The Court notes and must take seriously the argument advanced by the defendants, as well as those made by Amici, regarding whether the unauthorized access alleged here amounts to contract-based violations of Ticketmaster's terms of service that are actionable under civil laws.
Because it found the facts to be complicated and in dispute, the Court held that the issues raised by EFF could be best evaluated after trial, which will allow for a more complete presentation of the government's arguments and proof. The court was especially interested in the government's belated claim that liability could be based on proof of circumvention of what the court called "code-based restrictions." EFF did not directly address the "code-based restrictions" issue in its amicus because it was not the focus of the indictment.
EFF asked the Ninth Circuit Court of Appeals Tuesday to review its ruling in Vernor v. Autodesk, a decision that could undermine the rights of software buyers and other consumers.
Last month, a three-judge panel held that copyright's first sale doctrine – the law that allows you to resell books and that protects libraries and archives from claims of copyright infringement – may not apply to software if the vendor saddles the transfer with enough restrictions to transform what the buyer may think is sale into a mere license. Plaintiff Timothy Vernor has asked the full court to review this decision, and EFF – along with the Association of Research Libraries, the American Library Association, the Association of College and Research Libraries, and Public Knowledge – filed an amicus brief in support of this rehearing.
Copyright owners should not be able to trump the first sale doctrine by using a few "magic words" in a license agreement. By undermining the crucial balance between copyright owners and users that supports valuable resources like libraries, used bookstores, and rentals, the practice hurts both our ability to save a few dollars and our ability to retain, archive and access older, out-of-print materials. We hope that the court agrees to review the case and treats it as an opportunity to put consumer rights and expectations ahead of the overreaching demands of software vendors.
EFF recently received new documents as a result of our FOIA lawsuit on social network surveillance, filed with the help of UC Berkeley’s Samuelson Clinic, that reveal two ways the government has been tracking people online: surveillance of social networks to investigate citizenship petitions and the Department of Homeland Security’s use of a “Social Networking Monitoring Center” to collect and analyze online public communication during President Obama’s inauguration. This is the first of two posts describing these documents and some of their implications. (Read part one.)
Narcissistic tendencies in many people fuels a need to have a large group of “friends” link to their pages and many of these people accept cyber-friends that they don’t even know. This provides an excellent vantage point for FDNS to observe the daily life of beneficiaries and petitioners who are suspected of fraudulent activities.
This social networking gives FDNS an opportunity to reveal fraud by browsing these sites to see if petitioners and beneficiaries are in a valid relationship or are attempting to deceive [United States Citizen and Immigration Services] about their relationship. Once a user posts online, they create a public record and timeline of their activities. In essence, using MySpace and other like sites is akin to doing an unannounced cyber “site-visit” on a [sic] petitioners and beneficiaries.
(Emphasis added). In other words, USCIS is specifically instructing its agents to attempt to “friend” citizenship petitioners and their beneficiaries on social networks in the hope that these users will (perhaps inadvertently) allow agents to monitor their activities for evidence of suspected fraud, including evidence that their relationships might not live up to the USCIS’ standard of a legitimate marriage.
Of course, there are good reasons for government agencies and law enforcement officials to use all the tools at their disposal, including social networks, to ferret out fraud and other illegal conduct. And while one might just chalk this up to another case of “caveat friendster," it does raise some questions about the agency’s conduct.
First, the memo makes no mention of what level of suspicion, if any, an agent must find before conducting such surveillance, leaving every applicant as a potential target. Nor does the memo address whether or not DHS agents must reveal their government affiliation or even their real name during the friend request, leaving open the possibility that agents could actively deceive online users to infiltrate their social networks and monitor the activities of not only that user, but also the user’s friends, family, and other associates. Finally, the memo makes several assumptions about social networking users that are not necessarily grounded in truth and reveal the author’s lack of understanding of the ways people use social networking sites. First the memo engages in armchair psychology by assuming a large friend network indicates “narcissistic tendencies.” Second, and perhaps more disturbing, the memo assumes a user’s online profile always accurately reflects her offline life. While Facebook and MySpace would like their users’ profiles to always be current and accurate, users may have valid reasons for keeping some of their offline life out of their online profiles (for example, many users still feel their relationship status is private). Unfortunately, this memo suggests there’s nothing to prevent an exaggerated, harmless or even out-of-date off-hand comment in a status update from quickly becoming the subject of a full citizenship investigation.
In response, the Ohio Democratic Party promptly published a YouTube video capitalizing on this, illustrating its point with short clips from Redden's acting career. One of the clips came from a film by Arginate Studios, LLC, which then used the DMCA (Digital Millennium Copyright Act) to send a take down demand to YouTube. YouTube removed the video. Under the DMCA, the political video would be unavailable on YouTube for at least 10 days (a significant portion of the time remaining before the election), though the video remains available on Vimeo:
While the use of copyright to take down political speech in the weeks before an election is hardly new (CDT just published a detailed report), this is a particularly egregious example. Why? Because the reuse of a few seconds of Aringate's video to to illustrate a political point is such an obvious fair use.
As an initial matter, the use is extremely transformative (adding new meaning and message). The original video by Arginate is an entry in a film festival's "Road Movie" genre, featuring Redden as Sam Carpenter, a man who provides some special tickets to two women in a bar. The political video's use, on the other hand, was to provide evidence that the supposed steelworker was actually a paid actor. The use could hardly be more transformative. As the Supreme Court explained, transformative works "lie at the heart of the fair use doctrine’s guarantee of breathing space within the confines of copyright."
Moreover, the political ad only used a few seconds of the original film. While courts have held that "entire verbatim reproductions are justifiable where the purpose of the work differs from the original," a fair use is particularly justifiable when it uses the minimum necessary to make its point.
Since the original remains available for free online, it can hardly be said that there is any harm to the market for the original work. As the Supreme Court said, "a use that has no demonstrable effect upon the potential market for, or the value of, the copyrighted work need not be prohibited in order to protect the author’s incentive to create.”
Finally, fair use analysis considers whether the new work benefits the public interest. Communicating with the public about an upcoming election is a core aspect of public debates, and the new video contributes to that debate.
Arginate Studios should be ashamed to have claimed the video was infringing, and should withdraw its takedown notice immediately. YouTube should put the video back up. And Arginate should take a closer look at Section 512(f) of the DMCA — which provide penalties for misrepresenting that an online video is infringing — before sending any more notices.
We asked Jiew about her role at Prachatai, her long-standing commitment to independent media, and the difficulties of trying to run an Internet company in Thailand.
When did you first go online and were your friends and colleagues also online then?
I connected to the internet for the first time in 1997 when I got my first Hotmail account. Only a few of colleagues, friends and family were online by that time. I basically used e-mail to communicate with overseas colleagues and those working in remote offices. E-mail was my main purpose of going online at that time.
When did you get involved with Prachatai and how do you spend your time being both webmaster and director?
I got involved with Prachatai since it started in mid 2004. As a director I am in charge for overall performance of Prachatai which includes informing/consulting the direction, tasks, and challenge of running Prachatai to board members. My job also includes looking after financial tasks such as seeking grants. I have to develop proposals based on consultation with board members and staff in Prachatai. Writing proposals and reports alone already requires a huge amount of time especially when Prachatai is trying to preserve its independence and try not to depend on only 1-2 sources of funding. Moreover, human resource management is another part of my job description as a director.
Being a webmaster is compulsory as I have to know everything about running a website including basic understanding of programming and designing. I have to cooperate with my IT personnel and some outsource consultants to develop Prachatai in the way that reflects its characteristics and yet be user-friendly to audiences and editorial crews with a limitation on our budget. In addition, Prachatai webboard was a part of engaging the audiences to enhance two-way communication and participatory of readers, then it was important that I decided to take care of this part.
Why did you get involved in Prachatai and the Thai Netizen Network?
I got involved with Prachatai as I agreed to the idea of the founder to build up an independent media to provide an alternative source of information. As my academic background is journalism and I had worked on HIV/AIDS advocacy, these made me well-understood of the role of media and rights of people to gain and share views and information. About Thai Netizen Network, I took part since it was formed because of my concern about the rights of internet users especially when the Computer Crime Act was recently enacted.
Tell us more about the arrests and the two cases brought against you.
For the first case, the police initially brought a search warrant to investigate my office. They later showed an arrest warrant to everyone's surprise. Never before there has been any sign of the arrest. I even have been cooperating with them as a witness and a website director.
In the arrest warrant, there was only one charge for allowing a user to post a forum topic deemed insult to the Monarchy. One year and three months later, nine more charges are added into public prosecution.
The second arrest was another strike of surprise. I was stopped upon return from the Internet at Liberty 2010 conference in Budapest and was brought immediately to Khon Kaen province. This case actually took place long before the first one when a Khon Kaen citizen lodged a complaint to the police against Prachatai in April 2008.
However, my charges this time are not only Section 14 and Section 15 of the Computer-Related Crime Act, but also lese majeste and raising unrest among people. The cause of the complaint is comments after an interview of a Thai man who refused to stand for the Royal Anthem. This proves that the law can be abused to disturb individuals because the charge can be filed anywhere and the accused ones need to report accordingly.
How have these events this impacted your life?
First of all, it can be very discouraging to be charged for running an independent media to let people voice their opinions and help the minority to be heard. It also made me worried about how my family feels and thus it gave me a hard time managing relationships.
I can hardly have a long-term plan in life. Having to report in Khon Kaen once a month is already too much to live peacefully, let alone preparing for trials coming next year.
Prachatai webboard, as an important work of mine, had to be shut down. It was not easy to give up on what I have laid a strong foundation, but the burden on both Prachatai and users themselves had been too much to manage. I felt like we can no longer guarantee a safe and free channel for people to express socially and politically.
What kind of effect has enforcement of the Computer Crime Act and Lèse Majesté laws had on civil liberties and human rights in Thailand?
Definitions of offences according to Computer-Related Crime Act can be even more broadly interpreted than those of lèse majesté law. Most charges for lèse majesté that took place on the internet were accompanied by "computer crime" charges. In case that the offence turns out not to be lèse majesté, it can still violate Section 14 of the Computer Crime Act.
Moreover, websites owners are forced to strictly keep their eyes on user-generated contents. This liability causes censorship to tense up and limits people's ability to speak up.
What has been the impact of these laws on the information technology industries in Thailand?
The laws require internet service providers and websites to invest a large amount of effort in monitoring and keeping logs of their services. They also have to comply massive censorship, let alone the loss of reputation that occurs when users cannot access websites.
The new regulation can also damage the economy. Technical burden can redirect online business startups to invest in overseas services instead of local ones. It might eventually prevent them from being founded.
Today Facebook announced three new features that help move the social networking giant closer to satisfying EFF's Bill of Privacy Rights for Social Networking. While EFF continues to have outstanding issues with Facebook, we greatly appreciate these important steps toward giving Facebook users more transparency and control when it comes to how the information they post to Facebook is shared, and more power to take their Facebook data with them if they ever choose to leave the service. While Facebook has taken some good steps here, and we recognize that this is just the first iteration of the new features, we do have several additional recommendations, noted below. We will continue to dialogue with Facebook on these issues.
Clearer Application Controls and The Right to Informed Decision-Making
Today Facebook introduced new application controls, which offer more transparency regarding when and what user information is requested by third-party applications running on Facebook's Platform. Facebook is also moving the application controls into the privacy controls section of the site, where users concerned about app privacy are more likely to find and interact with them.
We think that this is an important step forward in terms of providing more transparency to users about where their Facebook data is going and who’s using it. However, we hope that Facebook will soon take a few steps farther, both by providing a more complete picture of how much information is going to the apps that you install, and also by providing information about how much information is going to the apps that your friends have installed.
This would help address privacy concerns over the "app gap," by which Facebook apps that your friends install can access your information even if you don’t use the app yourself. Additional transparency that shows when those apps are accessing your data can help you make informed choices about your privacy options, and may make you rethink whether you want to share any information at all over the Facebook Platform.
Even though we appreciate the steps Facebook has taken, in the future we would like to see even more transparency on the information pulled by applications. The new controls very helpfully showed the most recent information obtained by each app. However, to give a more complete understanding of applications’ behavior, we have two suggestions.
Recommendation 1: Allow users the option of receiving a notice in their newsfeeds whenever a selected application requests data, rather than just allowing them to see only the last data request. While perhaps few users would adopt this option, those that did could evaluate and rate those apps and tell the world about any unusual behavior.
Recommendation 2: Showing a more complete history of an app's behavior, beyond just the last information that was pulled, would allow users to see the frequency and patterns in application information requests and would help them make better choices about which apps they want to continue using.
The Redesigned "Groups" Feature and The Right to Control
Next, Facebook is introducing additional user control through a redesigned "Groups" feature, which should more easily allow people to choose to share certain information only with subsets of their friends. If widely adopted by users, this will go a long way to enabling better control over contextual privacy.
Context is critical for people to effectuate their privacy preferences. Users know that information that is appropriate to share with one set of their Facebook friends may not be appropriate to share with another. For example, a school teacher might wish to share information about her vacation or family with family and personal friends, but not with other teachers, parents, or students. To get the most out of social networking without unduly sacrificing privacy, it is critical that users be able to easily share information with subsets of one's Facebook friends. Facebook has had "friend lists" for this purpose but they were complicated and difficult to use correctly. So while the "friend list" function could be a useful feature for power-users, it was not widely adopted.
Accordingly, we greatly appreciate the additional control provided by the newly redesigned Groups feature, which will allow people to more easily share information only with particular subsets of their friends. Notably, rather than setting the default for new groups to "Open" — where both group membership and content is public — Facebook has wisely set the default group privacy level to "Closed," meaning that although group membership is public, the content shared within the group is only available to group members. Facebook has also provided an even more private option: "Secret" groups, where both the membership list and content are only available within the group itself.
EFF applauds this new Groups feature, which goes a long way to providing users even more control over their contextual privacy.
We have a further suggestion, however:
Recommendation 3: As a strong proponent of the power of anonymous and pseudonymous speech, EFF further recommends that Facebook also allow for another category of groups: anonymous groups. There are many people, such as violence survivors or HIV positive individuals or religious groups, who may want to have a group discussion without revealing their identities. Facebook should enhance the Groups feature by allowing for the creation of groups where the membership list is secret from members (i.e. just available to the group’s administrators, if anyone), and where group members can interact using pseudonyms rather than their real names.
Our longstanding concern for anonymous speech aside, though, EFF is very pleased with today’s Groups revamp, which we hope will provide users with a powerful new tool for managing their privacy on the Facebook site.
The New Downloadable Data Option and The Right to Leave
EFF's Bill of Privacy Rights states users "should be able to easily, efficiently and freely take their uploaded information away from that service and move it to a different one in a usable format." EFF believes that data portability is a critical component in encouraging competition among social networks on privacy. We are very excited to see that Facebook is taking a big step in this direction by giving users the ability to download and locally store copies of most of their information in a single ZIP file. This new downloadable data file including an archive of your Facebook "wall" as well as your photos, videos, notes, events, and private messages, along with a list of your friends’ names.
The ZIP file does not include your friends' contact information, however. This raises the somewhat tricky question of how to treat contact information of other users for portability purposes. While many people consider their address books to be "theirs," those whose addresses are in someone else's address books may have an independent privacy interest in their email addresses and similar contact information. Friends may have a legitimate concern about their contact information being given to other services, be they social networking or something else, via Facebook export. This makes address books a hard problem when trying to draw the line between your data and your friends' data. Thankfully, Facebook has indicated a willingness to consider possible solutions to this problem, and we at EFF have a few concrete recommendations on that score.
Currently, Facebook users can export their friends’ contact information in two rather roundabout ways. First, they can sync their iPhone address book using Facebook’s iPhone app. Second, they can export their friends’ email addresses to Yahoo! Mail, and then pull the information from Yahoo! (instructions here). However, these options don’t provide sufficient portability for the majority of users, and also don’t consider the privacy of the friends whose data is being exported.
Recommendation 4: EFF thinks that the best balance between privacy interests and portability is to allow an easier and more direct export of contact information of people on your friend list (to the extent that information has been made visible to you), while also...
Recommendation 5: ...providing a setting whereby your friends can opt-out of such export of their contact information. This opt-out should also apply to other export options such as those available through Yahoo! Mail and the iPhone.
Recommendation 6: As an additional privacy measure, we think that the contact information of your friends — subject to their opt-out — should be available as a separate file, rather than or in addition to being included in the downloadable file of all your Facebook content. While contact information can be the most critical aspect of portability for moving to a new service, people may not want to share their complete Facebook data file with a new service as a part of a transition. A separate contacts file would enable users to easily upload to another service only the contact information of their friends, without simultaneously having to provide all of the other data they’ve downloaded from Facebook, such as photos, wall posts, etc.
Turning back to today’s changes, we have two additional suggestions to better enhance privacy, the final one aimed at users rather than Facebook itself.
Recommendation 7: To help preserve privacy, the privacy permission level for each piece of data should be included in the export — e.g., if you shared a photo with only your friends, there should be metadata attached to that photo in the downloadable file that indicates that privacy setting. This would allow users to upload their data to another service without having to re-assign privacy levels to every post.
Recommendation 8: Finally, a suggestion for users: while we’re pleased that Facebook is giving users an easy way to export all of their data, it’s important for users to recognize that the ZIP file will contain a ton of sensitive information, and may reside on your computer indefinitely. Accordingly, we recommend that users encrypt the data after downloading. GNU Privacy Guard, a robust free software encryption program that implements the OpenPGP standard, can provide an appropriate level of protection, and there are other tools that can do the same.
Remaining Concerns About Facebook and Privacy
In June of this year, EFF, the ACLU of Northern California, and a coalition of privacy groups wrote a letter to Facebook CEO Mark Zuckerberg urging Facebook to give users true control over their personal data by taking six critical steps to protect members' information. Facebook's response to the privacy group letter was only notably positive on one step: protecting the privacy of users’ communications with the site by using HTTPS encryption, which remains a work in progress.
Today, we are delighted that Facebook implemented another one of these steps, by making it far easier to export user's uploaded information. However, the remaining steps are important, and we will continue our dialogue with Facebook on each of these issues.
This morning's Politico brought with it great news for those who care about free speech and fair use online:
A markup on SJC Chairman Leahy’s IP infringement bill was postponed late Wednesday, as staffers anticipated the chamber would finish legislative work and adjourn for recess before the hearing could commence. The change in plans should delight some of the bill’s critics, at least, who expressed concern that the legislation was moving forward quickly.
Translation: The Senate Judiciary Committee won't be considering the dangerously flawed "Combating Online Infringement and Counterfeits Act" (COICA) bill until after the midterm elections, at least.
This is a real victory! The entertainment industry and their allies in Congress had hoped this bill would be quickly approved by the Senate Judiciary Committee with no debate before the Senators went home for the October recess.
Massive thanks to all of you who used our Action Center to write to your Senators to oppose this bill. Thanks as well to the 87 Internet scientists and engineers whose open letter to Congress played a key role in today's success, and to all the other voices that helped sound the alarm.
Make no mistake, though: this bill will be back soon enough, and Congress will again need to hear from concerned citizens like you. So stay tuned to EFF.org for any new developments.