Update: An official Senate version of the draft PROTECT IP Act has been released and is available here. This version changes the “interactive computer services” language mentioned in our post below to “information location tools,” a term that points back to section 512(d) of the Digital Millennium Copyright Act. In that context it’s been generally understood to refer to search engines, though there’s no guarantee we wouldn’t see efforts to expand the definition in actions under this bill. But in any case, requiring search engines to remove links to an entire website raises serious First Amendment concerns considering the lawful expression that may be hosted on the same domain.
- - - - - - - - - - - - -
Last year’s rogue website legislation is back on the table, with a new name: the "Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011"or (wink, wink) "PROTECT IP". The draft language is available here.
The earlier bill, which failed to pass thanks largely to a hold on the legislation placed by Senator Ron Wyden of Oregon, would have given the government dramatic new copyright enforcement powers targeted at websites "dedicated to infringing activities," even where those websites were not based in the United States. Despite some salient differences (described below) in the new version, we are no less dismayed by this most recent incarnation than we were with last year’s draft.
First, the legislation now includes a private right of action for intellectual property owners. This means that IP owners as well as the government can seek injunctions against websites "dedicated to infringing activities" in addition to court orders against third parties providing services to those sites. (Notably, IP owners can also bring actions to enforce the court orders.) Consider whether Viacom would have bothered to bring a copyright infringement action against YouTubewith the attendant challenges of arguing around the DMCA safe harborshad it had this cause of action in its arsenal. The act includes language that says it's not intended to "enlarge or diminish" the DMCA's safe harbor limitations on liability, but make no mistake: rights holders will argue that safe harbor qualification is simply immaterial if a site is deemed to be dedicated to infringement.
Second, the scope of the language has been expanded to include additional categories of third-party providers that can be subject to court orders. Under the new act, "interactive computer services" and "servers of sponsored links" can be required to cease linking to particular websites. We'd heard about a potential "search engine provision," but these additions arguably go much further. An interactive computer service (the term, and its definition, are borrowed from the Communications Decency Act) could include not only Bing but also sites like Facebook, Twitter, and potentially any service or web page where a URL might turn up.
Court orders against interactive computer services don't apply in every context, though. The new version of the bill includes what appear to be some redundant and some alternative remedies where "nondomestic" domains are involved, remedies that are available in actions by the Attorney General but not private actors. (In the language of the bill, a "nondomestic" domain is one "for which the domain name registry that issued the domain name and operates the relevant top level domain, and the domain name registrar for the domain name, are not located in the United States.") The main distinction seems to be that interactive computer services can be ordered to stop linking only in actions brought by the Attorney General against nondomestic domains, but not in actions brought by the Attorney General against domains that are not nondomestic, nor in any actions brought by private plaintiffs.
Also, the new language no longer requires explicit action on the part of domain name registries and registrars, although it still reaches operators of nonauthoritative domain name system servers. Because of Immigration and Customs Enforcement’s ongoing practice of seizing domain names by prevailing on registries and registrars, however, the revision doesn’t seem all that meaningful. EFF denounced the earlier bill for its potential dangerous effects on the Internet's domain name system, and we’ll discuss the implications of the current legislation for DNS in more detail in a future post.
Finally, the bill now requires any potential plaintiffwhether it's the government or an IP ownerto make some attempt to identify a person or entity in connection with the infringement before proceeding against the domain name itself. The effort to inject a little due process into the mix is a good step, but it falls far short of the mark given the potential implications of these actions for online speech.
We’re still chewing through the issues, but on balance, it's clear PROTECT IP is no improvement on COICA.
Earlier this month the FBI, DEA and the Department of Justice Criminal Division responded to our FOIA litigation for records related to the Department of Justice’s controversialefforts to push Congress to expand the Communications Assistance to Law Enforcement Act (CALEA).1 Although the agencies stated in their court filings (here, here, and here) that they had thousands of pages of records, so far they have only turned over a few hundred pages (and the DOJ Criminal Division has yet to give us any documents). The documents we received — emails, briefing documents and powerpoint presentations — are heavily redacted and still fail to provide any specific details—including technical details — on the purported surveillance problems the government claims require expanding the law.
We discuss the FBI’s documents below and will be writing more about the DEA’s documents in a later post. (As noted, the DOJ Criminal Division has failed to release any documents so far.)
The FBI produced several hundred pages of heavily redacted documents and completely withheld several hundred pages more. As we mentioned in an earlier post about FBI lying to a federal court in another FOIA case, the Bureau has claimed much of the information in these documents is “outside the scope” of EFF’s FOIA request—even though it appears that the material blocked out directly relates to the subject of our request (see example).
Nevertheless, the information we can read in the documents still fails to make the case that the FBI needs any expansion to CALEA, much less back doors into our communications services like Skype, Google Talk or Blackberry.
While several emails and slides discuss at a high-level the problems the bureau is facing, the FBI has still withheld important information that would flesh out the details of these problems. For example, several emails discuss a company or companies that may not be complying with intercept orders (see, for example, EFF/Lynch 25-26, 29, 33 and 402). However, the FBI has redacted important information about the problems it has faced and the name(s) of the compan(ies) involved. This is also true for several presentations we received, as well as a counterintelligence memo sent to 13 branch offices. For example, a slide titled “Challenges and constraints faced by Law Enforcement” (EFF/Lynch 76) is almost completely blank. Similarly, the “recent examples” section of several slides titled “Legislative and Policy Challenge” (EFF/Lynch 95-102), has been blocked out (see example above). And all pages of the counterintelligence memo, which cryptically mentions a VoIP provider that could be Skype, are either almost completely redacted or withheld in full. (see EFF/Lynch 275-285)
The documents FBI released recently in response to our “Going Dark” FOIA request are even less informative. For three separate documents, the agency has only included the cover page, including a whitepaper from July 2008 titled “‘Going Dark—Law Enforcement’s Need to Preserve Lawful Interception Capabilities” (Going Dark 1443) and two attachments to a redacted document titled “The Going Dark Initiative” that discuss specific legislative proposals in response to the “Going Dark Problem.” (see Going Dark 146) In each case, all pages that might possibly explain the FBI’s rationale and need for “Updating and Improving Federal ELSUR [Electronic Surveillance] Laws and Assistance Mandates” have been withheld in full. (see Going Dark 147-148).
Finally, the FBI has redacted important information from a questionnaire on surveillance activities that appears to have been shared with Congress and was intended to include only “high-level unclassified information.” (Going Dark 59-67)
It doesn’t appear from the records we have received so far (at least from the parts that aren’t redacted) that the agency has been crippled by the “Going Dark Problem” or that “the bad guys” have gotten away. In fact, in the two concrete examples not fully redacted (and these are the same examples FBI Director Mueller used to justify his call for expanding CALEA in an October 2010 speech) the agency was ultimately successful. In “Operation Achilles” the FBI “broke up an international online child porn and exploitation ring in 2008 that used anonymizers and encryption services to conceal their activities.” And in a cocaine bust that suffered from electronic surveillance problems “creat[ing] delays and prevent[ing] the interception of pertinent communications,” the agency was still able to obtain an indictment. (EFF/Lynch 130).
The records we have received fall far short of justifying any amendment to CALEA, much less the broad expansion the Department of Justice appears to be seeking. Without any specific details about the agency’s claimed problems trying to execute intercept orders, Congress and the public should be wary of any claim that expanding CALEA to apply to additional electronic communications service providers is an appropriate solution to the FBI’s supposed "Going Dark" problem.
The documents referenced in this blog post are available below. You can also check out all the documents from the case on our main CALEA FOIA page.
FBI's First Release of Documents Responsive to EFF's CALEA FOIA Request (pp. EFF/Lynch 1-285).
FBI's Second Release of Documents Responsive to EFF's CALEA FOIA Request (pp. EFF/Lynch 290-366).
FBI's Final Release of Documents Responsive to EFF's "Going Dark" FOIA Request.
1. CALEA currently requires telecommunications and broadband providers' systems to be technically capable of complying with intercept orders. Law enforcement has been lobbying for Congress to expand those requirements to require surveillance backdoors into any electronic communications service offered over the Internet, be it Gmail or Facebook or Skype or any other.
2. These pages refer to the numbers at the bottom of each page in the FBI's CALEA documents.
3. These pages refer to the pdf page numbers in the FBI's "Going Dark" documents (unlike with the CALEA documents, the FBI did not individually number the pages).
EFF is thrilled to announce the newest member of our international team, Jillian York. Jillian is the Director for International Freedom of Expression -- an always-critical issue that has come into sharp relief over the last few months with the events in Egypt, Tunisia, Syria, and beyond.
Jillian comes to us from Harvard's Berkman Center for Internet & Society, where she worked on the OpenNet Initiative and Herdict projects. Jillian is a longtime blogger and activist, and is well known for her research and insight into Internet filtering at the government level, the policing of content in corporate online spaces, and digital activism. Jillian writes for and is on the board of directors of Global Voices, and is a regular columnist for Al Jazeera.
We are very pleased that Jillian is joining our international team during this critical time for global freedom of expression issues. This year, we've seen how the Internet and social networking tools have given activists around the world new platforms to interact, organize, and spread their message well beyond their countries' borders. But these digital platforms also provide authoritarian governments with ways to expose and potentially retaliate against these activists. This is extraordinarily important work and Jillian will be a valuable resource for EFF and international activists. Welcome Jillian!
Google announced today that it will join Amazon in offering consumers a cloud-based music locker service. Google’s news, which had been rumored for some time, presents an opportunity to both answer and ask some questions about the future of the music industry.
Those questions make clear that while services like these do improve the ability for fans to access their music, they still only get us a little bit closer to the larger goal: making sure artists get paid and fans are happy.
Do music locker services violate current copyright laws?
Unlike streaming services, such as Rhapsody or Mog, Google’s and Amazon’s music lockers allow users to upload their own music files and then access those files from either the Internet or devices equipped to run those companies’ programs (in Google’s case, that means a phone running the Android operating system).
For this kind of personal locker, Amazon and Google believe they don’t need licenses from record labels that own copyrights in the songs – and we agree. Essentially, all these services do is allow you to upload a song you already own and access that file from different browsers and devices, not much different from transferring a song you bought to your iPod.
Apparently to avoid any potential copyright liability, neither Amazon nor Google “de-duplicate” users’ files, which means that users access the same files they themselves uploaded, even when those files are identical to others on the system. As a result, millions of identical files may exist in the same cloud.
Whether or not Amazon’s and Google’s copyright fears are well founded is still an open question and may depend, at least in part, on the ongoing litigation between EMI and MP3Tunes. MP3Tunes is a music locker, but – unlike Amazon and Google – it does de-duplicate its files and it provides a search engine on the side allowing users to search for more music. EMI claims that MP3Tunes should be held responsible for infringing content stored in the lockers of some of its users, while MP3Tunes contends that it is immune from liability under the "safe harbor" provisions in the Digital Millennium Copyright Act (DMCA).
While we wait for a ruling in the MP3Tunes case, it appears that Amazon and Google have chosen to play it safe by storing potentially millions of identical files (just another example of how copyright laws fail to address modern uses of copyrighted works).
Are music locker services the answer to an ailing recording industry?
Personal music locker services are certainly an improvement on current industry services. By allowing music fans increased access to the content they already own, services like Amazon’s and Google’s improve consumers’ music experiences by making it easier to listen to that music where and whenever they want.
But we’re a long way from realizing the potential of cloud-based music services, which could increase consumers’ access to music they already own while offering new ways to find and purchase music and other add-on content from artists.
It has been widely reported that Google attempted to secure licensing deals that would have allowed it to offer more to consumers – for example, the ability to access music one owns without having to take the time to upload it to the cloud (which can be a slow process). But it seems the record labels are still blocking efforts to give music fans with more or easier access to new music, whether by compulsory licenses or other non-traditional revenue streams. Not only does less access hurt fans, but it hurts artists who might otherwise benefit from innovative business models. So while we applaud Amazon’s and Google’s attempt to better their customers’ music experience, there’s no question that their services fall far short of what fans and artists really need and want.
This past week has been trying in a number of countries, including China, where a new central agency has been established to oversee the Internet, in a move that some experts have said would allow for tighter regulations. At the same time, rumors of a possible Facebook deal in China have been cause for concern, as such a launch would likely mean Chinese users would have access only to a censored version of the platform.
Were Facebook to bring a censored version of its social networking service to China, it wouldn’t be the first instance of a US company engaging in censorship overseas: Google famously filtered its search results from 2006 to 2010 by order of the Chinese government, and search engines Yahoo! and Bing continue to filter results. The OpenNet Initiative considers China to be one of the most pervasive filterers of online content.
Though no deal has yet been struck, Facebook spokesperson Adam Conner was quoted as saying, “Maybe we will block content in some countries, but not others. We are occasionally held in uncomfortable positions because now we're allowing too much, maybe, free speech in countries that haven't experienced it before.”
Tunisia Reverts to Filtering
In Tunisia, where many of the Internet filters came down along with the Ben Ali government, new evidence suggests that sites are now being blocked based on military order. A blockpage posted by Nawaat’s Sami Ben Gharbia (who will be speaking at EFF’s upcoming Geek Reading at EFF on May 20) shows the Facebook page of democracy activist Jalel Brick “filtered under a requisition from the investigating judge at the Permanent Military Tribunal in Tunis.”
Prior to the uprising that led to the fall of President Zine El Abidine Ben Ali in January of 2011, Tunisia pervasively filtered political content, including websites of human rights organizations and political opposition.
This latest move is worrying to Tunisian activists, who say that the new Internet censorship law was quietly passed by the interim government.
A Facebook Ban in Pakistan?
On May 6, The Express Tribune reported that Pakistan’s Lahore High Court was reviewing previous petitions filed against Facebook for blasphemous content in consideration of a possible permanent ban of the social networking site.
In May 2010, after receiving a petition from the Islamic Lawyers’ Group, a high court in Pakistan ordered the Pakistan Telecommunication Authority (PTA) to block Facebook temporarily following a “Draw Mohammed Day” competition hosted users of the site. The ban was lifted after two weeks, however, the court asked the government to take steps to prevent access to blasphemous and sacrilegious content online.
Though the case has reportedly been postponed for hearing, EFF will be tracking developments closely and will report back on any updates.
The California Public Utilities Commission (PUC) has released a proposal for strong privacy protections for "smart meter" data, closely following the recommendations from EFF and the Center for Democracy and Technology. If adopted and finalized, the plan could become a model for how to protect sensitive consumer information while providing new ways to save energy.
California's PG&E is currently in the process of installing "smart meters" that will collect detailed data of energy use —750 to 3000 data points per month per household—for every energy customer in the state. These meters are aimed at helping consumers monitor and control their energy usage, but the information that is collected can reveal much more about a household's daily activities: when people wake up, when they come home, when they go on vacation, and maybe even when they take a hot bath.
Many third parties will want access to this sensitive information, and the California PUC has recommended strong protections for the transfer of the data to others. This should help prevent the data's misuse, hopefully blocking new intrusions into our home and private life. We hope the California PUC goes on to adopt its proposal, creating a blueprint for energy data and privacy protection that can be used across the country.
California took another big step towards updating reader privacy today. The State Senate unanimously passed SB602, the Reader Privacy Act, which would bring book privacy law into the digital age. The bill prevents the disclosure of information about readers from booksellers without a warrant in a criminal case or a court order in a civil case, and also requires booksellers to report the number and type of requests that they receive so that we can track government demands for reader information.
The bill, authored by State Senator Leland Yee, and sponsored by EFF and the ACLU, won bi-partisan support, and it's easy to see why. The books we choose to read reveal deeply private information about what we think, believe, question, and worry over. This data could lead people to interpret -- or misinterpret -- things like our political and religious beliefs, our health concerns, and our financial situations, so the standards for disclosure must remain high.
But while reader privacy in bricks and mortar public libraries is already well established in California law, it's time for a 21st Century upgrade. Digital book services, libraries, and bookstores collect far more information than physical bookstores and libraries do, creating an unprecedented data trail about your intellectual life. Information collected can include books browsed, how long a page is viewed, and even the electronic notes written in the margins. This sensitive information needs legislative protection, so it doesn't become a tempting target for the government or other litigants, like those involved in divorce cases, custody battles, or insurance disputes.
EFF has been working on this bill for several months now, officially sponsoring SB602 along with the American Civil Liberties Union. Google, the Consumer Federation of California, the California Library Association and many other groups also support the bill. Now, the next step is the State Assembly. Californians should let their state lawmakers know that The Reader Privacy Act is an important privacy update, and ask them to support SB 602.
As we've noted before, many trademark owners are none too happy when political activists use their marks as part of a larger statement about the owners' business or political practices. Sometimes, that unhappiness takes the form of improper legal threats and even lawsuits designed to silence critical speech. In a ruling issued today, a federal judge called a halt to one such lawsuit, affirming the essential balance between trademark rights and free speech.
The case has its origin in a brief action carried out by members of Youth For Climate Truth (YFCT), a group concerned about climate change. The action targeted Koch Industries, a billion dollar company that has publicly challenged the science behind climate change theories. Borrowing "identity correction" techniques pioneered by groups such as the Yes Men, YFCT issued a press release, purportedly from Koch, in which the company promised to stop funding organizations that deny climate change. The release was posted for a few hours on a website (www.koch-inc.com) that partially imitated Koch Industries' own website. The action received some media coverage, but no press organization thought the release was real. If Koch were sensible, that should have been the end of it.
But Koch was not sensible. It sued YFCT for trademark infringement, cybersquatting, violation of the Computer Fraud and Abuse Act (for allegedly not complying with the terms of service on the real Koch website) and assorted state claims, then issued subpoenas seeking the identities of the YFCT members. With help from lawyers at Public Citizen, YFCT moved to quash the subpoenas and dismiss the case.
Judge Dale Kimball granted the motion and threw the whole thing out. On the trademark claims, the judge noted that YFCT's activities were clearly noncommercial and, therefore, governed by the First Amendment, not state or federal trademark law.
The Lanham Act regulates only economic, not ideological or political, competition . . . “Competition in the marketplace of ideas” is precisely what the First Amendment is designed to protect.
On the cybersquatting claims, the judge found that Koch could not plausibly claim that YFCT intended to profit from the spoof website, given that it was operated anonymously, for a just a few hours, and had no commercial purpose.
Koch’s complaint is not that Defendants obtained the information but rather that they ultimately used the information in an unwanted manner. The CFAA addresses only the act of trespassing or breaking into a protected computer system; it does not purport to regulate the various uses to which information may be put.
All in all, a good day for free speech. Hopefully other trademark owners will take heed and learn that the best response to critical speech (including speech that involves "identity correction") is more speech -- not a lawsuit.