Kevin McLeod is a deaf man who uses his Android phone — a Samsung Epic 4G — to assist him with communication, record-keeping, and time management. Like many deaf people, he uses video relay service (VRS) software on his phone to “work on a level playing field with hearing peers and have productive and meaningful careers.” He had these comments for the Copyright Office:
I need a phone that can run VRS software through the day without having to recharge every other hour. The stock phone I received can't do that. I had to upgrade to a more powerful battery. Then I installed an alternative version of the Android operating system called CleanGB that removes most of the carrier-installed software. This freed up memory and battery resources I need to stay connected.
We need the ability to modify our devices because manufacturers and carriers can't possibly anticipate all the needs of their customers. We need flexibility to make the most of the terrific tools they build for us. I love the power and connectivity my phone gives me. I love that I can customize it to meet my unique needs.
And Tom Van Nostrand sent these comments from Kuwait:
I work on an Army base in the middle east and at night it is very dark. Often times for my job I have walk outside the trailer, and there's rocks, scorpions, Spiny-Tailed Lizards, wild dogs etc to look out for outside.
I jailbreak my phone specifically so that I can set a button to immediately turn on the "flashlight" on my camera when I need it. Please do NOT make it against the law for me to be safe while supporting the U.S. Army's troops.
Stephanie Hughes had this to say:
I am a nurse and the customizations I can make to my devices after jailbreaking increase my productivity and success in my job every day. I can track my performance, treatments used on patients, and the effects of those treatments, much faster with customizations that are not available on a device that is not jailbroken.
Reasons for jailbreaking personal devices are as varied as the people who use them, but they share two common themes: one, the law shouldn't interfere with people's use of their own devices, and two, personal devices can't reach their full potential when manufacturers artificially limit their uses. If you have a compelling story for the Copyright Office, submit your comments today and sign on to the Jailbreaking Is Not a Crime and Rip Mix Make letters.
On Wednesday, EFF will give recommendations to the European Parliament for how to combat one of the mosttroubling problems facing democracy activists around the world: the fact that European and American companies are providing key surveillance technology to authoritarian governments that is then being used to aid repression.
Recent reports by the Wall Street Journal and Bloomberg News, as well as a subsequent release by WikiLeaks, have exposed the shadowy but growing industry that sells electronic spy gear to governments known for violating human rights. The technology’s reach is very broad: governments can listen in on cell phone calls, use voice recognition to scan mobile networks, read emails and text messages, censor web pages, track one’s every movement using GPS, and can even change email contents while en route to a recipient. Some tools are installed using the same type of malicious malware and spyware used by online criminals to steal credit card and banking information. They can secretly turn on webcams built into personal laptops and microphones in unused cell phones. And all of this information is filtered and organized on such a massive scale that it can be used to spy on every person in an entire country.
Ordinary citizens, journalists, human rights campaigners and democracy advocates have all been targeted, eviscerating privacy rights and chilling free speech. Ample evidence suggests information acquired through this spy gear appears has played a role in the harassment, threats, and even torture of journalists, human rights campaigners, and democracy activists. Yet dozens of companies from the U.S. and E.U continue to sell this technology, including to authoritarian regimes.The market for surveillance equipment has grown to a staggering $5 billion a year.
Dutch member of the EU Parliament Marietje Schaake has been trying to spearhead an effort to curb sales of this type of technology to repressive regimes. In September, the EU parliament passed a resolution proposed by Ms. Schaake which called on European countries to regulate sales of this dangerous surveillance tools if they can be used in human rights violations. She has also asked the European Commission to investigate sales by these companies to the governments of Bahrain, Yemen, Syria, Tunisia and Egypt. On Wednesday, EFF will be testifying at a workshop for Committee of International Trade and Committee on Foreign Affairs, co-chaired by Ms. Schaake. Here is part of what we will say:
First, transparency is key. The mass surveillance industry as a whole has been notoriously secretive and that has, in turn, allowed it to proliferate without meaningful safeguards. But we know that just having this information in the public eye can, by itself, force change. Companies have pulled out of countries and created official human rights policies thanks to news reports. The world program director of I.S.S. Tatiana Lucas even complained that shining a spotlight on these practices “makes U.S. manufacturers gun shy about developing, and eventually exporting, anything that can remotely be used to support government surveillance.” We want to turn up the heat on these companies even more to be accountable for selling to authoritarian regimes.
We encourage the EU commission to act on Ms. Schaake’s request for an investigation into these companies and have them answer questions on the record. The EU Parliament should also consider disclosure requirements, requiring companies to publicize which governments they are selling to (either a full list or a limited list of based on troubling regimes or portions of regimes) and descriptions of the capabilities of their technologies, so an investigative body could follow the money trail to find out exactly whose equipment ends up where and how it is being used.
“Know Your Customer”
But beyond transparency, there is also the question of limiting sales to certain governments or parts of governments. Many have called for such direct legislation of surveillance tools but EFF has not joined that chorus, in part because we recognize how difficult it will be to create rules that both reach the problem and do not create collateral harms.
First and foremost, we want to make sure we do not leave activists with fewer tools than they already have. Parliament must be mindful of legislation just based on types of technology becausebroadly written regulations could have a net negative effect on the availability of many general-purpose technologies and could easily harm very people that the regulations are trying to protect.As EFF has highlighted before, legal terms used to define harmful technology can often encompass basic technology like web browsers and email servers. We can see this problem in the U.S., where overbroad regulations keep Syrian activists from accessing Google Chrome and Earth, Java, and or hosting services like Rackspace or SuperGreenHosting. It can also harm network security efforts.
So instead of focusing on the technology being sold, we recommend that any formal or informal effort to address the problem of misuse of surveillance technologies look at the government customers as the ultimate chokepoint. To that end, EFF has proposed a “know your customer” framework, based on already existing legal frameworks in the U.S. that can be implemented without significant overhead cost to government or businesses.
Simply put, companies selling surveillance technologies to governments or government providers need to affirmatively investigate and "know their customer" before and during a sale. EFF has already detailed extensive framework for such regulations including questions, definitions, and procedures for how to accomplish it.
It would require companies to comprehensively review everything about a sale of surveillance technology from the negotiations, discussions, background of the buyer, contractual specifications, technical support requests, to State Department and U.N human rights reports and the capability for abuse. Companies would refrain from participating in transactions where their investigations reveal either objective evidence or credible concerns that the technologies provided by the company will be used to facilitate human rights violations. You can read EFF’s full, detailed “know your customer” framework here.
This approach does three things: First, it avoids the many problems with pre-defining technologies, and instead focuses on the uses of the technologies to facilitate human rights abuses.Second it encompasses both government-like entities and sales to third-parties when the technology is likely to pass to repressive governments.This problem has been a frequent excuse from companies engaged in this business and their apologists.Yet in the context of tracking bribes in the Foreign Corrupt Practices Act and other export regulations, the U.S. government, like other governments around the world, have developed tools to help discover these sorts of transactions.Third, because it is based on current regulations that many of the companies involved in selling surveillance equipment to government end users already have to comply with, this approach should not add a heavy regulatory burden.
We hope the EU moves quickly on this problem, as recent reports show it is only getting worse. We also hope the U.S. Congress is listening because with U.S companies sell the same equipment, they are not only undermining own foreign policy in these countries, but destroying the human rights the State Department claims it supports around the world.
When asked by the Guardian if he would be comfortable knowing that regimes in North Korea and Zimbabwe were purchasing this technology from the companies he does business with, Jerry Lucas, president of Telestrategies Inc., said, “That’s just not my job to determine who’s a bad country and who’s a good country. That’s not our business.”
By instituting EFF’s "know our customer" standards, we can make it their business.
The Sultanate of Oman has received little attention throughout the so-called Arab Spring, despite unprecedented protests last February. Although there is no reported online political censorship, reports that the government monitors private communications, as well as the country's recently amended penal code (which suggests punishment for those charged with weakening the "prestige of the state"), suggest that the Omani blogosphere likely engages in self-censorship. Despite that, no blogger has ever been reported arrested in the Gulf country...until now.
According to a report from Global Voices Advocacy, Muawiya Alrawahi was detained for a blog post and a series of tweets in which he criticized the government. The report states that Alrawahi wrote, in a now-deleted Arabic-language post on his blog, about "suffering sexual abuse as a young teenager, his earlier involvement with Oman's Internal Security Service (ISS), his admiration for and connections to ex-ISS Brigadier-General Khamis Al Ghraibi (now imprisoned under charges of spying for the UAE), his lack of religious belief, his disillusionment with Oman, and his loss of faith in the ruler Sultan Qaboos." Alrawahi's arrest comes shortly after the arrests of two journalists in the country on charges of "insulting" the country's Minister of Justice.
Alrawahi's arrest signals a downward turn for Oman. EFF urges Omani authorities to protect the right to free expression online by releasing Alrawahi unconditionally and re-considering elements of the penal code that would restrict the universal right to free speech for Oman's citizens.
South Korean Indicted for Tweets
South Korea is one of a handful of democracies that justifies online censorship on the basis of "national security." The country's National Security Law allows for harsh punishments to be meted out to those who "praise, encourage disseminate or cooperate with antistate groups, members or those under their control." The law covers, unsurprisingly, affiliation with or support for North Korea, and allows the government to block websites related to North Korea and communism.
As the New York Timesreports, that law was recently used to detain Park Jung-geun, a 23-year-old photographer, for re-posting content from North Korean government site Uriminzokkiri.com to his Twitter account. As it happens, South Korean media regularly cite the government-run website in news reports.
Park claims that his Twitter posts were intended sarcastically, but prosecutors have countered that the Twitter account "served as a tool to spread North Korean propaganda." Park could face up to seven years in jail if convicted.
EFF urges South Korean authorities to immediately drop the charges against Park Jung-geun.
China Cracks Down Over Tibet Unrest
Following news last week that China had shut down Tibetan blogs amid heightened tensions between Tibetans and the central government, new reports claim that the government also shut down Internet and mobile access during the protests. China's "kill switch" was previously used in 2009 to cut off access in the western Xinjiang province following ethnic riots in Urumqi.
EFF reiterates its condemnation of China's heavy-handed censorship policies and once again calls upon the Chinese government to stop silencing Tibetan voices.
If you still aren't sure why jailbreaking is important, one prime example of the problem is the Sony PlayStation 3. That game system initially shipped with the ability to install Linux and other Unix derivatives. As a result, not only did hobbyists use PS3s as homebrew computers, but Unix-based PS3s were also linked in labs to make affordable supercomputers.
However, in April 2010, Sony’s mandatory firmware update -- version 3.21 -- removed the ability to install "Other OS" -- meaning no more Linux on your PlayStation. To add legal muscle to its firmware, Sony sued several security researchers for publishing information about security holes that would allow users to run Linux on their machines again. Claiming that the research violated the DMCA, Sony asked the court to impound all "circumvention devices" -- which it defines to include not only the defendants' computers, but also all "instructions," i.e., their research and findings.
This means you can set your PlayStation on fire, but you can’t run Linux on hardware you own. To illustrate how ludicrous this is, we made a video illustrating what an owner can do with a PlayStation -- and what Sony contends they can’t.
Update: Richard Stallman, President of the Free Software Foundation, writes to remind us that Linux is a kernel, and that the complete usable operating system is GNU/Linux. GNU, a recursive acronym for GNU's Not Unix, is a free software Unix-like operating system that was designed to not be Unix.
Paulus Le Son, a blogger detained in Vietnam since August 2011
Arrests of Dissident Bloggers Continue in Vietnam
As we have previously covered, the Vietnamese government continues to crack down on bloggers and writers who have spoken out against the Communist regime. Alternative news site, Vietnam Redemptorist News, has been targeted by the state and several of their active contributors have been arrested. Paulus Le Son, 26, is one of the most active bloggers who was arrested without a warrant.
Vietnam is increasingly applying vague national security laws to silence free speech and political opposition. He is one of 17 bloggers who have been arrested since August 2011. Charged with “subversion” and “activities aimed at overthrowing the people’s administration”, there is a campaign to release him and the others who have been detained
EFF stands with the Committee to Project Journalists, Reporters Without Borders, and Front Line in calling for the immediate release of all arrested bloggers.
Google Quietly Releases Country-by-Country Take Downs For Blogger
Most of the blogosphere’s attention has been focused on Twitter’s new censorship policies released last week, but Google has quietly unveiled its new policies for its blogging interface, Blogger. The changes reflect a compromise similar to Twitter's, allowing them to target their response to content removal requests by certain states. Over the coming weeks, Google will redirect users to a country-code top-level domain, or “ccTLD”, which corresponds to the user’s current location based upon their IP address. Google also provides users a way to get around these blocks by entering a formatted No Country Redirect or “NCR” URL.
These moves come after pressure from countries like India that are cracking down on social media sites for content deemed “inappropriate”. On Blogger’s FAQ they explain why it has come to this:
Migrating to localized domains will allow us to continue promoting free expression and responsible publishing while providing greater flexibility in complying with valid removal requests pursuant to local law. By utilizing ccTLDs, content removals can be managed on a per country basis, which will limit their impact to the smallest number of readers. Content removed due to a specific country’s law will only be removed from the relevant ccTLD.
As these companies enter new countries, they become subject to local laws. Given that they say they already respond to valid and applicable court orders that could effect global access to certain content, it is in some ways an improvement to limit censorship to the region in which it applies. Google’s policy changes are similar to Twitter’s, which we reacted to last week:
For now, the overall effect is less censorship rather than more censorship, since they used to take things down for all users. But people have voiced concerns that "if you build it, they will come,"--if you build a tool for state-by-state censorship, states will start to use it. We should remain vigilant against this outcome.
The lasting consequences of this new policy cannot be foreseen, in the meantime we will be keeping a close eye on Chilling Effects to track government requests to censor content on Blogger.
China Shuts Down Tibetan Blogs
The Chinese government shut down several independent Tibetan-language blogs on Wednesday. This occurred amid heightened tensions in the decades-long conflict between the minority group and the government. While some of the take-downs leave no explanation, there was one notice by the Chinese state on AmdoTibet, whose blog has been the only page of the site has been taken down. It reads:
Due to some of the blog users not publishing in accordance with the goal of this site, the blog has temporarily been shut down, we hope that blog users will have understanding!
We condemn the Chinese government’s heavy-handed censorship policies, and demand them to stop silencing the Tibetan voice in their country.
You don’t need us to tell you that your position on anti-"piracy" laws has been unpopular recently. Last month’s historic protests, with millions of Americans registering their opposition, have made that point pretty clear. Instead, we’re writing today to tell you that the Internet can be great for creators and their community, but your own leadership refuses to recognize and take advantage of its promise. It seems they’d rather spend your membership dues on lawyers, lobbyists and astroturf than innovation. We suspect many of you are realizing this, especially when you see how successful new business models can be.
Hollywood’s leadership painted the push for the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA) as a defense of your jobs — a stance that was cynical at best, as they know the only jobs the bill would save were those of their lawyers. What is worse, by framing a stance against SOPA and PIPA as a betrayal of creators everywhere, they’ve poisoned the debate about the legislation and attempted to mislead you into fighting for bills that won’t put a dent in online infringement but will interfere with the development of ways for creators like you to profit from Internet technologies.
For one thing, although the studio heads and MPAA leadership claim this legislation is about your jobs, they’re curiously silent about the fact that entertainment spending and revenues are up across the board. In the words of one recent study, the sky isn’t falling — it’s rising. So if you’re concerned about your job, please realize the primary threat does not come from unauthorized downloading. The actor Wil Wheaton suggests that the problem might be closer to home:
I have lost more money to creative accounting, and American workers have lost more jobs to runaway production, than anything associated with what the MPAA calls piracy.
And though the handful of executives at the top might not have realized that yet, individual creators among you have reached this conclusion and are already profiting from it. At last week’s Sundance festival, even as Dodd and others were lamenting the web’s impact on film, ten percent of the films were financed by pledges through the online fundraising platform Kickstarter. And after film, music projects are Kickstarter’s second largest funding recipients. The music publishing platform Bandcamp now regularly pays out a million dollars to artists each month through sales made on the site. Some of those sales are even made to people who were looking for free content, but were enticed by the friendly purchase process.
The tech community loves creativity, and it wants to support artists, but it’s got a real problem with the people who run Hollywood. As long as it’s worried about Hollywood leadership doing damage to civil liberties and online freedom, the kind of profitable partnerships we know are possible will be difficult to make.
We’ve seen this movie before, and we know how it ends. The right answer to the question that the Internet raised isn't to demonize the tech community and innovators. That strategy failed dramatically against earlier technologies like the VCR, which MPAA President Jack Valenti compared to "the Boston strangler" in a 1982 testimony to Congress. Of course, that innovation opened up the home video market, which is now the source of nearly half of all studio revenue.
SOPA and PIPA were a step in the wrong direction, but it’s not too late to turn this ship around. Please, tell your leaders to support innovation — or get new leaders.
Right now, representatives from nine countries including the United States are secretly meeting in a luxury hotel in Beverly Hills to negotiate the Trans-Pacific Partnership Agreement, a trade agreement with the potential to contain intellectual property provisions that go beyond ACTA. These secret meetings could create over-reaching new rules and standards that will choke off the online speech of individuals, websites, and platforms accused of copyright infringement.
But because the meetings are held behind closed doors and the text has not been released to the public, the citizens who will be affected do not know the details and don’t have a voice.
Click here to join EFF in demanding a Congressional hearing so lawmakers can learn what’s in the TPP and hear from all affected stakeholders, not just the content industry.
Yesterday, EFF International Rights Director Katitza Rogriguez checked in with protestors outside ongoing TPP meetings in Los Angeles. Katitza reported:
The energy at the rally was intoxicating. And the people were right to protest: TPP is one more in a long line of global copyright initiatives that are putting Internet users last. All over the world, people are saying enough is enough.
This week of negotiations in Los Angeles is a crucial moment for the TPP. Please contact your lawmakers today and let them know that we will not be left in the dark. Demand to know what's in the Trans-Pacific Partnership Agreement.
Here’s what you need to know about the substantive changes in the new policy:
Up until March 1, 2012, the data Google collected on you when you used YouTube was carefully cabined away from your other Google products. So, in effect, Google could use data they collected on YouTube to improve and customize the users’ YouTube experience, but couldn’t use the data to customize and improve user experience on, say, Google+.
The same siloing took place for your search history. Previously, Google search data was kept separate from other products. Even when users were logged in, Google promised not to share the information they gathered about you from your Google search history when customizing their other products. Considering how uniquely sensitive user search history can be (indicating vital facts about your location, interests, age, sexual orientation, religion, health concerns, and much more), this was an important privacy protection.
Unfortunately, Google’s original explanation left much to be desired. The policy’s overview page said nothing about the substantive changes that were occurring in the policy, and the FAQ was equally vague:
Second, the new policy reflects our efforts to create one beautifully simple, intuitive user experience across Google. It makes clear that, if you have a Google Account and are signed in, we may combine information you’ve provided from one service with information from other services. In short, we can treat you as a single user across all our products.
"Beautifully simple" and the ability to "treat you as a single user" don’t actually get at the kernel of what changed: that they are specifically enacting a change to how they treat data they collect through YouTube and search history. To be clear, they aren’t collecting more information, but they are sharing that information in a new way.
We were heartened to see the letter and Q&A Google published yesterday in response to the questions from Congress in which they gave straight answers about their new policy. They stated:
Specifically, our policies meant that we couldn’t combine data from YouTube and search history with other Google products and services to make them better. So if a user who likes to cook searches for recipes on Google, we are not able to recommend cooking videos when that user visits YouTube, even though he is signed in to the same Google Account when using both.
This is a great deal clearer than their original notification, so we applaud that. It’s unfortunate that it took a letter from Congress to get them to give the public straightforward explanations.
For individuals who would like to continue using Google products, but want to create some type of silo between Google search, YouTube, and other products, there is an option to set up multiple Google accounts. Users can set up two or more accounts as long as they have different Gmail addresses; however, individuals using this strategy to protect their privacy should be careful not to commingle-consider using separate browsers for each of your Google accounts. To be extra careful, users might want to use the Data Liberation tool to grab a copy of all of their data from a particular Google product, delete the data from the original account, and then upload that data onto the new account. For example, an individual might set up a secondary Google account for browsing and sharing YouTube videos. She could then download all of her existing YouTube videos to her computer, delete them from her primary Google profile, and then use a separate browser to upload them to a new secondary Google account. Unfortunately, this is a somewhat laborious process. To help users who wish to keep separate accounts, Google should make the process simpler and easier.