Posts Criticizing Medical Research on Dogs Blocked, Deleted
Houston, Texas—The Electronic Frontier Foundation (EFF) sued Texas A&M University on behalf of People for the Ethical Treatment of Animals (PETA) for blocking comments on its official Facebook page that mention PETA by name or use certain words to criticize the university’s use of dogs in muscular dystrophy experiments.
The school, the nation’s second-largest public university by student enrollment, won’t publish any post containing the animal rights group’s name, or posts containing at least 11 words, including “cruelty,” “abuse,” “torture,” “lab,” “testing,” and “shut.” The censorship started after PETA began an advocacy campaign against Texas A&M for a medical research lab studying muscular dystrophy in dogs for the purposes of finding a cure for the human version of the disease. The lab breeds golden retrievers to develop the illness, and subjects the dogs to cruel and inhuman treatment, PETA maintains. The organization uses social media, including Facebook, to publicize its campaign.
The Facebook page of Texas A&M contains information about its educational, medical research, and sports programs, as well as its students and community members. Anyone on Facebook who visits the site is invited to “write something on this page,” comment on posts, and reply to posts by the university or visitors to the page. Posts and comments aren’t confined to university affairs—topics range from animal welfare and the environment to sexual awareness and the weather.
In a complaint filed today in U.S. District Court for the Southern District of Texas, PETA maintains that the Texas A&M Facebook page is a government-controlled forum for speech that, under the First Amendment, can’t exclude speech based on the speaker’s expressed viewpoint. That the term “PETA”—and words frequently used in the group’s anti-cruelty campaign against the school’s dog lab—are blocked demonstrates the university’s intent to silence PETA and others opposed to animal testing from expressing their views in the Facebook forum.
“Speaker-based and viewpoint-based discrimination of speech in a designated public forum like the university’s Facebook page is rarely permitted under the First Amendment,” said EFF Civil Liberties Director David Greene. "We are asking a judge to declare that Texas A&M’s restrictions against PETA on its Facebook page are unconstitutional and require the university to repost PETA’s content on the site and stop blocking PETA from posting and commenting on the site.”
EFF has taken a stand for the First Amendment rights of individuals and groups to receive and comment on social media posts used government to conduct the work of government. When federal, state, and local agencies and elected officials—even the president—use social media platforms like Facebook and Twitter to communicate directly with the public about programs, policies, and opinions, the First Amendment sharply restricts the government’s ability to prevent us from receiving and commenting on those communications.
“Our First Amendment rights are infringed when agencies and officials block the posts they don’t like or agree with,” said Greene. “And the rights of all readers are affected when the government manipulates it social media pages to make it appear that its policies and practices are embraced, rather than condemned.”
For the complaint:
For more on First Amendment rights and social media:
Industry Groups' Lawsuit Threatens Public.Resource.org's Online Archives of Laws
Washington, D.C.-On Monday, May 14, at 9:30 am, EFF Legal Director Corynne McSherry will argue in court that the public has a right to access, copy, and share the law—and industry groups that helped develop certain legal rules can't inhibit that right by claiming ownership in those rules.
EFF represents Public.Resource.org, a website by a nonprofit organization that works to improve public access to government documents, including our laws. To fulfill that mission, it acquires and posts online a wide variety of public documents, including regulations that are initially created through private standards organizations but later incorporated into mandatory federal and state law.
Public.Resource.org was sued by six huge private industry groups that work on fire, safety, energy efficiency, and educational testing standards. The industry groups claim copyright over parts of laws—published online by Public.Resource.org—that began as private standards, and they claim they can decide who can access and copy that law, and on what terms.
McSherry will urge the U.S. Court of Appeals for the D.C. Circuit to overturn a lower court ruling that threatens to shut down Public.Resourceorg's online archive of laws. Private organizations must not be allowed to abuse copyright to control who can read and speak the law, or where and how laws can be accessed.
What: Hearing in ASTM v. Public.Resource.org
When: Monday, May 14, 9:30 am
Where: U.S. Court of Appeals for the D.C. Circuit
E. Barrett Prettyman U.S. Courthouse
333 Constitution Ave., NW
Washington, DC 20001
For more information on this case:
Court Rejects DHS's Attempt to Have Case Dismissed
Boston, Massachusetts—The Electronic Frontier Foundation (EFF), the American Civil Liberties Union (ACLU), and the ACLU of Massachusetts won a court ruling today allowing their groundbreaking lawsuit challenging unconstitutional searches of electronic devices at the U.S. border to proceed—a victory for the digital rights of all international travelers.
EFF and ACLU represent 11 travelers—10 U.S. citizens and one lawful permanent resident—whose smartphones and laptops were searched without warrants at the U.S. border. The case, Alasaad v. Nielsen—filed in September against the Department of Homeland Security—asks the court to rule that the government must have a warrant based on probable cause before conducting searches of electronic devices, which contain highly detailed personal information about people’s lives. The case also argues that the government must have probable cause to confiscate a traveler’s device.
A federal judge in Boston today rejected DHS’s request throw the case out, including the argument that dismissal was justified because the plaintiffs couldn’t show they faced substantial risk of having their devices searched again. Four plaintiffs already have had their devices searched multiple times.
"This is a big win for the digital rights of all international travelers," said EFF Staff Attorney Sophia Cope. "The court has rejected the government's motion to dismiss all claims in the case, so EFF and ACLU can move ahead to prove that our plaintiffs’ Fourth and First Amendment rights were violated when their devices were seized and searched without a warrant.”
“The court has rightly recognized the severity of the privacy violations that travelers face when the government conducts suspicionless border searches of electronics,” said ACLU attorney Esha Bhandari, who argued the case last month. “We look forward to arguing this case on the merits and showing that these searches are unconstitutional.”
Immigration and Customs Enforcement (ICE) policy allows border agents to search and confiscate anyone’s device for any reason or for no reason at all. Customs and Border Protection (CBP) policy allows border device searches without a warrant or probable cause, and usually without even reasonable suspicion. Last year, CBP conducted more than 30,000 border device searches, more than triple the number just two years earlier.
For more on this case:
Below is a full list of the plaintiffs along with links to their individual stories, which are also collected here:
- Ghassan and Nadia Alasaad are a married couple who live in Massachusetts, where he is a limousine driver and she is a nursing student.
- Suhaib Allababidi, who lives in Texas, owns and operates a business that sells security technology, including to federal government clients.
- Sidd Bikkannavar is an optical engineer for NASA’s Jet Propulsion Laboratory in California.
- Jeremy Dupin is a journalist living in Massachusetts.
- Aaron Gach is an artist living in California.
- Isma’il Kushkush is a journalist living in Virginia.
- Diane Maye is a college professor and former captain in the U. S. Air Force living in Florida.
- Zainab Merchant, from Florida, is a writer and a graduate student in international security and journalism at Harvard.
- Akram Shibly is a filmmaker living in New York.
- Matthew Wright is a computer programmer in Colorado
For more on border searches:
For more ACLU information on this case:
Groups Release Specific Guidelines Addressing Shoddy, Opaque Private Censorship
Washington, D.C.—The Electronic Frontier Foundation (EFF) called on Facebook, Google, and other social media companies today to publicly report how many user posts they take down, provide users with detailed explanations about takedowns, and implement appeals policies to boost accountability.
EFF, ACLU of Northern California, Center for Democracy & Technology, New America’s Open Technology Institute, and a group of academic experts and free expression advocates today released the Santa Clara Principles, a set of minimum standards for tech companies to augment and strengthen their content moderation policies. The plain language, detailed guidelines call for disclosing not just how and why platforms are removing content, but how much speech is being censored. The principles are being released in conjunction with the second edition of the Content Moderation and Removal at Scale conference. Work on the principles began during the first conference, held in Santa Clara, California, in February.
“Our goal is to ensure that enforcement of content guidelines is fair, transparent, proportional, and respectful of users’ rights,” said EFF Senior Staff Attorney Nate Cardozo.
In the aftermath of violent protests in Charlottesville and elsewhere, social media platforms have faced increased calls to police content, shut down more accounts and delete more posts. But in their quest to remove perceived hate speech, they have all too often wrongly removed perfectly legal and valuable speech. Paradoxically, marginalized groups have been especially hard hit by this increased policing, hurting their ability to use social media to publicize violence and oppression in their communities. And the processes used by tech companies are tremendously opaque. When speech is being censored by secret algorithms, without meaningful explanation, due process, or disclosure, no one wins.
“Users deserve more transparency and greater accountability from platforms that play an outsized role—in Myanmar, Australia, Europe, and China, as well as in marginalized communities in the U.S. and elsewhere—in deciding what can be said on the Internet,” said Jillian C. York, EFF Director for International Freedom of Expression. “Users need to know why some language is allowed and the same language in a different post isn’t. They also deserve to know how their posts were flagged—did a government flag it, was it flagged by the company itself? And we all deserve a chance to appeal decisions to block speech.”
“The Santa Clara Principles are the product of years of effort by privacy advocates to push tech companies to provide users with more disclosure and a better understanding of how content policing works,” said Cardozo. “Facebook and Google have taken some steps recently to improve transparency, and we applaud that. But it’s not enough. We hope to see the companies embrace the Santa Clara Principles and move the bar on transparency and accountability even higher.”
The three principles urge companies to:
- publish the number of posts removed and accounts permanently or temporarily suspended due to violations of their content guidelines;
- provide clear notice to all users about what types of content are prohibited, and clear notice to each affected user about the reason for the removal of their content or the suspension of their account; and
- provide human review of content removal by someone not involved in the initial decision, and enable users to engage in a meaningful and timely appeals process for any content removals or account suspensions.
The Santa Clara Principles continue EFF’s work advocating for free expression online and greater transparency about content moderation. Since 2015 EFF has been collecting reports of online takedowns through its Onlinecensorship.org project, which shines a light on what content is take down, why companies make certain decisions about content, and how content takedowns are affecting communities of users around the world.
EFF’s annual Who Has Your Back report, which started in 2010, has revealed which companies are the best and worst at disclosing when they give user’s private information to the government. This year’s Who Has Your Back report will focus exclusively on private censorship issues. Future projects will examine transparency about content policing policies, with the Santa Clara Principles used as a benchmark for the minimum standards companies should have in place.
“Content takedown and account deactivation practices can have a profound effect on the lives and work of individuals in different parts of the world,” said York, cofounder of Onlinecensorship.org. “The companies removing online speech should be up front about their content policing policies. Users are being kept in the dark, voices that should be heard are being silenced forever by automation, and that must change.”
Santa Clara Principle participants:
ACLU Foundation of Northern California
Center for Democracy & Technology
Electronic Frontier Foundation
New America’s Open Technology Institute
Irana Raicu (Markkula Center for Applied Ethics, Santa Clara University)
Nicolas Suzor (Queensland University of Technology)
Sarah T. Roberts (Department of Information Studies, School of Education & Information Studies, UCLA)
Sarah Myers West (USC Annenberg School for Communications and Journalism)
For the text of the principles:
For more on content moderation:
EFF and ACLU Fight Government’s Move to Dismiss Case
Boston – The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) will appear in federal court in Boston Monday, fighting the U.S. government’s attempts to block their lawsuit over illegal laptop and smartphone searches at the country’s borders.
The case, Alasaad v. Nielsen, was filed last fall on behalf of 10 U.S. citizens and one lawful permanent resident who had their digital devices searched without a warrant. The lawsuit challenges the government’s fast-growing practice of searching travelers’ electronics at airports and other border crossings—often confiscating the items for weeks or months at a time—without any individualized suspicion that a traveler has done anything wrong.
The government has moved to dismiss this case. In court on Monday, EFF Senior Staff Attorney Adam Schwartz will argue that the plaintiffs have legal standing to challenge these illegal searches, and ACLU Staff Attorney Esha Bhandari will argue that the searches are unconstitutional, violating the First and Fourth Amendments.
Hearing in Alasaad v. Nielsen
Monday, April 23
Courtroom 11 (Judge Casper)
Moakley U.S. Courthouse
1 Courthouse Way
Independent Oversight, Privacy Protections Are Needed
San Francisco, California—Face recognition—fast becoming law enforcement’s surveillance tool of choice—is being implemented with little oversight or privacy protections, leading to faulty systems that will disproportionately impact people of color and may implicate innocent people for crimes they didn’t commit, says an Electronic Frontier Foundation (EFF) report released today.
Face recognition is rapidly creeping into modern life, and face recognition systems will one day be capable of capturing the faces of people, often without their knowledge, walking down the street, entering stores, standing in line at the airport, attending sporting events, driving their cars, and utilizing public spaces. Researchers at the Georgetown Law School estimated that one in every two American adults—117 million people—are already in law enforcement face recognition systems.
This kind of surveillance will have a chilling effect on Americans’ willingness to exercise their rights to speak out and be politically engaged, the report says. Law enforcement has already used face recognition at political protests, and may soon use face recognition with body-worn cameras, to identify people in the dark, and to project what someone might look like from a police sketch or even a small sample of DNA.
Face recognition employs computer algorithms to pick out details about a person’s face from a photo or video to form a template. As the report explains, police use face recognition to identify unknown suspects by comparing their photos to images stored in databases and to scan public spaces to try to find specific pre-identified targets.
But no face recognition system is 100 percent accurate, and false positives—when a person’s face is incorrectly matched to a template image—are common. Research shows that face recognition misidentifies African Americans and ethnic minorities, young people, and women at higher rates than whites, older people, and men, respectively. And because of well-documented racially biased police practices, all criminal databases—including mugshot databases—include a disproportionate number of African-Americans, Latinos, and immigrants.
For both reasons, inaccuracies in face recognition systems will disproportionately affect people of color.
“The FBI, which has access to at least 400 million images and is the central source for facial recognition identification for federal, state, and local law enforcement agencies, has failed to address the problem of false positives and inaccurate results,” said EFF Senior Staff Attorney Jennifer Lynch, author of the report. “It has conducted few tests to ensure accuracy and has done nothing to ensure its external partners—federal and state agencies—are not using face recognition in ways that allow innocent people to be identified as criminal suspects.”
Lawmakers, regulators, and policy makers should take steps now to limit face recognition collection and subject it to independent oversight, the report says. Legislation is needed to place meaningful checks on government use of face recognition, including rules limiting retention and sharing, requiring notification when face prints are collected, ensuring robust security procedures to prevent data breaches, and establishing legal processes governing when law enforcement may collect face images from the public without their knowledge, the report concludes.
“People should not have to worry that they may be falsely accused of a crime because an algorithm mistakenly matched their photo to a suspect. They shouldn’t have to worry that their data will end up in the hands of identity thieves because face recognition databases were breached. They shouldn’t have to fear that their every move will be tracked if face recognition is linked to the networks of surveillance cameras that blanket many cities,” said Lynch. “Without meaningful legal protections, this is where we may be headed.”
For the report:
Online version: https://www.eff.org/wp/law-enforcement-use-face-recognition
One pager on facial recognition: https://www.eff.org/document/facial-recognition-one-pager
Bad Copyright Law Prevents Innovators from Creating Cool New Tools
San Francisco - The Electronic Frontier Foundation (EFF) has launched its “Catalog of Missing Devices”—a project that illustrates the gadgets that could and should exist, if not for bad copyright laws that prevent innovators from creating the cool new tools that could enrich our lives.
“The law that is supposed to restrict copying has instead been misused to crack down on competition, strangling a future’s worth of gadgets in their cradles,” said EFF Special Advisor Cory Doctorow. “But it’s hard to notice what isn’t there. We’re aiming to fix that with this Catalog of Missing Devices. It’s a collection of tools, services, and products that could have been, and should have been, but never were.”
The damage comes from Section 1201 of the Digital Millennium Copyright Act (DMCA 1201), which covers digital rights management software (DRM). DRM was designed to block software counterfeiting and other illegal copying, and Section 1201 bans DRM circumvention. However, businesses quickly learned that by employing DRM they could thwart honest competitors from creating inter-operative tools.
Right now, that means you could be breaking the law just by doing something as simple as repairing your car on your own, without the vehicle-maker’s pricey tool. Other examples include rightsholders forcing you to buy additional copies of movies you want to watch on your phone—instead of allowing you to rip the DVD you already own and are entitled to watch—or manufacturers blocking your printer from using anything but their official ink cartridges.
But that’s just the beginning of what consumers are missing. The Catalog of Missing Devices imagines things like music software that tailors your listening to what you are reading on your audiobook, or a gadget that lets parents reprogram talking toys to replace canned, meaningless messaging.
“Computers aren’t just on our desktops or in our pockets—they are everywhere, and so is the software that runs them,” said EFF Legal Director Corynne McSherry. “We need to fix the laws that choke off competition and innovation with no corresponding benefit.”
The Catalog of Missing Devices is part of EFF’s Apollo 1201 project, dedicated to eradicating all DRM from the world. A key step is eliminating laws like DMCA 1201, as well as the international versions of this legislation that the U.S. has convinced its trading partners to adopt.
For the Catalog of Missing Devices:
Eleven Travelers in Groundbreaking Case Face Substantial Risk of Future Unconstitutional Searches
Boston, Massachusetts—The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) urged a federal judge today to reject the Department of Homeland Security’s attempt to dismiss an important lawsuit challenging DHS’s policy of searching and confiscating, without suspicion or warrant, travelers’ electronic devices at U.S. borders.
EFF and ACLU represent 11 travelers—10 U.S. citizens and one lawful permanent resident—whose smartphones and laptops were searched without warrants at the U.S. border in a groundbreaking lawsuit filed in September. The case, Alasaad v. Nielsen, asks the court to rule that the government must have a warrant based on probable cause before conducting searches of electronic devices, which contain highly detailed personal information about people’s lives. The case also argues that the government must have probable cause to confiscate a traveler’s device.
The plaintiffs in the case include a military veteran, journalists, students, an artist, a NASA engineer, and a business owner. The government seeks dismissal, saying the plaintiffs don’t have the right to bring the lawsuit and the Fourth Amendment doesn’t apply to border searches. Both claims are wrong, the EFF and ACLU explain in a brief filed today in federal court in Boston.
First, the plaintiffs have “standing” to seek a court order to end unconstitutional border device searches because they face a substantial risk of having their devices searched again. This means they are the right parties to bring this case and should be able to proceed to the merits. Four plaintiffs already have had their devices searched multiple times.
Immigration and Customs Enforcement (ICE) policy allows border agents to search and confiscate anyone’s smartphone for any reason or for no reason at all. Customs and Border Protection (CBP) policy allows border device searches without a warrant or probable cause, and usually without even reasonable suspicion. Last year, CBP conducted more than 30,000 border device searches, more than triple the number just two years earlier.
“Our clients are travelers from all walks of life. The government policies that invaded their privacy in the past are enforced every day at airports and border crossings around the country,” said EFF Staff Attorney Sophia Cope. “Because the plaintiffs face being searched in the future, they have the right to proceed with said Cope.
Second, the plaintiffs argue that the Fourth Amendment requires border officers to get a warrant before searching a traveler’s electronic device. This follows from the Supreme Court’s 2014 decision in Riley v. California requiring that police officers get a warrant before searching an arrestee’s cell phone. The court explained that cell phones contain the “privacies of life”—a uniquely large and varied amount of highly sensitive information, including emails, photos, and medical records. This is equally true for international travelers, the vast majority of whom are not suspected of any crime. Warrantless border device searches also violate the First Amendment, because they chill freedom of speech and association by allowing the government to view people’s contacts, communications, and reading material.
“Searches of electronic devices at the border are increasing rapidly, causing greater numbers of people to have their constitutional rights violated,” said ACLU attorney Esha Bhandari. “Device searches can give border officers unfettered access to vast amounts of private information about our lives, and they are unconstitutional absent a warrant.”
Below is a full list of the plaintiffs along with links to their individual stories, which are also collected here:
- Ghassan and Nadia Alasaad are a married couple who live in Massachusetts, where he is a limousine driver and she is a nursing student.
- Suhaib Allababidi, who lives in Texas, owns and operates a business that sells security technology, including to federal government clients.
- Sidd Bikkannavar is an optical engineer for NASA’s Jet Propulsion Laboratory in California.
- Jeremy Dupin is a journalist living in Massachusetts.
- Aaron Gach is an artist living in California.
- Isma’il Kushkush is a journalist living in Virginia.
- Diane Maye is a college professor and former captain in the U. S. Air Force living in Florida.
- Zainab Merchant, from Florida, is a writer and a graduate student in international security and journalism at Harvard.
- Akram Shibly is a filmmaker living in New York.
- Matthew Wright is a computer programmer in Colorado.
For more EFF information on this case:
For more ACLU information on this case:
For more on privacy at the border:
Warrantless Border Searches of Phones, Laptops, Are Unconstitutional
San Diego, California—The Electronic Frontier Foundation (EFF) urged the U.S. Ninth Circuit Court of Appeals to further limit the government’s ability to conduct highly intrusive searches of electronic devices at the border by requiring federal agents to obtain a warrant if they want to access the contents of travelers’ phones.
“The Ninth Circuit four years ago issued an important ruling requiring officials to show they have reasonable suspicion of criminal activity to forensically search digital devices. While that was an improvement over the government’s prior practice of conducting suspicionless searches, the court didn’t go far enough,” said EFF Staff Attorney Sophia Cope. “We are now asking the Ninth Circuit to bar warrantless device searches at the border.”
“Our electronic devices contain texts, emails, photos, contact lists, work documents, and other communications that reveal intimate details of our private lives. Our privacy interests in this material is tremendous. Requiring a warrant is a critical step in making sure our Fourth Amendment protections survive into the digital age,” said Cope.
The Ninth Circuit is being asked to throw out evidence obtained through a warrantless forensic search of the defendant’s cell phone at the U.S.-Mexico border in southern California. The case, U.S. v. Cano, is a drug prosecution and the first before the Ninth Circuit since the U.S. Supreme Court ruled that because devices hold “the privacies of life,” police need a warrant to search the phones of people who are arrested.
In an amicus brief filed today in U.S. v. Cano, EFF urged the court to recognize that people traveling through our international borders deserve the same privacy protections that the Supreme Court has extended to arrestees. The Ninth Circuit’s rulings apply to states in the west and southwest, several of whom share borders with Mexico and Canada,
Warrantless border searches of luggage have been allowed under an exception to the Fourth Amendment for routine immigration and customs enforcement. But since digital devices provide so much more highly personal, private information than what is traditionally carried in a suitcase, agents should be required to show a judge that they have probable cause to believe that the device contains evidence of a violation of the immigration or customs laws, EFF said in the brief.
Digital device searches at the border have more than tripled since the inauguration of President Trump. This increase, along with the increasing number of people who carry these devices while traveling, has highlighted the need for stronger privacy rights while crossing the U.S. border. Last year, EFF and ACLU filed a lawsuit in Boston against the federal government on behalf of 11 travelers whose smartphones and other electronic devices were searched without a warrant at the U.S. border.
“Digital devices differ wildly from luggage and other physical items a person carries across the border,” said EFF Senior Staff Attorney Adam Schwartz. “Now is the time to apply the full force of constitutional privacy protections to digital devices.”
For the brief:
For more on privacy at the border:
Playboy Lawsuit Against Boing Boing Should Be Dismissed
Los Angeles, California—Playboy Entertainment's lawsuit accusing acclaimed website Boing Boing of copyright infringement—for doing nothing more than reporting on a historical collection of Playboy centerfolds—is groundless and should be thrown out, the Electronic Frontier Foundation (EFF) told a federal court today.
As EFF and co-counsel Durie Tangri LLP explain in a request to dismiss the lawsuit filed on behalf of Boing Boing owner Happy Mutants LLC, Playboy’s copyright claim seeks to punish Boing Boing for commenting on and linking to an archive of Playboy “playmate” centerfold images that a third party posted. The blog contained links to an imgur.com page and YouTube video—neither of which were created by Boing Boing. But courts have long recognized that simply linking to content on the web isn’t unlawful.
“Boing Boing didn’t upload, publish, host, or store any images that Playboy owns, didn’t control the images, and didn’t contribute to the infringement of any Playboy copyrights,” said EFF Legal Director Corynne McSherry. “It’s frankly mystifying that an entertainment company that has often fought to defend free speech rights is trying to punish Boing Boing for doing what has made it a leading online source of news and commentary: unique and groundbreaking reporting on art, science, and popular culture.”
“Boing Boing’s reporting and commenting on the Playboy photos is protected by copyright’s fair use doctrine,” said EFF Senior Staff Attorney Daniel Nazer. “We’re asking the court to dismiss this deeply flawed lawsuit. Journalists, scientists, researchers, and everyday people on the web have the right to link to material, even copyrighted material, without having to worry about getting sued.”
For more on fair use:
Mobile Devices Compromised by Fake Secure Messaging Clients – Hundreds of Gigabytes of Data Stolen
San Francisco – The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients.
The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.
The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut.
“People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos,” said EFF Director of Cybersecurity Eva Galperin. “This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person’s day-to-day life.”
“Dark Caracal is part of a trend we’ve seen mounting over the past year whereby traditional APT actors are moving toward using mobile as a primary target platform,” said Mike Murray, Vice President of Security Intelligence at Lookout. “The Android threat we identified, as used by Dark Caracal, is one of the first globally active mobile APTs we have spoken publicly about.”
Dark Caracal has been operating since at least 2012. However, one reason it has been hard to track is the diversity of seemingly unrelated espionage campaigns originating from the same domain names. The researchers believe that Dark Caracal is only one of a number of different global attackers using this infrastructure. Over the years, Dark Caracal’s work has been repeatedly misattributed to other cybercrime groups. In fact, EFF’s Operation Manul report from 2016 misidentified espionage from these servers as coming from the Indian security company Appin.
“One of the interesting things about this ongoing attack is that it doesn’t require a sophisticated or expensive exploit. Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” said EFF Staff Technologist Cooper Quintin. “This research shows it’s not difficult to create a strategy allowing people and governments to spy on targets around the world.”
For the full report:
For more on Dark Caracal:
For more on how to avoid downloading malware:
Washington, D.C.—The Electronic Frontier Foundation (EFF) asked the Librarian of Congress today to limit the legal barriers people face when they want to repair and modify software-enabled products, so that they—not manufacturers— control the appliances, computers, toys, vehicles, and other products they own.
In comments filed in Washington D.C. today, EFF continued its years-long fight to enable owners and creators to repair, modify, and enhance products, or use snippets of films or songs, free of onerous threats that doing so somehow infringes companies' copyrights. Software-enabled devices and Internet-connected products and appliances are ubiquitous in modern life, and people aren't infringing anyone's copyright when, for example, they choose to permanently disable the embedded, on-all-the-time camera or microphone in their kids' toys, or send their car to their favorite mechanic, rather than high-priced dealerships, to be repaired.
“It’s absurd that a law intended to protect copyrighted works is misused instead to prevent people from taking apart or modifying the things they own, inhibit scientists and researches from investigating safety features or security enhancements, and block artists and educators from using snippets of film in noncommercial ways," said EFF Legal Director Corynne McSherry. "The exemption process is one highly flawed way of alleviating that burden."
“We rely on the devices in our lives to learn and communicate, to keep us safe and get things done,” said EFF Staff Attorney Kit Walsh. “These devices should work for us and embody our preferences, not the commercial desires of their manufacturers. We, the users of these devices, should be able to decide how they affect our lives and how we can improve and adapt them. That’s how we ensure that technology enhances our freedoms rather than undermining them.”
This year EFF petitioned the Librarian to exempt from Section 1201 of the Digital Millennium Copyright Act (DMCA) all modifications and repairs of software-enabled devices that don’t infringe copyrights. It’s also seeking exemptions that will allow people to tinker with smart speakers and digital home assistants such as Amazon Echo and Google Home. EFF is also seeking one clear, easier-to-use exemption for video excerpts that would allow educators, libraries, documentary filmmakers, remix artists, and others to use video snippets without fear of legal repercussions by copyright owners. The Librarian implements the exemption recommendations of the Copyright Office.
“Our approach is simple: we are seeking to expand the types of activities that should be exempt from Section 1201 of the DMCA to encompass repairs, modifications, enhancements, and innovations that don’t infringe copyright,” said EFF Senior Staff Attorney Mitch Stoltz. “We shouldn’t have to seek exemptions for things copyright law already allows. Instead, there should be a general rule that allows people to circumvent digital locks to do any non-infringing activity.”
For EFF’s comments:
For more on the Section 1201 exemption process:
For more on the unintended consequences of Section 1201 of the DMCA:
Government Program Is Aimed at Using Body Art to Identify Religions, Nationalities, and Political Beliefs
Washington, D.C. - The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice, the Department of Commerce, and the Department of Homeland Security today, demanding records about the agencies’ work on the federal Tattoo Recognition Technology program.
This secretive program involves a coalition of government, academia, and private industry working to develop a series of algorithms that would rapidly detect tattoos, identify people via their tattoos, and match people with others who have similar body art—as well as flagging tattoos believed to be connected to religious and ethnic symbols. This type of surveillance raises profound religious, speech, and privacy concerns. Moreover, the limited information that EFF has been able to obtain about the program has already revealed a range of potentially unethical behavior, including conducting research on prisoners without approval, adequate oversight, or safeguards.
EFF filed a series of Freedom of Information Act (FOIA) requests for more information about the Tattoo Recognition Technology program, which is a National Institute of Standards and Technology (NIST) project sponsored by the FBI, beginning in January of 2016. Although the agencies released some records, they withheld others, and heavily redacted some of the documents they released. As a result, EFF is going to court today against DHS, DOJ, and NIST's parent agency, the Commerce Department, to make sure this important information is released to the public.
“These new automated tattoo recognition tools raise serious constitutional concerns,” said EFF Stanton Fellow Camille Fischer. “Tattoos have served as an expression of the self for thousands of years, and can represent our innermost thoughts, closely held beliefs, and significant moments. If law enforcement is creating a detailed database of tattoos, we have to make sure that everyone’s rights to freedom of expression are protected.”
One big danger of this surveillance is that it can create First Amendment freedom of association concerns when people are matched with others who have similar tattoos—sometimes incorrectly. For example, someone who wears a Star of David tattoo could be confused with a member of a Chicago street gang whose members also wear six-pointed-star tattoos. Recently, an immigrant was fast-tracked for deportation because immigration officials claimed he had a gang tattoo. The immigrant argued that the tattoo signified his place of birth.
“Federal researchers say they want to ‘crack the code’ of tattoos and speech, creating a powerful program that will encourage police to make assumptions about tattoo-wearers,” said EFF Staff Attorney Aaron Mackey. “But the reality is that body art is much more complex than that. The government must disclose more about this program so we can ensure that it doesn’t violate our rights.”
For the full lawsuit:
For more on tattoo recognition technology:
Agencies’ and Officials’ Social Media Posts Are Vital Communications That Can’t Be Denied to People Whose Views Officials Don’t Like
New York, New York—President Donald Trump's blocking of people on Twitter who criticize him violates their constitutional right to receive government messages transmitted through social media and participate in the forums created by them, the Electronic Frontier Foundation (EFF) told a court today.
Public agencies and officials, from city mayors and county sheriff offices to U.S. Secretaries of State and members of Congress, routinely use social media to communicate opinions, official positions, services, and important public safety and policy messages. Twitter has become a vital communications tool for government, allowing local and federal officials to transmit information when natural disasters such as hurricanes and wildfires strike, hold online town halls, and answer citizens’ questions about programs.
President Trump’s frequent use of Twitter to communicate policy decisions, air opinions on local and global events and leaders, and broadcast calls for congressional action has become a hallmark of his administration. In July, the Knight First Amendment Institute filed suit in the U.S. District Court for the Southern District of New York alleging the president and his communications team violated the First Amendment by blocking seven people from the @realDonaldTrump Twitter account because they criticized the president or his policies. The seven individuals include a university professor, a surgeon, a comedy writer, a community organizer, an author, a legal analyst, and a police officer.
In a brief filed today siding with the plaintiffs, EFF maintains that President Trump’s use of his Twitter account is akin to past presidents’ adoption of new communication technologies to engage directly with the public. President Franklin D. Roosevelt delivered “fireside chats” with Americans over the radio, while presidential debates began being televised in the 1960s. It would be impermissible for a president to block certain individuals from receiving their messages, whether delivered by bullhorn, radio, or television. It should be the same for communications delivered by Twitter.
On the local level, mayors use their Twitter feeds to direct residents to emergency services during storms and hurricanes, while fire chiefs use their feeds to transmit evacuation orders and emergency contact information. Citizens rely heavily on these channels for authoritative and reliable information in times of public safety crisis. It’s unthinkable, and unconstitutional, that certain people would be blocked from these messages because they sent a tweet criticizing the official or office maintaining the Twitter account.
“Governmental use of social media platforms to communicate to and with the public, and allow the public to communicate with each other, is pervasive. It is seen all across the country, at every level of government. It is now the rule of democratic engagement, not the exception,” said EFF Civil Liberties Director David Greene. “The First Amendment prohibits the exclusion of individuals from these forums based on their viewpoint. President Trump’s blocking of people on Twitter because he doesn’t like their views infringes on their right to receive public messages from government and participate in the democratic process.”
For information about the lawsuit:
California Appeals Court Urged to Allow Defense Review of DNA Matching Software
If a computer DNA matching program gives test results that implicate you in a crime, how do you know that the match is correct and not the result of a software bug? The Electronic Frontier Foundation (EFF) has urged a California appeals court to allow criminal defendants to review and evaluate the source code of forensic software programs used by the prosecution, in order to ensure that none of the wrong people end up behind bars, or worse, on death row.
In this case, a defendant was linked to a series of rapes by a DNA matching software program called TrueAllele. The defendant wants to examine how TrueAllele takes in a DNA sample and analyzes potential matches, as part of his challenge to the prosecution’s evidence. However, prosecutors and the manufacturers of TrueAllele’s software argue that the source code is a trade secret, and therefore should not be disclosed to anyone.
“Errors and bugs in DNA matching software are a known problem,” said EFF Staff Attorney Stephanie Lacambra. “At least two other programs have been found to have serious errors that could lead to false convictions. Additionally, different products used by different police departments can provide drastically different results. If you want to make sure the right person is imprisoned—and not running free while someone innocent is convicted—we can’t have software programs’ source code hidden away from stringent examination.”
The public has an overriding interest in ensuring the fair administration of justice, which favors public disclosure of evidence. However, in certain cases where public disclosure could be too financially damaging, the court could use a simple protective order so that only the defendant’s attorneys and experts are able to review the code. But even this level of secrecy should be the exception and not the rule.
“Software errors are extremely common across all kinds of products,” said EFF Staff Attorney Kit Walsh. “We can’t have someone’s legal fate determined by a black box, with no opportunity to see if it’s working correctly.”
For the full brief in California v. Johnson:
Lawsuit on Behalf of 11 Travelers Challenges Unconstitutional Searches of Electronic Devices
Boston, Massachusetts—The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) sued the Department of Homeland Security (DHS) today on behalf of 11 travelers whose smartphones and laptops were searched without warrants at the U.S. border.
The plaintiffs in the case are 10 U.S. citizens and one lawful permanent resident who hail from seven states and come from a variety of backgrounds. The lawsuit challenges the government’s fast-growing practice of searching travelers’ electronic devices without a warrant. It seeks to establish that the government must have a warrant based on probable cause to suspect a violation of immigration or customs laws before conducting such searches.
The plaintiffs include a military veteran, journalists, students, an artist, a NASA engineer, and a business owner. Several are Muslims or people of color. All were reentering the country from business or personal travel when border officers searched their devices. None were subsequently accused of any wrongdoing. Officers also confiscated and kept the devices of several plaintiffs for weeks or months—DHS has held one plaintiff’s device since January. EFF, ACLU, and the ACLU of Massachusetts are representing the 11 travelers.
“People now store their whole lives, including extremely sensitive personal and business matters, on their phones, tablets, and laptops, and it’s reasonable for them to carry these with them when they travel. It’s high time that the courts require the government to stop treating the border as a place where they can end-run the Constitution,” said EFF Staff Attorney Sophia Cope.
Plaintiff Diane Maye, a college professor and former U.S. Air Force officer, was detained for two hours at Miami International Airport when coming home from a vacation in Europe in June. “I felt humiliated and violated. I worried that border officers would read my email messages and texts, and look at my photos,” she said. “This was my life, and a border officer held it in the palm of his hand. I joined this lawsuit because I strongly believe the government shouldn’t have the unfettered power to invade your privacy.”
Plaintiff Sidd Bikkannavar, an engineer for NASA’s Jet Propulsion Laboratory in California, was detained at the Houston airport on the way home from vacation in Chile. A U.S. Customs and Border Protection (CPB) officer demanded that he reveal the password for his phone. The officer returned the phone a half-hour later, saying that it had been searched using “algorithms.”
Another plaintiff was subjected to violence. Akram Shibly, an independent filmmaker who lives in upstate New York, was crossing the U.S.-Canada border after a social outing in the Toronto area in January when a CBP officer ordered him to hand over his phone. CBP had just searched his phone three days earlier when he was returning from a work trip in Toronto, so Shibly declined. Officers then physically restrained him, with one choking him and another holding his legs, and took his phone from his pocket. They kept the phone, which was already unlocked, for over an hour before giving it back.
“I joined this lawsuit so other people don’t have to have to go through what happened to me,” Shibly said. “Border agents should not be able to coerce people into providing access to their phones, physically or otherwise.”
The number of electronic device searches at the border began increasing in 2016 and has grown even more under the Trump administration. CBP officers conducted nearly 15,000 electronic device searches in the first half of fiscal year 2017, putting CBP on track to conduct more than three times the number of searches than in fiscal year 2015 (8,503) and some 50 percent more than in fiscal year 2016 (19,033).
“The government cannot use the border as a dragnet to search through our private data,” said ACLU attorney Esha Bhandari. “Our electronic devices contain massive amounts of information that can paint a detailed picture of our personal lives, including emails, texts, contact lists, photos, work documents, and medical or financial records. The Fourth Amendment requires that the government get a warrant before it can search the contents of smartphones and laptops at the border.”
Below is a full list of the plaintiffs:
· Ghassan and Nadia Alasaad are a married couple who live in Massachusetts, where he is a limousine driver and she is a nursing student.
· Suhaib Allababidi, who lives in Texas, owns and operates a business that sells security technology, including to federal government clients.
· Sidd Bikkannavar is an optical engineer for NASA’s Jet Propulsion Laboratory in California.
· Jeremy Dupin is a journalist living in Boston.
· Aaron Gach is an artist living in California.
· Isma’il Kushkush is a journalist living in Virginia.
· Diane Maye is a college professor and former captain in the U. S. Air Force living in Florida.
· Zainab Merchant, from Florida, is a writer and a graduate student at Harvard University.
· Akram Shibly is a filmmaker living in New York.
· Matthew Wright is a computer programmer in Colorado.
The case, Alasaad v. Duke, was filed in the U.S. District Court for the District of Massachusetts.
For the complaint:
For more on this case and plaintiff profiles:
For more on digital security at the border:
Police Have Collected Data on Millions of Law-Abiding Drivers Via License Readers
San Francisco, California—The Electronic Frontier Foundation (EFF) and the ACLU won a decision by the California Supreme Court that the license plate data of millions of law-abiding drivers, collected indiscriminately by police across the state, are not “investigative records” that law enforcement can keep secret.
California’s highest court ruled that the collection of license plate data isn’t targeted at any particular crime, so the records couldn’t be considered part of a police investigation.
“This is a big win for transparency in California,” attorney Peter Bibring, director of police practices at the ACLU of Southern California, which joined EFF in a lawsuit over the records. “The Supreme Court recognized that California’s sweeping public records exemption for police investigations doesn’t cover mass collection of data by police, like the automated scanning of license plates in this case. The Court also recognized that mere speculation by police on the harms that might result from releasing information can’t defeat the public’s strong interest in understanding how police surveillance impacts privacy."
The ruling sets a precedent that mass, indiscriminate data collection by the police can’t be withheld just because the information may contain some criminal data. This is important because police are increasingly using technology tools to surveil and collect data on citizens, whether it’s via body cameras, facial recognition cameras, or license plate readers.
The panel sent the case back to the trial court to determine whether the data can be made public in a redacted or anonymized form so drivers’ privacy is protected.
“The court recognized the huge privacy implications of this data collection,” said EFF Senior Staff Attorney Jennifer Lynch. “Location data like this, that’s collected on innocent drivers, reveals sensitive information about where they have been and when, whether that’s their home, their doctor’s office, or their house of worship.”
Automated License Plate Readers or ALPRs are high-speed cameras mounted on light poles and police cars that continuously scan the plates of every passing car. They collect not only the license plate number but also the time, date, and location of each plate scanned, along with a photograph of the vehicle and sometimes its occupants. The Los Angeles Police Department (LAPD) and the Los Angeles County Sheriff's Department (LASD) collect, on average, three million plate scans every week and have amassed a database of half a billion records.
EFF filed public records requests for a week’s worth of ALPR data from the agencies and, along with American Civil Liberties Union-SoCal, sued after both agencies refused to release the records.
EFF and ACLU SoCal asked the state supreme court to overturn a lower court ruling in the case that said all license plate data—collected indiscriminately and without suspicion that the vehicle or driver was involved in a crime—could be withheld from disclosure as “records of law enforcement investigations.”
EFF and the ACLU SoCal argued the ruling was tantamount to saying all drivers in Los Angeles are under criminal investigation at all times. The ruling would also have set a dangerous precedent, allowing law enforcement agencies to withhold from the public all kinds of information gathered on innocent Californians merely by claiming it was collected for investigative purposes.
EFF and ACLU SoCal will continue fighting for transparency and privacy as the trial court considers how to provide public access to the records so this highly intrusive data collection can be scrutinized and better understood.
For more on this case:
Full Frontal’s Ashley Nicole Black Keynotes Ceremony for Honorees Sept. 14 in San Francisco
SAN FRANCISCO, CALIFORNIA—The Electronic Frontier Foundation (EFF) announced today that whistleblower and activist Chelsea Manning, Techdirt editor and open internet advocate Mike Masnick, and IFEX executive director and global freedom of expression defender Annie Game are the distinguished winners of the 2017 Pioneer Awards, which recognize leaders who are extending freedom and innovation on the electronic frontier. This year’s honorees—a whistleblower, an editor, and an international freedom of expression activist—all have worked tirelessly to protect the public’s right to know.
The award ceremony will be held the evening of September 14 at Delancey Street’s Town Hall Room in San Francisco. The keynote speaker is Emmy-nominated comedy writer Ashley Nicole Black, a correspondent on Full Frontal with Samantha Bee who uses her unique comedic style to take on government surveillance, encryption, and freedom of information. Tickets for the ceremony are $65 for current EFF members, or $75 for non-members.
Chelsea E. Manning is a network security expert, whistleblower, and former U.S. Army intelligence analyst whose disclosure of classified Iraq war documents exposed human rights abuses and corruption the government kept hidden from the public. While serving in Iraq, Chelsea worked to release hundreds of thousands of classified war and State Department files on the Internet, including a video depicting the shooting deaths of Iraqi civilians and two Reuters reporters by U.S. troops. Chelsea’s conscience-driven leaks exposed critical information about U.S. involvement in Iraq and Afghanistan and made it available online to journalists and citizens around the world, greatly contributing to public knowledge, understanding, and discussion of the government’s actions. While serving seven years of an unprecedented 35-year sentence for leaking the documents, she became a prominent and vocal advocate for government transparency and transgender rights, both on Twitter and through her op-ed columns for The Guardian and The New York Times. She currently lives in the Washington, D.C. area, where she writes about technology, artificial intelligence, and human rights.
Mike Masnick is the founder and editor of the popular and respected Techdirt blog and an outspoken activist for digital rights, the First Amendment, and a free and open Internet. For 20 years Mike has explored the intersection of technology, policy, civil liberties, and economics, making Techdirt a must-read for its insightful and unvarnished analysis. He was a powerful voice in the fight against SOPA, and coined the term “The Streisand Effect.” Today Mike is in a fight for Techdirt’s survival—he and the weblog are targets of a $15 million libel lawsuit for publishing articles disputing claims of a man who says he invented email. The case pits Mike and Techdirt against the self-proclaimed email inventor and his lawyer, who, bankrolled by Peter Thiel, brought down Gawker. Mike has vowed to stand up for a free and independent press and fight this attempt to silence—or drive out of business—his blog for publishing First Amendment-protected opinions.
Annie Game is Executive Director of IFEX, a global network of over 115 journalism and civil liberties organizations that defends and promotes freedom of expression as a fundamental human right. IFEX exposes threats to online free expression, focuses on bringing to justice those who harm or kill journalists, and advocates for the rights of media workers, women and LGBT journalists, citizen journalists, and activists. For over 10 years Annie has led IFEX’s efforts to free imprisoned journalists, defend online activists targeted by repressive regimes, provide tools for organizing successful campaigns advocating for free expression, and expose legislation aimed at quelling free speech. Under Annie’s leadership, IFEX has begun pairing more traditional free expression organizations with their more digitized counterparts with a focus on building organizational security capacities. Annie has been activist throughout her career in the NGO sector and is also a published writer and broadcaster of satire and humor.
“It’s an honor to celebrate this year’s Pioneer Award winners and the work they’ve done to fight for transparency and the rights of all people to freely express their opinions, passions, and beliefs without fear of censorship or retaliation,” said EFF Executive Director Cindy Cohn. “In these turbulent times, it’s essential that the Internet remain free and open and a source of critical information for people around the world. This group of pioneers, often in the face of great personal risk, have stood up courageously and relentlessly for users, for freedom, and for truth. Their work is an inspiration as we continue to defend global digital rights.”
Awarded every year since 1992, EFF’s Pioneer Awards recognize the leaders who are extending freedom and innovation on the electronic frontier. Previous honorees have included Malkia A. Cyril, Aaron Swartz, Laura Poitras, and Citizen Lab.
Special thanks to Airbnb and Ron Reed for supporting EFF and the 2017 Pioneer Awards ceremony. If you or your company are interested in learning more about sponsorship, please contact firstname.lastname@example.org.
Join us for the 2017 Pioneer Awards
Outdated ‘Third Party’ Doctrine Lets Law Enforcement Violate Your Privacy
Washington, D.C - The Electronic Frontier Foundation (EFF) urged the U.S. Supreme Court today to curb law enforcement’s expansive tracking of suspects’ cell phones, arguing that police must get a warrant before collecting the detailed location data that all phones generate as part of their routine functioning.
The defendants in U.S. v. Carpenter were convicted after hundreds of days of location data collected from their wireless carriers associated them with a string of armed robberies. But investigators obtained those location records through a lower legal standard than needed for a warrant, relying on the “third-party doctrine”—an outdated legal standard that says if you voluntarily give certain information to entities like banks or the phone company, you have no expectation of privacy in the data.
“The Supreme Court developed the third-party doctrine at a time when everyone used rotary-dial, land-line phones, which couldn't reveal very much about the people who used them,” said EFF Senior Staff Attorney Jennifer Lynch. “The location data our cell phones generate now is much more detailed. As cell phones connect to cell towers and antennas hundreds of times a day, it creates a non-stop flow of information on everywhere we travel—revealing things like when we're at home, whether we're seeing a therapist, where we worship, or what kind of political meetings we might attend. This is far too sensitive information to obtain without a warrant based on probable cause.”
Judges in several states and some federal courts have already recognized that the third-party doctrine should not apply to cell site location data. Meanwhile, in two major recent decisions, the Supreme Court found that modern technology requires updated interpretations of privacy law in order to safeguard constitutional rights. In 2014, the court held that the astounding amount of sensitive data stored on smartphones requires police to obtain a warrant before accessing data on an arrestee’s device. And in a landmark 2012 decision, the court decided that using a GPS tracking device on a suspect’s car is a search under the Fourth Amendment. As it’s impossible to use mapping services, fitness trackers, or many other technologies without sharing data with third-parties, extending these decisions is critical to preserving privacy in the 21st century.
“Taking advantage of everyday conveniences shouldn’t mean that we have to relinquish our constitutional rights,” said EFF Staff Attorney Andrew Crocker. “We’ve seen the Supreme Court move in the right direction in these cases, and we hope they continue that trend here.”
For our amicus brief in U.S. v. Carpenter:
Nation’s Highest Court Being Asked for the First Time to Weigh In On Legality of NSA’s PRISM Spying
WASHINGTON, D.C.—The Electronic Frontier Foundation (EFF) asked the Supreme Court to review and overturn an unprecedented ruling allowing the government to intercept, collect, and store—without a warrant—millions of Americans’ electronic communications, including emails, texts, phone calls, and online chats.
This warrantless surveillance is conducted by U.S. intelligence agencies under Section 702 of the Foreign Intelligence Surveillance Act. The law is exceedingly broad—Section 702 allows the government to conduct surveillance of any foreigner abroad—and the law fails to protect the constitutional rights of Americans whose texts or emails are “incidentally” collected when communicating with those people.
This warrantless surveillance of Americans is unconstitutional and should be struck down.
Yet the U.S. Court of Appeals for the Ninth Circuit, ruling in U.S. v. Mohamud, decided that the Fourth Amendment doesn’t apply to Americans whose communications were intercepted incidentally and searched without a warrant. The case centered on Mohammed Mohamud, an American citizen who in 2012 was charged with plotting to bomb a Christmas tree lighting ceremony in Oregon. After he had already been convicted, Mohamud was told for the first time that information used in his prosecution was obtained using Section 702. Further disclosures clarified that the government used the surveillance program known as PRISM, which gives U.S. intelligence agencies access to communications in the possession of Internet service providers such as Google, Yahoo, or Facebook, to obtain the emails at issue in the case. Mohamud sought to suppress evidence gathered through the warrantless spying, arguing that Section 702 was unconstitutional.
In a dangerous and unprecedented ruling, the Ninth Circuit upheld the warrantless search and seizure of Mohamud’s emails. EFF, the Center for Democracy & Technology, and New America’s Open Technology Institute filed an amicus brief today asking the Supreme Court to review that decision.
“The ruling provides an end-run around the Fourth Amendment, converting sweeping warrantless surveillance directed at foreigners into a tool for spying on Americans,” said EFF Senior Staff Attorney Mark Rumold. “Section 702 is unlike any surveillance law in our country’s history, it is unconstitutional, and the Supreme Court should take this case to put a stop to this surveillance.”
Section 702, which is set to expire in December unless Congress reauthorizes it, provides the government with broad authority to collect, retain, and search Americans’ international communications, even if they don’t contain any foreign intelligence or evidence of a crime.
“We urge the Supreme Court to review this case and Section 702, which subjects Americans to warrantless surveillance on an unknown scale,” said EFF Staff Attorney Andrew Crocker. “We have long advocated for reining in NSA mass surveillance, and the ‘incidental’ collection of Americans’ private communications under Section 702 should be held unconstitutional once and for all.”
For the amicus brief:
For more on Section 702:
For more on NSA spying:
Whether Conducted Manually or Using Forensic Software, Cell Phone Searches Are Highly Intrusive
New Orleans, Louisiana—Searches of mobile phones, laptops, and other digital devices by federal agents at international airports and U.S. land borders are highly intrusive forays into travelers’ private information that require a warrant, the Electronic Frontier Foundation (EFF) said in a court filing yesterday.
EFF urged the U.S. Circuit Court of Appeals for the Fifth Circuit to require law enforcement officers at the border to obtain a warrant before performing manual or forensic searches of digital devices. Warrantless border searches of backpacks, purses, or luggage are allowed under an exception to the Fourth Amendment for routine immigration and customs enforcement. Yet EFF argues that, since digital devices can provide so much highly personal, private information—our contacts, our email conversations, our work documents, our schedules—agents should be required to show they have probable cause to believe that the device contains evidence of a violation of the immigration or customs laws. Only after a judge has signed off on a search warrant should border agents be allowed to rifle through the contents of cell phones, laptops, or tablets.
Digital device searches at the border have more than doubled since the inauguration of President Trump. This increase, along with the increasing number of people who carry these devices while traveling, has highlighted the need for stronger privacy rights while crossing the U.S. border.
“Our cell phones and laptops provide access to an unprecedented amount of detailed, private information, often going back many months or years, from emails to our coworkers to photos of our loved ones and lists of our closest contacts. This is light years beyond the minimal information generally contained in other kinds of personal items we might carry in our suitcases. It’s time for courts and the government to acknowledge that examining the contents of a digital device is highly intrusive, and Fourth Amendment protections should be strong, even at the border,” said EFF Staff Attorney Sophia Cope.
EFF filed its brief with the U.S. Court of Appeals for the Fifth Circuit in U.S. v. Molina-Isidoro. In that case, Maria Isabel Molina-Isidoro’s cell phone was manually searched at the border, supporting her prosecution for attempting to import methamphetamine into the country.
The Supreme Court has held that cell phones hold “the privacies of life,” and police need a warrant to search the contents of a phone seized during an arrest. The same principle should apply to the digital devices seized at the border, EFF told the appeals court.
“Any search of data stored on a digital device, whether performed using special forensic software or conducted manually after obtaining and entering the owner’s password, provides access to a person’s entire private life,” said EFF Senior Staff Attorney Adam Schwartz.
EFF is urging the court to find that the extraordinary privacy interests that travelers have in their digital devices render warrantless searches of those devices unreasonable under the Fourth Amendment. Border agents should be required to show they have sufficient cause for this immense invasion of privacy.
For more about digital privacy at the U.S. border:
Personal Audio Didn’t Invent Anything New, EFF Argued
San Francisco, California—The Electronic Frontier Foundation (EFF) won a court ruling today affirming that an infamous podcasting patent used by a patent troll to threaten podcasters big and small was properly held invalid by the U.S. Patent and Trademark Office (USPTO).
A unanimous decision by a three-judge panel of the U.S. Court of Appeals for the Federal Circuit will, for now, keep podcasting safe from this patent.
In October 2013, EFF filed a petition at the USPTO challenging the so-called podcasting patent owned by Personal Audio and asking the court to use an expedited process for taking a second look at the patent. More than one thousand people donated to our Save Podcasting campaign to support our efforts.
EFF's petition showed that Personal Audio did not invent anything new and, in fact, other people were podcasting years before Personal Audio first applied for a patent. In preparation for this filing, EFF solicited help from the public to find prior art or earlier examples of podcasting.
In April 2015, the Patent Office invalidated all the challenged claims of the podcasting patent, finding that the patent should not have been issued in light of two earlier public disclosures, one relating to CNN news clips and one relating to CBC online radio broadcasting.
Personal Audio challenged the Patent Office decision, but the Court of Appeals for the Federal Circuit agreed with us that the patent did not represent an invention, and podcasting was known before Personal Audio’s patent was applied for.
“We’re pleased that the Federal Circuit agreed that the podcasting patent is invalid,” said Daniel Nazer, Staff Attorney at EFF and the Mark Cuban Chair to Eliminate Stupid Patents. “We appreciate all the support the podcasting community gave in fighting this bad patent.”
“Although we’re happy that this patent is still invalid, Personal Audio could seek review at the Supreme Court,” said Vera Ranieri, Staff Attorney at EFF. “We’ll be there if they do.”
For more on this case:
FCC Plan to Scuttle Open Internet Rule 'Disastrous' For the Future of the Internet, Experts Say
Washington, D.C.—The Electronic Frontier Foundation (EFF) urged the FCC to keep in place net neutrality rules, which are essential to prevent cable companies like Comcast and Verizon from controlling, censoring, and discriminating against their subscribers’ favorite Internet content.
In comments submitted today, EFF came out strongly in opposition to the FCC’s plan to reverse the agency’s 2015 open Internet rules, which were designed to guarantee that service providers treat everyone’s content equally. The reversal would send a clear signal that those providers can engage in data discrimination, such as blocking websites, slowing down Internet speeds for certain content—known as throttling—and charging subscribers fees to access movies, social media, and other entertainment content over “fast lanes.” Comcast, Verizon, and AT&T supply Internet service to millions of Americans, many of whom have no other alternatives for high-speed access. Given the lack of competition, the potential for abuse is very real.
EFF’s comments join those of many other user advocates, leading computer engineers, entrepreneurs, faith communities, libraries, educators, tech giants, and start-ups that are fighting for a free and open Internet. Last week those players gave the Internet a taste of what a world without net neutrality would look like by temporarily blocking and throttling their content. Such scenarios aren’t merely possible—they are likely, EFF said in its comments. Internet service providers (ISPs) have already demonstrated that they are willing to discriminate against competitors and block content for their own benefit, while harming the Internet experience of users.
“ISPs have incentives to shape Internet traffic and the FCC knows full well of instances where consumers have been harmed. AT&T blocked data sent by Apple’s FaceTime software, Comcast has interfered with Internet traffic generated by certain applications, and ISPs have rerouted users’ web searches to websites they didn’t request or expect,” said EFF Senior Staff Attorney Mitch Stoltz. “These are just some examples of ISPs controlling our Internet experience. Users pay them to connect to the Internet, not decide for them what they can see and do there.”
Nearly 200 computer scientists, network engineers, and Internet professionals also submitted comments today highlighting deep flaws in the FCC’s technical description of how the Internet works. The FCC is attempting to pass off its incorrect technical analysis to justify its plan to reclassify ISPs so they are not subject to net neutrality rules. The engineers’ submission—signed by such experts as Vint Cerf, co-designer of the Internet’s fundamental protocols; Mitch Kapor, a personal computer industry pioneer and EFF co-founder; and programmer Sarah Allen, who led the team that created Flash video—sets the record straight about how the Internet works and how rolling back net neutrality would have disastrous effects on Internet innovation.
“We are concerned that the FCC (or at least Chairman Pai and the authors of the Notice of Proposed Rulemaking) appears to lack a fundamental understanding of what the Internet’s technology promises to provide, how the Internet actually works, which entities in the Internet ecosystem provide which services, and what the similarities and differences are between the Internet and other telecommunications systems the FCC regulates as telecommunications services,” the letter said.
“It is clear to us that if the FCC were to reclassify broadband access service providers as information services, and thereby put the bright-line, light-touch rules from the Open Internet Order in jeopardy, the result could be a disastrous decrease in the overall value of the Internet.”
For EFF’s comments:
For the engineers’ letter:
For more about EFF’s campaign to keep net neutrality:
AirBnB, Amazon, ACLU, Google, Etsy, Y Combinator Among Organizations Standing Up To Government Plan To Let ISPs Block Content, Charge Fees for ‘Fast Lanes’
San Francisco—The Electronic Frontier Foundation (EFF) and a broad coalition of user advocacy groups and major technology companies and organizations joined forces today to protest the FCC’s plan to toss out net neutrality rules that preserve Internet freedom and prevent cable and telecommunications companies from controlling what we can see and do online.
Without net neutrality, Internet service providers (ISPs) can block your favorite content, throttle or slow down Internet speeds to disadvantage competitors’ content, or make you pay more than you already do to access movies and other online entertainment.
To show just how important net neutrality is to free choice on the Internet, EFF and a host of other organizations are temporarily halting full access to their website homepages today with a prominent message that they’re “blocked.” Only upgrading to “premium” (read: more expensive) service plans will allow users access to blocked sites and services, the message says. (Don’t worry, the sites aren’t really blocked. Clicking on the message will take you to a link for DearFCC, our tool for submitting comments to the FCC and making your voice heard.)
“We’re giving subscribers a preview of their Internet experience if the FCC dismantles the current net neutrality rules,” said EFF Legal Director Corynne McSherry. “AT&T, Comcast, and Verizon will be able to block your favorite content or steer you to the content they choose—often without you knowing it. Those without deep pockets—libraries, schools, startups and nonprofits—will be relegated to Internet slow lanes.”
The online community—gig economy site AirBnb, maker site Etsy, file storage provider DropBox, and hundreds more—have joined EFF and other user advocates today to deliver a message to the FCC: we want real net neutrality protections.
“It’s our Internet and we will defend it,” said EFF Senior Staff Attorney Lee Tien. “We won’t allow cable companies and ISPs, which already garner immense profits from customers, to become Internet gatekeepers.”
For EFFs Day Of Action page:
For more about net neutrality:
Amazon Fails To Follow, Much Less Lead in Privacy Best Practices, Facebook, Google, and Microsoft Fail to Promise They Will Stand Up to FBI Gag Orders
San Francisco, California—While many technology companies continue to step up their privacy game by adopting best practices to protect sensitive customer information when the government demands user data, telecommunications companies are failing to prioritize user privacy when the government comes knocking, an EFF annual survey shows. Even tech giants such as Apple, Facebook, and Google can do more to fully stand behind their users.
EFF’s seventh annual “Who Has Your Back” report, released today, digs into the ways many technology companies are getting the message about user privacy in this era of unprecedented digital surveillance. The data stored on our mobile phones, laptops, and especially our online services can, when aggregated, paint a detailed picture of our lives—where we go, who we see, what we say, our political affiliations, our religion, and more.
“This information is a magnet for governments seeking to surveil citizens, journalists, and activists. When governments do so, they need to follow the law, and users are increasingly demanding that companies holding their data enact the toughest policies to protect customer information,” said EFF Activism Director Rainey Reitman.
EFF evaluated the public policies at 26 companies and awarded stars in five categories. This year EFF included two new categories: “promises not to sell out users,” and “stands up to NSL gag orders.” The first reflects our concern about the stated goal of several members of government to co-opt tech companies to track people by their immigration status or religion. We awarded stars to companies that prohibit developers and third parties from capturing user data to assist governments in conducting surveillance.
We also awarded stars to companies that exercise their right to make the government initiate judicial review of gag orders that prohibit them from publicly disclosing they have received a National Security Letter (NSL). NSLs—secret FBI demands for user information issued with no oversight from any court—permit the FBI to unilaterally gag recipients, a power EFF believes is unconstitutional. Facebook, Google, and Microsoft have failed to promise to step up and exercise the right to have the government put NSL gag orders before a court.
Nine companies earned stars in every category this year: Adobe, Credo, Dropbox, Lyft, Pinterest, Sonic, Uber, Wickr, and Wordpress. Each has a track record of defending user privacy against government overreach and improved on their practices to meet the more stringent standards in this year’s Who Has Your Back.
Two tech companies lagged behind in the industry: Amazon and WhatsApp, both of which earned just two stars. EFF’s survey showed that while both companies have done significant work to defend user privacy—EFF especially lauds WhatsApp’s move to adopt end-to-end encryption by default for its billion users around the world—their policies still lag behind. Online retail giant Amazon has been rated number one in customer service, yet it hasn’t made the public commitments to stand behind its users’ digital privacy that the rest of the industry has.
AT&T, Comcast, T-Mobile, and Verizon scored the lowest, each earning just one star. While they have adopted a number of industry best practices, like publishing transparency reports and requiring a warrant for content, they still need to commit to informing users before disclosing their data to the government and creating a public policy of requesting judicial review of all NSLs.
“The tech industry as a whole has moved toward providing its users with more transparency, but telecommunications companies—which serve as the pipeline for communications and Internet service for millions of Americans—are failing to publicly push back against government overreach,” said EFF Senior Staff Attorney Nate Cardozo. “Both legacy telcos and the giants of Silicon Valley can and must do better. We expect companies to protect, not exploit, the data we have entrusted them with.”
For the full report:
For more on Who Has Your Back:
For more on government surveillance:
Washington, D.C.—The Electronic Frontier Foundation (EFF) urged the U.S. Supreme Court to review a troubling ruling that allows police to obtain—without a warrant—location data from people’s cell phones to track them in real time.
EFF, joined by the Center for Democracy & Technology and the Constitution Project, filed a brief today asking the nation’s highest court to review the decision in U.S. v. Rios, a drug trafficking case. The court should accept the case for review and make clear that the Fourth Amendment requires a warrant for real-time location tracking—whether the tracking occurs via a GPS device on your car or the collection of location data generated by cell phones or other Internet-connected devices.
Protecting the highly personal location data stored on or generated by digital devices is one of the 21st century’s most important privacy issues. We carry our cell phones everywhere, and the location data they generate can be used to create a precise and comprehensive record of our everyday movements, such as when we visit the doctor, attend a protest, take a trip, meet with friends, or return home. Law enforcement officials are increasingly requesting cell phone location data from telecommunications providers to track down suspects, and courts have issued conflicting opinions about whether those demands require a warrant.
“The government should not be allowed to turn a cell phone into a real-time tracking device without complying with the Fourth Amendment,” said EFF Staff Attorney Andrew Crocker. “The Supreme Court has already ruled that Fourth Amendment protections apply when law enforcement secretly places a GPS device on a car. Tracking cell phones is even more invasive because people carry their phones with them at all times, revealing information about their whereabouts that couldn’t be learned by following their cars. We’re asking the Supreme Court to clarify that tracking people as they move from public spaces into private areas, such as their homes or the homes of others, is an invasion of privacy that, at a minimum, requires a warrant.”
In Rios, the police did get a warrant to track the defendant’s cell phone in real time, but last year the U.S. Circuit Court of Appeals for the Sixth Circuit said a warrant wasn't needed. The appeals court based its ruling on a flawed 2012 decision it reached in an unrelated drug trafficking case, in which it found that there’s no privacy protections for this data because people “voluntarily” carry cell phones with them. In both cases, the court ignored the privacy expectations of millions of innocent people for whom using a cell phone is not “voluntary,” but rather a necessity.
These decisions also contradict a Florida Supreme Court ruling—in a case that also involved tracking a suspect’s phone in public—that people have an expectation of privacy under the Fourth Amendment in cell phone location records.
“The Sixth Circuit got it wrong in 2012, and it was wrong to import that faulty ruling to the Rios case. But in the meantime, the Florida Supreme Court got it right. That means that depending on where you are in the country, you may or may not have constitutional protection against warrantless cell phone tracking. It’s time for the Supreme Court to step in and clarify that the Fourth Amendment prohibits warrantless real-time cell phone tracking,” said EFF Senior Staff Attorney Jennifer Lynch.
For the brief:
San Francisco, California—The Electronic Frontier Foundation (EFF) sued the Justice Department today to obtain records that can shed light on whether the FBI is complying with a Congressional mandate that it periodically review and lift National Security Letter (NSL) gag orders that are no longer needed.
The FBI has issued as many as 500,000 NSLs since 2003. Despite Congress requiring the FBI in 2015 to review and terminate unwarranted gag orders, only a handful of companies and individuals have publicly disclosed receiving an NSL after being notified the FBI terminated the gag orders.
NSLs are secret FBI demands to phone companies and Internet service providers for data about their customers’ communications and online activity. The letters are not subject to any meaningful oversight or court review and almost always come with a gag order. Companies receiving the letters are barred from telling customers their data is being sought and banned from publicly acknowledging or otherwise discussing the letters, potentially indefinitely.
Following a ruling in EFF’s lawsuit that NSL gags are unconstitutional, Congress enacted reforms in 2015 that require the bureau to review NSLs to determine whether the gag orders are still necessary, and terminate those that are not. The FBI established procedures under which a record keeping system generates reminders—when an NSL investigation closes or reaches the three-year anniversary of its initiation—that the gag order should be reviewed for possible termination.
EFF sent a FOIA request to the FBI in September seeking records about the number of NSLs reviewed under these procedures, the number of reminders generated, the number of termination notices sent to NSL recipients, and how long it takes for a review to begin after a reminder is generated. In March the FBI said it had no such records. In a complaint filed today in San Francisco, EFF asked a court to order the FBI to disclose the requested records.
“Unilateral, indefinite NSL gag orders violate the First Amendment rights of individuals and companies to speak out about government surveillance and inform customers about FBI demands for their data. The bureau’s procedures for lifting gag orders that are no longer needed do not fully address these constitutional concerns. Nevertheless, the public has an interest in knowing whether these procedures are being followed, and our FOIA request seeks to shed light on if the FBI is doing so,” said Andrew Crocker, EFF Staff Attorney.
“We would have expected the FBI to respond to our FOIA request with records about the gag orders that we know have been lifted. The FBI’s response that it has no such records raises serious questions about whether the bureau is following Congress’ command to review NSL gag orders,” said Aaron Mackey, EFF Frank Stanton Legal Fellow. “Gagging NSL recipients indefinitely is a draconian and overzealous use of surveillance power that prevents discussion and debate about government spying tools.”
For the complaint:
For more about NSLs:
Washington, D.C.—The Electronic Frontier Foundation (EFF) urged the U.S. Supreme Court to review a ruling that threatens to transform a law against computer break-ins into a mechanism for criminalizing password sharing and policing Internet use.
In an amicus brief filed with today, EFF urged the court to weigh in on a case in which an individual was charged with violating the Computer Fraud and Abuse Act (CFAA), a law intended to criminalize breaking into computers to access or alter data. Under the CFAA, it’s illegal to intentionally access a “protected computer”—which includes any computer connected to the Internet—“without authorization” or in excess of authorization. But the law doesn’t tell us what “without authorization” means.
Some courts have recognized that the CFAA must be interpreted narrowly to stay true to Congress’s intent of targeting crooks breaking into and stealing data from computers. These courts agreed that the CFAA mustn’t be used against, say, employees checking sports scores at work in violation of rules restricting Internet use at work to company business, or against people who shared their Facebook passwords, in violation of Facebook’s terms of service rules.
But other courts—including the U.S. Court of Appeals for the Ninth Circuit in its 2016 U.S. v. Nosal decision—have broadly interpreted the statute to cover using a computer in a way that violates corporate policies, preferences, and expectations. In the case, David Nosal, an ex-employee of the Korn/Ferry executive recruiting firm, was charged with violating the CFAA after other ex-employees acting on his behalf accessed Korn/Ferry’s proprietary database using legitimate credentials of a current company employee. The current employee knew of and authorized the use of her credentials, which was against Korn/Ferry’s computer policies. The Ninth Circuit found that in using the shared password, Nosal accessed the database “without authorization.” The court said that implicit in the definition of “authorization” is the proposition that authorization can come only from a computer owner—here, Korn/Ferry—not an employee with legitimate access credentials.
There is nothing in the CFAA, or even in the dictionary, that defines “authorization” to mean only permission from a computer owner. The Ninth Circuit imported a corporate ban on password sharing into its definition of “without authorization.”
“This ruling threatens to turn millions of ordinary computer users into criminals,” said EFF Staff Attorney Jamie Williams. “Innocuous conduct such as logging into a friend’s social media account or logging into a spouse’s bank account, with their permission but in violation of a corporate prohibition on password sharing, could result in a CFAA prosecution. This takes the CFAA far beyond the law’s original purpose of putting individuals who break into computers behind bars.”
“EFF has long advocated for reforming the CFAA, which overzealous prosecutors have exploited in troubling ways,” said Williams. “The Supreme Court can do its part by reviewing the Ninth Circuit’s troubling decision and giving “authorization” an appropriately narrow definition, specifically clarifying that password sharing is not—and was never intended to be—a crime.”
For EFF’s brief:
For more on this case:
Los Angeles—On Tuesday, June 6, at 9:30 am, the Electronic Frontier Foundation (EFF) and the ACLU Foundation of Southern California will argue that license plate data, collected by police indiscriminately on millions of drivers each day, are not investigative records that police can shield from public scrutiny.
Automated License Plate Readers () are high-speed cameras mounted on light poles and police cars that continuously scan the plates of every passing car. They collect not only the license plate number but also the time, date, and location of each plate scanned, along with a photograph of the vehicle and sometimes its occupants. Police departments store this data for years. Location data like this, especially when stored over time, can reveal sensitive information about the history of a person’s movements, associations, and habits.
EFF submitted public records requests to Los Angeles law enforcement agencies asking for a week’s worth of data collected by the hundreds of ALPR cameras around the city and county of Los Angeles. When the agencies refused, EFF teamed up with ACLU to sue for access to the records. A lower court ruled all license plate data could be withheld from disclosure as “records of law enforcement investigations.”
EFF co-counsel Peter Bibring, director of police practices at the ACLU SoCal, will argue that ALPR data are not investigative records because they are collected indiscriminately on all drivers within view of the cameras—the vast majority of whom are innocent citizens going about their daily lives. The data should be released so the public can understand and scrutinize how this intrusive technology is used.
What: Hearing in ACLU of SoCal and EFF v. Superior Court of Los Angeles
When: Tuesday, June 6, 9:30 am
Where: California Supreme Court
Ronald Reagan State Office Building
300 South Spring Street, Third Floor, North Tower
Los Angeles, California
For more information on this case:
For more information on ALPRs:
Washington, D.C.—The Electronic Frontier Foundation (EFF) filed a Freedom of Information Act (FOIA) lawsuit against the Justice Department to obtain records about the FBI’s training and use of Best Buy Geek Squad employees to conduct warrantless searches of customers’ computers.
The records request aims to shed light on how the FBI co-opts Best Buy repair technicians in criminal investigations, and whether the computer searches they conducted were in effect government searches. The U.S. Constitution generally requires federal agents, or those acting on their behalf, to first obtain a warrant before searching someone’s computer. If the Best Buy informants were acting as government agents, the warrantless computer searches they conducted would be illegal.
Court records in a child pornography case against a California man who sent his computer to Best Buy for repair showed a long, close relationship between company technicians and the FBI, according to media reports. Informants at Best Buy’s “Geek Squad City” repair facility in Kentucky received $500 and $1,000 payments from the FBI, and agency documents said the Best Buy informants were “under the control and direction of the FBI,” media stories revealed. FBI agents were seeking training of the Geek Squad technicians to help them identify what type of files and images should be reported to the FBI.
“Informants who are trained, directed, and paid by the FBI to conduct searches for the agency are acting as government agents,” said David Greene, EFF Civil Liberties Director. “The FBI cannot bypass the Constitution’s warrant requirement by having its informants search people’s computers at its direction and command.”
EFF sent a FOIA request to the FBI in February seeking agency records about the use of informants, training of Best Buy personnel in the detection and location of child pornography on computers, and policy statements about using informants at computer repair facilities. The FBI denied the request, saying it doesn’t confirm or deny that it has records that would reveal whether a person or organization is under investigation.
“The public has a right to know how the FBI uses computer repair technicians to carry out searches the agents themselves cannot do without a warrant,” said David Sobel, EFF Senior Counsel. “People authorize Best Buy employees to fix their computers, not conduct unconstitutional searches on the FBI’s behalf.”
For EFF's complaint:
Sacramento—The Electronic Frontier Foundation (EFF) and Sen. Joel Anderson (R-Alpine) have introduced a California bill to protect drivers’ privacy by allowing them to cover their license plates while parked to avoid being photographed by automated license plate readers (ALPRs).
The legislation will be considered by the California Senate Transportation and Housing Committee on Tuesday, May 9, 2017. EFF Investigative Researcher Dave Maass will testify as a witness in support of the bill.
Under current law, Californians can cover their entire vehicles—including the plates—when lawfully parked. The proposed bill, S.B. 712, would clarify that California drivers can cover just the plate under the same circumstances. Law enforcement officers would still have the authority to lift the cover to inspect a license plate.
ALPRs are high-speed cameras that photograph the license plates of any vehicles that pass within view and convert the plate scans into machine-readable information. GPS coordinates and time stamps are attached to the data, which is uploaded to a searchable central database. Depending on the database, this information may be accessed by a variety of sectors, including law enforcement, the insurance industry, and debt collectors. In aggregate, this data can reveal sensitive, private location information about innocent people, such as their travel patterns, where they sleep at night, where they worship, when they attend political protests or gun shows, and what medical facilities they visit.
The bill would allow vehicle owners to shield their license plates from ALPRs mounted on police cars or vehicles operated by private surveillance companies that cruise down streets and in parking lots photographing licenses of parked cars. These companies often offer services such as the ability to predict a driver’s movements or to identify a driver’s associates based on vehicles regularly found parked near each other.
“Californians deserve a way to protect themselves from the data miners of the roadway—automated license plate reader companies,” said Maass. “This bill doesn’t put a new burden on law enforcement or businesses, but rather gives members of the public who aren’t breaking the law a way to ensure they’re not being spied on once they’ve legally parked their car.”
If the information is breached, accessed by unauthorized users, or sold publicly, ALPR data has the potential to put people in real danger, such as making domestic violence victims’ travel patterns available to their ex-partners. Law enforcement officials should also support this bill, since ALPR data can also reveal information about the home lives of officers or their meetings with witnesses. People could protect themselves when they visit sensitive locations, such as political rallies and protests.
“State law allows for fully covered vehicles if law enforcement can lift the cover to read the license plate and registration,” Sen. Anderson said. “S.B. 712 would specifically allow for partially covering vehicles including the license plate only.”
Who: Dave Maass, Electronic Frontier Foundation Investigative Researcher
When: Tuesday, May 9, 1:30 pm
Where: California State Capitol, Room 4203
10th and L Streets
Sacramento, CA 95814
Text of the legislation: https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB712
EFF’s Support Letter: https://www.eff.org/document/sb-712-support-letter
EFF's Second letter on the Constitutional right to privacy: https://www.eff.org/document/effs-second-letter-sb-712
Official S.B. 712 Fact Sheet: https://www.eff.org/document/sb-712-fact-sheet
FBI Used One Warrant to Infiltrate Thousands of Computers
Boston – On Wednesday, May 3, at 9:30 am, the Electronic Frontier Foundation (EFF) will argue that an FBI search warrant used to hack thousands of computers around the world was unconstitutional.
The hearing in U.S. v. Levin at the United States Court of Appeals for the First Circuit stems from one of the many cases arising from a controversial investigation into “Playpen,” a child pornography website. The precedent set by the Playpen prosecutions is likely to impact the digital privacy rights of Internet users for years to come.
During the investigation, the FBI secretly seized the servers running the Playpen site and continued to operate them for two weeks. The bureau allowed thousands of images to be downloaded while distributing malware to website visitors. With that malware, the FBI hacked into over 8,000 devices in hundreds of countries across the globe—all on the basis of a single warrant.
However, because the government was running the Playpen site, it was already in possession of information about visitors and their computers. Rather than taking the necessary steps to obtain narrow search warrants, the FBI instead sought a single, general warrant to authorize its massive hacking operation, violating the Fourth Amendment. In Wednesday’s hearing, EFF Senior Staff Attorney Mark Rumold will argue as amicus, urging the court to send a clear message that a vague search warrant is not enough to satisfy the privacy protections enshrined in the Constitution.
U.S. v. Levin
Wednesday, May 3
United States Court of Appeals for the First Circuit
John Joseph Moakley U.S. Courthouse
1 Courthouse Way
Boston, MA 02210
For more information on this case:
Lawful Users Still Waiting for Return of Files After Government Seizure
San Francisco - The Electronic Frontier Foundation (EFF), on behalf of its client Kyle Goodwin, is asking a federal appeals court to break through the five-year logjam in the Megaupload.com case, and help lawful users who are still waiting for the return of their photos, videos, and other personal files after the government seized Megaupload’s servers.
Megaupload was a popular cloud-storage site when the FBI shut it down in January of 2012 looking for evidence of copyright infringement. Agents seized all of Megaupload’s assets during their search, locking out customers from their accounts. Goodwin, a sports videographer, lost access to video files containing months of his professional work.
For five years, the U.S. government has continued pursuing a criminal case against Megaupload and its owners. But the data stored by millions of customers—including obviously lawful material like Goodwin’s sports videos—have languished on servers that sit disconnected in a warehouse.
“Mr. Goodwin, and many others, used Megaupload to store legal files, and we’ve been asking the court for help since 2012. It’s deeply unfair for him to still be in limbo after all this time,” said EFF Senior Staff Attorney Mitch Stoltz. “The legal system must step in and create a pathway for law-abiding users to get their data back.”
In a petition filed today with the United States Court of Appeals for the Fourth Circuit, EFF, along with the firm of Williams Mullen and attorney Abraham D. Sofaer, argue that the court should issue a writ of mandamus to the trial court, ordering it to act on Goodwin’s request and create a process for other users to retrieve their data.
“We’re likely to see even more cases like this as cloud computing becomes increasingly popular,” said EFF Legal Director Corynne McSherry. “If the government takes over your bank, it doesn’t get to keep the family jewels you stored in the vault. There’s a process for you to get your stuff back, and you have a right to the same protection for your data.”
For the full brief filed today:
For more on this case:
Recent Decision Would Allow Foreign Governments to Wiretap Americans on U.S. Soil
Washington, D.C. – The Electronic Frontier Foundation (EFF) urged an appeals court today to review a dangerous decision by a three-judge panel that would allow foreign governments to spy on Americans on U.S. soil—just as long as they use technology instead of human agents.
In Kidane v. Ethiopia, an American living in Maryland had his family computer infiltrated by the Ethiopian government. Agents sent an infected email that made its way to Mr. Kidane, and the attached Microsoft Word document carried a malicious computer program called FinSpy that’s sold only to governments. The spyware took control of the machine, making copies of every keystroke and Skype call, and sending them back to Ethiopia as part of its crackdown on critics.
But last month, a panel of judges on the U.S. Court of Appeals for the District of Columbia Circuit ruled that Mr. Kidane could not seek justice for this surveillance in an American court because the spying was carried out without a human agent of the Ethiopian government setting foot in the U.S. In essence, this would mean governments around the world have immunity for spying, attacking, and even murdering Americans on American soil, as long as the activity is performed with software, robots, drones, or other digital tools.
“We already know about technology that will let attackers drive your car off the road, turn off your pacemaker, or watch every communication from your computer or your phone. As our lives become even more digital, the risks will only grow,” said EFF Senior Staff Attorney Nate Cardozo. “The law must make it clear to governments around the world that any illegal attack in the United States will be answered in court in the United States.”
In a petition filed today, EFF and our co-counsel Scott Gilmore plus attorneys at the law firms of Jones Day and Robins Kaplan asked the appeals court to rehear this case en banc, arguing that last month’s panel decision puts the U.S. in the absurd situation where the American government must follow strict requirements for wiretapping and surveillance, but foreign governments don’t have the same legal obligations.
“American citizens deserve to feel safe and secure in their own homes using their own computers,” said EFF Executive Director Cindy Cohn. “The appeals court should vacate this decision, and ensure that the use of robots or remote controlled tools doesn’t prevent people who have been harmed by foreign government attacks from seeking justice.”
For the full petition for rehearing:
For more on this case:
EFF Sues Company To Assert Constitutional Right to Criticize a Patent and Litigation Over It
San Francisco—The Electronic Frontier Foundation (EFF) filed a lawsuit yesterday against a company that’s using foreign laws to stymie EFF’s free speech rights to publish information about and criticize its litigation over a patent featured in EFF’s “Stupid Patent of the Month” blog series.
The company, Global Equity Management (SA) Pty Ltd (GEMSA), owns a patent claiming the idea of using “virtual cabinets” to graphically represent different operating systems and storage partitions. GEMSA has filed dozens of patent infringement cases in the U.S.
Since 2014, EFF’s stupid patent blog series has called attention to questionable patents that stifle innovation, harm the public, or can be employed to shake down users of commonplace processes or technologies. After EFF wrote about the patent, GEMSA accused EFF of slander. The company went to court in Australia to obtain an order to take down the article and prohibit EFF from publishing anything about any of GEMSA’s patents.
This order, which purports to silence expression of an opinion, would never survive scrutiny under the First Amendment in the United States. In a complaint filed in San Francisco yesterday, EFF asked a federal district court to rule that the order is unenforceable. Under the 2010 Securing the Protection of Our Enduring and Established Constitutional Heritage Act (SPEECH Act), foreign orders aren’t enforceable in the United States unless they are consistent with the free speech protections provided by the U.S. and state constitutions, as well as state law.
The injunction issued by the South Australian court purports to order EFF to remove the blog post and forbid EFF from speaking in the future about any of GEMSA’s intellectual property. It states that failure to comply could result in the seizure of EFF’s assets and prison time for its officers.
“We are going to court to ensure that EFF is not silenced by foreign laws that forbid speech our Constitution protects,” said EFF Deputy Executive Director and General Counsel Kurt Opsahl. “GEMSA may not like what we’ve said about its patent, but we will defend our right to express our constitutionally protected opinion."
EFF is represented by law firms Levine Sullivan Koch & Schulz, LLP and Jassy Vick Carolan.
For the brief:
For EFF’s Stupid Patent of the Month series:
Surveillance Culture Starts in Grade School, Schools Fail To Protect Kids’ Privacy
San Francisco—School children are being spied on by tech companies through devices and software used in classrooms that often collect and store kids’ names, birth dates, browsing histories, location data, and much more—often without adequate privacy protections or the awareness and consent of parents, according to a new report from Electronic Frontier Foundation (EFF).
EFF’s “Spying on Students: School-Issued Devices and Student Privacy” shows that state and federal law, as well as industry self-regulation, has failed to keep up with a growing educational technology industry. At the same time, schools are eager to incorporate technology in the classroom to engage students and assist teachers, but may unwittingly help tech companies surveil and track students. Ultimately, students and their data are caught in the middle without sufficient privacy protections.
One-third of all K-12 students in the U.S. use school-issued devices running software and apps that collect far more information on kids than is necessary, the report says. Resource-strapped school district can receive these tools at steeply-reduced prices or for free as tech companies seek a slice of the $8 billion dollar education technology, or ed tech, industry. But there’s a real, devastating cost—the tracking, cataloguing, and exploitation of data about children as young as five years old.
Ed tech providers know privacy is important to parents, students, and schools. Of the 152 ed tech services reported to us, 118 had published privacy policies. But far fewer addressed such important privacy issues as data retention, encryption, de-identification, and aggregation. And privacy pledges don’t stop companies from mining students’ browsing data and other information and using it for their own purposes.
“Our report shows that the surveillance culture begins in grade school, which threatens to normalize the next generation to a digital world in which users hand over data without question in return for free services—a world that is less private not just by default, but by design,” said EFF Researcher Gennie Gebhart, an author of the report.
EFF surveyed over 1,000 stakeholders across the country, including students, parents, teachers, and school administrators, and reviewed 152 ed tech privacy policies in a year-long effort to determine whether and how ed tech companies are protecting students’ privacy and their data.
“Parents, teachers, and other stakeholders feel helpless in dealing with student privacy issues in their community. In some cases students are required to use the tools and can’t opt out, but they and their families are given little to no information about if or how their kids’ data is being protected and collected,” said EFF Analyst Amul Kalia, a co-author of the report. “With this whitepaper, we lay out specific strategies that they can employ to gather allies, and push their schools and districts in the right direction."
“Spying on Students” provides comprehensive recommendations for parents, teachers, school administrators, and tech companies to improve the protection of student privacy. Asking the right questions, negotiating for contracts that limit or ban data collection, offering families the right to opt out, and making digital literacy and digital privacy part of school curriculum are just a few of the more than 70 recommendations for protecting student privacy contained in the report.
“The data we collected on the experiences, perceptions, and concerns of stakeholders across the country sends a loud and clear message to ed tech companies and lawmakers: families are concerned about student privacy and want an end to spying on students,” said Gebhart.
For more on EFF's student privacy campaign:
Global Community Had Faced Baseless Legal Claims and Content Removal Threats
San Francisco – Urban homesteaders can speak freely about their global movement for sustainable living, after convincing the U.S. Patent and Trademark Office (USPTO) to cancel bogus trademarks for the terms “urban homesteading” and “urban homestead.” The authors and activists were represented by the Electronic Frontier Foundation (EFF) and law firm of Winston & Strawn.
“This is a victory for free speech and common sense. Threats over this trademark harmed us and the whole urban homesteading community—a group of people who are dedicated to sharing information about sustainable living online and elsewhere,” said Kelly Coyne, co-author with Erik Knutzen of The Urban Homestead: Your Guide to Self-Sufficient Living in the Heart of the City. “We are so pleased to have this issue settled at last, so we can concentrate on making urban life healthier and happier for anyone who wants to participate in this global effort.”
“Urban homesteading” has been used as a generic term for decades, describing activities like growing food, raising livestock, and producing simple food products at home. But a group called the Dervaes Institute managed to register “urban homesteading” and “urban homestead” as trademarks with the USPTO for “educational services” like blogging.
Citing the trademarks, Dervaes got Facebook to take down content about urban homesteading, including pages that helped publicize Coyne and Knutzen’s book, as well as the Facebook page of a Denver farmer’s market. In 2011, EFF and Winston & Strawn petitioned the USPTO on behalf of Coyne, Knutzen, and book publisher Process Media, asking for the trademarks’ cancellation.
“The words and phrases we use every day to describe basic activities should never be the exclusive property of a single person or business,” said EFF Legal Director Corynne McSherry. “It took six years, but we’re proud that this terrible trademark is off the books.”
“You can’t trademark generic terms and force ordinary conversations off the Internet,” said Winston & Strawn attorney Jennifer Golinveaux. “We’re relieved that the urban homesteading community can continue sharing information about their important work without worrying about silly legal threats.”
For the full opinion from the U.S. Patent and Trademark Office:
For more on this case:
One Out of Two Americans Already in a Face Recognition Database Accessible to Law Enforcement
Washington, D.C.—On Wednesday, March 22, Electronic Frontier Foundation (EFF) Senior Staff Attorney Jennifer Lynch will testify at a hearing before the House Committee on Oversight and Government Reform about the FBI's efforts to build up and link together massive facial recognition databases that may be used to track innocent people as they go about their daily lives.
The FBI has amassed a facial recognition database of more than 30 million photographs and has access to hundreds of millions more. The databases include photos of people who aren’t suspected of any criminal activity that come from driver’s license and passport and visa photos, even as the underlying identification technology becomes ever more powerful. The government has done little to address the privacy implications of this massive collection of biometric information.
Lynch will testify that the use of facial recognition technology will allow the government to track Americans on an unprecedented level. The technology, like other biometric programs, such as fingerprint and DNA collection, poses critical threats to privacy and civil liberties. Lynch will tell the House committee that Congress has an opportunity to develop legislation that would protect Americans from inappropriate and excessive biometrics collection and use.
What: Full House Committee on Oversight and Government Reform Hearing: Law Enforcement’s Use of Facial Recognition Technology
Who: EFF Senior Staff Attorney Jennifer Lynch
When: Wednesday, March 22, 9:30 a.m.
Where: 2154 Rayburn House Office Building
For more information on facial recognition:
For more on biometric data collection:
The Border Isn’t a Constitution-Free Zone
Richmond, Virginia—Border agents must obtain a warrant to search travelers’ phones, tablets, and laptops, which contain a vast trove of sensitive, highly personal information that is protected by the Fourth Amendment, the Electronic Frontier Foundation (EFF) told a federal appeals court today.
Searches of devices at the border have more than doubled since the inauguration of President Trump—from nearly 25,000 in all of 2016, to 5,000 in February alone. This increase, along with the increasing number of people who carry these devices when they travel, has heightened awareness of the need for stronger privacy rights while crossing the U.S. border.
While the Fourth Amendment ordinarily requires law enforcement officials to get a warrant supported by probable cause before searching our property, in cases that predate the rise of digital devices, courts granted border agents the power to search our luggage without a warrant or any suspicion of wrongdoing.
But portable digital devices differ wildly from luggage or other physical items we carry with us to the airport because they provide access to the entirety of our private lives, EFF said in an amicus brief filed at the U.S. Court of Appeals for the Fourth Circuit in the border search case U.S. v. Kolsuz. In 2014 the Supreme Court noted that cellphones now hold “the privacies of life” for people, including highly personal, private information such as photos, texts, contact lists, email messages, and videos. Many digital devices can access personal records stored in the “cloud,” such as financial or medical information. Before smartphones were invented, that kind of information would be kept in our home offices, desk drawers, or basement storage. If law enforcement officers wanted to enter your home or lock box as part of a search, they’d need to go before a judge, prove probable cause that you’re involved in a crime, and get a warrant.
“The border isn’t a constitution-free zone,” said Adam Schwartz, EFF senior staff attorney. “The U.S. Supreme Court ruled in 2014 that mobile phones are a window into our private lives and police need to show there’s probable cause that the people they arrest have committed crimes and obtain a warrant to search their phones. There should be no less protection for individuals who have not been arrested or shown to have committed any crime, but who instead simply want to enter the United States.”
It’s never been more important for courts to follow the standard set by the Supreme Court about cell phone searches and apply it to borders searches. Reports have surfaced of border agents searching the devices of innocent U.S. citizens, green card holders, and foreign visitors. While all kinds of travelers have suffered this intrusion, many reports involve journalists, Muslim-Americans, and Americans with Middle Eastern-sounding names. Asian Americans Advancing Justice-Asian Law Caucus, Brennan Center for Justice, Council on American-Islamic Relations and six of its chapters, and The National Association of Criminal Defense Lawyers joined EFF in filing the brief.
“Law enforcement officials should be required to meet the same standards for searching our cell phones wherever we are—in our cities, on the highway, at vehicle checkpoints, and at the border. Regardless of the location, when officials want to crack open the private information in someone’s phone, they must first obtain a warrant,” said Schwartz.
For EFF’s new border guide:
For EFF’s new border pocket guide:
EFF to Argue NSL Gag Orders Are Unconstitutional in San Francisco Appeals Court
San Francisco – The Electronic Frontier Foundation (EFF) will urge an appeals court Wednesday to find that the FBI violates the First Amendment when it unilaterally gags recipients of national security letters (NSLs), and the law should therefore be found unconstitutional. The hearing is set for Wednesday, March 22, at 1:30pm in San Francisco.
EFF represents two communications service providers—CREDO Mobile and Cloudflare—that were restrained for years from speaking about the NSLs they received, including even acknowledging that they had received any NSLs. Early Monday, just days before the hearing, the FBI finally conceded that EFF could reveal that these two companies were fighting a total of five NSLs.
CREDO and Cloudflare have fought for years to publicly disclose their roles in battling NSL gag orders. Both companies won the ability to talk about some of the NSLs they had received several months ago, but Monday’s decision by the FBI allows them to acknowledge all the NSLs at issue in this case.
On Wednesday, EFF Staff Attorney Andrew Crocker will tell the United States Court of Appeals for the Ninth Circuit that these gags are unconstitutional restrictions on CREDO and Cloudflare’s free speech and that the FBI’s belated decision to lift some of the gags only underscores why judicial oversight is needed in every case. The gag orders barred these companies from participating in discussion and debate about government use of NSLs—even as Congress was debating changes to the NSL statute in 2015.
In re National Security Letters
EFF Staff Attorney Andrew Crocker
Courtroom 3, 3rd Floor Room 307
U.S. Court of Appeals for the Ninth Circuit
James R. Browning U.S. Courthouse
95 Seventh Street
San Francisco, CA 94103
For the FBI notice allowing the companies to identify themselves:
For more on this case:
Protect Yourself While Traveling To and From the U.S.
San Francisco - Increasingly frequent and invasive searches at the U.S. border have raised questions for those of us who want to protect the private data on our computers, phones, and other digital devices. A new guide released today by the Electronic Frontier Foundation (EFF) gives travelers the facts they need in order to prepare for border crossings while protecting their digital information.
“Digital Privacy at the U.S. Border” helps everyone do a risk assessment, evaluating personal factors like immigration status, travel history, and the sensitivity of the data you are carrying. Depending on which devices come with you on your trip, your gadgets can include information like your client files for work, your political leanings and those of your friends, and even your tax return. Assessing your risk factors helps you choose a path to proactively protect yourself, which might mean leaving some devices at home, moving some information off of your devices and into the cloud, and using encryption. EFF’s guide also explains why some protections, like fingerprint locking of a phone, are less secure than other methods.
“Border agents have more power than police officers normally do, and people crossing the border have less privacy than they usually expect,” said EFF Staff Attorney Sophia Cope. “Border agents may demand that you unlock your phone, provide your laptop password, or disclose your social media handles. Yet this is where many of us store our most sensitive personal information. We hope this guide makes preparing for your trip and protecting your devices easier and more effective.”
Many travelers are confused about what is legal at the border, and the consequences for running afoul of a border agent can run the gamut from indefinite seizure of your phone and computer, to denial of entry for foreign visitors, although American citizens always have the right to re-enter the country. EFF’s new guide hopes to clear up misinformation while recognizing that there is no “one size fits all” approach to crossing into the United States. In addition to the full report, EFF has also created a pocket guide for helping people concerned with data protection.
“The border is not a Constitution-free zone, but sometimes the rules are less protective of travelers and some border agents can be aggressive,” said EFF Senior Staff Attorney Adam Schwartz. “That can put unprepared travelers in a no-win dilemma at the U.S. border. We need clearer legal protections for everyone, but in the meantime, our report and pocket guides aim to put more power back into the hands of travelers.”
For “Digital Privacy at the U.S. Border”:
For EFF’s pocket guide:
For EFF’s summary of your constitutional rights:
Appeals Court Should Find Warrant Violated Fourth Amendment Protections
Boston—An FBI search warrant used to hack into thousands of computers around the world was unconstitutional, the Electronic Frontier Foundation (EFF) told a federal appeals court today in a case about a controversial criminal investigation that resulted in the largest known government hacking campaign in domestic law enforcement history.
The Constitution requires law enforcement officers seeking a search warrant to show specific evidence of a possible crime, and tie that evidence to specific persons and places they want to search. These fundamental rules protect people from invasions of privacy and police fishing expeditions.
But the government violated those rules while investigating “Playpen,” a child pornography website operating as a Tor hidden service. During the investigation, the FBI secretly seized servers running the website and, in a controversial decision, continued to operate it for two weeks rather than shut it down, allowing thousands of images to be downloaded. While running the site, the bureau began to hack its visitors, sending malware that it called a “Network Investigative Technique” (NIT) to visitors’ computers. The malware was then used to identify users of the site. Ultimately, the FBI hacked into 8,000 devices located in 120 countries around the world. All of this hacking was done on the basis of a single warrant. The FBI charged hundreds of suspects who visited the website, several of whom are challenging the validity of the warrant.
In a filing today in one such case, U.S. v. Levin, EFF and the American Civil Liberties Union of Massachusetts urged the U.S. Court of Appeals for the First Circuit to rule that the warrant is invalid and the searches it authorized unconstitutional because the warrant lacked specifics about who was subject to search and what locations and specific devices should be searched. Because it was running the website, the government was already in possession of information about visitors and their computers. Rather than taking the necessary steps to obtain narrow search warrants using that specific information, the FBI instead sought a single, general warrant to authorize its massive hacking operation. The breadth of that warrant violated the Fourth Amendment.
“No one questions the need for the FBI to investigate serious crimes like child pornography. But even serious crimes can’t justify throwing out our basic constitutional principles. Here, on the basis of a single warrant, the FBI searched 8,000 computers located all over the world. If the FBI tried to get a single warrant to search 8,000 houses, such a request would unquestionably be denied. We can’t let unfamiliar technology and unsavory crimes lead to an erosion of everyone’s Fourth Amendment rights,” said EFF Senior Staff Attorney Mark Rumold.
EFF filed a brief in January in a similar case in the Eighth Circuit Court of Appeals, and will be filing briefs in Playpen cases in the Third and Tenth Circuits in March. Some trial courts have upheld the FBI’s actions in dangerous decisions that, if ultimately upheld, threaten to undermine individuals’ constitutional privacy protections over information on personal computers.
“These cases will be cited for the future expansion of law enforcement hacking in domestic criminal investigations, and the precedent is likely to impact the digital privacy rights of all Internet users for years to come,” said Andrew Crocker, EFF Staff Attorney. “Recent changes to federal rules for issuing warrants may allow the government to hack into thousands of devices at a time. These devices can belong not just to suspected criminals but also to victims of botnets and other hacking crimes. For that reason, courts need to send a very clear message that vague search warrants that lack the required specifics about who and what is to be searched won’t be upheld.”
For the brief:
Supreme Court Must End Texas’ Grip on Patent Cases, Restore Fairness in Court Selection
Washington, D.C.—The Electronic Frontier Foundation (EFF) urged the Supreme Court to overturn a court decision that tilted the scales in favor of patent trolls by making it easier for them to venue shop and file lawsuits in certain courts.
Venue shopping, also called forum shopping, is an insidious practice whereby parties to a lawsuit look for courts with procedures favorable to their cases. Unfortunately, some courts have engaged in an even more insidious practice known as forum selling by actively encouraging patent lawsuits in their districts. For example, a court might adopt plaintiff-friendly procedures and policies that undermine the rights of defendants.
One such court is the Eastern District of Texas, a rural area with almost no manufacturing, research, or technology facilities, where more than one-third of all patent cases in the country were filed last year. That proportion is no accident: patent litigants flock to Texas because the court has put in place a host of procedures that make it difficult for defendants to terminate meritless cases early, while also speeding up the time it takes for cases to go to trial.
Those procedures drive up litigation costs for defendants, which in turn puts more pressure on them to settle cases even if they believe they should win. Such pressure is especially beneficial to patent trolls—companies that don’t make any products but buy up patents, many of questionable validity, in order to file often frivolous infringement lawsuits to extract settlements.
This kind of venue shopping in patent cases was made possible by a 1990 court decision that upended decades-old rules that required patent cases be filed in locations that were fair and convenient to the person being involuntarily brought into court—such as the location of the defendant’s primary place of business. In a filing today in the lawsuit TC Heartland v. Kraft Foods, EFF asked the Supreme Court to overturn the 1990 decision and bring back basic fairness to patent litigation. Kraft Foods, based in Illinois, sued Indiana-based TC Heartland for patent infringement in Delaware, where the defendant has no offices or contracts.
“The Supreme Court can fix a rampant problem in patent law and make the process more fair and balanced. As it stands, many defendants can be hauled into court in any corner of the country, regardless of whether the location has anything to do with either party,” said EFF Staff Attorney Vera Ranieri. “Forum shopping harms all defendants, but it’s especially burdensome for small companies or individuals with limited means to travel to distant places or fight costly lawsuits.”
“Patent owners aren’t the only ones taking advantage of a bad court decision. Forum selling by courts is a black stain on the judicial system. Our courts shouldn’t be tilting the scales so that forum, as opposed to merits, ends up deciding the outcome of a case,” said Ranieri. “Venue shopping and selling drives up the costs of innovation for inventors and erodes trust in our courts. The Supreme Court can and should fix this problem.”
For more on this case:
Foreign Governments Must Be Held Accountable for Wiretapping Americans in the U.S.
Washington, D.C. – On Thursday, February 2, at 9:30 am, the Electronic Frontier Foundation (EFF) and the law firms of Jones Day and Robins Kaplan will urge an appeals court to let an American continue his suit against the Ethiopian government for infecting his computer with custom spyware and monitoring his communications for weeks on end.
With the help of EFF and the Citizen Lab, the plaintiff in this case found Ethiopian government spyware on his personal computer in Maryland several years ago. Our investigation concluded that it was part of a systemic campaign by the Ethiopian government to spy on perceived opponents.
The plaintiff uses the pseudonym of Mr. Kidane in order to protect the safety and wellbeing of his family both in the United States and in Ethiopia. Kidane is a critic of the Ethiopian government, and came to the U.S. over 20 years ago, obtaining asylum and eventually citizenship. He currently lives with his family in Maryland.
Kidane first brought suit against Ethiopia in 2014, but the federal court held that no foreign government could be held accountable for wiretapping an American citizen in his own home, so Kidane appealed to the U.S Court of Appeals for the District of Columbia Circuit. Jones Day partner Richard Martinez will argue Thursday that foreign governments should not be allowed to spy on Americans in America with impunity.
Kidane v. Ethiopia
Thursday, February 2
E. Barrett Prettyman U.S. Courthouse
333 Constitution Ave., NW
Washington, D.C. 20001
D.C. Circuit Courtroom 31
For more on Kidane v. Ethiopia:
EFF Urges Justices to Protect Important ‘Patent Exhaustion’ Doctrine
San Francisco - When you buy a printer cartridge, is it yours? Or can the company control what you do with it, even after you pay your bill and take it home? The Electronic Frontier Foundation (EFF) urged the U.S. Supreme Court today to protect consumers’ property rights in a court case centering on the important “patent exhaustion” doctrine.
In Impression Products, Inc. v. Lexmark International Inc., printer company Lexmark sold printer cartridges with restrictions on refilling and resale. Impression Products acquired used Lexmark ink cartridges and then refilled and resold them, sparking a lawsuit from Lexmark claiming infringement. The Federal Circuit decided in Lexmark’s favor, ruling that a customer’s use of a product can be “restricted” by the patent owner with something as simple as a notice on disposable packaging.
In the amicus brief filed today, EFF—joined by Public Knowledge, AARP and the AARP Foundation, Mozilla, and R Street—argued that “conditional sales” like the ones attempted by Lexmark cannot impose arbitrary conditions on a customer’s use of a product. The Federal Circuit’s incorrect ruling to the contrary goes against the doctrine of “patent exhaustion,” which says that once a patent owner sells a product, it cannot later claim the product’s use or sale is infringing.
“If allowed to stand, the lower court’s decision could block your right to reuse, resell, and tinker with the devices you own,” said EFF Staff Attorney Daniel Nazer, who is also the Mark Cuban Chair to Eliminate Stupid Patents. “Under this theory, consumers could be held liable for infringement for using products purchased legally, and that the patent owner has already been paid for.”
Patent exhaustion has been part of centuries of law upholding the right of individuals to use and resell their possessions. If patent owners can control goods after sale, then all sorts of activities—like security research, reverse engineering, and device modification—would be threatened.
“This trick is straight out of some companies’ wishlists for restricting user rights,” said EFF Staff Attorney Kit Walsh. “They have tried a variety of legal tactics to restrict your ability to repair or resell the things you buy, and to prevent experts from investigating how they work. That includes experts who want to figure out if your devices are secure and respecting your privacy, or who want to build products that can plug in to your devices and make them do new and useful things. We urge the Supreme Court to reaffirm the patent exhaustion doctrine, and protect people’s rights to own and understand the products they’ve purchased.”
For the full amicus brief:
Plaintiffs Don’t Automatically Get to Unmask Anonymous Blogger
Cincinnati—The Electronic Frontier Foundation (EFF) urged a federal appeals court to uphold a judge’s ruling that the identity of an anonymous blogger found to have infringed copyright should remain secret, arguing that courts must balance litigants’ needs to unmask online speakers against the First Amendment protections afforded to those relying on anonymity.
Maintaining one’s anonymity online may be warranted even in cases—like this one—where a court ruled that a blogger infringed a copyright, EFF said in an amicus brief filed with the U.S. Court of Appeal for the Sixth Circuit. The balancing test required by the First Amendment to protect speakers who choose to mask their identity must be applied at every stage of a lawsuit, including after a court finds an anonymous speaker violated the law, EFF said.
EFF believes Signature Management Team LLC v. John Doe marks the first case to consider whether speakers can remain anonymous even after a court rules that they broke the law.
“Plaintiffs don’t get to unmask anonymous bloggers just because they prove liability. The First Amendment requires that judges balance the need for anonymity against the needs of litigants at every stage of a lawsuit,” said Aaron Mackey, EFF Frank Stanton Legal Fellow. “Being able to speak online anonymously allows citizens to air dissenting views without fear of retaliation. Unmasking anonymous bloggers without proper justification can discourage people from speaking out or commenting online, which chills the free speech rights of all Americans.”
The plaintiff is a multi-level marketing (MLM) company that won a judgment against the owner of Amthrax.com, a website and blog that criticizes Amway and other MLM companies. The owner is a former Amway marketer who blogs anonymously. Signature Management sued John Doe for infringing the copyright of its book, which was posted on Amthrax.com.
After a judge ruled its copyright had been infringed, Signature Management sought a court order revealing the identity of John Doe, who feared he would face a slew of abusive comments and threats once his identity was known. The trial judge refused. In doing so, the judge correctly balanced the needs of the plaintiff with the First Amendment protections of the blogger.
For the brief:
President-Elect Threatens Free and Open Internet
San Francisco - In a full-page advertisement in Wired magazine, the Electronic Frontier Foundation (EFF) has a warning for the technology community: “Your threat model just changed.”
EFF’s open letter calls on technologists to secure computer networks against overreaches by the upcoming Trump administration and to protect a free, secure, and open Internet. The January issue of Wired with EFF’s open letter on page 63 hit newsstands today.
“Our goal is to rally everyone who makes digital tools and services to this important cause: protect your technology and networks from censorship and government surveillance,” said EFF Activism Director Rainey Reitman. “The Internet was created to connect and empower people around the world. We cannot let it be conscripted into a tool of oppression. But if we are going to protect the Internet, we need a lot of help. Wired has been looking to the technological future for over two decades, and its readers have the skills we need.”
EFF’s open letter outlines four major ways the technology community can help: using encryption for every user transaction; practicing routine deletion of data logs; revealing publicly any government request to improperly monitor users or censor speech; and joining the fight for user rights in court, in Congress, and beyond.
“EFF has fought for the rights of creators and users since 1990—through four presidential administrations,” said EFF Executive Director Cindy Cohn. “We’ve battled privacy invasions, censorship attempts, and power grabs from Democrats and Republicans alike. Now, President-Elect Trump has promised to increase surveillance, undermine security, and suppress the freedom of the press. But he needs your servers to do this. Join us in securing civil liberties in the digital world, before it’s too late.”
For the full ad in Wired:
For more on how the tech community can defend users:
Privacy Badger 2.0 Blocks Hidden Trackers from Following You Around the Web
San Francisco - The Electronic Frontier Foundation (EFF) today released Privacy Badger 2.0—a free browser extension for Chrome, Firefox, and Opera with new upgrades to help protect shoppers from online tracking.
“If you or your family does holiday shopping on the Internet, it’s likely that advertisers and other data collectors are learning a lot about you and the things you are interested in buying,” said EFF Staff Technologist Cooper Quintin, lead developer of Privacy Badger. “Privacy Badger 2.0 gives you more control over this data collection, spotting many of the sneaky trackers that follow you without your knowledge, and blocking them from transmitting information about you.”
Online trackers are embedded in images, scripts, or advertising on many webpages. Just visiting a page with a tracker can allow it collect a record of the page you are visiting and merge it with a database of what you visited before and after. One of the results of this tracking are the ads that seem to follow you around the web, reflecting your past browsing history. If Privacy Badger spots a tracker following you without your permission, it blocks all content from the tracker or screens out the tracking scripts or cookies.
Hundreds of thousands of users have already installed earlier releases of Privacy Badger. The new version allows you to import and export your data and preferences across browsers, allows for incognito mode, and has an improved experience with many more websites, along with many other upgrades.
“Neither you nor your loved ones should have to sacrifice your privacy to data miners in order to use the Internet,” said Quintin. “Installing Privacy Badger on your family’s computers is a practical and effective way to fight abuses in the online advertising industry, and make your family’s online experience safer and more secure.”
Privacy Badger works in tandem with the Do Not Track (DNT) policy. Users set the DNT flag in their browser settings or by installing Privacy Badger. Privacy Badger won’t block ads or third-party services that promise to honor all DNT requests.
For your free download of Privacy Badger:
Tuesday Hearing in Case With Potentially Significant Implications for Free Speech
Ottawa, Ontario—On Tuesday, Dec. 6, the Electronic Frontier Foundation (EFF) will tell Canada’s highest court that an overbroad court order that censors Google search results for users everywhere violates our rights to freely search the web without government interference.
The court is hearing arguments in Google v. Equustek, a trade secret case in which a British Columbia court issued an order forcing Google to block certain websites from its search results around the world, setting a dangerous precedent for online free expression. Equustek Solutions sued a group of defendants for allegedly misappropriating designs for its routers and selling counterfeit routers online. While Google isn’t a party to the case and had done nothing wrong, Equustek obtained a court order telling the search engine company it must delete search results that directed users to the defendants’ websites, not just in Canada but from all other local domains such Google.com and Google.go.uk. EFF filed a brief in the case siding with Google.
EFF's Canadian counsel, David Wotherspoon of MacPherson Leslie & Tyerman and Daniel Byma of Fasken Martineau DuMoulin, will urge the court to recognize that the order, which puts the private commercial interests of one company ahead of the interests of Internet users worldwide, improperly dismissed free expression concerns. The order issued by the British Columbia court failed to consider international free expression principles, and in particular, how the order would likely run afoul of the First Amendment of the U.S. Constitution and well-established U.S. Internet policy.
Hearing in Google v. Equustek
EFF Canadian Counsel David Wotherspoon of MacPherson Leslie & Tyerman and Daniel Byma of Fasken Martineau DuMoulin
Tuesday, Dec. 6, 9:30 am
Supreme Court of Canada
301 Wellington Street
Ottawa, Ontario K1A OJ1
Potentially Thousands of Communication Providers Received Bad Instructions for Fighting Secrecy Provisions
The Internet Archive published a formerly secret national security letter (NSL) today that includes misinformation about how to contest the accompanying gag order that demanded total secrecy about the request. As a result of the Archive’s challenge to the letter, the FBI has agreed to send clarifications about the law to potentially thousands of communications providers who have received NSLs in the last year and a half.
The NSL issued to the Archive said the library had the right to “make an annual challenge to the nondisclosure requirement.” But in 2015, Congress updated the law to allow for more than one request a year, so that communications providers could speak out about their experience without unneeded delay. Represented by the Electronic Frontier Foundation (EFF), the Archive informed the FBI that it did not have the information the agency was seeking and pointed out the legal error. The FBI agreed to drop the gag order in this case and allow the publication of the NSL.
“The free flow of information is at the heart of the Internet Archive’s work, but by using national security letters in conjunction with unconstitutional gag orders, the FBI is trying to keep us all in the dark,” said Brewster Kahle, founder and digital librarian of the Internet Archive. “Here, it’s even worse: that secrecy helped conceal that the FBI was giving all NSL recipients bad information about their rights. So we especially wanted to make this NSL public to give libraries and other institutions more information and help them protect their users from any improper FBI requests.”
The Archive received this NSL in August, more than a year after Congress changed the law to allow more gag order challenges. In its letter removing the gag order, the FBI acknowledged that it issued other NSLs that included the error, and stated that it will inform all recipients about the mistake. Given that the FBI has said that it issued about 13,000 NSLs last year, thousands of communications providers likely received the false information, and potentially delayed petitioning the court for the right to go public.
“The opaque NSL process—including the lack of oversight by a court—makes it very vulnerable to errors of law. Add to that the routine use of gags and enforced secrecy, and those errors become difficult to find and correct,” said EFF Staff Attorney Andrew Crocker. “We are grateful to the Internet Archive for standing up to the FBI and shining some light on this error. We hope that others who receive the correction will also step forward to have their gags lifted and shine more light on these unconstitutional data collection tools.”
This is the second NSL that the Internet Archive has published after battling with the FBI. In 2007, the Archive received an NSL that exceeded the FBI’s authority to issue demands to libraries. With help from EFF and the American Civil Liberties Union (ACLU), the FBI withdrew the letter and agreed to let the Archive go public in May of 2008.
But many gag orders are still in place. Yesterday, CREDO Mobile confirmed it was at the center of EFF's long-running fight against NSLs after a three-year-old gag order was finally revoked. Along with CREDO's case, EFF is litigating two other challenges to NSL gag orders on behalf of communications providers who are still gagged.
For the national security letter published by the Internet Archive:
For more on the fight against NSLs: