In a disappointing ruling for government transparency advocates, the Second Circuit Court of Appeals held the government could keep secret “cables describing waterboarding; a photograph of a detainee, Abu Zubaydah, taken around the time that he was subjected to the ‘enhanced interrogation techniques’; and a short phrase that appears in several Justice Department memos referring to a ‘source of authority.’” This suit came on the heels of revelations that tapes allegedly showing waterboarding were destroyed by a CIA officer.
The court accepted the government’s argument that waterboarding was an “intelligence method” and therefore exempt from disclose. The Obama administration argued in favor of this interpretation despite previously banning waterboarding as torture. As the ACLU’s Alexander Abdo wrote, the ruling means “the CIA can effectively decide for itself what Americans are allowed to learn about the torture committed in their name.”
In response to the ruling, the New York Times published an editorial, “A Court Covers Up,” lamenting yet another case of the government using secrecy to shield accountability, saying the “judges should have given the government’s overwrought claims of national security and secrecy special scrutiny, not extreme deference.”
As Abdo put it, “Were any other country to claim that national security required the suppression of details of torture, Americans would be rightfully shocked and incredulous.”
Leaks When They Want Them, Crimes When They Don’t
A FOIA request by the government watchdog group Judicial Watch revealed emails that show Obama administration officials gave Oscar-winning filmmaker Katherine Bigalow exclusive access to details about the classified Osama bin Laden raid while publicly warning other government officials that they would face investigation if they did the same.
This disclosure underscores the hypocrisy of the administration’s unprecedented prosecution of whistleblowers. Under the Obama administration, six former government employees who leaked information to the press have been charged under the Espionage Act—more than all other administrations combined. Apparently, whether disclosure of classified information is a crime is not based on the sensitivity of the information, but rather whether the information makes the government look bad.
WikiLeaks and the Bradley Manning Case
A group of journalists including Jeremy Scahill, Amy Goodman, Glenn Greenwald, and Kevin Gosztola joined WikiLeaks and their counsel, the Center for Constitutional Rights (CCR), in suing the federal government over the extreme secrecy in the trial of Bradley Manning. CCR asked the court “to grant the public and press access to the government’s motion papers, the court’s own orders, and transcripts of proceedings, none of which have been made public to date.” CCR argues that the trial has been “even less transparent than the controversial military commission proceedings ongoing at Guantánamo Bay.”
Meanwhile, lawyers for Guantanamo detainees asked a court to lift restrictions on reading the WikiLeaked Guantanamo files. Despite being publicly available online for over a year, the lawyers are only allowed to view the cables on non-government computers but are prohibited from downloading, saving, or printing them. These restrictions are utterly nonsensical: in effect, an attorney could violate the restriction simply by virtue of the browser settings used when accessing the document. And, depending on the definition of “download” the government chose to invoke, the very act of accessing the documents online – which the attorneys are expressly permitted to do – could constitute a violation of the restrictions. The government filed a response to the attorneys’ motion challenging the restrictions – naturally, it was classified.
In other WikiLeaks news, declassified Australian diplomatic cables, obtained byThe Age in Australia, confirm the US is still actively investigating WikiLeaks for obtaining and then publishing classified information. As we have detailed previously, this investigation represents a dangerous and virtually unprecendented attack on the First Amendment and freedom of the press.
More FOIA Problems For Justice Department
The FOIA Project released a study on the number of FOIA requests that ended in lawsuits because the government refused to comply. The Justice Department again came out looking the worst, as they were involved in 30% of the lawsuits, despite only receiving a total of 10% of the requests. Last year, DOJ won the National Security Archive’s “Rosemary Award” for worst open government performance.
Two weeks ago, Steve Wozniak made a public call for Apple to open its platforms for those who wish to tinker, tweak and innovate with their internals.
EFF supports Wozniak's position: while Apple's products have many virtues, they are marred by an ugly set of restrictions on what users and programmers can do with them. This is most especially true of iOS, though other Apple products sometimes suffer in the same way. In this article we will delve into the kinds of restrictions that Apple, phone companies, and Microsoft have been imposing on mobile computers; the excuses these companies make when they impose these restrictions; the dangers this is creating for open innovation; why Apple in particular should lead the way in fixing this mess. We also propose a bill of rights that need to be secured for people who are purchasing smartphones and other pocket computers.
Apple's recent products, especially their mobile iOS devices, are like beautiful crystal prisons, with a wide range of restrictions imposed by the OS, the hardware, and Apple's contracts with carriers as well as contracts with developers. Only users who can hack or "jailbreak" their devices can escape these limitations.
[29th of May, 2012: we have added two updates to this post, here and here]
Locked down devices
Apple changed the way we think about mobile computing with the iPhone, but they have also lead the charge in creating restrictive computers and restrictive marketplaces for software. You may have purchased an iPad, but unless you've exploited a vulnerability in iOS to jailbreak it, there are many things you cannot install on it. The App Store has thousands of apps to choose from, but your choices are limited to apps that both Apple has approved, and which can function without "root" or "administrator" privileges.
Apple has been known to reject or remove apps from sale because of their content (WikiLeaks app banned, eBook reader with access to Kama Sutra banned), for not using Apple to process payments, and for being capable of executing code that Apple can't approve. While Apple's policies have improved in the the years since the iPhone first launched, the company still maintains total control over what apps are available to consumers. Unlike Android, iOS does not have an option to install apps from sources other than the App Store.1 Apps that require administrative privileges are also impossible to install on an iOS device without jailbreaking it. This includes apps that let you tether your phone to a computer, change the look and feel of your phone's user interface, firewall your device, secure your internet traffic with OpenVPN2, amongst many others. Jailbreaking also helps security and privacy researchers observe apps on their phones to see if they're leaking any private data.
The Cydia App Store for Jailbroken iPhones
Many of these apps are readily available through Cydia, an alternative store for jailbroken iOS devices.
Additionally, because Apple modifies binaries before publishing apps in the App Store, open source apps released under the GNU General Public License cannot be published without the approval of all authors, which caused the popular media player VLC to get removed from sale. If you need VLC to play media that won't play with the built-in Video app, you can download it to your jailbroken device with freedom intact from Cydia, and the source code is available on their website.
Since jailbreaking is so useful, why doesn't Apple let their customers (or at least their technically inclined customers) do it? One reason is the profits from the App Store. Apple keeps 30% of the money from each app or in-app-purchase sold through its App Store. That means that for each 99 cent app sold, the developer gets 69.3 cents and Apple gets 29.7 cents. Cydia has 4.5 million weekly users and earns $10 million in annual revenue, and Apple doesn't get any of that competition. This is more like traditional software sales where consumers get to choose which store they buy their software from, and they can even buy it directly from the developer. Locking down iOS helps Apple maintain their monopoly on software sales for iOS.
Mountain Lion and Gatekeeper
Unfortunately, Apple is building more of the restrictions that it pioneered with iOS into Mac OS X for laptops and desktops. Apple started running the Mac App Store in early 2011 to sell Mac software. Like the iOS App Store, Apple takes a 30% cut of all software sold. The upcoming version of Mac OS X, Mountain Lion, will reportedly include warning messages that strongly discourage users from installing apps from sources other than the Mac App Store.
OS X Mountain Lion scares users away from Adium
Fortunately, it will be possible to turn this off in Mountain Lion and install apps from anywhere you want, but Apple is continuing down the dangerous road of making their products less open. OS X software authors will find themselves subject to the whims of Apple HQ. What would Mozilla do if Apple refused to authorize Firefox for OS X Mountain Lion, in the same way that Apple refuses to allow a true version of Firefox for the iPhone? Watch half their Mac market share disappear?
UPDATE: A few people have written to argue that we are being unfair to Apple in the above paragraph, because any "Identified Developer" can sign code so that it is installable on OS X Mountain Lion with the default Gatekeeper settings. We do not think we are being unfair, but a few more details are in order:
The Mountain Lion "Gatekeeper" code has three possible settings; the default is that only code from the Mac App Store or Identified Developers is installable;
We believe that being an "Identified Developer"3 requires paying $99/year and agreeing to two contracts with Apple: the Registered Apple Developer Agreement and the Mac Developer Program License Agreement, which Apple tries to keep secret but which may look like this. Free software projects like Adium may or may not be willing or able to restrict themselves in this way.
It's true that you might accidentally install malware if you get software from outside of Apple's App Stores. But while Apple tries to test all submitted apps to see if they're malicious, they don't always succeed. The security benefits of using a signed package manager are well established. GNU/Linux distributions have been doing this since the 1990s, and it's one of the primary reasons they're known for good security. But Apple perverts these benefits when your choice to install software from other sources is taken away, and when the only available app store charges developers 30% of their potential profits.
Microsoft: UEFI and Windows RT
In many ways, the Windows ecosystem has been more open than iOS's since it began. People have always been able to install whatever software they want in Windows, and whatever operating systems they want on their PCs. It's common for tinkerers to dual-boot their PCs with GNU/Linux and other operating systems, and some users choose to completely remove Windows.
However, this is going to change, at least for Microsoft's mobile and embedded OSes. Microsoft recently announced that in order to be Windows 8 hardware certified, personal computers must implement the "secure boot" option in the Unified Extensible Firmware Interface (UEFI) firmware interface specification, which is a modern replacement for the traditional PC BIOS. When "secure mode" is enabled, UEFI will execute only operating system bootloader code that is digitally signed, which could effectively shut out non-Windows 8 operating systems, including earlier versions of Windows. In response to warnings and legal steps from the free software community, Microsoft agreed to require "Windows 8" certified x86 and x86-64 hardware vendors to offer a way to turn off this "secure boot" option that locks out user-modified OSes.
Microsoft is also planning on restricting which applications are allowed to run with high privileges in Windows RT. The only web browser that will be allowed to run with these privileges is Internet Explorer. Harvey Anderson, Mozilla's General Counsel, warned about this on Mozilla's blog:
Why does this matter to users? Quite simply because Windows on ARM -as currently designed- restricts user choice, reduces competition and chills innovation. By allowing only IE to perform the advanced functions of a modern Web browser, third-party browsers are effectively excluded from the platform.
Microsoft, like Apple, is moving toward a dangerous future where users have less freedom to do what they want with their computers, where developers are restricted in what they can accomplish, and where competition and innovation is stifled.
UPDATE: The Free Software Foundation is running a campaign about Windows/UEFI restrictions on X86 and ARM devices.
Inadequate Excuses for Restricting Innovation
When technology and phone companies defend the restrictions that they are imposing on their customers, the most frequent defense they offer is that it's actually in their customers' interest to be deprived of liberty: "If we let people do what they want with their pocket computers, they will do stupid things with them. You will be safer and happier in our walled compound than you would be outside."
This is an elaborate misdirection. It may or may not be true that any particular user gets a better result from the pristine AT&T/Sprint/Apple/Microsoft experience than they do from a modifiable OS. Those companies should feel free to continue offering their own visions of how a pocket computer should function, so long as there is a simple, documented, and reliable way to drill into a settings menu, unlatch the gate of the crystal prison, and leave.
Toward a bill of rights for mobile computer owners
There are four rights that people purchasing computers should enjoy:
Installation of arbitrary applications on the device. If the user wishes to, they should not be limited to what is included in one particular proprietary "app store."
Access to the phone OS at the root/superuser/hypervisor/administrator level. If consumers wish to examine the low-level code that is running in their pockets, to check for invasions of privacy, run the anti-virus software of their choice, join VPNs, install firewalls, or just tinker with their operating systems, phone and device companies have no legitimate basis for preventing this.
The option to install a different OS altogether. If people want to install Linux on their iPhones, Boot to Gecko on their Windows phones, or just run a different version of Android on their Android phones, the company that sold them the hardware must not prevent them. Using a cryptographic bootloader to defend against malware is a fine idea, but there must be a way to reconfigure this security mechanism to (1) allow an alternative OS to be installed; and (2) to offer the same cryptographic protections for the alternative OS.
Hardware warranties that are clearly independent of software warranties. Apple denies warranty coverage to users who have jailbroken their iPhones. While nobody is asking Apple to support jailbroken or modified software, it is inexcusable that the company threatens not to cover, say, a faulty screen, if the customer has chosen to modify the software on their device.
Why Apple Can Lead the Way Out
Apple did not invent the culture of imposing restrictions on what kinds of programs people could run on the computers in their pockets. Mobile phone manufacturers and carriers were making life miserable for programmers long before Apple entered the smartphone market, and writing code for phones in those days was described as "a tarpit of misery, pain, and destruction". If anything, Apple's innovation was to show that it was possible to have a computing platform that was simultaneously useful, successful, and deeply restrictive of what people were able to do with it.
Nor is Apple necessarily the leading culprit in anti-competitive OS design today. AT&T, which not only encourages Apple's restrictiveness, but also distributes its own modified and heavily restricted versions of the Android operating system, might even be the worse actor.
What Apple has is the institutional wisdom to know better, and the ability to fix the situation. Apple understands the importance of open platforms: their devices wouldn't exist without them. Apple's incredibly strong brand and stature in the marketplace mean that the company could give people the freedom to tinker with their devices without measurably affecting its own profits or the experience of its "mainstream", non-tinkering users. And while the phone companies like to play at being gatekeepers in the retail phone market, we doubt that they can dictate terms to Apple.
Apple, take Woz's advice. No place, and no system, can be perfect if it denies its citizens the freedom to change it, or the freedom to leave.
2. iOS offers some options for VPNs, but not OpenVPN. GuizmoOVPN is an open source OpenVPN client for jailbroken iOS devices.
3. Many aspects of the Gatekeeper Developer ID program are only documented to parties who agree to an NDA with Apple, which we will not do. However Apple is clear that a Developer ID requires membership in the Mac Developer Program, and also implies that membership of that program requires agreement to the Mac Developer Program License Agreement.
Television networks are having a busy month trying to stamp out new TV-watching technology, including telling a court that skipping a commercial while watching a recorded show is illegal. Yesterday, Fox, NBC, and CBS all sued Dish Network over its digital video recorder with automatic commercial-skipping. The same networks, plus ABC, Univision, and PBS, are gearing up for a May 30 hearing in their cases against Aereo, a New York startup bringing local broadcast TV to the Internet. EFF and Public Knowledge filed an amicus brief supporting Aereo this week.
The suits against Dish are a response to the "Hopper" DVR and its "Auto Hop" feature, which automatically skips over commercials. According to the networks' complaints, the Hopper automatically records eight days' worth of prime time programming on the four major networks that subscribers can play back on request. Beginning a few hours after the broadcast, viewers can choose to watch a program sans ads.
These suits are yet another in a long and ignominious series of lawsuits by content owners seeking to control the features of personal electronic devices, and to capture for themselves the value of new technologies no matter who invents them. We've seen this movie before. Most directly, the Dish suits look like a replay of the 2002 suit against DVR maker ReplayTV. The networks sued ReplayTV for copyright infringement based on another automated commercial-skip feature. They claimed that viewers were infringing copyright when they skipped ads during playback, that skipping "robs the advertisers," and that ReplayTV should be responsible. EFF argued then, and in a later suit on behalf of Replay's customers, that choosing not to watch ads during playback is pretty far from being a violation of federal law. Unfortunately, the cost of the suit drove ReplayTV out of business before the court could rule on the networks' wacky theory.
Fast forward ten years. The networks are accusing Dish of "inducing" copyright infringement. That's a legal theory first created in the record labels' case against peer-to-peer software maker Grokster. The problem for the networks is that a technology maker, service, or other middleman can't be held liable for inducing copyright infringement unless their customers are actually infringing. And that means the networks will have to convince a judge that people who record a TV show, and later decide to skip over the commercials during playback, are violating federal law.
Dish is fighting back hard, filing its own lawsuit in New York to have its devices ruled legal. Hopefully, the courts won't turn millions of American commercial-skippers into lawbreakers.
Lino and Mario Bocchini, creators of the Brazilian parody website Falha de São Paulo, are currently appealing a court order that froze their domain two years ago. In September 2010, Brazilian newspaper Folha de São Paulo filed a lawsuit against the Falha seeking financial compensation for mimicking their layout and copy-editing, and also for “moral damages” to its reputation as a news organization. While the financial indemnities were dropped, Falha’s domain remains frozen for unauthorized use of Folha’s intellectual property.
Folha claims that the latest case is an intellectual property issue, rather than one of freedom of expression, because of the use of domain names and logos resembling its own. We asked Lino what he really thinks of that claim, and spoke to him about what the outcome of this appeal would mean for freedom of expression in Brazil.
To learn more about the Bocchini brothers’ story, check out their most recent website.
Why did you and your brother decide to start Falha de S. Paulo? At the time, did it seem like it would be a financial or legal risk?
When we were beginning, it was the end of 2010, in the heat of the last Brazilian general elections for president. Folha de S. Paulo, our major newspaper in Brazil, has a clear preference for some political parties and can almost act like one. This is common in some countries; usually newspapers and magazines speak in a public way about their political preferences. Another big newspaper in Brazil, O Estado de S. Paulo, does this. One of our biggest weekly magazines, Carta Capital, also does the same. Folha de S.Paulo does not declare their preferences; worse, they say all the time that they are an "impartial and equitable” newspaper. The alternative media has widely unmasked their analysis.
We decided to do the same but with humor, using a parody. In Portuguese, “folha” is a world for “newspaper.” After changing a letter (“falha”), it becomes the Portuguese world for “fail.” We use a lot of photomontage, like putting the head of the newspaper owner (Otavio Frias Filho) on Darth Vader’s body, creating “Otavinho Vader.” It was obviously all a critical joke.
At the time of our original website, we never thought about the risks, because we live in a strong democracy in Brazil, with high levels of free speech rights protections. This unprecedented legal action against us has become a flag for thousands in Brazil.
Before your online paper, were there any other notable parody magazines or newspapers that circulated in Brazil?
Yes, dozens. The first one has existed more than 70 years, and it was called A Manha, a parody of A Manhã. There are a lot of websites with names that look like official ones. One of our most famous chargists [caricature artist], Ziraldo, who just turned 80 years old, had a parody magazine called Bundas (asses) for years. It was a terrible critique of Caras (faces), which was a kind of Brazilian ¡Hola! Magazine. None of them were prosecuted, just my brother and me.
Did you get any cease-and-desist letters or similar requests from Folha before they sued the website? What warnings did Folha give that they were unhappy?
The first document we received was the legal notice that our website had been censored, an 88-page lawsuit against us was in development, and a demand for money. We not received any kind of previous warning.
What were all of Folha’s charges against you in the first lawsuit?
They said we “misused” the name. And they asked for money for "moral damages." According to them, the public could think that our website was the official one. This is a completely nonsense argument. We´re talking about a parody website with the owner of newspaper dressed as Darth Vader...
How did the judge determine a "tie" between your website and Folha? How was Folha able to pressure your domain name registrar into shutting down your original site?
The first judge accepted these arguments about “bad usage” of Folha´s name. The newspaper used these copyright and trademark questions to cover their real intention, which was censorship.
Our website was inspired by Folha. We used some elements such as graphics, language, and a similar name to evoke Folha, of course. But it’s ridiculous that this could be censored. We have a lot of TV shows, magazines, and websites like “Saturday Night Live” in the US, that use real-world elements but are not the real world. Democracy and the right to free speech should allow this use.
Why does the decision mention Carta Capital? What is the orientation of their magazine, and why would the judge assume it is related to your website?
Carta Capital magazine was not mentioned by Folha or by us in any moment of the process. That was purely the judge’s decision. We had a link in our censored website to Carta Capital, among others. The judge said that this “promoted” the magazine among Folha´s readers, so our internet address was “contaminated” forever. He upheld the censorship for this reason.
Was it difficult to decide to appeal the last decision after having been through so much litigation?
No. We will not sit back. We´ll go until the end, especially because this is the first process in Brazil with these legal characteristics. We decided to go until the end and appeal as much as is necessary, even if it takes decades. All bloggers are supporting us. Our victory would be collective. And a Folha victory would open a terrible precedent against the freedom of speech in Brazil.
What are you hoping to get out of this appeal?
I think we all are going to win because day by day, week by week, Folha’s aggression is becoming clearer. The newspaper doesn’t even speak about the case; nobody from Folha has ever made a single speech defending this position. It´s obviously a shame.
Have you had support from other Brazilian bloggers or journalists? Would you describe bloggers and journalists in Brazil as a close, connected community?
Yes, hundreds of Brazilian progressive bloggers have supported us from the beginning, and this was really important for continuing the fight. On the other hand, Brazilian media is too corporate. Despite the fact that dozens of journalists from the conventional media came to support my brother and me, no regular newspaper or magazine has ever noticed the case. In the beginning there was only Folha. Later, Julian Assange and Reporters Without Borders spoke about the case.
EFF and an array of civil liberties organizations are engaged in a pitched battle against the privacy-invasive legislation Congress is pushing under the guise of promoting “cyber security.” Everyone agrees that network security is important, but a thinly disguised mass surveillance bill won’t help address the needs of our country in defending our networks. Even when faced with wide-ranging opposition from security experts and the Obama Administration, the House of Representatives managed to ram through CISPA, a bill widely decried as empowering the military to collect the Internet records of Americans’ everyday Internet use. Now the fight is moving to the Senate, and the word from DC is that a vote on cybersecurity measures could happen in early June. That gives us little time to waste in fighting this legislation. We need the Internet community to rise up and fight for online freedoms in the cybersecurity debates. Here’s how you can help:
Send an email to Congress. Our online form makes this a quick process – just fill in your info, customize the message, and hit send.
Request a meeting with your Senator to discuss the cyber security legislation. Our friends at Fight for the Future have created an easy online tool for requesting a meeting with Senators. Report back and let us know if you are able to get the meeting scheduled – or if Senators are resisting the meetings – by email firstname.lastname@example.org.
Are you a civil liberties-defending superstar? Not everyone will have the time and inclination to take all 4 of these steps, but if you’re one of the dedicated freedom fighters who has done all of these things then please let us know by sending an email with your Twitter handle to email@example.com with “Digital rights FTW” in the subject line. With your permission, we’ll publicly recognize you.
Thanks for helping us defend liberty in the digital world.
You may remember that EFF’s client, Kyle Goodwin, asked the court to return the legal files he lost when Megaupload was seized last January. Since then, we’ve been to court, both for a hearing and a mediation, and nothing has changed. The key problem: the government has failed to help third parties like Kyle get access to their data. So we have no choice but to go back to court.
Today, EFF filed a brief asking for the court to order Kyle’s rightfully owned data returned. And it’s not just about Kyle’s property: it’s about the property of many other legal Megaupload users, too. We’ve asked the court to implement a procedure to make all of those consumers whole again by granting them access to what is legally theirs. Especially given that the use of cloud computing services is already widespread and poised to grow exponentially in the next few years, we believe the court should ensure that such innocent users do not become regular collateral damage.
Kyle Goodwin, and others like him, did nothing but legitimately use a cloud storage service to house legal files – in Kyle’s case, business files, but many others lost access to personal and private information as well. We believe the time has long passed for those folks to get their data back. We hope the court agrees.
Today, Google expanded its transparency reports program today by releasing a detailed report of content removal requests from copyright holders. The new copyright report joins its semi-annual government takedown transparency report, and covers more than 95% of the copyright takedown requests it has received for Search results since July 2011.1 Though Google has posted the content of takedown requests to Chilling Effects where possible before, this report presents the data collectively (and graphically) for the first time.
Striking is the sheer volume of takedown notices Google receives: in just the last month, it processed over 1.2 million requests for Search alone, from 1,296 copyright owners and 1,087 reporting organizations. That scale allows it to present trends in the data that might not otherwise be apparent. For example, even in the case of notorious "pirate" sites like The Pirate Bay, Google has received takedown notices for less than 5% of their indexable pages.
On the other hand, this report also provides a clearer look into the abuse of copyright tools. Google explains that it's complied with 97% of takedown requests received between July and December of 2011, but also provides examples of obviously invalid copyright requests it's received. Those examples range from cases of negligent over-application, such as movie studios who have attempted to remove IMDB entries or links to legitimate trailers for their movies, to clear attempts at censorship, such as businesses who have issued takedown requests for employee accounts of unfair treatment. Of course, there are even more ridiculous examples: the report describes a reporting company sending a takedown notice for links to earlier takedown notices that obviously did not infringe.
This transparency report gives Google a chance to highlight some of its good citizenship as an online service provider. Although the burden of liability is supposed to be on the organization that sends the takedown notice — it is required to claim under penalty of perjury to have a good-faith belief of copyright infringement — in practice many groups are willing to skirt those rules, sending takedown notices to silence unfavorable speech or even without human review. The 3% of takedown notices that Google chooses not to comply with is a large absolute number, and each of those are instances of legitimate speech that would have otherwise been shut down. Google deserves to be commended for that behavior.
Given its importance as a starting point for many users, removal from Google's index can have devastating consequences on speech. Google has done the right thing by pushing back on bogus takedown notices, both by reviewing and rejecting those requests the first time, and by publishing real data about the behavior of copyright holders and reporting organizations. As with the government transparency reports, reporting on copyright notices can expose bad practices and allow people to assign blame where it belongs: with the people abusing the system. We hope this is just the beginning: Google should extend the program out to their other properties like YouTube and Blogger, and other online service providers should follow suit.
1. It doesn't cover requests for non-Search Google products, such as YouTube or Blogger. We hope these services are on the roadmap for the future.
Privacy advocates in the United Kingdom got the unfortunate opportunity to say “we told you so” last week, following revelations that nearly 1,000 civil servants working at the UK government’s Department for Work and Pensions had been disciplined for accessing citizens’ private and confidential data, including criminal records, employment histories and social security details. More than 150 of those data breaches occurred at the Department for Health, an agency tasked with providing health services – and maintaining all UK medical records.
The unsettling news came to light after reporters with an investigative television broadcast series filed Freedom of Information requests and published their findings.
As ZDNet’s Zack Whittaker shrewdly points out, the most disconcerting aspect of this rampant leakage is that it wasn't caused by a system malfunction, but rather active exploitation at the hands of “the very people we supposedly trust with our data.”
Not Guilty? Met Police Can Still Snoop Through Your Cell Phone
Metropolitan Police in 16 London boroughs are now employing technology to instantly extract mobile phone data from suspects in custody. The upgrade allows police to access call history, texts and phone contacts, while eliminating the need for a forensic examination that used to take several weeks.
A particularly glaring problem with this new policy is that police will continue to retain the mobile phone data regardless of whether charges are brought, according to a BBC report. Privacy International has characterized the new policy as a “possible breach of human rights law,” arguing that since it’s already illegal to indefinitely retain DNA profiles from detainees, sensitive mobile phone data should be held to the same standard. Another worry springing out of the new policy: Extracting mobile phone data at a police station is just a heartbeat away from doing the same during a stop-and-search on the street.
FBI Cozying Up with Europol on Cybersecurity
The European Union is actively seeking closer collaboration with the United States Department of Homeland Security (DHS) to fight cyber crime. In fact, EU Home Affairs Commissioner Cecilia Malmström recently went so far as to say, “EU-U.S. cooperation is not a choice, but a necessity.” She then predicted the success of joint cybersecurity operations between the FBI and Europol. Malmström added that she has been working closely with DHS Secretary Janet Napolitano on joint cyber crime initiatives as part of a working group that's planning “a fully fledged EU-U.S. cyber exercise” in 2014.
“Yesterday, I had the opportunity to follow the work of the FBI and I was impressed by how advanced they are,” Malmström noted. “This has reinforced my view that we should continue to deepen transatlantic cooperation against cyber threats.” Her comments were delivered on May 2 in Washington, D.C., at the Transatlantic Cyber Conference, organized by the Center for Strategic and International Studies, the European Security Roundtable and SRA International.
Land of #OzLog: Data Retention Back on the Agenda in Australia
“OzLog” is shorthand for a proposed mandatory data retention policy the Australian government has been toying with the idea of implementing, despite popular backlash. Patterned after the notorious European Directive on Data Retention, the proposal would require Internet service providers Down Under to store information about customers’ web usage history for two full years.
Dormant for months, it was looking as though OzLog would make a comeback in recent weeks as part of a broader surveillance monstrosity taking shape under Australia’s Federal Attorney-General, Nicola Roxon. To flesh out the plan, the government sought feedback on ideas such as: “increase powers of interception; make it easier for [the Australian Security Intelligence Organization] to break into computers and computer networks, including those of third parties not targeted in warrants; [facilitate] the prosecution of anyone who names an ASIO officer; and [implement OzLog],” according to Crikey, an Aussie news outlet.
Fortunately, opposition to the proposed surveillance scheme is mounting. Australia’s Parliamentary Joint Committee on Intelligence and Security rejected the plan’s terms of reference last week, sending it back to the drawing board. And Sen. Scott Ludlam, a spokesperson for the Australian Greens, expressed bitter opposition, saying: “This is the idea that all our personal data should be stored by service providers so that every move we make can be surveilled or recalled for later data mining. It is premised on the unjustified paranoia that all Australians are potential criminal suspects.”
Hey, Teachers! Leave Those Kids Alone!
High school students in the Australian state of Queensland who lack their own computers are given government-issued laptops to take home with them from school – but they come with a hidden price. A recent news report revealed that “screen spy” monitoring software run by the AB Tutor Client Program quietly takes time-stamped screenshots, monitors printing, and logs visits to websites and keystrokes. Students’ online activity is monitored even when they are working at home, and one mother complained that a screenshot had been taken of her daughter’s Skype conversation. During class, teachers can remotely control the computers.
Despite the uproar that was unleashed when parents and civil liberties advocates discovered the extent of the laptop monitoring, officials with Education Queensland, the governmental department responsible for running the schools, stuck by the practice. Responding to questions from the press, Queensland Education Minister John-Paul Langbroek noted that parents had signed an agreement disclosing that online communications could be audited and traced back to students. He then delivered a line that is often repeated but known by privacy advocates to be completely wrongheaded. “If they've done nothing wrong,” he said, “they've got nothing to fear."
In Canada, Telcos Got Inside Track On Surveillance Bill
Several weeks before Canada’s controversial online surveillance legislation, Bill C-30, was introduced, major telecommunication companies partnered with government officials to develop a secret forum on “Lawful Access,” the deceptive term used to describe governmental interception of online activity and information. The closed-door collaboration was revealed in documents obtained via Canada’s Access to Information Act (the equivalent of the U.S.’s Freedom of Information Act), according to Michael Geist, a law professor at the University of Ottawa. News of the secret meeting served to clear up confusion as to why Canada’s telcos stayed mum on C-30 when it reached the height of controversy earlier this year.
After Bill C-30 had formally entered the approval process, government officials continued to work with telcos behind the scenes to respond to their concerns — such as whether they would receive “adequate compensation” in exchange for providing subscriber information, according to the released documents.
As Geist points out, the behind-the-scenes collaboration essentially “created a two-tier approach to Internet surveillance policy, granting privileged access and information for telecom providers.” Though it’s on the back burner for now, Bill C-30 nevertheless remains in legal limbo, with Public Safety Minister Vic Toews promising that it will be sent to committee for further study.