In our inaugural "Who Has Your Back" campaign, we applauded Twitter for being one of the rare technology companies to fight for and defend their users' rights in courts. We're happy to see that they're continuing to stand up to protect the free speech and privacy rights of one of their users.
In February, we wrote about the New York City District Attorney's attempts to subpoena information from Twitter regarding the account of Malcolm Harris, one of the 700 people arrested on the Brooklyn Bridge in an October 2011 Occupy Wall Street protest. After Harris challenged the subpoena in court, Judge Matthew A. Sciarrino issued a written opinion (PDF), denying Harris' motion to quash and ordering Twitter to comply with the subpoena. Yesterday, Twitter filed it's own motion to quash the subpoena (PDF), arguing that complying would violate the law. And we're grateful they did, because Judge Sciarrino's order presents a serious risk to online privacy.
First, the court ruled that Harris had no standing -- or a demonstrated connection to the legal claim -- to challenge the subpoena. Twitter's terms of service states that users give Twitter a license to use their tweets. According to the court, "Twitter’s license to use the defendant’s tweets means that the tweets the defendant posted were not his. The defendant’s inability to preclude Twitter’s use of his tweets demonstrates a lack of proprietary interests in his tweets."
As Twitter explained in its motion to quash, the judge completely misunderstood Twitter's terms of service, which clearly states users "retain your rights to any Content." The Court also misinterpreted the word "license." To license something means to give someone permission to use or access something. But a license doesn't transfer possession. If you let someone borrow your car, they don't suddenly become the owner of the car just because you've given them permission to use it. This traditional understanding of "licenses" shouldn't change just because something is done online. Twitter or any other social media site doesn't become the owner of your content just because you allow it to use your tweets or other content. After all, a user still has the ability to delete their tweets. And we're not the only ones who think users have standing to challenge subpoenas. Just last week, a federal judge in Illinois ruled two people had standing to challenge a subpoena issued to Verizon and Yahoo! in a civil lawsuit, asking for their email and contact records from various accounts.
Most problematic with Judge Sciarrino's order, however, is the notion that since users have posted their content to a remote server, they will never be able to challenge what happens to their information. That means online companies will have to be the ones to defend their users' privacy rights in court. And though Twitter did that here, the reality is that not many companies have followed Twitter's lead. And if users can't stand up for their rights, and companies won't stand up for them, then the public loses the ability to turn to the judicial system to vindicate their rights.
The Court's order goes further astray by concluding that Harris' choice to use Twitter necessarily meant surrendering his Fourth Amendment privacy rights. The Court wrote:
While the Fourth Amendment provides protection for our physical homes, we do not have a physical “home” on the Internet. What an Internet user simply has is a network account consisting of a block of computer storage that is owned by a network service provider. As a user, we may think that storage space to be like a “virtual home,” and with that strong privacy protection similar to our physical homes. However, that “home” is a block of ones and zeroes stored somewhere on someone’s computer. As a consequence, some of our most private information is sent to third parties and held far away on remote network servers. A Twitter user may think that the same “home” principle may be applied to their Twitter account. When in reality the user is sending information to the third party, Twitter.
Twitter's brief challenges this idea and argues the Fourth Amendment does apply, and we agree. The idea that the we lose our privacy rights because we turn information over to companies that store our information on a server somewhere else has steadily been challenged in recent years. The Sixth Circuit Court of Appeals ruled in 2010 that the Fourth Amendment applies to emails stored by an email storage provider, and law enforcement must get a warrant to obtain this information. Meanwhile, a federal Magistrate Judge in Texas ruled that the Fourth Amendment applies to cell phone tracking records held by wireless communication providers, meaning a search warrant is required to obtain this information. And earlier this year, U.S. Supreme Court Justice Sotomayor's concurring opinion in United States v. Jones-- which ruled that the Fourth Amendment applies to the installation of a GPS tracking device on a car -- noted that it was time to reconsider the idea that an individual has no right of privacy in information disclosed to third parties, commenting that this approach was "ill suited to the digital age." We filed amicus briefs in allthreecases, and we especially share Justice Sotomayor's sense that its time to stop treating "secrecy as a prerequisite for privacy." Just because some information is disclosed to a company for a limited purpose doesn't mean we give up all of our privacy rights vis-a-vis the government in that information forever.
Twitter has been getting well deservedkudos for standing up for one of its users. While the concept of the Internet as a "block of ones and zeroes" may be technically correct, it's not the way we see the online world. The web enables people to spread new ideas, communicate around the globe, and facilitate political action. Yet, to protect its potential, companies need to stand up for their users. We hope more companies follow Twitter's lead.
As the opaque proceedings surrounding the Trans-Pacific Partnership Agreement (TPP) continue, a group of 32 law professors from current and potential future negotiating countries have written a letter to the U.S. Trade Representative (USTR) Ron Kirk condemning the lack of transparency. The letter comes as a new round of negotiations begins in Dallas, where the USTR has canceled full-day stakeholder presentations. Given that there has been no publicly released version of the text, the lack of a meaningful stakeholder forum means that the only private individuals not shut out of the agreement are the members of the Industry Trade Advisory Committee on IP, which is "dominated by brand name pharmaceutical manufacturers and the Hollywood entertainment industry."
As the law professors explain, this trajectory towards an even more extreme lack of transparency is the wrong course.
Now is (indeed, yesterday was) the time to ramp up participation mechanisms that might bolster the agreement’s legitimacy and fairness, not dial them back – if the goal is to create balanced law that stands the test of modern democratic theories and practices of public transparency, accountability and input. Please restore the stakeholder sessions and release negotiating texts now.
Heads up, hackers — if you want to help support EFF’s Coders’ Rights Project and do DEF CON right, then go all in with our Third Annual D(EFF)CONtest. You could hit the jackpot with a stay at the Rio, DEF CON 20 Human Badges, passes to the exclusive Ninja Party, and so much more.
EFF is proud to support the information security community, and we want to help our strongest supporters roll in style at DEF CON 20. Spread the word about EFF’s work defending coders’ rights, and you may just find yourself party-hopping at exclusive DEF CON events, while staying in a complimentary Vegas suite!
WHAT YOU'LL WIN!
The Grand Prize Package:
• A standard suite at the Rio Hotel and Casino for the nights of July 26-29;
• Two DEF CON 20 Human badges;
• Two passes to Vegas 2.0’s (in)famous kickoff party, theSummit, on July 26;
• Two badges for the ultra-exclusive Ninja Networks Party; and
• An EFF Swag Super Pack.
The Second Place Package:
• Two DEF CON 20 Human badges;
• Two tickets to the Vegas 2.0 Party; and
• An EFF Swag Super Pack.
The Third Place Package:
• One DEF CON 20 Human badge;
• One ticket to the Vegas 2.0 Party; and
• One EFF Swag Super Pack.
All contest participants who raise $500 or more are eligible for a free EFF DEF CON 20 Scriptkitty T-Shirt!
HOW IT WORKS
Simply register for D(EFF)CONtest, and receive a personalized referral link to send out to your network. (Registration is free; please don’t spam.) If your invitees sign up to become EFF members, you will be credited with the amount they donate through your personalized link. Unlock a Script Kitteh trophy for every $250 you raise! The contestant to raise the most money between now and July 4, 2012 will win the Grand Prize Package, and the runners up will win Second and Third Place Packages.
Join the likes of the Holy Handgrenades and other past winners who have heeded the call to support EFF and earned fabulous prizes for their valiant efforts. You can join with others to form a fundraising team — but just remember you’ll have to divide the bounty.
Here’s the basic rundown: Airfare and other travel expenses are not included, winners are responsible for all incidental costs, and contestants must be 21 years of age or older. Additional rules apply, so please visit the Official Rules page for details. Donations are tax-deductible as allowed by law, and referred donors will receive tax acknowledgment letters for their donations.
Many thanks to DEF CON for providing the room and DEF CON badges, Vegas 2.0 for providing the party tickets, and Ninja Networks for providing the Ninja Party badges!
The next round of secretive Trans-Pacific Partnership (TPP) agreement negotiations begin today in Dallas, Texas. Once again, civil society and other public stakeholder representatives will be shut out of the official meetings, despite the vast impact this international agreement will have on economies and societies around the world. A number of organizations have stakeholder events planned around the week of negotiations, but we are still denied the ability to even view the current content of the TPP, and therefore it's extremely limiting for us to address the likely impact of TPP on the millions of citizens it will affect.
Public Citizen has released this parodic video to help raise public awareness about the TPP and to demand transparency in its negotiation process.
EFF opposes the creation of new global intellectual property enforcement rules that target the Internet through secretive agreements negotiated behind closed doors between a handful of trading partners. The leaked U.S. intellectual property chapter from the February 2011 draft of TPP made clear that its proponents want to regulate online expression and create legal frameworks that encourage Internet intermediaries to police networks and platforms on behalf of private party rightsholders—all without any input from the Internet community or the U.S. technology sector.
As EFF reported last week, the FAA finally released the names of the government agencies which have applied for and received authorization to fly drones in the US. Previously, the FAA had kept this information secret, and the agency only released it in response to EFF’s lawsuit under the Freedom of Information Act.
Unfortunately, the list did not include what types of drones were authorized to fly in U.S. airspace, what they were being used for, and what type of information they were collecting. The list may be incomplete as well. The FAA has promised to release more information soon, and EFF will publish that information as soon as it becomes available.
Meanwhile, concerning the secrecy surrounding the CIA’s drone program, ACLU’s Jameel Jaffer and Nathan Freed Wessler wrote an op-ed for the New York Times last week explaining how the CIA was abusing a doctrine in FOIA known as the “Glomar Response” which allows the government, in some situations, to refuse to confirm or deny a document or program exists. In the ACLU’s FOIA lawsuit over the CIA’s drone program, the government has, so far, refused to acknowledge that the program exists.
Of course, the drone program is highly publicized and has been acknowledged by many US officials outside of court. The administration’s arguments were further undercut this week when counterterrorism chief John Brennan formally acknowledged the drone program and gave the most detailed on-the-record description to date by an administration official. Brennan said that, “President Obama has instructed us to be more open with the American people about these efforts.” Let’s hope those instructions apply to the ACLU’s lawsuit, too.
The Justice Department has repeatedly asked for more time to respond to the lawsuit, despite the judge writing a few weeks ago, “If government officials can give speeches about this matter without creating security problems, any involved agencies can.”
Report on FISA
The Department of Justice posted its annual report to Congress on FISA surveillance and other national security activities conducted in 2011. Continuing its trend of more surveillance more often, DOJ applications to conduct electronic surveillance increased to 1,676 in 2011, up from 1,579 in 2010. Continuing a similar trend, the Foreign Intelligence Surveillance Court did not deny a single application to conduct surveillance, although the Court partially modified 30 orders.
# of DOJ requests to the FISA court to eavesdrop on and/or physically search Americans/legal residents: 1,745
# of FISA court denials: 0
Perhaps most notably, the government’s use of Section 215 – the so-called “business records” provision of FISA – more than doubled in 2011. The DOJ filed 205 applications in 2011, up from 96 applications made in 2010. This is the same provision that Senators Wyden and Udall have warned us about: the Senators have said that when the American public finds out how the government has interpreted and is using the provision, the public will be “stunned” and “angry.” Given this, it is particularly concerning the government is relying on the provision much more frequently. Hopefully, EFF’s FOIA lawsuit against the DOJ for information on its interpretation of Section 215 will help shed light on the way the government is using this provision.
The report wasn’t all bad news, though: for the first time in recent years, the government’s use of National Security Letters (NSLs) actually decreased. An NSL is a secret, administrative subpoena that allows the government to compel the disclosure of calling records, banking information, or credit information about citizens and legal residents from the companies that hold the information. An NSL also gags the recipient from every disclosing they received it. The government issued 16,511 NSLs for information on 7,201 citizens or legal residents in 2011; in 2010, the government sent 24,287 requests for information on 14,212 citizens or legal residents. While the rest of the government’s application orders went up, it’s heartening to see the use of NSLs decline so dramatically. It’s a trend we hope will continue.
Judge orders declassification, government appeals
The government announced they would officially appeal an important decision by a district court judge last month in which he ordered the declassification of “a one-page position paper produced by the U.S. Trade Representative (USTR) concerning the U.S. negotiating position in free trade negotiations” in response to a FOIA request. As EFF explained at the time, judges have rarely ordered classified documents released in the past, despite rampant overclassification by government agencies. The judge rightly called the classification in this situation not “logical.” If the decision is upheld, it would be an important victory for transparency.
Classifying the Wizard of Oz
Speaking of overclassification, a recently de-classified DC Circuit decision shows the sometimes ridiculous and arbitrary decisions US officials make when censoring government documents in the name of national security. As Marcy Wheeler reported, a decision by Judge Janice Rogers Brown denying a habeas corpus petition by a Guantanamo prisoner analogized the plaintiff’s case to the characters in The Wizard of Oz. The government then proceeded to censor the analogy from public view.
Here’s what the government originally believed would compromise national security if released:
Like Dorothy Gale upon awakening at home in Kansas after her fantastic journey to the Land of Oz, Latif’s current account of what transpired bears a striking resemblance to the familiar faces of his former narrative. See THE WIZARD OF OZ (MGM 1939). Just as the Gales’ farmhands were transformed by Dorothy’s imagination into the Scarecrow, Tin Man, and Cowardly Lion, it is at least plausible that Latif, when his liberty was at stake, transformed his jihadi recruiter into a charity worker, his Taliban commander into an imam, his comrades-in-arms into roommates, and his military training camp into a center for religious study.
Palestinian Authority Communications Minister Resigns Over Internet Censorship
Two weeks ago, news broke that the Palestinian Authority (PA) was blocking eight websites critical of President Mahmoud Abbas. In the wake of that news, the US Department of State expressed concern and PA Communications Minister Mashour Abu Daqa resigned, stating that the PA's Attorney General, Ahmad Al Mughni, had ordered the bans. In response, Al Mughni defended the censorship, stating that some sites had been "blocked for legal reasons" while others were censored for "security reasons." Nevertheless, Al Mughni's actions were not based in law, as the Palestinian Authority lacks any regulation governing the Internet. Aside from Al Mughni's support, the censorship has been widely condemned, both within the Palestinian government and from human rights and press freedom groups.
Chinese Censors Try to Erase Escaped Activist, Encounter Streisand Effect
News about Chinese activist Chen Gaungchen has been censored by the Chinese government for months, but last week--in the wake of the blind lawyer’s spectacular escape from house arrest--the Chinese government immediately expanded their campaign aimed at erasing all references to the story from social media.
The Associated Press reported a list of phrases that have been blocked by government censors, including “Chen Guangchen,” “blind man,” and “American Embassy.” The list also includes phrases that have been used to indirectly refer to Chen Guangchen’s story, such as “The Great Escape,” and “Shawshank Redemption.” The list of banned phrases continues to expand as social media users across China find new ways to talk about “cgc.”
CPJ’s Madeline Earp points out that Chen Guangchen has benefitted from the Streisand Effect. The activist is better-known now than he was before his imprisonment. Instead of silencing Chen Guangchen’s fans, the cat and mouse game between his supporters and the censors has only contributed to his legend.
Vietnamese Government Plans to Ban Anonymous Speech, Criticism of State
The Vietnamese government has issued a draft decree of a law that is expected to be issued by the Prime Minister Nguyễn Tấn Dũng in June. The decree will require Vietnam’s 30 million Internet users to use their real names when posting online and will forbid them from engaging in a range of activities, including online speech that is critical of the Vietnamese communist party and state, its policies, or its leaders. Additionally, the decree will require companies based outside of Vietnam providing “online social networking platforms,” to “provide information and cooperate with Vietnamese government agencies” to address activities prohibited by the decree. Foreign companies will be required to open local offices and presumably to house their data centers inside of Vietnam—an effort to make companies such as Google, Facebook, Yahoo, Microsoft, and Twitter to operate under Vietnamese law.
No major Internet company has chosen to locate its servers inside of Vietnam at this time. EFF joins with Viet Tan in urging Internet companies to oppose this decree and continue providing online platforms to the Vietnamese market that are consistent with their corporate responsibility. Google and Facebook have both discovered first-hand the dangers of moving into relatively liberal markets such as India, when they were forced to remove web pages deemed offensive to religious and political interests in India in accordance with a court order. Opening offices and storing data in Vietnam would be a blow to free expression for million of Vietnamese Internet users, who rely on foreign social media platforms to allow them to protect their right to speak anonymously and criticize the state.
There has been no lack of ink spilled on the legal battle between Oracle and Google surrounding Google’s use of Java APIs in its Android OS. And no wonder, what with testimony by both Larrys (Page and Ellison), claims of damages up to $1 billion, and rampant speculation that a ruling in Oracle’s favor could change the way we all use the Internet. Today, we got our first taste of where this all might be heading: the jury came back with a finding that, assuming APIs are subject to copyright, Google has infringed at least some of Oracle's. But significant outstanding questions remain, including whether copyright can in fact apply (the judge alone will decide this) and whether Google made a legal fair use of those APIs (we believe it did).
What’s really at stake here? This first stage of the trial concerns whether Oracle can claim a copyright on Java’s APIs and, if so, whether Google infringes those copyrights. (In 2010, Oracle bought Sun Microsystems, which developed Java.) When it implemented the Android OS, Google wrote its own version of Java. But in order to allow developers to write their own programs for Android, Google relied on Java’s APIs. (For non-developers out there, APIs (Application Programming Interfaces) are specifications that allow programs to communicate with each other. So when you read an article online, and click on the icon to share that article via Twitter, for example, you are using a Twitter API that the site’s developer got directly from Twitter.)
Here’s the problem: Treating APIs as copyrightable would have a profound negative impact on interoperability, and, therefore, innovation. APIs are ubiquitous and fundamental to all kinds of program development. It is safe to say that all software developers use APIs to make their software work with other software. For example, the developers of an application like Firefox use APIs to make their application work with various OSes by asking the OS to do things like make network connections, open files, and display windows on the screen. Allowing a party to assert control over APIs means that a party can determine who can make compatible and interoperable software, an idea that is anathema to those who create the software we rely on everyday. Put clearly, the developer of a platform should not be able to control add-on software development for that platform.
Take, for example, a free and open source project like Samba, which runs the shared folders and network drives in millions of organizations. If Samba could be held to have infringed the Microsoft’s copyright in its SMB protocol and API, with which it inter-operates, it could find itself on the hook for astronomical damages or facing an injunction requiring that it stop providing its API and related services, leaving users to fend for themselves.
Another example is the AOL instant messaging program, which used a proprietary API. AOL tried to prevent people from making alternative IM programs that could speak to AOL's users. Despite that, others successfully built their own implementations of the API from the client's side. If copyright had given AOL a weapon to prevent interoperability by its competitors, the outcome for the public would have been unfortunate.
Setting aside the practical consequences, there’s a perfectly good legal reason not to treat APIs as copyrightable material: they are purely functional. The law is already clear that copyright cannot cover programming languages, which are merely mediums for creation (instead, copyright may potentially cover what one creatively writes in that language). Indeed, the European Court of Justice came to just that conclusion last week. (Ironically enough, when Sun Microsystems was an independent company, one of its lawyers wrote amicus briefs arguing that interoperability concerns should limit copyright protection for computer programs.)
Improvidently granting copyright protection to functional APIs would allow companies to dangerously hold up important interoperability functionality that developers and users rely on everyday. Let’s hope the judge agrees.
Unfortunately, this episode may foreshadow a new wave of DMCA abuse targeting political activity. Here’s why: the DMCA's "notice-and-takedown" procedure says that in order to maintain a safe harbor status online service providers (like YouTube) must remove content as soon as they get a valid takedown notice. Then if the original poster of the content (in this case, DailyKos) responds with a counter-notice, the service provider (again, YouTube) has 10-14 days to put it back up.
That 10-14 day period can give DMCA abusers two weeks of censorship for free. It's one of the factors that makes the DMCA ripe for abuse: rightsholders who don't mind ending up in the Takedown Hall of Shame can get embarrassing videos pulled out of the public conversation for two weeks. And for videos that are connected to news items, like the Limbaugh video or campaign ads, that temporary shutdown can mean the difference between a major impact and total obscurity.
If the 2008 election cycle is any indication, we’re likely to see just that kind of abuse over the next several months. For example, during that election season major news outlets – who depend on fair use, and should really know better – sent takedown notices for severalpolitical ads. The McCain-Palin campaign even sent a letter to YouTube [pdf], requesting that YouTube give special consideration to political candidates and campaigns.
YouTube and other intermediaries (like Facebook) should take a second look at that position. UGC sites and social media have become essential tools for distributing speech, and not just by users who will be able to get special consideration. Presidential campaigns and popular blogs may be able to attract public attention and get a personal review, but the users behind videos like "Neda," which came to symbolize the Iranian "green revolution," or those documenting police brutality during Occupy protests, are not. Moreover, the Ninth Circuit UMG v. Veoh decision, along with the ongoing Viacom v. YouTube, has shown that courts support strong safe harbor protections for service providers. That means they can afford to resist censorship attempts without taking on much legal risk.
Defending your users against censorship is a good business practice — after all, DailyKos had to use a competitor to host the video while it was down from YouTube. It’s also good civic hygiene. The DMCA abusers still deserve a good shaming for their role, but YouTube and other UGC and social media sites can help users fight back. It's time that they did so, actively and consistently.