UPDATE (3/13/12): After public pressure, PayPal has revised their policy for censoring publishers of erotic ebooks. We are pleased with the new, speech-friendly policy. See our press release, PayPal's statement, and a statement from the National Coalition Against Censorship.
EFF and a coalition of civil liberties organizations and publishers is calling on PayPal to reverse a policy that shuts off payment services to publishers of certain forms of erotic literature. Under the policy, PayPal has threatened to shut down the accounts of online publisher Smashwords and others, unless they eliminate erotica featuring incest, rape, and bestiality. As scholars and booksellers can attest, these are themes prevalent in many forms of literature, from Grecian myths to the Bible. EFF joined ACLU of California, American Booksellers Foundation for Free Expression, Authors Guild, National Coalition Against Censorship, and others in sending a joint letter to PayPal condemning this policy as contrary to free speech.
Unfortunately, this is not the first time we’ve seen a payment services provider interfering with access to lawful speech. As we saw when Mastercard, Visa, and PayPal created a financial blockade against the whistleblower website WikiLeaks, financial service providers are an important part of the chain of intermediaries upon which online communication depends. When even one of those intermediaries caves to pressure or takes on a censorial role, our rights to read and speak freely are jeopardized. We need to send a signal to all back-end service providers that they have no business interfering with the distribution of lawful content.
As the National Coalition Against Censorship and the American Booksellers Foundation for Free Expression explained in a recent public letter:
The policy positions PayPal as contemporary exponent of its own Index Librorum Prohibitorum. The Catholic Church’s Index of Prohibited Books, like the Hays code in the film industry, has long since lost favor with the American public, and there is no reason to think that they would welcome PayPal in a similar role. The commitment to free speech is firmly embedded in our society, legally and culturally.
And as the ACLU of Northern California explained in their statement against this form of censorship, "Free speech isn't so free when booksellers have to choose between hosting legitimate content and earning a living."
If you are an individual, you can use the EFF action center to sign on to our letter to PayPal. And if you are an organization that would like to join our campaign against this form of censorship, please email email@example.com.
Text of Coalition Letter
PayPal, which plays a dominant role in processing online sales, has taken full advantage of the vast and open nature of the Internet for commercial purposes, but is now holding free speech hostage by clamping down on sales of certain types of erotica. As organizations and individuals concerned with intellectual and artistic freedom and a free Internet, we strongly object to PayPal functioning as an enforcer of public morality and inhibiting the right to buy and sell constitutionally protected material.
Recently, PayPal gave online publishers and booksellers, including Book Strand, Smashwords, and eXcessica, an ultimatum: it would close their accounts and refuse to process all payments unless they removed erotic books containing descriptions of rape, incest, and bestiality. The result would severely restrict the public's access to a wide range of legal material, could drive some companies out of business and deprive some authors of their livelihood.
Financial services providers should be neutral when it comes to lawful online speech. PayPal’s policy underscores how vulnerable such speech can be and how important it is to stand up and protect it.
The topics PayPal would ban have been depicted in world literature since Sophocles’ Oedipus and Ovid’s Metamorphoses. And while the books currently affected may not appear to be in the same league, many works ultimately recognized for their literary, historical, and artistic worth were reviled when first published. Books like Ulysses and Lady Chatterley’s Lover were banned as “obscene” in the United States because of their sexual content. The works of Marquis de Sade, which include descriptions of incest, torture, and rape, were considered scandalous when written, although his importance in the history of literature and political and social philosophy is now widely acknowledged.
The Internet has become an international public commons, like an enormous town square, where ideas can be freely aired, exchanged, and criticized. That will change if private companies, which are under no legal obligation to respect free speech rights, are able to use their economic clout to dictate what people should read, write, and think.
PayPal, and the myriad other payment processors that support essential links in the free speech chain between authors and audiences, should not operate as morality police.
ACLU of California
American Booksellers Foundation for Free Expression
American Society of Journalists and Authors
Association of American Publishers
Association of American University Presses
Bill of Rights Defense Committee
Bytes for All, Pakistan
Comic Book Legal Defense Fund
Coming Together, charity publisher
Electronic Frontier Foundation
Feminists for Free Expression
Fight for the Future
Great Lakes Independent Booksellers Association
Independent Book Publishers Assn.
Index on Censorship
National Coalition Against Censorship
New Atlantic Independent Booksellers Association
New England Independent Booksellers Association
Northern California Independent Booksellers Association
Pacific Northwest Booksellers Association
PEN American Center
Reporters Without Borders
Southern California Independent Booksellers Association
Southern Independent Booksellers Alliance
Tunisian Association for Digital Freedom
Unlimited Publishing LLC
Woodhull Sexual Freedom Alliance
In the last two months, two different federal courts have ruled on whether the Fifth Amendment's right against self-incrimination applies to the act of decrypting the contents of a computer. We wrote amicus briefs (PDF) in each case arguing the Fifth Amendment did prevent forced decryption when that act would incriminate a witness. And while our arguments were similar in both courts, the results were different.1 A district court judge in Colorado ruled (PDF) that Ramona Fricosu could be forced to decrypt information on a computer seized by law enforcement in connection with a mortgage fraud case.2 But the 11th Circuit Court of Appeals in Atlanta ruled (PDF) that the 5th Amendment prevented the government from forcing a suspect in a child pornography investigation to decrypt the contents of several computers and drives seized by law enforcement.3 So how can these two cases be reconciled? To understand, it's important to take a close look at not only the facts of each case, but also the law regarding the Fifth Amendment.
Decryption May Be "Testimonial" Under the Fifth Amendment
The Fifth Amendment protects a person from being "compelled in any criminal case to be a witness against himself." To be protected by the Fifth Amendment, a person needs to show three things: (1) compulsion; (2) incrimination; and (3) a testimonial communication or act.4 Both cases had compulsion: the government sought judicial authorization to force Fricosu (through an order under the All Writs Act) and Doe (first through a grand jury subpoena, and later contempt of court when he refused to comply with the subpoena), to decrypt the contents of computers seized by the government pursuant to a search warrant. And both cases had incrimination: Fricosu and Doe were suspected of criminal activity and the government had open and active investigations (and in Fricosu's case, she was already under indictment) against them.
That brings us to whether the act of decryption is "testimonial." When thinking of "testimony," it's common to envision a person taking the witness stand and answering questions before a jury. But "testimony" is more broadly understood to refer to communication, and specifically doing something that explicitly or implicitly conveys a statement of fact.5 The issue in the decryption cases is not whether the decrypted contents of the computer (the files) are "testimonial" under the Fifth Amendment. The simple answer to that question is that they aren't, because despite whatever incriminating character the files may have, the creation of the documents were not "compelled" by the government.6 Instead, the issue in these cases is whether the act of decrypting the computer or producing a decrypted version of information on the computer is "testimonial" under the Fifth Amendment. And the answer to that question, as with many legal questions, is "it depends."
Different Facts = Different Results
An important piece of legal background first. There are two ways in which the act of producing something is not "testimonial." The first is when the government is demanding that a person perform a physical act that does not make use of the contents of their mind.7 The classic example is the government forcing someone to turn over a key to a lock. In contrast, it would be "testimonial" for the government to force someone to turn over a combination to a lock because then the person would be revealing something in their mind, and in turn, conveying a statement of fact the government didn't know otherwise.
Turning to decryption, the 11th Circuit believed that the act of decryption communicated a statement of fact, and was therefore "testimonial" under the Fifth Amendment. The 11th Circuit explained:
the decryption and production of the hard drives would require the use of the contents of Doe's mind and could not be fairly characterized as a physical act that would be nontestimonial in nature. We conclude that the decryption and production would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files.8
In Fricosu's case, the judge did not explicitly find that the act of decryption was testimonial, but it did preclude the government "from using Ms. Fricosu's act of production of the unencrypted contents of the computer's hard drive against her in any prosecution."9 At a minimum, this is an implicit acknowledgment that Fricosu's act of decrypting was "testimonial."
But there is a second way in which producing something is not testimonial, and it is here where the two courts reached different results. An act of production is not "testimonial" if the government can show with "reasonable particularity" that when it tried to obtain the requested material, it already knew what the material was and where it was on the computer. In other words, since turning over the data would not reveal anything to the government that it didn't already know, no Fifth Amendment right comes into play because the testimony at issue is simply a "foregone conclusion."10
The 11th Circuit found that the government had failed to make this showing. And that was because during a hearing to determine whether Doe should be found in contempt of court, the government's forensic examiner admitted that because the seized computers had TrueCrypt on them, he had no idea whether there was actually any data on the encrypted drives. Noting that the government failed to show which of the millions of files on a computer it believed were helpful to its investigation, the 11th Circuit rejected the government's suggestion
that simply because the devices were encrypted necessarily means that Doe was trying to hide something. Just as a vault is capable of storing mountains of incriminating documents, that alone does not mean that it contains incriminating documents, or anything at all.11
The judge reached the opposite conclusion in Fricosu, primarily because the witness had admitted on a recorded phone call with her imprisoned ex-husband (and co-defendant) that there was a laptop that investigators would need her help in opening. Plus, the laptop at issue was found in her bedroom and its identity contained her name. The court relied heavily on an earlier case, In re Boucher(PDF), that found the "foregone conclusion" defeated the Fifth Amendment privilege. There, before the defendant was arrested, law enforcement not only saw child pornography on his computer, but the defendant also showed agents a folder on the computer that contained child pornography. Once the defendant was arrested, decryption was a "foregone conclusion" since the agents had already seen the incriminating files on a computer that the defendant had conceded owning and possessing. The judge in Fricosu's case thought her case was similar to Boucher, finding that since it was a "foregone conclusion" that the computer belonged to Fricosu, the Fifth Amendment wasn't implicated by forcing her to decrypt it.
Obviously, we disagreed with the district court's conclusion (and we're not the only ones). The district court's conclusion that the foregone conclusion was satisfied because the government "knows of the existence and location of the computer's files" even though "it does not know the specific content of any specific documents" is tenuous at best.12 And it doesn't square with the 11th Circuit's belief that while the law "does not demand that the Government identify exactly the documents it seeks...it does require some specificity in its requests—categorical requests for documents the Government anticipates are likely to exist simply will not suffice."13
In any event, it was the difference in facts that led to the different results.
The More Important Victory
The 11th Circuit also provided a final, and important, note in its opinion when it ruled that the Fifth Amendment's protection applied not only to the act of decrypting the computers themselves (which the government had essentially conceded in both cases by offering partial immunity to Fricosu and Doe), but also to the government's use of the decrypted contents at a later point in time.
Generally, when "testimony" is protected under the Fifth Amendment, the government can nonetheless compel it as long as it provides the witness with immunity coextensive with the claimed privilege. The government offered Doe "use immunity" that amounted to a promise by the government not to use the fact Doe decrypted the computer against him. But the government did not offer him "derivative use" immunity, which would have prohibited the government from using whatever it found on the decrypted computer (likely files) against him later. The 11th Circuit ruled that the government's offer of immunity was insufficient and that it had to offer both use and derivative use immunity to match the scope of Doe's Fifth Amendment privilege.
But wait. Didn't we just say above that the decrypted contents of a computer weren't "testimonial" under the Fifth Amendment? And if the content wasn't testimonial, why would the scope of immunity need to cover that? The answer is that whether or not content is "testimonial" is irrelevant because the Supreme Court has ruled that the government cannot rely on a "manna from heaven" theory to explain how it magically obtained evidence.14 Even if the government never explained to a jury where it obtained the specific computer files, the fact remains that a protected testimonial act (the production of the unencrypted contents of the computer or the act of decrypting the computer) was necessary to produce the evidence. The only way to truly receive the benefits of the Fifth Amendment is to prevent the government from using any aspect of the testimony -- or anything the government learns as a result -- against the witness.
What This Means for You
If you find yourself in a situation where the government is forcing you to decrypt a computer or provide an encryption key, be sure to let us know. And remember that silence is golden. Boucher talked to law enforcement. Fricosu talked to her ex-husband and co-defendant in jail. It was this talking that defeated their Fifth Amendment privilege through the foregone conclusion doctrine. The less you say, the better.
And for those of you who have yet to encrypt your electronic devices, EFF has issued a call to action urging users to encrypt their data in 2012. Please join us! Many people feel a strong sense of privacy when it comes to the contents of their computers. As these two cases highlight, encrypting your devices can be useful in ensuring no one accesses your personal data without your cooperation, whether they be fraudsters, employers, or the government.
1. The brief we filed before the 11th Circuit Court of Appeals was filed, and remains, under seal. Once unsealed, we'll be sure to post it on our site.
Last fall, we filed a brief asking the Federal Circuit to rehear Ultramerical v. Hulu, a case that found an abstract idea patentable when the invention took place on the Internet. The Federal Circuit declined, so now we've raised the stakes. In a brief filed today, EFF, along with CCIA and Red Hat, asked the Supreme Court to take a look and reverse this dangerous case that only further confuses the standard for what is too abstract to be patented (which is already somewhat of a mess).
The patent in Ultramercial claims a process for doing basically no more than viewing ads online before accessing copyrighted content. The Federal Circuit admitted that "the mere idea that advertising can be used as a form of currency is abstract," yet found that when that idea would "likely" require "intricate and complex computer programming," it was no longer abstract.
In other words, the Federal Circuit seemed to say that if you take an idea that is abstract, and put it on the Internet, it somehow becomes not abstract. (To add to the confusion, the Federal Circuit has recently held that tying an abstract invention to a computer will not save the invention from being impermissibly abstract.) This outcome is incredibly troubling, not least of all because everyday we conduct more and more of our lives online. Merely filing a patent application covering an idea that takes place on the Internet (especially without explaining any of the programming steps) does not somehow make an abstract idea (which is unpatentable) somehow not abtract (so it is patentable).
We hope the Supreme Court will agree to review and reverse this dangerous ruling. And we will continue our fight against dangerous patents that harm innovation. (Speaking of which, have you sent us your prior art to help bust the Jones Patent yet?)
Attorney General Eric Holder gave a much publicized speech at Northwestern law school on Monday, in which he attempted to explain the Obama administration’s constitutional authority for killing U.S. citizens abroad without judicial oversight. Holder in part claimed that there is a difference between “due process” and “judicial process”, the latter of which—according to him—is not guaranteed under the Constitution. The speech was predictably and widely criticized in legal circles on Fifth Amendment grounds (see here, here, here, here, and here), but an overlooked section of his speech should also give constitutional experts pause: Holder’s stance on the FISA Amendments Act (FAA) and warrantless wiretapping.
Holder spent a portion of his speech arguing that legal tools used to fight terrorism (excluding the killing of al-Awlaki and other American citizens overseas) are rightly subject to “check and balances” and “a comprehensive regime of oversight by all three branches of government.” He curiously used section 2702 of the FAA as his prime example, a law he says “protect[s] the privacy and civil rights of innocent individuals.”
As EFF readers will remember, the FAA is the statute Congress passed giving immunity to telecom companies despite their participation in the NSA’s massive warrantless wiretapping program, which the New York Times first exposed in 2005. EFF and a host of other civil liberties groups have been involved in litigation challenging the constitutionality of warrantless wiretapping for years.
Former member of the Obama administration’s Office of Legal Counsel Marty Lederman explains section 702 of the FAA “permits the NSA to intercept phone calls and e-mails between the U.S. and a foreign location, without making any showing to a court and without judicial oversight, whether or not the communication has anything to do with al Qaeda—indeed, even if there is no evidence that the communication has anything to do with terrorism, or any threat to national security.” All told, the “collection systems at the National Security Agency intercept and store 1.7 billion e-mails, phone calls and other types of communications” every day, according to the Washington Post.
But according to Holder, since secret FISA courts approve executive branch requests to collect “identified categories of foreign intelligence targets, without the need for a court order for each individual subject,” the law is “subject to appropriate checks and balances.” Given it targets large swaths of email—much of which undoubtedly involves Americans with little recourse to challenge the surveillance—due process is lacking from the entire procedure. And after the collection, the government has fought any judicial overview at all.
Holder and the Justice Department have been fighting any civilian court checks and balances in the warrantless wiretapping process for years—trying to keep that law from ever being challenged in front of a federal judge. In three major cases making their way through the federal court system (two involving EFF), Obama’s Justice Department has followed the Bush administration’s lead and asserted the once-rarely used “state secrets” privilege in an attempt to have the lawsuits dismissed with no hearing of the evidence.
In Jewel v. NSA, EFF is suing the NSA and other government agencies on behalf of AT&T customers to stop the illegal, unconstitutional and ongoing dragnet surveillance of their communications and communications records. Evidence in the case includes undisputed documents provided by former AT&T telecommunications technician Mark Klein. This evidences shows AT&T has routed copies of Internet traffic to a secret room in San Francisco controlled by the NSA. That same evidence is central to Hepting v. AT&T, a class-action lawsuit filed by EFF in 2006 to stop the telecom giant’s participation in the illegal surveillance program.
In Al-Haramain v. Bush, an Oregon chapter of an Islamic charity, sued the Bush administration for illegal surveillance of its organization and attorneys after a secret document was inadvertently disclosed to the plaintiffs by the government. The document demonstrated, according to the plaintiffs, that they were subjected to unlawful electronic surveillance outside the scope of FISA.
And in Amnesty v. Clapper, a host of labor, media, and human rights organizations are suing the NSA for fear their communications are being monitored when they talk to people overseas. The plaintiffs’ “work depends on their ability to communicate confidentially with clients, witnesses, sources, and victims of human rights abuses,” according to ACLU’s deputy legal director Jameel Jaffer.
In all of these cases, the Justice Department has argued the “state secrets” privilege bars the cases from proceeding on the merits despite ample publicly-available evidence. In fact, the government has argued even if all the allegations of warrantless wiretapping are true, that the plaintiffs cannot challenge the constitutionality of FISA because exposing the program in court would compromise national security. The Justice Department has been attempting to use the “state secrets” privilege to essentially wall off the judicial branch from ruling warrantless wiretapping unconstitutional.
While he claims the FAA upholds the American ideal of “check and balances,” Holder is hiding behind government secrecy and treating warrantless wiretapping much the same way he has treated the al-Alwaki killing. He famously refused to declassify the legal memo justifying the drone strike, opposed giving standing to al-Awlaki's father to challenge his “hit list designation” in court, and the opposed a suit by the ACLU to reveal evidence against the three American citizens killed by drones strikes in Yemen. With warrantless wiretapping, checks and balances have gone out the window, and the Justice Department has essentially refused to allow program to be overseen through a “judicial process.”
Holder also mentioned yesterday, “Reauthorizing [FISA Amendment Act] authority before it expires at the end of this year is the top legislative priority of the Intelligence Community.” It will be EFF’s top priority to oppose it.
For years, Denmark has continued to block websites hosting sexually abusive images of children. In a recent attempt to do so, Danish police accidentally censored thousands of websites for several hours, including Google and Facebook. Visitors to the blocked sites were met with a page stating that the sites had been made inaccessible by the country's High Tech Crime Unit.
Observers have questioned how a list of 8,000 sites were accidentally blacklisted without oversight. Denmark's IT-Political Association has issued a statement (in Danish) calling for ISPs to cease cooperation with the voluntary scheme, typically used to block child sexual abuse content. According to a report from TorrentFreak, the group stated: “Today’s story shows that the police are not able to secure against manual errors that could escalate into something that actually works as a ‘kill switch’ for the Internet.”
Tajikistan Goes After Facebook
Never a heavy censor of online content, Tajikistan has reportedly blocked Facebook along with two local news sites. They blocked the sites for hosting articles critical of President Imomali Rakhmon, who has been in power since 1992. One of the three blocked sites, Russian news website zvezda.ru, published a piece entitled "Tajikistan on the eve of revolution." According to local ISPs, the shutdown was ordered by the state communications service. Users who attempted to access the sites were subsequently re-directed to their ISP's home page.
In the past year, Tajik journalists have faced retaliatory attacks and debilitating lawsuits, according to the Committee to Protect Journalists. Along with reports of a crackdown on religious groups and the latest news of web censorship, these suggest that the Tajik government is feeling threatened in the lead-up to the 2013 elections (which, if Rakhmon wins, would secure him seven more years as president).
Despite a history of press censorship in Tajikistan, Article 30 of the country's constitution provides that "state censorship and prosecution for criticism are forbidden." As such, EFF calls upon the Tajik government to protect the dual rights to free expression and information.
Uznews Suffers DDoS Attack
In neighboring Uzbekistan where censorship runs rampant, a news site—Uznews.net—has reported suffering a distributed denial of service (DDoS) attack, forcing the site temporarily offline, Uznews later reported.
Such attacks are used in a number of contexts, from the attacks targeting Visa and Mastercard in the wake of their payment blocks to WikiLeaks, to attacks like this one, that target small independent news sites. In respect to the latter, EFF is currently working on a project that will help at-risk website owners with few resources to navigate the selection of a host, and to give them step-by-step instructions on warding off or mitigating the effects of DDoS attacks. Keep your eyes on this space for more information.
This weekend kicks off one of EFF's favorite events: South by Southwest (SXSW). This year, in addition to a number of exciting panels, the EFF team will also be having a party! We’re all really excited to see you there, and hope that you’ll stop by our Trade Show booth (#723) to learn more about our work and pick up some swag.
In addition to the panels featuring members of the EFF team outlined below, we've also dug through the schedule to find a few gems that EFF fans will love. Read on for more details…
EFFers take Austin!
EFF Intellectual Property Director Corynne McSherry will be joining a panel entitled “Fighting for Your Users Without Becoming a Target.” The four-person panel—targeted at online service providers (OSPs)—will tackle the question of how OSPs can earn users’ loyalty and fight for their rights while avoiding legal pitfalls. Saturday, March 10, 3:30-4:30pm, Omni Downtown (Capital Ballroom).
Legal director Cindy Cohn will be debating Colette Vogle on a topic that’s been on our minds a lot this past year: whether or not social sites like Facebook and Google+ should allow anonymous users. Saturday, March 10, 11:00am-12:00pm, Omni Downtown (Longhorn).
Cindy will also be moderating a panel on the emerging phenomenon of online review sites for medical professionals. Her panel will explore the legal rules that affect this new space, the ethical obligations of healthcare providers, and the innovative practices being developed in response. Sunday, March 11, 3:30-4:30pm, AT&T Conference Hotel (Classroom 204).
EFF Activist Eva Galperin, along with Twitter’s John Adams, will be discussing the hot topic of security and privacy on social networks. The discussion—also geared toward technology companies—will tackle best practices for protecting both one’s company and users. Sunday, March 11, 5:00-6:00pm, Omni Downtown (Lone Star).
Building on our ample work in this space, two EFF staffers will join a panel entitled “When Copyright Trolls Attack!” Activist Parker Higgins and IP Attorney Mitch Stoltz will bring EFF’s expertise on the subject to the discussion of this growing phenomenon. Saturday, March 10, 9:30-10:30am, Sheraton Austin (Capitol EFGH).
EFF's Director for International Freedom of Expression will speak on a panel targeted at OSPs entitled “How to Run a Social Site and Not Get Users Killed.” Including, among others, EFF alum and current Internet Advocacy Coordinator at the Committee to Protect Journalists Danny O’Brien, the panel will cover a range of issues related to user safety on social networks. Sunday, March 11, 12:30-1:30pm, AT&T Conference Hotel (Salon D).
Julie Samuels, an EFF Staff Attorney, will be discussing software patents. Julie’s work on patent trolls has been widely cited over the past year and will round out the panel as she discusses an emerging trend of suing startups over patents. Tuesday, March 13, 11:00am-12:00pm, Hilton Austin Downtown (Salon C). In addition, Julie has joined a panel entitled "Getting Off the SOPA Box," discussing, amongst other things, why the activism around SOPA and PIPA was so successful.
Bonus: Julie will also be sticking around for SXSW Music this year to talk about strategies for using free content to promote and maximize the benefits of alternative revenue streams on a panel entitled “Set Your Content Free (It's Harder Than You Think)”.
In addition to our own panels, we’ve curated a small (and by no means comprehensive) list of panels featuring EFF allies and friends, or simply EFF-relevant subjects. On a panel you think we should know about? Drop us a line—we’d love to attend!
Several EFF friends come together on a panel entitled “Principles and Practices for Privacy by Design,” targeting companies with a talk on how to incorporate Privacy by Design into one’s product. Monday, March 12, 11:00am-12:00pm, Austin Convention Center (Ballroom BC).
Our friends at WITNESS and The Guardian Project will be hosting a discussion on the ethics of mobile face tagging, sharing their ideas and tools. Monday, March 12, 11:00am-12:00pm, Hilton Austin Downtown (Salon J).
Join us in attending a lively discussion—sponsored by CNet—entitled “Big Data: Privacy Threat or Business Model?” that will tackle the pros and cons of data-based innovation. Sunday, March 11, 5:00-6:00pm, Omni Downtown (Longhorn).
Our friends at the ACLU have put together two panels related to privacy. Chris Conley will lead a discussion on mobile privacy geared at developers (Tuesday, March 13, 12:30-1:30pm, Austin Convention Center Ballroom A), while Nicole Ozer will join a four-person panel discussing how to make privacy decisions that are good for the company’s bottom line (Saturday, March 10, 9:30-10:30am, Hilton Austin Downtown, Salon FG).
Bonus: Nicole will also be doing a book signing for her new book, Privacy & Free Speech: It’s Good for Business.Saturday, March 10, 11:00-11:15am, Austin Convention Center (Ballroom G Foyer).
Complementary to Jillian York’s panel is one entitled “How Not to Die: Using Tech in a Dictatorship,” in which several friends of EFF will present concrete examples from several countries to educate activists and changemakers on how to protect their rights and safety while using new technologies. Monday, March 12, 9:30-10:30am, Austin Convention Center (Room 9ABC).
Taking apart one trope that has framed discussion of the so-called Arab Spring, one panel featuring EFF friends will discuss “Internet Power: After Cyber-Optimism and Pessimism,” tackling the disruptive power of the Internet worldwide. Sunday, March 11, 11:00am-12:00pm, AT&T Conference Hotel (Salon E).
A number of EFF friends will share a panel on the “tech tools to topple a tyrant” to discuss how revolutionaries utilize social media and what tools would-be activists should include in her toolkit. Monday, March 12, 12:30pm-1:30pm, Austin Convention Center (Room 9ABC).
US Department of State Senior Advisor for Innovation Alec Ross—who has worked directly on the department’s Net Freedom initiative—will give a solo talk on “How 21st Century Tools Are Disrupting Global Power,” “from the perspective of the apex of traditional power structure.” Friday, March 9, 2:00-3:00pm, Hilton Austin Downtown (Salon J).
EFF friends from FreePress and Access will join a panel entitled “Your iPhone is Political: Mobile Democracy,” to deliberate on how we use mobile devices, how carriers and the public are fighting for control over them, and how good policies can protect consumers from wireless carrier abuse. Monday, March 12, 9:30-10:30am, Hilton Austin Downtown (Salon J).
Copyright and Fair Use
A group of EFF allies will hold a session on SOPA and PIPA entitled “Why the Open Internet Needs Us.” As the description notes, SOPA and PIPA might be dead for now, but “we’re just at the beginning of a much longer battle.” This panel will broach the question of why we should care. Saturday, March 10, 11:00am-12:00pm, AT&T Conference Hotel (Salon C).
Friend of EFF Kirby Ferguson, the filmmaker behind the popular "Everything is a Remix" video series, is teaming up with writer and artist Austin Kleon to talk about remix culture and being a creator in the digital age. Saturday, March 10, 12:30-1:30pm, Austin Convention Center (Room 18ABCD).
Another, interactive, workshop—“class participation will be encouraged and rewarded”—dubbed “WTFair Use?!” will educate participants on what they need to know about fair use and licensing. Monday, March 12, 3:30-4:30pm, Austin Convention Center (Room 13AB).
Bonus: There will be a SOPA/PIPA/ACTA meetup/open discussion hosted by the Future of Music Coalition. Monday, March 12, 11:00am-12:00pm, Hyatt Regency Austin (Big Bend). And right after that, our friends at the independent civil liberties organization EFF-Austin will be discussing a variety of EFF-relevant issues. Monday, March 12, 12:30-1:30pm, Hyatt Regency Austin (Big Bend).
Of course, you don't want to forget to RSVP for our SXSW party on March 13 @ Six Lounge for great live music and drinks (many thanks to our sponsors!) and drop by Trade Show booth #723 (between Monday, March 12 and Thursday, March 15) to pick up a brand-new EFF t-shirt or become a supporting member. Looking forward to seeing you in Austin!
This week Mozilla introduced Boot to Gecko (B2G), a mobile standalone operating system (OS) that is HTML-5, Linux based, and open source. In addition, it is the first implementation of Do Not Track at the operating system level, and not just at the web-browser level. It's an encouraging step by the Mozilla Foundation to insert open web standards and privacy protections among the walled gardens and proprietary-based OS software in the mobile environment.
Do Not Track is intended to address the challenge of ubiquitous online web tracking by behavioral advertisers, which monitors clicks, searches, and reading habits of users. Do Not Track includes a simple, machine-readable header indicating that a user doesn't want to be tracked. Until now, its use was exclusive to web browsers. By enabling the Do Not Track header at the OS level, a user can indicate to apps that they must not send collected data to third parties without express user consent and should work to minimize the data they keep themselves. There is ampleevidence mobile applications are exceeding the privacy expectations of users. The first implementation of Do Not Track on a mobile OS is a big step toward ensuring users have a meaningful choice when it comes to digital tracking.
Another facet of B2G is the addition of nuance to the OS's Do Not Track settings. In Firefox, Do Not Track can be turned on, but there's no differentiator between individuals who have affirmatively opted into tracking and those that have simply not made a decision. B2G will use a three-valued setting, where the user can chose between "do not track," "no preference," and "ok to track me." Mozilla admits that it is still in the process of how these preferences will be presented to a user, but it is a clear acknowledgement that discussions around Do Not Track aren't exclusive to a user who declares not to be tracked and a user who makes no decision on the issue. By introducing a third option, B2G better clarifies the user's intent in the online advertising sphere.
Aside from the enhanced privacy protections, B2G will offer an alternative to the walled gardens of Apple's iOS and Google's Android OS. B2G seeks to eliminate platform-specific application programming interfaces (APIs) by encouraging web-based applications and an open source OS. Combining these two aspects, Mozilla will make it easier for users to port applications across devices running different mobile OSes. B2G will encourage the kind of integration in the mobile environment that will decrease the reliance on Apple and Android's mobile platforms.
EFF is excited about the evolution of Do Not Track onto the mobile platform. Right now, EFF and many other groups are involved in a multi-stakeholder process to define the scope and execution of Do Not Track through the Tracking Protection Working Group. Through this participatory forum, civil liberties organizations, advertisers, and leading technologists are working together to define how Do Not Track will give users a meaningful way to control online tracking without unduly burdening companies.
The opposition to Google’s changes expresses several points of concern. The privacy commissioner of Canada, Jennifer Stoddart concisely described the specific concerns. First, it will share users’ data across its more than 60 services, including all Google applications, subsidiary websites such as Youtube, and Android phones. Additionally, the consolidation of all of the previous service-specific plans makes it hard to tell what data will be retained, for how long, and what Google plans to do with the data that they collect on their users. This is significantly worrying for Android users whose device information, log information, and locational information can now all feasibly be collected. It is clear that this data integration will significantly facilitate their ability to personalize their services to their users. What is not clear are all the new unforeseeable ways the company plans to use this data.
Criticism has been aimed at Google for being vague about the changes as well as failing to consult privacy advocates about the new policy. Despite their efforts to educate their users on how they would be impacted, Google’s early explanations were not specific was substantively changing in the new policy. In fact, it took a letter from eight Congressional representatives to get them to provide straight-forward answers. The criticism levied from various entities in reaction vary from polite expressions of concern to curt demands to halt the plan altogether.
The French Data Protection Agency, on behalf of European privacy authorities, warned that Google's proposed change violates European Union privacy law [pdf]. In a letter to Google CEO Larry Page, the French agency criticized the company for not well informing data protection authorities in the EU, despite claiming to have “extensively pre-briefed” them. The official also criticizes the policy itself:
The CNIL and the EU data protection authorities are deeply concerned about the combination of personal data across services: they have strong doubts about the lawfulness and fairness of such processing, and about its compliance with the European Data Protection legislation…
If the new policy does indeed violate the European Directive on Data Protection, Google will face a big challenge in Europe.
The Australian Privacy Foundation (APF) had made efforts to compel state agencies to take action in light of the Foundation’s policy statement outlining specific critiques of the changes. Shortly after Google announced the new policy, APF sent a letter [pdf] to the Australian consumer protection agency to investigate the changes in order “to assert relevant laws and communicate to Google the serious public policy concerns.” The consumer protection agency has yet to respond.
The APF also sent a similar letter [pdf] to the Office of the Australian Information Commissioner with their policy statement attached. Timothy Pilgrim, the Australian Privacy Commissioner, responded a month later, roughly 36 hours left before Google's notice-period would expire. The letter is less critical of than the APF’s original critique.
The Japanese government’s Ministry of Internal Affairs and Communications together with the Ministry of Economy, Trade and Industry also released a statement to Google before the new policy, that it must respect privacy laws and regulations. The letter came out of concerns that the new policy could lead to violations of personal data protections laws in Japan. It asked the company to provide clearer explanations of the new rules and allow users to ask questions about the policy even after it has been initiated.
Despite the criticisms, Google’s official blog continued to defend its new policy, emphasizing that they made the changes to benefit the users:
We continue to look for ways to make it simpler for you to understand and control how we use the information you entrust to us. We build Google for you, and we think these changes will make our services even better.
But consumer groups disagree. The Transatlantic Consumer Dialogue, a coalition of consumer organizations in North America and Europe, urged [pdf] Google CEO Larry Page to drop the new policy changes:
Consumers in Europe, Canada, and Mexico have had the benefit of privacy law and privacy agencies. Consumers in the United States rely on a patchwork structure, including the US Federal Trade Commission, to protect their interests. And Internet users around the world rely on the integrity of your company, and on you, to do the right thing. Their eyes are all on you…
…Going forward with this plan will be a mistake. We ask you to reconsider.
Before the policy took effect March 1st, EFF published two tutorials for users on how to delete their viewing and history on Youtube and Google Web History.