Tuesday Hearing in Case With Potentially Significant Implications for Free Speech
Ottawa, Ontario—On Tuesday, Dec. 6, the Electronic Frontier Foundation (EFF) will tell Canada’s highest court that an overbroad court order that censors Google search results for users everywhere violates our rights to freely search the web without government interference.
The court is hearing arguments in Google v. Equustek, a trade secret case in which a British Columbia court issued an order forcing Google to block certain websites from its search results around the world, setting a dangerous precedent for online free expression. Equustek Solutions sued a group of defendants for allegedly misappropriating designs for its routers and selling counterfeit routers online. While Google isn’t a party to the case and had done nothing wrong, Equustek obtained a court order telling the search engine company it must delete search results that directed users to the defendants’ websites, not just in Canada but from all other local domains such Google.com and Google.go.uk. EFF filed a brief in the case siding with Google.
EFF's Canadian counsel, David Wotherspoon of MacPherson Leslie & Tyerman and Daniel Byma of Fasken Martineau DuMoulin, will urge the court to recognize that the order, which puts the private commercial interests of one company ahead of the interests of Internet users worldwide, improperly dismissed free expression concerns. The order issued by the British Columbia court failed to consider international free expression principles, and in particular, how the order would likely run afoul of the First Amendment of the U.S. Constitution and well-established U.S. Internet policy.
Hearing in Google v. Equustek
EFF Canadian Counsel David Wotherspoon of MacPherson Leslie & Tyerman and Daniel Byma of Fasken Martineau DuMoulin
Tuesday, Dec. 6, 9:30 am
Supreme Court of Canada
301 Wellington Street
Ottawa, Ontario K1A OJ1
Potentially Thousands of Communication Providers Received Bad Instructions for Fighting Secrecy Provisions
The Internet Archive published a formerly secret national security letter (NSL) today that includes misinformation about how to contest the accompanying gag order that demanded total secrecy about the request. As a result of the Archive’s challenge to the letter, the FBI has agreed to send clarifications about the law to potentially thousands of communications providers who have received NSLs in the last year and a half.
The NSL issued to the Archive said the library had the right to “make an annual challenge to the nondisclosure requirement.” But in 2015, Congress updated the law to allow for more than one request a year, so that communications providers could speak out about their experience without unneeded delay. Represented by the Electronic Frontier Foundation (EFF), the Archive informed the FBI that it did not have the information the agency was seeking and pointed out the legal error. The FBI agreed to drop the gag order in this case and allow the publication of the NSL.
“The free flow of information is at the heart of the Internet Archive’s work, but by using national security letters in conjunction with unconstitutional gag orders, the FBI is trying to keep us all in the dark,” said Brewster Kahle, founder and digital librarian of the Internet Archive. “Here, it’s even worse: that secrecy helped conceal that the FBI was giving all NSL recipients bad information about their rights. So we especially wanted to make this NSL public to give libraries and other institutions more information and help them protect their users from any improper FBI requests.”
The Archive received this NSL in August, more than a year after Congress changed the law to allow more gag order challenges. In its letter removing the gag order, the FBI acknowledged that it issued other NSLs that included the error, and stated that it will inform all recipients about the mistake. Given that the FBI has said that it issued about 13,000 NSLs last year, thousands of communications providers likely received the false information, and potentially delayed petitioning the court for the right to go public.
“The opaque NSL process—including the lack of oversight by a court—makes it very vulnerable to errors of law. Add to that the routine use of gags and enforced secrecy, and those errors become difficult to find and correct,” said EFF Staff Attorney Andrew Crocker. “We are grateful to the Internet Archive for standing up to the FBI and shining some light on this error. We hope that others who receive the correction will also step forward to have their gags lifted and shine more light on these unconstitutional data collection tools.”
This is the second NSL that the Internet Archive has published after battling with the FBI. In 2007, the Archive received an NSL that exceeded the FBI’s authority to issue demands to libraries. With help from EFF and the American Civil Liberties Union (ACLU), the FBI withdrew the letter and agreed to let the Archive go public in May of 2008.
But many gag orders are still in place. Yesterday, CREDO Mobile confirmed it was at the center of EFF's long-running fight against NSLs after a three-year-old gag order was finally revoked. Along with CREDO's case, EFF is litigating two other challenges to NSL gag orders on behalf of communications providers who are still gagged.
For the national security letter published by the Internet Archive:
For more on the fight against NSLs:
Mobile Provider Battled Gag Order That Forced It to Keep Customers in the Dark
San Francisco - CREDO Mobile representatives confirmed today that their company was at the center of the long-running legal battle over the constitutionality of national security letters (NSLs), and published the letters the government sent three years ago.
The Electronic Frontier Foundation (EFF) has represented CREDO in this matter since 2013—and the case, bundled with two other NSL challenges, has reached the United States Court of Appeals for the Ninth Circuit. Until now, CREDO was under a gag order, preventing CREDO officials from identifying the company or discussing their role in the case. In March, a district court found that the FBI had failed to demonstrate the need for this gag, and struck it down pending an appeal by the government. But earlier this month, the government decided to drop its appeal of that order, leaving CREDO free to talk about why the legal challenge is important to the company and its customers.
“A founding principle of CREDO is to fight for progressive causes we believe in, and we believe that NSLs are unconstitutional. These letters, and the gag orders that came with them, infringed our free speech rights, blocking us from talking to our members about them or discussing our experience while lawmakers debated NSL reform,” said Ray Morris, CREDO CEO. “We were proud to fight these NSLs all these years, and now we are proud to publish the letters and take full part in the ensuing debate.”
The NSLs statutes have been highly controversial since their use was expanded dramatically by the PATRIOT Act in 2001. Soon after that, internal reviews by the Department of Justice found that they had been widely misused. With an NSL, the FBI—on its own, and without court approval—can issue a secret letter to a communications provider, demanding information about its customers, nearly always accompanied by a gag order. That prevents recipients from notifying users about the NSL or even discussing the letter at all.
While the government has stopped pursuing the NSL gag orders on CREDO in this case, EFF’s two other NSL challenges are still being litigated in the appeals court. EFF’s clients—who still must remain secret—argue that they are being unconstitutionally barred from discussion and debate about government use of NSLs and surveillance reform.
“The FBI issues NSL demands for customer information without a warrant or any court supervision, and slaps on a gag order to make it hard for anyone to complain,” said EFF Staff Attorney Andrew Crocker. “The years-long fight in this case demonstrates the difficulty of challenging these orders, and we’re grateful to CREDO for stepping up for its customers and the public to fight these NSLs.”
CREDO Mobile has been in business for 31 years, originally as Working Assets. CREDO believes in bringing social change through every day acts of commerce. Since its founding, it’s donated $81 million to progressive causes.
For more on this case:
EFF and Visualizing Impact Analyze Reports of Content Moderation Gone Awry
San Francisco - User reports of censorship of social media posts show a deep frustration with companies’ content moderation policies, according to an analysis by Onlinecensorship.org, a project of the Electronic Frontier Foundation (EFF) and Visualizing Impact.
In “Censorship in Context: Insights from Crowdsourced Data on Social Media Censorship,” researchers analyzed reports of content takedowns received from users of Facebook, Google+, Instagram, Twitter, and YouTube from April to November of 2016. At a time when many are asking for more content moderation—like calls for Facebook to crack down on “fake news”—election-related censorship complaints focused on the desire of users to speak their minds and share information about a tight election without worrying that their posts will disappear.
“Social media is where we receive news, debate, and organize. These companies have enormous impact on the public sphere, yet they are still private entities with the ability to curate the information we see and the information we don’t see at their sole discretion,” said Jillian C. York, EFF Director for International Freedom of Expression and co-founder of Onlinecensorship.org. “The user base is what powers these social media tools, yet users are feeling like they don’t have any control or understanding of the system.”
“Censorship in Context” recommends best practices for social media content moderation, including transparency in how company policies are enforced and any available remedies. The researchers also urge strengthening systems of redress when content is removed in error, and doing a better job of educating users about what is acceptable on a given platform and what isn’t.
“Many people depend on Facebook to talk to friends, family, clients, and fans, and to debate the issues of the day,” said Project Strategist Sarah Myers West. “While these companies have the right to set their own rules, the least they can do is to tell everyone how they’re enforced.”
Onlinecensorship.org was launched in November of 2015 to spot trends in content removals and learn how these takedowns impact different communities. The site also includes a guide to appealing a content takedown and hosts a collection of news reports on content moderation practices.
EFF Supports Citizen Journalists’ Role in Reporting on Law Enforcement Use of Force
Philadelphia—In an era when bystander recordings of police shootings have shined a much-needed light on law enforcement activities—greatly contributing to public discussion about police use of force—it’s never been more important to establish that citizen journalists have a free speech right to record and share videos of public police activity, EFF told a federal appeals court today.
“Individuals have the unambiguous right under the First Amendment to record police officers exercising their official duties in public,” said EFF Staff Attorney Sophia Cope. “Bystander videos published online have alerted the public to the use of deadly force in numerous cases—Alton Sterling, Eric Garner, Walter Scott, the list goes on. These recordings have informed the public and elected officials about what is happening on our streets. The Supreme Court has made it clear that the process of taking these photos and videos is protected by the First Amendment as an inherently expressive activity or as a form of information and news gathering, and this is true regardless of the intent of the maker at the time of the recording.”
EFF filed filed an amicus brief today with the U.S. Court of Appeals for the Third Circuit in support of two plaintiffs in consolidated cases, Fields v. City of Pennsylvania and Geraci v. City of Pennsylvania. Both plaintiffs were detained for recording the Philadelphia police in 2012 and 2013. Richard Fields, a Temple University college student, was arrested for photographing about 20 officers breaking up a house party. In a separate incident, Amanda Geraci, was detained and prevented from filming an officer arresting a participant at a public environmental protest. The appeals came after a federal judge improperly ruled earlier this year that individuals have no First Amendment right to record the police unless they do so while also engaging in a verbal confrontation with officers or otherwise expressing an intent to criticize law enforcement.
“The district court decision is wrong and could force people into dangerous altercations with police officers in order to justify recording the police,” said Cope. “Worse, if government is granted the power to restrict recording, it can control what information is available to the public about police conduct. Bystander recordings of police misconduct have repeatedly ensured that these troubling episodes receive the public attention they deserve, and we’re fighting for the right of people to continue playing such a vital role in our democracy.”
For the brief:
High Court Urged To Review Fourth Amendment Cases, Hold Warrantless Cell-Site Data Collection Unconstitutional
Washington, D.C.—Cell phone location data, which can provide an incredibly detailed picture of people’s private lives, implicates our Fourth Amendment rights against unreasonable searches, requiring police to obtain a warrant to gain access, the Electronic Frontier Foundation (EFF) told the Supreme Court today.
Weighing in on separate cases where two courts have applied 1970s-era law to digital communications in the information age, EFF urged the nation’s highest court to step in and establish that Americans have the right to expect location data generated from their cell phones is private and protected by the Constitution against unreasonable searches and seizures.
Cell phones constantly connect to cell towers and antennas—which number in the hundreds of thousands—that handle traffic from an estimated 378 million U.S. cell phone accounts. The data generated about these connections, known as cell-site location information (CSLI), create a highly detailed picture of people’s private lives. We carry our cell phones when we leave our homes each day, when we walk into a therapist or lawyer’s office, visit a gun shop, attend a political meeting or sleep at a friend’s. Location information about these private activities is tracked and stored, for years, by cell service providers.
Defendants in U.S. v. Carpenter and U.S. v. Graham were convicted after police obtained, without warrants, hundreds of days of location data produced by their phones to connect them to crimes. The defendants maintained that the use of CSLI violated their Fourth Amendment rights. But the appeals courts in both cases followed Smith v. Maryland, a Supreme Court decision from 1979, when many Americans used rotary-dial land-line phones. In Smith, the Court said that people who voluntarily give certain information to third-parties—such as banks or the phone company—have no expectation of privacy in this information, and thus the government does not need a warrant to access it.
“Cell phone users don’t voluntarily provide location data to their providers—it happens automatically without their control and is generated whether or not the phone is being used,” said EFF Senior Staff Attorney Jennifer Lynch. “Other federal courts and judges in several states have recognized that the so-called ‘third party doctrine’ doesn’t apply to CSLI. It’s time for the Supreme Court to consider whether a decision it made before the existence of commercial cell phones, which are now ubiquitous and reveal our every move, can still be used to override Fourth Amendment protections.”
In 2014, the high court recognized in a unanimous ruling that the astounding amount of sensitive data stored on modern cell phones requires police to obtain a warrant before accessing data on an arrestee’s device. And in a landmark 2012 decision, the court held that GPS tracking is a search under the Fourth Amendment. Yet police are obtaining extensive historic cell-site information without warrants.
“CLSI can give law enforcement far more information about a person’s movement than GPS tracking—cell phones go everywhere their owners go,” said EFF Staff Attorney Andrew Crocker. “If GPS tracking implicates Americans’ Fourth Amendment rights, prolonged cell-site data collection—which provides sensitive details about where we went, who we met with, and what we did—should also be protected against warrantless searches. We’re asking the court to grant review of these important cases and address the Fourth Amendment privacy implications of CSLI.”
EFF filed identical petitions in U.S. v. Carpenter and U.S. v. Graham.
For the brief:
For more on these cases:
Over 11,000 People Join EFF’s Call to Protect Security Research and Repair
San Francisco - The Electronic Frontier Foundation (EFF) urged the U.S. Copyright Office today to protect the public’s right to research and repair everything from phones to refrigerators to tractors, to support the right of people with print disabilities to convert media into an accessible format, and to restore users’ rights to make fair and lawful uses of the software and media they buy.
EFF’s comments are part of the Copyright Office’s ongoing study into whether the “anti-circumvention” provisions of Section 1201 of the Digital Millennium Copyright Act (DMCA) are working for the public. Section 1201 bans anyone from accessing a copyrighted work when a technology like digital rights management software (DRM) is in place to block access. The law is meant to stop illegal copying, but instead, companies use digital locks in all sorts of products to obstruct those who want to look inside for any reason—blocking competition, innovation, security research, and other legal activities. To vindicate these activities, the public must resort to a burdensome exemption process that allows the digital locks to be broken in certain cases. EFF and a host of other public interest organizations must repeatedly plead for temporary exemptions that expire every three years. Moreover, the law expects users to figure out for themselves how to circumvent digital locks to take advantage of exemptions: no one is allowed to give them the technology to do so.
“We are surrounded by computerized devices: our cars, phones, appliances, and more. Software defines what we are able to do with these devices, whether they are safe and secure, and whether they collect or leak our most private information,” said EFF Staff Attorney Kit Walsh. “Right now, you could be sued or even jailed for trying to understand the software in your devices, or for helping others do the same. That has to change.”
The Copyright Office requested comment on whether Congress should permanently exempt certain activities from Section 1201 liability, or exempt software from the sweep of Section 1201. Exempting software would be progress, as would properly worded exemptions for research, repair, and accessibility. In its comments, EFF encouraged the Copyright Office to move forward with these reforms and provided guidance on how to implement them effectively. These comments were supported by over 11,000 signers of a petition calling for reform.
The proposed exemptions should only be a starting point in reform of Section 1201, since they leave a wide range of speech and innovation at the mercy of the law and its flawed rulemaking process – including remix video, documentary filmmaking, media literacy education, or even basic household activities like backing up videos from a DVR or converting an e-book to work on your phone.
A bill in Congress, the Unlocking Technology Act, would protect everyone who wants to break digital locks for reasons that don’t involve infringing copyright. This simple approach would restore the public’s traditional rights to express themselves by building upon copyrighted works and to tinker with their property. It would also bring the law back in line with the limits required by the Constitution to accommodate free speech.
“Section 1201 is unconstitutional, violating the rights of American researchers, entrepreneurs, artists, and in the end, all of us, ” said EFF Senior Staff Attorney Mitch Stoltz. “It’s been in place for 18 long years, and it’s time for real reform.”
EFF is also challenging provisions of Section 1201 as unconstitutional restraints on free speech. EFF and the law firm of Wilson Sonsini Goodrich & Rosati represent security researcher Dr. Matthew Green, software developer Dr. Andrew “bunnie” Huang, and Alphamax LLC, who want to continue their work without legal threats.
For the full comments to the Copyright Office:
For more on DRM and the DMCA:
Malware Attack Highlights Troubling Outbreak of State-Sponsored Digital Spying
Washington, D.C.—Ethiopia must be held accountable in the United States for an illegal malware and digital spying attack on an American citizen, the Electronic Frontier Foundation (EFF) told a federal appeals court today in a case where a foreign government claims it is immune from liability for wiretapping a man’s Skype calls.
Malicious digital surveillance and malware attacks against perceived political opponents, dissidents, and journalists have become all-too-common tactics used by governments with poor human rights records, such as Ethiopia, Kazakhstan, and Vietnam. When foreign governments carry out these digital attacks on Americans in their homes, violating our wiretapping and privacy laws, their victims must be allowed to take them to court, EFF and its co-counsels said in a filing at the U.S. Court of Appeals for the District of Columbia Circuit.
EFF, Robins Kaplan LLP, and Guernica 37: International Justice Chambers represent a Maryland man whose home computer was infected by state-sponsored malware known as FinSpy. The program recorded his private Skype calls, monitored his web searches and emails, and tracked his family’s use of the computer for weeks. Forensic analysis showed the information was surreptitiously sent to a secret server located in Ethiopia and controlled by the Ethiopian government. EFF’s client is an Ethiopian by birth who is a U.S. citizen and has worked with other members of the Ethiopian diaspora. The courts have allowed him to use the pseudonym Mr. Kidane to protect himself and his family from retaliation.
The spying program unleashed on Mr. Kidane was contained in an attachment to a Microsoft Word document that Mr. Kidane inadvertently opened. A government agent in Ethiopia planted the malware on the Word document, but the program to wiretap his conversations resided on his computer in Maryland and automatically began recording, with no one in Ethiopia having to pull the trigger.
The Ethiopian government, which hasn’t denied it wiretapped Mr. Kidane, won dismissal of a 2014 lawsuit after claiming it has immunity because the malware attack was initiated in Ethiopia and thus outside the reach of U.S. courts. It has made the absurd assertion that spyware—marketed to repressive regimes by companies like Gamma International and Hacking Team—gives countries the ability to invade Americans’ homes, wiretap their conversations, violate their privacy, and face no consequences.
“The court’s decision is out of step with the times and completely ignores how other laws treat computer attacks, allowing a prosecution or lawsuit to be brought where the attacked computer is. The appeals court should overturn this ruling and let Mr. Kidane have his day in court,” said EFF Executive Director Cindy Cohn, “Cybersecurity is one of the most important issues of our time, and when foreign governments invade Americans’ privacy, just as with foreign-based criminals, our laws must let victims like Mr. Kidane go to court to hold them accountable.”
If a foreign state’s agent had placed a recording device in Mr. Kidane’s home or on his telephone line, Mr. Kidane could indisputably sue the government in U.S. courts, said EFF Senior Staff Attorney Nate Cardozo. The fact that Ethiopia used software instead of a person to launch a wiretap attack against Kidane in no way allows the country to evade legal liability.
“Today, all governments have to do to illegally spy on people is purchase the right software,’’ said Cardozo. “The D.C. Circuit should recognize that the malware in this case took the place of a human spy, and reinstate Mr. Kidane’s lawsuit.”
“Giving Ethiopia immunity for state-sponsored hacking would strip away one of the few protections Americans have against cyberattacks by foreign powers,” said Scott Gilmore, counsel at Guernica 37. “The invasion of our client’s home, through his computer, could happen to any of us. We all should have the right to seek justice.”
For more on Kidane v. Ethiopia:
New Reports Show How Vague Laws Can Pave the Way for Human Rights Violations in the Digital Age
San Francisco - The people of Latin America need comprehensive legal reform to protect themselves from unlawful government surveillance, according to a new series of reports published by the Electronic Frontier Foundation (EFF).
The reports apply the “Necessary and Proportionate” Principles to surveillance practices in twelve different countries in Latin America. The Principles—cooperatively written by privacy organizations and advocates worldwide, and launched three years ago at the 24th Session of the United Nations Human Rights Council—act as guidelines for fair and just government surveillance practices to protect the privacy of people around the world.
The reports, released today in partnership with digital rights organizations across the region, conclude that while every Latin American constitution recognizes a right to privacy and data protection, most countries do not implement those rights in a way that fully complies with international human rights standards.
“Current technology allows governments to easily conduct sophisticated and pervasive digital surveillance of ordinary individuals. But just because they can doesn’t mean that they should,” said EFF International Rights Director Katitza Rodríguez. “New surveillance technologies are in widespread use without any specific authorization nor human rights protections in place. Too often, these technologies are cell-site simulators—which intercept cell phone signals by imitating cell towers—or malware, which is software that is used to harm computer users by disrupting computer operation, gathering sensitive information, or gaining access to private computer systems. At the same time, executive regulation authorizing surveillance or mandating data retention are regularly issued without any public discussion or input. Some of those decisions remain secret, including confidential regulations and decrees. All of these activities violate the Necessary and Proportionate Principles for conducting surveillance within the bounds of human rights law.”
The reports, in both Spanish and English, currently cover eight Latin American countries as well as the United States, and include an overall comparative survey for twelve countries in the region, analyzing whether government surveillance is used only when it is prescribed by law, necessary to achieve a legitimate aim, and proportionate to the aim pursued. Overall, secrecy surrounding tactics and prevalence of surveillance is widespread in Latin America, and many countries have yet to develop a culture of transparency reporting by communications providers. Without this transparency, citizens are unable to hold governments accountable for overuse of surveillance technologies.
“The vast amount of digital communications content we create—and the increasing ease with which it can be collected—means that governments are capable of creating profiles of our lives, including things like medical conditions, political viewpoints, and religious affiliations,” said Rodríguez. “Yet laws throughout Latin America and around the world are often vague and ripe for abuse, and there is too much secrecy about what the governments are doing These reports are part of our long-term work to reform global communications surveillance until it comports with human rights standards.”
For more on the Necessary and Proportionate Principles:
EFF Argues that NSL Secrecy Violates First Amendment and Chills Debate on Government Surveillance
San Francisco - An appeals court published redacted briefing by the Electronic Frontier Foundation (EFF) today arguing that national security letters (NSLs) and their accompanying gag orders violate the free speech rights of companies who want to keep their users informed about government surveillance.
EFF represents two service providers in challenging the NSL statutes in front of the United States Court of Appeals for the Ninth Circuit. Most of the proceedings have been sealed since the case began five years ago, but some redacted documents have been released after government approval.
“Just this week we’ve seen Open Whisper Systems—the company behind the Signal messaging service—successfully fight a government gag order attached to a subpoena for customer information. Meanwhile, Yahoo is facing criticism for allowing the government wide-ranging access to its users’ communications,” said EFF Staff Attorney Andrew Crocker. “Our clients want to join this conversation, using their own experiences as a basis to talk about what kind of government surveillance is appropriate and what reform is needed—but NSL gags prevent them from doing so. We’re asking the court to strike down this unconstitutional statute so we can have the robust and inclusive debate that this issue deserves.”
The NSL statutes have been highly controversial since their use was expanded under the USA PATRIOT Act. With an NSL, the FBI—on its own, and without court approval—can issue a secret letter to a communications provider, demanding information about its customers. In this case and nearly all others, the NSL is issued in conjunction with a gag order, preventing the companies from notifying users of the demand or discussing the letter at all. Congress changed some parts of the statute in 2015, but retained the basic elements of the gags. In fact, EFF’s clients still cannot identify themselves publicly or share their experiences as part of the debate over government surveillance of technology services.
“Our clients want to be able to issue accurate transparency reports and talk to their customers about how they try to defend users from overreaching government investigations,” Crocker said. “But instead, the FBI instituted indefinite gag orders to shield its demands for information. This is an unconstitutional restriction of our clients’ First Amendment rights.”
For the full redacted brief:
For more on national security letters:
Worldwide Order To Block Certain Websites Violates Users’ Rights to Freely Search the Web Without Governments Interfering
Ottawa, Ontario—A Canadian court order forcing Google to block certain websites from its search results around the world sets a dangerous precedent for online free expression, the Electronic Frontier Foundation (EFF) said today.
Weighing in on a trade secret case that could have dramatic implications for free speech on the Internet, EFF told the Supreme Court of Canada in a brief that courts should be extremely reluctant to use their authority to decide what users around the world can see on the Internet. A court in British Columbia vastly overstepped, EFF said, when it issued an injunction in 2014 to “disappear” websites that not only applied to Google’s Canada-specific search, Google.ca, but to all of its searches around the world.
“The court’s overbroad ruling against Google, which had done nothing wrong and wasn’t a party in the lawsuit, put the private commercial interests of one company ahead of the interests of Internet users worldwide. That’s wrong and the Supreme Court of Canada should fix it,” said EFF Frank Stanton Legal Fellow Aaron Mackey. “Any request to issue an order in a local legal battle that affects the rights of users around the world should face a very high bar. Such orders may conflict with other nations’ laws and set the stage for authoritarian governments to impose their own speech-restricting laws on the Internet.”
In the underlying case, British Columbia-based Equustek Solutions accused Morgan Jack and others, known as the Datalink defendants, of misappropriating designs for its routers and selling counterfeit routers online. It claimed California-based Google facilitated access to the defendants’ sites. The defendants never appeared in court to challenge the claim, resulting in a default judgment against them. Although Google is not named in the lawsuit, it voluntarily took down specific URLs that directed users to the defendants’ products and ads under the local Google.ca domains. But Equustek wanted more, and the British Columbia court ruled that Google must delete the entire domain from its search results, including from all other local domains such Google.com and Google.go.uk. An appeals court upheld the decision.
EFF’s brief argues that the order issued by the British Columbia court violates both international free expression principles and the First Amendment of the U.S. Constitution.
“The Canadian court order is an overbroad gag on an online speaker’s ability to publish truthful information about websites that are readily accessible on the Internet,” said EFF Staff Attorney Vera Ranieri. “The order also unlawfully restricts Internet users’ rights to access the information on those websites, which has the real potential to chill speech and access to information on the Internet. We hope the Supreme Court of Canada fixes it—and other courts around the world take heed.”
DMCA Provision Violates Author’s First Amendment Right to Publish Research About Computer Security
Washington, D.C.—The Electronic Frontier Foundation (EFF) asked a court Thursday for an order that would prevent the government from prosecuting its client, security researcher Matthew Green, for publishing a book about making computer systems more secure.
Green is writing a book about methods of security research to recognize vulnerabilities in computer systems. This important work helps keep everyone safer by finding weaknesses in computer code running devices critical to our lives—electronic devices, cars, medical record systems, credit card processing, and ATM transactions. Green’s aim is to publish research that can be used to build more secure software.
But publishing the book, tentatively entitled Practical Cryptographic Engineering, could land Green in jail under an onerous and unconstitutional provision of copyright law. To identify security vulnerabilities in a device he has purchased, Green must work directly with copyrighted computer code, bypassing control measures meant to prevent the code from being accessed. Even though this kind of research is traditionally a “fair use” permitted by copyright law, Digital Millennium Copyright Act (DMCA) Section 1201 threatens criminal and civil penalties— including jail time—for performing it or publishing information about the methods of security research. The exemptions Congress included in the 1998 DMCA to protect security researchers from prosecution are vague, limited, and provide inadequate assurance against the serious legal ramifications of Section 1201 lawsuits—something the government itself has acknowledged.
“Under Section 1201, computer researchers can face serious penalties just for selling a book that would help people build better, more secure computer systems,” said EFF Legal Director Corynne McSherry. “As we explained when we filed a legal challenge to the law in July, such penalties violate the First Amendment and threaten ordinary people for publishing research or even talking about circumventing computer code that’s embedded in nearly everything we own. With the lawsuit underway, we’re asking the court to bar the government from prosecuting Dr. Green so he can publish a book that’s clearly in the public interest.”
“If we want our communications and devices to be secure, we need to protect independent security researchers like Dr. Green,” said EFF Staff Attorney Kit Walsh. “Researchers should be encouraged to educate the public and the next generation of computer scientists. Instead, they are threatened by an unconstitutional law that has come unmoored from its original purpose of addressing copyright infringement. We’re going to court to protect everyone whose speech is squelched by this law, starting with Dr. Green and his book.”
EFF filed the Section 1201 lawsuit and Thursday's request for a court order with co-counsel Brian Willen, Stephen Gikow, and Lauren Gallo White of Wilson Sonsini Goodrich & Rosati.
For the motion for preliminary injunction:
For more about this case:
Monday Hearing in Lawsuit Against Public.Resource.Org
Update: This hearing will be held at 9:00 am. In an order issued Friday, the court rescheduled arguments in the case for 9:00 am.
Washington, D.C.—On Monday, September 12, Electronic Frontier Foundation (EFF) Legal Director Corynne McSherry will urge a federal court to confirm that the public has a right to access and share the laws, regulations, and standards that govern us and cannot be blocked by overbroad copyright claims.
The court in Washington, D.C., is hearing arguments in two cases against EFF client Public.Resource.Org, an open records advocacy website. In these suits, several industry groups claim they own copyrights on written standards for building safety and educational testing they helped develop, and can deny or limit public access to them even after the standards have become part of the law. Standards like these that are legal requirements—such as the National Electrical Code—are available only in paper form in Washington, D.C., in expensive printed books, or through a paywall. By posting these documents online, Public.Resource.Org seeks to make these legal requirements more available to the public that must abide by them. The industry groups allege the postings infringe their copyright, even though the standards have been incorporated into government regulations and, therefore, must be free for anyone to view, share, and discuss.
McSherry and co-counsel Andrew Bridges at Fenwick & West will argue at the hearing that our laws belong to all of us and private organizations shouldn’t be allowed to abuse copyright to control who can read, excerpt, or share them. They will be assisted by EFF Senior Staff Attorney Mitch Stoltz and Fenwick & West Associate Matthew Becker.
Hearing in ASTM v. Public.Resource.org and AERA v. Public.Resource.org
EFF Legal Director Corynne McSherry
Monday, September 12, 9:00 am
Courtroom 2, 2nd Floor
U.S. District Court for the District of Columbia
333 Constitution Ave. N.W.
Washington, D.C. 20001
Ignoring Duty to Provide Notice When Invading Users’ Privacy Is Unconstitutional
Seattle, Washington—The Electronic Frontier Foundation (EFF) told a federal court today that the government is violating the U.S. Constitution when it fails to notify people that it has accessed or examined their private communications stored by Internet providers in the cloud.
EFF is supporting Microsoft in its lawsuit challenging portions of the Electronic Communications Privacy Act (ECPA) that allow the Department of Justice (DOJ) to serve a warrant on the company to get access to customers’ emails and other information stored on remote servers—all without telling users their data is being searched or seized. In a brief filed in Microsoft v. Department of Justice in U.S. District Court in Seattle, EFF, joined by Access Now, New America’s Open Technology Institute, and legal scholar Jennifer Granick, said Fourth Amendment protections against unreasonable searches and seizures by the government apply to all of our information—no matter what the format or where it’s located.
“Whether the government has a warrant to rifle through our mail, safety deposit boxes, or emails stored in the cloud, it must notify people about the searches,” said EFF Senior Staff Attorney Lee Tien. “When electronic searches are done in secret, we lose our right to challenge the legality of law enforcement invasions of privacy. The Fourth Amendment doesn’t allow that, and it’s time for the government to step up and respect the Constitution.”
Microsoft sued DOJ earlier this year challenging ECPA provisions enacted 30 years ago, long before the emergence of ubiquitous cloud computing that now plays a vital role in the storage of private communications. The government has used the transition to cloud computing as an opening to conduct secret electronic investigations by serving search warrants on Internet service providers seeking users’ emails, the lawsuit says. The government, which wants the case thrown out, doesn’t let account holders know their data is being accessed because of the unconstitutional ECPA provision, while service providers like Microsoft are gagged from telling customers about the searches.
“When people kept personal letters in a desk drawer at home, they knew if that information was about to be searched because the police had to knock on their door and show a warrant,” said EFF Staff Attorney Sophia Cope. “The fact that today our private emails are kept on a server maintained by an Internet company doesn’t change the government’s obligations under the Fourth Amendment. The Constitution requires law enforcement to tell people they are the target of a search, which enables them to vindicate their rights and provides a free society with a crucial means of government accountability.”
EFF thanks Seattle attorney Venkat Balasubramani of FocalLaw P.C. for his assistance as local counsel.
About this case:
Copyright Holders Must Be Held Accountable For Baseless Takedown Notices
Washington, D.C.—The Electronic Frontier Foundation (EFF) today filed a petition on behalf of its client Stephanie Lenz asking the U.S. Supreme Court to ensure that copyright holders who make unreasonable infringement claims can be held accountable if those claims force lawful speech offline.
Lenz filed the lawsuit that came to be known as the “Dancing Baby” case after she posted—back in 2007—a short video on YouTube of her toddler son in her kitchen. The 29-second recording, which Lenz wanted to share with family and friends, shows her son bouncing along to the Prince song "Let's Go Crazy," which is heard playing in the background. Universal Music Group, which owns the copyright to the Prince song, sent YouTube a notice under the Digital Millennium Copyright Act (DMCA), claiming that the family video was an infringement of the copyright.
EFF sued Universal on Lenz’s behalf, arguing that the company’s claim of infringement didn’t pass the laugh test and was just the kind of improper, abusive DMCA targeting of lawful material that so often threatens free expression on the Internet. The DMCA includes provisions designed to prevent abuse of the takedown process and allows people like Lenz to sue copyright holders for bogus takedowns.
The San Francisco-based U.S. Court of Appeals for the Ninth Circuit last year sided in part with Lenz, ruling that that copyright holders must consider fair use before sending a takedown notice. But the court also held that copyright holders should be held to a purely subjective standard. In other words, senders of false infringement notices could be excused so long as they subjectively believed that the material they targeted was infringing, no matter how unreasonable that belief. Lenz is asking the Supreme Court to overrule that part of the Ninth Circuit’s decision to ensure that the DMCA provides the protections for fair use that Congress intended.
“Rightsholders who force down videos and other online content for alleged infringement—based on nothing more than an unreasonable hunch, or subjective criteria they simply made up—must be held accountable,” said EFF Legal Director Corynne McSherry. “If left standing, the Ninth Circuit’s ruling gives fair users little real protection against private censorship through abuse of the DMCA process.”
For more on Lenz v. Universal:
Ceremony for Honorees on September 21 in San Francisco
San Francisco - The Electronic Frontier Foundation (EFF) is pleased to announce the distinguished winners of the 2016 Pioneer Awards: Malkia Cyril of the Center for Media Justice, data protection activist Max Schrems, the authors of the “Keys Under Doormats” report that counters calls to break encryption, and the lawmakers behind CalECPA—a groundbreaking computer privacy law for Californians.
The award ceremony will be held the evening of September 21 at Delancey Street’s Town Hall Room in San Francisco. The keynote speaker is award-winning investigative journalist Julia Angwin, whose work on corporate invasions of privacy has uncovered the myriad ways companies collect and control personal information. Her recent articles have sought to hold algorithms accountable for the important decisions they make about our lives. Tickets are $65 for current EFF members, or $75 for non-members.
Malkia A. Cyril is the founder and executive director of the Center for Media Justice and co-founder of the Media Action Grassroots Network, a national network of community-based organizations working to ensure racial and economic justice in a digital age. Cyril is one of few leaders of color in the movement for digital rights and freedom, and a leader in the Black Lives Matter Network—helping to bring important technical safeguards and surveillance countermeasures to people across the country who are fighting to reform systemic racism and violence in law enforcement. Cyril is also a prolific writer and public speaker on issues ranging from net neutrality to the communication rights of prisoners. Their comments have been featured in publications like Politico, Motherboard, and Essence Magazine, as well as three documentary films. Cyril is a Prime Movers fellow, a recipient of the 2012 Donald H. McGannon Award for work to advance the roles of women and people of color in the media reform movement, and won the 2015 Hugh Hefner 1st Amendment Award for framing net neutrality as a civil rights issue.
Max Schrems is a data protection activist, lawyer, and author whose lawsuits over U.S. companies’ handling of European Union citizens’ personal information have changed the face of international data privacy. Since 2011 he has worked on the enforcement of EU data protection law, arguing that untargeted wholesale spying by the U.S. government on Internet communications undermines the EU’s strict data protection standards. One lawsuit that reached the European Court of Justice led to the invalidation of the “Safe Harbor” agreement between the U.S. and the EU, forcing governments around the world to grapple with the conflict between U.S. government surveillance practices and the privacy rights of citizens around the world. Another legal challenge is a class action lawsuit with more than 25,000 members currently pending at the Austrian Supreme Court. Schrems is also the founder of “Europe v Facebook,” a group that pushes for social media privacy reform at Facebook and other companies, calling for data collection minimization, opt-in policies instead of opt-outs, and transparency in data collection.
The “Keys Under Doormats” report has been central to grounding the current encryption debates in scientific realities. Published in July of 2015, it emerged just as calls to break encryption with “backdoors” or other access points for law enforcement were becoming pervasive in Congress, but before the issue came into the global spotlight with the FBI’s efforts against Apple earlier this year. “Keys Under Doormats” both reviews the underlying technical considerations of the earlier encryption debate of the 1990s and examines the modern systems realities, creating a compelling, comprehensive, and scientifically grounded argument to protect and extend the availability of encrypted digital information and communications. The authors of the report are all security experts, building the case that weakening encryption for surveillance purposes could never allow for any truly secure digital transactions. The “Keys Under Doormats” authors are Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, and Daniel J. Weitzner. Work on the report was coordinated by the MIT Internet Policy Research Initiative.
CalECPA—the California Electronic Communications Privacy Act—is a landmark law that safeguards privacy and free speech rights. CalECPA requires that a California government entity gets a warrant to search electronic devices or compel access to any electronic information, like email, text messages, documents, metadata, and location information—whether stored on the electronic device itself or online in the “cloud.” CalECPA gave California the strongest digital privacy law in the nation and helps prevent abuses before they happen. In many states without this protection, police routinely claim the authority to search sensitive electronic information about who we are, where we go, and what we do—without a warrant. CalECPA was introduced by California State Senators Mark Leno (D-San Francisco) and Joel Anderson (R-Alpine), who both fought for years to get stronger digital privacy protections for Californians. Leno has been a champion of improved transportation, renewable energy, and equal rights for all, among many other issues. Anderson regularly works across party lines to protect consumer privacy in the digital world.
“We are honored to announce this year’s Pioneer Award winners, and to celebrate the work they have done to make communications private, safe, and secure,” said EFF Executive Director Cindy Cohn. “The Internet is an unprecedented tool for everything from activism to research to commerce, but it will only stay that way if everyone can trust their technology and the systems it relies on. With this group of pioneers, we are building a digital future we can all be proud of.”
Awarded every year since 1992, EFF’s Pioneer Awards recognize the leaders who are extending freedom and innovation on the electronic frontier. Previous honorees have included Aaron Swartz, Citizen Lab, Richard Stallman, and Anita Borg.
Sponsors of the 2016 Pioneer Awards include Adobe, Airbnb, Dropbox, Facebook, and O’Reilly Media.
To buy tickets to the Pioneer Awards:
Consumers Need Warning If Movies, Music, Games Restrict When and How They Are Used
San Francisco - The Electronic Frontier Foundation (EFF) and a coalition of consumer groups, content creators, and publishers asked the Federal Trade Commission (FTC) today to require online retailers to label the ebooks, songs, games, and apps that come with digital locks restricting how consumers can use them.
In a letter sent to the FTC today, the coalition said companies like Amazon, Google, and Apple have a duty to inform consumers if products for sale are locked with some kind of "digital rights management" or DRM. Companies use DRM to purportedly combat copyright infringement, but DRM locks can also block you from watching the movie you bought in New York when you go to Asia on vacation, or limit which devices can play the songs you purchased.
"Without DRM labeling, it’s nearly impossible to figure out which products have digital locks and what restrictions these locks impose," said EFF Special Advisor Cory Doctorow. "We know the public prefers DRM-free e-books and other electronic products, but right now buyers are in the dark about DRM locks when they go to make purchases online. Customers have a right to know about these restrictions before they part with their money, not after."
The letter is accompanied by a request that the FTC investigate and take action on behalf of consumers who find themselves deprived of the enjoyment of their property every day, due to a marketplace where products limited by DRM are sold without adequate notice. The request details the stories of 20 EFF supporters who bought products—ebooks, videos, games, music, devices, even a cat-litter box—that came with DRM that caused them grief. They report that DRM left them with broken, orphaned, or useless devices and in some cases even incapacitated other devices.
The FTC oversees fair packaging and labeling rules that are supposed to prevent consumers from being deceived and facilitate value comparisons. Today’s letter argues that the FTC should require electronic sellers to use a simple, consistent, and straightforward label about DRM locks for digital media. For example, "product detail" lists—which appear on digital product pages and disclose such basic information as serial number, file size, publisher, and whether certain technological features are enabled—should include a category stating whether a product is DRM-free or DRM-restricted. The latter designation should include a link to a clear explanation of the restrictions imposed on the product.
"The use of DRM is controversial among creators, studios, and audiences. What shouldn’t be controversial is the right of consumers to know which products have DRM locks. If car companies made vehicles that only drove on certain streets, they’d have to disclose this to consumers. Likewise, digital media products with DRM restrictions should be clearly labeled," said Doctorow.
Signers of today’s letter include the Consumer Federation of America, Public Knowledge, the Free Software Foundation, McSweeney’s, and No Starch Press.
For the full letter to the FTC about labeling:
For the full letter to the FTC with the stories of people who've been harmed by DRM they weren't informed of:https://www.eff.org/files/2016/08/06/eff_request_for_investigation_re_labeling_drm-limited_products.pdf
Editors Who Exposed Corruption, Political Opponents of Authoritarian Government’s President, and Their Legal Teams Were Sent Malware
San Francisco—Journalists and political activists critical of Kazakhstan’s authoritarian government, along with their family members, lawyers, and associates, have been targets of an online phishing and malware campaign believed to be carried out on behalf of the government of Kazakhstan, according to a new report by the Electronic Frontier Foundation (EFF).
Malware was sent to Irina Petrushova and Alexander Petrushov, publishers of the independent newspaper Respublika, which was forced by the government of Kazakhstan to stop printing after years of exposing corruption but has continued to operate online. Also targeted are family members and attorneys of Mukhtar Ablyazov, co-founder and leader of opposition party Democratic Choice of Kazakhstan, as well as other prominent dissidents.
The campaign—which EFF has called “Operation Manul,” after endangered wild cats found in the grasslands of Kazakhstan—involved sending victims spearphishing emails that tried to trick them into opening documents which would covertly install surveillance software capable of recording keystrokes, recording through the webcam, and more. Some of the software used in the campaign is commercially available to anyone and sells for as little as $40 online.
Spearphishing emails and malware sent to members of the Ablyazov family while they were in exile in Italy may have helped track the whereabouts of Mukhtar Ablyazov’s wife and young daughter. Despite having legal European resident permits, the two were taken into custody in Italy in 2013 and forcibly deported to Kazakhastan. Many targets of the malware campaign are also involved in litigation with the government of Kazakhstan, including the publishers of Respublika noted above. EFF represented Respublika in a U.S. lawsuit during the course of which the government has attempted to censor the site and discover Respublika’s confidential sources
Kazakhstan is a former Soviet republic that heavily restricts freedom of speech and assembly, and where torture is a serious problem, according to Human Rights Watch. The republic was ranked 160 out of 180 countries tracked by Reporters Without Borders for attacks on journalistic freedom and independence.
“The use of malware to spy on and intimidate dissidents beyond their borders is an increasingly common tactic employed by oppressive governments,” said Eva Galperin, Global Policy Analyst at EFF and one of the report’s authors. “As we have seen in places like Syria and Vietnam, journalists and political opposition leaders are being attacked in both the physical and digital worlds. Regimes are turning to covertly installed malware to track, harass, and silence those who seek to expose corruption and inform the public about human rights abuses—especially targets that have moved beyond the regime's sphere of control. Based on available evidence, we believe this campaign is likely to have been carried out on behalf of the government of Kazakhstan.”
EFF researchers, along with technologists at First Look Media and Amnesty International, examined data about suspected espionage groups and found overlaps between Operation Manul and Appin Security Group, an Indian company that has been linked with several other attack campaigns.
“Appin has been linked by cybersecurity firm Norman Shark to cyber-attacks against a Norwegian telecom company, Punjabi separatists, and others," said EFF Staff Technologist Cooper Quintin. “We found that some of the technology infrastructure used in those cyber attacks overlapped with the infrastructure used in Operation Manul. “
“Our research shows that such cheap, commercially available malware can have a real impact on vulnerable populations,” said Galperin. “Much of the past research in this area has exposed campaigns carried out by governments using spy software which they have purchased. In this case, the evidence suggests that the government of Kazakhstan hired a company to carry out the attacks on their behalf.”
Thursday Hearing in EFF’s Case Against Patent That Threatened Podcasting
Washington, D.C.—The Electronic Frontier Foundation (EFF) will urge a federal appeals court at a hearing Thursday to find that the U.S. Patent and Trademark Office (USPTO) correctly invalidated key claims of a patent owned by Personal Audio, which had used the patent to threaten podcasters big and small.
EFF is defending a USPTO ruling it won last year in its petition challenging the validity of key claims of Personal Audio’s patent. EFF argued, and the USPTO agreed, that the claimed invention existed before Personal Audio filed its patent application.
Personal Audio maintained that it invented the process of updating a website regularly with new, related content creating a series of episodes—basically podcasting—in 1996. Personal Audio began sending letters to podcasters in 2013, demanding licensing fees from creators such as comedian Adam Carolla and three major television networks. In its challenge to the patent, EFF showed that putting a series of episodes online for everyone to enjoy was not a new idea when the patent application was filed.
Personal Audio asked the U.S. Court of Appeals for the Federal District in Washington D.C. to overturn the USPTO ruling. At a hearing on Thursday, EFF's pro bono counsel will ask the court to reject Personal Audio’s argument that the USPTO erred when it invalidated the patent claims.
What: Court hearing in Personal Audio LLC v. Electronic Frontier Foundation
When: Thursday, August 4, 10 am
Where: U.S. Court of Appeals for the Federal Circuit
Courtroom 401, Panel J
717 Madison Place, N.W.
Washington, D.C. 20439
For more on EFF’s Personal Audio challenge:
Future of Technology and How It’s Used Is At Stake
Washington D.C.—The Electronic Frontier Foundation (EFF) sued the U.S. government today on behalf of technology creators and researchers to overturn onerous provisions of copyright law that violate the First Amendment.
EFF’s lawsuit, filed with co-counsel Brian Willen, Stephen Gikow, and Lauren Gallo White of Wilson Sonsini Goodrich & Rosati, challenges the anti-circumvention and anti-trafficking provisions of the 18-year-old Digital Millennium Copyright Act (DMCA). These provisions—contained in Section 1201 of the DMCA—make it unlawful for people to get around the software that restricts access to lawfully-purchased copyrighted material, such as films, songs, and the computer code that controls vehicles, devices, and appliances. This ban applies even where people want to make noninfringing fair uses of the materials they are accessing.
Ostensibly enacted to fight music and movie piracy, Section 1201 has long served to restrict people’s ability to access, use, and even speak out about copyrighted materials—including the software that is increasingly embedded in everyday things. The law imposes a legal cloud over our rights to tinker with or repair the devices we own, to convert videos so that they can play on multiple platforms, remix a video, or conduct independent security research that would reveal dangerous security flaws in our computers, cars, and medical devices. It criminalizes the creation of tools to let people access and use those materials.
Copyright law is supposed to exist in harmony with the First Amendment. But the prospect of costly legal battles or criminal prosecution stymies creators, academics, inventors, and researchers. In the complaint filed today in U.S. District Court in Washington D.C., EFF argues that this violates their First Amendment right to freedom of expression.
“The creative process requires building on what has come before, and the First Amendment preserves our right to transform creative works to express a new message, and to research and talk about the computer code that controls so much of our world,” said EFF Staff Attorney Kit Walsh. “Section 1201 threatens ordinary people with financial ruin or even a prison sentence for exercising those freedoms, and that cannot stand.”
EFF is representing plaintiff Andrew “bunnie” Huang, a prominent computer scientist and inventor, and his company Alphamax LLC, where he is developing devices for editing digital video streams. Those products would enable people to make innovative uses of their paid video content, such as captioning a presidential debate with a running Twitter comment field or enabling remixes of high-definition video. But using or offering this technology could run afoul of Section 1201.
“Section 1201 prevents the act of creation from being spontaneous,’’ said Huang. “Nascent 1201-free ecosystems outside the U.S. are leading indicators of how far behind the next generations of Americans will be if we don’t end this DMCA censorship. I was born into a 1201-free world, and our future generations deserve that same freedom of thought and expression.”
EFF is also representing plaintiff Matthew Green, a computer security researcher at Johns Hopkins University who wants to make sure that we all can trust the devices that we count on to communicate, underpin our financial transactions, and secure our most private medical information. Despite this work being vital for all Americans' safety, Green had to seek an exemption from the Library of Congress last year for his security research.
“The government cannot broadly ban protected speech and then grant a government official excessive discretion to pick what speech will be permitted, particularly when the rulemaking process is so onerous,” said Walsh. “If future generations are going to be able to understand and control their own machines, and to participate fully in making rather than simply consuming culture, Section 1201 has to go.”
For the complaint:
Iris Scans, Palm Prints, Face Recognition Data, and More Collected From Millions of Innocent Citizens
San Francisco—The FBI, which has created a massive database of biometric information on millions of Americans never involved in a crime, mustn’t be allowed to shield this trove of personal information from Privacy Act rules that let people learn what data the government has on them and restrict how it can be used.
The Electronic Frontier Foundation (EFF) filed comments today with the FBI, on behalf of itself and six civil liberties groups, objecting to the agency’s request to exempt the Next Generation Identification (NGI) database from key provisions of federal privacy regulations that protect personal data from misuse and abuse. The FBI has amassed this database with little congressional and public oversight, failed for years to provide basic information about NGI as required by law, and dragged its feet to disclose—again, as required by law—a detailed description of the records and its policies for maintaining them. Now it wants to be exempt from even the most basic notice and data correction requirements.
NGI includes prints and face recognition data from millions of everyday people who’ve committed no crime but have had their biometric data collected when they needed a background check for a job, applied for welfare benefits, registered for immigration, or obtained state licenses to be a teacher, realtor, or dentist. For example, NGI holds millions of photographs searchable through facial recognition and accessible by 20,000 foreign, federal, state, and municipal-level law enforcement agencies.
The public’s understanding of the FBI’s collection of biometric information is only now coming to light because the agency has been less than forthcoming about its data gathering. In June, the Government Accountability Office published an exhaustive report revealing that the FBI has access to hundreds of millions more photos of Americans than we ever thought and has been hiding that from the public in violation of federal and agency laws for years. Previously, many believed that NGI just contained criminal case records such as fingerprints and mug shots collected during arrests.
“The FBI has sidestepped the Privacy Act as it has expanded NGI, essentially saying ‘just trust us’ with highly personal and private data,” said EFF Senior Staff Attorney Jennifer Lynch. “But the FBI hasn’t proved itself to be worthy of the public’s trust. Exempting NGI from the Privacy Act will eliminate our rights to access our own records and take action against the government when it make mistakes with that data. The Privacy Act is only the barest of protection for Americans, but the FBI wants to escape from even that basic responsibility.”
The FBI refuses to recognize accuracy is an issue with face recognition or to publish any data on NGI’s accuracy rates. However, research has shown that face recognition misidentifies African Americans, ethnic minorities, women, and young people at higher rates than whites and men. This means that potential errors within NGI will likely impact people of color more frequently, especially because FBI databases include a disproportionate number of African Americans, Latinos and immigrants, thanks to well-documented racial bias among law enforcement.
This is why it’s particularly important that people be able to use the Privacy Act to learn about NGI—it ensures that people can access records the FBI has on them and allows them to take the FBI to court, if needed, to correct any inaccurate information.
“Over 2,000 Americans have signed an EFF petition objecting to the FBI’s exemption proposal, including the vague, incomplete explanation of how the FBI is maintaining our private records,” said Lynch. “Our message to the FBI is that citizens deserve the right to know what information it has on them, and the bureau must be obligated to correct inaccurate data. Its attempt to skirt these rules must be rejected.”
EFF was joined in its comments by American Civil Liberties Union, Advocacy for Principled Action in Government, Council on Arab-Islamic Relations (CAIR), Fight for the Future, National Immigration Law Center, and National Immigration Project of the National Lawyers Guild.
For our comments:
Changes to Rule 41 Will Greatly Increase Law Enforcement Hacking, Surveillance
San Francisco—The Electronic Frontier Foundation (EFF), the Tor Project, and dozens of other organizations are calling today on citizens and website operators to take action to block a new rule pushed by the U.S. Justice Department that would greatly expand the government’s ability to hack users’ computers and interfere with anonymity on the web.
EFF and over 40 partner organizations are holding a day of action for a new campaign—noglobalwarrants.org—to engage citizens about the dangers of Rule 41 and push U.S. lawmakers to oppose it. The process for updating these rules—which govern federal criminal court processes—was intended to deal exclusively with procedural issues. But this year a U.S. judicial committee approved changes in the rule that will expand judicial authority to grant warrants for government hacking.
“The government is attempting to use a process designed for procedural changes to expand its investigatory powers,” said EFF Activism Director Rainey Reitman. “Make no mistake: these changes to Rule 41 will result in a dramatic increase in government hacking. The government is trying to avoid scrutiny and sneak these new powers past the public and Congress through an obscure administrative process.”
Right now, Rule 41 only authorizes federal magistrate judges to issue warrants to conduct searches in the judicial district where the magistrate is located. The new Rule 41 would for the first time authorize magistrates to issue warrants when “technological means,” like Tor or virtual private networks (VPNs), are obscuring the location of a computer. In these circumstances, the rule changes would authorize warrants to remotely access, search, seize, or copy data on computers, wherever in the world they are located.
“Tor users worldwide could be affected by these new rules,” said Kate Krauss, Director of Public Policy and Communications for the Tor Project. “Tor is used by journalists, members of Congress, diplomats, and human rights activists who urgently need its protection to safeguard their privacy and security—but these rules will give the Justice Department new authority to snoop into their computers."
The changes to Rule 41 would also take the unprecedented step of allowing a court to issue a warrant to hack into the computers of innocent Internet users who are themselves victims of a botnet, EFF and its partners said in a letter to members of Congress today.
EFF and its partners launched noglobalwarrants.org, a campaign page outlining problems with the changes to Rule 41 and listing over 40 Internet companies, digital privacy providers, and public interest groups that support the project. The coalition is asking website owners to embed on their sites unique code that will display a banner allowing people to email members of Congress or sign a petition opposing Rule 41. The groups are also calling on citizens to speak out against Rule 41 on social media and blogs. The aim is to send a message to Congress that it should not authorize this expansion of government hacking and must reject Rule 41 changes.
For the coalition letter:
‘Total Profits’ Damage Awards For Infringing Design Patents Are Excessive, Unfair
Washington, D.C.—The Electronic Frontier Foundation (EFF) asked the U.S. Supreme Court today to reverse a ruling that required Samsung to pay Apple all the profits it earned from smartphones that infringed three basic design patents owned by the iPhone maker.
The $399-million damage award against Samsung, upheld by the United States Court of Appeals for the Federal Circuit in the Apple v. Samsung patent lawsuit, should be thrown out, EFF told the court in an amicus brief filed today with Public Knowledge and The R Street Institute. Forcing defendants to give up 100% of their profits for infringing designs that may only marginally contribute to a product’s overall look and functionality will encourage frivolous lawsuits and lead to excessive damage awards that will raise prices for consumers and deter innovation.
The smartphone design patents at issue in the case include a black rectangular front face with round corners, another for a similar face with a rim and a colorful grid of 16 icons.
"The patent system is supposed to offer fair reward for inventors, not excessive, unfair compensation that threatens our access to technology,” said Vera Ranieri, EFF Staff Attorney. "Such massive windfalls for patent holders will encourage more frivolous lawsuits."
A jury in 2012 held that Samsung’s phones infringed Apple’s utility and design patents; Apple was originally granted $1.05 billion in damages—that amount was later reduced. Samsung appealed to the Federal Circuit, which interpreted, wrongly EFF asserts, that under the Patent Act patent owners are entitled to the entire profit from products that use the patented design. Samsung, EFF, and other technology companies and public interest groups sought and won Supreme Court review of the case.
A more balanced alternative to the improper "winner takes all" approach adopted by the Federal Circuit would be to base damages on how much the infringing designs contributed to the overall value of the smartphones Samsung sold, EFF said.
If the Federal Circuit’s decision is allowed to stand it will create incentives for more design patent lawsuits to flood the courts. Any product or technology that may infringe on a design patent—regardless of whether the infringed design contributes just 1% of the value of a complex product and or whether the patent was intentionally infringed—could trigger the “total profit” rule and allow the patent holder claim 100% of all the profits from the product.
"The Federal Circuit’s reading of the Patent Act was flawed, and we’re asking the Supreme Court to adopt an interpretation that more appropriately balances the interests of patent holders, the industry, and the public," said Ranieri. "There’s good reason to believe that the Federal Circuit’s interpretation will create a cottage industry of abusive patent lawsuits that will enrich clever lawyers at the expense of the public."
Serial Troll Tries To Extort Money From Mail-Order Business with Frivolous Infringement Claims
West Palm Beach, Florida—The Electronic Frontier Foundation (EFF) filed a lawsuit today against a well-known patent troll that tried to shake down a small business owner for tens of thousands of dollars on bogus claims of infringement on patents that were never used and were expired or invalid.
Defendant Shipping & Transit LLC has filed hundreds of lawsuits asserting frivolous patent infringement claims as part of its business model to intimidate and extort money from people, EFF alleged in a complaint filed with co-counsel Julie Turner of California-based Turner Boyd and Matthew Sarelson with Miami-based Kaplan Young & Moll Parrón. Shipping & Transit sends out letters accusing businesses of patent infringement and demanding thousands of dollars to license the patents or settle the matter. It then routinely sues those who don’t pay up to extort “nuisance value” settlements.
In a lawsuit filed in the U.S. District Court for the Southern District of Florida, EFF is representing Jason Cugle, who last year began running a small business selling accessories for electronic cigarettes. Cugle, a Maryland resident, received a letter accusing his company and website (Triple7vaping.com) of violating Shipping & Transit’s patents, which relate to ideas for monitoring and reporting the status of delivery vehicles. Cugle simply sent customer shipments through the U.S. Postal Service (USPS) and manually emailed each customer a message saying the package had been shipped and providing the USPS tracking number. Florida-based Shipping & Transit claims its patents cover a variety of methods of notifying people when a vehicle is about to reach its destination, including Cugle’s.
“The claims are absurd. Not only did three of the four patents expire two years before Mr. Cugle started his mail order business, they are not valid in the first place and he hasn’t infringed anything,” said EFF Staff Attorney Vera Ranieri. “What is worse, Shipping & Transit tried to force Mr. Cugle to sign a vaguely-worded affidavit swearing that he wasn’t using ‘monitoring systems’ and threatened him with a document that made it look like there was a lawsuit against him, though the complaint wasn’t filed in any court. These are the tactics of patent trolls who hope to intimidate and bully innocent people and businesses into paying them money to avoid the high costs of a lawsuit.”
Shipping & Transit used to be known as ArrivalStar, a notorious patent troll that sued towns and cities claiming that notifying citizens when a bus was due to arrive infringed its patents.
“Filing complaints in bad faith, asserting infringement of unenforceable patents, falsely accusing people of infringing, and abusing the court system to wrangle settlements out of people violate Maryland law,” said Ranieri. “We are asking the court to hold Shipping & Transit accountable for its improper tactics, and also rule that the patents aren’t valid and were not infringed. Shipping & Transit’s baseless patent infringement claims and shady tactics must be stopped.”
For the complaint:
Broadband Providers Have Unique Ability to Spy on Customers
San Francisco - The Electronic Frontier Foundation (EFF) urged the Federal Communications Commission (FCC) today to update privacy rules to prevent broadband Internet access service providers from recording and sharing their customers’ every move online.
EFF’s comments are part of the FCC’s rulemaking on consumer privacy and telecommunications services. As broadband providers are uniquely positioned to track every communication and activity—often in real time—the FCC is proposing to update current telecom policy to protect the privacy and security of consumers.
As part of this update, EFF calls on the FCC to enact rules that clearly protect customers’ confidentiality, curtailing data collection to only what is needed to provide Internet access. The current FCC plan includes a tiered consent system, allowing for “implied approval” for sharing personal information, as well as some “opt-in” and “opt-out” sharing. But “implied approval” amounts to treating “no approval” as “approval.” That opens the door to scores of other companies getting information about your online activities without your consent.
“Many decisions about what to do with personal data are done behind customers’ backs, exposing their information to marketers and data brokers without any transparency in the process,” said EFF Staff Technologist Jeremy Gillula. “To protect privacy, you have to have true consent, along with clear data sharing policies and retention and deletion practices. We are asking the FCC to make sure that customers have real control, instead of just an illusion of it.”
Furthermore, EFF advised the FCC to prohibit broadband companies from offering financial inducements in exchange for consent to collect and share personal information.
“Privacy isn’t just for people who can afford it,” said EFF Legislative Counsel Ernesto Falcon. “Customers often don’t understand the implications of giving up personal information—and telecoms aren’t eager to explain the situation clearly—and that’s simply unfair.”
For the full comments to the FCC:
User Advocates, Tech Companies, and Studios Debate Impact of Copyright Law on the ‘Internet of Things’
San Francisco—On Tuesday and Wednesday, May 24-25, Electronic Frontier Foundation (EFF) Staff Attorney Kit Walsh and Senior Staff Attorney Mitch Stoltz will participate in public roundtable discussions about the impact of U.S. copyright law on freedoms to investigate and improve the software embedded in everyday products, devices, and appliances.
The discussions, being held at University of California Hastings College of the Law in San Francisco, are hosted by the U.S. Copyright Office, which is studying copyright issues related to the “Internet of Things” and the consequences of Section 1201 of the Digital Millennium Copyright Act (). Section 1201, while intended to prevent infringement of copyrighted media, has also blocked people from accessing software that controls everything from their mobile phones and video games to cars and insulin pumps.
Section 1201 was enacted to combat copyright infringement of digital works by making it unlawful to circumvent access controls on those works, such as the encryption on a DVD. Because of the broad definition of a copyrighted work, however, Section 1201 gives legal teeth to manufacturers who want to lock product owners out of the ability to tinker with, repair, or modify their own software-enabled devices. The restrictions have also prevented independent researchers from evaluating the software in cars and other devices for impacts on security, safety, privacy, and even the environment.
At the roundtable discussions, Walsh will speak about how overly-broad copyright restrictions on everyday products combine with one-sided end user license agreements to frustrate user freedom, research, and innovation. Stoltz will speak about Section 1201's overreaching restriction on circumventing technologies that control devices and products, and the burdensome, every-three-year procedure to get exemptions from Section 1201.
U.S. Copyright Office Roundtables for Software-Enabled Computer Products and Section 1201 Studies
EFF Staff Attorney Kit Walsh
EFF Senor Staff Attorney Mitch Stoltz
Tuesday, May 24, 9 am to 2:45 pm
Wednesday, May 25, 9 am to 4:15 pm
UC Hastings College of the Law
Alumni Reception Center
200 McAllister St.
San Francisco, CA 94102
Wikileaks Prosecution Included Unfair Charge Under CFAA
Fort Belvoir, Virginia—The Electronic Frontier Foundation (EFF) asked a U.S. Army Court of Criminal Appeals Wednesday to overturn Chelsea Manning’s conviction for violating the Computer Fraud and Abuse Act (CFAA), arguing that the law is intended to punish people for breaking into computers systems—something Manning didn’t do.
Manning is serving a 35-year sentence for her role in the release of approximately 700,000 military and diplomatic records to Wikileaks. She was convicted of 19 counts in all, including one under the CFAA. Her CFAA conviction stems from using unauthorized software to access a State Department database, which was prohibited by the database’s acceptable use policy.
The CFAA makes it illegal to intentionally access a computer connected to the Internet without authorization, but it doesn’t specify what “without authorization” means. Although the CFAA is aimed at computer break-ins, data theft, and destruction of computer systems, overzealous prosecutors have taken advantage of the law’s vague language to bring criminal charges that go beyond Congress’s anti-“hacking” purpose.
"Congress intended to criminalize the act of accessing a computer that you aren’t authorized to access, such as breaking into a corporate computer to steal user data or trade secrets or to spread viruses. The law should not be used to turn a violation of an employer’s computer use restrictions into a federal crime. That’s what happened here," said EFF Legal Fellow Jamie Williams.
In an amicus brief filed Wednesday, EFF told the U.S. Army Court of Criminal Appeals that violating a written policy, which restricted Manning from using unauthorized software to access a State Department database, is not a crime under the CFAA. Because most employers impose one-sided computer use policies on their employees, such an interpretation would potentially turn millions of Americans into criminals on the basis of innocuous activities, like browsing Facebook or viewing online sports scores at work in violation of company policy.
"Three federal circuit courts have recognized that violating computer use policies isn’t a crime under the CFAA, and we’re urging the Army court to follow suit,” said EFF Staff Attorney Andrew Crocker. “We have also urged Congress to adopt Aaron’s Law, named after late programmer and activist Aaron Swartz, who faced CFAA charges. The law which would ensure that people won't face criminal liability for violating terms of service agreements or other solely contractual agreements.”
The Center for Democracy & Technology and the National Association of Criminal Defense Lawyers joined EFF in filing the brief.
For our amicus brief:
Correction: an earlier version of this press release misstated the number of documents leaked. It's approximately 700,000 records.
Government Withholding Records About ‘Walled Off’ Law Enforcement Program
Update: This hearing has been vacated. In an order issued late Tuesday, the judge asked for supplemental briefing from the parties. A new hearing date may be set once that briefing is complete.
San Francisco – On Thursday, May 19, at 10 am, the Electronic Frontier Foundation (EFF) will urge a federal judge to let the public see records about “Hemisphere,” a massive drug enforcement database containing decades of telephone metadata.
Reporters at the New York Times uncovered the Hemisphere program in 2013. Funded by the Drug Enforcement Agency (DEA) and the White House’s Office of National Drug Control Policy, Hemisphere places AT&T employees inside law enforcement agencies to facilitate quick access to call records data—including who called who, when, and how long they spoke—typically without any court oversight. The New York Times found that investigators were encouraged to keep Hemisphere “under the radar” by using “parallel subpoenas” and then “walling off” Hemisphere information from public scrutiny.
EFF filed a Freedom of Information Act (FOIA) request to learn more about the program and how it was used by law enforcement, but the government released only a small amount of heavily redacted records in response. At Thursday's hearing, EFF Senior Staff Attorney Adam Schwartz will argue that the government must stop misusing public records law to hide information about Hemisphere.
Electronic Frontier Foundation v. Department of Justice
EFF Senior Staff Attorney Adam Schwartz
Thursday, May 19
United States District Court
450 Golden Gate Avenue, 15th Floor, Courtroom B
San Francisco, CA
For more about Hemisphere and EFF’s FOIA lawsuit:
User Advocates, Studios, Artists, Tech Companies Debate DMCA Protections
San Francisco—On Thursday and Friday, May 12-13, Electronic Frontier Foundation (EFF) Legal Director Corynne McSherry will participate in public roundtable discussions about the effectiveness of safe harbor provisions of the Digital Millennium Copyright Act (DMCA) at the United States Ninth Circuit James R. Browning Courthouse in San Francisco. The discussions are hosted by the U.S. Copyright Office, which is studying how the provisions impact copyright owners, internet service providers (ISPs) and users—including the ongoing problem of takedown abuse.
Congress passed the provisions—known as Section 512—two decades ago to establish safe harbors that allow service providers to avoid liability for copyright infringing material. Innovation, creativity, and free expression on the Internet are thriving as a result. Section 512 safe harbors have been essential to the modern Internet; without them we couldn’t have a YouTube, a Twitter, a Facebook or whatever comes next.
At the roundtable discussions McSherry will speak about continued takedown abuses, including problems with automated systems and filters for flagging and removing content. She will also discuss EFF’s opposition to proposals requiring ISPs to permanently remove allegedly infringing content, which would amount to the kind of Internet blacklist contemplated by the congressional bills SOPA and PIPA, both promoted by Hollywood but soundly defeated in 2012.
U.S. Copyright Office Section 512 Study Roundtable
EFF Legal Director Corynne McSherry
Thursday, May 12, 9 a.m. and 1:30 p.m.
Friday, May 13, 1:30 p.m.
United States Court of Appeals for the Ninth Circuit
James R. Browning Courthouse
95 Seventh St.
San Francisco, California
EFF’s ‘Who Has Your Back’ Report Takes on Uber, Taskrabbit, Airbnb, and More
San Francisco - The “sharing” or “gig” economy is booming—you can get rides with companies like Uber, hire people to run errands with services like Taskrabbit, or find a place to stay on websites like Airbnb. These companies connect people offering services to people purchasing them, and in the process they have access to vast amounts of personal data. But how well do these companies protect your information from the government? The sixth annual “Who Has Your Back” report from the Electronic Frontier Foundation (EFF) surveyed the biggest providers in the gig economy to find out.
“These companies collect information on what you buy, where you sleep, and where you travel—whether you are offering services, or purchasing them,” said EFF Activism Director Rainey Reitman. “Often they go even further, collecting contents of communications and geolocation information from your cell phone. But are these companies respecting their users’ rights when the government comes knocking? For much of the gig economy, the answer is no.”
This year’s report analyzed ten companies, and only Uber and Lyft earned credit in all the categories we assessed, including transparency around government access requests, advocacy on the federal level for user privacy, and commitment to providing users with notice about law enforcement data requests. FlipKey, Airbnb, and Instacart also received stars in some categories, but Getaround, Postmates, Taskrabbit, Turo, and VRBO received no credit in any category.
“We see a clear trend in our report: while some sharing economy companies have prioritized standing up for user privacy in the face of government demands, many others have not,” said EFF Senior Staff Attorney Nate Cardozo. “This is a wake-up call to the gig economy companies and the people who use them. It’s time for these services to catch up with the rest of the industry and safeguard our data from government overreach—ensuring that law enforcement access to this trove of information is fair, just, and only in accordance with the rule of law.”
EFF has published its Who Has Your Back report—an annual overview of the public policies and practices of major technology and communications companies in response to law enforcement requests—for six years. While no company achieved credit in every category in the first report back in 2011, more than half of the companies got stars in four or five categories in 2015, and 23 of 24 followed industry best practices. As the first set of companies we looked at has improved so substantially, we decided it was time to turn to the sharing economy.
“Shifts in industry momentum can take time. It took several years before we saw widespread adoption of the best practices promoted in our first Who Has Your Back reports,” said EFF Deputy Executive Director Kurt Opsahl. “The users are the lifeblood of these companies, and next year’s report will provide them an opportunity to adopt best practices and stand up for the people who make their businesses work.”
For the full Who Has Your Back report:
Copyright Laws Are No Obstacle to New Devices, Despite Cable Company Claims
Washington, D.C.—The Electronic Frontier Foundation (EFF) urged the Federal Communications Commission (FCC) to adopt robust, consumer-friendly “Unlock the Box” rules that will give Americans access to more innovative, useful, and creative devices and software for watching pay cable and satellite television.
The FCC’s proposed “Unlock the Box” rules will allow any manufacturer to create and market devices or apps that will connect consumers to their cable or satellite TV feeds. The proposal will lead to a new generation of navigation devices that let viewers search and play shows on cable, online services, or over-the-air broadcasts from a single clicker, app, or box.
“Unlock the Box” is a long-overdue effort to open up the closed world of TV set-top boxes to competition. For decades pay-TV customers have had no choice but to rent set-top boxes—and while the cost of the TVs and computers they use for viewing has dropped by 90 percent, the cost of cable set-top boxes that often contain three-generations-old technology have risen 185 percent. Recently, some pay-TV companies have begun making some programming available through apps on other devices, but they remain in complete control of the design and function of those apps, while competitors are locked out.
In comments to the FCC today, EFF urged adoption of “Unlock the Box” rules that maintain user privacy, allow testing by security researchers, and steer clear of loopholes that would enable cable and satellite TV companies to use copyright and other laws to maintain control over consumer devices for navigating TV viewing.
“Clunky, technologically-backwards rental set-top boxes that cost consumers an average of $231 a year and earn billions for cable companies are a frozen artifact of a bygone era. A handful of companies now maintain a monopoly over how consumers access the programming they pay for,’’ said EFF Senior Staff Attorney Mitch Stoltz. “Competition will drive innovation in features and allow consumers to vote with their dollars for devices that are easier to use, have more sophisticated search functions, and integrate multiple sources of programming.”
Cable and satellite companies, movie studios and other major media companies allege “Unlock the Box” rules will lead to unauthorized access to their content, and that building tools for finding and viewing TV content should require permission.
This is nonsense, EFF told the FCC today. The proposed rules don’t permit consumers to access content they haven’t paid for or authorize copying or distribution of TV programming. Copyright laws don’t give rightsholders the power to control the features of your home video devices, or to dictate how you can find and watch the programming that you pay for.
EFF is also urging the FCC to ensure that manufactures of new navigation tools are subject to strong privacy standards that will give consumers the same protections they currently have. EFF warned against giving cable and satellite TV companies authority to decide which devices comply with consumer protection rules—this would only give them another opportunity to attempt to control the device market or exclude competition.
“Consumers need privacy protections, and while competitive device makers aren’t subject to FCC regulations we believe they should be subject to the same legal standards for privacy as cable and satellite TV companies,” said EFF Senior Staff Attorney Lee Tien. “For too long every effort to improve the pay-TV experience for consumers has been derailed by companies that control set-top boxes. If ‘Unlock the Box’ rules are implemented, consumers will be the winners.”
EFF Will Appeal to Protect First Amendment Rights
San Francisco - A federal judge has unsealed her ruling that National Security Letter (NSL) provisions in federal law—as amended by the USA FREEDOM Act—don’t violate the Constitution. The ruling allows the FBI to continue to issue the letters with accompanying gag orders that silence anyone from disclosing they have received an NSL, often for years. The Electronic Frontier Foundation (EFF) represents two service providers in challenging the NSL statutes, who will appeal this decision to the United States Court of Appeals for the Ninth Circuit.
“Our heroic clients want to talk about the NSLs they received from the government, but they’ve been gagged—one of them since 2011,” said EFF Deputy Executive Director Kurt Opsahl. “This government silencing means the service providers cannot issue open and honest transparency reports and can’t share their experiences as part of the ongoing public debate over NSLs and their potential for abuse. Despite this setback, we will take this fight to the appeals court, again, to combat USA FREEDOM’s unconstitutional NSL provisions.”
This long-running battle started in 2011, after one of EFF’s clients challenged an NSL and the gag order it received. In 2013, U.S. District Court Judge Susan Illston issued a groundbreaking decision, ruling that the NSL power was unconstitutional. However, the government appealed, and the Ninth Circuit found that changes made by the USA FREEDOM Act passed by Congress last year required a new review by the District Court.
In the decision unsealed this week, the District Court found that the USA FREEDOM Act sufficiently addressed the facial constitutional problems with the NSL law. However, she also ruled that the FBI had failed to provide a sufficient justification for one of our client’s challenges to the NSLs. After reviewing the government’s justification, the court found no “reasonable likelihood that disclosure … would result in danger to the national security of the United States,” or other asserted dangers, and prohibited the government from enforcing that gag. However, the client still cannot identify itself because the court stayed this portion of the decision pending appeal.
“We are extremely disappointed that the superficial changes in the NSL statutes were determined to be good enough to meet the requirements of the First Amendment,” said EFF Staff Attorney Andrew Crocker. “NSL recipients still can be gagged at the FBI’s say-so, without any procedural protections, time limits or judicial oversight. This is a prior restraint on free speech, and it’s unconstitutional.”
The NSL statutes have been highly controversial since their use was expanded under the USA PATRIOT Act. With an NSL, the FBI—on its own, without any judge’s approval—can issue a secret letter to communications service providers, requiring the service to turn over subscriber and other basic non-content information about their customers. The gag orders that the FBI routinely issues along with an NSL have hampered discussion and debate about the process.
For the full unsealed order:
For more on National Security Letters:
All Significant FISC Orders Must Be Declassified Under USA FREEDOM
San Francisco—The Electronic Frontier Foundation (EFF) filed a Freedom of Information (FOIA) lawsuit today against the Justice Department to shed light on whether the government has ever used secret court orders to force technology companies to decrypt their customers’ private communications, a practice that could undermine the safety and security of devices used by millions of people.
The lawsuit argues that the DOJ must disclose if the government has ever sought or obtained an order from the Foreign Intelligence Surveillance Court (FISC) requiring third parties—like Apple or Google—to provide technical assistance to carry out surveillance.
The suit separately alleges that the agency has failed to turn over other significant FISC opinions that must be declassified as part of surveillance reforms that Congress enacted with the USA FREEDOM Act.
EFF filed its FOIA requests in October and March amid increasing government pressure on technology companies to provide access to customers’ devices and encrypted communications for investigations. Although the FBI has sought orders from public federal courts to create a backdoor to an iPhone, it is unclear to what extent the government has sought or obtained similar orders from the FISC. The FISC operates mostly in secret and grants nearly every government surveillance request it receives.
The FBI’s controversial attempt to force Apple to build a special backdoor to an iPhone after the San Bernardino attacks underscored EFF’s concerns that the government is threatening the security of millions of people who use these devices daily. Many citizens, technologists and companies expressed similar outrage and concern over the FBI’s actions.
Given the public concern regarding government efforts to force private companies to make their customers less secure, EFF wants to know whether similar efforts are happening in secret before the FISC. There is good reason to think so. News outlets have reported that the government has sought FISC orders and opinions requiring companies to turn over source code so that federal agents can find and exploit security vulnerabilities for surveillance purposes.
Whether done in public or in secret, forcing companies to weaken or break encryption or create backdoors to devices undermines the safety and security of millions of people whose laptops and smartphones contain deeply personal, private information, said EFF Senior Staff Attorney Nate Cardozo.
“If the government is obtaining FISC orders to force a company to build backdoors or decrypt their users’ communications, the public has a right to know about those secret demands to compromise people’s phones and computers,” said Cardozo. “The government should not be able to conscript private companies into weakening the security of these devices, particularly via secret court orders.”
In addition to concerns about secret orders for technical assistance, the lawsuit is also necessary to force the government to comply with the USA FREEDOM Act, said EFF Senior Staff Attorney Mark Rumold. Transparency provisions of the law require FISC decisions that contain significant or novel legal interpretations to be declassified and made public. However, the government has argued that USA FREEDOM only applies to significant FISC decisions written after the law was passed.
“Even setting aside the existence of technical assistance orders, there’s no question that other, significant FISC opinions remain hidden from the public. The government’s narrow interpretation of its transparency obligations under USA FREEDOM is inconsistent with the language of the statute and Congress’ intent,’’ said Rumold. “Congress wanted to bring an end to secret surveillance law, so it required that all significant FISC opinions be declassified and released. Our lawsuit seeks to hold DOJ accountable to the law.”
For the full complaint:
Safe Harbors Work for Rightsholders and Service Providers
Washington, D.C. - Content takedowns based on unfounded copyright claims are hurting online free expression, the Electronic Frontier Foundation (EFF) told the U.S. Copyright Office Friday, arguing that any reform of the Digital Millennium Copyright Act (DMCA) should focus on protecting Internet speech and creativity.
EFF’s written comments were filed as part of a series of studies on the effectiveness of the DMCA, begun by the Copyright Office this year. This round of public comments focuses on Section 512, which provides a notice-and-takedown process for addressing online copyright infringement, as well as “safe harbors” for Internet services that comply.
“One of the central questions of the study is whether the safe harbors are working as intended, and the answer is largely yes," said EFF Legal Director Corynne McSherry. “The safe harbors were supposed to give rightsholders streamlined tools to police infringement, and give service providers clear rules so they could avoid liability for the potentially infringing acts of their users. Without those safe harbors, the Internet as we know it simply wouldn’t exist, and our ability to create, innovate, and share ideas would suffer.”
As EFF also notes in its comments, however, the notice-and-takedown process is often abused. A recent report found that the notice-and-takedown system is riddled with errors, misuse, and overreach, leaving much legal and legitimate content offline. EFF’s comments describe numerous examples of bad takedowns, including many that seemed based on automated content filters employed by the major online content sharing services. In Friday’s comments, EFF outlined parameters endorsed by many public interest groups to rein in filtering technologies and protect users from unfounded blocks and takedowns.
“A significant swath of lawful speech is getting blocked from the Internet, just because it makes use of a copyrighted work,” said EFF Staff Attorney Kit Walsh. “The Internet needs fewer bad copyright claims—not more burdensome copyright laws—to protect speech.”
For EFF’s full comments to the copyright office:
Fox News Claims Broadcast TV Database Infringes Copyright
San Francisco - A media monitoring service that creates a text-searchable database of television and radio content is defending its fair use rights before a federal appeals court. The Electronic Frontier Foundation (EFF), New York University’s Technology Law and Policy Clinic, and Public Knowledge urged the court Wednesday to protect this innovative technology—and others that have yet to be developed—from being shut down by copyright infringement claims.
“Search engines and book digitization have proven the enormous social benefits of indexing and archiving the media,” said EFF Staff Attorney Kit Walsh. “This case is the latest in a long line of copyright-based challenges to these important tools, and it should fail just as the others have.”
In this case, Fox News sued a company called TVEyes, claiming the company’s broadcast content database—used by journalists, scholars, and political campaigns to study and monitor the national media—infringed its copyright in its programming. The district court acknowledged that the service is generally a fair use of copyrighted material, but then, in a second ruling, held that some of the features of the TVEyes database could facilitate infringement, including the ability to share links or search by date and time. In a departure from established legal precedent, the court ruled that this was enough to defeat TVEyes’ fair use defense.
TVEyes appealed to the United States Court of Appeals for the Second Circuit. In an amicus brief filed Wednesday, EFF and its partners argued that the law does not impose liability on a toolmaker based on the possibility that users will misuse a tool, except in limited circumstances not present here and not even alleged by Fox News.
“TVEyes’ liability should not turn on the hypothetical conduct of its users,” said EFF Legal Director Corynne McSherry. “If the district court decision is upheld, all kinds of new technologies could be at risk. We are asking the appeals court to follow the law and reject Fox News’ claims.”
For the full amicus brief:
For more on Fox News v. TVEyes:
Forcing Apple to Write and Sign Code Undermining iPhone Security Violates First Amendment
Riverside, California—The Electronic Frontier Foundation (EFF) and 46 technology industry experts, including inventors of modern cryptography, told a federal court today that forcing Apple to write and sign computer code disabling crucial iPhone security features that protect millions of users violates the company’s free speech rights.
The Federal Bureau of Investigation (FBI) should not be allowed to, in effect, stand over the shoulders of Apple programmers and force them to create and sign off on code that would decimate the iPhone’s security, EFF said. The signed code would send a clear message that it’s OK to undermine encryption that users rely on—a view the government endorses but Apple fiercely opposes. EFF made its arguments in a friend-of-the-court brief filed today in U.S. District Court for the Central District of California. The brief was signed by 46 technologists, security researchers, and cryptographers, including digital signature pioneers Martin Hellman and Ronald Rivest.
The phone at issue was used by a suspect in December’s San Bernardino mass shooting who was killed after the attack. A federal court issued a preliminary order that would require Apple to edit iOS to disable security features that protect the phone’s contents from surveillance, hackers, and thieves. The code must be digitally signed by Apple in order to run on the iPhone—a signature that guarantees the code is approved and endorsed by Apple.
“The court order is akin to the government dictating a letter endorsing backdoors and forcing Apple to sign its forgery-proof name at the bottom,’’ said EFF Civil Liberties Director David Greene. “In our democracy, no one—not technology companies, coders, or average citizens—can be forced to write an article, carry a sign, post an update on Facebook or write and sign computer code that communicates or endorses a government idea that they don’t agree with. What the FBI asked the court to do violates free speech rights and puts the security and privacy of millions of people at risk. We are asking the court to throw out this dangerous and unconstitutional order.”
EFF has particular expertise in the First Amendment issues in this court battle, as it spearheaded cases in the early 1990s and 2000s leading courts to recognize computer code merited protection under the Constitution.
A magistrate judge in Riverside, California, granted the FBI’s request under the All Writs Act—a statute that gives judges the ability to command an entity or person assist in the enforcement of an order, as long as it’s necessary and legal. But the order fails to meet that standard for many reasons, including that it violates Apple’s constitutionally guaranteed right against being compelled to speak for the government.
“Apple has said that it believes the best thing for the world is for all of us to have uncompromised security, not compromised security,” said EFF Executive Director Cindy Cohn. “What the FBI is demanding is that Apple publicly capitulate to the government’s views, and the fact that it would have to do so through writing and signing code makes no difference. This is far more than simply requiring Apple to turn over evidence that it has in its custody; this violates the First Amendment.”
For the full amicus brief:
For more on this case:
As EFF’s Jewel v. NSA Presses Forward, Other Plaintiffs Also Have Standing to Sue
San Francisco - The Electronic Frontier Foundation (EFF) urged the United States Court of Appeals for the Fourth Circuit Wednesday to permit Wikimedia and other groups to continue their lawsuit against the NSA over illegal Internet surveillance. A ruling in favor of the plaintiffs in Wikimedia v. NSA would follow the lead of the Ninth Circuit, which allowed EFF’s Jewel v. NSA to go forward despite years of stalling attempts by the government.
In Wikimedia, the American Civil Liberties Union (ACLU) represents nine plaintiffs, including human rights organizations, members of the media, and the Wikimedia Foundation. A federal district judge in Maryland dismissed the case last fall, ruling that the plaintiffs did not have standing to sue. In EFF’s long-running challenge to NSA spying, Jewel, a separate appeals court rightly rejected a similar argument in 2011, and the case is ongoing in federal court. In fact, last Friday, after eight years of litigation in Jewel, a judge authorized EFF to conduct discovery—meaning, for the first time, EFF can begin to compel the government to produce evidence related to the NSA’s surveillance of the nation’s fiber optic Internet backbone.
“We’re well past the point where the government can simply utter ‘national security’ and get these cases dismissed at their outset,” said EFF Staff Attorney Mark Rumold. “We battled back these arguments in Jewel, and now we are asking another appeals court to do the same thing in Wikimedia.”
In the amicus brief filed Wednesday, EFF urges the Fourth Circuit to recognize standing for allegations of harm based on actual past and ongoing surveillance, like those alleged in both Wikimedia and Jewel.
“Jewel, and our recent order allowing us to move forward with discovery, is all the evidence the Fourth Circuit needs to know that cases challenging NSA surveillance can and should go forward,” said Rumold. “The government makes litigating these cases as difficult as possible, but that difficulty doesn’t mean the courts should turn their back on violations of people’s constitutional rights.”
For the full amicus brief:
For more on Wikimedia v. NSA:
For more on Jewel v. NSA:
Secretive and Closed Treaty Negotiations Leave Out Important Voices in Trade Debates
San Francisco - The Electronic Frontier Foundation (EFF) and an international coalition of groups representing Internet users, consumers, and scholars are calling for reform of the negotiation of global trade agreements in order to protect Internet and other digital rights for communities around the world.
The “Brussels Declaration on Trade and the Internet” was signed by 20 groups and individuals concerned about secretive and closed trade negotiations, like the ones that were behind the Trans-Pacific Partnership agreement (TPP). The TPP is now awaiting ratification from 12 countries but was under development for seven years before the completed text was released for the public to see. However, advisors for big corporations were allowed to view and comment on draft texts. As a result, TPP includes restrictive copyright enforcement regulations that will hurt free expression, innovation, and privacy on the Internet and elsewhere.
“We need an international trading system that is fair, sustainable, democratic, and accountable,” said EFF Global Policy Analyst Jeremy Malcolm. “But you can only achieve that result through public participation. The secrecy we’ve seen in the TPP and similar agreements locks out important views from the global digital rights community and other experts. That’s insight we need to make sure we are protecting rights for everyone around the world.”
The declaration makes six specific recommendations for countries participating in global trade agreements, including regular releases of draft proposals, ample opportunity for public comment and feedback, and engagement of organizations and experts representing Internet users and consumers.
“Digital policy must be shaped through open and participatory means,” said Steve Anderson from OpenMedia. “If trade agreements are going to impact Internet governance they must ensure effective participation from experts and the public.”
“Trade agreements like the Trans-Pacific Partnership are shaping complex aspects of Internet policy but Internet users have no insight into the negotiations," says Denelle Dixon-Thayer, Mozilla’s Chief Legal and Business Officer. "At Mozilla, we believe that when policy is not developed in the open, users lose as a result. We want to change that.”
The Brussels Declaration on Trade and the Internet stems from a meeting in Belgium earlier this year on catalyzing reform of trade negotiation processes. Experts from four continents took part.
For the Brussels Declaration on Trade and the Internet:
For more on the declaration and its importance:
Citizens Rightfully Expect Privacy in Data That Reveals Their Whereabouts
Chicago—The Electronic Frontier Foundation (EFF) is urging a federal appeals court in Chicago to rule that police need a warrant to access cell phone location records that can reveal our everyday travels—when we leave home, where we go and whom we visit.
In an amicus brief filed Friday in the United States Court of Appeals for the Seventh Circuit, EFF, the American Civil Liberties Union (ACLU), and ACLU of Wisconsin said cell phone location information—data that show where our phones are at a given time and date—generates a comprehensive picture of a person’s movements. Because we carry our phones with us wherever we go, these data can reveal intensely personal information like when we see the doctor, attend a political meeting, or visit friends. Americans have the right to expect that this information remain private and beyond the reach of law enforcement officers unless they first obtain a search warrant.
In this case, U.S. v. Patrick, a Wisconsin man was charged with being a felon in possession of a weapon. Police tracked the man down in real time using location information from his cell phone—obtained either from a phone company or possibly collected using a cell-site simulator, devices known as Stingrays that trick mobile phones into connecting with them. He was located in a car where a gun was found at his feet and arrested. In the brief filed Friday, EFF and the ACLU explain to the court that real-time cell phone location tracking violates the Fourth Amendment’s prohibition against unreasonable search and seizures.
“This is the first time this federal appeals court, whose rulings affect Illinois, Wisconsin and Indiana, is considering whether citizens have an expectation of privacy in real-time cell phone location records,’’ said EFF Senior Staff Attorney Jennifer Lynch. “This case comes as we are seeing a groundswell of recognition that this information is private. Legislatures in the three states covered by the Seventh Circuit have all now prohibited warrantless real-time cell phone. California and at least eight other states also require warrants for real-time tracking.”
There have been conflicting rulings over this issue on the federal level. In 2014 the U.S. Court of Appeals for the Eleventh Circuit in Atlanta ruled that there’s no expectation of privacy in historical cell site location records, so police don’t need a warrant to get them, while the U.S. Court of Appeals for the Fourth Circuit in Richmond, Virginia, last year ruled the opposite.
The U.S. Supreme Court has already recognized that data about where we go can be incredibly revealing and that cell phones hold vast amounts of private information—potentially the sum of an individual’s private life. The court ruled that searching a cell phone found during an arrest and tracking a car using GPS now both require a search warrant.
“The Seventh Circuit should follow the Supreme Court’s lead and recognize that police shouldn’t have unfettered access to records that that can reveal our every move. Law enforcement must be required to get a warrant before accessing the vast amount of private information generated by cell phone location records,’’ said EFF Senior Staff Attorney Adam Schwartz.
EFF Urges Department of Education to Uphold First Amendment Rights in University Anti-Harassment Policies
San Francisco - The Electronic Frontier Foundation (EFF) urged the Department of Education today to protect university students’ right to speak anonymously online, warning that curtailing anonymous speech as part of anti-harassment regulations would not only violate the Constitution but also jeopardize important on-campus activism.
“Battling gender and racial harassment and threats on college campuses is vitally important,” said EFF Legal Director Corynne McSherry. “But some are calling for blanket bans on the use of platforms that allow anonymous comments, and that’s a counterproductive strategy. Online anonymity is crucial for students who fear retaliation for their political and social commentary. It helps many people avoid being targets of harassment in the first place.”
EFF’s letter to the Department of Education comes after a number of groups pressed for new federal guidelines for fighting online harassment. EFF agrees with the majority of the recommendations, including ensuring prompt reporting and investigation of all reports of harassment, and disciplining and/or prosecuting perpetrators. However, preemptively removing access to anonymous online speech platforms violates all students’ First Amendment rights—threatening projects like the USG Girl Mafia at the University of Southern California, where students anonymously map locations of assault reports on campus. Anonymity was also essential for student activists at Guilford College in North Carolina, who used an online form to collect anonymous testimonials about racial violence from those who felt unsafe revealing their identities.
Additionally, online speech bans are problematic because any technical restriction—like blocking on-campus access through the university’s wireless network, or limiting where students can access particular mobile applications or websites—will not prevent any student from going off-campus or joining another wireless network to comment anonymously.
“The Internet has an unmatched ability to help groups of people organize and communicate and be a force for positive social change,” said EFF Frank Stanton Legal Fellow Aaron Mackey. “Taking away choices for anonymous speech will curtail these activities without meaningfully preventing illegal harassment and threats. We urge the Department of Education to find solutions that protect all students.”
For the full letter to the Department of Education:
Company Built Customized ‘Golden Shield’ System to Identify Falun Gong Members Who Were Later Tortured
San Francisco—The Electronic Frontier Foundation (EFF) is urging a federal appeals court to reinstate a lawsuit seeking to hold Cisco Systems accountable for aiding in human rights abuses by building the Chinese government a system that Cisco officials knew was intended to identify—and facilitate the capture and torture of—members of the Falun Gong religious minority.
In an amicus brief filed Monday with the United States Court of Appeals for the Ninth Circuit, EFF and the groups ARTICLE 19 and Privacy International argue that the plaintiffs sufficiently alleged that Cisco understood that the “Golden Shield” system (also known as The Great Firewall) it custom-built for China was an essential component of the government’s program of persecution against the Falun Gong—persecution that included online spying and tracking, detention, and torture.
In Doe v. Cisco Systems Inc., Falun Gong victims and their families sued Cisco under a law known as the Alien Tort Statute, which allows noncitizens to bring claims in U.S. federal court for violations of human rights laws. A federal judge dismissed the case, saying the plaintiffs didn’t offer enough support for their claim that Cisco knew the customized features of the Golden Shield enabling the identification and apprehension of Falun Gong practitioners specifically would ultimately lead to torture.
As EFF explains in its brief, the judge misapplied the law.
“The facts alleged by the plaintiffs are sufficient to proceed with a lawsuit claiming Cisco knew that technologies it designed from its offices in San Jose, California, would facilitate human rights abuses, and purposefully built its products to help the Chinese government carry out its program of repressing, capturing, and abusing Falun Gong members,” said EFF Staff Attorney Sophia Cope. “Company officials didn’t have to be present in China in order to assist human rights violations, and victims have a right to their day in court.’’
The Golden Shield system included a library of Falun Gong Internet activity enabling the Chinese government to identify Falun Gong members online, according to the lawsuit. The case also contains strong evidence that Cisco created systems for storing and sharing information about “forced conversion”—i.e. torture—sessions for use as training tools. The cooperation was also documented in internal marketing literature, where a Cisco engineer described the company’s commitment to China’s security objectives, including the “douzheng” of Falun Gong practitioners. Douzheng is a term describing abuse campaigns against disfavored groups comprising of persecution and torture.
“Cisco’s conduct is part of a growing trend of U.S. and European technology companies helping repressive governments become highly efficient at committing human rights violations,” said Cope. “We are asking the Ninth Circuit to recognize that victims of such abuses can seek to hold accomplices like Cisco accountable for their role in brutal persecutions.”
Government Has Created Impermissible Licensing Regime for Computer-Readable Designs
San Francisco - The government cannot require Americans to go through an export licensing scheme prior to posting and sharing 3-D printer design files online, because publishing technical information is a form of speech protected by the First Amendment, the Electronic Frontier Foundation (EFF) told a federal appeals court Thursday.
The case is Defense Distributed v. United States Department of State, in which the Texas company sued the State Department after officials warned that criminal sanctions could be brought for publishing a 3-D printable file for a one-shot plastic gun, as well as other design and documentation files without a license. The State Department claimed that publishing the files on the Internet could violate the International Traffic in Arms Regulations (ITAR), which controls the international export of defense-related technology. After suggesting Defense Distributed put in an administrative request to determine whether the files were, in fact, controlled, the State Department sat on the request for nearly two years—only acting after Defense Distributed sued. It then concluded that a license was required to publish most of the files at issue.
The export controls regime provides no opportunity for a would-be publisher to challenge in court the State Department’s determination that a license is required, or the denial of a license. In an amicus brief filed in the United States Court of Appeals for the Fifth Circuit, EFF said that the State Department’s licensing regime for speech about defense-related technologies—many of which have civilian applications—violates the First Amendment.
“The First Amendment requires that speech be allowed except in the narrowest circumstances. Here, the export controls regime does not provide for judicial oversight or require the government to prove the appropriate conditions for a prior restraint of speech. Rather, the law criminalizes as a general matter the online publication of unclassified designs and documentation about a wide range of technologies,” said EFF Staff Attorney Kit Walsh. “The Supreme Court has been very clear that any speech licensing regime has to be governed by definite standards of review, judicial oversight, and prompt deadlines. This process doesn’t contain any of those safeguards to prevent capricious censorship.”
The questions at issue in this lawsuit are a direct parallel to one of EFF’s first cases, the landmark Bernstein v. U.S. Department of State. In Bernstein, the court found that the source code for the first freely available encryption software was constitutionally protected free speech and that the government’s attempt to suppress it via export control licensing violated the First Amendment.
“The government is trying to use the same tactic it used in the 1990s to block researchers from sharing computer code online,” said Walsh. “A court first ruled more than 15 years ago that source code was speech protected by the First Amendment, in a case that held the government’s export regulations preventing its publication were unconstitutional. The Fifth Circuit should do the same for design files.”
For the full amicus brief:
New Feature Analyzes Your Web Browser and Add-Ons for Successful Tracker Blocking
San Francisco - The Electronic Frontier Foundation (EFF) launched new online tracker-testing in its Panopticlick tool today, helping you analyze the privacy protections in your Web browser.
When you visit a website, online trackers and the site itself may be able to identify you, and the records of your online activity can then be distributed among a vast network of advertising exchanges, data brokers, and tracking companies. Many people install ad- or tracker-blockers to try to protect themselves, but it can be hard to know how effective they are. Panopticlick will check your browser and your add-ons and assess the privacy protections users have in place. It can also suggest remedies for under-protected browsers.
But even if you have strong tracker blocking installed on your computer, you could still be identified by what’s called a “browser fingerprint.” That’s the combination of factors such as your operating system, your browser, and plug-ins. Panopticlick also analyzes the uniqueness of your browser to see if you are still at risk from this kind of data-gathering, even if you have privacy-protective software installed.
“Have you ever felt like ads you see online have an uncanny knowledge of your browsing habits? It’s creepy, and a sign you are being tracked,” said EFF Chief Computer Scientist Peter Eckersley. “When you visit Panopticlick and click on the ‘test me’ button, the site simulates the loading of various tracking technologies. Then you get a report to help you understand what protections you have in place, and what’s missing. Panopticlick is a great way to boost your privacy as you read, shop, and interact with websites throughout your day.”
Fighting for user privacy on the Web can feel like an uphill battle, with advertisers and marketers changing their tactics and technologies at a lightning pace. Panopticlick will also do double-duty as a research project for EFF, collecting anonymous data for technologists to analyze so they can improve privacy tools like EFF’s Privacy Badger and develop others down the road.
“Online data-gatherers use tactics that are complex, subtle, and ever-evolving,” said EFF Software Engineer Bill Budington. “Panopticlick is a way for you to help protect yourself, as well as help contribute to our understanding of online tracking more generally.”
EFF Battles Facebook’s Claims That It’s a Crime to Bypass an IP Block
San Francisco—The Electronic Frontier Foundation (EFF) will urge a federal appeals court Wednesday to reject Facebook’s claims that it’s a crime to workaround an IP address block—an interpretation of the law that could criminalize routine online behavior. EFF Legal Fellow Jamie Williams will participate in oral argument in the case, Facebook v. Power Ventures, set for 9:30 am on Dec. 9 before the United States Court of Appeals for the Ninth Circuit in San Francisco, California.
Power Ventures made a web-based tool that allowed users to log into all of their social networking accounts in one place and aggregate messages, friend lists, and other data. Facebook sued Power, claiming it violated a federal anti-hacking statute, the Computer Fraud and Abuse Act (CFAA), when it provided Facebook users a way to access their data through Power after Facebook blocked a specific IP address the company was using to connect to Facebook data. A district court sided with Facebook, finding that designing a system to work around IP address blocks could be a crime under the CFAA.
The CFAA targets unauthorized acts of breaking into computer systems to steal data and cause other harm. In Wednesday’s hearing, Williams will argue that the Ninth Circuit has already ruled that the CFAA must be interpreted narrowly to avoid transforming what was intended to be an anti-hacking statute into a law that could sweep up innocuous conduct. Criminalizing a routine process like switching IP addresses stifles innovation and harms consumers—and it’s not what Congress had in mind.
Facebook v. Power Ventures and Steven Vachani
EFF Frank Stanton Legal Fellow Jamie Williams
Wednesday, Dec. 9
Ninth Circuit Court of Appeals-James R. Browning Courthouse
Courtroom 2, 3rd Fl, Room 330
95 7th St.
San Francisco CA 94103
EFF Launches 'Spying on Students' Campaign to Raise Awareness About Privacy Risks of School Technology Tools
San Francisco—The Electronic Frontier Foundation (EFF) filed a complaint today with the Federal Trade Commission (FTC) against Google for collecting and data mining school children’s personal information, including their Internet searches—a practice EFF uncovered while researching its “Spying on Students” campaign, which launched today.
The campaign was created to raise awareness about the privacy risks of school-supplied electronic devices and software. EFF examined Google’s Chromebook and Google Apps for Education (GAFE), a suite of educational cloud-based software programs used in many schools across the country by students as young as seven years old.
While Google does not use student data for targeted advertising within a subset of Google sites, EFF found that Google’s “Sync” feature for the Chrome browser is enabled by default on Chromebooks sold to schools. This allows Google to track, store on its servers, and data mine for non-advertising purposes, records of every Internet site students visit, every search term they use, the results they click on, videos they look for and watch on YouTube, and their saved passwords. Google doesn’t first obtain permission from students or their parents and since some schools require students to use Chromebooks, many parents are unable to prevent Google’s data collection.
Google’s practices fly in the face of commitments made when it signed the Student Privacy Pledge, a legally enforceable document whereby companies promise to refrain from collecting, using, or sharing students’ personal information except when needed for legitimate educational purposes or if parents provide permission.
“Despite publicly promising not to, Google mines students’ browsing data and other information, and uses it for the company’s own purposes. Making such promises and failing to live up to them is a violation of FTC rules against unfair and deceptive business practices,” said EFF Staff Attorney Nate Cardozo. “Minors shouldn’t be tracked or used as guinea pigs, with their data treated as a profit center. If Google wants to use students’ data to ‘improve Google products,’ then it needs to get express consent from parents.”
Google told EFF that it will soon disable a setting on school Chromebooks that allows Chrome Sync data, such as browsing history, to be shared with other Google services. While that is a small step in the right direction, it doesn’t go nearly far enough to correct the violations of the Student Privacy Pledge currently inherent in Chromebooks being distributed to schools.
EFF’s filing with the FTC also reveals that the administrative settings Google provides to schools allow student personal information to be shared with third-party websites in violation of the Student Privacy Pledge. The ability to collect and potentially share student information follows children whenever they use Chrome to log into their Google accounts, whether on a parents’ Apple iPad, friend’s smartphone or home computer.
“We commend schools for bringing technology into the classroom. Chromebooks and Google Apps for Education have enormous benefits for teaching and preparing students for the future. But devices and cloud services used in schools must, without compromise or loopholes, protect student privacy,” said EFF Staff Attorney Sophia Cope. “We are calling on the FTC to investigate Google’s conduct, stop the company from using student personal information for its own purposes, and order the company to destroy all information it has collected that’s not for educational purposes.”
EFF’s “Spying on Students” project aims to educate parents and school administrators to the risks of data collection by companies supplying technology tools used by students. The website provides facts on how data is collected, a case study, links to resources for parents and school officials, and tips for improving privacy.
Michael Godbe, a Fall 2015 EFF Legal Intern, helped prepare the FTC complaint, and Annelyse Gelman, EFF activist intern, helped prepare education material for the project.
To view the FTC complaint:
For more information on EFF’s “Spying on Students” project:
New Project Will Gather Users' Stories of Censorship from Around the World
San Francisco – The Electronic Frontier Foundation (EFF) and Visualizing Impact launched Onlinecensorship.org today, a new platform to document the who, what, and why of content takedowns on social media sites. The project, made possible by a 2014 Knight News Challenge award, will address how social media sites moderate user-generated content and how free expression is affected across the globe.
Controversies over content takedowns seem to bubble up every few weeks, with users complaining about censorship of political speech, nudity, LGBT content, and many other subjects. The passionate debate about these takedowns reveals a larger issue: social media sites have an enormous impact on the public sphere, but are ultimately privately owned companies. Each corporation has their own rules and systems of governance that control users’ content, while providing little transparency about how these decisions are made.
At Onlinecensorship.org, users themselves can report on content takedowns from Facebook, Google+, Twitter, Instagram, Flickr, and YouTube. By cataloging and analyzing aggregated cases of social media censorship, Onlinecensorship.org seeks to unveil trends in content removals, provide insight into the types of content being taken down, and learn how these takedowns impact different communities of users.
“We want to know how social media companies enforce their terms of service. The data we collect will allow us to raise public awareness about the ways these companies are regulating speech,” said EFF Director for International Freedom of Expression and co-founder of Onlinecensorship.org Jillian C. York. “We hope that companies will respond to the data by improving their regulations and reporting mechanisms and processes—we need to hold Internet companies accountable for the ways in which they exercise power over people’s digital lives.”
York and Onlinecensorship.org co-founder Ramzi Jaber were inspired to action after a Facebook post in support of OneWorld’s “Freedom for Palestine” project disappeared from the band Coldplay’s page even though it had received nearly 7,000 largely supportive comments. It later became clear that Facebook took down the post after it was reported as “abusive” by several users.
“By collecting these reports, we’re not just looking for trends. We’re also looking for context, and to build an understanding of how the removal of content affects users’ lives. It’s important companies understand that, more often than not, the individuals and communities most impacted by online censorship are also the most vulnerable,” said Jaber. “Both a company’s terms of service and their enforcement mechanisms should take into account power imbalances that place already-marginalized communities at greater risk online.”
Onlinecensorship.org has other tools for social media users, including a guide to the often-complex appeals process to fight a content takedown. It will also host a collection of news reports on content moderation practices.
Law Allows DNA Collection From Arrestees Before They’re Charged, Convicted
San Francisco—Californians who’ve merely been arrested and not charged, much less convicted of a crime, have a right to privacy when it comes to their genetic material, EFF said in an amicus brief filed Nov. 13 with the state’s highest court.
EFF is urging the California Supreme Court to hold that the state’s arrestee DNA collection law violates privacy and search and seizure protections guaranteed under the California constitution. The law allows police to collect DNA from anyone arrested on suspicion of a felony—without a warrant or any finding by a judge that there was sufficient cause for the arrest. The state stores arrestees’ DNA samples indefinitely, and allows access to DNA profiles by local, state, and federal law enforcement agencies.
EFF is weighing in on People v. Buza, a case involving a San Francisco man who challenged his conviction for refusing to provide a DNA sample after he was arrested. EFF argues that the state should not be allowed to collect DNA from arrestees because our DNA contains our entire genetic makeup—private and personal information that maps who we are, where we come from, and who we are related to. Arrestees, many of whom will never be charged with or convicted of a crime, have a right to keep this information out of the state’s hands.
“Nearly a third of those arrested for suspected felonies in California are later found to be innocent in the eyes of the law. Hundreds of thousands of Californians who were once in custody but never charged still have their DNA stored in law enforcement databases, subject to continuous searches,” said EFF Senior Staff Attorney Jennifer Lynch. “This not only violates the privacy of those arrested, it could impact their family members who may someday be identified through familial searches. The court must recognize that warrantless and suspicionless DNA collection from arrestees puts us on a path towards a future where anyone’s DNA can be gathered, searched, and used for surveillance.”
California officials argue that the court should follow the lead of the U.S. Supreme Court, which ruled in Maryland v. King that citizens’ privacy rights are outweighed by the government’s need to use DNA to identify arrestees, just as it uses fingerprints.
But DNA samples contain our entire genome—fingerprints don’t. What’s more, Maryland limits DNA collection to those arrested and subsequently charged for serious offenses—in 2013 that amounted to 17,400 arrests. In California, all of the nearly 412,000 felony arrests that same year were subject to DNA collection. Maryland also prohibits familial searches and requires DNA samples to be automatically expunged from databases and destroyed if a person is never charged with or convicted of the crime leading to arrest. California law doesn’t prohibit familial searches, and the state makes it extremely difficult for citizens to have their DNA records removed from the system.
“A lower court in this case correctly recognized that California’s DNA collection law deeply intrudes on the privacy interests of arrestees. The California Supreme Court should come to the same conclusion and strike it down,” said Lynch.
Law professors at UC Davis School of Law, New York University School of Law, Georgia State University College of Law, and UC Berkeley School of Law, as well the Office of the Maryland Public Defender and the National Association of Criminal Defense Lawyers joined EFF in filing the brief.
U.S. House Judiciary Committee Hosts Discussion in Santa Clara
Santa Clara, California—On Monday, Nov. 9, at 2 p.m., Electronic Frontier Foundation (EFF) Staff Attorney Kit Walsh will participate in a roundtable discussion about U.S. copyright laws convened by the House Judiciary Committee, which is undertaking the first comprehensive review of the nation’s copyright laws since the 1960s.
Copyright was intended to promote creativity, but the law has not developed to support the explosion of creativity enabled by new technologies. Too often, copyright is instead being abused to shut down innovation, creative expression, and even everyday activities like tinkering with your car. At the roundtable discussion being held at Santa Clara University on Monday, Walsh will speak about reforming Section 1201 of the Digital Millennium Copyright Act (DMCA), an overbroad law that locks device owners out of their software and media. Walsh will also discuss the need to reduce the exorbitant “statutory damages” available to copyright claimants—even when rightsholders suffered no harm—so that users of copyrighted works do not face a financial death sentence if they misstep in exercising their rights to remix and tinker. Finally, she will discuss how Congress can ensure that one-sided click-through agreements don’t strip users of their freedoms under copyright law or the right to resell things they’ve purchased.
Monday’s roundtable discussion is the latest in a series of hearings and talks, hosted by House Judiciary Committee Chairman Bob Goodlatte, and joined by creators, innovators, technology professionals, and users of copyrighted works. Goodlatte announced in 2013 that the committee would conduct a review of U.S. copyright laws to determine whether they are still working in the digital age to reward creativity and innovation.
House Judiciary Committee Roundtable Discussion on U.S. Copyright Laws
EFF Staff Attorney Kit Walsh
Monday, Nov. 9, 2015, 2 p.m.
Santa Clara University
500 El Camino Real
Santa Clara, California
Exemption Requests Also Approved for Tweaking Abandoned Videogames, Jailbreaking Phones and Tablets, and Remixing Videos
Washington, D.C. - The Librarian of Congress has granted security researchers and others the right to inspect and modify the software in their cars and other vehicles, despite protests from vehicle manufacturers. The Electronic Frontier Foundation (EFF) filed the request for software access as part of the complex, triennial rulemaking process that determines exemptions from Section 1201 of the Digital Millennium Copyright Act (DMCA).
Because Section 1201 prohibits unlocking “access controls” on the software, car companies have been able to threaten legal action against anyone who needs to get around those restrictions, no matter how legitimate the reason. While the copyright office removed this legal cloud from much car software research, it also delayed implementation of the exemption for one year.
“This ‘access control’ rule is supposed to protect against unlawful copying,” said EFF Staff Attorney Kit Walsh. “But as we’ve seen in the recent Volkswagen scandal—where VW was caught manipulating smog tests—it can be used instead to hide wrongdoing hidden in computer code. We are pleased that analysts will now be able to examine the software in the cars we drive without facing legal threats from car manufacturers, and that the Librarian has acted to promote competition in the vehicle aftermarket and protect the long tradition of vehicle owners tinkering with their cars and tractors. The year-long delay in implementing the exemptions, though, is disappointing and unjustified. The VW smog tests and a long run of security vulnerabilities have shown researchers and drivers need the exemptions now.”
EFF also won an exemption for users who want to play video games after the publisher cuts off support. For example, some players may need to modify an old video game so it doesn’t perform a check with an authentication server that has since been shut down. The Librarian also granted EFF’s petition to renew a previous exemption to jailbreak smartphones, and extended that to other mobile devices, including tablets and smartwatches. This clarifies the law around jailbreaking, making clear that users are allowed to run operating systems and applications from any source, not just those approved by the manufacturer. EFF also won the renewal and partial expansion of the exemptions for remix videos that use excerpts from DVDs, Blu-Ray discs, or downloading services.
“We’re pleased that the Librarian of Congress and the Copyright Office have expanded these legal protections to users of newer products like tablets, wearable computers, and Blu-Ray discs,” said EFF Senior Staff Attorney Mitch Stoltz.
Today’s ruling is a victory for users, artists, and researchers. However, the laborious process required to remove a legal cloud over clear fair uses highlights the need for fundamental reforms.
“It’s absurd that we have to spend so much time, every three years, filing and defending these petitions to the copyright office. Technologists, artists, and fans should not have to get permission from the government—and rely on the contradictory and often nonsensical rulings—before investigating whether their car is lying to them or using their phone however they want,” said EFF Legal Director Corynne McSherry. “But despite this ridiculous system, we are glad for our victories here, and that basic rights to modify, research, and tinker have been protected.”
EFF's remix petition was drafted and co-submitted with the Organization for Transformative Works. EFF’s remaining petitions received invaluable assistance from the NYU Technology Law & Policy Clinic, attorney Marcia Hofmann, and former EFF intern Kendra Albert.
For the full ruling from the Library of Congress:
For more on the DMCA rulemaking:
Groups Appeal Lower Court Ruling Finding Police Agencies Don’t Have To Disclose Records
San Francisco—The Electronic Frontier Foundation (EFF) and the ACLU Foundation of Southern California (ACLU SoCal) are urging California’s highest court to rule that license plate data, collected indiscriminately on millions of drivers by police across the state, are not investigative records and should be made available to the public.
EFF and ACLU SoCal argued in a brief filed today with the California Supreme Court that citizens need access to automated license plate reader (ALPR) records to understand exactly how this intrusive technology is used.
ALPRs are high-speed cameras mounted on light poles and police cars that continuously scan the plates of every passing car. They collect not only the license plate number but also the time, date, and location of each plate scanned, along with a photograph of the vehicle and sometimes its occupants. The Los Angeles Police Department (LAPD) and the Los Angeles County Sheriff's Department (LASD) collect, on average, three million plate scans every week and have amassed a database of half a billion records.
EFF filed public records requests for a week’s worth of ALPR data from the agencies and, along with ACLU SoCal, sued after both refused to release the records.
EFF and ACLU SoCal are now asking the state supreme court to overturn a ruling in the case from a lower court that said all license plate data—collected indiscriminately and without suspicion that the vehicle or driver was involved in a crime—could be withheld from disclosure as “records of law enforcement investigations.”
“That argument is tantamount to saying all drivers in Los Angeles are under criminal investigation at all times,’’ said EFF Senior Staff Attorney Jennifer Lynch. “The ruling sets a troubling standard that would not just allow these agencies to keep ALPR data from the public but could also allow the police to keep data and footage from other surveillance technologies—from body cameras to drones to face recognition—from ever being scrutinized.”
“Drivers would be surprised to learn that they are under investigation every time they drive in public,” said Peter Bibring, director of police practices at the ACLU SoCal. “The Fourth Amendment was added to the U.S. Constitution exactly to prevent law enforcement from conducting mass, suspicionless investigations under ‘general warrants’ that target no specific person or place and never expire.”
Senior Staff Attorney
Electronic Frontier Foundation
Director of Communications
ACLU of Southern California
+1 213-977-9500 x247