Contrary to the inviting “Sounds good” button to accept the new policy and get to tweeting, the changes Twitter has made around user tracking and data personalization do not sound good for user privacy. For example, the company will now record and store non-EU users’ off-Twitter web browsing history for up to 30 days, up from 10 days in the previous policy.
Worst of all, the “control over your data” promised by the pop-up is on an opt-out basis, giving users choices only after Twitter has set their privacy settings to invasive defaults.
Instead, concerned users have to click “Review settings” to opt out of Twitter’s new mechanisms for user tracking. That will bring you to the “Personalization and Data” section of your settings. Here, you can pick and choose the personalization, data collection, and data sharing you will allow—or, click “Disable all” in the top-right corner to opt out entirely.
While you’re at it, this is also a good opportunity to review, edit, and/or remove the data Twitter has collected on you in the past by going to the “Your Twitter data” section of your settings.
Twitter has stated that these granular settings are intended to replace Twitter’s reliance on Do Not Track. However, replacing a standard cross-platform choice with new, complex options buried in the settings is not a fair trade. Although “more granular” privacy settings sound like an improvement, they lose their meaning when they are set to privacy-invasive selections by default. Adding new tracking options that users are opted into by default suggests that Twitter cares more about collecting data than respecting users’ choice.
The new U.S. Trade Representative, Robert Lighthizer, took office this week. EFF has written him a letter to let him know that we'll be holding him to the commitments that he made during his confirmation hearing about improving the transparency and inclusiveness of the USTR's notoriously closed and opaque trade negotiation practices. Our letter, which you can download in full below, reads in part:
The American people’s dissatisfaction with trade deals of the past, such as NAFTA, does not merely lie in their effects on the American manufacturing sector and its workers. Another of the key mistakes of previous U.S. trade policy, we respectfully submit, has been the closed and opaque character of trade negotiations. ...
Absent meaningful reforms that allow the public to see what is being negotiated on their behalf, and to participate in developing trade policy proposals, the public will reject new agreements just as they rejected failed agreements of the past, such as the Trans-Pacific Partnership and the Anti-Counterfeiting Trade Agreement.
Conversely, given a real voice in trade policy development, there is the potential for trade agreements of the future to become more inclusive, better informed, and more popular—all of which are essential if America is to retain and strengthen its global economic leadership in the digital age.
House and Senate Democrats have reportedly delivered the same message [paywalled] to Ambassador Lighthizer during his first week in office, urging that the renegotiation of NAFTA—which officially launched today—be made more transparent than the negotiations of its failed predecessor, the TPP.
To further reinforce this message, EFF has gone even further—taking out a paid advertisement in POLITICO magazine's Morning Trade newsletter which runs all this week. It directs to a new page of EFF's website that is specifically targetted at D.C.'s trade community. You can see a copy of the banner graphic that we've used for that campaign to the side.
Will any of this make a difference? We certainly hope so, but we're not counting on it. That's why in case Ambassador Lighthizer fails to heed our message, we'll also be supporting new legislation to be introduced in Congress to force the USTR to implement the necessary reforms. One way or another, the long overdue reform of trade negotiation processes has to happen, and we're committed to seeing it through.
Pretty much everyone says they are in favor of net neutrality–the idea that service providers shouldn’t engage in data discrimination, but should instead remain neutral in how they treat the content that flows over their networks. But actions speak louder than words, and today’s action by the FCC speaks volumes. After weeks of hand-waving and an aggressive misinformation campaign by major telecom companies, the FCC has taken the first concrete step toward dismantling the net neutrality protections it adopted two years ago.
Specifically, the FCC is proposing a rule that would reclassify broadband as an “information service” rather than a “telecommunications service.” FCC Chairman Ajit Pai claims that this move would protect users, but all it would really do is protect Comcast and other big ISPs by destroying the legal foundation for net neutrality rules. Once that happened, it would only be a matter of time before your ISP had more power than ever to shape the Internet.
Here’s why: Under the Telecommunications Act of 1996, a service can be either a “telecommunications service” that lets the subscriber choose the content they receive and send without interference from the service provider; or it can be an “information service,” like cable television, that curates and selects what subscribers will get. “Telecommunications services” are subject to nondiscrimination requirements–like net neutrality rules. “Information services” are not.
For years, the FCC incorrectly classified broadband access as an “information service,” and when it tried to apply net neutrality rules to broadband providers, the courts struck them down. Essentially, the D.C. Circuit court explained that the FCC can’t exempt broadband from nondiscrimination requirements by classifying it as an information service, but then impose those requirements anyway.
The legal mandate was clear: if we wanted meaningful open Internet rules to pass judicial scrutiny, the FCC had to reclassify broadband as a telecom service. Reclassification also just made sense: broadband networks are supposed to deliver information of the subscriber’s choosing, not information curated or altered by the provider.
It took an Internet uprising to persuade the FCC to reclassify. But in the end we succeeded: in 2015 the FCC reclassified broadband as a telecom service. Resting at last on a proper legal foundation, its net neutrality rules finally passed judicial scrutiny [PDF].
Given this history, there’s no disguising what the new FCC majority is up to. If it puts broadband back in the “info service” category and then tries to appease critics by adopting meaningful net neutrality rules, we’ll be in the same position we were three years ago: Comcast will take the FCC to court–and Comcast will win. It’s simple: you can’t reclassify and keep meaningful net neutrality rules. Reclassification means giving ISPs a free pass for data discrimination.
Chairman Pai’s claim that this move is good for users because it will spur investment in broadband infrastructure is a cynical one at best. Infrastructure investment has gone up since the 2015 Order, ISP profits are growing exponentially, and innovation and expression are flourishing.
At the same time, too many Americans have only one choice for high speed broadband. There are good reasons to worry about FCC overreach regulation in many contexts, but the fact is the U.S. broadband market is now excessively concentrated and lacks real choice, and there are few real options to prevent ISPs from abusing their power. In this environment, repealing the simple, light-touch rules of the road we just won would give ISPs free reign to use their position as Internet gatekeepers to funnel customers to their own content, thereby distorting the open playing field the Internet typically provides, or charge fees for better access to subscribers. Powerful incumbent tech companies will be able to buy their way into the fast lane, but new ones won’t. Nor will activists, churches, libraries, hospitals, schools or local governments.
We can’t let that happen. So, Team Internet, we need you to step up once again and tell the FCC that it works for the American people, not Comcast, Verizon, or AT&T. Go to dearfcc.org and tell the FCC not to undermine real net neutrality protections.
The Federal Communications Commission’s vote tomorrow will be a step towards undermining the rules that protect Internet users from data discrimination by their ISPs. These net neutrality rules, though not perfect, have broad support from the public. But FCC Chairman Ajit Pai seems to be preparing to dismiss and ignore the wishes of ordinary Internet users by forcing us to use a broken and discredited online comment filing system.
It’s been a sad few weeks for the FCC’s IT department. Following Last Week Tonight host John Oliver’s segment on net neutrality, in which the comedian called on viewers to defend net neutrality protections by filing comments, the FCC’s comment system was disabled. The agency’s Chief Information Officer claimed that the system had been targeted in a distributed denial-of-service attack, bombarding it with traffic and making it difficult to file comments. But despite requests from the public and members of Congress, the FCC hasn’t given any details about the supposed attack or why it concluded that the system was attacked at all, rather than simply being overwhelmed by the number of comments it received.
Following that initial problem, the FCC’s site reportedly received more than 58,000 nearly identical comments containing names and addresses that appeared to be taken from a marketing database. These comments, which seemed to be fraudulent, supported Chairman Pai’s gutting of net neutrality. To date, the FCC hasn’t said what it’s doing to safeguard its comment system and make it ready to handle the thousands, even millions, of public comments it’s likely to receive after tomorrow’s formal vote.
What’s so important about maintaining ECFS and actually hearing the opinions expressed by ordinary Internet users there? Taking comments from the public is not merely a tradition - it’s a key safeguard for democracy. Independent agencies like the FCC have vast rule-making powers. In many areas, they have more practical power over our lives than Congress does, because Congress doesn’t have the capacity or expertise to create the detailed rules that govern telecommunications and other industries.
Unlike Congress, independent agencies aren’t elected by the people—they’re run by boards that are filled by presidents and congressional leaders. They can’t be voted out of office (except indirectly as their members are replaced by future presidents). Because they’re not held accountable through the political process, agencies are required by law to accept and consider public comments before making major changes to the rules. If the FCC responds to attacks on its public comment system not by defending the system, but by discounting and ignoring public opinion expressed through that system, then the agency is answerable to no one. (In theory, Congress could step in and pass new laws concerning net neutrality, but meaningful action by Congress is unlikely this year).
Digital democracy is not easy. The FCC can’t just count comments for and against net neutrality as though they were ballots in a ballot box. But neither can Chairman Pai ignore the opinions of Internet users in the U.S., the majority of whom want to keep being protected against data discrimination by ISPs like Comcast, AT&T, and Verizon. Letting those users be blocked, drowned out by bots, or ignored when they express their opinions on net neutrality is no way to begin.
You can submit comments to the FCC through EFF’s commenting tool at dearfcc.org. We will work to get your comments through and make your voice heard in Washington.
One of the most significant events that took place at this month's meeting of the World Intellectual Property Organization (WIPO), that EFF attended, wasn't part of the meeting's formal agenda. It came at a side-meeting organized by the International Federation of the Phonographic Industry (IFPI), an affiliate of the Recording Industry Association of America (RIAA). At that meeting, IFPI panelist David Price made the startling admission that copyright infringement is no longer the recording industry's biggest concern.
Apparently, the industry's biggest concern is no longer those who distribute music illegally for free. It's platforms like YouTube that do pay copyright holders, but don't pay enough. According to the IFPI, YouTube's reliance on the U.S. DMCA and Europe's E-Commerce Directive to allow it to host user-uploaded music videos has created a "value gap" that deprives the recording industry of royalties they believe should be theirs. The sudden elevation of this supposed "value gap" above the bugaboo of piracy is all the more surprising because term didn't even exist until about 2016, when it was created out of whole cloth as a device to explain why copyright holders should be entitled to a larger slice of Internet platform revenues.
Interestingly, Price and his co-panelists at the WIPO event admitted that there ought to be free music services for those who don't wish to pay. Currently, YouTube provides this free service for millions of users around the world. It pays royalties to copyright holders for doing so, even for user-uploaded content, where the copyright owner can be identified using ContentID fingerprint matching. (The law doesn't require YouTube to do this, although plans are afoot in Europe to change this.) ContentID has serious problems, including imposing advertising and monetization on critical videos that are clear fair uses, against the wishes of video creators. But in the right circumstances, it also provides an important revenue stream for recording artists.
The record labels' contention is that YouTube streaming depresses the rates that subscription-based music streaming services, such as Spotify, are willing to pay for streaming licenses. That's an interesting theory, but research released by Google casts significant doubt on it. At least according to the Google-sponsored research, YouTube actually diverts users not from other paid services, but from infringement. Were YouTube to go away, 85% of views would simply disappear, or would move to lower-value alternatives such as illegal file sharing.
Just as the entertainment industry's war against "piracy" harmed users, through the ratcheting up of enforcement measures and the banning of technological tools, so too the new war against user-generated content platforms will also have harmful effects. That's because the legal foundation of user-generated content platforms, the copyright safe harbor that lies at the heart of the DMCA's Section 512 and the E-Commerce Directive, doesn't only facilitate the sharing of music, but also all of the other speech and innovation that happens on those platforms. Entertainment industry-driven attacks on that foundation, such as Europe's mandatory upload filtering plan, and proposals to replace Section 512 in the U.S. with a filtering mandate, could have significant negative impacts on the viability of online content platforms, and on the rights of their users. The greatest impacts will be on platforms that are much smaller than YouTube, and on new entrants.
During IFPI's presentation, we asked them directly about the desired "end game" of their opposition to the safe harbor protections that YouTube and similar platforms enjoy. While they denied that their goal was to dismantle copyright safe harbor protection altogether, there was no doubt that they are serious in their intent to prevent YouTube from taking advantage of it. That inevitably means eliminating the DMCA and E-Commerce Directive safe harbor rules that millions of other websites, both commercial and noncommercial, rely upon today, and replacing them with mandatory filtering rules.
It's all rather ironic given that the IFPI acknowledge how streaming services, including YouTube, have led the recording industry to a resurgence of profitability in the past two years. If safe harbor rules have now eclipsed infringement as the biggest threat to the recording industry, and the industry can still earn record profits even so, it's difficult to see how scrapping those rules could possibly be warranted.
Nominations are now open for EFF's 26th Annual Pioneer Awards, to be presented this fall in San Francisco. EFF established the Pioneer Awards in 1992 to recognize leaders who are extending freedom and innovation in the realm of technology. The nomination window will be open until 11:59pm PDT on May 23, 2017. You could nominate the next Pioneer Award winner today!
What does it take to be a Pioneer? Nominees must have contributed substantially to the health, growth, accessibility, or freedom of computer-based communications. Their contributions may be technical, social, legal, academic, economic or cultural. This year’s Pioneers will join an esteemed group of past award winners that includes the late visionary activist Aaron Swartz; open source pioneer Limor "Ladyada" Fried; and the documentarian and journalist Laura Poitras and Glenn Greenwald, among many remarkable activists, entrepreneurs, public interest attorneys, and others.
2016 Pioneer Award winners & EFF Executive Director Cindy Cohn. Photo by Alex Schoenfeldt.
2016 Pioneer Award winners & EFF Executive Director Cindy Cohn. Photo by Alex Schoenfeldt.
The Pioneer Award ceremony depends on the generous support of individuals and companies with passion for digital civil liberties. To learn about how you can sponsor the Pioneer Awards, please email firstname.lastname@example.org.
Remember, nominations are due no later than 11:59pm PDT on Tuesday, May 23! After you nominate your favorite contenders, we hope you will consider joining us this fall in San Francisco to celebrate the work of the 2017 winners. If you have any questions or if you'd like to receive updates about the event, including ticket information, please email email@example.com.
From May 2-12, the Philippines hosted the 18th round of negotiations of the Regional Comprehensive Economic Partnership (RCEP), a TPP-like trade agreement covering ten members of the Association of Southeast Asian Nations (ASEAN) and six partner countries – China, India, Japan, Australia, New Zealand and South Korea. Access to the negotiators was extremely limited, with the negotiations themselves taking place behind closed doors. The non-availability of an agenda or confirmation of meetings and limited access to negotiators were amongst the factors constraining civil society organisations' (CSOs) engagement.
For example, EFF organised a dinner presentation on May 9 for IP negotiators, with panelists from Public Citizen, Sinar Project, La Trobe University and Third World Network. Although the event drew a handful of negotiators from four of the partner countries along with an ASEAN representative, it transpired that it had been scheduled at the same time as a private RCEP event of which we hadn't been informed. Given the high interest in the RCEP and its impact on rights of citizens across Asia, it is pitiful that groups like EFF are forced to bear the costs of reaching out to negotiators, and that negotiators show such little inclination to engage with us when we do.
Unfortunately, this is a familiar story for the hardy few civil society activists who have been covering this neglected trade deal. Few of the negotiating states have convened national consultations, held public hearings, or initiated an on-the-record public notice and comment process. There has also been no official release of the chapters and textual proposals related to rules that are being tabled. Given that the negotiations are closed to the public, we do not know what text is currently being deliberated on by the negotiators and/or the consensus on provisions among states.
Secrecy in negotiations and lack of information is a common feature in free trade agreement negotiations. In the past, CSOs have had to resort to guerilla tactics to intervene and defeat similar agreements such as the Trans-Pacific Partnership (TPP) and the the Transatlantic Trade and Investment Partnership (TTIP). Yet, just as with those better-known trade-deals, the potential significance of RCEP is immense, and so too are the dangers it could pose to Internet users if the negotiators fail to take their interests into account.
Digital Rights and RCEP
Similar to the TPP, RCEP includes provisions dealing with intellectual property (IP), e-commerce, investment, goods, services, telecommunications, and competition. The 16 Asian countries negotiating RCEP cover 12% of the world trade and represent nearly half of the global population. If ratified, the RCEP will not only be the first trade agreement for the digital economy will also set the rules for trade across Asia over the next decade. While not all institutional consequences of the partnership can be fully known in advance, much will depend on how the negotiation develops.
RCEP's e-commerce provisions will likely deal with cross-border information flows, data localization, legal immunity of intermediaries and requirements concerning disclosure of source code that have not been tested elsewhere. We have also raised concerns that the provisions included under the leaked IP chapter notably on enforcement in a digital environment and failure to include fair-use exception may end up expanding the the digital divide. RCEP attempts to enshrine stringent obligations for the protection of broadcasters that remain controversial and are currently still under negotiation at WIPO. None of these problems would have come to light if earlier drafts of the agreement had not been leaked.
There has been a recent push to raise awareness of the RCEP with CSOs conducting strategy meetings and organizing weeks before the negotiations kicked off in Manila. Many CSOs also organised activities parallel to the negotiations clubbed under the #NoRCEP week of action. On May 10, members of the People Over Profit network staged a protest action, inside the convention centre where the negotiators were meeting with stakeholders, demanding a stop to the negotiations. RCEP will impact developers and startups, small and medium enterprises that create goods and services for an increasingly global market. The right trade policy environment, one that accounts for diverse national contexts and encourages innovation is critical for the growth and development of the region.
The next round of negotiations set to happen in Hyderabad, India in July this year. Hoping to address the lack of representation of views included in the process and reflect on some of the concerns raised, EFF will facilitate engagement between negotiators and affected stakeholders at a public meeting in Hyderabad. In the meantime, we maintain our call for ASEAN and the RCEP member states, many of which have complained about their lack of representation in US led trade agreements, to improve on the broken process that resulted in the failure of the TPP, and create avenues for meaningful consultation and participation from stakeholders.
EFF expresses its appreciation to Sze Ming Tan of Sinar Project, who presented our materials at the Manila event and provided logistical support for the event.
Over the weekend a cyber attack known as "WannaCry" infected hundreds of computers all over the world with ransomware (malware which encrypts your data until you pay a ransom, usually in Bitcoin). The attack takes advantage of an exploit for Windows known as "EternalBlue" which was in the possession of NSA and, in mid April, was made public by a group known as "The Shadow Brokers." Microsoft issued a patch for the vulnerability on March 14 for all supported versions of Windows (Vista and later). Unfortunately at the time the attack started many systems were still unpatched and legacy Windows systems such as Windows XP and Windows Server 2003 were left without a patch for the vulnerability. Since the attack began Microsoft has issued a patch for Windows XP and Windows Server 2003 as well.
Certainly, some of the blame falls on the NSA, which developed EternalBlue and then lost control of it. But these attacks are a complex failure for which there is plenty of blame to go around. The WannaCry ransomware attacks demonstrate that patching large, legacy systems is hard. For many kinds of systems, the existence of patches for a vulnerability is no guarantee that they will make their way to the affected devices in a timely manner. For example, many Internet of Things devices are unpatchable, a fact that was exploited by the Mirai Botnet. Additionally, the majority of Android devices are no longer supported by Google or the device manufacturers, leaving them open to exploitation by a "toxic hellstew" of known vulnerabilities.
This attack raises two extremely important areas of research: writing software that is less prone to the most common security vulnerabilities (such as by using memory safe languages, formal verification techniques, etc.), and solving the patching problem.
Reportedly about 90 percent of all spending on cyber programs is dedicated to offensive efforts, leaving a mere 10 percent for defense. During his candidacy, President Trump expressed tremendous concern about national cybersecurity weaknesses, stating "the scope of our cybersecurity problem is enormous. Our government, our businesses, our trade secrets and our citizens’ most sensitive information are all facing constant cyberattacks…."
If the Trump administration is serious about improving cybersecurity, it should place a greater emphasis on funding defensive security research. Research into defensive methods and better strategies for patching systems is less sexy than over-hyped zero-day vulnerabilities or imaginary "cyber-missiles," but it is the surest path to a more secure internet for everyone.