Given policymakers' and the public's intense focus on cracking down on speech they consider undesirable, this year's Who Has Your Back report features substantially redesigned categories and criteria. Since the Electronic Frontier Foundation began publishing Who Has Your Back in 2011, it has generally focused on the practices of major consumer-facing Internet companies regarding government requests to produce user data. This year, we shift our focus to companies' responses to government requests to take down user content and suspend user accounts.
For our 2018 report, we assess companies' policies against five all-new criteria:
- Transparency in reporting government takedown requests based on legal requests
- Transparency in reporting government takedown requests based on requests alleging platform policy violations
- Providing meaningful notice to users of every content takedown and account suspension
- Providing users with an appeals process to dispute takedowns and suspensions
- Limiting the geographic scope of takedowns when possible
Three platforms—the Apple App Store, Google Play Store, and YouTube—earned stars in all five of these categories. And three more—Medium, Reddit, and WordPress.com—earned stars in all but the notice category, which proved the most challenging category for the companies we assessed. Some companies fell notably short overall; Facebook's and Instagram's policies in particular lagged behind comparable tech companies and social networks. However, it's clear that public pressure is resulting in real change in corporate policy and practice. We look forward to more long-term improvements across the industry in future years as companies take steps to be more accountable to their users and those users' right to freedom of expression.
Two dozen civil liberties organizations, including EFF and the ACLU, have urged Director of National Intelligence Daniel Coats to report—as required by law—statistics that could help clear up just how many individuals are burdened by broad NSA surveillance of domestic telephone records. These records show who is calling whom and when, but not the content of the calls.
These numbers are crucial to understanding how the NSA conducts this highly sensitive surveillance under Section 215 of the Patriot Act, as amended by the USA Freedom Act of 2015. Under the earlier version of this surveillance program, the NSA collected details of nearly every single American's phone calls. With the NSA’s domestic phone record surveillance powers scheduled to expire in 2019, Congress and the public deserve to know the truth before any legislative attempts to reauthorize the program.
Despite this, the Office of the Director of National Intelligence (ODNI) has failed to report these statistics in its past three annual transparency reports.
The civil liberties groups also signed a letter to Reps. Bob Goodlatte (R-VA) and Jerry Nadler (D-NY), the Chair and Ranking Member of the House Judiciary Committee, warning about the NSA’s continued failure to comply with the law mandating disclosure of this data.
The House of Representatives passed a bill this week called the National Defense Authorization Act (NDAA), which authorizes the nation’s military and defense programs. Earlier in the week, scores of Representatives offered amendments to this must-pass bill in hopes of ensuring that their ideas get a chance to become law.
Rep. Kevin Yoder (R-KS) used this opportunity to include as an amendment the Email Privacy Act, a piece of legislation long-favored by EFF. The Email Privacy Act would codify the rule announced by the Sixth Circuit—and now followed by providers nationwide—that requires government agents to first obtain a probable cause warrant when seeking the content of communications stored by companies like Google, Facebook, Slack, Dropbox, and Microsoft.
On Thursday night, the House approved the NDAA—including the amendment with the Email Privacy Act—in a 351-66 vote. We applaud the House’s inclusion of this important statutory language.
On Monday, June 11, the FCC's rollback of net neutrality rules went into effect, but don't expect the Internet to change overnight.
You can look forward to an Internet that's slower when you're trying to visit less popular sites, and where online services get a bit more expensive because they have to pay protection money to the ISPs. It will be harder for new companies to come in and compete with the ones that paid for fast lanes, and the nonprofit information resources on the web will be harder to use.
It's not going to be a flashy apocalypse; it will be a slow decline into the Internet of ISP gatekeeping, and you probably won't even know what neat services and helpful resources you're missing. And one day, when the ISPs are secure in their victory, they'll test the waters and see if you'll pay extra to access anything that's not Facebook, or Comcast's video platform, or AT&T's paying partners.
Modern payment processors are making hard choices every day about how and when they’ll stand up for users. Whether they comply with or reject a government request for user data and whether they shut down an account or leave it up can have enormous ramifications for what types of speech can thrive online. These choices shouldn’t be made in a bubble, shielded from public oversight.
Payment processors like Stripe, Paypal, Bitpay, and Coinbase are the intermediaries that allow you to support your favorite websites, send donations, and make purchases online. They’re often privy to details of your financial life, which can be deeply revealing. Given how sensitive this information is, you might assume that law enforcement agents must show probable cause to a judge and receive a search warrant before accessing financial records. But you’d be wrong. Financial data is frequently obtained through a less stringent process, such as a subpoena, a 314 (a) request, or a National Security Letter, none of which require review from a judge before being sent to the financial service provider.
The first, simplest, most modest and reasonable step to shine a light on government action is a transparency report on the government requests for user data and account shutdowns, which has become standard practice across other industries where companies hold sensitive data.
The pending update to the EU Copyright Directive is coming up for a committee vote on June 20 or 21 and a parliamentary vote either in early July or late September. While the directive fixes some longstanding problems with EU rules, it creates much, much larger ones: problems so big that they threaten to wreck the Internet itself.
Under Article 13 of the proposal, sites that allow users to post text, sounds, code, still or moving images, or other copyrighted works for public consumption will have to filter all their users' submissions against a database of copyrighted works. Sites will have to pay to license the technology to match submissions to the database, and to identify near matches as well as exact ones. Sites will be required to have a process to allow rightsholders to update this list with more copyrighted works.
Even under the best of circumstances, this presents huge problems. Algorithms that do content-matching are frankly terrible at it. The Made-in-the-USA version of this is YouTube's Content ID system, which improperly flags legitimate works all the time, but still gets flack from entertainment companies for not doing more.
Among the many privacy challenges posed by social media, one has flown largely under the radar: balancing defendants’ due process rights to access exculpatory information against the crucial privacy protections of the Stored Communications Act (SCA). Here’s the problem: prosecutors have broad powers to demand access to stored communications as necessary to pursue their case, but defendants do not. That means the scales are tipped in favor of prosecutors, which seem unfair. But a more balanced approach would likely require eroding privacy protections – protections that are more necessary than ever.
There does not seem to be an easy answer to this constitutional conundrum. While the imbalance of power between the prosecution and the defense in access to available electronic evidence is unfair, we should not seek to correct it by sacrificing hard-won privacy protections. We need to get this issue right, and that starts with giving it more visibility and debating solutions.
Bogus copyright and trademark complaints have threatened all kinds of creative expression on the Internet. EFF's Hall Of Shame collects the worst of the worst. New to the Hall Of Shame is the tale of a romance author who got a trademark in the word "cocky" and proceeded to send letters to other writers with "cocky" in the titles of their books. Unsurprisingly, this attack on a popular double entendre of the romance set did not go over well at all.
Being able to communicate safely and privately with friends and family is part of the foundation of all our lives, so it's also a key skill for using the Internet. This month's cryptoparty will go over easy ways to talk, chat, and email securely online. It's always good to review the tools and habits that our digital security depend on, especially with the recent Signal Desktop flaws and the e-Fail email exploits.
This month, learn what Senator Ron Wyden and his team are doing to protect your privacy! Grace Stratton from Sen. Wyden's local office will be at the meeting, and Chris Soghoian from the D.C. office will join us remotely to discuss surveillance, cybersecurity, and consumer privacy.
Join The CyPurr Collective for another SUPER FUN SOCIAL. Hang out, meet other tech-minded folks, ask questions on cybersecurity issues, and generally snack out and enjoy the feature presentation!
This month we'll be watching Wall-E, with an Adventure Time short to start off the night!
EFF has been selected as one of the exclusive non-profit partners of hack.summit() which made history for running the largest virtual developer conference of all time. As a non-profit partner, we will be receiving funds generated by ticket sales & sponsorships from the event. This year’s event, hack.summit(“blockchain”), focuses on spreading and democratizing knowledge about blockchain and cryptocurrencies to attendees around the world.
EFF is seeking a full-time Staff Technologist to work with our Browser Extensions team as the lead developer for HTTPS Everywhere.
EFF is looking to hire an experienced litigator with an unshakeable sense of justice and Fourth Amendment expertise to join our civil liberties team.
EFF is looking for a temporary Grant Writer to support EFF's fundraising operations during a team member’s leave of absence. Do you love Internet freedom? Do you have experience in persuasive writing and grant management? Consider joining us!
Ahmed Mansoor, the blogger and human rights activist, has been sentenced in the UAE to 10 years imprisonment, simply for writing criticism of the government on social media. (DW)
In a big win for ethical AI principles, Google will back away from military AI contracting. (Gizmodo)
In 2013, many thought encryption was just "for the targeted and the paranoid," says EFF's Jillian York. Then Edward Snowden came on the scene. (The Guardian)
Right now, it's unclear how much Facebook user data was shared through deals with hardware manufacturers—but it is clear that Facebook has a consent problem. (The New York Times)
The NSA has released 136 Mad Men-era posters that reminded employees of the importance of security—and the dangers of leaking. Apparently, some things never go out of style. (Motherboard)