La Quadrature du Net and the Electronic Frontier Foundation invite you to join us for a drink in Paris to discuss ACTA (the Anti-Counterfeiting Trade Agreement), Net Neutrality, and fundamental freedoms on the Internet. EFF International Rights Director Katitza Rodriguez and spokesperson of La Quadrature du Net Jérémie Zimmermann will be there to talk about the latest critical battles affecting digital rights in Europe and around the world.
Our first ever joint Apéro, or happy hour, will kick off Quadrature Communication Camp. QCC is a weekend of creativity (spanning visual, animated, and written media and more) with the purpose of creating dialogue about the threats to the Internet and our freedoms. RSVP today, or share this invitation with your friends: https://www.eff.org/apero.
La Quadrature du Net
LQDN is an advocacy group that promotes the rights and freedoms of citizens on the Internet. More specifically, it advocates for the adaptation of French and European legislation to respect the founding principles of the Internet, most notably the free circulation of knowledge. As such, La Quadrature du Net engages in public-policy debates concerning, for instance, freedom of expression, copyright, regulation of telecommunications and online privacy.
Canadian company Netsweeper produces filtering software that is utilized by several countries to block web sites across various categories. In Yemen, popular blogging site Tumblr is blocked, due to Netsweeper’s categorization of the site as “pornographic.”
Similarly, a number of U.S. companies, including McAfee SmartFilter, Websense, and Cisco, produce software used by foreign governments to block and censor websites. So far, no policy exists to prevent the export of such products.
In a recent article in the Toronto Star, Netsweeper spokesperson Scott O’Neill stated that the company has a “no comment policy” regarding its use by foreign governments.
Crackdowns on ‘Anonymous’
This week saw crackdowns on the "Anonymous" movement in Turkey and Spain, following attacks on government websites in both countries. In Spain, police arrested three and seized a server that they claimed was used in attacks against several governments as well as Sony. In a YouTube video, members of Anonymous denied that the three detainees had lead the attacks.
In Turkey, following numerous DDoS attacks perpetrated against government sites--purportedly in response to the Turkish government’s plans to adopt a universal Internet filter--authorities arrested 32 individuals allegedly involved in the attacks. Eight of those detained are believed to be minors.
Tunisian Activists Speak Out Against Porn Blocking
In Tunisia, where prior to the fall of Ben Ali, Internet censorship was pervasive, activists are pushing back against a court order that would restrict access to all pornographic sites.
In an online petition [FR], Tunisian activists have stated their concern for the filtering of pornographic content, in that it “poser la question de la méthode” (begs the question of method), noting that blocking one category of sites opens a door to further censorship.
Since last year, we’ve watched withdismay Immigration and Customs Enforcement's increasing use of domain name seizures as part of its stepped-up IP enforcement strategy. Today, one of the seized domains is taking the issue to court.
Puerto 80, the Spanish company behind Rojadirecta.com and Rojadirecta.org, which were seized in January of this year, today filed a petition in the Southern District of New York for the return of those domains. The Rojadirecta site, which is made up of user forums and link indexes, has been found by two Spanish courts specifically not to violate copyright. The substantive brief in support of the petition outlines not only the reasons why the domains should be returned, but also the absurd roadblocks Puerto 80 has encountered in its efforts to work with government authorities to get this matter resolved without judicial intervention.
We're very glad that Rojadirecta is fighting back so that this and other domain name seizures can receive more careful judicial consideration. We'll be following the case closely and expect to weigh in as amicus as well.
New member shirts! For a limited time, pick up the new swag featuring EFF blasting through injustice in the digital universe. The front showcases our 8-bit style robot mecha girl throwing EFF pixel fire across the chest. The back proclaims "I FIGHT FOR THE USERS" for all of you pro-user zealots out there. It's available in two styles: Women's Gildan SoftStyle (S-2XL) and Men's Fruit of the Loom Lofteez (S-3XL).
Join or renew your membership at the Copper Level or higher and choose this free gift today! It's a small token of our appreciation for supporting EFF's activism, legal battles, and long-term sustainability as a defender of the people. Thanks for taking a stand with us!
When we learned that Apple had stepped forward to support iPhone app developers who had found themselves threatened with patent litigation (and, in some instances, actually sued) based on their use of Apple-provided technology, we hoped that could be the end of the matter – or at least that Lodsys would pick its fight with Apple, who has the resources to fight back.
Unfortunately, the company that started the mess, Lodsys, has decided to up the ante, suing seven developers in the notoriously "troll-friendly" Eastern District of Texas. But Apple is staying involved. Yesterday it filed a motion in Texas to intervene in the suit pending against those developers. In its filings, Apple claims that its license to the Lodsys patents covers the uses of the technology at issue by the app developers or, relatedly, that Lodsys' rights were exhausted. Apple does not argue that the Lodsys patents are invalid (and it likely can't under terms of that license).
As this story doesn't appear to be ending soon, some background may be helpful. The players are:
Lodsys: the company that owns the patents at issue. Like many patent trolls, Lodsys does not make or sell anything, but appears to exist solely to exploit rights in patents that it obtained from another company, Intellectual Ventures, which reportedly owns more than 30,000 patents. Of note, like Lodsys, Intellectual Ventures did not invent the patents at issue.
Apple and Google: the companies that, as has been much reported, have already taken a license to the Lodsys patents. Both Apple and Google provide (and require) that their app developers use technology in their apps that Lodsys claims is infringing.
ForeSee Results, Inc.: a Michigan web analytics company that filed a suit against Lodsys last week in Chicago. ForeSee itself has not been threatened by Lodsys, but its high-profile clients, such as Adidas AG and Best Buy, have. In response, ForeSee alleges that all four of Lodsys’ patents are invalid.
Non-app developer defendants: Lodsys has also sued (and threatened to sue) many companies, alleging that their web-based businesses infringe the Lodsys patents. These include Adidas and Best Buy, listed above, and other companies that over products that are not even web-based such as Brother, Canon, HP, Hulu, Lenovo, Lexmark, Motorola Mobility, Novell, Samsung, and Trend Micro, in a case pending in Texas.
The patents: Lodsys owns four patents, two of which have been asserted against app developers in the lawsuit (the ‘565 patent and the ‘078 patent). Those patents are set to expire no later than 2013. As discussed above, they were invented by an individual who, short of making a sale presumably to Intellectual Ventures, has no connection to Lodsys or any of the potential defendants.
So what’s next? The Lodsys patents may be found invalid in either the ForeSee case in Chicago or the case against companies like Brother, Canon, HP and Hulu, which is currently pending in Texas. Both cases are at an early stage, however, and it could take years to get a final ruling on the patents’ validity. Or, those cases could end in a settlement, which would leave the patents untouched and enforceable. Another option would be for Apple and/or Google to pay the litigation expenses of the app developers in an effort to invalidate the patents.
In the meantime, the targets of Lodsys’ cease-and-desist letters will have to decide how to proceed. The licensing fee Lodsys claims to be seeking – 0.575% – may seem low, and, in many instances, will come out to less than the cost of defending a lawsuit: that's how the troll business model works. But paying the fee, especially in these circumstances, looks a lot like paying a tax on innovation. What is worse, for some developers it will be enough to make their business unsustainable.
As the UN Special Rapporteur on Freedom of Opinion and Expression noted recently “[Internet] Intermediaries play a fundamental role in enabling Internet users to enjoy their right to freedom of expression and access to information. Given their unprecedented influence over how and what is circulated on the Internet, States have increasingly sought to exert control over them and to hold them legally liable for failing to prevent access to content deemed to be illegal.”
In countries across the world, we're witnessing escalating efforts to turn Internet intermediaries into chokepoints for online free expression. Internet intermediaries—Internet Service Providers (ISPs), online service providers like Twitter and Google, and even Internet cafes—are increasingly subject to legal demands by private citizens and governments worldwide for allegedly infringing or illegal content to be removed, filtered or blocked, and for mandatory collection and disclosure of Internet users' personal data. At the same time, whether Internet intermediaries have liability for content posted by their users, and in what circumstances, remains unsettled in most of the world.
This is especially true in the developing world, where Internet usage is rapidly growing. In leading developing countries like Brazil and India, policymakers are just now beginning to confront the issue and to enact rules that specify what steps intermediaries must take to avoid liability for user generated content that is allegedly obscene, infringing, defamatory, or otherwise illegal. If local law enforcement authorities and international rights holders associations have their way, intermediaries will be saddled with strict obligations to take down (or, worse, monitor) content, and retain user data for investigatory purposes, turning litigation-averse intermediaries into de facto censors.
These risks are very much in evidence in India, which is currently clarifying and refining its own standard of liability for Internet intermediaries. After a particularly notorious case holding the managing director of a popular online marketplace, Banzee.com, personally liable for a user's offer to sell an obscene video, the Indian Parliament amended the Information Technology Act in 2008, ostensibly to curb the liability of intermediaries for user content. Taking the EU E-Commerce Directive as its model, the Act extends safe harbor protection to services that 1) are merely transmission conduits, 2) temporarily cache content, or 3) host content and exercise "due diligence" in complying with the Act and other government regulations. Unfortunately, the scope of safe harbor immunity is unclear, with some courts arguing that secondary liability for copyright infringement is not precluded.
On February 7, 2011, the government released proposed administrative regulations to further clarify the meaning of hosts' obligations to perform "due diligence." Disappointingly, the drafting process was not very open or inclusive. The government called for comments on the rules by the end of February – a particularly short period - and when newspapers and civil liberties advocates criticized the rules, the government responded with a defensive press release asserting: "these due diligence practices are the best practices followed internationally by well-known mega corporations operating on the Internet." One lesson for other developing democracies is that the process matters, not just for legitimacy, but also for purposes of producing satisfactory substantive provisions.
The rules came into force quietly in April. Their overbroad scope poses the greatest problem. They require intermediaries to adopt terms of service that prohibit users from hosting, displaying, publishing, sending or sharing any proscribed content, including not just obscene or infringing content, but also any material that threatens national "unity" or "integrity," "public order," or is that "grossly offensive or menacing in nature," "disparaging," or "otherwise unlawful in any manner whatever." Such a broad standard lacks clear limits on what kinds of content may be taken down and invites abuse.
To make matters worse, the takedown procedure is swift and harsh. Once an intermediary discovers, or is notified of proscribed content, it must "disable" the content within 36 hours—effectively precluding any investigation of a complaint's legitimacy. Under the rules, intermediaries are also authorized to immediately terminate access or usage rights. They must also preserve related user records for 90 days for investigatory purposes. This is not a flexible, discretionary standard: under the rules, intermediaries must "strictly follow the provisions of the Act or any other laws."
Unlike the rules of the 1998 United States' Digital Millennium Copyright Act (DMCA), users in India do not have any recourse if their content is removed wrongfully. Nor are there any safeguards against abuse: the rules do not require that the party lodging the complaint have any rights or even have a good faith basis for believing that the content is illegal.
It is not difficult to see where this leads. Even before the 2008 amendments, Indian law enforcement authorities were apparently prepared to cut side deals with intermediaries to more swiftly delete content and gain greater access to user data, and not always to great crime-fighting effect. At the same time, technology companies in India are struggling to keep up with law enforcement demands. As for users, the rules will likely create a parallel process to the judiciary for dealing with legal matters: If you're an an entity in India that wants to censor a viewpoint online, why file a copyright or defamation suit in India's judicial system, which suffers from a 30 million case backlog, when you can have the material permanently removed without any further process within 36 hours simply by dropping an email to Google? The stakes for citizens’ free expression in India are very high indeed. We hope that reports that the Indian government is considering revising the regulations to provider greater liability protections for Internet intermediaries come to pass.
We're pleased to report a great response to our second annual DEF CON Getaway Contest! Now at the halfway point, thirty-one participants have raised over $2,500 so far!
Who will win the mind-numbingly good Grand Prize Package including a standard suite at the Rio Hotel and Casino, two DEF CON 19 Human badges, two tickets to Vegas 2.0's (in)famous kickoff party theSummit, two badges for the ultra-exclusive Ninja Networks Party, AND an EFF Swag Super Pack? With just weeks left, it's all up to you!
Cheers to current first place team Holy Handgrenades with $1,182.04! These veterans from last year's contest are back with a vengeance. ISD Podcast is in second place with $1045.42, and team DoC is in third place with $300. Good work!
Contest registration is still open, and it's anyone's game! The fantastic prizes for first, second and third place are within your reach. Form a team; put a badge up on your blog; get your friends and family to pitch in; spread the word on sites like Twitter, Identi.ca, and Facebook -- there are lots of ways to help EFF and compete for the prizes while supporting our freedom to tinker, explore, and hack. See Official Rules for full details.
Check back for the latest developments on EFF's DEF CON 19 Getaway Contest. If you haven't already registered, what are you waiting for? It could be you in Vegas!
Back in December of 2010, Facebook debuted its tag suggestion feature, which works by using facial recognition technology to examine photos in which you’ve already been tagged, and then creating what Facebook calls your “photo summary” or “photo comparison information,” or what we’ll call your “facial fingerprint.” Using this information, FB suggests your name to your friends when they upload a photo of you, and invites them to tag you in that photo. Over the last few months, Facebook has been slowly rolling this feature out to all of its users, which caught the attention of security firm Sophos, The New York Times, and the European Union, which has launched a probe to investigate the new feature.
Like most new Facebook features, this one is turned on by default. If you would prefer not to have Facebook store your facial fingerprint and use it to suggest photos in which your friends can tag you, you will need to opt out manually. The following video will show you three ways to delete your facial fingerprint data from Facebook, and show you a privacy setting that lets you ensure that you are the only person who can see tags identifying you in photographs.