In early September, EFF was among the first to report on evidence published by activist collective Telecomix that Blue Coat technology was being used by the Syrian government to conduct surveillance. Following a release of more detailed log files as well as a more detailed report from our friends at Global Voices Advocacy, Mother Jones produced a detailed report, followed shortly by other publications. Prominent security expert Bruce Schneier then offered his take, stating: "Bet you anything that the Syrian Blue Coat products are registered, and that they receive all the normal code and filter updates."
Blue Coat is, like other American companies, restricted from directly exporting its technology to Syria due to export controls enacted by the US Departments of Commerce and Treasury. As a result, the news that the company's routers--which can be used to conduct surveillance and to censor websites--were being used in Syria prompted the US Department of State to conduct an investigation.
While at first Blue Coat denied knowledge of their products being used in Syria, the company flip-flopped in a report published Saturday in the Wall Street Journal, confirming that thirteen of its appliances shipped to Dubai last year ended up in Syria and are "transmitting automatic status messages back to the company [while censoring] the Syrian Web." Blue Coat senior vice president Steve Daheb told the Journal that the company "[doesn't] want our products to be used by the government of Syria or any other country embargoed by the United States."
In other words, Blue Coat is only concerned about breaking the law, not about helping in human rights violations. Depending on the program, criminal penalties for violating OFAC regulations can range from $50,000 to $10 million with imprisonment ranging from 10 to 30 years for "willful violations."
Given Blue Coat's early denials, we're skeptical that their violation wasn't willful. As Andrew McLaughlin put it in a tweet, "Shame on Blue Coat. Their denials re knowingly assisting Syria censorship don't ring true."
Blue Coat's blatant lack of concern for human rights is alarming. There are far more repressive regimes in the world than there are embargoed countries. Several United States allies, including Bahrain, Saudi Arabia, and Qatar, are also using Blue Coat systems for censorship and surveillance. But Blue Coat is surely unconcerned; after all, exporting to those countries isn't against the law; it just helps violate the human rights of the people living under those regimes.
Meanwhile, the list of Syrians detained for blogging or other online activities continues to grow.
As we wrote last week, we believe that voluntary standards such as the ones we've proposed, should be adopted by companies. But, if companies don't act in the interest of human rights, regulations don't seem very far off.
In June, we filed an amicus brief urging the Ninth Circuit Court of Appeals to reconsider the troubling decision of a three judge panel in United States v. Nosal, which ruled that employees commit a crime anytime they use a work computer for purposes that violate a company's computer use policy.
The Ninth Circuit's decision to revisit this case comes on the heels of a recent proposal introduced in the Senate Judiciary Committee to amend the CFAA to make clear that violating a website's terms of service or a company's computer use policy is not illegal under the CFAA. Hopefully this momentum will keep going and in the meantime, we'll continue to work to protect millions of ordinary computer users from a law never intended to apply this way.
As promised, here’s the first installment of our closer review of the massive piece of job-killing Internet regulation that is the Stop Online Piracy Act. We’ll start with how it could impact Twitter, Tumblr, and the next innovative social network, cloud computing, or web hosting service that some smart kid is designing in her garage right now.
Let’s make one thing clear from the get-go: despite all the talk about this bill being directed only toward “rogue” foreign sites, there is no question that it targets US companies as well. The bill sets up a system to punish sites allegedly “dedicated to the theft of US property.”How do you get that label?Doesn’t take much: Some portion of your site (evena single page) must
be directed toward the US, and either
allegedly “engage in, enable or facilitate” infringement or
allegedly be taking or have taken steps to “avoid confirming a high probability” of infringement.
If an IP rightsholder (vaguely defined – could be Justin Bieber worried about his publicity rights) thinks you meet the criteria and that it is in some way harmed, it can send a notice claiming as much to the payment processors (Visa, Mastercard, Paypal etc.) and ad services you rely on.
Once they get it, they have 5 days to choke off your financial support.Of course, the payment processors and ad networks won’t be able to fine-tune their response so that only the allegedly infringing portion of your site is affected, which means your whole site will be under assault.And, it makes no difference that no judge has found you guilty of anything or that the DMCA safe harbors would shelter your conduct if the matter ever went to court.Indeed, services that have been specifically found legal, like Rapidshare, could be economically strangled via SOPA. You can file a counter-notice, but you’ve only got 5 days to do it (good luck getting solid legal advice in time) and the payment processors and ad networks have no obligation to respect it in any event.That’s because there are vigilante provisions that grant them immunity for choking off a site if they have a “reasonable belief” that some portion of the site enables infringement.
At a minimum, this means that any service that hosts user generated content is going to be under enormous pressure to actively monitor and filter that content.That’s a huge burden, and worse for services that are just getting started – the YouTubes of tomorrow that are generating jobs today.And no matter what they do, we’re going to see a flurry of notices anyway – as we’ve learned from the DMCA takedown process, content owners are more than happy to send bogus complaints. What happened to Wikileaks via voluntary censorship will now be systematized and streamlined – as long as someone, somewhere, thinks they’ve got an IP right that’s being harmed.
In essence, Hollywood is tired of those pesky laws that help protect innovation, economic growth, and creativity rather than outmoded business models.So they are trying to rewrite the rules, regulate the Internet, and damn the consequences for the rest of us.
Watch this space for more analysis, but don’t wait to act. This bill cannot be fixed; it must be killed. The bill’s sponsors (and their corporate backers) want to push this thing through quickly, before ordinary citizens get wind of the harm it is going to cause.If you don’t want to let big media control the future of innovation and online expression, act now, and urge everyone you know to do the same.
Americans have a long history of using parodies and satire in their political and social debates. Whether it’s the Daily Show, the Onion, or books like The Wind Done Gone, humor and poking fun can have a powerful political impact and are plainly protected by law. So what’s with Justin Bieber trying to take down the website freebieber.org?
In case you missed this one: Fight For the Future is worried that some pending legislation commonly called the "illegal streaming bill" (which EFF is also concerned about) might impose criminal penalties for the types of public performances that Justin Bieber used to make his name - posting videos of himself doing cover songs. To raise public awareness about the bill, freebieber.org hilariously posts images of Justin Bieber where he looks like he’s in prison, although it’s obvious that these are just his very famous head superimposed on the bodies of actual prisoners. The website urges viewers to help set Justin Bieber free by opposing the law. The campaign has sparked renewed media interest in the bill, which had been largely under the public radar. Mission accomplished!
Apparently, Justin Bieber (or his lawyers) don’t think the campaign is funny. They issued a cease and desist letter, claiming the site violates Bieber's intellectual property rights – a tactic we’ve seen all too often. EFF jumped in to help and, as explained in more detail in a letter we sent back to Bieber’s lawyers today, explained that those claims hold no water. Freebieber.org makes an obviously transformative use of Bieber’s image and engages in political (aka core First Amendment) speech.
What’s a little unusual here is that Bieber is also complaining that the campaign violates his publicity rights. The right of publicity usually prohibits the unauthorized use of a person’s name, likeness, voice, or other identifiable characteristic for a commercial purposes. However, the law is clear that an individual’s right to control uses of his or her name and likeness must be weighed against important free speech rights. The First Amendment protects transformative uses (like the ones at freebieber.org), especially those that do not intrude on a celebrity’s market for her own identifiable characteristics. So it’s hard to believe that Bieber’s lawyers really think he can prohibit this lawful (and effective) use of his image. More likely they, like so many others, were just hoping to scare Fight for the Future out of exercising its free speech rights.
The kind of important political speech that is the core of the Free Bieber campaign deserves the most protection of all, and we are glad that the folks behind it are willing to stand up and defend their right to Free Justin Bieber – whether he likes it or not.
One of the most grave threats to free expression in many countries these days is the intimidation and persecution of bloggers and online journalists. The effects are often far-reaching as bloggers are scared into silence. While the Arab Spring has brought about many positive changes throughout the region, several Middle Eastern countries continue to take measures to silence bloggers. This issue is not, of course, limited to the Middle East. In Thailand, web editor Jiew still faces up to fifteen years in prison, while US-Thai citizen Joe Wichai Commart Gordon pleaded guilty on charges of lèse majesté--a charge that can result in a prison sentence of up to fifteen years--and faces sentencing on November 9. In Mexico, bloggers and online activists may face an even worse fate.
Blogger in UAE Boycotting Trial in Protest
Blogger Ahmed Mansoor was arrested in April after signing a petition calling for democratic reforms in the United Arab Emirates (UAE). According to Reporters Without Borders, more than ten police officers took part in Mansoor's arrest, seizing two laptops and several documents. Prior to Mansoor's arrest, he was the target of a smear campaign on social networks.
Mansoor, as well as four other democracy activists, has refused to appear in court following a closed-door hearing in September. All five men face charges of threatening state security, undermining public order and insulting the president, the vice president and the crown prince of Abu Dhabi. Reporters Without Borders has suggested that the trial is intentionally being dragged out over a period of several months in order to keep the four defendants in prison.
We join Reporters Without Borders in urging the judicial authorities to drop the charges against Mansoor--as well as activists Farhad Salem, Nasser bin Ghaith, Hassan Ali Al-Khamis and Ahmed Abdul Khaleq--and to respect the right to free expression.
Egyptian Blogger Faces Military Prosecutor
Egyptian blogger and activist, Alaa Abd El Fattah (photo by personaldemocracy, CC BY-SA 2.0)
Under the interim rule of Egypt's Supreme Council of Armed Forces (SCAF), free expression is apparently not a right. In August, we reported on the interrogation of Asmaa Mahfouz, and we have repeatedly called for the release of blogger Maikel Nabil Sanad. On Monday, we learned that Alaa Abd El Fattah, a well-known blogger and activist who was imprisoned in 2006 under the Mubarak regime, will face a military prosecutor on Sunday for unknown reasons. Abd El Fattah spoke Tuesday at the Silicon Valley Human Rights Conference and used his platform to draw attention to the extraordinary injustice taking place in Egypt, mentioning Sanad's case.
According toAl Masry Al Youm, a video blogger has claimed to have video evidence against Abd El Fattah that shows him throwing stones on October 9 and alleges that the blogger incited violence during the massacre of Coptic Christians that took place that day. In contrast, the newspaper states that it witnessed Abd El Fattah assisting the wounded following protests on October 9.
EFF has grave concerns about SCAF's use of military trials to silence speech. We will be following Abd El Fattah's case closely.
Syria Arrests Another Blogger
Syrian blogger Hussein Ghrer, missing since October 24, 2011
Syrians face not only the threat of arrest, but the additional threat of intimidation and hacking by the Syrian Electronic Army, a cabal of pro-regime hacktivists that has in recent months defaced the website of Harvard University and attacked numerous public figures on Facebook for their support of the Syrian opposition.
In addition to the Facebook campaign for Ghrer, activists have put together a blog (in Arabic), in which they call for Syrian authorities to disclose information about Ghrer and "release those detained in violation of the law and human rights."
As we stated previously, the intimidation and persecution of bloggers poses a grave threat to free expression globally.
In light of that fact, EFF is currently working on adding a new component to our international work highlighting these threats. Though there are already many excellent voices in this space--among them Reporters Without Borders, the Committee to Protect Journalists, and Global Voices' Threatened Voices project--as long as governments continue to threaten and persecute bloggers, the call for justice can never be too loud to garner attention to these gross violations of human rights.
This summer, decision-makers at Bay Area Rapid Transit (BART) garnered considerable criticism -- not to mention the ire of Anonymous and days of protests -- after they chose to shut down cell phone access to four BART stations in downtown San Francisco based on rumors of an upcoming protest. Now BART’s Board Directors has drafted a Cell Phone Interruption Policy, which they will consider at an upcoming meeting on October 27th.
EFF applauds the BART for taking the time to develop a policy whose intent is to clarify the circumstances under which BART may shut down cell phone communications, but the proposed policy, which was made public last week, raises some profound concerns about procedure and accountability that we believe should be directly addressed.
BART should not assert their right to shut down cell phone access without a court hearing of any kind. Free speech is a right granted by the Constitution, not BART.
BART should explicitly state that the 8/11 shutdown would violate the cell phone shutdown policy.
BART should clarify what it means by“strong evidence of imminent unlawful activity.” Who will review the evidence? Who decides if it is strong?
The draft policy acknowledges the existence of state and federal regulations. BART should explicitly acknowledge their applicability to cell phone shutdowns.
BART should include a method of ensuring transparency and accountability for future shutdowns. EFF suggests that in the event that BART considers a shutdown, it should make a written record of the Board’s discussions available to the public, to facilitate transparency and accountability after the fact.
We hope that the BART will incorporate this feedback into the final draft of their Cell Phone Interruption Policy, ensuring clarity and accountability in the cell phone shutdown process.
We've reported hereoften on efforts to ram through Congress legislation that would authorize massive interference with the Internet, all in the name of a fruitless quest to stamp out all infringement online. Today Representative Lamar Smith upped the ante, introducing legislation, called the Stop Online Piracy Act, or "SOPA," that would not only sabotage the domain name system but would also threaten to effectively eliminate the DMCA safe harbors that, while imperfect, have spurred much economic growth and online creativity.
As with its Senate-side evil sister, PROTECT-IP, SOPA would require service providers to “disappear” certain websites, endangering Internet security and sending a troubling message to the world: it’s okay to interfere with the Internet, even effectively blacklisting entire domains, as long as you do it in the name of IP enforcement. Of course blacklisting entire domains can mean turning off thousands of underlying websites that may have done nothing wrong. And in what has to be an ironic touch, the very first clause of SOPA states that it shall not be “construed to impose a prior restraint on free speech.” As if that little recitation could prevent the obvious constitutional problem in what the statute actually does.
But it gets worse. Under this bill, service providers (including hosting services) would be under new pressure to monitor and police their users’ activities. Websites that simply don’t do enough to police infringement (and it is not at all clear what would qualify as “enough”) are now under threat, even though the DMCA expressly does not require affirmative policing. It creates new enforcement tools against folks who dare to help users access sites that may have been “blacklisted,” even without any kind of court hearing. The bill also requires that search engines, payment providers (such as credit card companies and PayPal), and advertising services join in the fun in shutting down entire websites. In fact, the bill seems mainly aimed at creating an end-run around the DMCA safe harbors. Instead of complying with the DMCA, a copyright owner may now be able to use these new provisions to effectively shut down a site by cutting off access to its domain name, its search engine hits, its ads, and its other financing even if the safe harbors would apply.
And that’s only the beginning: we haven’t even started on the streaming provisions.
We’ll have more details on the bill in the next several days but suffice it to say, this is the worst piece of IP legislation we’ve seen in the last decade — and that’s saying something. This would be a good time to contact your Congressional representative and tell them to oppose this bill!
Ten years ago today, in the name of protecting national security and guarding against terrorism, President George W. Bush signed into law some of the most sweeping changes to search and surveillance law in modern American history. Unfortunately known as the USA PATRIOT Act, many of its provisions incorporate decidedly unpatriotic principles barred by the First and Fourth Amendments of the Constitution. Provisions of the PATRIOT Act have been used to target innocent Americans and are widely used in investigations that have nothing to do with national security.
Much of the PATRIOT Act was a wish list of changes to surveillance law that Congress had previously rejected because of civil liberties concerns. When reintroduced as the PATRIOT Act after September 11th, those changes -- and others -- passed with only limited congressional debate.
Just what sort of powers does the PATRIOT Act grant law enforcement when it comes to surveillance and sidestepping due process? Here are three provisions of the PATRIOT Act that were sold to the American public as necessary anti-terrorism measures, but are now used in ways that infringe on ordinary citizens’ rights:
1. SECTION 215 – “ANY TANGIBLE THING”
Under this provision, the FBI can obtain secret court orders for business records and other “tangible things” so long as the FBI says that the records are sought "for an authorized investigation . . . to protect against international terrorism or clandestine intelligence activities." The Foreign Intelligence Surveillance Court must issue the order if the FBI so certifies, even when there are no facts to back it up. These “things” can include basically anything—driver’s license records, hotel records, car-rental records, apartment-leasing records, credit card records, books, documents, Internet history, and more. Adding insult to injury, Section 215 orders come with a "gag " prohibiting the recipient from telling anyone, ever, that they received one.
As the New York Times reported, the government may now be using Section 215 orders to obtain “private information about people who have no link to a terrorism or espionage case.” The Justice Department has refused to disclose how they are interpreting the provision, but we do have some indication of how they are using Section 215. While not going into detail, Senator Mark Udall indicated the FBI believes it to allows them “unfettered” access to innocent Americans’ private data, like “a cellphone company’s phone records” in bulk form. The government’s use of these secret orders is sharply increasing -- from 21 orders in 2009 to 96 orders in 2010, an increase of over 400% -- and according to a brand new report from the Washington Post, 80% of those requests are for Internet records.
Today, EFF sued the Justice Department to turn over records related to the government’s secret interpretation and use of Section 215, regarding which Senator Ron Wyden, like Senator Udall, has offered ominous warnings: "When the American people find out about how their government has secretly interpreted the Patriot Act,” said Wyden on the Senate floor in May, “they are going to be stunned and they are going to be angry.”
2. NATIONAL SECURITY LETTERS
Among the most used -- and outright frightening -- provisions in the PATRIOT Act are those that enhanced so-called National Security Letters (NSLs). The FBI can issue NSLs itself, without a court order, and demand a variety of records, from phone records to bank account information to Internet activity. As with 215 orders, recipients are gagged from revealing the orders to anyone.
While NSLs existed prior to 2001, they were infrequently used. The PATRIOT Act lowered the standard making it easier for the FBI to use NSLs to obtain the records of innocent people with no direct link to terrorists or spies, and their use skyrocketed. According to the ACLU’s report on PATRIOT Act abuses, there were 8,500 NSLs issued in 2000 but approximately 192,000 issued between 2003-2006. All of these NSL’s led to one terror conviction, and in that case, the NSL wasn’t even needed.
Not surprisingly, EFF FOIA requests have found abuse of their NSL authority: “mistakes” that led to getting information on the wrong people, ISPs handing over extra or wrong information, and dozens of “exigent letters” that “circumvented the law and violated FBI guidelines and policies.” EFF has successfully challenged the NSL gag orders in multiple cases as unconstitutional under the First Amendment, but the overall scheme still survives to this day.
3. SNEAK AND PEEK WARRANTS
Section 213 of the PATRIOT Act normalized “sneak-and-peek” warrants. These allow law enforcement to raid a suspect’s house without notifying the recipient of the seizure for months. These orders usually don't authorize the government to actually seize any property — but that won't stop them from poking around your computers. Again, sneak-and-peek warrants could be used for any investigation, even if the crime was only a misdemeanor.
From 2006-2009, sneak-and-peek warrants were used a total of 1,755 times. Only fifteen of those cases—a microscopic 0.8%—involved terrorism. The rest were used in cases involving drugs or fraud.
After ten years, it’s crystal clear that the “emergency” measure sold as a necessary step in the fight against terrorism is being used routinely to violate the privacy of regular people in non-terrorism cases, threatening the Constitutional rights of every one of us. And after ten years, EFF is even more dedicated to fighting against PATRIOT overreach, both in Congress and the courts. Help us in that fight by becoming an EFF member, so that we can work together in making the next ten years better for civil liberties than the last.