Tell the FCC why Net Neutrality is important to you.Take Action Now!
O dia 10 de julho marca um ano desde que a EFF e uma coalizão de centenas de especialistas e ativistas de direitos humanos deram os últimos retoques nos Princípios Necessários e Proporcionais.
Esses 13 Princípios explicam como a legislação internacional de direitos humanos deve ser aplicada à vigilância governamental. Desde então, os Princípios vêm recebendo forte apoio em todo o planeta, alimentado em parte pela indignação popular com a espionagem realizada pela NSA1, GCHQ2 e outras agências de inteligência mencionadas nos documentos revelados pelo denunciante Edward Snowden. Ativistas locais e nacionais do México à Coreia do Sul, passando pelo Canadá e pelo Brasil, vêm usando os Princípios como forma de pressão para obter proteções mais sólidas contra a vigilância digital governamental. Já os vimos usados em litígios, legislação, trabalhos administrativos, campanhas de sensibilização e em diversas outras ocasiões, além de terem sido debatidos na elaboração de políticas públicas tanto no âmbito regional quanto internacional.
Hoje estamos publicando uma versão atualizada dos Princípios Necessários e Proporcionais, incorporando o excelente retorno que recebemos durante o ano que passou. A intenção primordial das mudanças era elucidar a linguagem para captar melhor a intenção original e, em alguns pontos, simplificar tanto a linguagem quanto a estrutura, removendo possíveis ambiguidades, melhorando a gramática e diminuindo a redundância. Também fizemos uma mudança significativa na seção “Notificação ao Usuário”.
O núcleo do grupo para o projeto de elaboração consistiu das organizações Electronic Frontier Foundation, Privacy International, Access, Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic e Center for Internet and Society-India, além da consultoria da Article 19, Open Net Korea, the Association for Progressive Communications e outras organizações ao redor do mundo.
Abaixo resumimos as alterações que merecem atenção:
Primeiro parágrafo e ao longo do texto: Acrescentamos “atividades, poderes ou autoridades” a “leis e regulamentos” para nos certificar de que estejam incluídos todos os atos praticados pelos governos. Isto não deve deixar nenhuma dúvida de que os Princípios abrangem atividades como a vigilância da NSA realizadas sob o Decreto-Lei 12333 dos Estados Unidos.
Primeiro parágrafo: Acrescentamos a palavra “esclarecer” para descrever a intenção dos Princípios de reiterar que estes não reivindicam mudança nas normas e na legislação internacional de direitos humanos. Pelo contrário, argumentamos em favor de sua aplicação adequada no contexto digital. A palavra “esclarecer” é uma construção comum para denotar que nenhuma lei nova está sendo colocada em questão. Também acrescentamos a formulação “padrões e leis de direitos humanos” por uma questão de correção gramatical e sintaxe.
Preâmbulo e ao longo do texto: Acrescentamos “vários outros direitos humanos” aqui e ao longo do texto para deixar claro que não se trata somente do direito à privacidade, mas também de liberdades fundamentais, tais como as liberdades de associação e de expressão. Essa expressão também sinaliza que os Princípios não tratam da totalidade dos direitos humanos, uma vez que o direito à vida, por exemplo, não tem relação com eles.
Âmbito de aplicação: Acrescentamos essa subseção para maior clareza e adicionamos a seguinte frase explicativa: “Os Princípios e o Preâmbulo são holísticos e auto-referenciais — cada princípio e o preâmbulo devem ser lidos e interpretados como parte de um quadro mais amplo e, lidos em conjunto, cumprem um objetivo singular: assegurar que as leis, políticas e práticas relacionadas à Vigilância das Comunicações sigam os padrões e leis internacionais de direitos humanos, além de protegerem adequadamente direitos humanos individuais tais como privacidade e liberdade de expressão”.
Âmbito de aplicação: Sentimos que era importante salientar que a inteligência e a segurança nacionais estão incluídas no âmbito dos Princípios, bem como todas as outras funções governamentais — inclusive “o cumprimento da lei, a proteção da segurança nacional, o recolhimento de dados de inteligência ou alguma função governamental”.
Âmbito de aplicação: Procuramos esclarecer o papel das entidades do setor privado. “As empresas têm a responsabilidade de respeitar a privacidade de um indivíduo e outros direitos humanos, particularmente tendo em conta o papel chave que desempenham no planejamento, desenvolvimento e difusão de tecnologias; na habilitação e oferecimento de serviços de comunicação; e na facilitação de determinadas atividades de vigilância estatal”.
Definição de informações protegidas: Trouxemos a definição da parte inferior do parágrafo para o topo, mas não alteramos o conteúdo.
Primeiro parágrafo do preâmbulo: Para deixar as coisas mais claras, acrescentamos que a vigilância das comunicações “interfere” no direito à privacidade “dentre uma série de outros direitos humanos”. Como resultado, pode ser justificada “apenas” quando determinada pela lei, necessária para atingir um fim legítimo e proporcional ao fim almejado.
Quinto parágrafo das definições: Acrescentamos “bem como as técnicas invasivas usadas para realizar a Vigilância das Comunicações” com o intuito de esclarecer que técnicas como a instalação de malware podem ser a base para determinar que uma informação é protegida tanto quanto a abrangência ou a natureza sistêmica da vigilância.
Proporcionalidade: Entendemos que esta pode ser percebida como uma grande mudança, mas esperamos que, no final das contas, não seja tão substancial. Devido à confusão sobre o papel dos dois testes contidos nos princípios originais, tentamos elaborar um único teste que abrangesse os dois anteriores, permitindo que ambos os crimes e as “ameaças específicas a um Fim Legítimo” servissem como base para a vigilância. Isso também auxilia que o teste esteja conectado ao Princípio do Fim Legítimo.
Autoridade Judicial Competente: Esclarecemos que deve haver uma autoridade judicial “independente”.
Notificação do Usuário: Esta foi outra grande mudança em resposta ao retorno que tivemos. Novamente, tentarmos esclarecer e simplificar este ponto e vincular qualquer atraso na notificação à possibilidade de que o propósito da vigilância torne-se inepto ou a um perigo iminente para a vida humana. Eliminamos a cláusula que exigia que se emitisse a notificação no final do processo de vigilância, mas também especificamos que essa determinação deve ser feita pela Autoridade Judicial Competente, e que a notificação deve acontecer após a cessação do risco e que a decisão deve ser, também ela, tomada por uma autoridade judicial.
Transparência: Acrescentamos alguns esclarecimentos para exigir números “específicos”, não apenas agregados. As informações agregadas não são suficientemente úteis para permitir ao público compreender como os poderes de vigilância estão sendo utilizados.
Escrutínio Público: Especificamos que os mecanismos de fiscalização devem possuir a autoridade para determinar publicamente a legalidade da vigilância das comunicações, incluindo o alcance da conformidade com estes princípios. Sem a capacidade para determinar se a prática de vigilância supervisionada é realmente legal, o escrutínio pode se tornar irrelevante ou ser visto como mera burocracia.
Salvaguardas Contra o Acesso Ilegítimo e Direito a Medidas Eficazes: Acrescentamos o “Direito a Medidas Eficazes” na seção de medidas com a finalidade de alertar para o direito no próprio título.
Breve histórico: Finalmente, acrescentamos um breve histórico do desenvolvimento dos 13 Princípios ao final do texto para explicar a história da iniciativa e da consulta final, que foi realizada para verificar e esclarecer problemas textuais e atualizar os Princípios de forma apropriada. O efeito e a intenção dos Princípios não foram alterados por essas mudanças.
1Agência de Segurança Nacional dos Estados Unidos.
2Serviço de inteligência britânico.Related Issues: InternationalState Surveillance & Human Rights
Share this: || Join EFF
More than 100,000 people will descend on San Diego Comic-Con this week, including yours truly representing the Electronic Frontier Foundation. If you’re one of the the lucky badge-holders with an interest in protecting Internet freedom, I’d love to chat with you and give you a sticker (while supplies last, obviously). Our friends at Alaska Robotics and musician Marian Call have generously offered us a spot at their table. You can find me there (#1134 in the main exhibition hall) from 2 - 3 pm on Friday, Saturday and Sunday.
But EFF isn’t the only opportunity at SDCC to ponder issues of surveillance, tech policy, free speech, and intellectual property. We’ve compiled this schedule of panels worth checking out this check out this year.
Are you a creator with a project, panel, or table at SDCC that ties into issues EFF covers? Send details to email@example.com and we’ll add them in our next update.
When the trailer for a new TV show starts off with a 12-year-old being arrested for hacking NASA, you know EFF is interested in hearing more. CBS’s new series, Scorpion, is loosely based on hacker Walter O’Brien, and follows his team of technologists as they seek to counteract global crises.
Thursday, July 24, 2014 12:05 pm - 1:10 pm - Ballroom 20
This new documentary tracks the demise of the Atari Corporation, including an investigation into the hundreds of thousands of copies of the E.T. video game buried in the New Mexico desert. Admittedly, there’s no real connection to EFF’s core issues here, except in the sense that a lot of us grew up on the Atari and miss it badly.
Friday, July 25, 2014 3:30 pm - 4:30 pm - Room 5AB
This panel examines how media technology has exploded over the last 18 months, from apps to social media, and how this has elevated fan fiction, “gift culture,” and transformative works. The discussion is moderated by Heidi Tandy of FYeahCopyright.com, which is described as “the Snopes of copyright & trademark law (for fangirls, fanboys, creators & hipsters).”
Friday, July 25, 2014 7:30 pm - 8:30 pm - Room 26AB
Lawyers attending Comic-Con can pick up continuing legal education credits by attending the panels in the Comic Book Law School series, which are led by Michael Lovitz, author of The Trademark and Copyright Book comic book. In this panel, a group of attorneys will discuss the impact of several cases that EFF has been tracking closely, including Tarantino v Gawker, the battle over whether Sherlock Holmes is in the public domain, and an appellate court’s decision to force YouTube to remove “The Innocence of Muslims.”
Saturday, July 26, 2014 10:30 am - 12 pm - Room 30CDE
NASA’s Advanced Exploration Systems Director Jason Crusan, Intel Resident Futurist Brian David Johnson, and Rethink Robotics Senior Engineer Jennifer Barry will share their visions of the near-future of robotics and how that compares to the alternately loyal and menacing depictions of robots in pop culture.
Saturday, July 26, 2014 11 am - 12 pm - Room 7AB
EFF are big fans of the Organization for Transformative Works, who we’ve partnered with on amicus briefs and submitting requests to the Library of Congress. The group, which champions the rights of fan creators and protects them from wrongheaded intellectual-property attacks, is partnering up with DeviantArt for this panel, in which they promise to “bring out their lawyers to explain how you can go to sleep at night, dream the dream of fans, and never have to hide under the bed.”
Saturday, July 26, 2014 3:30 pm - 4:30 pm - Room 2
At last year’s Comic-Con, the creators of the CBS show rolled out an extended preview of the series that relied heavily on the fallout from the Snowden files. This time around, Executive Producer Greg Plageman and cast members will take questions on the fourth season of the science fiction (although scarily close to reality) series that examines the ethical and privacy issues surrounding big data, mass surveillance, artificial intelligence, and predictive technology.
Saturday, July 26, 2014 6:15 pm - 7:00 pm - Room 6BCF
Within SDCC there is an academic sub-event called the Comics Arts Conference. In this session, panelists will discuss how the comics reflect contemporary global debates, including how comics of the 1940s and 1950s foreshadowed the current debate over drones.
Sunday, July 27, 2014 10:30 am - 12 pm - Room 26AB
Comic Book League Defense Fund Panels
For decades upon decades, comic books artists and writers have pushed the boundaries of speech and authorities have sought to censor them. One of the most notorious chapters of history is the Comics Code, when the industry—faced with calls for regulation from Congress—decided to censor itself. This year, the free speech heroes at the Comic Book Legal Defense Fund are taking a look at the history of the Comics Code, including the controversial work of Fredric Wertham, who claimed that violent media and comics damaged childhood development. They will also host their annual Banned Comics! panel and a “live art jam” where artists are challenged to create art on the spot that violates the defunct Comics Code.
The History of the Comics Code Thursday, July 24, 2014 1 pm - 2 pm - Room 30CDE
Dr. Wertham's War on Comics Friday, July 25, 2014 1 pm - 2 pm - Room 30CDE
Tales from the Code-True Stories of Censorship Saturday, July 26, 2014 12:00 pm - 1:00 pm - Room 30CDE
Banned Comics! Saturday, July 26, 2014 1 pm - 2 pm - Room 30CDE
You Can't Draw That! Live Art Jam Sunday, July 27, 2014 12:15 pm - 1:45 pm - Room 5AB
Share this: || Join EFF
El 10 de Julio marca un año desde que EFF y una coalición de cientos de expertos y activistas de DDHH pusieron los toques finales a los Principios Necesario y Proporcional.
Estos 13 Principios articulan cómo la ley internacional de los derechos humanos se debe aplicar a la vigilancia gubernamental. Los Principios han recibido desde entonces firme apoyo en todo el mundo, impulsados parcialmente por la indignación popular ante el espionaje de la NSA, el GCHQ y otras agencias de inteligencia remarcada en los documentos filtrados por el denunciante Edward Snowden. Activistas locales y nacionales de México a Corea del Sur y de Canadá a Brasil han utilizado los Principios para presionar por protecciones más fuertes contra la vigilancia digital gubernamental. Los hemos visto utilizarse en litigio, legislación, trabajo administrativo, campañas de promoción y más, y debatidas en ambos lugares de política regional e internacional.
Hoy en día, estamos publicando una versión actualizada de los Principios Necesario y Proporcional, incorporando la excelente retroalimentación que hemos recibido en el último año. La intención primordial de los cambios era clarificar el lenguaje para captar mejor la intención original y, en algunos lugares, simplificar el lenguaje y la estructura, eliminar posibles ambigüedades, limpiar la gramática, y reducir la redundancia. También hemos hecho una modificación de fondo en la sección "Notificación".
El grupo central de redacción del proyecto consistió en la Electronic Frontier Foundation, Privacy International, Access, Samuelson-Glushko Canadian Internet Policy y la Clínica de Interés Público, y el Centro para Internet y Sociedad de la India, en consulta con Artícle 19, Open Net Corea, la Asociación para el Progreso de las Comunicaciones y otras organizaciones de todo el mundo.
A continuación resumimos los cambios que merecen atención:
Primer párrafo y en todo: Hemos añadido las "actividades, poderes o autoridades" a "leyes y reglamentos" para estar seguros de capturar todos los actos ejecutados por los gobiernos. Esto debería dejar ninguna duda de que los Principios alcanzan actividades como la vigilancia de la NSA realizado bajo la Orden Ejecutiva 12333
Primer párrafo: Hemos añadido la frase "clarificar" para describir la intención de los Principios de reforzar que estos mismos principios no están abogando por un cambio en el derecho y las normas internacionales de derechos humanos.
Nuestra postura, en lugar, va por su adecuada aplicación habida cuenta del contexto digital. La palabra "clarificar" es una construcción de uso común para indicar que ninguna nueva ley está siendo contemplada. También agregamos la expresión "derecho y las normas de derechos humanos" para dar cuenta de la gramática y la sintaxis correcta.
Preámbulo y en todo: Hemos añadido "y una serie de otros derechos humanos" aquí y de manera similar en otros lugares para tener claro que esto no es solamente sobre el derecho a la privacidad, sino también acerca de las libertades fundamentales como la libertad de asociación y de expresión. También esta frase indica que los principios no son acerca de todos los derechos humanos: ya que, por ejemplo, el derecho a la vida no se refiere a los Principios.
Ámbito de aplicación: Hemos añadido esta subsección para una mayor claridad y añadimos esta frase para explicar: "Los Principios y el Preámbulo son holísticos y autorreferenciales - cada principio y el preámbulo debe ser leída e interpretada como una parte de un marco más amplio que, tomados juntos, lograrán un objetivo singular: asegurar que las políticas y prácticas relacionadas con la vigilancia de las comunicaciones se adhieran a las obligaciones internacionales de derechos humanos y la adecuada protección de los derechos humanos individuales como la privacidad y la libertad de expresión ".
Ámbito de aplicación: Hemos tratado de aclarar el papel de las entidades del sector privacidad. "Las empresas privadas tienen la responsabilidad de respetar la privacidad individual y otros derechos humanos, en particular dado el papel fundamental que desempeñan en el diseño, desarrollo y difusión de tecnologías.; permitir y proporcionar comunicaciones; y en la facilitación de determinadas actividades de vigilancia del Estado".
Definición de información Protegida: movimos la definición de la parte inferior del párrafo a la parte superior, pero no cambió el contenido.
Primer párrafo del preámbulo: Para mayor claridad añadimos que la vigilancia de las comunicaciones "interfiere" con el derecho a la intimidad "entre una serie de otros derechos humanos" Como resultado de ello, "sólo puede" justificarse cuando es prescrita por la ley, es necesaria para lograr una finalidad legítima y proporcionada al objetivo perseguido.
Quinto párrafo de definiciones: Hemos añadido "o técnicas invasivas utilizadas para lograr la vigilancia las Comunicaciones" para aclarar que las técnicas, como la instalación de malware, pueden ser la base para determinar que algo es información protegida tanto como la capacidad de penetración o la naturaleza sistémica de la supervisión.
Proporcionalidad: Entendemos que esto puede ser percibido como un gran cambio, pero esperamos que no sea muy sustancial en el final. Debido a la confusión sobre el papel de las dos pruebas que los principios originales contenían, intentamos hacer una única prueba encarnando las dos previstas anteriormente, lo que permite tomar tanto a los delitos y las "amenazas específicas a un objetivo legítimo" como base para la vigilancia. Esto, enlaza de nuevo, provechosamente, la prueba al Principio del objetivo legítimo.
Autoridad Judicial Competente: Aclaramos que tiene que ser una autoridad judicial "independiente".
Notificación del usuario: Este es el otro cambio importante como respuesta a la retroalimentación. Una vez más, hemos intentado clarificar y simplificar esto y vincular cualquier retraso en la notificación al riesgo de que la finalidad de la vigilancia se pondría en peligro o si existe un peligro inminente para la vida humana. Hicimos eliminar la disposición que requiere un aviso al final de la vigilancia, pero también especificamos que dichas determinaciones deben ser realizados por autoridad judicial competente y que la notificación ha de suceder después de que haya pasado el peligro y que la decisión tiene que ser hecha por una autoridad judicial .
Transparencia: Hemos añadido un par de aclaraciones para exigir números "específicos", y no simplemente agregados. Los agregados no son lo suficientemente útiles para que el público entienda cómo se utilizan las autoridades de vigilancia.
Supervisión Pública: Podemos especificar que los mecanismos de supervisión deben tener la autoridad para tomar determinaciones públicas sobre la legalidad de la vigilancia de comunicación, incluyendo la medida en que se ajusten a estos Principios. Sin ser capaz de determinar si la práctica de vigilancia supervisada es en realidad legal, la supervisión puede llegar a ser irrelevante o ser vista como un saludo a la bandera.
Salvaguardias contra acceso Ilegítimo y derecho a un recurso eficaz: Se añade el "Derecho a un recurso eficaz" en la sección de recursos, para desencadenar el derecho en el propio título.
Breve historia: Por último, se añadió una breve historia de la evolución de los 13 Principios al final del texto para explicar la historia de la iniciativa y la consulta final, que se realizó para determinar y aclarar problemas textuales y actualización de los Principios en consecuencia. El efecto y la intención de los Principios no han sido alterados por estos cambios.Related Issues: InternationalState Surveillance & Human Rights
Share this: || Join EFF
July 10 marks one year since EFF and a coalition of hundreds of experts and human rights activists put the finishing touches on the Necessary and Proportionate Principles.
These 13 Principles articulate how international human rights law should be applied to government surveillance. The Principles have since received strong support across the globe, fueled in part by the popular outrage over spying by the NSA, GCHQ and other intelligence agencies highlighted in documents leaked by whistleblower Edward Snowden. National and local activists from Mexico to South Korea to Canada to Brazil have used the Principles to push for stronger protections against governmental digital surveillance. We’ve seen them used in litigation, legislation, administrative work, advocacy campaigns and more, and debated in both regional and international policy venues.
Today, we are publishing an updated version of the Necessary and Proportionate Principles, incorporating the terrific feedback we have received over the past year. The overriding intention of the changes was to clarify the language to better capture the original intent and, in some places, simplify the language and the structure, remove possible ambiguities, clean up grammar, and reduce redundancy. We have also made one substantive change to the "Notification" section.
The core drafting group for the project consisted of the Electronic Frontier Foundation, Privacy International, Access, Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic, and the Center for Internet and Society-India, in consultation with Article 19, Open Net Korea, the Association for Progressive Communications and other organizations around the world.
Below we summarize the changes that merit attention:
First paragraph and throughout: We added “activities, powers, or authorities” to "laws and regulations" to be sure to capture all acts done by governments. This should leave no doubt that the Principles reach activities such as NSA surveillance conducted under Executive Order 12333
First paragraph: We added the phrase "clarify” to describe the Principles' intent to reinforce that these principles are not advocating for a change in international human rights law and standards. We argue instead for their proper application given the digital context. The word “clarify” is a common construction to denote that no new law is being contemplated. We also added the formulation “human rights law and standards” to account for proper grammar and syntax.
Preamble and throughout: We added "and a number of other human rights" here and similarly elsewhere to be clear that this is not only about the right to privacy but also about fundamental freedoms such as the freedoms of association and expression. Also this phrase signals that the Principles are not about all human rights: since, for example, the right to life doesn’t relate to the Principles.
Scope of application: We added this subsection for clarity and added this sentence to explain: "The Principles and the Preamble are holistic and self-referential – each principle and the preamble should be read and interpreted as one part of a larger framework that, taken together, accomplish a singular goal: ensuring that policies and practices related to Communications Surveillance adhere to international human rights obligations and adequately protect individual human rights such as privacy and freedom of expression."
Scope of application: We felt it was important to point out that national security and intelligence fall within the ambit of the Principles, as well as all other governmental functions: "...including, enforcing law, protecting national security, gathering intelligence, or another governmental function."
Scope of application: We sought to clarify the role of privacy sector entities. “Business enterprises bear responsibility for respecting individual privacy and other human rights, particularly given the key role they play in designing, developing, and disseminating technologies; enabling and providing communications; and in facilitating certain State surveillance activities.”
Protected information definition: We moved the definition from the bottom of the paragraph to the top but did not change the content.
First paragraph of preamble: For clarity we added that communications surveillance “interferes” with the right to privacy “among a number of other human rights.” As a result, it “may only” be justified when it is prescribed by law, necessary to achieve a legitimate aim, and proportionate to the aim pursued.
Fifth paragraph of definitions: We added "or invasive techniques used to accomplish Communications Surveillance" to clarify that techniques, like installation of malware, can be the basis for determining that something is protected information as much as the pervasiveness or systemic nature of the monitoring.
Proportionality: We understand that this might be perceived as a big change, but hopefully not very substantive in the end. Because of confusion about the role of the two tests that the original principles contained, we tried to make one test embody both of the tests provided before, allowing for both crimes and "specific threats to a Legitimate Aim" as a basis for surveillance. This also helpfully ties the test back to the Principle of Legitimate Aim.
Competent Judicial Authority: We clarified that it has to be an "independent" judicial authority.
User Notification: This is the other big change in response to feedback. Again, we attempted to clarify and simplify this and to tie any delay in notice to whether or not the purpose for the surveillance would be jeopardized or if there is an imminent danger to human life. We did eliminate the provision that required notice at the end of the surveillance, but we also specified that these determinations must be made by Competent Judicial Authority and that notice must happen after the risk has passed and that the decision has to be made by a judicial authority as well.
Transparency: We added a couple of clarifications to require "specific" numbers, not just aggregates. Aggregates are not sufficiently helpful to allow the public to understand how surveillance authorities are being used.
Public Oversight: We specify that oversight mechanisms should have the authority to make public determinations as to the lawfulness of its communication surveillance, including the extent to which they comply with these Principles. Without being able to determine whether the overseen surveillance practice are actually lawful, oversight may become irrelevant or be seen as a rubber stamp.
Safeguards Against Illegitimate Access and Right to Effective Remedy: We added the “Right to Effective Remedy” In the remedies section, to trigger the right in the title itself.
Brief history: Finally, we added a short history of the development of the 13 Principles at the end of the text to explain the history of the initiative and the final consultation, which was conducted to ascertain and clarify textual problems and update the Principles accordingly. The effect and the intention of the Principles has not been altered by these changes.Related Issues: InternationalState Surveillance & Human Rights
Share this: || Join EFF
San Francisco - The Electronic Frontier Foundation (EFF) has released a beta version of Privacy Badger, a browser extension for Firefox and Chrome that detects and blocks online advertising and other embedded content that tracks you without your permission.
Privacy Badger was launched in an alpha version less than three months ago, and already more than 150,000 users have installed the extension. Today's beta release includes a feature that automatically limits the tracking function of social media widgets, like the Facebook "Like" button, replacing them with a stand-in version that allows you to "like" something but prevents the social media tool from tracking your reading habits.
"Widgets that say 'Like this page on Facebook' or 'Tweet this' often allow those companies to see what webpages you are visiting, even if you never click the widget's button," said EFF Technology Projects Director Peter Eckersley. "The Privacy Badger alpha would detect that, and block those widgets outright. But now Privacy Badger's beta version has gotten smarter: it can block the tracking while still giving you the option to see and click on those buttons if you so choose."
EFF created Privacy Badger to fight intrusive and objectionable practices in the online advertising industry. Merely visiting a website with certain kinds of embedded images, scripts, or advertising can open the door to a third-party tracker, which can then collect a record of the page you are visiting and merge that with a database of what you did beforehand and afterward. If Privacy Badger spots a tracker following you without your permission, it will either block all content from that tracker or screen out the tracking cookies.
Privacy Badger is one way that Internet users can fight the decision that many companies have made to ignore Do Not Track requests, the universal Web tracking opt-out you can enable in your browser. Privacy Badger enforces users' preferences whether these companies respect your Do Not Track choice or not. Advertisers and other third-party domains that are blocked in Privacy Badger can unblock themselves by making a formal commitment to respect their users' Do Not Track requests.
"Users who install Privacy Badger aren't just getting more privacy and a better browsing experience for themselves—they are providing incentives for improved privacy practices and respect for Do Not Track choices across the Internet," said Eckersely. "Using Privacy Badger helps to make the Web as a whole better for everyone."
EFF wishes to thank Professor Franziska Roesner at the University of Washington for exceptional work in enhancing Privacy Badger's widget-handling algorithms.
To install the beta version of Privacy Badger:
Technology Projects Director
Electronic Frontier Foundation
Share this: || Join EFF
EFF is releasing an experimental hacker alpha release of wireless router software specifically designed to support secure, shareable Open Wireless networks. We will be officially launching the Open Wireless Router today at the HOPE X (Hackers on Planet Earth) conference in New York City, aiming to bring aboard members of the hacker community. This release is a work in progress and is intended only for developers and people willing to deal with the bleeding edge.
The software aims to do several things that existing routers don't do well—or don't do at all. We are beginning a journey that we hope will attract supporters and fellow travelers to help reach the following goals:1
- Allow small business and home users to easily enable an open network, so guests and passersby can get an Internet connection if they need one, while keeping a password-locked WPA2 network for themselves and their friends or coworkers.
- Let you share a bounded portion of your bandwidth on the open network, so guest users cannot slow down your Internet connection or use a large portion of your monthly quota.2
- Provide state-of-the-art network queuing, so most users can expect an improved Internet experience—especially with latency-sensitive applications—compared to what commonly available consumer grade routers are delivering today.
- Offer a minimalist, secure, and elegant Web user interface to set up and configure the router. Advanced, non-minimalist administrative options are accessible by SSH.
- Advance the state of the art in consumer Wi-Fi router security and begin turning back the growing tide of attacks against them. Most or all existing router software is full of XSS and CSRF vulnerabilities, and we want to change that.
- Include a secure software auto-update mechanism. In addition to using HTTPS, firmware signatures and metadata are fetched via Tor to make targeted update attacks very difficult.
We are offering this hacker alpha release to engage enthusiastic technical users who would like to help us test, develop, improve, and harden the Open Wireless Router. Currently the software runs on one specific model of hardware (the Netgear WNDR3800) and is based on the CeroWRT project. If you have a WNDR3800 router, you can get the developer preview image here and learn how to flash it here. If you'd like to hack on the code base, you can find code and instructions on building it at Github.
This Open Wireless Router prototype is made possible by the generous contribution of project resources and developers from ThoughtWorks, which came about through their exemplary social impact program. We are also very grateful for assistance from Dave Täht of CeroWRT and the Wi-Fi router hackers at Independent Security Evaluators (ISE).
- 1. For further details, questions, and offers of assistance, please start with the FAQ and Github pages. If that does not suffice or for press inquiries please contact Ranga Krishnan
- 2. The prototype implementation includes a defined ceiling for instantaneous guest throughput as well as a long-term quota. In the future, we will implement a dynamic ceiling so that while you aren't using your network, guests can temporarily borrow it at full speed if enough quota remains available.
Share this: || Join EFF
Former State Department Executive Calls Executive Order 12333 a “Legal Loophole” for Spying on Americans
“What kind of data is the NSA collecting on millions, or hundreds of millions, of Americans?"
That’s the question John Napier Tye, a former State Department section chief for Internet freedom, calls on the government to answer in his powerful op-ed published today by the Washington Post. In it, Tye calls the NSA's surveillance operations abroad, conducted under Executive Order 12333, a threat to American democracy, stating that this power “authorizes collection of the content of communications, not just metadata, even for U.S. persons.”
Executive Order 12333, signed by President Ronald Reagan on December 4, 1981, established rough guidelines for intelligence community activities taken abroad, including the collection of signals intelligence for surveillance purposes.
Although we've previously sounded the alarm about government surveillance under E.O. 12333, it received increased public attention in October 2013, when a classified slide provided to the Washington Post by former NSA contractor Edward Snowden diagramed how the NSA tapped the main communication links of Yahoo and Google data centers around the world. The Washington Post pointed to the authority granted to the NSA under Executive Order 12333, quoting former NSA chief analyst John Schindler who said, “Look, NSA has platoons of lawyers, and their entire job is figuring out how to stay within the law and maximize collection by exploiting every loophole. It’s fair to say the rules are less restrictive under Executive Order 12333 than they are under FISA [the Foreign Intelligence Surveillance Act]."
Tye bolstered this view in his op-ed, noting that the chairman of the Senate Select Committee on Intelligence herself did not believe that Congressional oversight of 12333 authorities was sufficient. Tye points out that the current architecture of many Internet services results in digital communications traveling or being stored beyond US borders – and that this data can then be collected by the NSA without court approval or a report to Congress.
Tye questions the constitutionality of this level of data collection, stating: “I don’t believe that there is any valid interpretation of the Fourth Amendment that could permit the government to collect and store a large portion of U.S. citizens’ online communications, without any court or congressional oversight, and without any suspicion of wrongdoing.”
Tye also notes that data collection under E.O. 12333 was of deep concern to the president’s Review Group on Intelligence and Communication Technologies, which addressed the matter as part of Recommendation 12 in its report:
Recommendation 12 urges that all data of U.S. persons incidentally collected under such authorities be immediately purged unless it has foreign intelligence value or is necessary to prevent serious harm. The review group further recommended that a U.S. person’s incidentally collected data never be used in criminal proceedings against that person, and that the government refrain from searching communications by U.S. persons unless it obtains a warrant or unless such searching is necessary to prevent serious harm.
The White House understood that Recommendation 12 was intended to apply to 12333. That understanding was conveyed to me verbally by several White House staffers, and was confirmed in an unclassified White House document that I saw during my federal employment and that is now in the possession of several congressional committees.
In that document, the White House stated that adoption of Recommendation 12 would require “significant changes” to current practice under Executive Order 12333 and indicated that it had no plans to make such changes.
All of this calls into question some recent administration statements. Gen. Keith Alexander, a former NSA director, has said publicly that for years the NSA maintained a U.S. person e-mail metadata program similar to the Section 215 telephone metadata program. And he has maintained that the e-mail program was terminated in 2011 because “we thought we could better protect civil liberties and privacy by doing away with it.” Note, however, that Alexander never said that the NSA stopped collecting such data — merely that the agency was no longer using the Patriot Act to do so. I suggest that Americans should dig deeper. (emphasis added)
The op-ed concludes with the same question Senator Ron Wyden asked Director of National Intelligence James Clapper years ago, and that we've been asking for years: what kind of data is the NSA collecting on millions, or hundreds of millions, of Americans?
It’s time for the NSA and the Obama Administration to give the American public an honest answer.
Read the entire article here.
Related Cases: Jewel v. NSAFirst Unitarian Church of Los Angeles v. NSAEFF v. NSA, ODNI - Vulnerabilities FOIA
Share this: || Join EFF
EFF has filed the final brief in its dispute with the government over evidence preservation in Jewel v. NSA, one of our ongoing lawsuits against mass surveillance. As the brief explains, the government has admitted to destroying years of evidence of its mass spying, and this destruction continues today. In fact, at an emergency hearing in June, the government claimed that it was incapable of complying with a court order to preserve evidence relating to the mass interception of Internet communications it is conducting under Section 702 of the FISA Amendments Act.
The new brief responds to questions posed by the court at the June hearing. First, we debunk the government’s secret reinterpretation of the Jewel lawsuit as only challenging the spying program as authorized by the President, and not when authorized by Section 702 or by the Foreign Intelligence Surveillance Court (even though the program itself did not change).
Second, we explain why the court should grant an "adverse inference," a ruling that we can assume that the destroyed evidence would show that our plaintiffs’ communications and records were in fact swept up in the NSA’s mass spying programs. Given the government’s claims that preserving Section 702 evidence is impossible, the adverse inference would keep the plaintiffs from being harmed by this ongoing destruction.
We hope for a ruling soon on the government’s duty to preserve evidence and the adverse inference we ask for in the brief.Related Cases: Jewel v. NSA
Share this: || Join EFF
The Federal Communications Commission is about to make a critical decision about whether Internet providers will be allowed to discriminate against certain websites. The issue is network neutrality—the principle that Internet providers must treat all data that travels over their networks equally. On Tuesday, EFF filed comments with the FCC to weigh-in on this critical debate.
Without network neutrality, companies like Comcast and Verizon will be permitted to charge websites to reach users faster. This would be a disaster for the open Internet. When new websites can’t get high-quality service, they’ll be less likely to reach users and less likely to succeed. The result: a less diverse Internet.
We want the Internet to live up to its promise of improving the way we communicate, learn, share and create. We want it to continue to foster innovation, creativity, and freedom. We don’t want regulations that will let ISPs turn into gatekeepers, making special deals with a few companies and inhibiting new competition, innovation, and expression.
Here’s an overview of how network discrimination hurts free expression and innovation, how we can safeguard against it, and what EFF—with your help—is doing about it.The Dangers of Discrimination
Net neutrality is not just about slowing down websites’ access to users. Equally important, it also protects against other forms of pay-for-play and unfair discrimination. Here are a few ways ISPs have throttled or blocked content in the past.
- Comcast was caught interfering with their customers’ use of BitTorrent and other peer-to-peer technologies
- A Canadian ISP slowed down all encrypted file transfers
- The FCC fined Verizon for charging consumers for using their phone as a mobile hotspot
- "Fast lane" discrimination allows wireless customers without data plans to access certain sites but not the whole Internet?
These practices pose a dire threat to the engine of innovation that has allowed hackers, startup companies, and kids in their college dorm rooms to make the Internet that we know and love today.The FCC’s Past Attempts at Net Neutrality
The FCC proposed rules in 2010 that were designed to address net neutrality, though they were never enforced. Verizon immediately sued the FCC and the issue was tied up in the courts for the next four years.
We had many concerns about the FCC’s old net neutrality rules. As we explained in comments in 2010, the FCC's rules would have allowed ISPs free rein to discriminate as long as it was part of “reasonable efforts to… address copyright infringement.” This broad language could lead to more bogus copyright policing from the ISPs.
We were also uncomfortable giving the FCC power to over-regulate the Internet, and so we were concerned about the broad authority the FCC claimed when proposing the rules in 2010. Not to mention that the FCC has a sad history of being captured by the very industries it’s supposed to regulate while ignoring the interests of the Internet-using public. In the early 2000s, for example, the commission essentially ignored the comments of hundreds of thousands of Americans who opposed media consolidation.
In January of this year, the issue came to a head. A federal court ruled that the FCC didn’t have authority to pass the old net neutrality rules in the way that it did, sending the FCC back to the drawing board to create new rules to keep Internet providers in check.
In response, the FCC has proposed the plan we’re debating today. Unfortunately, these proposed rules would allow companies like Comcast and Verizon to give preferential treatment to favored websites and web applications. This is exactly the type of unfair environment that could inhibit innovation and speech.We Need Some Rules of the Road
Currently, the FCC does not have the authority to stop Internet access providers from making special deals to speed up or slow down access to websites. This is because in 2002 the FCC classified the Internet as an “information service” like videoconferencing. And just as the FCC can’t tell videoconferencing services what rates they can charge, under the current rules, the FCC can’t tell Internet providers not to charge websites to reach users at faster speeds.
To get to a place where the FCC can actually enforce narrow net neutrality rules, the FCC first needs to change how it classifies high-speed Internet access. The FCC could reclassify the Internet as a “telecommunication service” like telephone service. That would give the agency the authority to enact rules to prevent non-neutral conduct by Internet providers.Strict Limits on FCC Authority
While we want to ensure the FCC has the authority it needs to prevent abusive network discrimination by Internet access providers, we don’t think the FCC should have free rein to regulate other aspects of the Internet. The FCC’s role needs to be narrow, firmly bounded, and limited to specific problems, like prohibiting Internet providers from charging any kind of fees for prioritization—and promoting local competition with a renewed “open access” rule. The FCC should also sharply define its regulatory reach with forbearance. Essentially, forbearance is the process by which the FCC expressly commits to not apply certain rules to a particular communications service. Without it, a whole set of policies will be applied to the Internet that were originally created for telephone systems (in the 1934 Communications Act).
So while EFF thinks it’s important that the FCC reclassify Internet access as a telecommunications service in order to create some bright-line rules against network discrimination, we think it’s equally important for the FCC to limit its authority to only do what is needed to preserve an open Internet—and no more.
Ultimately, we’d prefer to see more competition and community solutions, but while that's in the works, EFF thinks that the FCC needs to enact a few rules of the road to protect users from the kinds of non-neutral behavior we’re already beginning to see from Internet providers.How You Can Help
The FCC has opened a “rulemaking” process, where the agency has asked the public to weigh-in on its proposed rules. We created a tool, DearFCC.org, to help everyone take part in this important debate. While the first round of commenting ends at midnight Friday, the public has up until September 10 to submit comments.
If the FCC embraces rules that allow wealthy incumbent websites to pay for premium access to Internet users, the services we see in the future could be the same companies that are popular today. But we want to expect the unexpected. To get there, we have to make certain new businesses and services are able to meaningfully connect to users.
This rulemaking process is one of our best opportunities to be heard. Visit DearFCC.org and tell your story today.Learn more about this issue:
- Net Neutrality and Transparency Principles Must Extend to Mobile Internet Access Too
- What on Earth Is Going On at the FCC? A Guide to the Proposed Net Neutrality Rules
- Forbearance: What It Is, Why It’s Essential to Net Neutrality
- The FCC and Net Neutrality: A Way Forward
- Neutrality Begins At Home: What U.S. Mayors Can Do Right Now to Support a Neutral Internet
- Net Neutrality Will Require Us to Shine the Light on Internet Providers
- In Harm's Way: The Dangers of a World Without Net Neutrality
Share this: || Join EFF
General Noriega Attacks Activision: How The ‘Right of Publicity’ Led A Dictator to Censor Call of Duty
In Call of Duty: Black Ops II, players engage in a variety of missions. In some, they encounter nonfiction characters, including a character based on General Manuel Noriega, the former military dictator of Panama. As with movies or books, a creator of a video game might include real-world people as part of its historical narrative, to heighten realism, or for purposes of political satire or social commentary. The First Amendment should provide robust protection for this kind of creative expression. But some terrible court decisions regarding the so-called ‘right of publicity’ have opened the door to censorship by persons depicted in creative works.
A new lawsuit illustrates just how crazy things have become. Yesterday, General Noriega, who is currently in prison in Panama, sued Activision for his depiction in Call of Duty. His lawsuit claims that the game misappropriates his likeness for financial gain, a California state law claim also known as the “right of publicity.” This is not a defamation suit. Rather, Noriega is claiming that Activision included him “to heighten realism in its video game” and this means they should pay up. As one commentator wrote, this is “a lawsuit that beggars belief.”
But the true source of madness here is not General Noriega and his lawyers. Rather, it is the Ninth Circuit’s recent ruling in Keller v. Electronic Arts. In that case, the court found that EA’s NCAA Football game infringed a former college player’s right to publicity. The court dismissed any free speech concerns. The majority wrote that the use of Keller’s likeness did “not qualify for First Amendment protection as a matter of law because it literally recreates Keller in the very setting in which he has achieved renown.” In other words, because EA’s game was realistic, it was not protected expression.
Dissenting in the Keller case, Judge Sidney Thomas wrote:
The logical consequence of the majority view is that all realistic depictions of actual persons, no matter how incidental, are protected by a state law right of publicity regardless of the creative context. This logic jeopardizes the creative use of historic figures in motion pictures, books, and sound recordings.
Noriega’s lawsuit against Activision shows that Judge Thomas was right. The fundamental premise of Noriega’s case is that his inclusion in the game was for realism and thus was not protected. This is a crazy claim. Works—be they books, movies, or games—should not lose First Amendment protection just because they strive for realism. But the Ninth Circuit’s Keller ruling (and a similar decision from the Third Circuit) encourages public figures to advance exactly this argument.
The Noriega case raises another fundamental issue. Why should a notorious dictator, or any governmental official, even have a right to publicity? Surely we should be able to speak freely about public officials, both to criticize them and to include them in historical works. The First Amendment must provide some limitation on misappropriation and publicity claims. Otherwise the torts could be used by public officials to force the deletion of both their misdeeds and achievements from books, movies, video games and other creative works.
Publicity lawsuits by public officials have thus far been rare. Two of the more noteworthy ones involved political figures who were also entertainers. In 2004, California Governor Arnold Schwarzenegger sued the creators and marketers of a “Governator” bobblehead. The case was settled before there was any court decision. And in 1968, Pat Paulsen, a well-known comedian who had declared himself a candidate for the US presidency, sued a company for selling a mock campaign poster bearing Paulsen’s picture. A New York state court rejected Paulsen’s request to stop distribution of the poster, explaining that by becoming a political candidate his image as a candidate, even a satirical one, became “clearly newsworthy and of public interest.”
It may be that Noriega’s case will fail. The Paulsen court’s reasoning will hopefully be applied there as well, should the case ever get before a judge. But courts dealing with right of publicity claims have tended to take a very ad-hoc, result-driven approach that discriminates against video games and favors more traditional media (taken literally, the Keller decision would prohibit realistic biopics). We suspect that the courts may see a dictator litigating from prison as even less sympathetic that the video game industry. But even if Noriega loses, the mere threat of litigation like this can chill creative expression across media. Courts dealing with right of publicity cases need to respect free speech.Files: noriega_v_activision_complaint.pdfRelated Issues: Fair Use and Intellectual Property: Defending the BalanceFree SpeechVideo Games
Share this: || Join EFF
The Yorba Foundation, a non-profit group that produces open source Linux desktop software, reported last week that it was denied tax-exempt 501(c)(3) status by the IRS. The group had waited nearly five years for a decision. The IRS stated that, because the software Yorba develops can be used commercially, the organization has a substantial non-exempt purpose and is disqualified from tax-exempt status. We think the IRS’ decision rests on a fundamental misunderstanding of open source software.
This decision comes against the backdrop of previous “be on the look out” (BOLO) orders for open source software organizations’ applications for 501(c)(3) status. BOLOs were at the heart of the controversy over increased scrutiny of progressive and Tea Party organizations. A Mother Jones reader theorized that the IRS’s concerns might stem from debates during the 1970s and 1980s about whether computer user groups should count as non-profits. Perhaps so, but that’s no excuse for a five-year delay.
As Bradley Kuhn from the Software Freedom Conservancy noted in a 2013 Wired article, some open source projects that primarily work on commercial products aren’t actually a good fit for 501(c)(3) status and “[the IRS] has trouble making the distinction.” In fact, in its June 23rd 2010 letter to Yorba, the IRS asked directly: “Please explain how the activities of this organization differ from a commercial software development company beside distributing the software for free.”
Open source software organizations applying for tax-exempt 501(c)(3) status have to show that they are organized and operated exclusively for charitable, scientific or educational purposes. Unfortunately, these narrow buckets don’t necessarily correspond to the important work that some free and open source software (FOSS) organizations do.
Many FOSS projects have direct educational impacts. The Raspberry Pi Foundation, out of the United Kingdom, was formed directly to address the declining number of students interested in computer science. The GNOME Foundation, which is a 501(c)(3) organization, funds an outreach program for women interested in open source software. But organizations like Yorba directly fund software production as opposed to educational programming, and that makes them a harder fit for 501(c)(3) status.
Just as a project might reject code that doesn’t conform to its standards, even if the code is well written, the IRS is bound by a narrow set of restrictions that it has previous interpreted. Journalism start-ups have faced similar problems – while clearly their work benefits the public, it may not fully be charitable or educational, and thus may not be eligible for 501(c)(3) status.
Still, the IRS’s denial demonstrates a lack of understanding of the open source movement:
[The Yorba Foundation has] a substantial nonexempt purpose because [it] develop[s] software published under open source compatible licenses that authorize use by any person for any purpose, including nonexempt purposes such as commercial, recreational, or personal purposes, including campaign intervention and lobbying.
As Jim Nelson said in his post about the denial, these objections clash with three of the Four Software Freedoms: the freedom to run the program as you wish, the freedom to redistribute copies, and the freedom to distribute copies of your modified versions. That’s the benefit of permissive licensing. Although the IRS’s concerns about laundering money through non-profits to avoid taxes are reasonable, those should not stand in the way of legitimate open source software organizations.
Additionally, five years is a ridiculous length of time to sit on an application. The Yorba Foundation heard nothing from the IRS between October 2011 and July 2014. Although efforts are being made to streamline this process via providing a new, easier form, the IRS still has 60,000 pending applications. 501(c)(3) status is often vital for organizations that are looking to use grant money or have larger donors. Although individual small donors may not be worried about the tax deduction, foundations and large donors often won’t work with non-501(c)(3)s. We hope that the new simplified form will help cut down the number of organizations stuck in limbo.
It may be that not every open source project is a good fit for 501(c)(3) status. However, the IRS’ position that the production of software is a “commercial activity” and that otherwise exempt organizations may be disqualified based on potential uses of their software by third parties is too inflexible and risks causing worthy non-profits to lose out on 501(c)(3) status.Related Issues: Coders' Rights Project
Share this: || Join EFF
The UN High Commissioner for Human Rights has released an excellent report today on the right to privacy in the digital age, blasting the digital mass surveillance that has been taking place, unchecked, by the U.S., the U.K, and other world governments. The report is issued in response to a resolution passed with unanimous approval by the United Nations General Assembly in November 2013. That resolution was introduced by Brazil and Germany and sponsored by 57 member states.
This report turns the tide in the privacy debate at the United Nations and opens the door for more substantive scrutiny of states’ surveillance practices and their compliance with international human rights law. The report elaborates on issues EFF has long championed, and which are deeply integrated into our 13 Principles and its legal background paper, which have been signed by more than 400 organizations and 350,000 individuals. The report has also supported the five recommendations EFF, Access, Privacy International along with APC, Article 19, Human Rights Watch, WebWeWant submitted to the Office of the High Commissioner for Human Rights.
We’ve pulled out some highlights from today’s publication that merit further analysis, but the main point is this: With respect to privacy in the digital age, an interference with an individual’s right to privacy is only permissible under international human rights law if its necessary and proportionate.Forget The “Haystack”
The report issues a powerful condemnation of the “collect-it-all” justification that an infinitely large “haystack” of personal data must be accumulated in order to find the needles. The report points out that few "needles" that have been uncovered, and that in any event:
Mass or “bulk” surveillance programmes may thus be deemed to be arbitrary, even if they serve a legitimate aim and have been adopted on the basis of an accessible legal regime. In other words, it will not be enough that the measures are targeted to find certain needles in a haystack; the proper measure is the impact of the measures on the haystack, relative to the harm threatened; namely, whether the measure is necessary and proportionate.
The second part of that passage, emphasis added, is critical: it gives guidance that the proper measure of a mass surveillance program is not its effectiveness in a vacuum, but whether the surveillance is both necessary and proportionate.Metadata Matters
EFF has long called for moving beyond the fallacy that information about communications is somehow inherently less privacy-sensitive than the communications themselves. Information about communications, also called metadata or non-content, can include the location of your cell phone, clickstream data, and search logs, and its collection can be just as invasive as reading your email or listening to your phone calls—and sometimes more so. What is important is not the kind of data collected, but the effect on the privacy of the individual.
The report agrees, debunking the argument that “interception or collection of data about a communication, as opposed to the content of the communication, does not on its own constitute an interference with privacy.” It argues, “From the perspective of the right to privacy, this distinction is not persuasive" The aggregation of information commonly referred to as 'metadata' may give an insight into an individual’s behaviour, social relationships, private preferences and identity that go beyond even that conveyed by accessing the content of a private communication.”Monitoring Equals Surveillance
Much of the expansive state surveillance revealed in the past year depends on confusion over whether actual "surveillance" has occurred and thus whether human rights obligations apply. Some suggest that if information is merely collected and kept but not looked at by humans, no privacy invasion has occurred. Others argue that computers analyzing all communications in real-time for key words and other selectors is not "surveillance" for purposes of triggering legal protections again, unless the analysis is by human eye. These interpretations are used to give a pass to the mass collection and monitoring of communications, enabling governments to engage in broad dragnet collection where the law only supports narrowly targeted investigation.
The report cited the European Court of Justice on data retention to dispel those interpretations. The report makes clear that:
“any capture of communications data is potentially an interference with privacy and, further, that the collection and retention of communications data amounts to an interference with privacy whether or not those data are subsequently consulted or used. Even the mere possibility of communications information being captured creates an interference with privacy, with a potential chilling effect on rights, including those to free expression and association.”
(Again, emphasis added.)Mandatory Data Retention Is Unnecessary and Disproportionate
EFF has long held that government mandated data retention impacts millions of ordinary users, compromising the online anonymity that is crucial for whistle-blowers, investigative journalists, and others engaging in political speech.
The report calls data retention mandates unlawful, saying:
Mandatory third party data retention, a recurring feature of surveillance regimes in many States, where Governments require telephone companies and Internet service providers to store metadata about their customers’ communications and location for subsequent law enforcement and intelligence agency access appears neither necessary nor proportionate.”Shut the Backdoor: Re-use of Data
As EFF has noted here, here and in the legal background to the 13 Principles , many national frameworks lack “use limitations,” allowing data collected for one legitimate aim, to be subsequently used for others.
The report also emphasized that point. The report explained that the absence of effective use limitations has been exacerbated since September 11, 2001, with the line between criminal justice and protection of national security blurring significantly. The resultant sharing of data between law enforcement agencies, intelligence bodies and other State organs risks violating Article 17 of the Covenant on Civil and Political Rights, because surveillance measures that may be necessary and proportionate for one legitimate aim may not be so for the purposes of another.No Secret Law
EFF has long held that the basis and interpretation of surveillance powers must be on the public record, and that rigorous reporting and individual notification (with proper safeguards) must be required. The absence of transparency in surveillance laws and practices reflects a lack of compliance with human rights and the rule of law. Secret laws—whether about surveillance or anything else—are unacceptable. The state must not adopt or implement a surveillance practice without public law defining its limits. The report agreed:
Secret rules and secret interpretations even secret judicial interpretations of law do not have the necessary qualities of “law”. Neither do laws or rules that give the executive authorities, such as security and intelligence services, excessive discretion; the scope and manner of exercise of authoritative discretion granted must be indicated (in the law itself, or in binding, published guidelines) with reasonable clarity. A law that is accessible, but that does not have foreseeable effects, will not be adequate. The secret nature of specific surveillance powers brings with it a greater risk of arbitrary exercise of discretion which, in turn, demands greater precision in the rule governing the exercise of discretion, and additional oversight.Human Rights Law Does Not Discriminate For “Foreigners”
This new report underscore the value that the UN places on “measures to ensure that any interference with the right to privacy complies with the principles of legality, proportionality and necessity regardless of the nationality or location of individuals whose communications are under direct surveillance.”
If a country seeks to assert jurisdiction over the data of private companies as a result of the incorporation of those companies in that country, then human rights protections must be extended to those whose privacy is being interfered with, whether in the country of incorporation or beyond. This holds whether or not such an exercise of jurisdiction is lawful in the first place, or in fact violates another State’s sovereignty.
We have seen precisely these questions raised, and not always answered satisfactorily, in cases like the demands to Twitter for information on Wikileaks supporters or Chevron’s demands for email data to Twitter, Google and Yahoo.
This conclusion is equally important in the light of ongoing discussions on whether “foreigners” and “citizens” should have equal access to privacy protections within national security surveillance oversight regimes. if there is uncertainty around whether data are foreign or domestic, intelligence agencies will often treat the data as foreign (since digital communications regularly pass “off-shore” at some point) and thus allow them to be collected and retained. The result is significantly weaker—or even non-existent—privacy protection for foreigners and non-citizens, as compared with those of citizens.
In another passage, which we quote here at length, the report echoes arguments we made with Article 19 in our legal analysis of the Necessary and Proportionate Principles, that everybody is entitled to equal protection before the law.
International human rights law is explicit with regard to the principle of non-discrimination. Article 26 of the International Covenant on Civil and Political Rights provides that “all persons are equal before the law and are entitled without any discrimination to the equal protection of the law” and, further, that “in this respect, the law shall prohibit any discrimination and guarantee to all persons equal and effective protection against discrimination on any ground such as race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status.”
In this regard, the Human Rights Committee has underscored the importance of “measures to ensure that any interference with the right to privacy complies with the principles of legality, proportionality and necessity regardless of the nationality or location of individuals whose communications are under direct surveillance.Right to an Effective Remedy and Notification
Quite impressively, the report lays out four characteristics that effective remedies for surveillance-related privacy violations must display. Those remedies must be “known and accessible to anyone with an arguable claim.” This means that notice is critically important, and that people must be to challenge the legality of the surveillance program without having to prove that their particular communication was monitored or collected.
EFF has always said that the notification principle is essential in fighting illegal or overreaching surveillance. Individuals should be notified of authorization of communications surveillance with enough time and information to enable them to appeal the decision, except when doing so would endanger the investigation at issue.
The report continues, stressing the importance of a “prompt, thorough and impartial investigation”; a need for remedies to actually be “capable of ending ongoing violations”; and noting that “where human rights violations rise to the level of gross violations...as criminal prosecution will be required”.No Tech Backdoors
EFF has said no law should impose security holes in our technology in order to facilitate surveillance. Diminishing the security of hundreds of millions of innocent people who rely on secure technologies in order to ensure surveillance capabilities against the very few bad guys is both overbroad and short-sighted.
The report supports that conclusion, stating that: “The enactment of statutory requirements for companies to make their networks “wiretap-ready” is a particular concern, not least because it creates an environment that facilitates sweeping surveillance measures.”Company Complicity
Finally, the report addresses the issue of when companies should and should not assist states with technology or with access to user data—and what obligations those companies have when there is an overreach.
The Guiding Principles clarify that, where enterprises identify that they have caused or contributed to an adverse human rights impact, they have a responsibility to ensure remediation by providing remedy directly or cooperating with legitimate remedy processes.
The responsibility to respect human rights applies throughout a company’s global operations regardless of where its users are located, and exists independently of whether the State meets its own human rights obligations.***
In conclusion, this new report constitutes an impressive and thorough new addition to the global debate about privacy and mass surveillance. It stresses the applicability of human rights law to areas where overreaching governments have tried to claim no law applies, and pushes for greater accountability and transparency for the institutions engaging in wholesale privacy violations. From the report:
International human rights law provides a clear and universal framework for the promotion and protection of the right to privacy, including in the context of domestic and extraterritorial surveillance, the interception of digital communications and the collection of personal data.
There is a clear and pressing need for vigilance in ensuring the compliance of any surveillance policy or practice with international human rights law, including the right to privacy, through the development of effective safeguards against abuses.
Steps should be taken to ensure that effective and independent oversight regimes and practices are in place, with attention to the right of victims to an effective remedy.
For more information, visit the OHCHR page on the Right to Privacy in the Digital Age.Related Issues: InternationalMass Surveillance TechnologiesState Surveillance & Human RightsPrivacy
Share this: || Join EFF
Update: As predicted, DRIP has already become law: it received royal assent on Thursday July 17, 2014.
The UK government is currently forcing through Parliament a wide-ranging set of changes to that country's digital surveillance and data retention law. The pace of the progression of the new amendments, called the Digital Retention and Investigatory Powers Bill (or "DRIP") has been astounding. Introduced without warning last Friday, if not opposed by peers in Britain's House of Lords, it looks like it may become law within the week.
Opponents of the bill are having to work as individuals, as the leadership of all the major parties support the bill, including Labour, the main opposition party, and governing coalition partners the Liberal Democrats, despite that party's historic reputation for defending civil liberties. The price for these parties' support appears to have been a handful of minor concessions to allow further oversight.
That price is far too low. The oversight proposals appear to be based on the United States' surveillance review mechanisms: a privacy and civil liberties oversight board modeled on the United State's board of the same name, and a sunset (expiry) date on the legislation. Both of these approaches have proven to be failures within the United States.
DRIP's sunset proposals are an echo of the same clauses in the United States' PATRIOT Act, where expansive wiretapping clauses written in the weeks after 9/11 were built to expire on December 31, 2005. Like DRIP, the sunset provisions were an attempt to mollify those concerned that the legislation was rushing through emergency measures without due consideration. Thirteen years later, and four sunsets later, none of these temporary provisions have been substantially reformed, moderated or revoked. It seems to be a law of nature: just as the sun always rises after a sunset, so sunset clauses are always renewed.
If British members of parliament believe they will be given more scope from a future government to re-consider their decisions after a sunset period, they should ask themselves what will make the future different from today, when existing oversight bodies such as the UK's Intelligence and Security Committee and the House of Lords Constitution Committee have been ignored.
The misadventures of the United States' Privacy and Civil Liberties Oversight Board are even less inspiring. Created in 2005 on the recommendation of the Senate 9-11 Commission, the PCLOB operated for barely a year before being caught between disputes between Congress and the Presidency. One of its members resigned over Whitehouse interference. Between January 2008, and May 2013, the PLOB lacked members and was effectively non-existent. While the newly-reformed independent executive agency has subsequently been critical of the NSA's domestic surveillance program, this has largely been in response to the Snowden documents, and the impact of its reports has so far been limited.
True oversight means being time to consider the issues at length, and with technical and policy assistance. Britain is not the only country in Europe responding to the revocation of the Data Retention Directive. To avoid violating EU law again, its politicians should consult with other countries to develop a consistent and rights-friendly surveillance policy. Britain's PCLOB is so far based on a promise: it is not mentioned in DRIP bill, and has been given no statutory powers. An oversight body needs the right to subpoena, and the right of access to technical expertise. It should be a Parliamentary institution, not a board that reports to the Prime Minister. Better still, open judicial review of surveillance warrants should be introduced, rather than the secret and executive-driven model currently mandated by UK law.
As Labour Member of Parliament Tom Watson notes, the urgency ceded by Britain's opposition parties to DRIP's passage make little sense. The government claims that the law needs to be passed quickly to re-impose data retention on ISPs after the Europe-wide Data Retention Directive was revoked as a violation of European human rights by the EU's Court of Justice (CJEU). But the CJEU's decision was in April; any legal challenge to continuing data retention within the United Kingdom would take at least seven months to complete. Besides, the point of the CJEU's decision was that data retention requires greater oversight and better consideration of human rights, not less. To ram through a blunt data retention bill while postponing or evading the civil liberties consequences is exactly the opposite of the intent of that court.
At best, these rushed proposals simply buy the government more time for its unnecessary and disproportionate surveillance measures before they are eventually struck down once again by the European Courts. At worse, Britain is running blindly into an unsafe regime of mass data collection and analysis that we already know to be violations of European human rights law, with public oversight systems that has been proven by the United States to be woefully insufficient.Related Issues: Mandatory Data RetentionState Surveillance & Human Rights
Share this: || Join EFF
In the flurry of activity yesterday surrounding the FCC’s comment deadline on the net neutrality debate, members of Congress are quietly trying to slip through a bill that will block the development of real alternatives for high-speed Internet.
Representative Marsha Blackburn introduced an amendment late last night that aims to limit FCC authority to preempt state laws that restrict or prohibit municipal and community high-speed Internet projects or investment.
Blackburn’s amendment will go up for a vote today, so we must act now to tell our representatives how important it is that cities and communities maintain their right to build their own communications infrastructure.
Visit DearFCC.org/call to take action right now! A quick phone call can go a long way, and we’ve made it simple with our call tool.
Projects like community mesh networks and mayors’ attempts to bring fiber to their cities should never be illegal or stifled by misguided state laws. On the contrary, they should be encouraged. That’s because community and municipal high-speed Internet projects provide users more options.
Across the country, the majority of Internet users are stuck with one or two choices at most for high-speed, reliable access. These companies charge exorbitant fees and are currently in midst of urging the FCC to allow them (ISPs) to speed up connections to websites that pay for premium access for users.
Municipal and community broadband projects offer alternatives, so when companies like Comcast and Verizon are behaving badly, users have somewhere else to go. But right now there are 20 states that have laws that make it make it hard or impossible for communities to take their Internet into their own hands.
Consider Chattanooga, Tennessee, a city that has better broadband than San Francisco. Chattanooga is home to one of the nation’s least expensive, most robust municipally owned broadband networks. There, users have access to a gigabit (1,000 megabits) per second Internet connection. That’s far ahead of the average US connection speed, which typically clocks in at 9.8 megabits per second. And in the Mt. Pleasant neighborhood of Washington, DC, residents have built their own community-controlled alternative to expensive Internet companies, and it’s free.
We were happy to hear about FCC Chairman Tom Wheeler’s plan to challenge these restrictive state laws, but now it looks like those good intentions are under attack.
Act now. Tell your friends. We can’t let Congress undermine community efforts to create real alternatives for high-speed Internet. Visit DearFCC.org/call to contact your representative immediately.Related Issues: Net Neutrality
Share this: || Join EFF
Coeur d'Alene, Idaho - The Electronic Frontier Foundation (EFF), the American Civil Liberties Union (ACLU) and the American Civil Liberties Union of Idaho have announced they will join Anna Smith's legal team in her challenge of the government's bulk collection of the telephone records of millions of innocent Americans.
Smith, an emergency neonatal nurse and pregnant mother of two, filed her suit against President Obama and several U.S. intelligence agencies shortly after the government confirmed revelations that the National Security Agency (NSA) was conducting bulk collection of telephone records under Section 215 of the Patriot Act. Smith, a customer of Verizon wireless, one of the companies that was ordered to disclose records to the NSA, argued the program violated her First and Fourth Amendment rights by collecting a wealth of detail about her familial, political, professional, religious and intimate associations.
"When I found out that the NSA was collecting records of my phone calls, I was shocked," said Smith, who is also represented by her husband, Peter J Smith IV, and Idaho State Rep. Luke Malek. "I have heard of other governments spying indiscriminately on their own citizens, but I naively thought it did not happen in America. I believe who I call, when I call them, and how long we talk is not something the government should be able to get without a warrant. I sued because I believe the Constitution protects my calls from government searches. I am thrilled that the American Civil Liberties Union and Electronic Frontier Foundation agreed to assist us in this case. What Americans can reasonably expect to remain private is an issue of monumental importance."
When U.S. District Judge Lynn Winmill dismissed Smith's case, he expressed grave concerns about the privacy implications of the NSA's surveillance but said that he believed that a 1979 Supreme Court case about targeted surveillance tied his hands. Smith is now appealing to the Ninth Circuit Court of Appeals.
EFF and the ACLU have each litigated numerous First and Fourth amendment lawsuits, including ongoing cases over this very NSA program. The ACLU is a plaintiff in a case currently pending before the Second Circuit Court of Appeals to be heard in early September. EFF has two cases before the Northern California federal court. Smith v. Obama represents another opportunity to halt this mass surveillance.
"Anna Smith proves that a single citizen has the power to stand up for her rights and challenge the government when it tramples them," EFF Legal Director Cindy Cohn said. "EFF is proud to lend our expertise in pursuing her appeal, which could very well be one of the cases that makes it to the Supreme Court."
The court has granted Smith's motion to expedite the case, with the opening brief due on Sept. 2, 2014.
"The call records program needlessly invades the privacy of millions of people," said ACLU Deputy Legal Director Jameel Jaffer. "Even the President has acknowledged that the NSA does not need to collect information about every phone call in order to track the associations of suspected terrorists. Dragnet surveillance on this scale is both unconstitutional and unnecessary."Contacts:
Media Relations Coordinator
Electronic Frontier Foundation
Associate Director for Strategic Communications
American Civil Liberties Union
Peter J. Smith
Media Relations Coordinator
Share this: || Join EFF
San Francisco - The Electronic Frontier Foundation (EFF) has told the Federal Communications Commission (FCC) that the agency must abandon its current, dangerous plan to allow for Internet traffic discrimination. Instead, EFF is urging the FCC to reclassify the Internet as a "common carrier" and also to restrict itself to limited and tightly bounded regulation.
In formal comments submitted to the FCC, EFF argues that defending the neutral Internet is critical to protecting new online applications and services – innovations that have made the Internet a global platform for free expression and commerce of every kind.
"An open, neutral, and fast Internet has sparked an explosion of innovation in everything from shopping to the way we exchange ideas and debate potential political change," said EFF Intellectual Property Director Corynne McSherry. "But its founding principles are now under threat. It's time for users to take action to protect our Internet."
The FCC has long promised to take steps to protect the open Internet, but earlier this year the agency announced a net neutrality proposal that would allow for so-called "Internet fast lanes." The plan claims to promote a neutral Internet, but embraces a "commercially reasonable" standard for network management, allowing ISPs to make special deals that would give some services privileged access to subscribers.
EFF believes that market competition should be the first line of defense against abusive ISP practices like non-neutral behavior. But because most Americans have only one or two realistic choices for residential broadband, normal market forces might not prevent discriminatory policies.
In its formal comments, EFF outlines a better way to protect the open Internet. A crucial piece is classifying broadband as a "telecommunications service" instead of an "information service," allowing the FCC to enforce "common carrier" rules like the ones that ensure fair and equal telephone service. At the same time, the FCC should only regulate narrowly, with clear rules. To prevent over-regulation, the FCC should explicitly "forbear" from applying many rules better suited for telephone service than Internet service – an official procedure the FCC has used in the past. In the meantime, the FCC can do more to require real transparency about broadband provider practices, as well as take steps to restore the open access rules that helped spark the early growth of the Internet.
"The FCC's current course is dangerous. It could undermine what makes the Internet the groundbreaking technology that it is," said EFF Staff Attorney Mitch Stoltz. "It's time for the FCC to leave its flawed proposal aside and work on a better plan to support the open Internet."
The FCC is taking comment from the general public until September 10. You can send your views in through EFF's tool at DearFCC.org. So far, hundreds of thousands of people have submitted comments to the FCC, and the agency's site was only working intermittently Tuesday because of the large amount of traffic.
For EFF's full comments to the FCC:
To submit your own comments:
Intellectual Property Director
Electronic Frontier Foundation
Electronic Frontier Foundation
Share this: || Join EFF
EFF joined a group of thirty-five civil society organizations, companies, and security experts that sent a letter on Monday encouraging President Obama to veto S. 2588, the Cybersecurity Information Sharing Act (“CISA”) of 2014. The letter states:
CISA fails to offer a comprehensive solution to cybersecurity threats. Further, the bill contains inadequate protections for privacy and civil liberties. Accordingly, we request that you promptly pledge to veto CISA.
Bad cybersecurity bills appear to be habit-forming for Congress. CISA, which is appropriately being called a “zombie bill” by privacy advocates and journalists, rehashes two similar (and equally flawed) bills: the Cyber Intelligence Sharing and Protection Act (CISPA) of 2012 and CISPA of 2013. Both bills were soundly defeated after major outcries on the Internet and distaste in the Senate for a bill with insufficient privacy protections.
But some lawmakers aren’t getting the message. The letter points out that, while CISA has made a small number of cosmetic changes to CISPA:
CISA presents many of the same problems the Administration previously identified with CISPA in its veto threat. Privacy experts have pointed out how CISA would damage the privacy and civil liberties of users.
As we've emphasized in the past, the bill fails to provide privacy protections for Internet users and allows information sharing in a wide variety of circumstances that could potentially harm journalists and whistleblowers. Like its previous iterations, it also contains overbroad immunity from lawsuits for corporations that share information. As the letter points out, it even contains “a broad new categorical exemption from disclosure under the Freedom of Information Act, the first since the Act’s passage in 1966.”
You can read the full text of the letter and see the signatories here. You can also take action today: tell your Senator to vote no on a bill that fails to make the Internet safer and invades the privacy and civil liberties of everyday Internet users.Files: coalition-ltr-cisa-20140715.pdfRelated Issues: Cyber Security Legislation
Share this: || Join EFF
Update: A few hours after we posted this, New Mexico Corrections Department informed us that inmate Eric Aldaz's Facebook-related disciplinary infractions have been thrown out. More information at the bottom.
Like more than a billion other people on the planet, Eric Aldaz had a Facebook profile. What made Aldaz’s profile different from most is that he was unable to post to it himself: he didn’t hold the login credentials or even have any kind of access to the Internet. He is an inmate of the New Mexico Corrections Department (NMCD) and his family maintained the page on his behalf.
New Mexico has an obscure prison policy that forbids inmates from accessing the Internet directly or through “third parties.” Now, Aldaz is facing 90 days in solitary confinement because he refused to tell his family to take his Facebook profile down.
To New Mexico’s credit, the corrections department agreed to reopen Aldaz’s disciplinary case and to review the policy after EFF started asking questions and filing public records requests. The inmate has yet to be placed in disciplinary segregation. With hopes of heading it off, EFF, the American Civil Liberties Union of New Mexico, the Human Rights Defense Center and Prison Legal News have sent a letter to NMCD asking the agency to repeal the policy and undo the punishment leveled at the inmate.
EFF first learned of NMCD’s policy when a local Albuquerque television station aired a report about how an inmate at the Northeast New Mexico Detention Facility in Clayton was violating the prison’s social media ban by having a Facebook page. The one-line rule was buried on page 28 of the department's "Information Technology Management" policy, a document primarily for staff that contained no further definitions or guidance:
Offenders in the custody or supervision of the Department are not permitted access to the Internet, nor are they permitted to obtain access to the Internet through third parties.
Records indicates that the same day of the news broadcast, NMCD (by way of Geo Group, the private contractor that runs the facility) began disciplinary proceedings again Aldaz. Initially, Aldaz claimed he had no way to access the profile. Later, when officers overheard Aldaz asking a family member to upload new profile photos and to post a response about the news story and people “hating” on him, he was punished for disobeying orders with three months in disciplinary segregation.
Last October, the ACLU of New Mexico and the New Mexico Center on Law and Poverty issued a detailed investigation into the abuse of solitary confinement in New Mexico prisons and jails, concluding that the status quo violated fundamental civil rights and was psychologically damaging to inmates. Prison officials conceded the point that too often nonviolent offenders are being placed in solitary, and agreed to address the problem. Even New Mexico Corrections Secretary Gregg Marcantel spent time in disciplinary segregation to experience firsthand what it’s like to spend 23 hours of every day in a cramped cell with severely limited social interaction.
In the letter, we write that Aldaz’s punishment seems extraordinarily disproportionate considering the nonviolent nature of the offense, which we would argue is not an offense at all.
In nearby Arizona, restrictions on inmate access to Internet through third parties were ruled unconstitutional a decade ago when a judge determined that the policies served no legitimate penological interest. We argue the same principles apply here: these prohibitions infringe on the free speech rights of not only the inmates, but the inmates' friends and family and anyone who seeks to speak on their behalves. Although NMCD claims it only applies this policy to social media pages, the language is so broad that it could be used to punish inmates for innocuous acts such as asking their family to pay their outstanding credit bills through online banking or to send print-outs of medical information from health websites. The rule could also pose a chilling affect for anyone who would like to post information online about an inmate for fear that the prison may believe the inmate had some control over the speech.
In reviewing the records, EFF identified several additional concerns. For one, NMCD had not developed any kind of detailed process for enforcing the policy. They had not well publicized the rule, which was buried deep in a document geared towards NMCD staff and contractors, not inmates. It was unclear whether Aldaz had ever been notified of the policy at all. We were also alarmed to learn that NMCD had been contacting online service providers to get inmate pages taken down, without keeping any records. NMCD told EFF it was able to get Aldaz’s page removed over the phone with Facebook.
NMCD has expressed its openness to overhauling the policy and we look forward to working with them. As we write in the letter:
No one should serve 90 days, or even a single day, in solitary confinement for simply having a Facebook page.
Update: A few hours after we posted this, NMCD Public Affairs Director Alex Tomlin informed us that inmate Eric Aldaz's Facebook-related disciplinary infractions had been thrown out as of July 1, just a few days after they agreed to re-examine his case and the policy. However, this information did not reach the administrative offices until after we published. This is great news, but we are still waiting to hear whether NMCD will scrap the policy altogether.
Share this: || Join EFF