January 28th is Data Privacy Day, also known as International Privacy Day. To celebrate, EFF is calling on users to protect online privacy by in three ways: download HTTPS Everywhere to ensure you use HTTPS when possible; help us catalog sites that are using HTTPS by contributing to HTTPS Now; and, if you administer a site, commit to enabling HTTPS support in 2012.
HTTPS is a protocol that provides secure Internet transactions between web browsers and web sites. You can check to see if the web page you are visiting uses HTTPS by making sure that the URL at the top of your browser begins with HTTPS rather than HTTP. The "S" stands for secure. Some browsers also indicate that you are using a secure connection by displaying a closed lock in the corner of the browser.
HTTPS protects users from certain kinds of Internet surveillance. By encrypting your connection, HTTPS prevents eavesdroppers from seeing the contents of your communication with a website, including potentiallysensitive data such as the contents of your email and chats, login credentials, search terms, and credit card numbers. Many sites support the use of HTTPS, but may not turn it on by default. Other sites have failed to implement HTTPS at all.
The rise of open wireless networks in coffee shops and libraries means that users are sharing network connections with strangers everyday, and tools like Firesheep and Wireshark make it a trivial matter for individuals with minimal technical knowledge to eavesdrop on what users are reading and writing online. To safeguard the privacy of our reading habits on the Internet, we need to encrypt the web. And that means websites - from online newspapers to social networks to email providers to online stores - need to take the initiative and start enabling HTTPS.
In order to make sure that you are using the secure version of a website when one is available, EFF recommends using our HTTPS Everywhere browser extension for Firefox. If a website that you visit supports HTTPS, but is not included in the HTTPS Everywhere database, you can submit a new rule.
Want to help EFF track and analyze the implementation of HTTPS around the web? Look around the web to see what sites are HTTPS-enabled and report them to HTTPS Now. They've got instructions on how to test a site's support for HTTPS and report it to the community.
Remember, HTTPS is not an anonymity tool. Eavesdroppers can still see where you are connecting from and the sites you are connecting to, and the sites themselves can still track and record your activity. EFF recommends using Tor if you are concerned about anonymity.
Website administrators and companies
If you are a site admin who would like to protect users' privacy by enabling HTTPS on your site, EFF has these suggestions. Once you have enabled HTTPS on your site, please submit a new rule to HTTPS Everywhere. If you are planning to implement HTTPS on your website in 2012 as part of International Data Privacy Day, please email Jolynn Dellinger at firstname.lastname@example.org so your site can be recognized on the International Data Privacy Day page.
As protests against the U.S. bills SOPA and PIPA sweep the world, Singaporeans are under threat of censorship from their own government. According to Channel News Asia, Singapore Minister for Law K Shanmugam recently revealed that his ministry is in discussion with the Motion Picture Association of America (MPAA) over piracy issues. At an event organized by the Intellectual Property Office of Singapore (IPOS), Shanmugam reportedly stated: "We will have to work with the ISPs. And the government will have to work with the ISPs and whether it should be a voluntary regime vis-a-vis the ISPs, or whether it should be legislated."
As the New Asia Republic (which is proudly displaying an anti-SOPA banner) explained, Singapore is a party to the United States Free Trade Agreement (USFTA) and the yet-to-be-passed Anti-Counterfeiting Trade Agreement (ACTA), and therefore must commit to similar legislation should SOPA or PIPA become law in the United States.
On Shanmugam's own Facebook page, where the minister posted a link to the aforementioned Channel News Asia article, Singaporeans have left numerous comments protesting the potential move. One citizen wrote:
Adopting a law (similar to SOPA or PIPA) will not just be detrimental to the freedom of speech online, but will also have economic consequences to Singapore.
Both web/tech start-ups and multinational corporations such as Google, Microsoft and Amazon (who are already opponents to both PIPA/SOPA) who have set up operations in Singapore may move out because the legislation are biased towards one group of industry players in the content space.
We hope that you can reconsider and not enact a law that has profound consequences to the development of the ICT and digital media space.
Just as SOPA and PIPA would effectively blacklist websites in the United States and around the world, such would be the case with laws born in other states backed by the same special interests. EFF will be following the developments in Singapore closely as they attempt to forge anti-infringement legislation similarly formulated with little to no understanding of their impact on free speech or innovation online.
Join our action against Internet Blacklist Legislation.
If you are not a U.S. resident, follow this link and scroll down to sign the petition to the U.S. State Department.
Today, we watch in awe as the Internet rallies to fight dangerous blacklist legislation, the PROTECT-IP Act in the Senate and the Stop Online Piracy Act in the House. The originality, creativity, and magnitude of action we’re seeing represents exactly what these bills would harm most: the value of a vibrant and open Internet that fosters these activities.
As the day goes on, we will continue to update you on Twitter (@EFF) and in this space. In the meantime, here are some of today’s #SOPAblackout highlights. Thank these organizations for their participation and go here to make your voice heard!
Even the Motion Picture Association of America, a major supporter of the bills, was forced to acknowledge the impact of today's
protest, criticizing websites for going dark for a day when "people rely on them for information." If a day without these websites is "irresponsible," as the MPAA says, how much more irresponsible is giving the Justice Department, or the MPAA itself, the power to shut them down, or cut off their funding, without notice?
The MPAA's statement ended with a cry for help to "the White House and the Congress" to stop today's protests. But after today, when Internet users emerged as a political force, uniting across party lines against a real threat to the world's most democratic communications medium, our government may not be so quick to jump at MPAA's call.
Join EFF and websites across the world in protesting the dangerous censorship legislation currently pending in Congress.
On January 18th, EFF will join websites across the world in standing up against the proposed blacklist bills (SOPA in the House and the PROTECT IP Act in the Senate). EFF is calling on websites to be part of the protest by blacking out their logos, posting statements opposing the bills, and linking to our action center. Websites are also encouraged to follow the powerful examples of Reddit, Wikipedia and others by “blacking out” their entire site for a day. If you do choose to take down your website in protest, please be sure to post a message about why you oppose the blacklist bills and consider linking to the EFF action center so site visitors can take the next step and contact Congress.
On the 18th, EFF will censor our banner logo and black out the background of eff.org. We’ve also created a new activism platform at http://blacklist.eff.org. Sites are encouraged to direct traffic here so users can contact Congress to make their voices heard in opposition to this misguided censorship legislation.
The blacklist bills are dangerous: if made into law, they would hamper innovation, kill jobs, wreak havoc on Internet security, and undermine the free speech principles upon which our country was founded. But deep-pocketed lobbyists are trying to ram this legislation through as quickly as possible, hoping elected officials will turn a blind eye to the widespread opposition to these bills. We can’t let that happen.
January 18th is just the beginning. We’re also gearing up for a day of action on January 23rd when the Senate will be back in session and getting ready to vote on the Protect-IP Act, SOPA’s sister bill. We’re calling on digital activists and Internet users everywhere to call Senators on the 24th and voice their opposition to this censorship legislation. Despite the chorus of opposition from human rights advocates and the tech community, Senators are still trying to push through this dangerous censorship bill. We need all hands on deck to make sure that doesn’t happen.
If you love the interactive, speech-friendly, decentralized digital world of the Internet as much as we do, then please join us in fighting these dangerous bills.
For more than a year, Icelandic Member of Parliament and EFF client Birgitta Jonsdottir—along with security researchers Jacob Appelbaum and Rop Gonggrijp—has fought the efforts of the Department of Justice to force Twitter to give up information about their online activities. In December of 2010, the government obtained a court order requiring, among other things, Twitter to hand over their IP addresses at login (which can be used to trace their locations) along with a long list of other information. EFF, with the ACLU and a host of private attorneys, fought back, but the U.S. courts rebuffed our efforts.
The courts’ analysis is troubling on many grounds. One such ground is the fact that the courts determined Ms. Jonsdottir’s information could be seized despite the fact that Ms. Jonsdottir, whose actions on behalf of Wikileaks all seem to have occurred in Iceland, appears to have complete immunity against this investigation under Icelandic law as a member of the Icelandic Parliament.
While Ms. Jonsdottir’s specific situation is unique, many non-U.S. users of Twitter are rightfully unnerved. At least according to the magistrate and judge in Virginia, all of a users' communications records can be subject to review by the U.S. government without a warrant because the users chose to use an online "cloud" service that stores data about them in the U.S.
But even as the U.S. courts have refused to see the dangerous implications of their rulings, others have appropriately raised alarm. In a little noticed story last fall, the Inter-Parliamentary Union, which represents members of parliament from 157 countries, issued a stunning rebuke to the United States and the Department of Justice over its investigation into Ms. Jonsdottir. In a unanimous declaration, the IPU condemned the Justice Department’s conduct as a violation of Ms. Jonsdottir’s free speech and privacy rights, and even suggested the demands for her private information violated the Universal Declaration of Human Rights.
The IPU noted astutely that “the legal framework concerning the use of electronic media, including social media, does not appear to provide sufficient guarantees to ensure respect for freedom of expression, access to information and the right to privacy; the guarantees protecting freedom of expression and privacy in the 'offline world' seem not to operate in the ‘online world.’”
The IPU is, of course, right. The laws governing stored communications online were written before the World Wide Web even existed and are severely outdated. Congress' failure to update the laws only increases the harm to users as more of our activists move online.
The IPU also noted the special concerns of Parliamentarians by addressing the confluence of the democratic process, privacy protections, and freedom of expression: “For members of parliament, it is essential that any private communication they receive is accorded the same level of protection regardless of the technology, platform and business model used to create, communicate and store it. This does not appear to be the case today.”
The IPU continued on the topic of freedom of expression noting: “In all countries, freedom of expression is essential to democracy; citizens cannot exercise their right to vote or take part in public decision-making if they lack free access to information and ideas and are unable to express their views freely.” The IPU noted correctly that without these freedoms “members of parliament cannot represent the people who have elected them.”
The IPU’s declaration on behalf of Ms. Jonsdottir should serve as a warning to the United States. While the U.S. government advocates for greater Internet freedom abroad, it is vital the U.S. serves as an example for how other governments should approach free speech and privacy online, for both parliamentarians and ordinary people. Especially when confronted by the concerns of elected officials, to do otherwise not only tarnishes our image, but also betrays the foundations of our own representative democracy.
Over the weekend, the Obama administration issued a potentially game-changing statement on the blacklist bills, saying it would oppose PIPA and SOPA as written, and drew an important line in the sand by emphasizing that it “will not support” any bill “that reduces freedom of expression, increases cybersecurity risk, or undermines the dynamic, innovative global Internet."
Yet, the fight is still far from over. Even though the New York Times reported that the White House statement "all but kill[s] current versions of the legislation," the Senate is still poised to bring PIPA to the floor next week, and we can expect SOPA proponents in the House to try to revive the legislation—unless they get the message that these initiatives must stop, now. So let’s take a look at the dangerous provisions in the blacklist bills that would violate the White House’s own principles by damaging free speech, Internet security, and online innovation:
The Anti-Circumvention Provision
In addition to going after websites allegedly directly involved in copyright infringement, a proposal in SOPA will allow the government to target sites that simply provide information that could help users get around the bills’ censorship mechanisms. Such a provision would not only amount to an unconstitutional prior restraint against protected speech, but would severely damage online innovation. And contrary to claims by SOPA’s supporters, this provision—at least what’s been proposed so far—applies to all websites, even those in the U.S.
As First Amendment expert Marvin Ammori points out, “The language is pretty vague, but it appears all these companies must monitor their sites for anti-circumvention so they are not subject to court actions ‘enjoining’ them from continuing to provide ‘such product or service.’” That means social media sites like Facebook or YouTube—basically any site with user generated content—would have to police their own sites, forcing huge liability costs onto countless Internet companies. This is exactly why venture capitalists have said en masse they won’t invest in online startups if PIPA and SOPA pass. Websites would be forced to block anything from a user post about browser add-ons like DeSopa, to a simple list of IP addresses of already-blocked sites.
Perhaps worse, EFF has detailed how this provision would also decimate the open source software community. Anyone who writes or distributes Virtual Private Network, proxy, privacy or anonymization software would be negatively affected. This includes organizations that are funded by the State Department to create circumvention software to help democratic activists get around authoritarian regimes’ online censorship mechanisms. Ironically, SOPA would not only institute the same practices as these regimes, but would essentially outlaw the tools used by activists to circumvent censorship in countries like Iran and China as well.
The “Vigilante” Provision
Another dangerous provision in PIPA and SOPA that hasn’t received a lot of attention is the “vigilante” provision, which would grant broad immunity to all service providers if they overblock innocent users or block sites voluntarily with no judicial oversight at all. The standard for immunity is incredibly low and the potential for abuse is off the charts. Intermediaries only need to act “in good faith” and base their decision “on credible evidence” to receive immunity.
As we noted months ago, this provision would allow the MPAA and RIAA to create literal blacklists of sites they want censored. Intermediaries will find themselves under pressure to act to avoid court orders, creating a vehicle for corporations to censor sites—even those in the U.S.—without any legal oversight. And as Public Knowledge has pointed out, not only can this provision be used for bogus copyright claims that are protected by fair use, but large corporations can take advantage of it to stamp out emerging competitors and skirt anti-trust laws:
For instance, an Internet service provider could block DNS requests for a website offering online video that competed with its cable television offerings, based upon “credible evidence” that the site was, in its own estimation, promoting its use for infringement....While the amendment requires that the action be taken in good faith, the blocked site now bears the burden of proving either its innocence or the bad faith of its accuser in order to be unblocked.
Corporate Right of Action
PIPA and SOPA also still allow copyright holders to get an unopposed court order to cut off foreign websites from payment processors and advertisers. As we have continually highlighted, copyright holders already can remove infringing material from the web under the DMCA notice-and-takedown procedure. Unfortunately, we’ve seen that power abused time and again. Yet the proponents of PIPA and SOPA want to give rightsholders even more power, allowing them to essentially shut down full sites instead of removing the specific infringing content.
While this provision only affects foreign sites, it still affects Americans' free speech rights. As Marvin Ammori explained, "The seminal case of Lamont v. Postmaster makes it clear that Americans have the First Amendment right to read and listen to foreign speech, even if the foreigners lack a First Amendment speech right." If history is any guide—and we’re afraid it is—we will see specious claims to wholesale take downs of legitimate and protected speech.
Expanded Attorney General Powers
PIPA and SOPA would also give the Attorney General new authority to block domain name services, a provision that has been universally criticized by both Internet security experts and First Amendment scholars. Even the blacklist bills’ authors are now publicly second-guessing that scary provision. But even without it, this section would still force many intermediaries to become the Internet police by putting the responsibility of censorship enforcement on those intermediaries, who are usually innocent third parties.
The Attorney General would also be empowered to de-list websites from search engines, which, as Google Chairman Eric Schmidt noted, would still "criminalize linking and the fundamental structure of the Internet itself." The same applies to payment processors and advertisers.
These are just some of the egregious provisions in PIPA and SOPA that would drastically change the way we use the Internet (for the worse), and punish millions of innocent users who have never even thought about copyright infringement. As Reddit co-founder Alexis Ohanian explained, PIPA and SOPA are “the equivalent of being angry and trying to take action against Ford just because a Mustang was used in a bank robbery.” These bills must be stopped if we want to protect free speech and innovation on the web.
Looks like proponents of the Internet Blacklist Bills are finally beginning to realize that they won't be able to ram through massive, job-killing legislation without a fight. First, Sen. Patrick Leahy, sponsor of the PROTECT-IP Act (PIPA), announced on Thursday that he would recommend that the Senate further study the dangerous DNS blocking provisions in that bill before implementation. Then, a group of six influential senators wrote to Sen. Harry Reid, the Senate Majority Leader, urging that the Senate slow down and postpone the upcoming vote on PIPA. Sen. Ben Cardin, a co-sponsor of PIPA, also took a measured stance against the bill, saying he "would not vote for final passage of PIPA, as currently written." Cardin cited consituent activism as the primary reason for the about-face.
On the House side, Rep. Lamar Smith, sponsor of PIPA's dangerous counterpart, the Stop Online Piracy Act (SOPA), announced today that he would completely remove the DNS blocking provision from the House bill.
It's heartening to see Congress take steps in the right direction, and it wouldn't have happened without the work and commitment of the many internet communities who have rallied to fight these dangerous bills. We should be proud of the progress we've made.
But let's be clear – we still have a long fight ahead and we face formidable foes. Both bills still contain fundamental flaws that threaten freedom of speech and the future of the Internet. We’ve written before, for example, about the threats to the human rights community, to students, to software development, and to the economy. These threats remain. What is worse (and we can't say this enough), is that this legislation, if made law, will do little to stop online infringement. These bills cannot be fixed – they must be killed. So let's keep the pressure on!
Security Experts and Tech Investors Scheduled to Testify; Worldwide Internet Protest Gathering
There’s some good news in the efforts to stop the Internet blacklist bills (SOPA/PIPA): Representative Darrell Issa, an outspoken SOPA critic and the author of alternative legislation called the OPEN Act, has announced that the Oversight and Government Reform Committee will hold a hearing on January 18 to hear from actual technical experts, technology job creators, Internet investors and legal scholars.
EFF’s activists will be providing live coverage of the event through our EFFLive Twitter account. A number of online activists are strategizing plans for a “SOPABlackout” — “censoring” websites and logos to draw attention to the hearing and showcase the widespread opposition to the censorship bills. We’re glad to see lots of sites participating and we’re urging folks to use social networks on January 18 to help spread the word.
The Oversight Committee hearing will address the topic of Domain Name Service (DNS) and search engine blocks generally, and explore ways for the government to avoid legislation that would hamper economic growth. Of course, as active and controversial legislation, SOPA and its evil twin in the Senate, the PROTECT IP Act (PIPA) are certain to be discussed at length.
Here’s a look at the witnesses scheduled to speak:
Alexis Ohanian is a founder of Reddit, the social news platform that has been the site of numerous anti-SOPA discussions. He’s spoken out against the bill personally, saying: “This legislation affects my entire industry and livelihood. We never would’ve been able to start Reddit if SOPA were the law, and I worry about all of the future innovation we’d miss out on if it were to pass.”
Stewart Baker, the former Homeland Security Assistant Secretary and former General Counsel for the NSA, is certainly an expert on the issue of cyber-security and the law. He’s also been a vocal critic SOPA, explaining the security problems with the original bill and the manager’s amendment in an extremely cogent blog post titled SOPA-rope-a-dopa.
Brad Burnham is a founder of the prestigious Union Square Venture investment firm. Union Square has been behind some very high-profile tech companies, like Twitter and Foursquare, in the seven years since its founding, supporting job creation and innovation in the tech sector. Burnham is rightly concerned that leglislation like SOPA could undermine his investments and the Internet itself. In a personal blog post, he lays out the problem:
The current legislation in Congress does not just create an administrative burden, it requires service providers who have built wonderful businesses on a deep conviction about human nature to change their relationship with their users in a way that subverts their core values.
Daniel Kaminsky is the well-known security expert known for discovering a major vulnerability in the DNS system — the sort that the DNSSEC initiative is designed to address. He is one of 21 “Trusted Community Representatives” involved in the DNSSEC implementation process. He is a signer of the “Open Letter From Internet Engineers” first published by EFF and read into the Congressional record by Representative Issa.
Lanham Napier is the CEO of Rackspace, a major IT company based in Chairman Smith’s home state of Texas. Rackspace serves 160,000 business customers, including 40% of Fortune 100 companies, and thus has a serious stake in the health of the Internet. In a post on the Rackspace blog, Napier describes SOPA as “a deeply flawed piece of legislation … bad for anyone who uses the Internet … bad for job creation and innovation.”
Dr. Leonard Napolitano is the Director of the Center for Computer Sciences & Information Technology at Sandia National Laboratories, a government-owned institution devoted to national security. Napolitano sent a letter to Representative Zoe Lofgren, another Congressional opponent of the bill, in response to her request that Sandia conduct a technical assessment of the legislation. The letter reports Sandia’s conclusion that SOPA and PIPA would “negatively impact U.S. and global cybersecurity and Internet functionality”
These witnesses, indisputably experts in their fields, are exactly the kind of people Congress should consult before crafting laws that would fundamentally affect the Internet.
Chairman Issa is doing important work bringing these issues to the attention of the Oversight Committee, but the legislators need to hear your voice too.