement on Tuesday July 3. The HRC attacked the current version of the bill as an ineffective solution to “dirty” content because it does not prevent users from using non-Russian domain names and IP addresses. HRC also observed that the bill is a giant step towards a real, legal censorship regime for Russian Internet infrastructure, which would “negatively affect its speed, stability and security.” HRC has proposed that the bill should be withdrawn from debate, and instead be submitted for public discussion.
Russia’s Minister of Communications and Mass Media, Nikolai Nikiforov, also stated in an interview that his agency does not appreciate the way the current version of the bill is being fast-tracked through the Duma in spite of considerable criticism. It is relatively easy for websites to evade the content filtration that the bill attempts to establish, so intermediary Internet service providers and web hosts would end up being responsible for keeping users from accessing blacklisted content. Marina Junich, Government Relations Director of Google Russia, explained that the way the bill would be implemented in the short-term would make it standard practice for ISPs to block the entirely of websites such as Youtube when the local courts ban a single “extremist” video.
“Extremist” Internet content is already censored on the RuNet. The Justice Ministry currently runs a blacklist comprised of 1,200 websites, offline publications, and leaflets. EFF stands in solidarity with the Russian-language Wikipedia, Livejournal, and other websites in support of freedom of expression on the RuNet. EFF also urges critical parties within the Russian government to continue fighting the passage of the amendments.
For weeks, thousands of Sudanese have taken to the streets, protesting austerity policies enacted by President Omar al-Bashir and his regime, which has been in power since 1989. Journalists covering the story have faced challenges, including detention and—for foreign correspondents—deportation. In June, Sudanese security services arrested Bloomberg reporter Salma El Wardany along with Prominent Sudanese blogger Maha El Sanousi, who was briefly detained. El Wardany found herself deported back to Egypt. Sudanese authorities also arrested Agence France-Presse reporter Simon Martelli, holding him for more than 12 hours without charges. Additionally, citizen journalist and activist Usamah Mohammed Ali (@simsimt), who made this stirring video about why he is joining the protest movement, is now spending his third week in detention, after having been arrested by the authorities while attending an anti-austerity protest. He has recently been moved to Kober prison, where he cannot receive visitors, and where he continues to be held with no charges made against him.
In addition to detaining and deporting journalists and bloggers, the Sudanese government has censored news sites that have reported on the ongoing protests. Last week, EFF first saw reports that Sudanese ISPs had begun to block Sudanese Online, Hurriyat Sudan, and Al Rakoba, but was not able to independently confirm the reports. Since then, Hurriyat Sudan has confirmed [Press release in Arabic] that their site has been blocked since June 25.
Hurriyat’s Editor in Chief Elhag Warrag says government efforts to block his news website are part of “a systematic attempt by the Sudanese regime to stop news about anti-government demonstrations reaching the Sudanese people and the world at large.” He went on to encourage Sudanese users to access his paper’s news coverage by visiting its Facebook page or by using a proxy to circumvent Internet censorship (EFF recommends Tor).
Internet penetration in Sudan is low—according to ITU’s 2009 report approximately 10% of the population has access to the Internet and about 15% use mobile phones—but local news websites and Twitter accounts run by Sudanese activists have been vital to disseminating information about the protest movement. Article 39 of the 2005 interim national constitution states:
Every citizen shall have an unrestricted right to the freedom of expression, reception and dissemination of information, publication, and access to the press without prejudice to order, safety or public morals as determined by law." The same article also states that the "state shall guarantee the freedom of the press and other media as shall be regulated by law in a democratic society.
Even so, the al-Bashir regime has engaged in blocking and filtering of pornography, tools that enable anonymous surfing or censorship circumvention, and now news sites reporting on sensitive political issues. EFF condemns these escalating attacks on freedom of expression in Sudan and will continue to monitor the situation carefully.
Thousands of security researchers, information security professionals and hackers descend on Las Vegas each summer for a trio of conferences: Black Hat USA, DEF CON, and BSides Las Vegas. We launched our Coders' Rights Project at Black Hat four years ago to help programmers and developers navigate the murky laws surrounding security research. Every year since then, our attorneys have been on hand in Las Vegas to provide legal information on reverse engineering, vulnerability reporting, copyright law, free speech, and more, and we're thrilled to return again this summer.
If you'd like to make an appointment to speak with EFF attorneys at Black Hat, DEFCON or BSides Las Vegas, contact us by Wednesday, July 18, with the name of the conference in the subject line. If we can't assist you for any reason, we'll make every effort to put you in touch with a lawyer who can.