As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2011 and discussing where we are in the fight for a free expression, innovation, fair use, and privacy.
The Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) are the House and Senate version of a proposed law that would allow the U.S. Attorney General to create blacklists of websites to censor, cut off from funding, or remove from search engine indexes. Although the current bills are reworked versions of legislation proposed in 2010 (the Combating Online Infringement and Counterfeits Act, or COICA), 2011 has been a true milestone in the fight against them.
A manager’s amendment introduced in December, just days before the scheduled markup, patched over some of the most egregious problems, but didn’t go far enough. Though some members of the Committee — including Chairman Lamar Smith, who also wrote the bill — seemed bent on pushing SOPA through, ultimately the concerns from the public proved overwhelming. In response to a motion for more expert testimony, Chairman Smith suspended the markup.
Some of the opponents of the bill in Congress, including Senator Wyden and Representative Darrell Issa, have put together an alternate proposal, called the Open Act. This bill, though not perfect, represents a major improvement over the blacklist bills. Better, the sponsors encourage public feedback and commentary from interested parties — a far cry from the secretive drafting process of SOPA and PIPA.
Senator Harry Reid has promised to bring PIPA back to the floor of the Senate when they resume in January, and Senator Wyden has threatened to filibuster the bill, and will read the names of Americans who oppose it. SOPA is likely to return to markup in late January.
In the meantime, Senators and Representatives need to hear your voice speaking out against this bill. If you haven’t yet, take our action alert now to e-mail your blacklist bill opposition to your legislators. We’ve also provided a toolkit for activism with more suggestions of actions you can take against the bills. In 2012, we could finally defeat these disastrous bills, and let the government know that we won’t tolerate Internet censors
"Israeli spy gear sent to Iran via Denmark," reads the headline from Israeli paper YNet News. Today, yet another breaking story of a high-tech company selling spyware to an authoritarian regime emerged. As a detailed report by Bloomberg News' Ben Elgin--who has made a name for himself this year reporting on the surveillance industrial complex--explains, Israeli company Allot Communications Ltd. clandestinely sold its product NetEnforcer to Iran by way of Denmark.
Although one report, from Israeli news site Haaretz, claims that NetEnforcer can be used to conduct deep packet inspection, the company denies this, stating that "[NetEnforcer] is not designed for intrusive surveillance purposes. Its intent is to optimize internet traffic for Enterprises and Internet service providers by identifying and prioritizing applications. Our equipment lacks any capability to analyze or extract knowledge on the actual content of internet traffic." Nevertheless, NetEnforcer can be used to track, block, and filter various types of applications. It can also be used for URL redirection.
Israeli companies are prohibited from all types of transactions with Iran. According to Bloomberg, three former sales employees for Allot claim that "it was well known inside the company that the equipment was headed for Iran." According toThe Marker (a publication of Haaretz) [he], if that can be proven to a judge in an Israeli court, the company could face up to seven years in prison, as well as a fine of up to six million NIS.
The Allot case is reminiscent of that of American company BlueCoat, which earlier this year was found to have sold to Syria via a third country. Like Allot, BlueCoat could be found liable for the sale if it was made knowingly, due to regulations placed on the sale of certain technology to Syria under the US Department of Treasury's Office of Foreign Assets Control. In both cases, bans on trade failed, bringing into question the effectiveness of existing regulations.
Companies selling spyware to foreign regimes have long relied on the "get out of jail free" card of claiming they were unaware of their company's customers. This is no longer acceptable. Companies must know their customer and must be held responsible for their actions.
As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2011 and discussing where we are in the fight for a free expression, innovation, fair use, and privacy.
The government has been using its secrecy system in absurd ways for decades, but 2011 was particularly egregious. Here are a few examples:
Government report concludes the government classified 77 million documents in 2010, a 40% increase on the year before. The number of people with security clearances exceeded 4.2. million, more people than the city of Los Angeles.
Government tells Air Force families, including their kids, it’s illegal to read WikiLeaks. The month before, the Air Force barred its service members fighting abroad from reading the New York Times—the country’s Paper of Record.
Lawyers for Guantanamo detainees were barred from reading the WikiLeaks Guantanamo files, despite their contents being plastered on the front page of the New York Times.
President Obama refuses to say the words “drone” or “C.I.A” despite the C.I.A. drone program being on the front pages of the nation’s newspapers every day.
CIA refuses to release even a single passage from its center studying global warming, claiming it would damage national security. As Secrecy News' Steven Aftergood said, “That’s a familiar song, and it became tiresome long ago.”
The CIA demands former FBI agent Ali Soufan censor his book criticizing the CIA’s post 9/11 interrogation tactics of terrorism suspects. Much of the material, according to the New York Times, “has previously been disclosed in open Congressional hearings, the report of the national commission on 9/11 and even the 2007 memoir of George J. Tenet, the former C.I.A. director.”
Department of Homeland Security has become so bloated with secrecy that even the “office's budget, including how many employees and contractors it has, is classified,” according to the Center for Investigative reporting. Yet their intelligence reports “produce almost nothing you can’t find on Google,” said a former undersecretary.
Headline from the Wall Street Journal in September: “Anonymous US officials push open government.”
NSA declassified a 200 year old report which they said demonstrated its “commitment to meeting the requirements” of President Obama’s transparency agenda. Unfortunately, the document “had not met the government's own standards for classification in the first place,” according to J. William Leonard, former classification czar.
Government finally declassifies the Pentagon Papers 40 years after they appeared on the front page of the New York Times and were published by the House’s Armed Services Committee.
Secrecy expert Steve Aftergood concludes after two years “An Obama Administration initiative to curb overclassification of national security information… has produced no known results to date.”
President Obama accepts a transparency award…behind closed doors.
Government attorneys insist in court they can censor a book which was already published and freely available online.
Department of Justice refuses to release its interpretation of section 215 of the Patriot Act, a public law.
U.S. refuses to release its legal justification for killing an American citizen abroad without a trial, despite announcing the killing in a press conference.
U.S. won’t declassify legal opinion on 2001’s illegal warrantless wiretapping program.
National Archive announced it was working on declassifying “a backlog of nearly 400 million pages of material that should have been declassified a long time ago.”
The CIA refused to declassify Open Source Works, “which is the CIA’s in-house open source analysis component, is devoted to intelligence analysis of unclassified, open source information” according to Steve Aftergood.
The ACLU sued asking the State Department to declassify 23 cables out of the more than 250,000 released by WikiLeaks. After more than a year, the government withheld 12 in their entirety. You can see the other 11, heavily redacted, next to the unredacted copies on the ACLU website.
The ACLU said it sued the State Department in part to show the "absurdity of the US secrecy regime." Mission accomplished.
As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2011 and discussing where we are in the fight for a free expression, innovation, fair use, and privacy. From WikiLeaks to the Arab Spring, from fighting the Internet blacklist legislation to exciting wins for reader privacy, 2011 has been a watershed year for digital rights.
We'll be posting new articles regularly over the next week in the lead-up to 2012, and culminating our series with a call to action to Internet users everywhere for the coming year. You can follow our series by subscribing to EFF on Twitter, identi.ca, Facebook, or by checking back to this page. We’ll be listing the articles below.
The United States Government is taking its stance pressuring the European Union to weaken its new strengtened data protection bill. The European Union has a history of strong data protection standards, emboldened by the European Charter’s explicit provisions upholding data protection as a fundamental right. European Digital Rights (EDRi) revealed today awidespreadU.S. lobbying effort against the November 29thleakedversion of the legislative proposal for a Data Protection Regulation (DPR). DPR will repeal the existingEUDataProtectionDirective, which details regulations regarding personal data processing within the European Union, and is due for official release on January, 25th 2012.
The U.S. lobbying efforts include phone calls and correspondence from senior figures in the U.S. Department of Commerce to top-level staff at the European Commission regarding a broad range of topics. An "informal note" was circulated, articulating U.S. concerns about DPR, which complained that the draft proposal “will break with international standards” and could “undermine” global interoperability between different privacy “regimes” around the world.
Some of the U.S. criticisms are fair. For instance, under the First Amendment, older minors possess greater rights than pre-adolescents, and should not be treated the same way. Similarly, the “right to be forgotten” creates free expression tensions; to its credit, the EU draft proposal appears to provide exceptions for free speech. The U.S. position on interoperability, however, is of concern.
The U.S. - EU Safe Harbor Framework was cited as an example of a bilateral interoperability program. The Framework is an agreement between the European Commission and the United States Department of Commerce, whereby companies can join the Safe Harbor to demonstrate--in theory--compliance with the strong protection afforded by the EU Data Protection Directive.1 The framework was widely criticized in 2002, 2004, and 2008 for its lack of effectiveness to protect privacy. For many, the Safe Harbor represents a weak compromise between the comprehensive legislative model selected by the European Union, versus the self–regulatory model adopted by the U.S. which fails to meaningfully protect privacy (Read here, here and here to learn more about the criticisms against the Safe Harbor Framework).
In today’s statement, EDRicriticizes the U.S.’s own global interoperability work. In practice, EDRi said, that the concept of “interoperability” has often meant that data is simply being transferred to the U.S., where there are no data protection laws that would protect the data of non-U.S. persons. The concept of interoperability remains contested and in flux as discussed at the recent OECDPrivacyConferenceinMexico, where EFF representedCSISAC. In that meeting, we voiced concern over the concept of “interoperability”, arguing that it should not be used as a way to circumvent strong privacy safeguards. Recent incidents of high profile privacy invasions and subsequent public outcries demonstrate a general erosion of users’ trust and indicate a pressing need for strong and consistent privacy protections. During the same meeting, Mme Françoise Le Bail of the European Commission also emphasized that interoperability must not be promoted at the expense of high standards.
Nigel Waters of Privacy International said, "interoperability must not be allowed to justify purely self regulatory models that lack credibility." In the United States, self-regulation has failed to protect users' privacy expectations, especially given the increasing commodification of personal data. A U.S. study hasshown that self-regulatory privacy programs emerge only when companies feel threatened by potential legislation, but dissipate when companies believe that the threat has passed. Such an approach fails to address user trust issues or adequately protect privacy rights in the United States.
This ongoing process requires continued vigilance of vested interests intent on promoting a watered-down version of privacy protections in the name of interoperability. According to EDRi, U.S. lobbying effort are aimed at weakening proposed privacy standards established in the DPR, based on objections that are “flawed” and “interest-driven”. It must be noted that data protection laws are no longer a European phenomenon. A study done by Graham Greenleaf shows that there are now 29 legal frameworks that protect privacy outside Europe, 78 national data privacy laws in total. Despite these efforts, the U.S. government has still failed to implement OECD Privacy Guidelines into their national law.
EFF will be monitoring the current negotiations to review existinginternationalprivacyinstruments at theOECD, theCouncilofEuropeand theEuropeanUnion. 2012 will be a key year for data protection. We must keep our eyes open to make sure the U.S. government does not force the worst of its policies -- that are detrimental to user privacy rights -- into the international fora.
The European Parliament will vote soon on an agreement to formalize US procedures for retaining and providing EU based Passenger Name Record (PNR) data of EU and US citizens traveling into, out of, and through the United States. The agreement will determine how the Department of Homeland Security (DHS) will be able to use the broad swath of sensitive PNR information that is based in the European Union. PNR data contains a passenger’s travel itinerary and consists of 19 different data metrics ranging from your name and address to your seat number and any general comments made by the ticketing agent. Travel agents, airlines, hotels, car rental companies, and railways collect the data whenever you make a reservation to travel or buy a ticket. The data is stored in central databases called Computer Reservation Systems (CRSs), and is pushed from the CRSs to DHS for passenger screening.
Until now, there has been little press on the agreement as European politicians were not informed of its evolution, were barred from reading the document outside of a "sealed room," and were only briefed by the commissioner responsible for negotiations a week after the commissioner gave public interviews.1 Edward Hasbrouck, of the US traveler privacy organization Identity Project, leaked an early version of the document late last month.
The draft agreement acknowledges privacy principles found in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data and DHS's Fair Information Practice Principles (FIPPs), but relies heavily on DHS and US statutes in order to inform how EU and US citizens can obtain PNR data. Unfortunately, DHS has a poor track record when it comes to respecting travelers’ rights to their PNR data.
Despite an OECD guideline granting the right to obtain data from a data controller, the agreement only compels DHS to respond to a request for PNR data in a "timely" fashion. As of its last privacy report in 2008, DHS admitted that PNR data requests take longer than a year to answer.2
As a result of one such delay, Hasbrouck initiated a lawsuit in 2007 to obtain PNR data that DHS refused to disclose. The case is ongoing, but DHS contends that the data and any related procedures for its handling can be withheld under Freedom of Information Act exemptions. A few years later, DHS exempted PNR data under federal regulations published in 2010. That same year, the Associated Press reported that senior political advisers at DHS prolonged FOIA records requests by probing information about the requesters and delaying disclosures deemed "too politically sensitive." These actions seem to contradict the proposed agreement’s requirement of "timely" response.
Equally troubling is citizens’ inability to correct their PNR data. The agreement mandates DHS inform citizens "without undue delay" whether DHS will correct any mistakes in the data. To correct passenger data, DHS relies on its Traveler Redress Inquiry Program (TRIP), a system that provides citizens with the ability to correct data and file a complaint over difficulties experienced while traveling. TRIP does not allow EU and US citizens to challenge an agency decision in court and is exempted from certain Privacy Act requirements, such as the right to "contest the content of the record."3
The proposed agreement uses lofty language about traveler rights, but previous actions by DHS are discouraging. DHS has been slow to release PNR data, barred its release under the Privacy Act, and investigated citizens for requesting the data. If this is the norm for US citizens with explicit legal redress, what will be the norm for EU citizens requesting such data?
The Agreement and U.S. Statutes
The agreement references the Administrative Procedure Act, the Freedom of Information Act, and the Privacy Act as other avenues citizens can use to obtain and correct their PNR data. As shown above, citizens relying on the Privacy Act and the Freedom of Information Act face major obstacles, while the Administrative Procedure Act only allows for disclosure of the exact procedures and rules of the agency, not the actual data.
Even if DHS were to release procedures relating to PNR data, the agency is currently incapable of documenting precise access to PNR data. While DHS’s FIPPs assures the public that DHS will "audit" the use of personal information, and the agreement mandates documenting all access to PNR data, DHS admitted in court that DHS does not keep precise access logs and that it "would be unable to provide a list of employees who accessed a specific PNR." EFF is skeptical that DHS can or will satisfy the agreement’s mandate of documenting access precisely.
Despite these issues, last week the European Council approved the agreement, which now waits for the consent of the European Parliament. Sadly, the draft agreement focuses on what citizens are entitled to request, but not on what citizens are entitled to receive. EFF is concerned that DHS will continue its practices of failing to give users access to their own PNR data, of unduly delaying responses to data requests, and of failing to keep proper access logs.
EFF is not alone in raising these issues. In April of this year, an independent European advisory body created by the European Commission to comment on the use of PNR data issued a nine-page opinion on EU PNR agreements. The advisory body voiced concerns about the collection of huge amounts of personal passenger data, the length of time the data is kept, and the need to keep strict access logs. As recently as last week, the European Data Protection Supervisor and the German government voiced similar concerns. The issues raised are emblems of the large gap between the United States and the European Union approach to sensitive personal data.
In early December, 21 nonprofit advocacy groups issued a joint letter urging the European Parliament to reject the proposed agreement. They argued that "travelers are not informed which personal data is stored and processed" and "information requests to airlines travel agencies usually answered insufficiently." We echo these concerns and urge the European Parliament to reject the proposal, which does not live up to the standards of the FIPPs and OECD's guidelines for protecting privacy.
1. Baker, Jennifer. "EU Parliamentarians Speak Out Over Gag Order on Data Deal." PC World, November 18, 2011. Accessed December 4, 2011, https://www.pcworld.com/businesscenter/article/244224/eu_parliamentarians_speak_out_over_gag_order_on_data_deal.html.
2. "A Report Concerning Passenger Name Record Information Derived From Flights Between The US and The European Union." Privacy Office, DHS. December 18, 2008. Page 26.
3. Nakashima, Ellen. "Collecting of Details on Travelers Documented." Washington Post, September 22, 2007. Accessed December 4, 2011, http://www.washingtonpost.com/wp-dyn/content/article/2007/09/21/AR2007092102347.html.
In the past month—thanks to reporting from the Wall Street Journal and Bloomberg, as well as WikiLeaks and its media partners—a little sunlight has finally exposed a large but shadowy industry: Western technology companies selling mass spying software to governments. The amazing and dangerous capabilities of these tools are described in hundreds of marketing documents that were recently leaked to the media organizations.
The Wall Street Journal laid out many of the tools in detail, explaining how they can be used to spy on millions of the world’s citizens, most of whom are completely innocent. It’s also easy to see how tools can be used to track and repress those working for human rights and fundamental freedoms:
“The techniques described in the trove of 200-plus marketing documents, spanning 36 companies, include hacking tools that enable governments to break into people's computers and cellphones, and "massive intercept" gear that can gather all Internet communications in a country.”
Much of what this software does would be considered malicious “black-hat hacking” if used by a private citizen. In fact, as the Wall Street Journal reported, many of these companies market their products as the kinds “often used in ‘malware,’ the software used by criminals trying to steal people's financial or personal details.”
One program manufactured by the company FinFisher, reportedly falsifies updates to popular software like iTunes, and when the user downloads it, the perpetrator can monitor the user’s every move—even see into their webcam, according to this promotional video. Another company, Packet Forensics, brags about its “man in the middle attack” capabilities, in which it can get in between two parties communicating and read the contents of any message, even when encrypted.
WikiLeaks and OWNI put together an excellent interactive map that details, country-by-country, which companies are operating where and what forms of communication are potentially being monitored. The list is long and worrisome.
The promoters of this ugly market have so far had a callous attitude. Jerry Lucas, president of TeleStrategies—the company behind International Support Systems (ISS)—recently remarked it’s “not my job to determine who's a bad country and who's a good country. That's not our business, we're not politicians … we're a for-profit company. Our business is bringing governments together who want to buy this technology."
But the recent reports and press coverage seem to be having an effect. Tatiana Lucas, world policy director for ISS, made a lame attempt to tie the sale of repressive technologies to jobs, as if facilitating human rights and privacy abuses should be thought of as an economic recovery tool. She even bemoaned the fact that her clients are missing out on U.S. taxpayer money because of the lack of an “intercept mandate” on service providers (i.e. CALEA expansion, a very bad idea). Yet even so, she the admitted, “Attention of this kind makes U.S. manufacturers gun shy about developing, and eventually exporting, anything that can remotely be used to support government surveillance.”
With the names of these companies, and their troubling marketing pitches known, it’s time for the next step: Who are their customers? Bloomberg gave us a great head start with this infographic highlighting Syria, Iran, Bahrain and Tunisia, but given the long list of companies and technologies vying for business at ISS, there are likely many more.
In our “know your customer” post, we proposed standards these companies should voluntarily comply with to make sure their technology does not fall into the wrong hands. But those same questions can be asked by lawmakers, regulators, and the press right now, starting with: What governments or government agents are buying or licensing these technologies?
Remember, “Government” here includes formal, recognized governments, governing or government-like entities, such as the Chinese Communist Party or the Taliban that effectively exercise governing powers over a country or a portion of a country. It also importantly includes indirect sales through a broker, contractor, or other intermediary or multiple intermediaries if the Company is aware or should know that the final recipient of the Technology is a Government, something the Commerce Department already gives guidance on in their “know your customer” standards.
Then once the purchasers are identified, we need to determine whether their technology is being sold to directly or indirectly facilitate human rights violations.
Questions should include:
Has any portion of a transaction that the company is involved in, or the specific technology provided, included building, customizing, configuring or integrating into a system that is known or is reasonably foreseen to be used for human rights violations, whether done by the Company or by others?
Has the portion of the government that is engaging in the transaction or overseeing the technologies has been recognized as committing gross human rights abuses using or relying on similar technologies, either directly or indirectly.
Has the government's overall record on human rights generally raised credible concerns that the technology or transaction will be used to facilitate human rights abuse?
Has the government refused to incorporate contractual terms confirming the intended use or uses of the technologies by the government and to require the auditing of their use by the government purchasers in sales of surveillance technologies?
If the answer to one or more of these questions is yes, then the pressure should be on for the company to withdraw. The time is now. Even those who have previously studied the problem have been surprised at how fast the market for mass surveillance has grown. As former deputy technology officer under the Obama Administration Andrew McLaughlin explained, “The Arab Spring countries all had more sophisticated surveillance capabilities than I would have guessed.” Mass surveillance is a freedom of speech issue, McLaughlin emphasized, and “[i]t’s exceedingly easy for governments to conduct online and mobile surveillance” for stifling dissent.
We have the names of the companies and we know what they do. Now we need to know exactly who their customers are and turn up the heat.
In 2011, we have witnessed the incredible power of bloggers and social media users capturing the world’s attention through their activism. At the same time, regimes appear to be quickening the pace of their cat-and-mouse game with netizens, cracking down on speech through the use of surveillance, censorship, and the persecution and detention of bloggers. The increasingly the tech-savvy Syrian regime has been reported to demand login credentials from detainees, for example, while the use of torture in some of the region’s prisons continues.Aware of the threats to their safety, bloggers often devise contingency plans in the event they are detained. Syrian blogger Razan Ghazzawi was on her way to a conference in Jordan several weeks ago when she was arrested (she has since been released). In a premeditated effort to protect her contacts, she shared her passwords with trusted friends outside the country with instructions to change them in the event of an arrest. This way, she would not be able to give up the login credentials to her accounts since she would no longer know them. Other bloggers inform their close contacts of their wished contingency plans, determining in advance whether they would want a campaign for their release. A number of the bloggers arrested this year, in Egypt, Syria, and elsewhere, have connections to international activist networks that have experience creating global campaigns and can easily contact government officials, companies, and human rights organizations.
Assessing individual risk is neither easy nor straightforward. Therefore, all bloggers--whether well-connected or just starting out--should consider creating a plan in the unfortunate event they are detained. That said, there are numerous resources bloggers can use to stay informed when other bloggers in their country are detained, harassed, or surveilled; when their government is monitoring phone conversations or Internet activity; and when detainees are being compelled to give up information, such as passwords, to authorities.With that in mind, EFF together with Global Voices Advocacy have created a set of questions to consider. This list is by no means exhaustive, but should offer a starting point from which bloggers can develop their own contingency plans.All bloggers should:
Consider providing someone outside the country with the following information:
Login credentials to your social media, email, and blog accounts
Contact information of family members
Information about any health conditions
Regularly back up their blog, Facebook, email, and other accounts
Encrypt sensitive files and consider hiding them on a separate drive
Consider using tools like Identity Sweeper (for Android users) to secure/erase your mobile data
Consider preparing a statement for release in case of arrest-- This can be helpful for international news outlets and human rights organizations
Consider recording a short video identifying yourself (biographical info, scope of work) and the risks that you face and share with trusted contacts
Develop contacts with human rights and free expression organizations*
Think about a strategy/contingency plan for what to do if you're detained (see below)
If you are arrested or detained:
Is there a trusted person(s) that you would like to authorize to make major decisions on your behalf--such as whether to conduct a public campaign? If yes, please make sure to discuss your preferences with that person. The following are among the topics you could talk about:
What are your preferences for public campaigns? Is there a particular message that you feel strongly represents you and your views?
What are the organizations you feel closest to in terms of potentially leading campaigns for your release and/or better treatment?
Are there any particular attorney(s) who you know and would like to solicit for your case?
Do you have a preference about what to do about your accounts? (i.e. Change the passwords, turn them into campaign accounts or shut them down) Do you trust someone else to make crucial decisions about your accounts if your situation changes?
Is there any specific information about you or relevant to your case that you prefer not be made public?
Do you have acute or chronic illnesses which require medication or treatment? If yes, what are they? (Asthma, diabetes, heart conditions, etc.)
Are there family members that one can contact to sign off on important decisions or speak to the media? If yes, who? Are there family members who you absolutely do not want to speak on your behalf?
When having these conversations, keep in mind that it may be hard for you to foresee every future development. The best course of action may be to have in-depth conversations with trusted friends and family members so that they clearly understand your preferences--and then authorize them to make decisions as they best see fit under evolving conditions. In other words, “delegate with guidance” so that your trusted relations can look out for your best interests and your wishes under evolving circumstances. *There are numerous organizations out there and we could not possibly name them all. EFF and Global Voices Advocacy are great starts, but we also recommend international organizations Human Rights Watch, Amnesty International, FrontLine Defenders, Reporters Without Borders, the Committee to Protect Journalists and Access. If you need assistance finding a local organization in your country, please contact us and we will try to help.
This post was co-authored by EFF and Global Voices Advocacy, with special thanks to Zeynep Tufekci.