The draft search warrants are particularly interesting because they show the full extent of data the government regularly requests on a person it’s investigating. This includes not just your full profile information but also who you “poke” (and presumably who “pokes” you), who rejects your friend requests, which apps you use, what music you listen to, your privacy settings, all photos you upload as well as any photos you’re tagged in (whether or not you upload them), who’s in each of your Facebook groups, and IP logs that can show if and when you viewed a specific profile and from what IP address you did so.
More interesting stuff from the draft MySpace and Facebook search warrants & affidavits:
As of December 2009, Facebook is technically limited in its ability to provide complete IP logs (i.e., IP logs that contain content and transactional information, in addition to login IPs). However, it appears that law enforcement may still be able to get this information for specific time periods by contacting Facebook directly. (Facebook Warrant Usage Notes at p. 1)
MySpace retains certain information on an account for at least a year after a user deletes it, including user identity information and IP logs. (Draft MySpace Warrant Affidavit at p. 4)
Both Facebook and MySpace appear to be disclosing information that isn’t called for in the warrant; the DOJ’s “Usage Notes” for filing search warrants with each company recommend agents “cull through the data returned by [Facebook/MySpace] and isolate material that is not called for by the warrant.” (Facebook Warrant Usage Notes at p. 2; MySpace Warrant Usage Notes at p.2).
See the documents linked below for more (they will each open up in our cool new document reader).
Nearly four months after first announcing it would support pseudonyms, Google rolled out changes to the account creation process for Google+ yesterday. The changes will allow users the option of choosing a nickname/alternate name to display in his or her Google+ profile, or choosing a pseudonym which is not linked a real name.
Nicknames address the needs of users who want to display the alternate name they may be known by, or a maiden name, as well as foreign-language users who want to use an alternate name. Users who select a nickname should note, however, that Google plans to roll out nicknames to other services, so that funny college nickname you use on Google+ might appear on your professional Picasa account one day.
Users should also note that nicknames and alternate names are no substitute for pseudonyms, as Google still requires users to sign up with a “common name” which is publicly associated with the user’s account.
For users who want to use a real pseudonym—a name that is in no way associated with one’s commonly used name—there is an alternate procedure and a potential pitfall. Names that trigger Google’s pseudonym-detection algorithms, such as Doctor Popular or Skud, send users to a form that requires them to demonstrate that this name is part of an established online identity with a “significant following.” Such users can link to a website, a blog, an account on an online forum, print media or news articles, or a Twitter account to demonstrate an established identity.
Google has not clarified what constitutes a “significant following” out of apparent concern that if people know where the limits lie, they will game the system, but the lack of transparency raises the possibility that this standard will be applied as inconsistently or capriciously as the “common name” policy. Some good news, though: pseudonymous accounts that have been verified using this procedure will not be vulnerable to suspension for violating the “common name” policy. Once your pseudonym has been approved, you cannot be suspended for not using a "common name."
People with non-standard names and mononyms may still find that their names trigger Google’s pseudonym-detection algorithms. When the algorithm is triggered, Google may still ask for a scan of official documentation, such as a driver’s license or passport. Although Google requests such information over their own platform using HTTPS, what the company does with the documentation after using it remains unclear.
Users who sign up with “name shaped” pseudonyms—such as Salman Rushdie or Mark Twain—that do not trigger Google’s pseudonym-detection algorithms, are not automatically asked to provide proof of an established identity. This is great, because it allows users to create accounts with new pseudonyms that are not linked to accounts on other services. On the other hand, if a user with a name-shaped pseudonym is reported by another user, their account could be vulnerable to takedown if deemed in violation of Google+’s content policy. Pseudonymous users on both Google+ and Facebook have reported attacks of this kind from other users, used intentionally for the purpose of getting their accounts taken down.
We feel that Google deserves some credit for finally taking steps to accommodate pseudonyms. Yonatan Zunger, Chief Architect of Google+, explains that the change of heart was the result of looking at data and realizing that Google’s initial assumptions were wrong:
“We thought…that people would behave very differently when they were and weren't going by their real names. After watching the system for a while, we realized that this was not, in fact, the case. (And in particular, bastards are still bastards under their own names.)”
Google’s observations are bolstered by a recent analysis of Disqus comments which suggested that the pseudonymous comments on its service are some of the most useful.
At the same time, let’s be clear: Google+’s latest changes are a good first step toward supporting pseudonyms, but they are not an acceptable end game. While some users will be satisfied, there is still no support for individuals who wish to establish new pseudonyms. For new activists, or people creating new identities with which to explore a new issue—such as gay rights or politics—Google+ is not a welcome place for them to build that identity.
Google emphasizes how few people are affected by this policy by pointing out that only 0.1% of users have submitted name appeals, and of that 0.1%, only 20% were seeking to use a pseudonym, but even though their numbers are small, these are often the people who need social networks the most. These are the revolutionaries, the bloggers in authoritarian regimes, the isolated minorities reaching out to the rest of the world for understanding and support. If Google+ hopes to be a global company on the side of those seek to use technologies to build a free society, it needs to make room for the people working (often under adverse conditions) to create that world, instead of dismissing them as edge cases. We will continue to keep a close eye on Google’s name policies as they develop.
EFF is thrilled by the news that Egyptian blogger Maikel Nabil (Sanad), detained since March 2011, was released today, just one day prior to the anniversary of Egypt's January 25 uprising. Though earlier reports suggested Nabil would not be released until the 26th, Al Masry Al Youm reported his release late Tuesday evening.
Nabil, a prisoner of conscience whose unfair trial EFF has highlighted numerous times, was arrested last March after criticizing the army on his blog and was tried in a military court. Though he successfully appealed an initial three year sentence, he was later sentenced to two years in prison by a Supreme Military Court of Appeals. Nabil committed to a hunger strike for more than 120 days, consuming only liquids, to protest his detention.
Nabil's release was announced alongside another that 1,959 other prisoners would also be freed to mark the anniversary of the revolution.
In a video statement [in Arabic] released in the early hours of January 25, Nabil stated that he refuses the decision of the military dictator to grant him pardon, saying that he never committed a crime to be pardoned. "I was practicing my right to freedom of thought and speech. I committed no crime," the blogger said.
EFF applauds the decision to release Nabil but recognizes the call from Egyptians (including Nabil himself) to put an end to military trials for civilians. As the anniversary of the revolution approaches, we will be keeping a close eye on Egypt to ensure free expression is protected.
After the Washington Post wrote about the Texas Department of Public Safety’s (DPS) and other domestic law enforcement agencies’ use of drones last January, EFF filed a Public Information Act request with the agency for more information. The Texas DPS was very forthcoming and not only sent us unredacted records of their program but also agreed to provide more information over the phone. The records they sent us are linked at the bottom of this post, and I was able to speak with Mr. Bill Nabors, chief pilot of Texas DPS’s Aircraft Section.
Interestingly, according to Mr. Nabors, Texas hasn’t flown its drones since a final training flight in August 2010. The drones were constantly having maintenance issues because they weren’t designed to land in a rocky environment like Texas and didn’t fly well in high winds. The supplier, AeroVironment (AV), took a long time to fix the drones so they were often out of service. There also may have been some issues with the frequency used to operate and control the device. Ultimately, according to Mr. Nabors, the drones did not offer Texas significant advantages over the agency’s existing airplanes and helicopters so the agency cancelled its 2010 order for two additional drones. Mr. Nabors said he was not sure patrolling the border was a good use of the small drones or even whether they should be used in the National Airspace. He does believe the FAA should strictly control the use of unmanned aerial systems within the National Airspace. According to Mr. Nabors, he doesn’t see going back to using unmanned systems. Texas' experience should be taken seriously by other law enforcement looking into spending tax dollars to purchase these devices.
Wasps are small but powerful drones. Each weighs less than a pound and has a wingspan of 28.5 inches. For daytime operations, the Wasp uses “2048 x 1536 side imagers with digital pan-tilt-zoom (PTZ) capabilities.” The Wasp is also equipped with a “320 x 240 thermal imager” for nighttime operations. Another document notes that the Wasp includes “live video downlink, self tracking, still photography and nighttime IR technology.” According to AeroVironment’s Wasp Fact Sheet (pdf), the device can be operated manually but is also capable of GPS-based autonomous flight and navigation.
The documents we received also include the Texas DPS’s regulations for flying unmanned aircraft systems. These include operating procedures, FAA reporting requirements, requirements for flights using visual or instrument flight rules, and procedures to obtain an Emergency Certificate of Authority from the FAA.
Notably, the records DPS disclosed do not discuss any policies concerning which types of investigations DPS agents may use the drones for or whether they are required to obtain any legal process—such as a court order or warrant—before using the drones for surveillance. According to my phone conversation with Mr. Nabors, DPS does not feel it needs legal process to operate drones because they operate at 500 feet—the same height as a helicopter. However, Mr. Nabors also said that he thought the best use of drones was to aid SWAT teams to give agents the ability to see around things like buildings. It’s unclear whether a drone would need to fly at 500 feet to achieve this or whether that should even affect the legal analysis.
A federal district court in Colorado has handed down an unfortunate early ruling (pdf) in a case in which the government is attempting to force a criminal defendant to decrypt the contents of a laptop.
In United States v. Fricosu, the government seized several computers from the home of a woman charged with mortgage fraud, including a laptop containing encrypted information. Prosecutors asked the court (pdf) to force the woman to either type an encryption passphrase into the laptop to decrypt the information or turn over a decrypted version of the data, relying heavily on the fact that the government recorded a conversation between Fricosu and her ex-husband in which the government says she admitted that the laptop was hers and she knew the password.EFF filed an amicus brief (pdf) in July, arguing she had a Fifth Amendment privilege against self-incrimination that prevented the government from compelling her to disclose the data.
The Fifth Amendment protects a person from being forced to be a witness against herself in a criminal case, a right often called the privilege against self-incrimination. The privilege doesn't prevent the government from gathering evidence from a person, but rather protects a person from being forced to make communications that would reveal the contents of her mind. The Supreme Court has held that it also applies to actions that communicate something of value—for example, producing records that would confirm the existence or authenticity of certain information, or the fact that a particular person had control over that data.
Regardless, the government can overcome the privilege by offering immunity that matches the scope of the protected right, since any information revealed after that wouldn't be incriminating. The government can also bypass the privilege if it already knows about existence, location and possession of the evidence it seeks, such that forcing a person to turn over that information won't tell the government anything more than it already knows. The government claimed that it had defeated Fricosu's privilege in both of these ways.
In the order issued yesterday, the court dodged the question of whether requiring Fricosu to type a passphrase into the laptop would violate the Fifth Amendment. Instead, it ordered Fricosu to turn over a decrypted version of the information on the computer. While the court didn't hold that Fricosu has a valid Fifth Amendment privilege not to reveal that data, it seemed to implicitly recognize that possibiity. The court both points out that the government offered Fricosu immunity for the act of production and forbids the government from using the act of production against her. We think Fricosu not only has a valid privilege against self-incrimination, but that the immunity offered by the government isn't broad enough to invalidate it. Under Supreme Court precedent, the government can't use the act of production orany evidence it learns as a resultof that act against Fricosu.
The court then found that the Fifth Amendment "is not implicated" by requiring Fricosu to turn over the decrypted contents of the laptop, since the government independently learned facts suggesting that Fricosu had possession and control over the computer. Furthermore, according to the court, "there is little question here but that the government knows of the existence and location of the computer's files. The fact that it does not know the specific content of any specific documents is not a barrier to production." We disagree with this conclusion, too. Neither the government nor the court can say what files the government expects to find on the laptop, so there is testimonial value in revealing the existence, authenticity and control over that specific data. If Fricosu decrypts the data, the government could learn a great deal it didn't know before.
In sum, we think the court got it wrong. Regardless, the result is a very specific to the facts of this case and is unlikely to have far-reaching consequences, even if it stands.
Professor Orin Kerr has more thoughts about this case here.
Last week was a pretty good one for copyright law, what with a massive protest against disastrous legislation, that, hooray, got Congress to pay attention and put the legislation on hold.Unfortunately, last week we also saw the results of another bad law that Congress did manage to push through, back before the Internet existed in anything like its present form.Ignoring the pleas of musicians, composers, libraries, archives and public interest groups, the Supreme Court declared that Congress did not violate the Constitution when it yanked millions of foreign works out of the public domain.Striking a sad blow against the traditional copyright balance between private and public interests, the Court declared:
Neither the Copyright and Patent Clause nor the first Amendment . . . makes the public domain, in any and all cases, a territory that works may never exit.
At issue was Section 514 of the Uruguay Round Agreements Act, which took millions of works by foreign authors that were previously in the public domain and put them back under copyright protection. Works affected by this law include Sergei Prokofiev's Peter and the Wolf, music by Stravinski, paintings by Picasso and drawings by M.C. Escher, and writings by George Orwell and J.R.R. Tolkien -- material that has been used and performed countless times. Now that the works are back under copyright protection, use of the works may require paying hefty license fees.The lead petitioner, Lawrence Golan, is a music professor and conductor who challenged the law because it made performance of many works prohibitively expensive for many small orchestras. By taking the works out of the public domain, Congress had impinged on his vested free speech interest in using those works. On behalf of the American Library Association and other public interest groups, EFF filed an amicus brief in support, explaining that an unstable public domain creates dangerous uncertainty about copyright policy, posing a significant threat to libraries, digital repositories, and others that promote access to knowledge.
The Supreme Court has historically been friendly to copyright maximalists: In recent years it has signed off on Congress’s seemingly endless extensions of the copyright term, overturned a Ninth Circuit decision finding that several file-sharing services were legal, and refused to hear an appeal of a disastrous Ninth Circuit decision on the first sale doctrine that directly contradicted the holding in other appellate courts.But there was reason to hope it would draw a line in this case.Several years ago, in oral arguments over whether Congress could drag lengthen the term of copyright, the lawyers for both sides, and the Justices, all seemed to agree that once the copyright term on a work DID expire and it entered the public domain, it would stay there.Indeed, the Tenth Circuit Court of Appeals referred to this as a “bedrock principle” of copyright law, and concluded that the URAA had altered the traditional contours of copyright law. Therefore, the appellate court declared, URAA had to pass First Amendment scrutiny.
The Supreme Court disagreed, stating that the “traditional contours” of copyright comprise just two limits: fair use, and the idea/expression distinction.As long as Congress doesn’t mess with those, the First Amendment is satisfied.
What is worse, as Justice Breyer explained in his dissenting opinion, the majority gave short shrift to what should have been a central issue: whether granting new rewards to foreign authors (or, often, their heirs) served the purpose of copyright, i.e., to encourage the progress of science and the useful arts.
The statute before us . . . does not encourage anyone to produce a single new work.By definition, it bestows monetary rewards only on owners of old works – works that have already been created and already are in the American public domain. At the same time, the statute inhibits the dissemination of. . . foreign works published abroad after 1923, of which there are many millions, including films, works of art, innumerable photographs, and, of course, books – books that (in the absence of statute) would assume their rightful places in computer accessible databases, spreading knowledge throughout the world.
Justice Breyer got it.Too bad the majority didn’t.Word to the Internet: this is why we must never again let copyright maximalists ram through legislation under cover of night.Word to Congress: we’re staying vigilant, and if you won’t protect the public domain, we will.
Are you an undergraduate or graduate student who is interested in protecting civil liberties online and fighting for a free and open Internet? Do you have strong writing and research skills? Do you love delving into the latest issues in technology, privacy, intellectual property, and transparency? Apply for EFF’s Summer Activism Internship!
The Activism Intern will work closely with EFF’s activism team to create new campaigns, action alerts, and issue pages, research new issues in digital civil liberties, and update existing web pages on EFF’s sprawling website.
EFF is seeking candidates with the following qualifications:
Familiar with EFF’s core issues: privacy, transparency, intellectual property, and freedom of expression.
Available to work from June through August at EFF’s office in San Francisco, CA.
Have strong writing and research skills.
Comfortable updating blogs and social media. Experience maintaining a website preferred.
Candidates should email a cover letter and resume to firstname.lastname@example.org by February 17th. Please include 2-4 links to online writing samples. Replies will be sent by March 5th. This internship is an unpaid position.
MPAA Chairman Chris Dodd gave an interview to the New York Times yesterday, in which "Mr. Dodd said he would welcome a summit meeting between Internet companies and content companies, perhaps convened by the White House, that could lead to a compromise." While framed by the Times as his acceptance of defeat (the MPAA had rejected a prior meeting), the article shows that Dodd still doesn't get it.
The former Senator hopes for a return to the traditional levers of power, where the laws are written by lobbyists, and sold by back-room deals negotiated behind closed doors. He wants to frame the debate as the comfortable story of a dispute between companies in Silicon Valley and companies in Hollywood, that would doubtless be resolved on the basis of who's more connected or has better lobbying budgets ‒ or so he hopes.
It wasn't the technology companies who broke the back of PIPA and SOPA. To be sure, Internet companies played a critical role ‒ Google, Wikipedia, Reddit, Mozilla, Craigslist and over a hundred thousand other websites changed their home pages, informed their users about the bills and facilitated the users' communications to Congress.
But the dramatic and unprecedented sea change in opposition to blacklist legislation on the Hill came about because of the users themselves. Millions of users ‒ and voters ‒ like you spoke as one, and demanded that freedom of the Internet not be sacrificed on the altar of outdated business models. The opposition was grassroots, not astroturf.
Now that the proponents of SOPA/PIPA have blinked, and taken the bills back to committee, there will be calls to come to a "compromise." But there is no need to assume that legislation is necessary. As we discuss the future of the Internet, all stakeholders, including the people who use Internet services and consume (and create and share) movies and music, must have a seat at the table. The internet is too important to be debated, dissected and possibly disabled in a private meeting.