This weekend kicks off one of EFF's favorite events: South by Southwest (SXSW). This year, in addition to a number of exciting panels, the EFF team will also be having a party! We’re all really excited to see you there, and hope that you’ll stop by our Trade Show booth (#723) to learn more about our work and pick up some swag.
In addition to the panels featuring members of the EFF team outlined below, we've also dug through the schedule to find a few gems that EFF fans will love. Read on for more details…
EFFers take Austin!
EFF Intellectual Property Director Corynne McSherry will be joining a panel entitled “Fighting for Your Users Without Becoming a Target.” The four-person panel—targeted at online service providers (OSPs)—will tackle the question of how OSPs can earn users’ loyalty and fight for their rights while avoiding legal pitfalls. Saturday, March 10, 3:30-4:30pm, Omni Downtown (Capital Ballroom).
Legal director Cindy Cohn will be debating Colette Vogle on a topic that’s been on our minds a lot this past year: whether or not social sites like Facebook and Google+ should allow anonymous users. Saturday, March 10, 11:00am-12:00pm, Omni Downtown (Longhorn).
Cindy will also be moderating a panel on the emerging phenomenon of online review sites for medical professionals. Her panel will explore the legal rules that affect this new space, the ethical obligations of healthcare providers, and the innovative practices being developed in response. Sunday, March 11, 3:30-4:30pm, AT&T Conference Hotel (Classroom 204).
EFF Activist Eva Galperin, along with Twitter’s John Adams, will be discussing the hot topic of security and privacy on social networks. The discussion—also geared toward technology companies—will tackle best practices for protecting both one’s company and users. Sunday, March 11, 5:00-6:00pm, Omni Downtown (Lone Star).
Building on our ample work in this space, two EFF staffers will join a panel entitled “When Copyright Trolls Attack!” Activist Parker Higgins and IP Attorney Mitch Stoltz will bring EFF’s expertise on the subject to the discussion of this growing phenomenon. Saturday, March 10, 9:30-10:30am, Sheraton Austin (Capitol EFGH).
EFF's Director for International Freedom of Expression will speak on a panel targeted at OSPs entitled “How to Run a Social Site and Not Get Users Killed.” Including, among others, EFF alum and current Internet Advocacy Coordinator at the Committee to Protect Journalists Danny O’Brien, the panel will cover a range of issues related to user safety on social networks. Sunday, March 11, 12:30-1:30pm, AT&T Conference Hotel (Salon D).
Julie Samuels, an EFF Staff Attorney, will be discussing software patents. Julie’s work on patent trolls has been widely cited over the past year and will round out the panel as she discusses an emerging trend of suing startups over patents. Tuesday, March 13, 11:00am-12:00pm, Hilton Austin Downtown (Salon C). In addition, Julie has joined a panel entitled "Getting Off the SOPA Box," discussing, amongst other things, why the activism around SOPA and PIPA was so successful.
Bonus: Julie will also be sticking around for SXSW Music this year to talk about strategies for using free content to promote and maximize the benefits of alternative revenue streams on a panel entitled “Set Your Content Free (It's Harder Than You Think)”.
In addition to our own panels, we’ve curated a small (and by no means comprehensive) list of panels featuring EFF allies and friends, or simply EFF-relevant subjects. On a panel you think we should know about? Drop us a line—we’d love to attend!
Several EFF friends come together on a panel entitled “Principles and Practices for Privacy by Design,” targeting companies with a talk on how to incorporate Privacy by Design into one’s product. Monday, March 12, 11:00am-12:00pm, Austin Convention Center (Ballroom BC).
Our friends at WITNESS and The Guardian Project will be hosting a discussion on the ethics of mobile face tagging, sharing their ideas and tools. Monday, March 12, 11:00am-12:00pm, Hilton Austin Downtown (Salon J).
Join us in attending a lively discussion—sponsored by CNet—entitled “Big Data: Privacy Threat or Business Model?” that will tackle the pros and cons of data-based innovation. Sunday, March 11, 5:00-6:00pm, Omni Downtown (Longhorn).
Our friends at the ACLU have put together two panels related to privacy. Chris Conley will lead a discussion on mobile privacy geared at developers (Tuesday, March 13, 12:30-1:30pm, Austin Convention Center Ballroom A), while Nicole Ozer will join a four-person panel discussing how to make privacy decisions that are good for the company’s bottom line (Saturday, March 10, 9:30-10:30am, Hilton Austin Downtown, Salon FG).
Bonus: Nicole will also be doing a book signing for her new book, Privacy & Free Speech: It’s Good for Business.Saturday, March 10, 11:00-11:15am, Austin Convention Center (Ballroom G Foyer).
Complementary to Jillian York’s panel is one entitled “How Not to Die: Using Tech in a Dictatorship,” in which several friends of EFF will present concrete examples from several countries to educate activists and changemakers on how to protect their rights and safety while using new technologies. Monday, March 12, 9:30-10:30am, Austin Convention Center (Room 9ABC).
Taking apart one trope that has framed discussion of the so-called Arab Spring, one panel featuring EFF friends will discuss “Internet Power: After Cyber-Optimism and Pessimism,” tackling the disruptive power of the Internet worldwide. Sunday, March 11, 11:00am-12:00pm, AT&T Conference Hotel (Salon E).
A number of EFF friends will share a panel on the “tech tools to topple a tyrant” to discuss how revolutionaries utilize social media and what tools would-be activists should include in her toolkit. Monday, March 12, 12:30pm-1:30pm, Austin Convention Center (Room 9ABC).
US Department of State Senior Advisor for Innovation Alec Ross—who has worked directly on the department’s Net Freedom initiative—will give a solo talk on “How 21st Century Tools Are Disrupting Global Power,” “from the perspective of the apex of traditional power structure.” Friday, March 9, 2:00-3:00pm, Hilton Austin Downtown (Salon J).
EFF friends from FreePress and Access will join a panel entitled “Your iPhone is Political: Mobile Democracy,” to deliberate on how we use mobile devices, how carriers and the public are fighting for control over them, and how good policies can protect consumers from wireless carrier abuse. Monday, March 12, 9:30-10:30am, Hilton Austin Downtown (Salon J).
Copyright and Fair Use
A group of EFF allies will hold a session on SOPA and PIPA entitled “Why the Open Internet Needs Us.” As the description notes, SOPA and PIPA might be dead for now, but “we’re just at the beginning of a much longer battle.” This panel will broach the question of why we should care. Saturday, March 10, 11:00am-12:00pm, AT&T Conference Hotel (Salon C).
Friend of EFF Kirby Ferguson, the filmmaker behind the popular "Everything is a Remix" video series, is teaming up with writer and artist Austin Kleon to talk about remix culture and being a creator in the digital age. Saturday, March 10, 12:30-1:30pm, Austin Convention Center (Room 18ABCD).
Another, interactive, workshop—“class participation will be encouraged and rewarded”—dubbed “WTFair Use?!” will educate participants on what they need to know about fair use and licensing. Monday, March 12, 3:30-4:30pm, Austin Convention Center (Room 13AB).
Bonus: There will be a SOPA/PIPA/ACTA meetup/open discussion hosted by the Future of Music Coalition. Monday, March 12, 11:00am-12:00pm, Hyatt Regency Austin (Big Bend). And right after that, our friends at the independent civil liberties organization EFF-Austin will be discussing a variety of EFF-relevant issues. Monday, March 12, 12:30-1:30pm, Hyatt Regency Austin (Big Bend).
Of course, you don't want to forget to RSVP for our SXSW party on March 13 @ Six Lounge for great live music and drinks (many thanks to our sponsors!) and drop by Trade Show booth #723 (between Monday, March 12 and Thursday, March 15) to pick up a brand-new EFF t-shirt or become a supporting member. Looking forward to seeing you in Austin!
This week Mozilla introduced Boot to Gecko (B2G), a mobile standalone operating system (OS) that is HTML-5, Linux based, and open source. In addition, it is the first implementation of Do Not Track at the operating system level, and not just at the web-browser level. It's an encouraging step by the Mozilla Foundation to insert open web standards and privacy protections among the walled gardens and proprietary-based OS software in the mobile environment.
Do Not Track is intended to address the challenge of ubiquitous online web tracking by behavioral advertisers, which monitors clicks, searches, and reading habits of users. Do Not Track includes a simple, machine-readable header indicating that a user doesn't want to be tracked. Until now, its use was exclusive to web browsers. By enabling the Do Not Track header at the OS level, a user can indicate to apps that they must not send collected data to third parties without express user consent and should work to minimize the data they keep themselves. There is ampleevidence mobile applications are exceeding the privacy expectations of users. The first implementation of Do Not Track on a mobile OS is a big step toward ensuring users have a meaningful choice when it comes to digital tracking.
Another facet of B2G is the addition of nuance to the OS's Do Not Track settings. In Firefox, Do Not Track can be turned on, but there's no differentiator between individuals who have affirmatively opted into tracking and those that have simply not made a decision. B2G will use a three-valued setting, where the user can chose between "do not track," "no preference," and "ok to track me." Mozilla admits that it is still in the process of how these preferences will be presented to a user, but it is a clear acknowledgement that discussions around Do Not Track aren't exclusive to a user who declares not to be tracked and a user who makes no decision on the issue. By introducing a third option, B2G better clarifies the user's intent in the online advertising sphere.
Aside from the enhanced privacy protections, B2G will offer an alternative to the walled gardens of Apple's iOS and Google's Android OS. B2G seeks to eliminate platform-specific application programming interfaces (APIs) by encouraging web-based applications and an open source OS. Combining these two aspects, Mozilla will make it easier for users to port applications across devices running different mobile OSes. B2G will encourage the kind of integration in the mobile environment that will decrease the reliance on Apple and Android's mobile platforms.
EFF is excited about the evolution of Do Not Track onto the mobile platform. Right now, EFF and many other groups are involved in a multi-stakeholder process to define the scope and execution of Do Not Track through the Tracking Protection Working Group. Through this participatory forum, civil liberties organizations, advertisers, and leading technologists are working together to define how Do Not Track will give users a meaningful way to control online tracking without unduly burdening companies.
The opposition to Google’s changes expresses several points of concern. The privacy commissioner of Canada, Jennifer Stoddart concisely described the specific concerns. First, it will share users’ data across its more than 60 services, including all Google applications, subsidiary websites such as Youtube, and Android phones. Additionally, the consolidation of all of the previous service-specific plans makes it hard to tell what data will be retained, for how long, and what Google plans to do with the data that they collect on their users. This is significantly worrying for Android users whose device information, log information, and locational information can now all feasibly be collected. It is clear that this data integration will significantly facilitate their ability to personalize their services to their users. What is not clear are all the new unforeseeable ways the company plans to use this data.
Criticism has been aimed at Google for being vague about the changes as well as failing to consult privacy advocates about the new policy. Despite their efforts to educate their users on how they would be impacted, Google’s early explanations were not specific was substantively changing in the new policy. In fact, it took a letter from eight Congressional representatives to get them to provide straight-forward answers. The criticism levied from various entities in reaction vary from polite expressions of concern to curt demands to halt the plan altogether.
The French Data Protection Agency, on behalf of European privacy authorities, warned that Google's proposed change violates European Union privacy law [pdf]. In a letter to Google CEO Larry Page, the French agency criticized the company for not well informing data protection authorities in the EU, despite claiming to have “extensively pre-briefed” them. The official also criticizes the policy itself:
The CNIL and the EU data protection authorities are deeply concerned about the combination of personal data across services: they have strong doubts about the lawfulness and fairness of such processing, and about its compliance with the European Data Protection legislation…
If the new policy does indeed violate the European Directive on Data Protection, Google will face a big challenge in Europe.
The Australian Privacy Foundation (APF) had made efforts to compel state agencies to take action in light of the Foundation’s policy statement outlining specific critiques of the changes. Shortly after Google announced the new policy, APF sent a letter [pdf] to the Australian consumer protection agency to investigate the changes in order “to assert relevant laws and communicate to Google the serious public policy concerns.” The consumer protection agency has yet to respond.
The APF also sent a similar letter [pdf] to the Office of the Australian Information Commissioner with their policy statement attached. Timothy Pilgrim, the Australian Privacy Commissioner, responded a month later, roughly 36 hours left before Google's notice-period would expire. The letter is less critical of than the APF’s original critique.
The Japanese government’s Ministry of Internal Affairs and Communications together with the Ministry of Economy, Trade and Industry also released a statement to Google before the new policy, that it must respect privacy laws and regulations. The letter came out of concerns that the new policy could lead to violations of personal data protections laws in Japan. It asked the company to provide clearer explanations of the new rules and allow users to ask questions about the policy even after it has been initiated.
Despite the criticisms, Google’s official blog continued to defend its new policy, emphasizing that they made the changes to benefit the users:
We continue to look for ways to make it simpler for you to understand and control how we use the information you entrust to us. We build Google for you, and we think these changes will make our services even better.
But consumer groups disagree. The Transatlantic Consumer Dialogue, a coalition of consumer organizations in North America and Europe, urged [pdf] Google CEO Larry Page to drop the new policy changes:
Consumers in Europe, Canada, and Mexico have had the benefit of privacy law and privacy agencies. Consumers in the United States rely on a patchwork structure, including the US Federal Trade Commission, to protect their interests. And Internet users around the world rely on the integrity of your company, and on you, to do the right thing. Their eyes are all on you…
…Going forward with this plan will be a mistake. We ask you to reconsider.
Before the policy took effect March 1st, EFF published two tutorials for users on how to delete their viewing and history on Youtube and Google Web History.
A few weeks ago, we started seeing reports of a Trojan called Darkcomet RAT on computers belonging to Syrian activists which would capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more--and send that sensitive information to an address in Syrian IP space. Symantec's writeup and recommendations are available here.
Now we've seen reports of new malware, Xtreme RAT, which sends data back to the same address in Syrian IP space and whose release appears to predate the Darkcomet RAT Trojan. Reports indicate the Trojan is being spread through email and chat programs. The malware was used to log keystrokes and take screenshots of the victim's computer, and it is likely that other functionality was also used.
You should take steps to protect yourself from being infected by not running any software received through e-mail, not installing software at all except over HTTPS, and not installing software from unfamiliar sources even if recommended by a pop-up ad or a casual recommendation from a friend. EFF also recommends keeping your computer's operating system up-to-date by immediately installing security updates from their operating system vendor. Do not use an operating system that is obsolete and no longer getting security updates.
Finding any of the following files or processes is an indicator that your computer has been compromised by Xtreme RAT. More indicators are a stronger sign of compromise.
How to identify Xtreme RAT if it is running on your computer, if you are running Microsoft Windows:
1. Go to your Windows Task Manager by pressing Ctrl+Shift+Esc and click on the Processes tab.
Look for a process called svchost.exe running under your username. In this example, the user is Administrator.
2. Open your Documents and Settings folder. Click on your username (in this example, "Administrator"). Click on "All Programs." Click on "Startup." Look for a link labeled "(Empty)", which is a sign of infection.
3. Open your Documents and Settings folder. Click on your username (in this example, "Administrator"). Open the Local Settings folder. Open the Temp folder. Look for two files: _$SdKdwi.bin and System.exe. If "display file extension" is on the file will appear as System.exe. If it is off, it will display as System Project Up-date DMW.
4. Open your Documents and Settings folder. Click on your username (in this example, "Administrator). Open the Local Settings folder. Open the Application Data folder. Open the Microsoft folder. Open the Windows folder. Look for two files: fQoFaScoN.dat and fQoFaScoN.cfg.
5. Click the Start button. Type "cmd" to open a command window. Type "netstat". In the resulting list of active connections, look for an outbound connection to the following IP address: 220.127.116.11.
What To Do If Your Computer is Infected:
If your computer is infected, deleting the above files or using anti-virus software to remove the Trojan does not guarantee that your computer will be safe or secure. This malware gives an attacker the ability to execute arbitrary code on the infected computer. There is no guarantee that the attacker has not installed additional malicious software while in control of the machine.
As of March 6, 2012, there is only one anti-virus vendor which recognizes this Trojan. You may try updating your anti-virus software, running it, and using it to remove the Trojan if it comes up, but the safest course of action is to re-install the OS on your computer.
Recently, Salon’s Glenn Greenwald reported that Idaho billionaire and CEO of Melaleuca, Inc., Frank VanderSloot, has been engaged in a systematic campaign to silence journalists and bloggers from publishing stories about his political views and business practices. VanderSloot and Melaleuca have targeted national news organizations and small town bloggers alike by issuing bogus legal threats alleging defamation and copyright infringement in an attempt to keep legitimate newsworthy information from being released to the public.
This aggressive tactic not only chills otherwise protected free speech, but in many states, also risks triggering liability under “anti-SLAPP” statutes. Anti-SLAPP laws prevent strategic defamation lawsuits—frequently filed by plaintiffs with deep pockets—that have little to no chance of winning, yet are aimed at pressuring the target into settling for fear of expensive litigation.
Last month, after VanderSloot became a finance co-chair on leading Republican presidential candidate Mitt Romney’s election campaign, Melaleuca’s attorneys sent threatening letters to Mother Jones and Forbes, forcing them to temporarily take down articles exploring VanderSloot’s public position on gay rights and Melaleuca’s business practices. It turns out that this practice is nothing new for Vandersloot: he targeted local political blogs in Idaho with similar tactics for years on a local level.
At the beginning of February, a blogger for The Idaho Agenda was forced to take down a post after receiving a defamation suit threat from Melaleuca’s in house counsel. The author indicated that he took it down because he feared the expensive litigation battle but insisted that “the facts included in the post are a matter of public record found elsewhere, including the internet, periodicals and newspapers.”
Back in 2007, Melaleuca pressured the politics blog 43rdStateBlues to take down a critical post written by a pseudonymous blogger “TomPaine.” Another blogger on 43rdStateBlues, “d2”, posted the lawyer’s letter explaining to readers why the original was taken down. Incredibly, Melaleuca’s lawyers then obtained a retroactive copyright certificate on the threat letter and demanded the hosting provider take down the post as well. Even after they complied with the letter, Melaleuca sued TomPaine for copyright infringement then subpoenaed TomPaine’s and d2’s identities.
Now, VanderSloot is at it again. He and his company's lawyers have targeted local Idaho independent journalist Jody May-Chang over posts that are four years old. Melaleuca’s lawyers have challenged a series of articles written by May-Chang, most notably this one, in which she describes VanderSloot’s funding of the billboard campaign and opines that he is “anti-gay.” Melaleuca first sent a letter to May-Chang in 2008, asking not only to correct the post but to take down the stock photograph of VanderSloot that was on his personal website (a common practice among journalists). The photo was taken down but the posts stayed up at a new URL. After re-discovering the post last month, they sent another letter to May-Chang repeated their demands from 2007, but May-Chang has held her ground and kept the post up despite the threat of costly litigation.
Unfortunately, VanderSloot’s strategy is not new and demonstrates the speech-chilling effect options available to those with ready access to aggressive lawyers. Another billionaire, Washington Redskins owner Dan Snyder, attempted to use this tactic against the alt-weekly Washington City Paper last year by suing the publication for libel over a well-sourced article making fun of his business practices. Luckily, Washington City Paper decided to fight the suit and Snyder dropped it after being confronted with potential liability under DC’s new anti-SLAPP statute.
While Idaho does not have an anti-SLAPP law to protect May-Chang, after Greenwald’s report two weeks ago, other news organizations have finally felt free to report on this series of incidents and the inevitable Streisand Effect has taken hold. Rachel Maddow aired a five minute segment on the controversy on her MSNBC show. And Techdirt’s Mike Masnick said this situation shows the need for a strong federal anti-SLAAP statute. Thankfully, while VanderSloot issued a lengthy response the allegations, he or his company’s lawyers have not issued any new legal threats since Greenwald published his investigation.
But as National Journal’s Chris Frates suggests, given that VanderSloot is a co-chair on a leading presidential campaign, Mitt Romney should have to answer to questions about his official surrogate's attempts to circumvent the First Amendment. Frates writes:
And near as I can tell, Romney has yet to answer questions regarding his supporter's tactics. Did he know of VanderSloot's reported pattern of threatening journalists critical of his interests? Does Romney agree with that response? And does Romney stand by VanderSloot? I put those, and other, questions to a campaign spokeswoman but did not get a response.
And while we’re at it, Mitt Romney—along with President Obama—should be asked their position on a federal anti-SLAAP statute. This type of harassment has no place in a country that prides itself on honest public discourse and the free speech rights guaranteed under the First Amendment.
The Public Participation Project, a non-profit organization dedicated to passing federal anti-SLAPP regulation, has highlighted this case as well, and encourages those concerned to petition their congress member to support such legislation by going here.
The Mexican legislature today adopted a surveillance legislation that will grant the police warrantless access to real time user location data. The bill was adopted almost unanimously with 315 votes in favor, 6 against, and 7 abstentions. It has been sent to the President for his approval.
There is significant potential for abuse of these new powers. The bill ignores the fact that most cellular phones today constantly transmit detailed location data about every individual to their carriers; as all this location data is housed in one place—with the telecommunications service provider—police will have access to more precise, more comprehensive and more pervasive data than would ever have been possible with the use of tracking devices. The Mexican government should be more sensitive to the fact that mobile companies are now recording detailed footprints of our daily lives.
In response to the law’s adoption, Mexican human rights lawyerLuis Fernando García told EFF, "Mexican policy makers must understand that the adoption of broad surveillance powers without adequate safeguards undermines the privacy and security of citizens, and is therefore incompatible with their human rights obligations."
Sensitive data of this nature warrants stronger protection, not an all-access pass. Human rights advocates will evaluate all necessary legal options for challenging the legality of the measure. In the meantime, Mexican citizens should evaluate the possibility of requesting access to their own personal data retained by their mobile company according to the Mexican Data Protection Law.
In Germany, the politician and privacy advocate Malte Spitz used a similar local privacy law—which like laws in many European countries, gives individuals a right to know what kinds of data private companies retain about them—to force his cell phone carrier to reveal what records it had on him. The result was 35,831 different facts about his cell phone use over the course of six months, revealing vast amounts of personal information. To demonstrate just how intrusive this data is, Spitz chose to make it all available to the public. Watch the remarkable interactive map of Spitz’s location information if you haven’t done so.
It is time to educate all of our legislators and the general public that sensitive data warrants strong protections. EFF will continue to report on mobile and online surveillance in Mexico.
If you are Mexican, the Data Protection Authority has provided a FAQ on how to request access to your own personal data retained by private companies.
EFF is pleased to see that Websense, a company that produces Internet filtering technology, has issued a statement against Pakistan’s call for proposals [PDF] for companies to assist with their pervasive censorship plans. Websense’s statement, posted on their website also calls upon other producers of filtering technology to refuse complicity with Pakistan’s plans, which run counter to the right to free expression enshrined in Article 19 of the Universal Declaration of Human Rights.
As we wrote last week, the Pakistan Telecommunications Agency (PTA) already censors numerous websites, including those related to minority groups and human rights. The Request for Proposals (RFP) issued in February would expand the censorship regime to enable the blocking of up to 50 million URLs without delays in processing.
Websense was criticized in 2010 after its products were found to have been used by the government of Yemen, but the company quickly responded by issuing a policy against the sale of their wares to foreign governments. In 2011, Websense also became the first company of its type to join the Global Network Initiative (GNI), of which EFF is also a member.
In addition to Websense, the GNI, numerous international groups, and local organizations such as Bytes for All and Bholo Bhi have stated their opposition to the RFP, and an editorial in the Express Tribune called the plan "usurpation of Internet freedom." The international Business and Human Rights Centre is encouraging those concerned sign a petition calling on companies not to bid on the RFP.
Though Websense should be commended for its stance, there are dozens more companies that would be more than happy to make a bid to the PTA. Corporate giant Cisco, McAfee’s SmartFilter, and Canadian company Netsweeper all knowingly sell their wares to foreign governments, and they’re undoubtedly not the only ones.
This complicity with pervasive government censorship must stop. EFF calls on the myriad companies producing Internet filtering software not to take part in what Bytes for All has called Pakistan’s “cold-blooded murder of the Internet.” We further encourage companies to follow Websense’s example and take a stand against government-imposed censorship by joining the Global Network Initiative or adopting their own standards (we recommend our “Know Your Customer” guidelines).
Two weeks ago, Gawker’s Adrian Chen published a leaked copy of Facebook’s Operations Manual for Live Content Moderators, which the company uses to implement the rules and guidelines that determine which content will be allowed on the platform. The document was widely ridiculed for a variety of reasons, from the attitudes expressed toward sex and nudity (photos containing female nipples are banned, as is any “blatant (obvious) depiction of camel toes or moose knuckles”), to its lenient attitude towards gore (crushed heads and limbs are permitted “so long as no insides are showing”), to its arbitrary ban on photos depicting drunk, unconscious, or sleeping people with things drawn on their faces.
Facebook has a long history of banning—among other things—sexual content, which has angered many users over the years. In 2009, more than 11,000 Facebook users participated in a virtual “nurse-in,” changing their user pictures to photos depicting women breastfeeding in response to Facebook’s policy of taking down such photos to comply with their obscenity guidelines. In May 2011, Facebook deleted a picture of a gay couple kissing because it allegedly violated their community standards, prompting widespread outrage from gay rights groups, and an apology from Facebook, which reinstated the photo.
The leaked document also gave some insight into Facebook’s processes in respect to complying with international law. As Chen writes:
Perhaps most intriguing is the category dedicated to "international compliance." Under this category, any holocaust denial which "focuses on hate speech," all attacks on the founder of Turkey, Ataturk, and burning of Turkish flags must be escalated. This is likely to keep Facebook in line with international laws; in many European countries, holocaust denial is outlawed, as are attacks on Attaturk in Turkey.
Unlike Google and Twitter, Facebook does not have the ability to take down content on a country-by-country basis. If they takedown something in response to the laws of one country, it is taken down for everyone. So if you criticize Ataturk on Facebook, even if you are located in the United States, you are out of luck.
NOTE: Facebook tells that this paragraph is mistaken about how they do their takedowns. We apologize for the error.
Shortly after the Facebook leak, blogging platform Tumblr published a draft copy of a policy against blogs that “actively promote self harm,” including eating disorders, sparking intense debate in the Tumblr community. Users expressed concern that the policy could lead to the deletion of blogs that merely discuss self-harm. One user observed that the line between discussion and glorification is blurry and subjective:
“…where does Tumblr plan to draw the line between what is acceptable and what is not? There are no clear cut specifics as to what you will and will not able to post, so how are we as the users of this website supposed to follow this new policy if put into effect. How is the staff going to determine a person’s definition of “promoting” when everyone has a different view on what should and should not be tolerated? Some users may believe that pictures or even general posts about these issues are a means of promoting them, yet others may see these pictures and posts as nothing more than another post on their dash.”
To be clear, Facebook and Tumblr have a right to decide what kinds of content they allow on their platforms. They are private companies and can generally control and limit the kind of speech they allow without regard to the First Amendment or other constraints. But content policies run the risk of angering and alienating longtime users, and they tend to be an increasing burden over time because the decision by the company to police on one topic leads to pressure to police on more topics. They also require deep training of the people involved to recognize the context and be sensitive to ambiguity. As a result, they are very difficult to automate.
Facebook, at least, does not seem to be prepared to properly train and sensitize those who will be responsible for taking down content on their websites. Instead, they appear to be relying upon an underpaid army of inexperienced content moderators—a choice that seems likely to lead to inconsistent and even unfair implementation of the policies. It’s not hard to imagine a moderator who fails to appreciate the difference between commentary and promotion, or even one who uses his or her takedown power to play out a personal grudge or political belief. Even well-intentioned moderators may become overwhelmed with the sheer volume of material on a platform the size of Facebook.
NOTE: After speaking with Facebook, we decided to remove this paragraph.
The simple fact is that there will be mistakes and misuses of any content review system, even if the companies invest in more training. As a result, it is not enough for companies to simply implement takedown rules—they must develop a robust, easy-to-use avenue for error correction, misuse detection, and appeal. For more recommendations on creating and implementing rights-respecting content moderation guidelines, read the Berkman Center's Account Deactivation and Content Removal: Guiding Principles and Practices for Companies and Users.
Content moderation policies are always evolving. EFF will be watching these systems carefully and users should too. Developing a fair and effective approach to content moderation is considerably harder than it looks. The history of the Internet is littered with well-intentioned content policing systems that went awry.