Representative Lamar Smith, the principal sponsor of the Stop Online Piracy Act (SOPA), a dangerous and unconstitutional Internet blacklist bill now working its way through the House of Representatives, has released a “manager’s amendment” that reworks some of the bill’s worst provisions.While the new version jettisons some of the most harmful language, it doesn’t go nearly far enough.
The best thing about the new version is it no longer allows a private actor to effectively cut off payment processing for websites with a simple notice.The bill also endeavors to narrow the range of targets to non-U.S. sites.And, the authors have had the good sense to eliminate language that would have put sites under threat if even a single page was arguably linked to infringement.
These are positive steps, but frankly, the original provisions were so overbroad and poorly written that we suspect the bill's backers had always planned to eliminate them, as a supposed “compromise.”
So let’s be clear: this new version is no compromise.It still gives the Attorney General and rightholders the right to obtain blacklist orders.There is new ambiguity as to how the blacklist will be enforced (service providers who receive the order have some flexibility as to how they will comply) – but the effect will be the same: a balkanized Internet and a fundamental contradiction in U.S. Internet policy.It still contains vague and ambiguous language that will take decades of expensive litigation to parse – with free speech under threat all the while.It still targets tools that might be used to “circumvent” the blacklist, even if those tools are essential to human rights activists and political dissidents around the world.And so on.
We’ve said it before: this bill cannot be fixed, it must be killed. SOPA is set for a hearing on Thursday, the next step in the proponents’ desperate effort to slip it through Congress without serious scrutiny.If you oppose this bill – and you should – please call your Representative now – and then call five friends to ask them to do the same.Check out our activist toolkit for more steps you can take to defend a free and open Internet.
Ever since the Internet has fought back against the the Stop Online Piracy Act (SOPA), top supporters of the dangerous blacklist legislation have tried to mask its full consequences by misconstruing criticism and distorting the opposition’s position. On Saturday, former First Amendment lawyer and current representative of the MPAA and Director’s Guild, Floyd Abrams, wrote a disingenuous op-ed in the Washington Post that put all of Big Content’s misleading arguments and numerous strawmen in one place.
Let’s look at these claims one at a time. First, Abrams asserts:
[M]any critics of anti-piracy legislation acknowledge that a serious problem exists…yet seem unwilling to meaningfully address the problem. Google, Facebook and Twitter…have offered little in the way of solutions.
This is both misleading and factually untrue. When SOPA was written, technology companies were not allowed to offer solutions — they were completely shut out of the writing process. Since then, a bipartisan group of Congressmen — led by Rep. Darrell Issa (R-CA) and Sen. Ron Wyden (D-OR) — released an alternative to SOPA, called OPEN. While the bill is not perfect, it is a drastic improvement over SOPA that is narrowly targeted to the actual issue that would have significantly less impact on free speech.
For many critics, their objection is not to this or that provision but to the very concept that in some circumstances — and a copyright violation is one — what goes up on the Web must come down. The United States has never had a policy exempting the Internet from laws governing content. We cannot and should not.
Mr. Abrams does not and probably cannot link to the “many critics” who say this because there are none. No one is suggesting that copyright laws don’t apply to the Internet, which is why rightsholders already have ampletools at their disposal. For example, the Digital Millennium Copyright Act (DMCA) already allows copyright holders to send notice to websites to remove copyrighted content.
The proposition that efforts to enforce the Copyright Act on the Internet amount to some sort of censorship, let alone Chinese-level censorship, is not merely fanciful. It trivializes the pain inflicted by actual censorship that occurs in repressive states throughout the world. Chinese dissidents do not yearn for freedom in order to download pirated movies.
It’s not just critics that compare SOPA to China’s Great Firewall. MPAA Chairman and colleague of Mr. Abrams, Chris Dodd, looked to China last week when he said, "When the Chinese told Google that they had to block sites or they couldn't do [business] in their country, they managed to figure out how to block sites." Many Chinese Internet activists and bloggers have also seen similarities. And if Mr. Abrams is concerned about Chinese dissidents, he should also know that provisions in SOPA could pose a legal threat to many of the anonymity and circumvention tools Chinese activists use to get around the censors and avoid arrest.
None of this means that whatever legislation is adopted should not be carefully drafted to minimize even potential conflicts with principles of free expression.
Here is finally a statement where EFF and Floyd Abrams agree — but SOPA clearly does not minimize any conflicts with free expression. Even in his letter to Congress endorsing SOPA, Abrams admitted that SOPA will censor non-infringing speech, stating that “When injunctive relief includes blocking domain names, the blockage of non-infringing or protected content may result.”
Many First Amendment lawyers don’t take that result lightly. As a letter signed by over 100 other law professors observed, SOPA and Protect-IP “represents the most ill-advised and destructive intellectual property legislation in recent memory.”Harvard Law School’s Laurence Tribe, one of the nation’s foremost experts on constitutional law, wrote to Congress concluding the bill plainly violates the First Amendment because it “an overbroad scheme that will predictably result in depriving U.S. audiences of protected, non-infringing speech.”
SOPA would not just go after copyright infringers; it leaves no one on the Internet untouched. Twitter’s general counsel, Alex Mcgillivray, recently wrote a great hypothetical illustrating how site-wide censorship will affect millions of “ordinary, non-infringing users.” As Washington Post blogger Alexandria Petri remarked, “This isn't even throwing the baby out with the bathwater. This is bludgeoning the baby repeatedly with a sledgehammer and then throwing out the whole bathroom.”
There has been a rolling scandal about the Carrier IQ software installed by cell phone companies on 150 million phones, mostly within the United States. Subjects of outrightdisagreement have included the nature of the program, what information it actually collects, and under what circumstances. This post will attempt to explain Carrier IQ's architecture, and why apparently conflicting statements about it are in some instances simultaneously correct. The information in this post has been synthesised from sources including Trevor Eckhart, Ashkan Soltani, Dan Rosenberg, and Carrier IQ itself.
First, when people talk about "Carrier IQ," they can be referring to several different things. For clarity, I will give them each a number. You can think of senses 2, 3 and 4 as being "layers" of code that are wrapped around each other.
a core software library that is written by Carrier IQ Inc. and which is present on all of the 150 million handsets;
a Carrier IQ application or program running on a phone, which includes the software in layer 2, but also additional porting code written by handset manufacturers (sometimes called "original equipment manufacturers" or "OEMs"), mobile network operators ("telcos"), or baseband chipset manufacturers;
the entire Carrier IQ stack, which includes the program described above as layer 3, but also often includes other code within a phone's Operating System and Baseband Processor OS to send data to layer 3. Like layer 3, this code is written by handset manufacturers, telcos or baseband manufacturers.1
The huge amount of disagreement about various points, such as whether Carrier IQ logs keystrokes and text message content, is a result of using the term "Carrier IQ" to mean one of these four different things, as well as the fact that layers 3 and 4 vary on depending on which manufacturer built the phone, and which network it was customized for. Finally, there is an additional configuration file (called a "Profile") that controls the behavior of layer 2 and determines what information is actually sent from the phone to a carrier or other Carrier IQ client. Profiles are programs in a domain-specific filtering language; they are normally written by Carrier IQ Inc. to the specifications of a telco or other client.
There is consensus agreement that layers 2–4 collect information that can include location, browsing history (including HTTPS URLs), application use, battery use, and data about the phone's radio activity.2 The Carrier IQ Profile that is active on the phone determines where this information is intentionally transmitted, under what circumstances, the way in which it is filtered or processed beforehand, and whether it contains unique phone identifiers.
Our client Trevor Eckhart (whose research set off the present firestorm) and his subsequent collaborator Ashkan Soltani have shown that on some phones, dialer keypresses and SMS text are being written to system logs by layer 4 code. However, it seems that only much more limited types of keystroke and SMS information can make their way down from layer 4 into the underlying layer 2 Carrier IQ software.3 Unfortunately, our current belief is that the layer-4 logging that has been observed, which goes to Android system logs, is in fact being inadvertantly transmitted to some third parties and otherwise made available to other applications on the device.4 This happens when crash reporting tools collect copies of the system logs for debugging purposes. The recipients of such transmissions are unlikely to have anticipated receiving keystrokes, text messages, URLs or location information through such channels, but that can in fact happen on some of the phones to which Carrier IQ has been ported. What this means is that keystrokes, text message content and other very sensitive information is in fact being transmitted from some phones on which Carrier IQ is installed to third parties.
The complexities of this situation explain the apparent contradiction between claims by Carrier IQ Inc. and researchers examining code written by the company, who have said that the company does not collect full keystroke data or the content of text messages, and others who say that they have observed this happening. People on all sides of this debate may be simultaneously correct.
The information that we need now is a complete history of all of the Profiles that carriers have ever installed on their customers' phones, to learn what the carriers meant to collect. This would be a good place for regulators and others to start their inquiries. Separately, and equally importantly, the carriers and the OEMs need to take the steps necessary, whether OS updates or better yet, removing Carrier IQ software entirely, to stop the overbroad logging and transmittal of sensitive user data out of their customers' phones.
1. Carrier IQ Inc. provides reference code for telcos, handset and chipset manfuacturers implementing layers 3 and 4, which is sometimes used and sometimes not.
2. Carrier IQ calls these observable variables "metrics". The metrics are effectively an API that layers 3 and 4 use to make reports down to layer 2.
3. Eckhart and Soltani have demonstrated this on phones that run modified variants of the Android OS as customized by OEMs and telcos, but we should stress that Android as an OS is not to blame here. Android's relative openness has facilitated research on the situation, but the Carrier IQ stack has been ported to iPhones, BlackBerry devices, Symbian and Windows Mobile devices, and non-smartphones as well; we do not know what if any bugs exist in any of those ported versions of the stack.
4. The Android OS has a fine-grained permissions model in which any newly-installed software must disclose to the user that it may read copies of system logs before being installed. This is a good security design, but unfortunately, most users would not associate permissions to read system logs with permissions to read the sensitive information that some ports of the Carrier IQ stack are writing to the logs. Applications that come pre-installed on phones do not have the same install-time permissions dialog, but these apps at least sometimes use clickwrap dialogs. So we may face a situation where companies have taken some steps to try obtain consent from users for crash-reporting and debugging transmissions, without anybody being clear about how sensitive the data in those transmissions would end up being.
On Thursday, prominent blogger and a leader of recent anti-corruption protests, Alexei Navalny was imprisoned for 15 days on charges of resisting the police. Navalny was one of hundreds arrested last week in recent widespread protests against political corruption and election fraud in the country. Navalny has been the leading voice in demanding social and political reform in Russia, spearheading an online campaign against Prime Minister Vladimir Putin's United Russia party for the past couple of years.
As political dissent grows in Russia, the state has started to position itself on the offensive. Last week, the Interior Ministery suggested a ban on Internet anonymity. Major-General Aleksey Moshkov said, “Social networks, along with advantages, often bring a potential threat to the foundations of society.” He claims that the goal of such a ban would be to fight political extremism, not to crack down on broader government criticism. In light of Navalny’s arrest however, such claims are highly questionable. In addition to rehashing the same tired rhetoric often used to justify attacks on privacy and anonymity (i.e. “if you’ve got nothing to hide, why does it matter?”) this may be the be beginning of an informal campaign to pressure tech companies and social media sites to start requiring real name policies.
EFF continues to stand for the right for user anonymity online, and opposes any attempts to impede this necessary right in the name of state security.
Twitter accounts of critics of the Chavez regime have been attacked by a wave of hacking over the past few months by a group supportive of the president and his policies. Global Voices released a report last week collecting reactions from the activists, scholars, artists, and the like who had their account compromised and hijacked to be exploited for presidential endorsements.
Many speculated that it was the government itself responsible for the hacking. However, the group N33 made a press release (in Spanish) two months ago that in fact they were the ones responsible for the attacks. They claimed that their motivation was to silence critics of their president, who abused their freedom of speech by defaming him. They have even asked Twitter to close parodic accounts of Chavez, however the company continues to ignore their requests.
On Thursday, an American blogger was sentenced to two and a half years in a Thai prison for translating and publishing excerpts of a banned biography of King Bhumibol Adulyadej on his blog under charges of lèse-majesté. Gordon, a Thai-born U.S. citizen, initially denied the charges but plead guilty in October in order to lessen the sentence from five years. Reporters Without Borders reacted to the news:
We are witnessing a game of one-upmanship in the penalties imposed on Thai netizens. Since it took office, the government of Prime Minister Yingluck Shinawatra has shown itself to be worse than its predecessor. In just four months, the number of allegations, prosecutions and convictions on lèse-majesté grounds is higher than for the whole of last year…The government must put an end to this repressive policy and repeal the lèse-majesté law and the Computer Crime Act, two anti-freedom pieces of legislation.
The U.S. government mildly acknowledged the news, stating that it was merely “troubled” by the incident, and it is currently not known whether the State Department has taken any action on his behalf.
EFF stands with Reporters Without Borders in condemning the arrest of bloggers, activists, and journalists in Thailand.
The Communications Standards Commission of South Korea last Wednesday launched a campaign to monitor “illicit content” on social networking sites. An eight-member team will be charged with the task of examining sites such as Facebook, Twitter, and smartphone applications for any “’harmful or illegal’ content relating to pornography, gambling, drug abuse, false information, and defamation.”
Officials claim that they enacted this program mainly in order to limit North Korean propaganda as part of a wider crackdown on nationalist sympathies for the neighboring state. Critics of the program however, argue that it is just a cover for their true motivation of silencing voices dissident to the government. "The commission must immediately stop its anachronistic act restricting freedom of expression," six civic groups said in a joint statement on Tuesday.
EFF condemns such overt attacks on online free expression, especially in light of South Korea's history of legalizing and institutionalizing censorship in the name of upholding copyright.
The Power Up Your Donation Campaign successfully ended moments ago, having raised $140,000 from over 1,000 members.
That's an average of over $1,000 per hour for the length of the campaign. We couldn't be more excited, or more thankful for the generous matching grants from the Parker Family Foundation, Nancy Blachman and David desJardins, and Blake Krikorian. As well as outstanding contribution from our Top Heroes and Heroines:
Last Thursday, EFF asked friends and followers on social networks to support our work and help spread the word that donations to our Power Up Your Donation campaign could be quadrupled for 140 hours. In addition to far exceeding our original fundraising goal of $10,000, supporters filled the social networks with messages encouraging others to do the same. Here are a few of our favorites:
@Le_Ted: "Hey, do you like the Internet as much as I do? Probably not, but give to the @EFF anyway. They need us! BOTS WITH SOUL"
@iglazer: "Why I donated to @EFF: Because civil liberties need more champions like the @EFF"
@GoinEasy9: "Why I donated to @EFF: We need someone looking out for us when our Liberties and Freedoms are being taken away."
@billkrikp: "Why I donated to @EFF: I kind of like this 'internet' thing and hope it sticks around a while."
@mtrumpbour: "Why I donated to @EFF: because electronic freedom isn't free."
EFF was built as a membership organization to ensure that we represent the rights and freedoms of technology users. Our members give credence to the importance of our work when facing Congress, companies, and the Court.
But being a member of EFF is more than that. As a member, you can stay on the bleeding edge of breaking issues in the fight for digital rights through activism campaigns or EFF updates. EFF members also get exclusive opportunities to attend EFF-only events and cool discounts, and even get awesome EFF swag like our metal Bill of Rights card (great for your pocket when going through airport security).
We're growing a movement to defend civil liberties in an era of ever-changing technologies. When you become a member of EFF, you stop being a spectator in the battle for digital rights and start being a digital defender. If you're kicking yourself for missing the Power Up challenge, then don't worry: you can still join EFF. And thanks to the incredible generosity of the Brin Wojcicki Foundation, you can still double your donation. So show your commitment to a future that upholds privacy, free speech, and innovation by becoming an EFF member or giving a year-end gift today.
Update: According to her lawyers, Razan has been charged with "establishing an organization that aims to change the social and economical entity of the state" and "weakening the national sentiment, and trying to ignite sectarian strife" and "weakening national sentiment" -- all of which, according to Lebanon's Daily Star, can lead to a penalty of three to fifteen years in prison.
Syria's crackdown on opposition, condemned by the international community, has long extended to bloggers and journalists. In August, prominent blogger Anas Maarawi made headlines for his arrest; he was released almost two months later after considerable international attention. More recently, Hussein Ghrer was released on $1,000 bail, after spending a month and a half in prison without charge. Numerous other bloggers, journalists and netizens remain imprisoned.
On Sunday, December 4, Razan Ghazzawi, a blogger who also works with the Syrian center for Media and Freedom of Expression, was arrested while en route to Amman, Jordan to attend a workshop on media freedom in the Arab world. Ghazzawi is one of the few bloggers writing from inside Syria under her real name. Her blog, Razaniyyat, covers a range of topics but has most recently focused on Syria's crackdown on bloggers; in her most recent post, she wrote about Hussein Ghrer, stating: "It’s all going to be alright, and it will all be over very soon." Ghazzawi also tweets under the handle @RedRazan.
A campaign in support of Ghazzawi has been launched, with Twitter users adopting the hashtag #freerazan and a range of organizations, including Amnesty International, lobbying for her release.
Razan Ghazzawi is being held for her personal beliefs and should be released immediately. EFF calls for her release as well as the release of other detained Syrian netizens.
When the government claims the right to shut down websites by breaking the Domain Name System and forcing search engines to dump user requests to reach a site, there’s only one word for it: censorship. And when big media groups like the RIAA can essentially cut off the financial services to a website based on accusation alone, it’s censorship at the hands of corporations.
EFF and a coalition of organizations, tech companies, innovators, and users are joining forces to fight back against the Stop Online Piracy Act (SOPA), a bill that would give the government and big content unprecedented authority to censor the web in the name of so-called copyright enforcement. This week, we need to pull out all the stops because the House Judiciary Committee is slated to hold a critical hearing on Thursday.
SOPA's supporters are desperate to rush this bill through quickly by convincing Congress there's no real opposition to it. We know better, but we need to make our voices heard. That’s why we’re calling on you to join us in a dedicated week of action against the SOPA blacklist bill.
This legislation, if passed, will wreak havoc on our Internet community, jeopardizing the innovative and creative ecosystem that has created hundreds of thousands of jobs, helped countless people access information, and spurred a new generation of artists and creators. But big media groups are willing to sacrifice all of that in a ham-fisted attempt to control how you consume online content. And in the process, they'll undoing long-standing legal protections for websites and endangering the basic infrastructure of the Net.
We can’t let that happen. So join us in standing up and speaking out. Show Congress that we’re willing to fight for an uncensored web, and deep-pocketed lobbyists will never drown out the voices of the Internet community.
A Week of Action Against Censorship
We’ll be adding to this list daily. Check back to see what you can do to join the fight!
EFF is working with a coalition of advocacy organizations, tech companies, entrepreneurs, and creators in our Week of Action Against Censorship. Check out some of the creative ways the Internet is pushing back against this misguided bill. Know of actions that aren’t on our list? Email them to Rainey@eff.org
American Censorship is activating the Internet community to call Congress to protest SOPA. They've also created a cool #CensorshipEverywhere tool that let's you "censor" text which you can then post on a websites or social networking site. Friends who want to see what you wrote will need to call or email Congress to reveal what was redacted.
Avaaz launched their Save the Internet petition against SOPA and Protect-IP. They've already gotten over one million signatures!
The Center for Democracy and Technology is running a Stop SOPA campaign to rally support against this bill and provide an easy way for users to call their Representatives. Also check out their awesome Chorus of Opposition page, which showcases how many diverse organizations and companies are fighting this legislation.
Demand Progress has created Stop Censorship which lets you email Congress to protest SOPA and Protect-IP.
Public Knowledge launched a great tool to fight SOPA on their website that connects you to legislators. You can sign up to get mobile action alerts that will alert you via text message when there is a breaking issue and connect you to your legislator immediately.
Congress is debating dangerous legislation that would give the Department of Justice unprecedented power to “blacklist” websites without a trial and give Hollywood copyright holders a new way to shut down a website’s financial services for alleged copyright infringement. It’s nothing short of a bill to create a U.S. censorship regime, and it’s moving fast.
We need your help to stop this legislation before it can undermine Internet security and censor the web. Ready to join EFF, Demand Progress, Fight for the Future, Free Software Foundation, Creative Commons, CDT, the Participatory Politics Foundation, and Public Knowledge in the fight? Here are 12 things you can do right now to help us stop the blacklist bills.
Call your Senators and Representative and tell them to oppose Protect-IP and SOPA, respectively. Click here for some suggested talking points. Then tell your friends about the call on social media sites.
Contact Congress through EFF’s action center. Customize your letter to explain who you are and why you are worried about this bill. If you’re outside the United States, try this petition from Fight for the Future instead.
If you work for a tech company, approach the leadership at your company and explain to them your concerns. Urge them to join you in speaking out. These companies (PDF) already took a stand.
Write a blog post about the blacklist bills. Whether it’s a candid explanation of why you oppose the legislation, a discussion of the effect on human rights, or a call to filmmakers to protest the blacklist, there are plenty of things to say about this scary legislation. Help us get the word out by writing articles on your own blog, your school blog, or on blogs that take guest contributors.
Are you an artist? Showcase the dangers of censorship through art and music, and use your art as a way of reaching people who might otherwise not know about this issue. You can make stickers, posters or patches, create a YouTube video, or hold an open-mic night around censorship.
Coordinate a teach-in or debate at your local college or community center. Invite local experts in copyright and free speech to come discuss the issue.
If you’re in high school, talk to your civics and media studies teachers about a class discussion on the implications of this bill. Point them to our free Teaching Copyright materials.
If you’re in college, speak out through like-minded organizations working for digital freedom, such as Students for Free Culture or Electronic Frontier on Campus. If there isn’t a chapter at your school, start one. Then use that platform to coordinate with other students to speak out against this bill.