EFF and a coalition of public interest groups urged the U.S. Supreme Court in an amicus brief Tuesday to reject so-called "privacy" protections for corporate entities under the Freedom of Information Act (FOIA).
The case, Federal Communications Commission v. AT&T, started when the company tried to block disclosure of records about its participation in the federal government's E-Rate program. AT&T, invoking FOIA exemptions that were created to protect an individual's private data like physical address or email address, argued that it was a "corporate citizen" entitled to "personal privacy."
Surprisingly, a federal appeals court agreed with AT&T, setting up this Supreme Court battle with unusually high stakes for transparency and accountability. In the amicus brief filed Tuesday, EFF and co-amici argue that the intent of FOIA's privacy provisions are unmistakably to protect individuals, not corporations, and that is how the law has always been interpreted. If AT&T is allowed to expand the law’s privacy protections to "corporate citizens" then broad new swaths of previously public records will be hidden from view. It's not hard to imagine how documents on the BP oil spill, or coal mine explosions, or the misdeeds of Bernie Madoff's investment firm might be significantly harder to find if AT&T's misguided arguments prevail.
But this is only the most obvious problem with the idea of "personal privacy" for "corporate citizens." Currently, government agencies routinely post reports and data about corporate activities on their websites without a specific FOIA request. But under the appeals court decision, this kind of free flow of information will be chilled by the fear of a lawsuit. Additionally, this interpretation of the FOIA would require government agencies to consult with corporations before the release of any information that arguably implicated their "privacy" interests. This would create more delays in an already lengthy FOIA process, and allow even more opportunities for corporations to block important records from the public eye. Tellingly, corporate entities would end up enjoying more privacy protections than the law currently affords individuals, who are not given any notice about potential record releases under FOIA.
FOIA already grants substantial protection to corporations' interests, allowing for corporations to protect trade secrets and other confidential information. Expanding the Act's exemptions in the extreme manner urged by AT&T is not what lawmakers intended — instead of facilitating transparency and accountability, it would morph into a broad shield preventing the public from knowing what the government is up to.
For EFF, the FOIA is a critical tool for exposing the government's expanding use of new technologies that invade Americans' privacy, and we are very proud of the breadth of information EFF's transparency work has brought to light. We hope the Supreme Court protects open government and Americans' right to know in this case.
The other organizations joining Tuesday's amicus brief include the Citizens for Responsibility and Ethics in Washington (CREW), the American Civil Liberties Union (ACLU), the American Library Association (ALA), the Association of Research Libraries (ARL), the National Security Archive, and OpenTheGovernment.org.
EFF recently participated in the UN Internet Governance Forum (IGF) in Vilnius, Lithuania, advocating for the respect of citizens' fundamental rights online. The IGF is an experimental and influential multi-stakeholder policy forum convened by the United Nations Secretary General in 2006, where civil society, industry, the technical community, and decision makers discuss key aspects of Internet governance issues on an equal footing. The informal nature of the IGF is designed to promote the full and frank exchange of ideas on important Internet policy issues without the knock-down-and-dragged-out conflicts that characterize other international fora where recommendations or binding treaties are made. This year, IGF brought together over 1,400 participants from around the world. Videos and transcripts of all the official meetings are now online and make for interesting viewing.
EFF participated in several panels and co-organized a workshop on The Future of Privacy together with the Internet Society. The speakers included representatives from the US Federal Trade Commission, the Spanish Data Protection Authority, the Council of Europe Consultative Committee of Convention 108, Oracle Corporation, the European Data Protection Supervisor, AT&T, Google, the Internet Society, and EFF. All of them expressed their views on existing laws and international frameworks on privacy, and helped to identify some of the challenges and opportunities that lie ahead.
In the workshop, EFF focused on several key areas where governments will be able to play a vital role in protecting their citizens' privacy both now and increasingly so in the future, including setting the right standards for government access to citizens’ private communications and related communications records. Here are a few of the points we highlighted:
• The law should protect the privacy of your data stored for you by a provider in the same way that it protects your data stored by you on your home or in your office. In an age where countless millions are trusting web-based email services such as Microsoft’s Hotmail to store years worth of private correspondence, and cloud services such as Google Docs to store their most private documents, it is time for privacy law to treat online storage as an extension of your own home or office. Privacy law has typically provided strong protections against government intrusion into information that you store offline personally. It should also provide strong safeguards for the data you store for a similar purpose with an online third party provider.
• The law should include better protections for your traffic data. Typically, the contents of communications are strongly protected by privacy law whereas non-content transactional data, traffic data, or “meta-data” is typically given much less protection, even though it can be just as revealing. Monitoring of other data that is arguably transactional and not content -- such as the location of your cell phone, clickstream data revealing the web sites you visit, and search logs indicating what you searched for using Google or another search engine -- is just as invasive as reading your email or listening to your phone calls.
EFF called on government officials to focus their analysis on the invasiveness of the surveillance techniques at issue, rather than deciding the appropriate level of privacy protection based on where the data is stored, or whether it is characterized as content or traffic data. Communications are communications, whether telephone conversations or e-mail messages. The mere fact that Internet communications leave more detailed traces should not entail less privacy protection vis-à-vis governments. We believe that mandatory data retention regimes that compels ISPs and telcos to retain innocent citizens' Internet traffic data should be repealed.
The panel also discussed the revision of the EU Data Protection Directive, the Council of Europe's Privacy Convention 108—the first legally binding international privacy instrument, the harmonization and interoperability of privacy regimes in different countries, as well as the insights of the technical community. The comprehensive report produced jointly by EFF and ISOC contains more detailed information about the workshop participants' presentations and fascinating exchange of views on these subjects.
The IGF has provided a very useful venue for discussing these important global issues with key government and non-governmental stakeholders, but whether it will continue to do so in the future is currently unclear. At the end of this year, the United Nations' General Assembly will decide if it should extend the IGF's initial five-year mandate. The UN Commission on Science and Technology for Development (CSTD) is currently carrying out an open consultation on the ways in which to improve the Internet Governance Forum (IGF). A road map of the future CSTD work on IGF is now posted here. Stay tuned to Deeplinks for news and our thoughts on these breaking developments.
In the last few weeks, Facebook and Google have been engaging in a public tussle over an issue that is near and dear to EFF's heart: data portability. The crux of the issue is that when you sign up for Facebook, you can find your Gmail contacts or invite them to join the social networking service with a few quick clicks. But when you sign up for Google, Facebook prevents you from easily inviting all of your Facebook friends to Google, despite the fact that Facebook makes it easy for users to export their contacts to other services like Yahoo!.
This comes at a time when Facebook is launching a messaging product that may rival Google's communication applications and rumors abound that Google is looking to make a foray into the realm of social networking — suggesting that market advantage, rather than user rights, could well be driving this data portability squabble.
Google's maneuver is particularly interesting in light of Facebook v. Power Ventures, a case in which Facebook has sued a company that offers a tool for users to access and aggregate their personal information across social networking sites. Because Facebook's terms of service don't allow users to access their information through "automated means," Facebook claims that Power's access is not authorized or permitted, and therefore violates state and federal computer crime laws. (The court recently threw out one of these claims, finding that Power could not have violated California’s computer crime law merely by breaching Facebook's terms of service — a result EFF urged the court to reach in two amicusbriefs.)
So Google put Facebook in a bind. Facebook could:
Let users take their Facebook contacts to Google,
Stop importing contacts from Google, or
Continue its current practice and violate Google's terms of service — which Facebook itself has argued is criminal behavior.
Rather than taking this opportunity to give Facebook users the ability to export their contacts — something that EFF has strongly advocated for in the past — Facebook instead created a tool to work around Google's restriction. Users signing up for Facebook are now prompted to download their Gmail contacts to their hard drives, and then upload them to Facebook. While this means an extra step for users, the end result is simply that Google contact data is still portable to Facebook, and Facebook doesn't reciprocate. Google, in its latest salvo of the battle, is highlighting Facebook's approach in a new message that asks users seeking to export their Gmail contacts to Facebook whether they're sure they want to take their contacts to a service that refuses to let them export.
So why does exporting data matter to users?
Data portability is a deceptively simple idea with serious benefits for users. EFF championed data portability in our Social Network Bill of Rights. If an online service disrespects user privacy, lacks functionality or violates user expectations, a user should have the right to pack up her information easily and leave. This means that online platforms would have a vested interest in making sure users were happy with their services — or face an exodus.
Facebook has been working to improve its data portability. In October, Facebook announced that it would provide a way for users to export their content, which fits squarely into the Social Network Users' Right to Leave. (That is, assuming you can figure out how to close your Facebook account.) But Facebook still doesn't allow users to export the contact information of friends to any service they like.
However, that might be the most important thing.
Social networks like Facebook are more than just status updates, photos and links. They are built on relationships with people. So if you really want to abandon your social networking account and start homesteading a virtual farm on a different online platform, you'll want to bring the contact data of your digital acquaintances with you. Facebook's failure to freely provide this functionality makes it more difficult to leave Facebook for one of Facebook's many social networking rivals.
Facebook, for its part, argues that users don't have the right to easily download their friends' contact data anymore than they have the right to mass download their friends' photo albums. This is a somewhat dubious argument, considering Facebook does allow contact data to be exported to the iPhone address book, Yahoo! and Hotmail. While user privacy is important, hamstringing data portability isn't the right solution. (And in fact, a savvy user can export Facebook contacts if he or she tries. Here's how.) If Facebook wants to respect user privacy and choice, it should provide a simple way for users to download data — including the contact data of friends — while also providing an opt-out for individuals who never want their data downloaded by online acquaintances.
One thing should be clear to users of both Google and Facebook: when companies guard data to obtain a market advantage, consumers lose out.
UPDATE (11/16/10) — InsideFacebook.com is reporting a new feint from Facebook in its knife fight with Google over portability. After the launch of Facebook's new unified messaging product yesterday, a Facebook spokesman told InsideFacebook that the company would allow users to export their friends' email addresses — but only up to a point. Users will *only* be able to export their friends' "@facebook.com" email addresses — the addresses associated with the new messaging service — which does little to enable competition in the social network arena, whether from Google or anyone else. As InsideFacebook points out, "Even if Google or another company managed to recreate parts of the social graph by importing @facebook.com addresses, these companies would still have to contact these users by their @facebook.com accounts, leaving the social network as the middleman."
When Microsoft announced that it was launching a webcam-style peripheral for its Xbox360 that would allow users to interact with the game system without the need for a game controller, the excitement was not limited to gamers. The Kinect, which allows a user to control games through gestures, speech, and presented objects or images immediately intrigued the hardware hacking community. The folks at AdaFruit Industries gushed, “Imagine being able to use this off the shelf camera for Xbox for Mac, Linux, Win, embedded systems, robotics, etc. We know Microsoft isn’t developing this device for FIRST Robotics, but we could!”
Given the range of possibilities for this technology, it is no surprise that it was immediately reverse engineered. Like the CueCat and Aibo and many other technologies before and after them, the Kinect has so many cool potential new uses that limiting those who can use it to those approved by Microsoft would be a tremendous waste and a lost opportunity for innovation. After all, reverse engineering is a crucial component of any healthy technical ecosystem.
To that end, AdaFruit offered a prize to the first person to write an open source driver for the Kinect. They then raised their bounty to $3,000. Days later, Spain-based hacker Hector Martin claimed the bounty. Within a day, hardware hackers were employing the open source driver to put the Kinect to all kinds of imaginative uses, including a multi-touch interface.
Microsoft’s initial response was to rattle its sword. A Microsoft spokesperson told CNET, “With Kinect, Microsoft built in numerous hardware and software safeguards designed to reduce the chances of product tampering. Microsoft will continue to make advances in these types of safeguards and work closely with law enforcement and product safety groups to keep Kinect tamper-resistant."
Microsoft should keep its sword in its scabbard. The Kinect technology is getting rave reviews and generating a real buzz. Microsoft could blow all of this goodwill if it tries to shut down independent innovation around the Kinect, as Sony learned when it tried to shut down innovation around the Aibo. Fans were so outraged that Sony was ultimately spurred to release a programmers kit for it. Microsoft should learn from Sony's experience and embrace its role as the creator of a new platform for innovation by supporting efforts like those of AdaFruit and hacker Hector Martinafter all, every hacker and every user of a hacked Kinect will have to buy the technology first.
Trying to stop tinkering won’t work anyway — the street finds its own uses for things and the potential uses for this in-home robotic device start from the prestigious FIRST contest and reach as far as the imagination will take them.
AdaFruit has now offered an additional $1000 bounty for a tool that makes it easy to use the Kinect on LINUX systems and Matt Cutts, the head of Google's webspam team, is offering another $1000 prize for the coolest tool, demonstration, or application using the Kinect.
Adafruit also made a donation of $2000 to the Electronic Frontier Foundation in the midst of this, citing our extensive work in support of coders’ rights and our efforts to preserve the freedom to tinker in the face of the anti-circumvention provisions of the DMCA. We greatly appreciate the support.
On behalf of the EFF staff, thank you for helping us to compete in PayPal's matching challenge. Together we raised over $70,400! Individual donors like you make EFF's work possible. EFF will also receive $5,000 in matched funds directly from PayPal, and additional matched funds from two very generous EFF members.
Don't forget to match your gift with your employer:
Ask your human resources department if your employer matches donations.
Fill out the paperwork and forward it to EFF for completion (if necessary).
You're done! It's a simple step that maximizes your impact and keeps EFF going strong.
Even if you don't use PayPal or don't have funds to contribute, there are many valuable ways to help and get involved with digital rights. Thank you for all of the ways you support EFF!
Congratulations to the winners of EFF's 2010 Pioneer Awards: Steven Aftergood, James Boyle, Pamela Jones and the website Groklaw, and Hari Krishna Prasad Vemuru! The 19th Annual Pioneer Awards ceremony was held this past Monday at 111 Minna Gallery in San Francisco. We were all deeply inspired by the words of our award winners and our Master of Ceremonies, Cory Doctorow, and want to share the experience with all who weren't able to join us in person.
Finally, we'd like to share the words of our VIP ticket contest winner, Larry Starkand, who wrote in to tell us about how EFF inspires him to support digital rights:
I first became aware of and inspired by EFF in the same way I continue to be today. It was nearly 20 years ago after the OKC bombing, when the newly elected Senator Feinstein wanted to censor bomb making information from the internet. Mitch Kapor had been called to testify before the committee, and when he first spoke about First Amendment protections and free speech, Sen. Feinstein immediately piped up and said: I am sure when our forefathers sought to protect our right to free speech they did not mean those who would foster the violent overthrow of our lawful government. To which Mitch responded - Umm Senator? YES THEY DID. The next day I joined the EFF and have been a member ever since. Just like that day, EFF inspires me every day to be aware, to speak up and always remain vigilant, because Freedom is taken slowly when we are not looking.
Many thanks also to our sponsors: CEA, JibJab, Junk Email Filter, and Zynga; to 111 Minna Gallery; and to our 2010 Pioneer Award Judging Panel: Jim Buckmaster, Cory Doctorow, Mitch Kapor, Drazen Pantic, Barbara Simons, and James Tyre.
EFF is pleased to welcome yet another new addition to our team: Technology Director Chris Palmer. Chris is hardly a newcomer, however -- he's a former EFF technologist who is returning to the EFF fold after several years in the technology industry focusing on application security.
Most recently, Chris worked as a Senior Software Engineer at Google on securing the Android operating system for mobile devices. Before that, he was a Principal Security Consultant at iSEC Partners, a security engineering consultancy, where he hacked a wide variety of applications and platforms. Chris also worked as a developer at web app shops in San Francisco and Minneapolis, in addition to his previous tenure as an EFF Staff Technologist.
Chris is a security engineering expert, who has presented at various conferences including Black Hat, DefCon, and Web 2.0 Expo. You'll be hearing a lot from him about security issues on our blog and elsewhere. Welcome Chris!
UPDATE: On the morning of Thursday, November 11th, one of EFF's long-time supporters pledged to match new funds donated through this week's PayPal Challenge. We have only two days left to take advantage of this generous offer. Please help EFF by donating through PayPal today.
Check out our progress! Defenders of digital freedom have proven their commitment to EFF this week. We've raised over $50,000 in donations. Click here to see how much we've raised. As of Thursday morning, EFF is in first place for the PayPal Challenge. If we finish in first place, it means bonus funds for our organization!
Donate to EFF this week and you can double — or even triple — the value of your contribution! PayPal and Convio will match up to $5,000 in donations to EFF made via PayPal between Tuesday, November 9, and Friday, November 12, 2010.
Enter the information and choose PayPal as your payment method.
You will be redirected to a PayPal login page to complete the transaction.
You're done! PayPal matching is automatic.
Then, triple your donation with employee matching.
Ask your human resources department if your employer matches your charitable donations.
Fill out the paperwork and forward it to EFF for completion (if necessary).
You're done! It's a simple step that maximizes your impact and keeps EFF going strong.
Even current members can make contributions to help put EFF on top! And as an added bonus, the charity that raises the most money and the charity that receives the most donation transactions will each receive $1,000 prizes. But hurry, the contest ends on Friday!