Proponents of the misguided Internet blacklist legislation — the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA) — downplay the idea that the overbroad bills could be used for censorship. But one only needs to look at the way existing copyright laws have been abused to know there’s serious cause for concern.
From shocking examples of government censorship without due process through domain name seizure, as we've seen with both Rojadirecta and now with the yearlong saga of Dajaz1.org (which we address in the second post in this series), to bogus DMCA takedowns and actual litigation, the message is clear: the government and corporations have no problem abusing legal process to threaten or shut down legitimate speech.
In fact, many companies abuse the current system as part of their business model.
Consider the case of Medical Justice, a service that provides doctors with contracts for patients to give up the copyright to any future reviews the patient may write about the doctor. If an unhappy patient posts a negative review on sites like Yelp, the doctor can serve a DMCA notice for copyright infringement and have the post removed.
Even assuming the doctor actually gained a legitimate claim on the patients’ review, posting negative reviews would, of course, be a classic case of fair use. But the real problem is that this scheme impinges upon core First Amendment protected speech. As EFF has repeatedly documented, this tactic still works because many websites will take down material after receving a notice regardless of fair use to avoid being dragged into expensive litigation. For them, sometimes the fight for free speech isn’t worth draining money out of their business.
But Medical Justice’s program may well be coming to an end. Last week, one frustrated patient took the issue to court, after an overzealous dentist demanded removal of a negative review based on her Medical Justice contract, and even demanded the patient pay $100 for each day day the negative review was posted. After a slew of negative publicity, Medical Justice stated it would retire these specific types of agreements.
Like this patient, a few companies, like Yelp, push back against bogus DMCA notices. But SOPA will make that fight much harder. Instead of going directly to websites, the notices go to the target’s advertisers and then a five day countdown starts. After five days, the advertisers could cut off services to the entire website —for one violation. And the advertisers won’t even have to check if these notices are valid. In fact, under the proposed laws, they are immune from punishment if they cut off a website that wasn’t infringing as long as they were given notice by the copyright holder.
The legislation is also unclear on how and when during these five days the advertising network will notify the site accused of infringement of the notice; there simply is no procedure specified. If the advertiser notifies the site on the fourth day, they would only have one day to respond. Inevitably, in some cases it will be too late, and even a completely innocent site could have to deal with a sudden loss of revenue. And what if the advertiser doesn’t notify the website at all before cutting off its services? Nothing, according to the bills.
If that's not problem enough, consider that the notorious copyright troll Righthaven, now on the verge of bankruptcy, may see a second life if SOPA passes. Currently, when Righthaven pursues copyright claims for online content, it also seeks a domain name seizure, a remedy not allowed by law. In one egregious example, Righthaven tried to seize the domain name of Drudge Report, one of the most visited sites on the Internet — all for posting a link and a thumbnail image taken from a news site. Most news sites would be ecstatic for a link from Drudge because of the traffic it drives, and courts have decided that the posting of thumbnails is protected fair use. But that didn’t stop Righthaven. They sought monetary damages and wanted the domain name that was reportedly worth over $10 million.
And these stories of abuse aren’t just on the fringe: even major players have gotten in on the game. Warner Bros. Records recently admitted in court to systematically sending out DMCA takedown notices for files they never examined or owned the copyright to. The EFF has been involved in litigation for years over a takedown notice Universal Music Group filed for a 29 second video of a dancing toddler. What if a record label uses its automated tools to send out thousands of copyright notices to advertisers under SOPA? There is nothing to stop them from targeting up-and-coming competitors or websites with legitimate fair use claims. The procedure not only bypasses any sort of meaningful due process by giving payment processors and ad networks the final say, but it also creates incentives for those revenue partners to judge in favor of the rights holder every time.
Supporters of SOPA and PIPA say those bills are only supposed to stop legitimate copyright infringement. But the blacklist bills give much more speech-silencing power to those who are already willing to exploit provisions in the current laws. When you give these awesome powers to content companies — who already admit their tactics are overbroad — you're giving it to Medical Justice and Righthaven, whose very existence depends on taking advantage of the unintended consequences of copyright laws.
Update 12/09/2012: We are proud to announce a new $10,000 matching grant from Blake Krikorian to Power Up donations, starting at 6:30AM today. Thank you to everyone who helped us fly by our first two goals and surpass $40,000 in 12 hours!
Update 12/08/2012: Thanks to such strong support, EFF members helped us surpass the first $10,000 goal in less than 6 hours! Nancy Blachman and David desJardins have powered back up our 4x Power Up Campaign with a new $10,000 matching grant, starting at 12PM.
Not a member yet? Become one here in the next 140 hours and you can help us quadruple the value of your donation! Challenge grants will match up to a total of $10,000 in new member donations between now and Monday.
Every dollar you give will provide four dollars to help EFF! The Parker Family Foundation will match up to a total of $10,000 in new donations, and the Brin Wojcicki Foundation will match both donations as part of their $500k EFF on Mission challenge grant.
EFF would like to extend our heartfelt thanks to the following donors who have made the Power Up Challenge possible:
Brin Wojcicki Foundation
Parker Family Foundation
Nancy Blachman and David desJardins
Would you like to be our next challenge donor? If you're able to give $10,000 or more towards the Power Up Challenge before it ends on Monday, December 12th at 10AM, then please contact us at firstname.lastname@example.org.
The Indian Telecommunications Minister met on Monday afternoon with top officials of Internet companies and social media sites, including the Indian units of Facebook, Google, Microsoft, and Yahoo, to compel them to filter offensive content. The New York Times reportedthat Minister Kapil Sibal met with executives to discuss the possibility for their companies to create internal mechanisms that would prevent any comments the state deemed “disparaging, inflammatory or defamatory” towards political and religious figures.
The companies ultimately told Sibal that it would be impossible to put this in place, especially given the massive amount of data that they would have to oversee. In response to the companies’ position, Sibal declared that they would take policy measures to enact their strategy, though he wasn’t specific on what form this law would take. According to the New York Times, state officials there have already plans “to set up its own unit to monitor information posted on Web sites and social media sites.”
This was a follow-up to two previous meetings. In the first, six weeks ago, legal counsel from Facebook and top Internet service providers met with Sibal to address his concerns over a Facebook page that criticized Sonia Gandhi, president of the Congress Party. Sibal made clear in a second meeting in November that he expected the companies to create human-based, not technological, mechanisms to prescreen and block all “objectionable” material. Despite these repeated meetings and the Minister’s wish to see companies create voluntary systems to block content, the companies remained insistent they do not want to be responsible for deciding what content is appropriate or not appropriate for the Internet.
It is unclear whether the state will cite existing laws in order to legitimize these plans for blocking content. In the past decade, the Indian Parliament adopted the Information Technology Act (ITA) and subsequent amendments, as well as other administrative regulations called the Information Technology Rules (ITR) in order to enact stiffer policies to uphold copyright law in India. It is possible that these laws are used to monitor and block content with little or no oversight.
The Center for Internet and Society (CIS) has monitored content removal requests from the Indian state, comparing the Indian Department of Information (DIT) reports with Google’s transparency reports. They found that there was a big difference in the treatment of blocking versus content removal, as well as the much larger number of content removal requests as compared to blocking.This may indicate that while the ITA regulates blocking, it does not cover the forcible removal of content. CIS concludes from their analysis that “the DIT is not providing us all the relevant information on blocking, or is not following the law.”
While Indian authorities were not able to urge companies to create content blocking mechanisms, it is very possible that they may begin to legitimize their plans under the guise of copyright enforcement. It is currently unclear whether they have the legal mechanisms in place to legally censor content online in the name of political or religious defamation. As we have seen all over the world however, they may simply re-appropriate these existing laws in order to roll forward with their plans to censor Indian citizens at will.
For ongoing Twitter updates on the story, follow the hashtag #KapilSibal
Last September, in a case initiated by the Belgian Anti-Piracy Federation (BAF), an Antwerp Court of Appeals ordered two major fixed broadband providers (Telenet and Belgacom) to block access to the Pirate Bay at the DNS level. In November, the BAF sent a letter to other Belgian ISPs, threatening legal action unless they also blocked access to the Pirate Bay.
Earlier this week, a Belgian Internet watchdog group (NURPA) reported that one of the three major mobile Internet providers in Belgium, Base, complied with the letter and voluntarily started blocking access to the Pirate Bay.1 Base denies these reports, but users who try to access the Pirate Bay are served a "stop page" with the following text, in Dutch, French, German, and English: "You have been redirected to this stop page because the website you are trying to visit offers content that is considered illegal according to Belgian legislation." The only way offered for the owner or administrator of the website to object is via fax.
This worrisome trend of voluntary blocking (not exclusive to Belgium) seems to be in sharp contrast with the more recent (November 24th) Scarlet v. Sabam decision by the European Court of Justice (ECJ). In this case — which originated in Belgium — the Court ruled that requiring ISPs to filter traffic over their network violates users’ privacy and their freedom to receive and impart information. Although the ECJ had not issued a final judgment at the time the Belgian case was decided, the Advocate General had already released an opinion.
The Belgian judge, though, deemed the case before the ECJ irrelevant, making a distinction between filtering and blocking. These two types of censorship often appear identical to the end user, but the court argued that they are different technically and legally. Filtering implies the monitoring of traffic in order to remove specific content. Blocking, on the other hand, would only require indiscriminately restricting access to a given domain. The Belgian (Pirate Bay) case concerned (DNS) blocking, whereas the European case concerned filtering. According to the Belgian judge, DNS blocking would not constrain fundamental liberties. But while blocking does not raise as many privacy concerns as filtering does, all other concerns remain very relevant. Without even going in to the dangers of interfering in such an essential component of the Internet, (DNS) blocking access to a website as a whole violates individual freedom to impart and receive information. It also ignores the fact that copyright is not an absolute right and is subject to important exceptions.
The ruling by the Antwerp court and the voluntary decision by mobile Internet provider Base clearly demonstrate the one-sidedness of the debate. Neither end-users nor civil society are consulted, and ISPs simply do not have the proper incentives to protect consumer’s rights. The economic impact of erasing a domain name in their database is negligible compared to having to filter all Internet traffic over their network. Especially when other ISPs are doing the same thing, it might make more sense to comply with right-holders breathing down your neck instead of respecting civil rights. At the moment, it is still unclear what impact the Scarlet v. Sabam case will have, but if we want to maintain a free and open Internet, we have to put important safeguards into place.
Clicking “like” on Facebook in Thailand can potentially land you in prison.The Thai Minister of Information and Communication Technology declared last Tuesdaythat they will begin charging Facebook users for “liking” or sharing content that could be deemed offensive to the Thai throne, the sentence for which could run anywhere between three to 15 years in prison.Thailand has strict lèse-majesté laws that imprison individuals for criticizing or speaking ill of the throne to any extent.Since Thailand’s Computer Crime Act was enacted in 2007,1 Internet intermediaries have also come under fire for being responsible for hosting said offensive material.The Act gives authorities the ability to block so-called “harmful” websites and charge owners of these intermediary spaces for simply hosting the content. Not only are the provisions of this law dangerously vague, it allows authorities to enact harsh penalties to anyone who engages in online political debate.
The Thai government is making extensive use of this Act, going after Thai netizens that they accuse of speaking ill of the King and the regime.Human rights groups say nearly 300 people have been charged with lèse-majesté offenses since 2006.Just last week, a 61-year old retired truck driver battling mouth cancer was sentenced to 20 years in jail for sending text messages with supposed offensive content.
We reiterate that the charges against these individuals are not only gross violations of free speech and privacy rights, they are effectively impairing their society both economically and socially. The Thai state needs to recognize that they are playing with quicksand by enacting such strict, antiquated laws to enforce state nationalism.
This fall, 63 Bahraini students were expelled from school for “participating in unlicensed gatherings and marches,” the evidence of which was pulled from their Facebook accounts which they reportedly used to organize pro-democracy protests in February.Bahrain Polytechnic is a government-owned tertiary school that was created by a Royal Decree 2008.After the protests, the school required the students to sign a code of conduct asserting political activities needed to be kept off campus to ensure it remained a “neutral” and “safe” space.
The Ministry of Education’s investigation lasted four weeks, during which state investigators showed students paper records of their online activities on Facebook.The supposed offenses ranged from peacefully demonstrating at the protests at Pearl Roundabout to “liking” a page on Facebook.One Australian tutor at the school who happened to live right next to the protests was fired for filming the protests and sharing them on Youtube.They terminated the teacher’s contract for supposedly supporting pro-democracy protests.
Bahrain arrested several bloggers and social media users earlier this year, and even blocked access to individual Twitter accounts in early 2010.EFF joins Human Rights Watch in condemning the Bahraini Ministry of Education for targeting students, faculty, and staff for expressing their personal political beliefs.
Good news finally arrives from Vietnam this week, as a Vietnamese court reduced the jail sentence of blogger and human rights activist Professor Pham Minh Hoang from three years to 17 months.He’ll be released from jail in January 2012, followed by the 3 years of house arrest he was originally sentenced with in August of this year.As we reported last August, Hanoi authorities arrested Professor Huang and accused him of damaging their country’s image, and a judge ruled that Hoang had been involved in activities to overthrow the government.Professor Hoang had written 33 articles on his blog under the pseudonym Phan Kien Quoc, writing about various social and political issues in his country, including advocating the need for his country to stop attacking the right to freedom of expression and uphold human rights in their country.
There has been a recent wave of excessive jail sentences given to those criticizing the Vietnamese Communist regime. His sentence was light compared to others however, both because he is dual citizen with France, and because he admitted that although he was a member to Viet Tan, he was not acting under the instruction of the banned pro-democracy group, which the state considers to be a terrorist organization.Vietnam continues to violate its obligations as a signatory to the International Covenant on Civil and Political Rights, and even fails to follow its own constitutional articles guaranteeing freedom of expression and freedom of association.
In November, EFF joined human rights and digital freedom organizations in sending a joint letter to the Director General of Vietnam’s Ministry of Foreign Affairs denouncing the Vietnamese government’s imprisonment of bloggers.We urged them to recognize Pham Minh Hoang's human rights to freedom of expression and release him. We are heartened that this reduced sentence brings him several months closer to freedom.
The British government published its new "cyber-security" strategy this week, which includes the use of bans on social networks such as Facebook and Twitter for those who have been accused of misusing the Internet for criminal means.
Even more alarming, the strategy includes a plan to introduce surveillance technology that could be used to inform the authorities when banned users are breaking the bail or sentencing conditions that have been set on their Internet use:
4.28 In addition, the Ministry of Justice and the Home Office will consider and scope the development of a new way of enforcing these orders, using ‘cyber-tags’ which are triggered by the offender breaching the conditions that have been put on their Internet use, and which will automatically inform the police or probation service. If the approach shows promise we will look at expanding cyber-sanctions to a wider group of offenders.
Prime Minister David Cameron's position on Internet freedom has been staggeringly inconsistent. On one hand, he has publicly pledged his commitment to a free and open Internet, saying "Governments mustn't use cyber security as an excuse for censorship." On the other, he has called on his government to explore the possiblility of shutting off access to social media in case of civil unrest. The proposed ban on social media use sounds like just another method of trying to achieve the kind of Internet censorship Cameron called for in the wake of the London riots.
More good news from Area SpA, an Italian company that had been helping to build an Internet surveillance system in Syria. The company has reportedly pulled out of the project. Area SpA's involvement first came to light as the result of a Bloomberg investigative report which found that the company had contracted with Syrian intelligence agents to develop an Internet surveillance system "with the power to intercept, scan and catalog virtually every e-mail that flows through the country." The Italian company has come under pressure from human rights groups to end their involvement in the project. We're glad to see that the pressure has worked.
Syria's existing Internet surveillance systems, which include hardware from Silicon Valley-based Blue Coat, have aided President Bashar al-Assad's regime in his crackdown on protest. More than 100 Syrians have died in detention, and information gathered through Area SpA's Internet surveillance system would have been used against people being detained and tortured, according to Nadim Houry, senior Human Rights Watch researcher for the Middle East and North Africa.
An official statement from Area SpA claims that the system they had been contracted to work on was never completed, had never been operational, and as a result, could not have contributed to any repressive actions.
Last of all, more evidence has come to light indicating that Blue Coat's Internet surveillance tools are being used in Myanmar/Burma. Citizen Labs' original report, which described the use of Blue Coat devices in Syria and Myanmar, prompted an investigation by the U.S. Department of Commerce to determine if the company had prior knowledge that its equipment was being used by the Syrian government. The additional evidence gathered by Citizen Lab provides further confirmation that Blue Coat devices are currently being used in Myanamar. A message displayed by Burmese ISP Yatanarpon Teleport references Blue Coat in the URL and is consistent with the way that Blue Coat devices display notifications to users. Combined with the evidence presented in the report, these findings present a strong case that Blue Coat devices are actively being used in Myanmar.
Myanmar, which is governed by a military junta, is on a list of countries with which the U.S. government carefully resticts trade, but it is unclear if the sale of Blue Coat devices to Myanmar breaches these restrictions. Internet access is Myanmar is heavily censored. During a violent crackdown on protest in 2007, Myanmar became the first country to shut off its Internet entirely. Strong evidence that Blue Coat devices are in use in Myanmar is the first step in holding the Silicon Valley-based company accountable for contributing to Internet surveillance and political repression.
1. An unofficial English translation of the law can be found here: http://www.prachatai.com/english/node/117
The Association of American Publishers and the Recording Industry Association of America have decided to cozy up to a copyright troll, filing an amicus brief in the Ninth Circuit appeal of Righthaven v. Hoehn. The Hoehn case is one of many decisions where a district court dismissed the case brought by copyright troll Righthaven. Indeed, Righthaven has lost on the merits every single time a court has considered its arguments (before six judges and counting). In Hoehn, the court correctly found both that Righthaven did not own the Las Vegas Review-Journal news article at issue and that his use was a fair use under copyright law.
The AAP and RIAA do not weigh in on Righthaven's sham copyright assignment from Stephens Media, the publisher of the Review-Journal. Rather, they devote their brief to civil proceedure, arguing it was error for the court to even consider whether the use was fair. They assert that the problem was "relying upon Righthaven ... to rebut the defendant's assertions" on market harm, instead of relying on Stephens Media, the true owner.
This conclusion is a bit dubious. In another Righthaven troll case, EFF represents Democratic Underground, who counterclaimed for declaratory relief against Stephens Media, the publisher of the Review-Journal articles. Faced with our Motion for Summary Judgment on fair use, Stephens Media conceded that the use was fair.
In Hoehn, Democratic Underground, and other Righthaven cases, the use was a non-infringing fair use under the copyright law. That conclusion stems not from who argues, but from the Copyright Act and the caselaw that allow for certain uses without authorization of the copyright owner. The AAP and RIAA are upset not becasue the court failed to follow their view of civil procedure, but becasue they want to take a good fair use case—what they call a "disturbing precedent"—off the books.
Yesterday, EFF asked the U.S. Copyright Office to grant an exemption to the Digital Millennium Copyright Act for “jailbreaking” smart phones, tablets, and video game consoles. The exemptions are designed to dispel any legal clouds that might prevent users from running applications and operating systems that aren’t approved by the device manufacturer. The exemptions stem from section 1201 of the DMCA, which prohibits circumvention of “a technological measure that effectively controls access to a work protected under this title.”
In 2009, over strident opposition from Apple, EFF won an exemption from the Copyright Office for users who wish to jailbreak iPhones and other smartphones. Due in part to this ruling, a vibrant jailbreaking community has developed online that has immeasurably improved innovation, security, and privacy in these devices.
So why might Apple and other manufacturers still oppose the process? That’s a great question. When Apple first fought one's legal ability to jailbreak, they claimed it would cut into their business model and ruin their ability to make money. But Apple profits are at an all-time high by every relevant metric.
In fact, rather than hurting companies like Apple, the jailbreaking community often ends up helping them, as Apple and other manufacturers later adopt many features they rejected at first. Let’s take a look back at all the benefits jailbreaking has brought both manufacturers and users of smartphones, and why they should be expanded to tablets and video game consoles like the PlayStation 3, Nintendo Wii, and Xbox 360.
By all accounts, the jailbreaking community has greatly improved smartphone usability. For example, the community developed applications—first rejected by Apple—that allowed older versions of the iPhone to record video. Jailbreakers were also the first to successfully configure keyboards to wirelessly connect with the smartphone. Apple later adopted both of these features.
Security fixes developed by the jailbreaking community protect smartphone users when the manufacturer is slow to fix vulnerabilities or doesn’t fix them at all.
When a security flaw was discovered when iPhone’s web browser opened PDF files, Apple was slow to patch it. Users who didn’t want to wait for the manufacturer to fix the problem had a better way to protect themselves: jailbreak their phones to install an “unauthorized” patch created by an independent developer.
But the 2011 DigiNotar debacle is the clearest example of why jailbreaking is so vital. Until recently, DigiNotar was a certificate authority—an organization that issues digital certificates used to authenticate and secure communications between various services online, such as credit card transactions. But in September, it was hacked and started issuing fraudulent certificates, allowing malicious users to compromise devices and services. Early versions of Android didn’t update automatically, leaving users with older operating systems no recourse except to jailbreak their phones so they could protect themselves.
In an era of increased worries about privacy on mobile devices, the jailbreaking community has also been vital in securing users’ privacy when manufacturers won’t.
Jailbreakers were the first to introduce an unauthorized app on the iPhone that hid text messages from automatically appearing on the front screen for anyone to see who was nearby. Jailbreakers were also responsible for introducing a patch that prevented Apple's unauthorized logging of detailed location data on iPhones. Similarly, on the Android, an unauthorized application called LBE Privacy Guard allows for personal research and monitoring of sensitive data that third-party applications may try to access. But these privacy-protective applications are only available to users who jailbreak their devices.
The popularity of tablets has exploded over the past few years, and EFF wants users of devices such as the iPad and NOOK to have the same benefits as smartphone users have enjoyed for the past three years.
But that’s not all. We are also applying for an exemption for video game consoles.
Video Game Consoles
Manufacturers of video game consoles like the PlayStation 3, Xbox, and Nintendo Wii also limit users’ operating system and software options, even when there is no evidence that other programs will infringe copyright. Our exemption would allow users to run the operating system of their choice on their consoles, as well as “homebrew” applications.
Video game consoles have powerful computer processors that can allow a user to run them as an inexpensive alternative to a desktop. Researchers, and even the U.S. military, turned clusters of PS3s into powerful supercomputers back when Sony supported the installation of alternative operating systems. But Sony axed that option with a 2010 firmware update, and PS3s can no longer run Linux without being jailbroken. Indeed, earlier this year Sony went so far as to sue several researchers for publishing information about security holes that would let people install and run Linux on their own PS3s. We hope the exemption we’re seeking will clarify that people can run the operating system and applications of their choice on their own boxes.
EFF implores Apple, Sony, and others to support these exceptions to the DMCA to improve user experience and keep their users’ information private and secure.
Two weeks ago, the New York Times published a letter to the editor from Christopher Wolf, who leads the Internet Task Force of the Anti-Defamation League, in which he suggested:
It is time to consider Facebook’s real-name policy as an Internet norm because online identification demonstrably leads to accountability and promotes civility.
People who are able to post anonymously (or pseudonymously) are far more likely to say awful things, sometimes with awful consequences, such as the suicides of cyberbullied young people. The abuse extends to hate-filled and inflammatory comments appended to the online versions of newspaper articles — comments that hijack legitimate discussions of current events and discourage people from participating.
The New York Times invited readers to pen replies to Wolf's letter. The paper published several excellent, on-point replies, but did not publish EFF's. So, we decided to publish it here instead:
Opponents of online anonymity often repeat the platitude that “real name” identification promotes civility. While that may be true, it is often at the expense of free expression. Not only does anonymity enable dissidents in oppressive regimes, but it also helps the small-town kid experimenting with his sexuality or the abuse survivor starting a new life.
Internet intermediaries offer tools that allow users to maintain civility without sacrificing anonymity. On social networks, users can moderate offensive comments or block users who are harassing them. Newspapers can institute systems for flagging inappropriate comments.
Concerns about cyber-bullying and other online crimes shouldn’t be dismissed, but law enforcement already has tools to identify anonymous criminals.
Christopher Wolf makes many claims about the negative effects of anonymous speech, but the truth is that not one of them is backed up by research. We should not be willing to sacrifice free expression for the possibility of civility, especially not when there are more effective alternatives.
We are happy to see dialogue on this topic on the New York Times. Newspapers have been engaged in an ongoing struggle to manage commentary on their websites. This week, USA Today announced that they would require a Facebook login in order to comment on their stories, while the New York Times announced changes to their comment system that would allow "trusted commenters" who had a track record of good behavior to post immediately, without having their commenty reviewed by a moderator. We look forward to seeing how these experiments play out.