Washington, D.C.—The Electronic Frontier Foundation (EFF) urged the U.S. Supreme Court to review a troubling ruling that allows police to obtain—without a warrant—location data from people’s cell phones to track them in real time.
EFF, joined by the Center for Democracy & Technology and the Constitution Project, filed a brief today asking the nation’s highest court to review the decision in U.S. v. Rios, a drug trafficking case. The court should accept the case for review and make clear that the Fourth Amendment requires a warrant for real-time location tracking—whether the tracking occurs via a GPS device on your car or the collection of location data generated by cell phones or other Internet-connected devices.
Protecting the highly personal location data stored on or generated by digital devices is one of the 21st century’s most important privacy issues. We carry our cell phones everywhere, and the location data they generate can be used to create a precise and comprehensive record of our everyday movements, such as when we visit the doctor, attend a protest, take a trip, meet with friends, or return home. Law enforcement officials are increasingly requesting cell phone location data from telecommunications providers to track down suspects, and courts have issued conflicting opinions about whether those demands require a warrant.
“The government should not be allowed to turn a cell phone into a real-time tracking device without complying with the Fourth Amendment,” said EFF Staff Attorney Andrew Crocker. “The Supreme Court has already ruled that Fourth Amendment protections apply when law enforcement secretly places a GPS device on a car. Tracking cell phones is even more invasive because people carry their phones with them at all times, revealing information about their whereabouts that couldn’t be learned by following their cars. We’re asking the Supreme Court to clarify that tracking people as they move from public spaces into private areas, such as their homes or the homes of others, is an invasion of privacy that, at a minimum, requires a warrant.”
In Rios, the police did get a warrant to track the defendant’s cell phone in real time, but last year the U.S. Circuit Court of Appeals for the Sixth Circuit said a warrant wasn't needed. The appeals court based its ruling on a flawed 2012 decision it reached in an unrelated drug trafficking case, in which it found that there’s no privacy protections for this data because people “voluntarily” carry cell phones with them. In both cases, the court ignored the privacy expectations of millions of innocent people for whom using a cell phone is not “voluntary,” but rather a necessity.
These decisions also contradict a Florida Supreme Court ruling—in a case that also involved tracking a suspect’s phone in public—that people have an expectation of privacy under the Fourth Amendment in cell phone location records.
“The Sixth Circuit got it wrong in 2012, and it was wrong to import that faulty ruling to the Rios case. But in the meantime, the Florida Supreme Court got it right. That means that depending on where you are in the country, you may or may not have constitutional protection against warrantless cell phone tracking. It’s time for the Supreme Court to step in and clarify that the Fourth Amendment prohibits warrantless real-time cell phone tracking,” said EFF Senior Staff Attorney Jennifer Lynch.
For the brief:
San Francisco, California—The Electronic Frontier Foundation (EFF) sued the Justice Department today to obtain records that can shed light on whether the FBI is complying with a Congressional mandate that it periodically review and lift National Security Letter (NSL) gag orders that are no longer needed.
The FBI has issued as many as 500,000 NSLs since 2003. Despite Congress requiring the FBI in 2015 to review and terminate unwarranted gag orders, only a handful of companies and individuals have publicly disclosed receiving an NSL after being notified the FBI terminated the gag orders.
NSLs are secret FBI demands to phone companies and Internet service providers for data about their customers’ communications and online activity. The letters are not subject to any meaningful oversight or court review and almost always come with a gag order. Companies receiving the letters are barred from telling customers their data is being sought and banned from publicly acknowledging or otherwise discussing the letters, potentially indefinitely.
Following a ruling in EFF’s lawsuit that NSL gags are unconstitutional, Congress enacted reforms in 2015 that require the bureau to review NSLs to determine whether the gag orders are still necessary, and terminate those that are not. The FBI established procedures under which a record keeping system generates reminders—when an NSL investigation closes or reaches the three-year anniversary of its initiation—that the gag order should be reviewed for possible termination.
EFF sent a FOIA request to the FBI in September seeking records about the number of NSLs reviewed under these procedures, the number of reminders generated, the number of termination notices sent to NSL recipients, and how long it takes for a review to begin after a reminder is generated. In March the FBI said it had no such records. In a complaint filed today in San Francisco, EFF asked a court to order the FBI to disclose the requested records.
“Unilateral, indefinite NSL gag orders violate the First Amendment rights of individuals and companies to speak out about government surveillance and inform customers about FBI demands for their data. The bureau’s procedures for lifting gag orders that are no longer needed do not fully address these constitutional concerns. Nevertheless, the public has an interest in knowing whether these procedures are being followed, and our FOIA request seeks to shed light on if the FBI is doing so,” said Andrew Crocker, EFF Staff Attorney.
“We would have expected the FBI to respond to our FOIA request with records about the gag orders that we know have been lifted. The FBI’s response that it has no such records raises serious questions about whether the bureau is following Congress’ command to review NSL gag orders,” said Aaron Mackey, EFF Frank Stanton Legal Fellow. “Gagging NSL recipients indefinitely is a draconian and overzealous use of surveillance power that prevents discussion and debate about government spying tools.”
For the complaint:
For more about NSLs:
Washington, D.C.—The Electronic Frontier Foundation (EFF) urged the U.S. Supreme Court to review a ruling that threatens to transform a law against computer break-ins into a mechanism for criminalizing password sharing and policing Internet use.
In an amicus brief filed with today, EFF urged the court to weigh in on a case in which an individual was charged with violating the Computer Fraud and Abuse Act (CFAA), a law intended to criminalize breaking into computers to access or alter data. Under the CFAA, it’s illegal to intentionally access a “protected computer”—which includes any computer connected to the Internet—“without authorization” or in excess of authorization. But the law doesn’t tell us what “without authorization” means.
Some courts have recognized that the CFAA must be interpreted narrowly to stay true to Congress’s intent of targeting crooks breaking into and stealing data from computers. These courts agreed that the CFAA mustn’t be used against, say, employees checking sports scores at work in violation of rules restricting Internet use at work to company business, or against people who shared their Facebook passwords, in violation of Facebook’s terms of service rules.
But other courts—including the U.S. Court of Appeals for the Ninth Circuit in its 2016 U.S. v. Nosal decision—have broadly interpreted the statute to cover using a computer in a way that violates corporate policies, preferences, and expectations. In the case, David Nosal, an ex-employee of the Korn/Ferry executive recruiting firm, was charged with violating the CFAA after other ex-employees acting on his behalf accessed Korn/Ferry’s proprietary database using legitimate credentials of a current company employee. The current employee knew of and authorized the use of her credentials, which was against Korn/Ferry’s computer policies. The Ninth Circuit found that in using the shared password, Nosal accessed the database “without authorization.” The court said that implicit in the definition of “authorization” is the proposition that authorization can come only from a computer owner—here, Korn/Ferry—not an employee with legitimate access credentials.
There is nothing in the CFAA, or even in the dictionary, that defines “authorization” to mean only permission from a computer owner. The Ninth Circuit imported a corporate ban on password sharing into its definition of “without authorization.”
“This ruling threatens to turn millions of ordinary computer users into criminals,” said EFF Staff Attorney Jamie Williams. “Innocuous conduct such as logging into a friend’s social media account or logging into a spouse’s bank account, with their permission but in violation of a corporate prohibition on password sharing, could result in a CFAA prosecution. This takes the CFAA far beyond the law’s original purpose of putting individuals who break into computers behind bars.”
“EFF has long advocated for reforming the CFAA, which overzealous prosecutors have exploited in troubling ways,” said Williams. “The Supreme Court can do its part by reviewing the Ninth Circuit’s troubling decision and giving “authorization” an appropriately narrow definition, specifically clarifying that password sharing is not—and was never intended to be—a crime.”
For EFF’s brief:
For more on this case:
Los Angeles—On Tuesday, June 6, at 9:30 am, the Electronic Frontier Foundation (EFF) and the ACLU Foundation of Southern California will argue that license plate data, collected by police indiscriminately on millions of drivers each day, are not investigative records that police can shield from public scrutiny.
Automated License Plate Readers () are high-speed cameras mounted on light poles and police cars that continuously scan the plates of every passing car. They collect not only the license plate number but also the time, date, and location of each plate scanned, along with a photograph of the vehicle and sometimes its occupants. Police departments store this data for years. Location data like this, especially when stored over time, can reveal sensitive information about the history of a person’s movements, associations, and habits.
EFF submitted public records requests to Los Angeles law enforcement agencies asking for a week’s worth of data collected by the hundreds of ALPR cameras around the city and county of Los Angeles. When the agencies refused, EFF teamed up with ACLU to sue for access to the records. A lower court ruled all license plate data could be withheld from disclosure as “records of law enforcement investigations.”
EFF co-counsel Peter Bibring, director of police practices at the ACLU SoCal, will argue that ALPR data are not investigative records because they are collected indiscriminately on all drivers within view of the cameras—the vast majority of whom are innocent citizens going about their daily lives. The data should be released so the public can understand and scrutinize how this intrusive technology is used.
What: Hearing in ACLU of SoCal and EFF v. Superior Court of Los Angeles
When: Tuesday, June 6, 9:30 am
Where: California Supreme Court
Ronald Reagan State Office Building
300 South Spring Street, Third Floor, North Tower
Los Angeles, California
For more information on this case:
For more information on ALPRs:
Washington, D.C.—The Electronic Frontier Foundation (EFF) filed a Freedom of Information Act (FOIA) lawsuit against the Justice Department to obtain records about the FBI’s training and use of Best Buy Geek Squad employees to conduct warrantless searches of customers’ computers.
The records request aims to shed light on how the FBI co-opts Best Buy repair technicians in criminal investigations, and whether the computer searches they conducted were in effect government searches. The U.S. Constitution generally requires federal agents, or those acting on their behalf, to first obtain a warrant before searching someone’s computer. If the Best Buy informants were acting as government agents, the warrantless computer searches they conducted would be illegal.
Court records in a child pornography case against a California man who sent his computer to Best Buy for repair showed a long, close relationship between company technicians and the FBI, according to media reports. Informants at Best Buy’s “Geek Squad City” repair facility in Kentucky received $500 and $1,000 payments from the FBI, and agency documents said the Best Buy informants were “under the control and direction of the FBI,” media stories revealed. FBI agents were seeking training of the Geek Squad technicians to help them identify what type of files and images should be reported to the FBI.
“Informants who are trained, directed, and paid by the FBI to conduct searches for the agency are acting as government agents,” said David Greene, EFF Civil Liberties Director. “The FBI cannot bypass the Constitution’s warrant requirement by having its informants search people’s computers at its direction and command.”
EFF sent a FOIA request to the FBI in February seeking agency records about the use of informants, training of Best Buy personnel in the detection and location of child pornography on computers, and policy statements about using informants at computer repair facilities. The FBI denied the request, saying it doesn’t confirm or deny that it has records that would reveal whether a person or organization is under investigation.
“The public has a right to know how the FBI uses computer repair technicians to carry out searches the agents themselves cannot do without a warrant,” said David Sobel, EFF Senior Counsel. “People authorize Best Buy employees to fix their computers, not conduct unconstitutional searches on the FBI’s behalf.”
For EFF's complaint:
Sacramento—The Electronic Frontier Foundation (EFF) and Sen. Joel Anderson (R-Alpine) have introduced a California bill to protect drivers’ privacy by allowing them to cover their license plates while parked to avoid being photographed by automated license plate readers (ALPRs).
The legislation will be considered by the California Senate Transportation and Housing Committee on Tuesday, May 9, 2017. EFF Investigative Researcher Dave Maass will testify as a witness in support of the bill.
Under current law, Californians can cover their entire vehicles—including the plates—when lawfully parked. The proposed bill, S.B. 712, would clarify that California drivers can cover just the plate under the same circumstances. Law enforcement officers would still have the authority to lift the cover to inspect a license plate.
ALPRs are high-speed cameras that photograph the license plates of any vehicles that pass within view and convert the plate scans into machine-readable information. GPS coordinates and time stamps are attached to the data, which is uploaded to a searchable central database. Depending on the database, this information may be accessed by a variety of sectors, including law enforcement, the insurance industry, and debt collectors. In aggregate, this data can reveal sensitive, private location information about innocent people, such as their travel patterns, where they sleep at night, where they worship, when they attend political protests or gun shows, and what medical facilities they visit.
The bill would allow vehicle owners to shield their license plates from ALPRs mounted on police cars or vehicles operated by private surveillance companies that cruise down streets and in parking lots photographing licenses of parked cars. These companies often offer services such as the ability to predict a driver’s movements or to identify a driver’s associates based on vehicles regularly found parked near each other.
“Californians deserve a way to protect themselves from the data miners of the roadway—automated license plate reader companies,” said Maass. “This bill doesn’t put a new burden on law enforcement or businesses, but rather gives members of the public who aren’t breaking the law a way to ensure they’re not being spied on once they’ve legally parked their car.”
If the information is breached, accessed by unauthorized users, or sold publicly, ALPR data has the potential to put people in real danger, such as making domestic violence victims’ travel patterns available to their ex-partners. Law enforcement officials should also support this bill, since ALPR data can also reveal information about the home lives of officers or their meetings with witnesses. People could protect themselves when they visit sensitive locations, such as political rallies and protests.
“State law allows for fully covered vehicles if law enforcement can lift the cover to read the license plate and registration,” Sen. Anderson said. “S.B. 712 would specifically allow for partially covering vehicles including the license plate only.”
Who: Dave Maass, Electronic Frontier Foundation Investigative Researcher
When: Tuesday, May 9, 1:30 pm
Where: California State Capitol, Room 4203
10th and L Streets
Sacramento, CA 95814
Text of the legislation: https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB712
EFF’s Support Letter: https://www.eff.org/document/sb-712-support-letter
EFF's Second letter on the Constitutional right to privacy: https://www.eff.org/document/effs-second-letter-sb-712
Official S.B. 712 Fact Sheet: https://www.eff.org/document/sb-712-fact-sheet
FBI Used One Warrant to Infiltrate Thousands of Computers
Boston – On Wednesday, May 3, at 9:30 am, the Electronic Frontier Foundation (EFF) will argue that an FBI search warrant used to hack thousands of computers around the world was unconstitutional.
The hearing in U.S. v. Levin at the United States Court of Appeals for the First Circuit stems from one of the many cases arising from a controversial investigation into “Playpen,” a child pornography website. The precedent set by the Playpen prosecutions is likely to impact the digital privacy rights of Internet users for years to come.
During the investigation, the FBI secretly seized the servers running the Playpen site and continued to operate them for two weeks. The bureau allowed thousands of images to be downloaded while distributing malware to website visitors. With that malware, the FBI hacked into over 8,000 devices in hundreds of countries across the globe—all on the basis of a single warrant.
However, because the government was running the Playpen site, it was already in possession of information about visitors and their computers. Rather than taking the necessary steps to obtain narrow search warrants, the FBI instead sought a single, general warrant to authorize its massive hacking operation, violating the Fourth Amendment. In Wednesday’s hearing, EFF Senior Staff Attorney Mark Rumold will argue as amicus, urging the court to send a clear message that a vague search warrant is not enough to satisfy the privacy protections enshrined in the Constitution.
U.S. v. Levin
Wednesday, May 3
United States Court of Appeals for the First Circuit
John Joseph Moakley U.S. Courthouse
1 Courthouse Way
Boston, MA 02210
For more information on this case:
Lawful Users Still Waiting for Return of Files After Government Seizure
San Francisco - The Electronic Frontier Foundation (EFF), on behalf of its client Kyle Goodwin, is asking a federal appeals court to break through the five-year logjam in the Megaupload.com case, and help lawful users who are still waiting for the return of their photos, videos, and other personal files after the government seized Megaupload’s servers.
Megaupload was a popular cloud-storage site when the FBI shut it down in January of 2012 looking for evidence of copyright infringement. Agents seized all of Megaupload’s assets during their search, locking out customers from their accounts. Goodwin, a sports videographer, lost access to video files containing months of his professional work.
For five years, the U.S. government has continued pursuing a criminal case against Megaupload and its owners. But the data stored by millions of customers—including obviously lawful material like Goodwin’s sports videos—have languished on servers that sit disconnected in a warehouse.
“Mr. Goodwin, and many others, used Megaupload to store legal files, and we’ve been asking the court for help since 2012. It’s deeply unfair for him to still be in limbo after all this time,” said EFF Senior Staff Attorney Mitch Stoltz. “The legal system must step in and create a pathway for law-abiding users to get their data back.”
In a petition filed today with the United States Court of Appeals for the Fourth Circuit, EFF, along with the firm of Williams Mullen and attorney Abraham D. Sofaer, argue that the court should issue a writ of mandamus to the trial court, ordering it to act on Goodwin’s request and create a process for other users to retrieve their data.
“We’re likely to see even more cases like this as cloud computing becomes increasingly popular,” said EFF Legal Director Corynne McSherry. “If the government takes over your bank, it doesn’t get to keep the family jewels you stored in the vault. There’s a process for you to get your stuff back, and you have a right to the same protection for your data.”
For the full brief filed today:
For more on this case:
EFF Sues Company To Assert Constitutional Right to Criticize a Patent and Litigation Over It
San Francisco—The Electronic Frontier Foundation (EFF) filed a lawsuit yesterday against a company that’s using foreign laws to stymie EFF’s free speech rights to publish information about and criticize its litigation over a patent featured in EFF’s “Stupid Patent of the Month” blog series.
The company, Global Equity Management (SA) Pty Ltd (GEMSA), owns a patent claiming the idea of using “virtual cabinets” to graphically represent different operating systems and storage partitions. GEMSA has filed dozens of patent infringement cases in the U.S.
Since 2014, EFF’s stupid patent blog series has called attention to questionable patents that stifle innovation, harm the public, or can be employed to shake down users of commonplace processes or technologies. After EFF wrote about the patent, GEMSA accused EFF of slander. The company went to court in Australia to obtain an order to take down the article and prohibit EFF from publishing anything about any of GEMSA’s patents.
This order, which purports to silence expression of an opinion, would never survive scrutiny under the First Amendment in the United States. In a complaint filed in San Francisco yesterday, EFF asked a federal district court to rule that the order is unenforceable. Under the 2010 Securing the Protection of Our Enduring and Established Constitutional Heritage Act (SPEECH Act), foreign orders aren’t enforceable in the United States unless they are consistent with the free speech protections provided by the U.S. and state constitutions, as well as state law.
The injunction issued by the South Australian court purports to order EFF to remove the blog post and forbid EFF from speaking in the future about any of GEMSA’s intellectual property. It states that failure to comply could result in the seizure of EFF’s assets and prison time for its officers.
“We are going to court to ensure that EFF is not silenced by foreign laws that forbid speech our Constitution protects,” said EFF Deputy Executive Director and General Counsel Kurt Opsahl. “GEMSA may not like what we’ve said about its patent, but we will defend our right to express our constitutionally protected opinion."
EFF is represented by law firms Levine Sullivan Koch & Schulz, LLP and Jassy Vick Carolan.
For the brief:
For EFF’s Stupid Patent of the Month series:
Recent Decision Would Allow Foreign Governments to Wiretap Americans on U.S. Soil
Washington, D.C. – The Electronic Frontier Foundation (EFF) urged an appeals court today to review a dangerous decision by a three-judge panel that would allow foreign governments to spy on Americans on U.S. soil—just as long as they use technology instead of human agents.
In Kidane v. Ethiopia, an American living in Maryland had his family computer infiltrated by the Ethiopian government. Agents sent an infected email that made its way to Mr. Kidane, and the attached Microsoft Word document carried a malicious computer program called FinSpy that’s sold only to governments. The spyware took control of the machine, making copies of every keystroke and Skype call, and sending them back to Ethiopia as part of its crackdown on critics.
But last month, a panel of judges on the U.S. Court of Appeals for the District of Columbia Circuit ruled that Mr. Kidane could not seek justice for this surveillance in an American court because the spying was carried out without a human agent of the Ethiopian government setting foot in the U.S. In essence, this would mean governments around the world have immunity for spying, attacking, and even murdering Americans on American soil, as long as the activity is performed with software, robots, drones, or other digital tools.
“We already know about technology that will let attackers drive your car off the road, turn off your pacemaker, or watch every communication from your computer or your phone. As our lives become even more digital, the risks will only grow,” said EFF Senior Staff Attorney Nate Cardozo. “The law must make it clear to governments around the world that any illegal attack in the United States will be answered in court in the United States.”
In a petition filed today, EFF and our co-counsel Scott Gilmore plus attorneys at the law firms of Jones Day and Robins Kaplan asked the appeals court to rehear this case en banc, arguing that last month’s panel decision puts the U.S. in the absurd situation where the American government must follow strict requirements for wiretapping and surveillance, but foreign governments don’t have the same legal obligations.
“American citizens deserve to feel safe and secure in their own homes using their own computers,” said EFF Executive Director Cindy Cohn. “The appeals court should vacate this decision, and ensure that the use of robots or remote controlled tools doesn’t prevent people who have been harmed by foreign government attacks from seeking justice.”
For the full petition for rehearing:
For more on this case:
Surveillance Culture Starts in Grade School, Schools Fail To Protect Kids’ Privacy
San Francisco—School children are being spied on by tech companies through devices and software used in classrooms that often collect and store kids’ names, birth dates, browsing histories, location data, and much more—often without adequate privacy protections or the awareness and consent of parents, according to a new report from Electronic Frontier Foundation (EFF).
EFF’s “Spying on Students: School-Issued Devices and Student Privacy” shows that state and federal law, as well as industry self-regulation, has failed to keep up with a growing educational technology industry. At the same time, schools are eager to incorporate technology in the classroom to engage students and assist teachers, but may unwittingly help tech companies surveil and track students. Ultimately, students and their data are caught in the middle without sufficient privacy protections.
One-third of all K-12 students in the U.S. use school-issued devices running software and apps that collect far more information on kids than is necessary, the report says. Resource-strapped school district can receive these tools at steeply-reduced prices or for free as tech companies seek a slice of the $8 billion dollar education technology, or ed tech, industry. But there’s a real, devastating cost—the tracking, cataloguing, and exploitation of data about children as young as five years old.
Ed tech providers know privacy is important to parents, students, and schools. Of the 152 ed tech services reported to us, 118 had published privacy policies. But far fewer addressed such important privacy issues as data retention, encryption, de-identification, and aggregation. And privacy pledges don’t stop companies from mining students’ browsing data and other information and using it for their own purposes.
“Our report shows that the surveillance culture begins in grade school, which threatens to normalize the next generation to a digital world in which users hand over data without question in return for free services—a world that is less private not just by default, but by design,” said EFF Researcher Gennie Gebhart, an author of the report.
EFF surveyed over 1,000 stakeholders across the country, including students, parents, teachers, and school administrators, and reviewed 152 ed tech privacy policies in a year-long effort to determine whether and how ed tech companies are protecting students’ privacy and their data.
“Parents, teachers, and other stakeholders feel helpless in dealing with student privacy issues in their community. In some cases students are required to use the tools and can’t opt out, but they and their families are given little to no information about if or how their kids’ data is being protected and collected,” said EFF Analyst Amul Kalia, a co-author of the report. “With this whitepaper, we lay out specific strategies that they can employ to gather allies, and push their schools and districts in the right direction."
“Spying on Students” provides comprehensive recommendations for parents, teachers, school administrators, and tech companies to improve the protection of student privacy. Asking the right questions, negotiating for contracts that limit or ban data collection, offering families the right to opt out, and making digital literacy and digital privacy part of school curriculum are just a few of the more than 70 recommendations for protecting student privacy contained in the report.
“The data we collected on the experiences, perceptions, and concerns of stakeholders across the country sends a loud and clear message to ed tech companies and lawmakers: families are concerned about student privacy and want an end to spying on students,” said Gebhart.
For more on EFF's student privacy campaign:
Global Community Had Faced Baseless Legal Claims and Content Removal Threats
San Francisco – Urban homesteaders can speak freely about their global movement for sustainable living, after convincing the U.S. Patent and Trademark Office (USPTO) to cancel bogus trademarks for the terms “urban homesteading” and “urban homestead.” The authors and activists were represented by the Electronic Frontier Foundation (EFF) and law firm of Winston & Strawn.
“This is a victory for free speech and common sense. Threats over this trademark harmed us and the whole urban homesteading community—a group of people who are dedicated to sharing information about sustainable living online and elsewhere,” said Kelly Coyne, co-author with Erik Knutzen of The Urban Homestead: Your Guide to Self-Sufficient Living in the Heart of the City. “We are so pleased to have this issue settled at last, so we can concentrate on making urban life healthier and happier for anyone who wants to participate in this global effort.”
“Urban homesteading” has been used as a generic term for decades, describing activities like growing food, raising livestock, and producing simple food products at home. But a group called the Dervaes Institute managed to register “urban homesteading” and “urban homestead” as trademarks with the USPTO for “educational services” like blogging.
Citing the trademarks, Dervaes got Facebook to take down content about urban homesteading, including pages that helped publicize Coyne and Knutzen’s book, as well as the Facebook page of a Denver farmer’s market. In 2011, EFF and Winston & Strawn petitioned the USPTO on behalf of Coyne, Knutzen, and book publisher Process Media, asking for the trademarks’ cancellation.
“The words and phrases we use every day to describe basic activities should never be the exclusive property of a single person or business,” said EFF Legal Director Corynne McSherry. “It took six years, but we’re proud that this terrible trademark is off the books.”
“You can’t trademark generic terms and force ordinary conversations off the Internet,” said Winston & Strawn attorney Jennifer Golinveaux. “We’re relieved that the urban homesteading community can continue sharing information about their important work without worrying about silly legal threats.”
For the full opinion from the U.S. Patent and Trademark Office:
For more on this case:
One Out of Two Americans Already in a Face Recognition Database Accessible to Law Enforcement
Washington, D.C.—On Wednesday, March 22, Electronic Frontier Foundation (EFF) Senior Staff Attorney Jennifer Lynch will testify at a hearing before the House Committee on Oversight and Government Reform about the FBI's efforts to build up and link together massive facial recognition databases that may be used to track innocent people as they go about their daily lives.
The FBI has amassed a facial recognition database of more than 30 million photographs and has access to hundreds of millions more. The databases include photos of people who aren’t suspected of any criminal activity that come from driver’s license and passport and visa photos, even as the underlying identification technology becomes ever more powerful. The government has done little to address the privacy implications of this massive collection of biometric information.
Lynch will testify that the use of facial recognition technology will allow the government to track Americans on an unprecedented level. The technology, like other biometric programs, such as fingerprint and DNA collection, poses critical threats to privacy and civil liberties. Lynch will tell the House committee that Congress has an opportunity to develop legislation that would protect Americans from inappropriate and excessive biometrics collection and use.
What: Full House Committee on Oversight and Government Reform Hearing: Law Enforcement’s Use of Facial Recognition Technology
Who: EFF Senior Staff Attorney Jennifer Lynch
When: Wednesday, March 22, 9:30 a.m.
Where: 2154 Rayburn House Office Building
For more information on facial recognition:
For more on biometric data collection:
EFF to Argue NSL Gag Orders Are Unconstitutional in San Francisco Appeals Court
San Francisco – The Electronic Frontier Foundation (EFF) will urge an appeals court Wednesday to find that the FBI violates the First Amendment when it unilaterally gags recipients of national security letters (NSLs), and the law should therefore be found unconstitutional. The hearing is set for Wednesday, March 22, at 1:30pm in San Francisco.
EFF represents two communications service providers—CREDO Mobile and Cloudflare—that were restrained for years from speaking about the NSLs they received, including even acknowledging that they had received any NSLs. Early Monday, just days before the hearing, the FBI finally conceded that EFF could reveal that these two companies were fighting a total of five NSLs.
CREDO and Cloudflare have fought for years to publicly disclose their roles in battling NSL gag orders. Both companies won the ability to talk about some of the NSLs they had received several months ago, but Monday’s decision by the FBI allows them to acknowledge all the NSLs at issue in this case.
On Wednesday, EFF Staff Attorney Andrew Crocker will tell the United States Court of Appeals for the Ninth Circuit that these gags are unconstitutional restrictions on CREDO and Cloudflare’s free speech and that the FBI’s belated decision to lift some of the gags only underscores why judicial oversight is needed in every case. The gag orders barred these companies from participating in discussion and debate about government use of NSLs—even as Congress was debating changes to the NSL statute in 2015.
In re National Security Letters
EFF Staff Attorney Andrew Crocker
Courtroom 3, 3rd Floor Room 307
U.S. Court of Appeals for the Ninth Circuit
James R. Browning U.S. Courthouse
95 Seventh Street
San Francisco, CA 94103
For the FBI notice allowing the companies to identify themselves:
For more on this case:
The Border Isn’t a Constitution-Free Zone
Richmond, Virginia—Border agents must obtain a warrant to search travelers’ phones, tablets, and laptops, which contain a vast trove of sensitive, highly personal information that is protected by the Fourth Amendment, the Electronic Frontier Foundation (EFF) told a federal appeals court today.
Searches of devices at the border have more than doubled since the inauguration of President Trump—from nearly 25,000 in all of 2016, to 5,000 in February alone. This increase, along with the increasing number of people who carry these devices when they travel, has heightened awareness of the need for stronger privacy rights while crossing the U.S. border.
While the Fourth Amendment ordinarily requires law enforcement officials to get a warrant supported by probable cause before searching our property, in cases that predate the rise of digital devices, courts granted border agents the power to search our luggage without a warrant or any suspicion of wrongdoing.
But portable digital devices differ wildly from luggage or other physical items we carry with us to the airport because they provide access to the entirety of our private lives, EFF said in an amicus brief filed at the U.S. Court of Appeals for the Fourth Circuit in the border search case U.S. v. Kolsuz. In 2014 the Supreme Court noted that cellphones now hold “the privacies of life” for people, including highly personal, private information such as photos, texts, contact lists, email messages, and videos. Many digital devices can access personal records stored in the “cloud,” such as financial or medical information. Before smartphones were invented, that kind of information would be kept in our home offices, desk drawers, or basement storage. If law enforcement officers wanted to enter your home or lock box as part of a search, they’d need to go before a judge, prove probable cause that you’re involved in a crime, and get a warrant.
“The border isn’t a constitution-free zone,” said Adam Schwartz, EFF senior staff attorney. “The U.S. Supreme Court ruled in 2014 that mobile phones are a window into our private lives and police need to show there’s probable cause that the people they arrest have committed crimes and obtain a warrant to search their phones. There should be no less protection for individuals who have not been arrested or shown to have committed any crime, but who instead simply want to enter the United States.”
It’s never been more important for courts to follow the standard set by the Supreme Court about cell phone searches and apply it to borders searches. Reports have surfaced of border agents searching the devices of innocent U.S. citizens, green card holders, and foreign visitors. While all kinds of travelers have suffered this intrusion, many reports involve journalists, Muslim-Americans, and Americans with Middle Eastern-sounding names. Asian Americans Advancing Justice-Asian Law Caucus, Brennan Center for Justice, Council on American-Islamic Relations and six of its chapters, and The National Association of Criminal Defense Lawyers joined EFF in filing the brief.
“Law enforcement officials should be required to meet the same standards for searching our cell phones wherever we are—in our cities, on the highway, at vehicle checkpoints, and at the border. Regardless of the location, when officials want to crack open the private information in someone’s phone, they must first obtain a warrant,” said Schwartz.
For EFF’s new border guide:
For EFF’s new border pocket guide:
Protect Yourself While Traveling To and From the U.S.
San Francisco - Increasingly frequent and invasive searches at the U.S. border have raised questions for those of us who want to protect the private data on our computers, phones, and other digital devices. A new guide released today by the Electronic Frontier Foundation (EFF) gives travelers the facts they need in order to prepare for border crossings while protecting their digital information.
“Digital Privacy at the U.S. Border” helps everyone do a risk assessment, evaluating personal factors like immigration status, travel history, and the sensitivity of the data you are carrying. Depending on which devices come with you on your trip, your gadgets can include information like your client files for work, your political leanings and those of your friends, and even your tax return. Assessing your risk factors helps you choose a path to proactively protect yourself, which might mean leaving some devices at home, moving some information off of your devices and into the cloud, and using encryption. EFF’s guide also explains why some protections, like fingerprint locking of a phone, are less secure than other methods.
“Border agents have more power than police officers normally do, and people crossing the border have less privacy than they usually expect,” said EFF Staff Attorney Sophia Cope. “Border agents may demand that you unlock your phone, provide your laptop password, or disclose your social media handles. Yet this is where many of us store our most sensitive personal information. We hope this guide makes preparing for your trip and protecting your devices easier and more effective.”
Many travelers are confused about what is legal at the border, and the consequences for running afoul of a border agent can run the gamut from indefinite seizure of your phone and computer, to denial of entry for foreign visitors, although American citizens always have the right to re-enter the country. EFF’s new guide hopes to clear up misinformation while recognizing that there is no “one size fits all” approach to crossing into the United States. In addition to the full report, EFF has also created a pocket guide for helping people concerned with data protection.
“The border is not a Constitution-free zone, but sometimes the rules are less protective of travelers and some border agents can be aggressive,” said EFF Senior Staff Attorney Adam Schwartz. “That can put unprepared travelers in a no-win dilemma at the U.S. border. We need clearer legal protections for everyone, but in the meantime, our report and pocket guides aim to put more power back into the hands of travelers.”
For “Digital Privacy at the U.S. Border”:
For EFF’s pocket guide:
For EFF’s summary of your constitutional rights:
Appeals Court Should Find Warrant Violated Fourth Amendment Protections
Boston—An FBI search warrant used to hack into thousands of computers around the world was unconstitutional, the Electronic Frontier Foundation (EFF) told a federal appeals court today in a case about a controversial criminal investigation that resulted in the largest known government hacking campaign in domestic law enforcement history.
The Constitution requires law enforcement officers seeking a search warrant to show specific evidence of a possible crime, and tie that evidence to specific persons and places they want to search. These fundamental rules protect people from invasions of privacy and police fishing expeditions.
But the government violated those rules while investigating “Playpen,” a child pornography website operating as a Tor hidden service. During the investigation, the FBI secretly seized servers running the website and, in a controversial decision, continued to operate it for two weeks rather than shut it down, allowing thousands of images to be downloaded. While running the site, the bureau began to hack its visitors, sending malware that it called a “Network Investigative Technique” (NIT) to visitors’ computers. The malware was then used to identify users of the site. Ultimately, the FBI hacked into 8,000 devices located in 120 countries around the world. All of this hacking was done on the basis of a single warrant. The FBI charged hundreds of suspects who visited the website, several of whom are challenging the validity of the warrant.
In a filing today in one such case, U.S. v. Levin, EFF and the American Civil Liberties Union of Massachusetts urged the U.S. Court of Appeals for the First Circuit to rule that the warrant is invalid and the searches it authorized unconstitutional because the warrant lacked specifics about who was subject to search and what locations and specific devices should be searched. Because it was running the website, the government was already in possession of information about visitors and their computers. Rather than taking the necessary steps to obtain narrow search warrants using that specific information, the FBI instead sought a single, general warrant to authorize its massive hacking operation. The breadth of that warrant violated the Fourth Amendment.
“No one questions the need for the FBI to investigate serious crimes like child pornography. But even serious crimes can’t justify throwing out our basic constitutional principles. Here, on the basis of a single warrant, the FBI searched 8,000 computers located all over the world. If the FBI tried to get a single warrant to search 8,000 houses, such a request would unquestionably be denied. We can’t let unfamiliar technology and unsavory crimes lead to an erosion of everyone’s Fourth Amendment rights,” said EFF Senior Staff Attorney Mark Rumold.
EFF filed a brief in January in a similar case in the Eighth Circuit Court of Appeals, and will be filing briefs in Playpen cases in the Third and Tenth Circuits in March. Some trial courts have upheld the FBI’s actions in dangerous decisions that, if ultimately upheld, threaten to undermine individuals’ constitutional privacy protections over information on personal computers.
“These cases will be cited for the future expansion of law enforcement hacking in domestic criminal investigations, and the precedent is likely to impact the digital privacy rights of all Internet users for years to come,” said Andrew Crocker, EFF Staff Attorney. “Recent changes to federal rules for issuing warrants may allow the government to hack into thousands of devices at a time. These devices can belong not just to suspected criminals but also to victims of botnets and other hacking crimes. For that reason, courts need to send a very clear message that vague search warrants that lack the required specifics about who and what is to be searched won’t be upheld.”
For the brief:
Supreme Court Must End Texas’ Grip on Patent Cases, Restore Fairness in Court Selection
Washington, D.C.—The Electronic Frontier Foundation (EFF) urged the Supreme Court to overturn a court decision that tilted the scales in favor of patent trolls by making it easier for them to venue shop and file lawsuits in certain courts.
Venue shopping, also called forum shopping, is an insidious practice whereby parties to a lawsuit look for courts with procedures favorable to their cases. Unfortunately, some courts have engaged in an even more insidious practice known as forum selling by actively encouraging patent lawsuits in their districts. For example, a court might adopt plaintiff-friendly procedures and policies that undermine the rights of defendants.
One such court is the Eastern District of Texas, a rural area with almost no manufacturing, research, or technology facilities, where more than one-third of all patent cases in the country were filed last year. That proportion is no accident: patent litigants flock to Texas because the court has put in place a host of procedures that make it difficult for defendants to terminate meritless cases early, while also speeding up the time it takes for cases to go to trial.
Those procedures drive up litigation costs for defendants, which in turn puts more pressure on them to settle cases even if they believe they should win. Such pressure is especially beneficial to patent trolls—companies that don’t make any products but buy up patents, many of questionable validity, in order to file often frivolous infringement lawsuits to extract settlements.
This kind of venue shopping in patent cases was made possible by a 1990 court decision that upended decades-old rules that required patent cases be filed in locations that were fair and convenient to the person being involuntarily brought into court—such as the location of the defendant’s primary place of business. In a filing today in the lawsuit TC Heartland v. Kraft Foods, EFF asked the Supreme Court to overturn the 1990 decision and bring back basic fairness to patent litigation. Kraft Foods, based in Illinois, sued Indiana-based TC Heartland for patent infringement in Delaware, where the defendant has no offices or contracts.
“The Supreme Court can fix a rampant problem in patent law and make the process more fair and balanced. As it stands, many defendants can be hauled into court in any corner of the country, regardless of whether the location has anything to do with either party,” said EFF Staff Attorney Vera Ranieri. “Forum shopping harms all defendants, but it’s especially burdensome for small companies or individuals with limited means to travel to distant places or fight costly lawsuits.”
“Patent owners aren’t the only ones taking advantage of a bad court decision. Forum selling by courts is a black stain on the judicial system. Our courts shouldn’t be tilting the scales so that forum, as opposed to merits, ends up deciding the outcome of a case,” said Ranieri. “Venue shopping and selling drives up the costs of innovation for inventors and erodes trust in our courts. The Supreme Court can and should fix this problem.”
For more on this case:
Foreign Governments Must Be Held Accountable for Wiretapping Americans in the U.S.
Washington, D.C. – On Thursday, February 2, at 9:30 am, the Electronic Frontier Foundation (EFF) and the law firms of Jones Day and Robins Kaplan will urge an appeals court to let an American continue his suit against the Ethiopian government for infecting his computer with custom spyware and monitoring his communications for weeks on end.
With the help of EFF and the Citizen Lab, the plaintiff in this case found Ethiopian government spyware on his personal computer in Maryland several years ago. Our investigation concluded that it was part of a systemic campaign by the Ethiopian government to spy on perceived opponents.
The plaintiff uses the pseudonym of Mr. Kidane in order to protect the safety and wellbeing of his family both in the United States and in Ethiopia. Kidane is a critic of the Ethiopian government, and came to the U.S. over 20 years ago, obtaining asylum and eventually citizenship. He currently lives with his family in Maryland.
Kidane first brought suit against Ethiopia in 2014, but the federal court held that no foreign government could be held accountable for wiretapping an American citizen in his own home, so Kidane appealed to the U.S Court of Appeals for the District of Columbia Circuit. Jones Day partner Richard Martinez will argue Thursday that foreign governments should not be allowed to spy on Americans in America with impunity.
Kidane v. Ethiopia
Thursday, February 2
E. Barrett Prettyman U.S. Courthouse
333 Constitution Ave., NW
Washington, D.C. 20001
D.C. Circuit Courtroom 31
For more on Kidane v. Ethiopia:
EFF Urges Justices to Protect Important ‘Patent Exhaustion’ Doctrine
San Francisco - When you buy a printer cartridge, is it yours? Or can the company control what you do with it, even after you pay your bill and take it home? The Electronic Frontier Foundation (EFF) urged the U.S. Supreme Court today to protect consumers’ property rights in a court case centering on the important “patent exhaustion” doctrine.
In Impression Products, Inc. v. Lexmark International Inc., printer company Lexmark sold printer cartridges with restrictions on refilling and resale. Impression Products acquired used Lexmark ink cartridges and then refilled and resold them, sparking a lawsuit from Lexmark claiming infringement. The Federal Circuit decided in Lexmark’s favor, ruling that a customer’s use of a product can be “restricted” by the patent owner with something as simple as a notice on disposable packaging.
In the amicus brief filed today, EFF—joined by Public Knowledge, AARP and the AARP Foundation, Mozilla, and R Street—argued that “conditional sales” like the ones attempted by Lexmark cannot impose arbitrary conditions on a customer’s use of a product. The Federal Circuit’s incorrect ruling to the contrary goes against the doctrine of “patent exhaustion,” which says that once a patent owner sells a product, it cannot later claim the product’s use or sale is infringing.
“If allowed to stand, the lower court’s decision could block your right to reuse, resell, and tinker with the devices you own,” said EFF Staff Attorney Daniel Nazer, who is also the Mark Cuban Chair to Eliminate Stupid Patents. “Under this theory, consumers could be held liable for infringement for using products purchased legally, and that the patent owner has already been paid for.”
Patent exhaustion has been part of centuries of law upholding the right of individuals to use and resell their possessions. If patent owners can control goods after sale, then all sorts of activities—like security research, reverse engineering, and device modification—would be threatened.
“This trick is straight out of some companies’ wishlists for restricting user rights,” said EFF Staff Attorney Kit Walsh. “They have tried a variety of legal tactics to restrict your ability to repair or resell the things you buy, and to prevent experts from investigating how they work. That includes experts who want to figure out if your devices are secure and respecting your privacy, or who want to build products that can plug in to your devices and make them do new and useful things. We urge the Supreme Court to reaffirm the patent exhaustion doctrine, and protect people’s rights to own and understand the products they’ve purchased.”
For the full amicus brief:
Plaintiffs Don’t Automatically Get to Unmask Anonymous Blogger
Cincinnati—The Electronic Frontier Foundation (EFF) urged a federal appeals court to uphold a judge’s ruling that the identity of an anonymous blogger found to have infringed copyright should remain secret, arguing that courts must balance litigants’ needs to unmask online speakers against the First Amendment protections afforded to those relying on anonymity.
Maintaining one’s anonymity online may be warranted even in cases—like this one—where a court ruled that a blogger infringed a copyright, EFF said in an amicus brief filed with the U.S. Court of Appeal for the Sixth Circuit. The balancing test required by the First Amendment to protect speakers who choose to mask their identity must be applied at every stage of a lawsuit, including after a court finds an anonymous speaker violated the law, EFF said.
EFF believes Signature Management Team LLC v. John Doe marks the first case to consider whether speakers can remain anonymous even after a court rules that they broke the law.
“Plaintiffs don’t get to unmask anonymous bloggers just because they prove liability. The First Amendment requires that judges balance the need for anonymity against the needs of litigants at every stage of a lawsuit,” said Aaron Mackey, EFF Frank Stanton Legal Fellow. “Being able to speak online anonymously allows citizens to air dissenting views without fear of retaliation. Unmasking anonymous bloggers without proper justification can discourage people from speaking out or commenting online, which chills the free speech rights of all Americans.”
The plaintiff is a multi-level marketing (MLM) company that won a judgment against the owner of Amthrax.com, a website and blog that criticizes Amway and other MLM companies. The owner is a former Amway marketer who blogs anonymously. Signature Management sued John Doe for infringing the copyright of its book, which was posted on Amthrax.com.
After a judge ruled its copyright had been infringed, Signature Management sought a court order revealing the identity of John Doe, who feared he would face a slew of abusive comments and threats once his identity was known. The trial judge refused. In doing so, the judge correctly balanced the needs of the plaintiff with the First Amendment protections of the blogger.
For the brief:
President-Elect Threatens Free and Open Internet
San Francisco - In a full-page advertisement in Wired magazine, the Electronic Frontier Foundation (EFF) has a warning for the technology community: “Your threat model just changed.”
EFF’s open letter calls on technologists to secure computer networks against overreaches by the upcoming Trump administration and to protect a free, secure, and open Internet. The January issue of Wired with EFF’s open letter on page 63 hit newsstands today.
“Our goal is to rally everyone who makes digital tools and services to this important cause: protect your technology and networks from censorship and government surveillance,” said EFF Activism Director Rainey Reitman. “The Internet was created to connect and empower people around the world. We cannot let it be conscripted into a tool of oppression. But if we are going to protect the Internet, we need a lot of help. Wired has been looking to the technological future for over two decades, and its readers have the skills we need.”
EFF’s open letter outlines four major ways the technology community can help: using encryption for every user transaction; practicing routine deletion of data logs; revealing publicly any government request to improperly monitor users or censor speech; and joining the fight for user rights in court, in Congress, and beyond.
“EFF has fought for the rights of creators and users since 1990—through four presidential administrations,” said EFF Executive Director Cindy Cohn. “We’ve battled privacy invasions, censorship attempts, and power grabs from Democrats and Republicans alike. Now, President-Elect Trump has promised to increase surveillance, undermine security, and suppress the freedom of the press. But he needs your servers to do this. Join us in securing civil liberties in the digital world, before it’s too late.”
For the full ad in Wired:
For more on how the tech community can defend users:
Privacy Badger 2.0 Blocks Hidden Trackers from Following You Around the Web
San Francisco - The Electronic Frontier Foundation (EFF) today released Privacy Badger 2.0—a free browser extension for Chrome, Firefox, and Opera with new upgrades to help protect shoppers from online tracking.
“If you or your family does holiday shopping on the Internet, it’s likely that advertisers and other data collectors are learning a lot about you and the things you are interested in buying,” said EFF Staff Technologist Cooper Quintin, lead developer of Privacy Badger. “Privacy Badger 2.0 gives you more control over this data collection, spotting many of the sneaky trackers that follow you without your knowledge, and blocking them from transmitting information about you.”
Online trackers are embedded in images, scripts, or advertising on many webpages. Just visiting a page with a tracker can allow it collect a record of the page you are visiting and merge it with a database of what you visited before and after. One of the results of this tracking are the ads that seem to follow you around the web, reflecting your past browsing history. If Privacy Badger spots a tracker following you without your permission, it blocks all content from the tracker or screens out the tracking scripts or cookies.
Hundreds of thousands of users have already installed earlier releases of Privacy Badger. The new version allows you to import and export your data and preferences across browsers, allows for incognito mode, and has an improved experience with many more websites, along with many other upgrades.
“Neither you nor your loved ones should have to sacrifice your privacy to data miners in order to use the Internet,” said Quintin. “Installing Privacy Badger on your family’s computers is a practical and effective way to fight abuses in the online advertising industry, and make your family’s online experience safer and more secure.”
Privacy Badger works in tandem with the Do Not Track (DNT) policy. Users set the DNT flag in their browser settings or by installing Privacy Badger. Privacy Badger won’t block ads or third-party services that promise to honor all DNT requests.
For your free download of Privacy Badger:
Tuesday Hearing in Case With Potentially Significant Implications for Free Speech
Ottawa, Ontario—On Tuesday, Dec. 6, the Electronic Frontier Foundation (EFF) will tell Canada’s highest court that an overbroad court order that censors Google search results for users everywhere violates our rights to freely search the web without government interference.
The court is hearing arguments in Google v. Equustek, a trade secret case in which a British Columbia court issued an order forcing Google to block certain websites from its search results around the world, setting a dangerous precedent for online free expression. Equustek Solutions sued a group of defendants for allegedly misappropriating designs for its routers and selling counterfeit routers online. While Google isn’t a party to the case and had done nothing wrong, Equustek obtained a court order telling the search engine company it must delete search results that directed users to the defendants’ websites, not just in Canada but from all other local domains such Google.com and Google.go.uk. EFF filed a brief in the case siding with Google.
EFF's Canadian counsel, David Wotherspoon of MacPherson Leslie & Tyerman and Daniel Byma of Fasken Martineau DuMoulin, will urge the court to recognize that the order, which puts the private commercial interests of one company ahead of the interests of Internet users worldwide, improperly dismissed free expression concerns. The order issued by the British Columbia court failed to consider international free expression principles, and in particular, how the order would likely run afoul of the First Amendment of the U.S. Constitution and well-established U.S. Internet policy.
Hearing in Google v. Equustek
EFF Canadian Counsel David Wotherspoon of MacPherson Leslie & Tyerman and Daniel Byma of Fasken Martineau DuMoulin
Tuesday, Dec. 6, 9:30 am
Supreme Court of Canada
301 Wellington Street
Ottawa, Ontario K1A OJ1
Potentially Thousands of Communication Providers Received Bad Instructions for Fighting Secrecy Provisions
The Internet Archive published a formerly secret national security letter (NSL) today that includes misinformation about how to contest the accompanying gag order that demanded total secrecy about the request. As a result of the Archive’s challenge to the letter, the FBI has agreed to send clarifications about the law to potentially thousands of communications providers who have received NSLs in the last year and a half.
The NSL issued to the Archive said the library had the right to “make an annual challenge to the nondisclosure requirement.” But in 2015, Congress updated the law to allow for more than one request a year, so that communications providers could speak out about their experience without unneeded delay. Represented by the Electronic Frontier Foundation (EFF), the Archive informed the FBI that it did not have the information the agency was seeking and pointed out the legal error. The FBI agreed to drop the gag order in this case and allow the publication of the NSL.
“The free flow of information is at the heart of the Internet Archive’s work, but by using national security letters in conjunction with unconstitutional gag orders, the FBI is trying to keep us all in the dark,” said Brewster Kahle, founder and digital librarian of the Internet Archive. “Here, it’s even worse: that secrecy helped conceal that the FBI was giving all NSL recipients bad information about their rights. So we especially wanted to make this NSL public to give libraries and other institutions more information and help them protect their users from any improper FBI requests.”
The Archive received this NSL in August, more than a year after Congress changed the law to allow more gag order challenges. In its letter removing the gag order, the FBI acknowledged that it issued other NSLs that included the error, and stated that it will inform all recipients about the mistake. Given that the FBI has said that it issued about 13,000 NSLs last year, thousands of communications providers likely received the false information, and potentially delayed petitioning the court for the right to go public.
“The opaque NSL process—including the lack of oversight by a court—makes it very vulnerable to errors of law. Add to that the routine use of gags and enforced secrecy, and those errors become difficult to find and correct,” said EFF Staff Attorney Andrew Crocker. “We are grateful to the Internet Archive for standing up to the FBI and shining some light on this error. We hope that others who receive the correction will also step forward to have their gags lifted and shine more light on these unconstitutional data collection tools.”
This is the second NSL that the Internet Archive has published after battling with the FBI. In 2007, the Archive received an NSL that exceeded the FBI’s authority to issue demands to libraries. With help from EFF and the American Civil Liberties Union (ACLU), the FBI withdrew the letter and agreed to let the Archive go public in May of 2008.
But many gag orders are still in place. Yesterday, CREDO Mobile confirmed it was at the center of EFF's long-running fight against NSLs after a three-year-old gag order was finally revoked. Along with CREDO's case, EFF is litigating two other challenges to NSL gag orders on behalf of communications providers who are still gagged.
For the national security letter published by the Internet Archive:
For more on the fight against NSLs:
Mobile Provider Battled Gag Order That Forced It to Keep Customers in the Dark
San Francisco - CREDO Mobile representatives confirmed today that their company was at the center of the long-running legal battle over the constitutionality of national security letters (NSLs), and published the letters the government sent three years ago.
The Electronic Frontier Foundation (EFF) has represented CREDO in this matter since 2013—and the case, bundled with two other NSL challenges, has reached the United States Court of Appeals for the Ninth Circuit. Until now, CREDO was under a gag order, preventing CREDO officials from identifying the company or discussing their role in the case. In March, a district court found that the FBI had failed to demonstrate the need for this gag, and struck it down pending an appeal by the government. But earlier this month, the government decided to drop its appeal of that order, leaving CREDO free to talk about why the legal challenge is important to the company and its customers.
“A founding principle of CREDO is to fight for progressive causes we believe in, and we believe that NSLs are unconstitutional. These letters, and the gag orders that came with them, infringed our free speech rights, blocking us from talking to our members about them or discussing our experience while lawmakers debated NSL reform,” said Ray Morris, CREDO CEO. “We were proud to fight these NSLs all these years, and now we are proud to publish the letters and take full part in the ensuing debate.”
The NSLs statutes have been highly controversial since their use was expanded dramatically by the PATRIOT Act in 2001. Soon after that, internal reviews by the Department of Justice found that they had been widely misused. With an NSL, the FBI—on its own, and without court approval—can issue a secret letter to a communications provider, demanding information about its customers, nearly always accompanied by a gag order. That prevents recipients from notifying users about the NSL or even discussing the letter at all.
While the government has stopped pursuing the NSL gag orders on CREDO in this case, EFF’s two other NSL challenges are still being litigated in the appeals court. EFF’s clients—who still must remain secret—argue that they are being unconstitutionally barred from discussion and debate about government use of NSLs and surveillance reform.
“The FBI issues NSL demands for customer information without a warrant or any court supervision, and slaps on a gag order to make it hard for anyone to complain,” said EFF Staff Attorney Andrew Crocker. “The years-long fight in this case demonstrates the difficulty of challenging these orders, and we’re grateful to CREDO for stepping up for its customers and the public to fight these NSLs.”
CREDO Mobile has been in business for 31 years, originally as Working Assets. CREDO believes in bringing social change through every day acts of commerce. Since its founding, it’s donated $81 million to progressive causes.
For more on this case:
EFF and Visualizing Impact Analyze Reports of Content Moderation Gone Awry
San Francisco - User reports of censorship of social media posts show a deep frustration with companies’ content moderation policies, according to an analysis by Onlinecensorship.org, a project of the Electronic Frontier Foundation (EFF) and Visualizing Impact.
In “Censorship in Context: Insights from Crowdsourced Data on Social Media Censorship,” researchers analyzed reports of content takedowns received from users of Facebook, Google+, Instagram, Twitter, and YouTube from April to November of 2016. At a time when many are asking for more content moderation—like calls for Facebook to crack down on “fake news”—election-related censorship complaints focused on the desire of users to speak their minds and share information about a tight election without worrying that their posts will disappear.
“Social media is where we receive news, debate, and organize. These companies have enormous impact on the public sphere, yet they are still private entities with the ability to curate the information we see and the information we don’t see at their sole discretion,” said Jillian C. York, EFF Director for International Freedom of Expression and co-founder of Onlinecensorship.org. “The user base is what powers these social media tools, yet users are feeling like they don’t have any control or understanding of the system.”
“Censorship in Context” recommends best practices for social media content moderation, including transparency in how company policies are enforced and any available remedies. The researchers also urge strengthening systems of redress when content is removed in error, and doing a better job of educating users about what is acceptable on a given platform and what isn’t.
“Many people depend on Facebook to talk to friends, family, clients, and fans, and to debate the issues of the day,” said Project Strategist Sarah Myers West. “While these companies have the right to set their own rules, the least they can do is to tell everyone how they’re enforced.”
Onlinecensorship.org was launched in November of 2015 to spot trends in content removals and learn how these takedowns impact different communities. The site also includes a guide to appealing a content takedown and hosts a collection of news reports on content moderation practices.
EFF Supports Citizen Journalists’ Role in Reporting on Law Enforcement Use of Force
Philadelphia—In an era when bystander recordings of police shootings have shined a much-needed light on law enforcement activities—greatly contributing to public discussion about police use of force—it’s never been more important to establish that citizen journalists have a free speech right to record and share videos of public police activity, EFF told a federal appeals court today.
“Individuals have the unambiguous right under the First Amendment to record police officers exercising their official duties in public,” said EFF Staff Attorney Sophia Cope. “Bystander videos published online have alerted the public to the use of deadly force in numerous cases—Alton Sterling, Eric Garner, Walter Scott, the list goes on. These recordings have informed the public and elected officials about what is happening on our streets. The Supreme Court has made it clear that the process of taking these photos and videos is protected by the First Amendment as an inherently expressive activity or as a form of information and news gathering, and this is true regardless of the intent of the maker at the time of the recording.”
EFF filed filed an amicus brief today with the U.S. Court of Appeals for the Third Circuit in support of two plaintiffs in consolidated cases, Fields v. City of Pennsylvania and Geraci v. City of Pennsylvania. Both plaintiffs were detained for recording the Philadelphia police in 2012 and 2013. Richard Fields, a Temple University college student, was arrested for photographing about 20 officers breaking up a house party. In a separate incident, Amanda Geraci, was detained and prevented from filming an officer arresting a participant at a public environmental protest. The appeals came after a federal judge improperly ruled earlier this year that individuals have no First Amendment right to record the police unless they do so while also engaging in a verbal confrontation with officers or otherwise expressing an intent to criticize law enforcement.
“The district court decision is wrong and could force people into dangerous altercations with police officers in order to justify recording the police,” said Cope. “Worse, if government is granted the power to restrict recording, it can control what information is available to the public about police conduct. Bystander recordings of police misconduct have repeatedly ensured that these troubling episodes receive the public attention they deserve, and we’re fighting for the right of people to continue playing such a vital role in our democracy.”
For the brief:
High Court Urged To Review Fourth Amendment Cases, Hold Warrantless Cell-Site Data Collection Unconstitutional
Washington, D.C.—Cell phone location data, which can provide an incredibly detailed picture of people’s private lives, implicates our Fourth Amendment rights against unreasonable searches, requiring police to obtain a warrant to gain access, the Electronic Frontier Foundation (EFF) told the Supreme Court today.
Weighing in on separate cases where two courts have applied 1970s-era law to digital communications in the information age, EFF urged the nation’s highest court to step in and establish that Americans have the right to expect location data generated from their cell phones is private and protected by the Constitution against unreasonable searches and seizures.
Cell phones constantly connect to cell towers and antennas—which number in the hundreds of thousands—that handle traffic from an estimated 378 million U.S. cell phone accounts. The data generated about these connections, known as cell-site location information (CSLI), create a highly detailed picture of people’s private lives. We carry our cell phones when we leave our homes each day, when we walk into a therapist or lawyer’s office, visit a gun shop, attend a political meeting or sleep at a friend’s. Location information about these private activities is tracked and stored, for years, by cell service providers.
Defendants in U.S. v. Carpenter and U.S. v. Graham were convicted after police obtained, without warrants, hundreds of days of location data produced by their phones to connect them to crimes. The defendants maintained that the use of CSLI violated their Fourth Amendment rights. But the appeals courts in both cases followed Smith v. Maryland, a Supreme Court decision from 1979, when many Americans used rotary-dial land-line phones. In Smith, the Court said that people who voluntarily give certain information to third-parties—such as banks or the phone company—have no expectation of privacy in this information, and thus the government does not need a warrant to access it.
“Cell phone users don’t voluntarily provide location data to their providers—it happens automatically without their control and is generated whether or not the phone is being used,” said EFF Senior Staff Attorney Jennifer Lynch. “Other federal courts and judges in several states have recognized that the so-called ‘third party doctrine’ doesn’t apply to CSLI. It’s time for the Supreme Court to consider whether a decision it made before the existence of commercial cell phones, which are now ubiquitous and reveal our every move, can still be used to override Fourth Amendment protections.”
In 2014, the high court recognized in a unanimous ruling that the astounding amount of sensitive data stored on modern cell phones requires police to obtain a warrant before accessing data on an arrestee’s device. And in a landmark 2012 decision, the court held that GPS tracking is a search under the Fourth Amendment. Yet police are obtaining extensive historic cell-site information without warrants.
“CLSI can give law enforcement far more information about a person’s movement than GPS tracking—cell phones go everywhere their owners go,” said EFF Staff Attorney Andrew Crocker. “If GPS tracking implicates Americans’ Fourth Amendment rights, prolonged cell-site data collection—which provides sensitive details about where we went, who we met with, and what we did—should also be protected against warrantless searches. We’re asking the court to grant review of these important cases and address the Fourth Amendment privacy implications of CSLI.”
EFF filed identical petitions in U.S. v. Carpenter and U.S. v. Graham.
For the brief:
For more on these cases:
Over 11,000 People Join EFF’s Call to Protect Security Research and Repair
San Francisco - The Electronic Frontier Foundation (EFF) urged the U.S. Copyright Office today to protect the public’s right to research and repair everything from phones to refrigerators to tractors, to support the right of people with print disabilities to convert media into an accessible format, and to restore users’ rights to make fair and lawful uses of the software and media they buy.
EFF’s comments are part of the Copyright Office’s ongoing study into whether the “anti-circumvention” provisions of Section 1201 of the Digital Millennium Copyright Act (DMCA) are working for the public. Section 1201 bans anyone from accessing a copyrighted work when a technology like digital rights management software (DRM) is in place to block access. The law is meant to stop illegal copying, but instead, companies use digital locks in all sorts of products to obstruct those who want to look inside for any reason—blocking competition, innovation, security research, and other legal activities. To vindicate these activities, the public must resort to a burdensome exemption process that allows the digital locks to be broken in certain cases. EFF and a host of other public interest organizations must repeatedly plead for temporary exemptions that expire every three years. Moreover, the law expects users to figure out for themselves how to circumvent digital locks to take advantage of exemptions: no one is allowed to give them the technology to do so.
“We are surrounded by computerized devices: our cars, phones, appliances, and more. Software defines what we are able to do with these devices, whether they are safe and secure, and whether they collect or leak our most private information,” said EFF Staff Attorney Kit Walsh. “Right now, you could be sued or even jailed for trying to understand the software in your devices, or for helping others do the same. That has to change.”
The Copyright Office requested comment on whether Congress should permanently exempt certain activities from Section 1201 liability, or exempt software from the sweep of Section 1201. Exempting software would be progress, as would properly worded exemptions for research, repair, and accessibility. In its comments, EFF encouraged the Copyright Office to move forward with these reforms and provided guidance on how to implement them effectively. These comments were supported by over 11,000 signers of a petition calling for reform.
The proposed exemptions should only be a starting point in reform of Section 1201, since they leave a wide range of speech and innovation at the mercy of the law and its flawed rulemaking process – including remix video, documentary filmmaking, media literacy education, or even basic household activities like backing up videos from a DVR or converting an e-book to work on your phone.
A bill in Congress, the Unlocking Technology Act, would protect everyone who wants to break digital locks for reasons that don’t involve infringing copyright. This simple approach would restore the public’s traditional rights to express themselves by building upon copyrighted works and to tinker with their property. It would also bring the law back in line with the limits required by the Constitution to accommodate free speech.
“Section 1201 is unconstitutional, violating the rights of American researchers, entrepreneurs, artists, and in the end, all of us, ” said EFF Senior Staff Attorney Mitch Stoltz. “It’s been in place for 18 long years, and it’s time for real reform.”
EFF is also challenging provisions of Section 1201 as unconstitutional restraints on free speech. EFF and the law firm of Wilson Sonsini Goodrich & Rosati represent security researcher Dr. Matthew Green, software developer Dr. Andrew “bunnie” Huang, and Alphamax LLC, who want to continue their work without legal threats.
For the full comments to the Copyright Office:
For more on DRM and the DMCA:
Malware Attack Highlights Troubling Outbreak of State-Sponsored Digital Spying
Washington, D.C.—Ethiopia must be held accountable in the United States for an illegal malware and digital spying attack on an American citizen, the Electronic Frontier Foundation (EFF) told a federal appeals court today in a case where a foreign government claims it is immune from liability for wiretapping a man’s Skype calls.
Malicious digital surveillance and malware attacks against perceived political opponents, dissidents, and journalists have become all-too-common tactics used by governments with poor human rights records, such as Ethiopia, Kazakhstan, and Vietnam. When foreign governments carry out these digital attacks on Americans in their homes, violating our wiretapping and privacy laws, their victims must be allowed to take them to court, EFF and its co-counsels said in a filing at the U.S. Court of Appeals for the District of Columbia Circuit.
EFF, Robins Kaplan LLP, and Guernica 37: International Justice Chambers represent a Maryland man whose home computer was infected by state-sponsored malware known as FinSpy. The program recorded his private Skype calls, monitored his web searches and emails, and tracked his family’s use of the computer for weeks. Forensic analysis showed the information was surreptitiously sent to a secret server located in Ethiopia and controlled by the Ethiopian government. EFF’s client is an Ethiopian by birth who is a U.S. citizen and has worked with other members of the Ethiopian diaspora. The courts have allowed him to use the pseudonym Mr. Kidane to protect himself and his family from retaliation.
The spying program unleashed on Mr. Kidane was contained in an attachment to a Microsoft Word document that Mr. Kidane inadvertently opened. A government agent in Ethiopia planted the malware on the Word document, but the program to wiretap his conversations resided on his computer in Maryland and automatically began recording, with no one in Ethiopia having to pull the trigger.
The Ethiopian government, which hasn’t denied it wiretapped Mr. Kidane, won dismissal of a 2014 lawsuit after claiming it has immunity because the malware attack was initiated in Ethiopia and thus outside the reach of U.S. courts. It has made the absurd assertion that spyware—marketed to repressive regimes by companies like Gamma International and Hacking Team—gives countries the ability to invade Americans’ homes, wiretap their conversations, violate their privacy, and face no consequences.
“The court’s decision is out of step with the times and completely ignores how other laws treat computer attacks, allowing a prosecution or lawsuit to be brought where the attacked computer is. The appeals court should overturn this ruling and let Mr. Kidane have his day in court,” said EFF Executive Director Cindy Cohn, “Cybersecurity is one of the most important issues of our time, and when foreign governments invade Americans’ privacy, just as with foreign-based criminals, our laws must let victims like Mr. Kidane go to court to hold them accountable.”
If a foreign state’s agent had placed a recording device in Mr. Kidane’s home or on his telephone line, Mr. Kidane could indisputably sue the government in U.S. courts, said EFF Senior Staff Attorney Nate Cardozo. The fact that Ethiopia used software instead of a person to launch a wiretap attack against Kidane in no way allows the country to evade legal liability.
“Today, all governments have to do to illegally spy on people is purchase the right software,’’ said Cardozo. “The D.C. Circuit should recognize that the malware in this case took the place of a human spy, and reinstate Mr. Kidane’s lawsuit.”
“Giving Ethiopia immunity for state-sponsored hacking would strip away one of the few protections Americans have against cyberattacks by foreign powers,” said Scott Gilmore, counsel at Guernica 37. “The invasion of our client’s home, through his computer, could happen to any of us. We all should have the right to seek justice.”
For more on Kidane v. Ethiopia:
New Reports Show How Vague Laws Can Pave the Way for Human Rights Violations in the Digital Age
San Francisco - The people of Latin America need comprehensive legal reform to protect themselves from unlawful government surveillance, according to a new series of reports published by the Electronic Frontier Foundation (EFF).
The reports apply the “Necessary and Proportionate” Principles to surveillance practices in twelve different countries in Latin America. The Principles—cooperatively written by privacy organizations and advocates worldwide, and launched three years ago at the 24th Session of the United Nations Human Rights Council—act as guidelines for fair and just government surveillance practices to protect the privacy of people around the world.
The reports, released today in partnership with digital rights organizations across the region, conclude that while every Latin American constitution recognizes a right to privacy and data protection, most countries do not implement those rights in a way that fully complies with international human rights standards.
“Current technology allows governments to easily conduct sophisticated and pervasive digital surveillance of ordinary individuals. But just because they can doesn’t mean that they should,” said EFF International Rights Director Katitza Rodríguez. “New surveillance technologies are in widespread use without any specific authorization nor human rights protections in place. Too often, these technologies are cell-site simulators—which intercept cell phone signals by imitating cell towers—or malware, which is software that is used to harm computer users by disrupting computer operation, gathering sensitive information, or gaining access to private computer systems. At the same time, executive regulation authorizing surveillance or mandating data retention are regularly issued without any public discussion or input. Some of those decisions remain secret, including confidential regulations and decrees. All of these activities violate the Necessary and Proportionate Principles for conducting surveillance within the bounds of human rights law.”
The reports, in both Spanish and English, currently cover eight Latin American countries as well as the United States, and include an overall comparative survey for twelve countries in the region, analyzing whether government surveillance is used only when it is prescribed by law, necessary to achieve a legitimate aim, and proportionate to the aim pursued. Overall, secrecy surrounding tactics and prevalence of surveillance is widespread in Latin America, and many countries have yet to develop a culture of transparency reporting by communications providers. Without this transparency, citizens are unable to hold governments accountable for overuse of surveillance technologies.
“The vast amount of digital communications content we create—and the increasing ease with which it can be collected—means that governments are capable of creating profiles of our lives, including things like medical conditions, political viewpoints, and religious affiliations,” said Rodríguez. “Yet laws throughout Latin America and around the world are often vague and ripe for abuse, and there is too much secrecy about what the governments are doing These reports are part of our long-term work to reform global communications surveillance until it comports with human rights standards.”
For more on the Necessary and Proportionate Principles:
EFF Argues that NSL Secrecy Violates First Amendment and Chills Debate on Government Surveillance
San Francisco - An appeals court published redacted briefing by the Electronic Frontier Foundation (EFF) today arguing that national security letters (NSLs) and their accompanying gag orders violate the free speech rights of companies who want to keep their users informed about government surveillance.
EFF represents two service providers in challenging the NSL statutes in front of the United States Court of Appeals for the Ninth Circuit. Most of the proceedings have been sealed since the case began five years ago, but some redacted documents have been released after government approval.
“Just this week we’ve seen Open Whisper Systems—the company behind the Signal messaging service—successfully fight a government gag order attached to a subpoena for customer information. Meanwhile, Yahoo is facing criticism for allowing the government wide-ranging access to its users’ communications,” said EFF Staff Attorney Andrew Crocker. “Our clients want to join this conversation, using their own experiences as a basis to talk about what kind of government surveillance is appropriate and what reform is needed—but NSL gags prevent them from doing so. We’re asking the court to strike down this unconstitutional statute so we can have the robust and inclusive debate that this issue deserves.”
The NSL statutes have been highly controversial since their use was expanded under the USA PATRIOT Act. With an NSL, the FBI—on its own, and without court approval—can issue a secret letter to a communications provider, demanding information about its customers. In this case and nearly all others, the NSL is issued in conjunction with a gag order, preventing the companies from notifying users of the demand or discussing the letter at all. Congress changed some parts of the statute in 2015, but retained the basic elements of the gags. In fact, EFF’s clients still cannot identify themselves publicly or share their experiences as part of the debate over government surveillance of technology services.
“Our clients want to be able to issue accurate transparency reports and talk to their customers about how they try to defend users from overreaching government investigations,” Crocker said. “But instead, the FBI instituted indefinite gag orders to shield its demands for information. This is an unconstitutional restriction of our clients’ First Amendment rights.”
For the full redacted brief:
For more on national security letters:
Worldwide Order To Block Certain Websites Violates Users’ Rights to Freely Search the Web Without Governments Interfering
Ottawa, Ontario—A Canadian court order forcing Google to block certain websites from its search results around the world sets a dangerous precedent for online free expression, the Electronic Frontier Foundation (EFF) said today.
Weighing in on a trade secret case that could have dramatic implications for free speech on the Internet, EFF told the Supreme Court of Canada in a brief that courts should be extremely reluctant to use their authority to decide what users around the world can see on the Internet. A court in British Columbia vastly overstepped, EFF said, when it issued an injunction in 2014 to “disappear” websites that not only applied to Google’s Canada-specific search, Google.ca, but to all of its searches around the world.
“The court’s overbroad ruling against Google, which had done nothing wrong and wasn’t a party in the lawsuit, put the private commercial interests of one company ahead of the interests of Internet users worldwide. That’s wrong and the Supreme Court of Canada should fix it,” said EFF Frank Stanton Legal Fellow Aaron Mackey. “Any request to issue an order in a local legal battle that affects the rights of users around the world should face a very high bar. Such orders may conflict with other nations’ laws and set the stage for authoritarian governments to impose their own speech-restricting laws on the Internet.”
In the underlying case, British Columbia-based Equustek Solutions accused Morgan Jack and others, known as the Datalink defendants, of misappropriating designs for its routers and selling counterfeit routers online. It claimed California-based Google facilitated access to the defendants’ sites. The defendants never appeared in court to challenge the claim, resulting in a default judgment against them. Although Google is not named in the lawsuit, it voluntarily took down specific URLs that directed users to the defendants’ products and ads under the local Google.ca domains. But Equustek wanted more, and the British Columbia court ruled that Google must delete the entire domain from its search results, including from all other local domains such Google.com and Google.go.uk. An appeals court upheld the decision.
EFF’s brief argues that the order issued by the British Columbia court violates both international free expression principles and the First Amendment of the U.S. Constitution.
“The Canadian court order is an overbroad gag on an online speaker’s ability to publish truthful information about websites that are readily accessible on the Internet,” said EFF Staff Attorney Vera Ranieri. “The order also unlawfully restricts Internet users’ rights to access the information on those websites, which has the real potential to chill speech and access to information on the Internet. We hope the Supreme Court of Canada fixes it—and other courts around the world take heed.”
DMCA Provision Violates Author’s First Amendment Right to Publish Research About Computer Security
Washington, D.C.—The Electronic Frontier Foundation (EFF) asked a court Thursday for an order that would prevent the government from prosecuting its client, security researcher Matthew Green, for publishing a book about making computer systems more secure.
Green is writing a book about methods of security research to recognize vulnerabilities in computer systems. This important work helps keep everyone safer by finding weaknesses in computer code running devices critical to our lives—electronic devices, cars, medical record systems, credit card processing, and ATM transactions. Green’s aim is to publish research that can be used to build more secure software.
But publishing the book, tentatively entitled Practical Cryptographic Engineering, could land Green in jail under an onerous and unconstitutional provision of copyright law. To identify security vulnerabilities in a device he has purchased, Green must work directly with copyrighted computer code, bypassing control measures meant to prevent the code from being accessed. Even though this kind of research is traditionally a “fair use” permitted by copyright law, Digital Millennium Copyright Act (DMCA) Section 1201 threatens criminal and civil penalties— including jail time—for performing it or publishing information about the methods of security research. The exemptions Congress included in the 1998 DMCA to protect security researchers from prosecution are vague, limited, and provide inadequate assurance against the serious legal ramifications of Section 1201 lawsuits—something the government itself has acknowledged.
“Under Section 1201, computer researchers can face serious penalties just for selling a book that would help people build better, more secure computer systems,” said EFF Legal Director Corynne McSherry. “As we explained when we filed a legal challenge to the law in July, such penalties violate the First Amendment and threaten ordinary people for publishing research or even talking about circumventing computer code that’s embedded in nearly everything we own. With the lawsuit underway, we’re asking the court to bar the government from prosecuting Dr. Green so he can publish a book that’s clearly in the public interest.”
“If we want our communications and devices to be secure, we need to protect independent security researchers like Dr. Green,” said EFF Staff Attorney Kit Walsh. “Researchers should be encouraged to educate the public and the next generation of computer scientists. Instead, they are threatened by an unconstitutional law that has come unmoored from its original purpose of addressing copyright infringement. We’re going to court to protect everyone whose speech is squelched by this law, starting with Dr. Green and his book.”
EFF filed the Section 1201 lawsuit and Thursday's request for a court order with co-counsel Brian Willen, Stephen Gikow, and Lauren Gallo White of Wilson Sonsini Goodrich & Rosati.
For the motion for preliminary injunction:
For more about this case:
Monday Hearing in Lawsuit Against Public.Resource.Org
Update: This hearing will be held at 9:00 am. In an order issued Friday, the court rescheduled arguments in the case for 9:00 am.
Washington, D.C.—On Monday, September 12, Electronic Frontier Foundation (EFF) Legal Director Corynne McSherry will urge a federal court to confirm that the public has a right to access and share the laws, regulations, and standards that govern us and cannot be blocked by overbroad copyright claims.
The court in Washington, D.C., is hearing arguments in two cases against EFF client Public.Resource.Org, an open records advocacy website. In these suits, several industry groups claim they own copyrights on written standards for building safety and educational testing they helped develop, and can deny or limit public access to them even after the standards have become part of the law. Standards like these that are legal requirements—such as the National Electrical Code—are available only in paper form in Washington, D.C., in expensive printed books, or through a paywall. By posting these documents online, Public.Resource.Org seeks to make these legal requirements more available to the public that must abide by them. The industry groups allege the postings infringe their copyright, even though the standards have been incorporated into government regulations and, therefore, must be free for anyone to view, share, and discuss.
McSherry and co-counsel Andrew Bridges at Fenwick & West will argue at the hearing that our laws belong to all of us and private organizations shouldn’t be allowed to abuse copyright to control who can read, excerpt, or share them. They will be assisted by EFF Senior Staff Attorney Mitch Stoltz and Fenwick & West Associate Matthew Becker.
Hearing in ASTM v. Public.Resource.org and AERA v. Public.Resource.org
EFF Legal Director Corynne McSherry
Monday, September 12, 9:00 am
Courtroom 2, 2nd Floor
U.S. District Court for the District of Columbia
333 Constitution Ave. N.W.
Washington, D.C. 20001
Ignoring Duty to Provide Notice When Invading Users’ Privacy Is Unconstitutional
Seattle, Washington—The Electronic Frontier Foundation (EFF) told a federal court today that the government is violating the U.S. Constitution when it fails to notify people that it has accessed or examined their private communications stored by Internet providers in the cloud.
EFF is supporting Microsoft in its lawsuit challenging portions of the Electronic Communications Privacy Act (ECPA) that allow the Department of Justice (DOJ) to serve a warrant on the company to get access to customers’ emails and other information stored on remote servers—all without telling users their data is being searched or seized. In a brief filed in Microsoft v. Department of Justice in U.S. District Court in Seattle, EFF, joined by Access Now, New America’s Open Technology Institute, and legal scholar Jennifer Granick, said Fourth Amendment protections against unreasonable searches and seizures by the government apply to all of our information—no matter what the format or where it’s located.
“Whether the government has a warrant to rifle through our mail, safety deposit boxes, or emails stored in the cloud, it must notify people about the searches,” said EFF Senior Staff Attorney Lee Tien. “When electronic searches are done in secret, we lose our right to challenge the legality of law enforcement invasions of privacy. The Fourth Amendment doesn’t allow that, and it’s time for the government to step up and respect the Constitution.”
Microsoft sued DOJ earlier this year challenging ECPA provisions enacted 30 years ago, long before the emergence of ubiquitous cloud computing that now plays a vital role in the storage of private communications. The government has used the transition to cloud computing as an opening to conduct secret electronic investigations by serving search warrants on Internet service providers seeking users’ emails, the lawsuit says. The government, which wants the case thrown out, doesn’t let account holders know their data is being accessed because of the unconstitutional ECPA provision, while service providers like Microsoft are gagged from telling customers about the searches.
“When people kept personal letters in a desk drawer at home, they knew if that information was about to be searched because the police had to knock on their door and show a warrant,” said EFF Staff Attorney Sophia Cope. “The fact that today our private emails are kept on a server maintained by an Internet company doesn’t change the government’s obligations under the Fourth Amendment. The Constitution requires law enforcement to tell people they are the target of a search, which enables them to vindicate their rights and provides a free society with a crucial means of government accountability.”
EFF thanks Seattle attorney Venkat Balasubramani of FocalLaw P.C. for his assistance as local counsel.
About this case:
Copyright Holders Must Be Held Accountable For Baseless Takedown Notices
Washington, D.C.—The Electronic Frontier Foundation (EFF) today filed a petition on behalf of its client Stephanie Lenz asking the U.S. Supreme Court to ensure that copyright holders who make unreasonable infringement claims can be held accountable if those claims force lawful speech offline.
Lenz filed the lawsuit that came to be known as the “Dancing Baby” case after she posted—back in 2007—a short video on YouTube of her toddler son in her kitchen. The 29-second recording, which Lenz wanted to share with family and friends, shows her son bouncing along to the Prince song "Let's Go Crazy," which is heard playing in the background. Universal Music Group, which owns the copyright to the Prince song, sent YouTube a notice under the Digital Millennium Copyright Act (DMCA), claiming that the family video was an infringement of the copyright.
EFF sued Universal on Lenz’s behalf, arguing that the company’s claim of infringement didn’t pass the laugh test and was just the kind of improper, abusive DMCA targeting of lawful material that so often threatens free expression on the Internet. The DMCA includes provisions designed to prevent abuse of the takedown process and allows people like Lenz to sue copyright holders for bogus takedowns.
The San Francisco-based U.S. Court of Appeals for the Ninth Circuit last year sided in part with Lenz, ruling that that copyright holders must consider fair use before sending a takedown notice. But the court also held that copyright holders should be held to a purely subjective standard. In other words, senders of false infringement notices could be excused so long as they subjectively believed that the material they targeted was infringing, no matter how unreasonable that belief. Lenz is asking the Supreme Court to overrule that part of the Ninth Circuit’s decision to ensure that the DMCA provides the protections for fair use that Congress intended.
“Rightsholders who force down videos and other online content for alleged infringement—based on nothing more than an unreasonable hunch, or subjective criteria they simply made up—must be held accountable,” said EFF Legal Director Corynne McSherry. “If left standing, the Ninth Circuit’s ruling gives fair users little real protection against private censorship through abuse of the DMCA process.”
For more on Lenz v. Universal:
Ceremony for Honorees on September 21 in San Francisco
San Francisco - The Electronic Frontier Foundation (EFF) is pleased to announce the distinguished winners of the 2016 Pioneer Awards: Malkia Cyril of the Center for Media Justice, data protection activist Max Schrems, the authors of the “Keys Under Doormats” report that counters calls to break encryption, and the lawmakers behind CalECPA—a groundbreaking computer privacy law for Californians.
The award ceremony will be held the evening of September 21 at Delancey Street’s Town Hall Room in San Francisco. The keynote speaker is award-winning investigative journalist Julia Angwin, whose work on corporate invasions of privacy has uncovered the myriad ways companies collect and control personal information. Her recent articles have sought to hold algorithms accountable for the important decisions they make about our lives. Tickets are $65 for current EFF members, or $75 for non-members.
Malkia A. Cyril is the founder and executive director of the Center for Media Justice and co-founder of the Media Action Grassroots Network, a national network of community-based organizations working to ensure racial and economic justice in a digital age. Cyril is one of few leaders of color in the movement for digital rights and freedom, and a leader in the Black Lives Matter Network—helping to bring important technical safeguards and surveillance countermeasures to people across the country who are fighting to reform systemic racism and violence in law enforcement. Cyril is also a prolific writer and public speaker on issues ranging from net neutrality to the communication rights of prisoners. Their comments have been featured in publications like Politico, Motherboard, and Essence Magazine, as well as three documentary films. Cyril is a Prime Movers fellow, a recipient of the 2012 Donald H. McGannon Award for work to advance the roles of women and people of color in the media reform movement, and won the 2015 Hugh Hefner 1st Amendment Award for framing net neutrality as a civil rights issue.
Max Schrems is a data protection activist, lawyer, and author whose lawsuits over U.S. companies’ handling of European Union citizens’ personal information have changed the face of international data privacy. Since 2011 he has worked on the enforcement of EU data protection law, arguing that untargeted wholesale spying by the U.S. government on Internet communications undermines the EU’s strict data protection standards. One lawsuit that reached the European Court of Justice led to the invalidation of the “Safe Harbor” agreement between the U.S. and the EU, forcing governments around the world to grapple with the conflict between U.S. government surveillance practices and the privacy rights of citizens around the world. Another legal challenge is a class action lawsuit with more than 25,000 members currently pending at the Austrian Supreme Court. Schrems is also the founder of “Europe v Facebook,” a group that pushes for social media privacy reform at Facebook and other companies, calling for data collection minimization, opt-in policies instead of opt-outs, and transparency in data collection.
The “Keys Under Doormats” report has been central to grounding the current encryption debates in scientific realities. Published in July of 2015, it emerged just as calls to break encryption with “backdoors” or other access points for law enforcement were becoming pervasive in Congress, but before the issue came into the global spotlight with the FBI’s efforts against Apple earlier this year. “Keys Under Doormats” both reviews the underlying technical considerations of the earlier encryption debate of the 1990s and examines the modern systems realities, creating a compelling, comprehensive, and scientifically grounded argument to protect and extend the availability of encrypted digital information and communications. The authors of the report are all security experts, building the case that weakening encryption for surveillance purposes could never allow for any truly secure digital transactions. The “Keys Under Doormats” authors are Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, and Daniel J. Weitzner. Work on the report was coordinated by the MIT Internet Policy Research Initiative.
CalECPA—the California Electronic Communications Privacy Act—is a landmark law that safeguards privacy and free speech rights. CalECPA requires that a California government entity gets a warrant to search electronic devices or compel access to any electronic information, like email, text messages, documents, metadata, and location information—whether stored on the electronic device itself or online in the “cloud.” CalECPA gave California the strongest digital privacy law in the nation and helps prevent abuses before they happen. In many states without this protection, police routinely claim the authority to search sensitive electronic information about who we are, where we go, and what we do—without a warrant. CalECPA was introduced by California State Senators Mark Leno (D-San Francisco) and Joel Anderson (R-Alpine), who both fought for years to get stronger digital privacy protections for Californians. Leno has been a champion of improved transportation, renewable energy, and equal rights for all, among many other issues. Anderson regularly works across party lines to protect consumer privacy in the digital world.
“We are honored to announce this year’s Pioneer Award winners, and to celebrate the work they have done to make communications private, safe, and secure,” said EFF Executive Director Cindy Cohn. “The Internet is an unprecedented tool for everything from activism to research to commerce, but it will only stay that way if everyone can trust their technology and the systems it relies on. With this group of pioneers, we are building a digital future we can all be proud of.”
Awarded every year since 1992, EFF’s Pioneer Awards recognize the leaders who are extending freedom and innovation on the electronic frontier. Previous honorees have included Aaron Swartz, Citizen Lab, Richard Stallman, and Anita Borg.
Sponsors of the 2016 Pioneer Awards include Adobe, Airbnb, Dropbox, Facebook, and O’Reilly Media.
To buy tickets to the Pioneer Awards:
Consumers Need Warning If Movies, Music, Games Restrict When and How They Are Used
San Francisco - The Electronic Frontier Foundation (EFF) and a coalition of consumer groups, content creators, and publishers asked the Federal Trade Commission (FTC) today to require online retailers to label the ebooks, songs, games, and apps that come with digital locks restricting how consumers can use them.
In a letter sent to the FTC today, the coalition said companies like Amazon, Google, and Apple have a duty to inform consumers if products for sale are locked with some kind of "digital rights management" or DRM. Companies use DRM to purportedly combat copyright infringement, but DRM locks can also block you from watching the movie you bought in New York when you go to Asia on vacation, or limit which devices can play the songs you purchased.
"Without DRM labeling, it’s nearly impossible to figure out which products have digital locks and what restrictions these locks impose," said EFF Special Advisor Cory Doctorow. "We know the public prefers DRM-free e-books and other electronic products, but right now buyers are in the dark about DRM locks when they go to make purchases online. Customers have a right to know about these restrictions before they part with their money, not after."
The letter is accompanied by a request that the FTC investigate and take action on behalf of consumers who find themselves deprived of the enjoyment of their property every day, due to a marketplace where products limited by DRM are sold without adequate notice. The request details the stories of 20 EFF supporters who bought products—ebooks, videos, games, music, devices, even a cat-litter box—that came with DRM that caused them grief. They report that DRM left them with broken, orphaned, or useless devices and in some cases even incapacitated other devices.
The FTC oversees fair packaging and labeling rules that are supposed to prevent consumers from being deceived and facilitate value comparisons. Today’s letter argues that the FTC should require electronic sellers to use a simple, consistent, and straightforward label about DRM locks for digital media. For example, "product detail" lists—which appear on digital product pages and disclose such basic information as serial number, file size, publisher, and whether certain technological features are enabled—should include a category stating whether a product is DRM-free or DRM-restricted. The latter designation should include a link to a clear explanation of the restrictions imposed on the product.
"The use of DRM is controversial among creators, studios, and audiences. What shouldn’t be controversial is the right of consumers to know which products have DRM locks. If car companies made vehicles that only drove on certain streets, they’d have to disclose this to consumers. Likewise, digital media products with DRM restrictions should be clearly labeled," said Doctorow.
Signers of today’s letter include the Consumer Federation of America, Public Knowledge, the Free Software Foundation, McSweeney’s, and No Starch Press.
For the full letter to the FTC about labeling:
For the full letter to the FTC with the stories of people who've been harmed by DRM they weren't informed of:https://www.eff.org/files/2016/08/06/eff_request_for_investigation_re_labeling_drm-limited_products.pdf
Editors Who Exposed Corruption, Political Opponents of Authoritarian Government’s President, and Their Legal Teams Were Sent Malware
San Francisco—Journalists and political activists critical of Kazakhstan’s authoritarian government, along with their family members, lawyers, and associates, have been targets of an online phishing and malware campaign believed to be carried out on behalf of the government of Kazakhstan, according to a new report by the Electronic Frontier Foundation (EFF).
Malware was sent to Irina Petrushova and Alexander Petrushov, publishers of the independent newspaper Respublika, which was forced by the government of Kazakhstan to stop printing after years of exposing corruption but has continued to operate online. Also targeted are family members and attorneys of Mukhtar Ablyazov, co-founder and leader of opposition party Democratic Choice of Kazakhstan, as well as other prominent dissidents.
The campaign—which EFF has called “Operation Manul,” after endangered wild cats found in the grasslands of Kazakhstan—involved sending victims spearphishing emails that tried to trick them into opening documents which would covertly install surveillance software capable of recording keystrokes, recording through the webcam, and more. Some of the software used in the campaign is commercially available to anyone and sells for as little as $40 online.
Spearphishing emails and malware sent to members of the Ablyazov family while they were in exile in Italy may have helped track the whereabouts of Mukhtar Ablyazov’s wife and young daughter. Despite having legal European resident permits, the two were taken into custody in Italy in 2013 and forcibly deported to Kazakhastan. Many targets of the malware campaign are also involved in litigation with the government of Kazakhstan, including the publishers of Respublika noted above. EFF represented Respublika in a U.S. lawsuit during the course of which the government has attempted to censor the site and discover Respublika’s confidential sources
Kazakhstan is a former Soviet republic that heavily restricts freedom of speech and assembly, and where torture is a serious problem, according to Human Rights Watch. The republic was ranked 160 out of 180 countries tracked by Reporters Without Borders for attacks on journalistic freedom and independence.
“The use of malware to spy on and intimidate dissidents beyond their borders is an increasingly common tactic employed by oppressive governments,” said Eva Galperin, Global Policy Analyst at EFF and one of the report’s authors. “As we have seen in places like Syria and Vietnam, journalists and political opposition leaders are being attacked in both the physical and digital worlds. Regimes are turning to covertly installed malware to track, harass, and silence those who seek to expose corruption and inform the public about human rights abuses—especially targets that have moved beyond the regime's sphere of control. Based on available evidence, we believe this campaign is likely to have been carried out on behalf of the government of Kazakhstan.”
EFF researchers, along with technologists at First Look Media and Amnesty International, examined data about suspected espionage groups and found overlaps between Operation Manul and Appin Security Group, an Indian company that has been linked with several other attack campaigns.
“Appin has been linked by cybersecurity firm Norman Shark to cyber-attacks against a Norwegian telecom company, Punjabi separatists, and others," said EFF Staff Technologist Cooper Quintin. “We found that some of the technology infrastructure used in those cyber attacks overlapped with the infrastructure used in Operation Manul. “
“Our research shows that such cheap, commercially available malware can have a real impact on vulnerable populations,” said Galperin. “Much of the past research in this area has exposed campaigns carried out by governments using spy software which they have purchased. In this case, the evidence suggests that the government of Kazakhstan hired a company to carry out the attacks on their behalf.”
Thursday Hearing in EFF’s Case Against Patent That Threatened Podcasting
Washington, D.C.—The Electronic Frontier Foundation (EFF) will urge a federal appeals court at a hearing Thursday to find that the U.S. Patent and Trademark Office (USPTO) correctly invalidated key claims of a patent owned by Personal Audio, which had used the patent to threaten podcasters big and small.
EFF is defending a USPTO ruling it won last year in its petition challenging the validity of key claims of Personal Audio’s patent. EFF argued, and the USPTO agreed, that the claimed invention existed before Personal Audio filed its patent application.
Personal Audio maintained that it invented the process of updating a website regularly with new, related content creating a series of episodes—basically podcasting—in 1996. Personal Audio began sending letters to podcasters in 2013, demanding licensing fees from creators such as comedian Adam Carolla and three major television networks. In its challenge to the patent, EFF showed that putting a series of episodes online for everyone to enjoy was not a new idea when the patent application was filed.
Personal Audio asked the U.S. Court of Appeals for the Federal District in Washington D.C. to overturn the USPTO ruling. At a hearing on Thursday, EFF's pro bono counsel will ask the court to reject Personal Audio’s argument that the USPTO erred when it invalidated the patent claims.
What: Court hearing in Personal Audio LLC v. Electronic Frontier Foundation
When: Thursday, August 4, 10 am
Where: U.S. Court of Appeals for the Federal Circuit
Courtroom 401, Panel J
717 Madison Place, N.W.
Washington, D.C. 20439
For more on EFF’s Personal Audio challenge:
Future of Technology and How It’s Used Is At Stake
Washington D.C.—The Electronic Frontier Foundation (EFF) sued the U.S. government today on behalf of technology creators and researchers to overturn onerous provisions of copyright law that violate the First Amendment.
EFF’s lawsuit, filed with co-counsel Brian Willen, Stephen Gikow, and Lauren Gallo White of Wilson Sonsini Goodrich & Rosati, challenges the anti-circumvention and anti-trafficking provisions of the 18-year-old Digital Millennium Copyright Act (DMCA). These provisions—contained in Section 1201 of the DMCA—make it unlawful for people to get around the software that restricts access to lawfully-purchased copyrighted material, such as films, songs, and the computer code that controls vehicles, devices, and appliances. This ban applies even where people want to make noninfringing fair uses of the materials they are accessing.
Ostensibly enacted to fight music and movie piracy, Section 1201 has long served to restrict people’s ability to access, use, and even speak out about copyrighted materials—including the software that is increasingly embedded in everyday things. The law imposes a legal cloud over our rights to tinker with or repair the devices we own, to convert videos so that they can play on multiple platforms, remix a video, or conduct independent security research that would reveal dangerous security flaws in our computers, cars, and medical devices. It criminalizes the creation of tools to let people access and use those materials.
Copyright law is supposed to exist in harmony with the First Amendment. But the prospect of costly legal battles or criminal prosecution stymies creators, academics, inventors, and researchers. In the complaint filed today in U.S. District Court in Washington D.C., EFF argues that this violates their First Amendment right to freedom of expression.
“The creative process requires building on what has come before, and the First Amendment preserves our right to transform creative works to express a new message, and to research and talk about the computer code that controls so much of our world,” said EFF Staff Attorney Kit Walsh. “Section 1201 threatens ordinary people with financial ruin or even a prison sentence for exercising those freedoms, and that cannot stand.”
EFF is representing plaintiff Andrew “bunnie” Huang, a prominent computer scientist and inventor, and his company Alphamax LLC, where he is developing devices for editing digital video streams. Those products would enable people to make innovative uses of their paid video content, such as captioning a presidential debate with a running Twitter comment field or enabling remixes of high-definition video. But using or offering this technology could run afoul of Section 1201.
“Section 1201 prevents the act of creation from being spontaneous,’’ said Huang. “Nascent 1201-free ecosystems outside the U.S. are leading indicators of how far behind the next generations of Americans will be if we don’t end this DMCA censorship. I was born into a 1201-free world, and our future generations deserve that same freedom of thought and expression.”
EFF is also representing plaintiff Matthew Green, a computer security researcher at Johns Hopkins University who wants to make sure that we all can trust the devices that we count on to communicate, underpin our financial transactions, and secure our most private medical information. Despite this work being vital for all Americans' safety, Green had to seek an exemption from the Library of Congress last year for his security research.
“The government cannot broadly ban protected speech and then grant a government official excessive discretion to pick what speech will be permitted, particularly when the rulemaking process is so onerous,” said Walsh. “If future generations are going to be able to understand and control their own machines, and to participate fully in making rather than simply consuming culture, Section 1201 has to go.”
For the complaint:
Iris Scans, Palm Prints, Face Recognition Data, and More Collected From Millions of Innocent Citizens
San Francisco—The FBI, which has created a massive database of biometric information on millions of Americans never involved in a crime, mustn’t be allowed to shield this trove of personal information from Privacy Act rules that let people learn what data the government has on them and restrict how it can be used.
The Electronic Frontier Foundation (EFF) filed comments today with the FBI, on behalf of itself and six civil liberties groups, objecting to the agency’s request to exempt the Next Generation Identification (NGI) database from key provisions of federal privacy regulations that protect personal data from misuse and abuse. The FBI has amassed this database with little congressional and public oversight, failed for years to provide basic information about NGI as required by law, and dragged its feet to disclose—again, as required by law—a detailed description of the records and its policies for maintaining them. Now it wants to be exempt from even the most basic notice and data correction requirements.
NGI includes prints and face recognition data from millions of everyday people who’ve committed no crime but have had their biometric data collected when they needed a background check for a job, applied for welfare benefits, registered for immigration, or obtained state licenses to be a teacher, realtor, or dentist. For example, NGI holds millions of photographs searchable through facial recognition and accessible by 20,000 foreign, federal, state, and municipal-level law enforcement agencies.
The public’s understanding of the FBI’s collection of biometric information is only now coming to light because the agency has been less than forthcoming about its data gathering. In June, the Government Accountability Office published an exhaustive report revealing that the FBI has access to hundreds of millions more photos of Americans than we ever thought and has been hiding that from the public in violation of federal and agency laws for years. Previously, many believed that NGI just contained criminal case records such as fingerprints and mug shots collected during arrests.
“The FBI has sidestepped the Privacy Act as it has expanded NGI, essentially saying ‘just trust us’ with highly personal and private data,” said EFF Senior Staff Attorney Jennifer Lynch. “But the FBI hasn’t proved itself to be worthy of the public’s trust. Exempting NGI from the Privacy Act will eliminate our rights to access our own records and take action against the government when it make mistakes with that data. The Privacy Act is only the barest of protection for Americans, but the FBI wants to escape from even that basic responsibility.”
The FBI refuses to recognize accuracy is an issue with face recognition or to publish any data on NGI’s accuracy rates. However, research has shown that face recognition misidentifies African Americans, ethnic minorities, women, and young people at higher rates than whites and men. This means that potential errors within NGI will likely impact people of color more frequently, especially because FBI databases include a disproportionate number of African Americans, Latinos and immigrants, thanks to well-documented racial bias among law enforcement.
This is why it’s particularly important that people be able to use the Privacy Act to learn about NGI—it ensures that people can access records the FBI has on them and allows them to take the FBI to court, if needed, to correct any inaccurate information.
“Over 2,000 Americans have signed an EFF petition objecting to the FBI’s exemption proposal, including the vague, incomplete explanation of how the FBI is maintaining our private records,” said Lynch. “Our message to the FBI is that citizens deserve the right to know what information it has on them, and the bureau must be obligated to correct inaccurate data. Its attempt to skirt these rules must be rejected.”
EFF was joined in its comments by American Civil Liberties Union, Advocacy for Principled Action in Government, Council on Arab-Islamic Relations (CAIR), Fight for the Future, National Immigration Law Center, and National Immigration Project of the National Lawyers Guild.
For our comments:
Changes to Rule 41 Will Greatly Increase Law Enforcement Hacking, Surveillance
San Francisco—The Electronic Frontier Foundation (EFF), the Tor Project, and dozens of other organizations are calling today on citizens and website operators to take action to block a new rule pushed by the U.S. Justice Department that would greatly expand the government’s ability to hack users’ computers and interfere with anonymity on the web.
EFF and over 40 partner organizations are holding a day of action for a new campaign—noglobalwarrants.org—to engage citizens about the dangers of Rule 41 and push U.S. lawmakers to oppose it. The process for updating these rules—which govern federal criminal court processes—was intended to deal exclusively with procedural issues. But this year a U.S. judicial committee approved changes in the rule that will expand judicial authority to grant warrants for government hacking.
“The government is attempting to use a process designed for procedural changes to expand its investigatory powers,” said EFF Activism Director Rainey Reitman. “Make no mistake: these changes to Rule 41 will result in a dramatic increase in government hacking. The government is trying to avoid scrutiny and sneak these new powers past the public and Congress through an obscure administrative process.”
Right now, Rule 41 only authorizes federal magistrate judges to issue warrants to conduct searches in the judicial district where the magistrate is located. The new Rule 41 would for the first time authorize magistrates to issue warrants when “technological means,” like Tor or virtual private networks (VPNs), are obscuring the location of a computer. In these circumstances, the rule changes would authorize warrants to remotely access, search, seize, or copy data on computers, wherever in the world they are located.
“Tor users worldwide could be affected by these new rules,” said Kate Krauss, Director of Public Policy and Communications for the Tor Project. “Tor is used by journalists, members of Congress, diplomats, and human rights activists who urgently need its protection to safeguard their privacy and security—but these rules will give the Justice Department new authority to snoop into their computers."
The changes to Rule 41 would also take the unprecedented step of allowing a court to issue a warrant to hack into the computers of innocent Internet users who are themselves victims of a botnet, EFF and its partners said in a letter to members of Congress today.
EFF and its partners launched noglobalwarrants.org, a campaign page outlining problems with the changes to Rule 41 and listing over 40 Internet companies, digital privacy providers, and public interest groups that support the project. The coalition is asking website owners to embed on their sites unique code that will display a banner allowing people to email members of Congress or sign a petition opposing Rule 41. The groups are also calling on citizens to speak out against Rule 41 on social media and blogs. The aim is to send a message to Congress that it should not authorize this expansion of government hacking and must reject Rule 41 changes.
For the coalition letter:
‘Total Profits’ Damage Awards For Infringing Design Patents Are Excessive, Unfair
Washington, D.C.—The Electronic Frontier Foundation (EFF) asked the U.S. Supreme Court today to reverse a ruling that required Samsung to pay Apple all the profits it earned from smartphones that infringed three basic design patents owned by the iPhone maker.
The $399-million damage award against Samsung, upheld by the United States Court of Appeals for the Federal Circuit in the Apple v. Samsung patent lawsuit, should be thrown out, EFF told the court in an amicus brief filed today with Public Knowledge and The R Street Institute. Forcing defendants to give up 100% of their profits for infringing designs that may only marginally contribute to a product’s overall look and functionality will encourage frivolous lawsuits and lead to excessive damage awards that will raise prices for consumers and deter innovation.
The smartphone design patents at issue in the case include a black rectangular front face with round corners, another for a similar face with a rim and a colorful grid of 16 icons.
"The patent system is supposed to offer fair reward for inventors, not excessive, unfair compensation that threatens our access to technology,” said Vera Ranieri, EFF Staff Attorney. "Such massive windfalls for patent holders will encourage more frivolous lawsuits."
A jury in 2012 held that Samsung’s phones infringed Apple’s utility and design patents; Apple was originally granted $1.05 billion in damages—that amount was later reduced. Samsung appealed to the Federal Circuit, which interpreted, wrongly EFF asserts, that under the Patent Act patent owners are entitled to the entire profit from products that use the patented design. Samsung, EFF, and other technology companies and public interest groups sought and won Supreme Court review of the case.
A more balanced alternative to the improper "winner takes all" approach adopted by the Federal Circuit would be to base damages on how much the infringing designs contributed to the overall value of the smartphones Samsung sold, EFF said.
If the Federal Circuit’s decision is allowed to stand it will create incentives for more design patent lawsuits to flood the courts. Any product or technology that may infringe on a design patent—regardless of whether the infringed design contributes just 1% of the value of a complex product and or whether the patent was intentionally infringed—could trigger the “total profit” rule and allow the patent holder claim 100% of all the profits from the product.
"The Federal Circuit’s reading of the Patent Act was flawed, and we’re asking the Supreme Court to adopt an interpretation that more appropriately balances the interests of patent holders, the industry, and the public," said Ranieri. "There’s good reason to believe that the Federal Circuit’s interpretation will create a cottage industry of abusive patent lawsuits that will enrich clever lawyers at the expense of the public."
Serial Troll Tries To Extort Money From Mail-Order Business with Frivolous Infringement Claims
West Palm Beach, Florida—The Electronic Frontier Foundation (EFF) filed a lawsuit today against a well-known patent troll that tried to shake down a small business owner for tens of thousands of dollars on bogus claims of infringement on patents that were never used and were expired or invalid.
Defendant Shipping & Transit LLC has filed hundreds of lawsuits asserting frivolous patent infringement claims as part of its business model to intimidate and extort money from people, EFF alleged in a complaint filed with co-counsel Julie Turner of California-based Turner Boyd and Matthew Sarelson with Miami-based Kaplan Young & Moll Parrón. Shipping & Transit sends out letters accusing businesses of patent infringement and demanding thousands of dollars to license the patents or settle the matter. It then routinely sues those who don’t pay up to extort “nuisance value” settlements.
In a lawsuit filed in the U.S. District Court for the Southern District of Florida, EFF is representing Jason Cugle, who last year began running a small business selling accessories for electronic cigarettes. Cugle, a Maryland resident, received a letter accusing his company and website (Triple7vaping.com) of violating Shipping & Transit’s patents, which relate to ideas for monitoring and reporting the status of delivery vehicles. Cugle simply sent customer shipments through the U.S. Postal Service (USPS) and manually emailed each customer a message saying the package had been shipped and providing the USPS tracking number. Florida-based Shipping & Transit claims its patents cover a variety of methods of notifying people when a vehicle is about to reach its destination, including Cugle’s.
“The claims are absurd. Not only did three of the four patents expire two years before Mr. Cugle started his mail order business, they are not valid in the first place and he hasn’t infringed anything,” said EFF Staff Attorney Vera Ranieri. “What is worse, Shipping & Transit tried to force Mr. Cugle to sign a vaguely-worded affidavit swearing that he wasn’t using ‘monitoring systems’ and threatened him with a document that made it look like there was a lawsuit against him, though the complaint wasn’t filed in any court. These are the tactics of patent trolls who hope to intimidate and bully innocent people and businesses into paying them money to avoid the high costs of a lawsuit.”
Shipping & Transit used to be known as ArrivalStar, a notorious patent troll that sued towns and cities claiming that notifying citizens when a bus was due to arrive infringed its patents.
“Filing complaints in bad faith, asserting infringement of unenforceable patents, falsely accusing people of infringing, and abusing the court system to wrangle settlements out of people violate Maryland law,” said Ranieri. “We are asking the court to hold Shipping & Transit accountable for its improper tactics, and also rule that the patents aren’t valid and were not infringed. Shipping & Transit’s baseless patent infringement claims and shady tactics must be stopped.”
For the complaint:
Broadband Providers Have Unique Ability to Spy on Customers
San Francisco - The Electronic Frontier Foundation (EFF) urged the Federal Communications Commission (FCC) today to update privacy rules to prevent broadband Internet access service providers from recording and sharing their customers’ every move online.
EFF’s comments are part of the FCC’s rulemaking on consumer privacy and telecommunications services. As broadband providers are uniquely positioned to track every communication and activity—often in real time—the FCC is proposing to update current telecom policy to protect the privacy and security of consumers.
As part of this update, EFF calls on the FCC to enact rules that clearly protect customers’ confidentiality, curtailing data collection to only what is needed to provide Internet access. The current FCC plan includes a tiered consent system, allowing for “implied approval” for sharing personal information, as well as some “opt-in” and “opt-out” sharing. But “implied approval” amounts to treating “no approval” as “approval.” That opens the door to scores of other companies getting information about your online activities without your consent.
“Many decisions about what to do with personal data are done behind customers’ backs, exposing their information to marketers and data brokers without any transparency in the process,” said EFF Staff Technologist Jeremy Gillula. “To protect privacy, you have to have true consent, along with clear data sharing policies and retention and deletion practices. We are asking the FCC to make sure that customers have real control, instead of just an illusion of it.”
Furthermore, EFF advised the FCC to prohibit broadband companies from offering financial inducements in exchange for consent to collect and share personal information.
“Privacy isn’t just for people who can afford it,” said EFF Legislative Counsel Ernesto Falcon. “Customers often don’t understand the implications of giving up personal information—and telecoms aren’t eager to explain the situation clearly—and that’s simply unfair.”
For the full comments to the FCC:
User Advocates, Tech Companies, and Studios Debate Impact of Copyright Law on the ‘Internet of Things’
San Francisco—On Tuesday and Wednesday, May 24-25, Electronic Frontier Foundation (EFF) Staff Attorney Kit Walsh and Senior Staff Attorney Mitch Stoltz will participate in public roundtable discussions about the impact of U.S. copyright law on freedoms to investigate and improve the software embedded in everyday products, devices, and appliances.
The discussions, being held at University of California Hastings College of the Law in San Francisco, are hosted by the U.S. Copyright Office, which is studying copyright issues related to the “Internet of Things” and the consequences of Section 1201 of the Digital Millennium Copyright Act (). Section 1201, while intended to prevent infringement of copyrighted media, has also blocked people from accessing software that controls everything from their mobile phones and video games to cars and insulin pumps.
Section 1201 was enacted to combat copyright infringement of digital works by making it unlawful to circumvent access controls on those works, such as the encryption on a DVD. Because of the broad definition of a copyrighted work, however, Section 1201 gives legal teeth to manufacturers who want to lock product owners out of the ability to tinker with, repair, or modify their own software-enabled devices. The restrictions have also prevented independent researchers from evaluating the software in cars and other devices for impacts on security, safety, privacy, and even the environment.
At the roundtable discussions, Walsh will speak about how overly-broad copyright restrictions on everyday products combine with one-sided end user license agreements to frustrate user freedom, research, and innovation. Stoltz will speak about Section 1201's overreaching restriction on circumventing technologies that control devices and products, and the burdensome, every-three-year procedure to get exemptions from Section 1201.
U.S. Copyright Office Roundtables for Software-Enabled Computer Products and Section 1201 Studies
EFF Staff Attorney Kit Walsh
EFF Senor Staff Attorney Mitch Stoltz
Tuesday, May 24, 9 am to 2:45 pm
Wednesday, May 25, 9 am to 4:15 pm
UC Hastings College of the Law
Alumni Reception Center
200 McAllister St.
San Francisco, CA 94102
Wikileaks Prosecution Included Unfair Charge Under CFAA
Fort Belvoir, Virginia—The Electronic Frontier Foundation (EFF) asked a U.S. Army Court of Criminal Appeals Wednesday to overturn Chelsea Manning’s conviction for violating the Computer Fraud and Abuse Act (CFAA), arguing that the law is intended to punish people for breaking into computers systems—something Manning didn’t do.
Manning is serving a 35-year sentence for her role in the release of approximately 700,000 military and diplomatic records to Wikileaks. She was convicted of 19 counts in all, including one under the CFAA. Her CFAA conviction stems from using unauthorized software to access a State Department database, which was prohibited by the database’s acceptable use policy.
The CFAA makes it illegal to intentionally access a computer connected to the Internet without authorization, but it doesn’t specify what “without authorization” means. Although the CFAA is aimed at computer break-ins, data theft, and destruction of computer systems, overzealous prosecutors have taken advantage of the law’s vague language to bring criminal charges that go beyond Congress’s anti-“hacking” purpose.
"Congress intended to criminalize the act of accessing a computer that you aren’t authorized to access, such as breaking into a corporate computer to steal user data or trade secrets or to spread viruses. The law should not be used to turn a violation of an employer’s computer use restrictions into a federal crime. That’s what happened here," said EFF Legal Fellow Jamie Williams.
In an amicus brief filed Wednesday, EFF told the U.S. Army Court of Criminal Appeals that violating a written policy, which restricted Manning from using unauthorized software to access a State Department database, is not a crime under the CFAA. Because most employers impose one-sided computer use policies on their employees, such an interpretation would potentially turn millions of Americans into criminals on the basis of innocuous activities, like browsing Facebook or viewing online sports scores at work in violation of company policy.
"Three federal circuit courts have recognized that violating computer use policies isn’t a crime under the CFAA, and we’re urging the Army court to follow suit,” said EFF Staff Attorney Andrew Crocker. “We have also urged Congress to adopt Aaron’s Law, named after late programmer and activist Aaron Swartz, who faced CFAA charges. The law which would ensure that people won't face criminal liability for violating terms of service agreements or other solely contractual agreements.”
The Center for Democracy & Technology and the National Association of Criminal Defense Lawyers joined EFF in filing the brief.
For our amicus brief:
Correction: an earlier version of this press release misstated the number of documents leaked. It's approximately 700,000 records.