In the face of stiff resistance from Yahoo! and a coalition of privacy groups, Internet companies and industry coalitions led by EFF, the U.S. government today backed down from its request that a federal magistrate judge in Denver compel Yahoo! to turn over the contents of a Yahoo! email user's email account without the government first obtaining a search warrant based on probable cause.
The EFF-led coalition filed an amicus brief this Tuesday in support of Yahoo!'s opposition to the government's motion, agreeing with Yahoo! that the government's warrantless seizure of an email account would violate both federal privacy law and the Fourth Amendment to the Constitution. In response, the Government today filed a brief claiming that it no longer had an investigative need for the demanded emails and withdrawing the government's motion.
While this is a great victory for that Yahoo! subscriber, it's disappointing to those of us who wanted a clear ruling on the legality and constitutionality of the government's overreaching demand. Such demands are apparently a routine law enforcement technique. If the government withdraws its demand whenever an objection is raised by an email provider or a friend of the court like EFF, however, it robs the courts of the ability to issue opinions on whether the government's warrantless email surveillance practices are legal.
This is not the first time the government has evaded court rulings in this area. Most notably, although many federal magistrate judges and district courts have ruled that the government may not conduct real-time cellphone tracking without a warrant, the government has never appealed any of those decisions to a Circuit Court of Appeals, thereby preventing the appeals courts from ruling on the issue. Similarly, a federal magistrate judge in New York, Magistrate Judge Michael H. Dolinger, has twice invited EFF to brief the court on applications by the government to obtain private electronic communications without a warrant, and in each case, the government withdrew its application rather than risk a ruling against it (in one case the government went so far as to file a brief anticipating EFF's opposition before finally dropping the case).
The government's unwillingness to face off with EFF in these cases is certainly flattering, and it speaks volumes about their view of whether what they are doing is actually legal. But the right answer here is to let the courts decide, not to have the government turn tail and run whenever someone seeks real judicial review of their positions.
So while it is a big victory for the Yahoo! customer, today's capitulation by the government is a profound disappointment to those of us seeking to clarify and strengthen the legal protections for your private data. Court rulings are needed to keep the government within its legal bounds when it comes to warrantless communications and location surveillance. Next time, the government should stay in the fight, because EFF isn't going to back down when it comes to protecting your privacy.
Wow, that was fast: little more than two weeks after EFF testified to a Senate subcommittee that federal electronic privacy law needs to be updated to protect against secret video surveillance just like it regulates electronic eavesdropping, Senator Arlen Specter has responded by introducing a bill to do just that.
Specter, chairman of the subcommittee that held the hearing in response to the scandal over a Pennsylvania school district's alleged use of webcams on school-issued laptops to spy on students at home, today introduced the Surreptitious Video Surveillance Act of 2010. The bill, co-sponsored by Senators Feingold and Kaufman, would update the federal wiretapping statute to create serious criminal and civil penalties for secret, nonconsensual video surveillance inside any temporary or permanent residence, be it your house, your apartment, or your hotel room.
In last month's hearing, EFF pushed for such an update to the law, reminding the Senate of what Judge Richard Posner of the Seventh Circuit Court of Appeals wrote in the very first appellate court decision to recognize the video surveillance gap in the electronic privacy law:
Of course it is anomalous to have detailed statutory regulation of bugging and wiretapping but not of television surveillance, in Title III…and we would think it a very good thing if Congress responded to the issues discussed in this opinion by amending Title III to bring television surveillance within its scope.
Finally, over 25 years since that call to action, these Senators are stepping up to the plate to protect your video privacy, which is in special need of protection now that we live within a technological landscape practically littered with Internet-connected cameras that might be taken over and abused by others, be it the government, a computer criminal, a stalker, your employer or even your school.
We at EFF look forward to working with Congress as this legislation moves forward to ensure that the final product properly balances privacy rights, public safety, and the free speech rights of photographers, videographers and journalists. In the meantime, we thank Senators Specter, Feingold and Kaufman for starting a congressional conversation about video privacy that is long overdue.
We're not easily shocked by entertainment industry overreaching; unfortunately, it's par for the course. But we were taken aback by the wish list the industry submitted in response to the Intellectual Property Enforcement Coordinator's request for comments on the forthcoming "Joint Strategic Plan" for intellectual property enforcement. The comments submitted by various organizations provide a kind of window into how these organizations view both intellectual property and the public interest. For example, EFF and other public interest groups have asked the IPEC to take a balanced approach to intellectual property enforcement, paying close attention to the actual harm caused, the potential unexpected consequences of government intervention, and compelling countervailing priorities.
The joint comment filed by the Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA) and others stands as a sharp contrast, mapping out a vision of the future where Big Media priorities are woven deep into the Internet, law enforcement, and educational institutions.
Consider the following, all taken from the entertainment industry's submission to the IPEC.
"Anti-infringement" software for home computers
There are several technologies and methods that can be used by network administrators and providers...these include [consumer] tools for managing copyright infringement from the home (based on tools used to protect consumers from viruses and malware).
In other words, the entertainment industry thinks consumers should voluntarily install software that constantly scans our computers and identifies (and perhaps deletes) files found to be "infringing." It's hard to believe the industry thinks savvy, security-conscious consumers would voluntarily do so. But those who remember the Sony BMG rootkit debacle know that the entertainment industry is all too willing to sacrifice consumers at the altar of copyright enforcement.
Pervasive copyright filtering
Network administrators and providers should be encouraged to implement those solutions that are available and reasonable to address infringement on their networks. [This suggestion is preceded by a list of filtering methods, like protocol filtering, fingerprint-based filtering, bandwidth throttling, etc.]
The entertainment industry loves widespread filtering as a "solution" to online copyright infringement — in fact, it has successfully persuaded Congress to push these technologies on institutions of higher-education.
But this "solution" is full of flaws. First, even the "best" automated copyright blocking systems fail to protect fair use. Worse, these techniques are unlikely to make any lasting dent on infringing behavior, but will instead just invite the use of more encryption and private "darknets" (or even just more hand-to-hand sharing of hard drives and burned DVDs). But perhaps the most pernicious effect may be that copyright protection measures can be trojan horses for consumer surveillance. In an age of warrantless wiretapping and national censorship, building more surveillance and inspection technologies into the heart of the Internet is an obviously bad idea. In the words of the Hollywood movie, "if you build it, they will come."
Intimidate and propagandize travelers at the border
Customs authorities should be encouraged to do more to educate the traveling public and entrants into the United States about these issues. In particular, points of entry into the United States are underused venues for educating the public about the threat to our economy (and to public safety) posed by counterfeit and pirate products. Customs forms should be amended to require the disclosure of pirate or counterfeit items being brought into the United States.
Does that iPod in your hand luggage contain copies of songs extracted from friends' CDs? Is your computer storing movies ripped from DVD (handy for conserving battery life on long trips)? Was that book you bought overseas "licensed" for use in the United States? These are the kinds of questions the industry would like you to answer on your customs form when you cross borders or return home from abroad. What is more, this suggestion also raises the specter of something we've heard the entertainment industry suggest before: more searches and seizures of electronic goods at the border. Once border officials are empowered to search every electronic device for "pirated" content, digital privacy will all but disappear, at least for international travelers. From what we've learned about the fight over a de minimis border measures search exclusion in the latest leaked text, ACTA might just try to make this a reality.
Bully countries that have tech-friendly policies
The government should develop a process to identify those online sites that are most significantly engaged in conducting or facilitating the theft of intellectual property. Among other uses, this identification would be valuable in the interagency process that culminates in the annual Special 301 report, listing countries that fail to provide adequate and effective protection to U.S. intellectual property rights holders. Special 301 could provide a focus on those countries where companies engaged in systematic online theft of U.S. copyrighted materials are registered or operated, or where their sites are hosted. Targeting such companies and websites in the Special 301 report would put the countries involved on notice that dealing with such hotbeds of copyright theft will be an important topic of bilateral engagement with the U.S. in the year to come. (As noted above, while many of these sites are located outside the U.S., their ability to distribute pirate content in the U.S. depends on U.S.-based ISP communications facilities and services and U.S.-based server farms operated commercially by U.S.-based companies.)
Some background: the Special 301 process is a particularly unpleasant annual procedure by which the United States Trade Representative (USTR) pressures other countries to adopt tougher intellectual property laws and spend more for IP enforcement. In the Special 301 report, the USTR singles out particular countries for their "bad" intellectual property policies, placing them on a watch list, and threatening trade sanctions for those that deny "adequate and effective protection" for US IP rightsholders or restrict fair and equitable market access for US intellectual property.
Before this year, the US Trade Representative only sought input from the entertainment and pharmaceutical industries for these rankings, resulting in unbalanced assessment criteria. Countries have been listed for failing to sign on to controversial international treaties or for not mirroring certain parts of US law. For example, Chile was named for considering fair use-style exceptions to its copyright law; Canada was listed for requiring that its customs officers have a court order before seizing goods at the border; and Israel was highlighted for refusing to adopt DMCA-style anti-circumvention provisions after legislative debate concluded that anti-circumvention laws would have no effect on copyright infringement.
The creative communities' proposal imagines that the US Trade Representative should become a glorified messenger for Big Media, using its resources to pressure countries that "harbor" websites and Internet services that facilitate copyright infringement. In other words, they believe that the USTR should put US IP rightsholders' interests at the center of its foreign policy, ignoring other foreign policy goals such as regional security, and promoting innovation and competition.
Federal agents working on Hollywood's clock
The planned release of a blockbuster motion picture should be acknowledged as an event that attracts the focused efforts of copyright thieves, who will seek to obtain and distribute pre-release versions and/or to undermine legitimate release by unauthorized distribution through other channels. Enforcement agencies (notably within DOJ and DHS) should plan a similarly focused preventive and responsive strategy. An interagency task force should work with industry to coordinate and make advance plans to try to interdict these most damaging forms of copyright theft, and to react swiftly with enforcement actions where necessary.
This is perhaps the most revealing of the proposals: big Hollywood studios deputizing the FBI and Department of Homeland Security to provide taxpayer-supported muscle for summer blockbuster films. Jokes have been made about SWAT team raids on stereotypical file-sharers in college dorm rooms — but this entertainment industry request to "interdict...and to react swiftly with enforcement actions" brings that joke ridiculously close to reality.
Of course, these comments are just an entertainment industry wishlist, an exercise in asking for the moon. But they reveal a great deal about the entertainment industry's vision of the 21st century: less privacy (with citizens actively participating in their own surveillance), a less-neutral Internet, and federal agents acting as paid muscle to protect profits of summer blockbusters.
As the winter snows begin to melt, revealing a landscape full of promise and hope, a hacker’s thoughts turn to flights of fancy: specifically, the thought of being in Las Vegas during the last weekend in July.
If you’re one of those hackers and you love digital freedom, EFF would like your help spreading the word about our efforts to protect and defend coders’ rights by encouraging your friends and neighbors to join you in supporting us. In return, EFF wants to help the best EFFvangelists enjoy Defcon 18 in style!
Just register for the Defcon Getaway Fundraising Contest and receive a personalized referral link to send your friends and family. (Registration is free; please don’t spam.) If your invitees become EFF members, you will be credited the amount they donate through the link. The contestant to raise the most money for EFF between now and June 30, 2010, will win:
- two Defcon 18 Human badges;
- a standard room at the Riviera Hotel for the nights of July 29-31;
- two tickets to the Vegas 2.0 Party at the Top of the Riv on July 29;
- two tickets to the iSEC Partners Party, location and date TBD; and
- two badges to the Ninja Networks Party, location TBD, on July 31.
The second place winner will receive two Defcon 18 Human badges, two tickets to the Vegas 2.0 Party, and two tickets to the iSEC Partners Party; the third place winner will receive one Defcon 18 Human badge, one ticket to the Vegas 2.0 Party, and one ticket to the iSEC Partners Party. All winners will receive an EFF Swag Super Pack, including EFF stickers, hats, posters, and more!
You can join with others to form a fundraising team, of course. Your team will have to figure out on its own how to distribute the prizes after we award them to the team captain.
Airfare and other travel expenses are not included, and winners remain responsible for all incidental costs. All contestants must be 21 years of age or older. Additional rules apply, please see the Official Rules for details. Donations may be tax-deductible as allowed by law, and referred donors will receive tax acknowledgment letters for their donations.
Many thanks to Dark Tangent and Defcon for providing the room and Defcon badges, Vegas 2.0 and iSEC Partners for providing the party tickets and Ninja Networks for providing the Ninja Party badges!
It appears the Burning Man Organization (BMO), organizers of the annual Burning Man art and music festival, is reconsidering its "all your photos are belong to us" attitude toward images taken at the event. On April 7, the organizers called for community feedback on the Burning Man camera policy, including its approach to image rights. They're asking for comments via email (email@example.com) by Friday, April 23, in advance of an April 28 meeting on the issue.
We’ve repeatedlycriticized BMO for the onerous terms and conditions it imposes on Burning Man ticket sales. For example, the Burning Man ticket terms require participants to assign to the BMO—in advance—the copyright to any pictures they take on the playa; and limit participants' rights to use their own photos online by obliging them to take down any photos to which the organizers object for any reason and forbidding them from allowing anyone else to download or copy the photos (meaning, participants can’t CC-license their photos, or dedicate them to the public domain).
BMO claims that the ticket terms are necessary to protect Black Rock City’s unique culture and the privacy of its participants. Furthermore, BMO points out that the limitations are rarely enforced and they only claim copyright if the photos are used in a way BMO doesn't authorize. By asserting copyright in photographs taken at the event, BMO can use the streamlined "notice and takedown" process enshrined in the Digital Millennium Copyright Act (DMCA) to quickly remove unapproved photos from the Internet.
But using online ticket terms for fast and easy takedown and to restrict CC-licensing and dedication to the public domain is a terrible precedent to set. We understand the real challenges BMO faces in trying to preserve its noncommercial, community character. That said, a benevolent censor is still a censor, and if other event organizers follow suit, assignment and abrogation of rights could become standard Terms of (Ab)use in all ticket contracts.
We're glad that BMO is revisiting its image rights policy, and we hope the community will take full advantage of this opportunity to weigh in. So, Burners, if you care about your digital rights, tell the BMO that using take-it-or-leave-it fine print to assert veto rights over online expression is no way to promote a “society that connects each individual to his or her creative powers.”
The Digital Economy Bill has been the subject of heavy entertainment industry lobbying and widespread concern amongst U.K. citizens and telecommunications companies because it included provisions that would allow the U.K. government to censor websites considered "likely to be used for or in connection with an activity that infringes copyright," and disconnect the Internet connection of any household in the U.K. with an IP address alleged to have engaged in copyright infringement. Despite the many concerns expressed with the Bill's provisions, including questions by some Members of Parliament about whether these provisions could be used to block access to the Wikileaks website, the bill was rushed through Parliament -- apparently with several amendments that we're still assessing -- after only two hours of debate in a special late-night "wash-up" session.
Last week, a federal appeals court rejected luxury goods retailer Tiffany’s claim that eBay should be liable for trademark violations on its site based on general knowledge that such infringement is happening (but no specific knowledge of a specific infringement). The ruling is a victory for online service providers, eBay sellers, and consumers alike.
As we noted in our amicus brief, Tiffany’s arguments would have resulted in over-policing by intermediaries like eBay. If eBay had to worry about potential trademark lawsuits and liability for every one dollar auction, you can be sure that it would move to reduce risk by blocking even potentially lawful uses of trademarks. What intermediary wants to take a big legal risk for a little customer? That’s the question that translates legal liability for intermediaries into a "clearance culture" that squelches lawful content protected by fair use or other speech-protecting doctrines.
So it’s good that eBay prevailed in last week’s ruling. But the decision highlights a growing problem in trademark enforcement: the lack of avenues for "put back" when a trademark owner makes an improper infringement claim. One key to eBay’s legal success was its rapid notice-and-takedown system, known as VeRO, which has helped the company position itself as a sympathetic actor, responding expeditiously to trademark complaints. Savvy intermediaries are likely to adopt similar processes, if they have not already done so.
Unfortunately, intermediaries have little incentive to give equal respect to users. Unlike in the copyright area, where Congress created a "counternotice" procedure that allows a citizen to get lawful content restored after a bogus takedown notice, trademark law provides no such safeguards. The DMCA’s counternotice process relieves a service provider (e.g., YouTube, MySpace, Blogger, etc) from having to make judgment calls about whether something is or is not infringing. Without a similar simple process for service providers in the trademark realm, the cards are stacked against users. Unless the service provider has a free lawyer, the cost of doing a fair use analysis and defending a lawsuit—even if the service provider knows it will win—is almost certainly more than a service provider is charging any individual customer, or even a whole bunch of customers. Thus, even if a user explains that her use is protected by nominative fair use or other trademark doctrines, service providers have little motivation to put content back up unless and until the trademark owner withdraws its complaint. And that is not likely to happen unless the target can recruit legal representation to help persuade the trademark owner to see reason.
So we are not as optimistic about the impact of this ruling as we'd like to be. The decision was good for consumers and free speech, but we still have a long way to go to protect against trademark misuse.
EFF is pleased to announce the hire of our newest staff member - International Rights Director Katitza Rodriguez. Katitza will be working on international privacy issues, an area in which she is widely recognized as one of the world’s leading experts, with special emphasis on law enforcement, government surveillance, and cross-border data flows. Katitza will also be focusing on cybersecurity issues at the intersection of privacy, freedom of expression, and copyright enforcement.
Before joining EFF, Katitza was Director of the international privacy program at the Electronic Privacy Information Center in Washington D.C., where amongst other things, she served as the Research Director of The Privacy and Human Rights Report, an international survey of privacy law and developments in 78 countries. Katitza is well known to many in global civil society and in international policy venues for her work at the U.N. Internet Governance Forum and her pivotal role in the creation and ongoing success of the Civil Society Information Society Advisory Council at the Organisation for Economic Co-operation and Development, for which Katitza served as the civil society liaison from 2008 to March 2010.
Katitza joins Gwen Hinze, EFF International Director, and Eddan Katz, EFF International Affairs Director, in EFF’s International Team. The Internet is global, and so are threats to individuals’ digital rights and freedoms. That’s why EFF created an international program in 2004. With the welcome addition of Katitza, we’re looking forward to strengthening our capacity to engage in policy analysis and international advocacy on the growing range of issues involving privacy, trans-border data flows, and cybersecurity.
For continuing developments, read our Deeplinks blog and follow EFF!