Aggregated News

EFF to Court: Protect Free Speech From Overbroad Use of DMCA

eff.org - Fri, 20/01/2017 - 09:08

In order to make remix videos, do computer research, or make e-books accessible, people often need to bypass access controls on the media they own. This week, EFF explained to the U.S. Court of Appeals for the Ninth Circuit that the government cannot prohibit such speech without running afoul of the First Amendment, in a friend-of-the-court brief filed in the case of VidAngel v. Disney.

VidAngel provides a service that allows customers to view movies minus the parts it identifies as offensive. Disney and other entertainment companies, including Fox and Warner Brothers, argued that providing this service violates copyright law and the related law against bypassing access controls in Section 1201 of the Digital Millennium Copyright Act.

Importantly, they argue that the service involves circumvention of the access controls on DVDs, and that VidAngel could be liable for this violation even if its service were held to entail fair use and thus did not infringe copyright. This is an issue that the Ninth Circuit has previously left unresolved, and on which other federal appeals courts disagree.

We filed to ensure the Ninth Circuit understands the impact on speech of an anti-circumvention law that does not include flexible accommodations for free speech, like a fair use exemption. This is an issue we are also directly litigating in the District of Columbia, where we await a ruling in our Green v. Department of Justice lawsuit.

After almost 20 years of speech repression, it is past time to remedy the defects in Section 1201 of the DMCA, and we hope 2017 will be the year that finally happens.

Related Cases: Green v. U.S. Department of Justice
Share this: Join EFF
Categories: Aggregated News

Hollywood Doesn’t Represent All Creators

eff.org - Fri, 20/01/2017 - 08:23

We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of the law, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation.

One of the biggest pitfalls in copyright policymaking is to treat creators of copyrighted content as a monolithic entity with identical interests and concerns. When massive entertainment companies ask for dangerous new types of copyright protection, they imply that all artists share the same set of interests (which allegedly line up with those of the big companies themselves). It would be a mistake even to accept the entertainment industry’s interpretation of the will of the artists it represents, let alone extend it to the community of artists in general. Copyright should take into account the needs of artists and creators of all stripes, reflecting the differences among their tactics, their goals, their business models, and how they go about creating new works.

The conflict over copyright between Hollywood and independent artists is perhaps nowhere more pronounced than in the debate over automatic copyright filtering on YouTube and sites like it. Video creators rely on fair use protections every day—especially if their work involves quoting or sampling others’ content for the purposes of criticism, journalism, or education, uses that are protected under the law.

Last year, video creators organized to protest YouTube’s copyright policies—they argued that fear of Content ID takedowns (and of having to navigate YouTube’s arcane repeat infringer system) effectively chilled YouTube artists’ free expression. As popular YouTube personality Doug Walker put it, “I’ve been doing this professionally for over eight years, and I have never had a day where I felt safe posting one of my videos even though the law states I should be safe posting one of my videos.”

YouTubers were successful in convincing Google to make some small but important policy changes (namely, allowing videos to earn revenue while under a copyright dispute, thus ensuring that a bogus dispute doesn’t cut off a creator’s revenue stream), but that victory could be tiny compared to the fight that’s on the horizon.

The RIAA and a host of other entertainment industry groups recently wrote a memo to President-Elect Trump asking for a major overhaul of the safe harbors system in the Digital Millennium Copyright Act (DMCA). Safe harbors protect web platforms that host third-party content from liability for their users’ allegedly infringing content. Without safe harbors, many popular media platforms would look very different from how they look today, or they simply wouldn’t exist.

Although it didn’t make specific demands, the RIAA memo eerily echoes a number of proposals that Hollywood lobbyists have made for weakening safe harbor protections. One such proposal is a filter-everything approach: under filter-everything, websites that host third-party content would be required to run Content ID-style copyright bots. Once a takedown notice went uncontested, the platform would have to block any future uploads of the same allegedly infringing content. Proposals like filter-everything inevitably shift the burden of policing copyright infringement (or at least some of that burden) from copyright owners to the web platforms themselves. In doing so, they effectively incentivize platforms to give copyright owners the upper hand in any dispute. Moreover, legally mandated filters could compromise fair use. As we’ve said before, copyright bots can be a helpful tool, but they’re no substitute for human analysis.

Ultimately, when big content companies demand weaker users’ rights or brand new types of copyright protection, they make a crucial miscalculation. They assume that their large budgets earn them super-copyright powers—that is, that lawmakers must protect their rights to the detriment of other creators, users, and platforms because their content is so expensive to produce. It doesn’t work that way. As Tim Cushing pointed out, Hollywood’s logic would suggest that a ticket to Avatar should cost 90,000 times more than a ticket to Paranormal Activity.

Independent creators of all types can play an essential role in pushing for fairness in copyright law. Lawmakers need to balance the needs and rights of everyone, including small creators and users. When entertainment companies claim to represent the will of artists, Congress hears only a fraction of the story.


Share this: Join EFF
Categories: Aggregated News

Kazakhstan’s Exploitation of Flawed U.S. Law To Censor Respublika Finally Ends, In Cautionary Tale About CFAA Abuse

eff.org - Fri, 20/01/2017 - 06:41

The Republic of Kazakhstan’s harassing U.S. court case that it used to target the independent newspaper Respublika, and other fierce critics of the ruling regime, has finally come to an end. Kazakhstan employed the deeply flawed U.S. hacking statute called the Computer Fraud and Abuse Act (CFAA) to mount a two-year campaign of harassment, censorship, and retaliation against the publication in courts around the world. The clock ran out on Kazakhstan’s lawsuit and the government finally dismissed it, but not before real damage was done to the free speech rights of the newspaper, which was forced to shut down, and other parties.

The harassment of Respublika is a cautionary tale about how the CFAA can be used by an oppressive foreign government to enter the U.S. court system by claiming it was hacked by an unknown party, and then use the U.S. case to get court orders here and abroad to intimidate enemies and dissidents without ever having to name a defendant.

The government of Kazakhstan pursued Respublika, with lawsuits and threats for fifteen years. By 2012 the paper’s founder was in exile and the publication ceased printing—but survived by going digital. In 2014 the paper began reporting on a cache of emails leaked from what appeared to be the Gmail accounts and computers of Kazakhstan government officials. Kazakhstan then filed a CFAA lawsuit in federal court in New York against the unknown hackers of the emails, and obtained a court order it used to force Respublika and its web hosts to take down certain articles about the emails.

Enter EFF. We represented Respublika in New York and won an order blocking such censorship. A federal judge ruled that the First Amendment protected publication of the documents by anyone unless they were directly involved in the alleged theft.

We helped Respublika win a separate order in federal court in California rejecting Kazakhstan's demand that Facebook turn over information about users associated with Respublika’s account on the social media site.

Nevertheless, Respublika’s editor in chief was required to be questioned under oath about the paper’s funding sources and confidential sources. The federal judge in New York also authorized a deposition of dissident and Kazakh opposition leader Muratbek Ketebayev, in Poland, where he has political asylum. Kazakhstan also went to court in New Zealand and obtained an order that cloud storage website Mega must hand over a slew of otherwise confidential users' information.

The toll the CFAA case took on Respublika was drastic. In September the editors, citing the lawsuit and risks to the safety of its people, announced that after 16 years of courageous and independent reporting the weekly was shutting down.

In the end, the republic failed to name a defendant within the two-year statute of limitation required under the CFAA. We’re relieved the case is going away, but without drastic reform of the CFAA, it’s only a matter of time before another government uses our courts to intimidate those it considers enemies.

Related Cases: Kazakhstan v. Does
Share this: Join EFF
Categories: Aggregated News

EFF to Court: Don’t Undermine Legal Protections for Online Platforms that Enable Free Speech

eff.org - Thu, 19/01/2017 - 09:36

EFF filed a brief in federal court arguing that a lower court’s ruling jeopardizes the online platforms that make the Internet a robust platform for users’ free speech.

The brief, filed in the U.S. Court of Appeals for the Ninth Circuit, argues that 47 U.S.C. § 230, enacted as part of the Communications Decency Act (known simply as “Section 230”) broadly protects online platforms, including review websites, when they aggregate or otherwise edit users’ posts.

Generally, Section 230 provides legal immunity for online intermediaries that host or republish speech by protecting them against a range of laws that might otherwise be used to hold them legally responsible for what others say and do.

Section 230’s immunity directly led to the development of the platforms everyone uses today, allowing people to upload videos to their favorite platforms such as YouTube, as well as leave reviews on Amazon or Yelp. It also incentivizes the creation of new platforms that can host users’ content, leading to more innovation that enables the robust free speech found online.

The lower court’s decision in Consumer Cellular v. ConsumerAffairs.com, however, threatens to undermine the broad protections of Section 230, EFF’s brief argues.

In the case, Consumer Cellular alleged, among other things, that ConsumerAffairs.com should be held liable for aggregating negative reviews about its business into a star rating. It also alleged that ConsumerAffairs.com edited or otherwise deleted certain reviews of Consumer Cellular in bad faith.

Courts and the text of Section 230, however, plainly allow platforms to edit or aggregate user-generated content into summaries or star ratings without incurring legal liability, EFF’s brief argues. It goes on: “And any function protected by Section 230 remains so regardless of the publisher’s intent.”

By allowing Consumer Cellular’s claims against ConsumerAffairs.com to proceed, the lower court seriously undercut Section 230’s legal immunity for online platforms. If the decision is allowed to stand, EFF’s brief argues, then platforms may take steps to further censor or otherwise restrict user content out of fear of being held liable.

That outcome, EFF warns, could seriously diminish the Internet’s ability to serve as a diverse forum for free speech.

The Internet it is constructed of and depends upon intermediaries. The many varied online intermediary platforms, including Twitter, Reddit, YouTube, and Instagram, all give a single person, with minimal resources, almost anywhere in the world the ability to communicate with the rest of the world. Without intermediaries, that speaker would need technical skill and money that most people lack to disseminate their message. If our legal system fails to robustly protect intermediaries, it fails to protect free speech online.


Share this: Join EFF
Categories: Aggregated News

5 Years Later, Victory Over SOPA Means More than Ever

eff.org - Thu, 19/01/2017 - 07:52

It would have happened slowly at first. A broken hyperlink here and there. A few Google searches with links leading to nowhere. In the beginning, global users of the web would have barely noticed pieces of the Internet going dark.

Then there may have been a few investigative journalists piecing things together, and then more coverage as mainstream media picked it up. Adversaries of the open web would have grown bolder, attacking larger and larger websites. Services and companies that we enjoyed would have been shut down or drastically changed. Some sites would never have existed at all, but Internet users would never really know what they were missing. 

The increasingly rigid control of the Internet would have turned surfing the web into an experience more like surfing television stations—moving from one controlled, expensive online platform to the next—than the strange maze of eccentric, eclectic information flows that we have today.

In a few generations, the wildness of the web would have been extinguished.

Instead, we fought back.

On January 18, 2012, advocacy groups like EFF, Fight for the Future, and Demand Progress, millions of everyday Internet users across the globe, Internet engineers, law professors and tech companies big and small worked together to orchestrate a digital protest so powerful, it changed the game in DC and around the world. Congress was flooded with emails, calls, and letters while huge websites like Google and Wikipedia blacked out in solidarity. The Internet showed Washington that it could and would defend itself.

But defeating SOPA didn’t happen in a single day—it was a multi-year effort. Many people remember the blackout and forget the countless hours spent raising early alarms about coming censorship efforts. That work—in the form of public advocacy, research, articles, and coalition calls—was indispensable to creating the movement that would defeat SOPA.

Today, we’re raising those alarms again.

While no one knows the details of what the coming four years will bring, we have enough information to be afraid for the future of digital rights. With President Trump taking office, we expect new efforts to undermine encryption, ratchet up surveillance, dismantle protections for net neutrality, and attack freedom of the press. Now more than ever, we need an engaged, coordinated, powerful force of Internet defenders. 

That’s why EFF is joining dozens of organizations in commemorating the SOPA anniversary today. We’re committing to safeguarding Internet freedom against all foes, and we know that core values like creativity, access to knowledge, and privacy are at stake.

A coalition of digital rights groups—including EFF—and Internet companies published a piece today about the SOPA blackout and the future of our fight:

Looking back from five years in the future, the defeat of SOPA/PIPA by an unlikely coalition of Internet activists, online communities, and huge business interests is even more amazing. The call to action didn’t fall along party lines. It brought together libertarians, progressives, conservatives, and Tea Party activists. It didn’t matter if you were a major corporation or an individual citizen. For one day, the line was drawn, and the fight for a Free Internet changed everything…

If the 2012 victory against SOPA/PIPA taught us anything, it’s that whether or not the Internet will remain a place that everyone can access reliably and affordably to share, connect, and create freely depends on us.

Read more.


Share this: Join EFF
Categories: Aggregated News

The Perils of Secrecy in Copyright Rulemaking

eff.org - Thu, 19/01/2017 - 07:43

We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of the law, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation.

When a big corporation seeks special-interest laws to boost its profits at the expense of the broader public interest, it naturally gravitates towards the most secretive lawmaking venue possible. This is why Hollywood's copyright maximalists have invested so much in international trade agreements, where negotiations over copyright rules take place behind closed doors, and negotiators take the advice of secretive, industry-dominated advisory panels.

Last year, that tactic backfired—big time. After five wasted years of taxpayer-funded flights around the world, the Trans-Pacific Partnership (TPP) dramatically imploded, frustrating big media's plans to extend the term of copyright protection across the Pacific rim, to set broken U.S. rules on DRM in concrete, and to turn some cases of non-commercial copyright infringements into international crimes.

But the death of the TPP doesn't mean the end of free trade agreements. In one form or another, these agreements will continue, and so will the lobbying efforts of copyright maximalists. The only way to break the cycle is to make dramatic changes to the way in which trade agreements are negotiated, to make them a less attractive venue for rent seeking. The way to do this is to make trade agreements more open, democratic, and transparent.

To this end, EFF held a high-level roundtable on trade transparency in Washington, D.C. last Friday, inviting not only staff of the U.S. Trade Representative (USTR), but also representatives of other agencies with expertise in trade, along with interested Congressional offices, a few key Internet industry representatives, and colleagues from two civil society networks, the Open Digital Trade Network that EFF formed last year, and the OpenTheGovernment.org coalition.

As we explained in a background document [PDF] that we tabled at the meeting:

Trade agreements are disconnected from democratic oversight, mired in a swamp of influence from lobbyists and special interests, and harmful to the interests of American workers and entrepreneurs. Agreements are negotiated with levels of confidentiality that go far beyond those necessary for effective deal-making.

But the roundtable wasn't just a gripe session. We came into the meeting with some specific proposals for meaningful reforms that would make trade negotiations more transparent and inclusive; for example:

the regular release of U.S. text proposals and consolidated negotiation texts, the development of U.S. proposals through an open, notice-and-comment process, and (if they are to be retained at all) the relaxation of confidentiality obligations applicable to Trade Advisory Committees.

We left the meeting with strong support around the table for some of these ideas, and with a number of additional ideas from the assembled experts. While we also received some pushback, which amounts to an argument for business as usual, the idea that Americans will accept any future trade agreements that are negotiated in the same closed, captured fashion as the TPP is delusional thinking. As we explained:

the world in which such agreements are made has changed since America’s first trade agreements were negotiated in the 1930s under the Reciprocal Tariff Act. Today, transparency and broad public consultation are expected, and fierce public opposition can be expected to follow any trade agreement that does not follow these practices. This is especially so in relation to Internet-related rules, where prescriptions nominally about commerce and trade can affect citizens’ free speech and other fundamental individual rights.

As we also explained, copyright and other so-called intellectual property rules are the archetypal example of such rules that affect free speech and other human rights, and can't be treated as if they only had impacts on trade. Hollywood has pushed the use of trade agreements to their breaking point—and sure enough, they have broken, leaving the new administration to pick up the pieces.

It's too early to say whether trade negotiations will become more transparent and inclusive under the Trump administration, but EFF and our partners have made as best a case for it as we can. The USTR now has to decide what is more important—continuing to secretly write trade deals that include Hollywood's maximalist copyright rules, or negotiating agreements with a diversity of stakeholder views that may be less favorable to Hollywood, but have a better chance of being accepted as legitimate.


Share this: Join EFF
Categories: Aggregated News

EFF to BART: Adopt Spy Tech Control Law

eff.org - Wed, 18/01/2017 - 10:46

EFF urged the Bay Area Rapid Transit (BART) Board to adopt a new law that would ensure community control of whether to adopt new surveillance technologies.

All too often, police executives unilaterally decide to adopt powerful new spying tools that invade our privacy, chill our free speech, and unfairly burden communities of color. These intrusive and proliferating tools of street-level surveillance include drones, cell site simulators, surveillance cameras, and automatic license plate readers.

Under the proposed BART law, the power to decide whether or not to adopt new surveillance technologies would rest with the elected BART Board, and not law enforcement officials. The Board could not approve a new spy tool unless it first determines that the benefits outweigh the costs, and that the proposed use policy protects civil rights and civil liberties. Most importantly, members of the public would have the opportunity to participate in the decision-making process.

As we explain in our letter to the BART Board:

Each government surveillance technology raises a thicket of difficult questions.  Should it be used at all?  What are the benefits and the costs?  Will it actually make us safer?  If it is adopted, who will be targeted?  What are the privacy safeguards?

These are questions that the BART Board of Directors should answer before BART adopts surveillance technology.  The general public should be heard, too.  When all concerned stakeholders participate, we make better decisions.

Our allies include the ACLU and the Oakland Privacy Working Group. EFF supported a similar law adopted last year in Santa Clara County. We are now working on parallel efforts in Oakland and Palo Alto.


Share this: Join EFF
Categories: Aggregated News

EFF Celebrates Obama’s Decision: Chelsea Manning To Be Released This Year

eff.org - Wed, 18/01/2017 - 10:34

As one of his very last acts in office, President Obama has commuted the sentence of whistleblower Chelsea Manning by 28 years. EFF applauds Obama for using his last days as president to bring justice to Manning’s case. And we congratulate all those who supported, defended, and spoke out on behalf of Manning over the years and supported her clemency petition. Your efforts secured her freedom.  

Manning was originally sentenced to 35 years in prison for her role in the release of approximately 700,000 military and diplomatic records to WikiLeaks. Under this sentence—the longest punishment ever imposed on a whistleblower in United States history—Manning would have been released in 2045. Now, under the terms set by President Obama, Manning is to be released on May 17, 2017, after more than seven years behind bars.

Last year, EFF filed an amicus brief in support of Manning to the U.S. Army Court of Criminal Appeals. Manning was convicted of 19 counts as a result of her whistleblowing activities, including one under the Computer Fraud and Abuse Act (“CFAA”). The notoriously vague law makes it illegal to intentionally access a computer connected to the Internet “without authorization,” but it doesn’t say what "without authorization” means. The government’s theory in Manning’s case was that she violated the CFAA when she disregarded the terms of a written computer use policy, which prohibited using unauthorized software to access a Department of State database.

This theory takes the CFAA too far. In our brief, we told the Army Court of Criminal Appeals something we’ve said before (and before): violating a computer use policy is not a federal crime. What’s more, interpreting the CFAA’s language to include terms of use violations would turn millions of Americans into criminals on the basis of innocuous activities, like browsing Facebook or viewing online sports scores from a work computer in violation of company policy.

EFF also successfully defended Manning’s ability to access information while in custody. After hearing word that the U.S. Disciplinary Barracks (USDB) at Fort Leavenworth had refused to provide her with printouts of EFF blog posts and other materials related to prisoner censorship—ostensibly to protect EFF’s copyrights—we contacted USDB and made sure Manning received the materials. We’ve also worked to protect the ability of Manning’s supporters to amplify her voice.

Manning’s case—and draconian, 35-year sentence—highlights the need for legal reform. First, Congress needs to clarify something that courts across the country have already recognized: that the CFAA—a seriously outdated law—was never meant to criminalize violations of private policies. Second, it’s time for Congress to enact strong protections for whistleblowers, including reforming the Espionage Act to take into account both the motivation of individuals who pass on documents and the ramifications of the disclosure.

While we’ll continue to fight for CFAA reform and whistleblower rights into the future, today we celebrate Manning’s freedom. Even from solitary confinement, Manning provided a unique perspective on foreign affairs, surveillance, incarceration, and gender identity through her essays and tweets. We look forward to her rejoining us in the free world and fulfilling her full potential—right alongside us.


Share this: Join EFF
Categories: Aggregated News

One Weird Trick to Improve Copyright: Fix EULAs

eff.org - Wed, 18/01/2017 - 05:16

We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of the law, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation.

Congress has been spinning its wheels on comprehensive copyright reform, but it could do a lot of good with one simple fix: forbid manufacturers from using EULAs to force consumers to waive their fair use rights.

Traditionally, once a person has purchased a product, she has been free to use it however she sees fit without oversight or control from the copyright owner. Purchasers have also been free to use competitors’ add-on software and hardware that interoperate with the goods they buy, because innovators have been able to develop and distribute such technologies.

That expectation is upended when it comes to products that come with embedded software, from tractors to refrigerators to toasters and children’s toys.  That software is supposed to make our stuff smarter, but it also makes our stuff not really ours. We own the hardware, but supposedly we only license the software in it.  And those licensing agreements sharply limit your ability to repair, test, and reuse your stuff. They inhibit both add-on innovation and security and privacy research that keeps you safe.

Those limits usually take two forms. First, they force you to waive rights like fair use granted to you under copyright law, such as the rights to: 

Second, they impose conditions on your use of the product, including:  

Users who violate these terms can find themselves threatened with a copyright lawsuit, but that is relatively rare. A more common tactic is to threaten third parties who want to offer add-on products or services (including repair) that might conflict with the EULA terms.

Studies suggest that most customers have no idea they are agreeing to such terms. But even if they do, they have few options short of refusing to buy the device. One Guardian reporter tried reading the terms of use he encountered over the course of a week and concluded: “reading the terms and conditions simply doesn’t help … With no negotiating power, it ends up being mostly depressing reading.” And courts have repeatedly upheld such terms, even when the record is clear that no one has read them or even explicitly agreed to the terms.

It’s time for Congress to take a step towards meaningful copyright reform: restrict the ability of manufacturers to force customers to waive their rights. Such a limitation is not all that unusual; for example, the current Copyright Act prevents authors from waiving their right to terminate a transfer of copyright ownership (which just makes sense – if publishers could require such a waiver the termination right would be meaningless). Legislators commonly restrict waiver by contract in all kinds of situations, as this table from the Association of Research Libraries shows.

In the meantime, several states (New York, Massachusetts, Minnesota and Nebraska) are considering legislation to protect one basic right that’s often waived: the right to repair. If you live in those states, you can take action now to support those efforts. But we need a cleaner, simpler, national fix. As software proliferates, onerous outdated copyright rules and contract terms shouldn't stop us from making sure our devices are safe, much less inhibit innovation and creativity. After years of talk about copyright reform, it's time for Congress to take real steps to protect user rights.   


Share this: Join EFF
Categories: Aggregated News

EFF's 100-Day Plan

eff.org - Wed, 18/01/2017 - 04:37
The Trump presidency starts Friday. Here is the Electronic Frontier Foundation's agenda. 

In a matter of days, the United States will enter a new era.

On Friday, President Elect Donald J. Trump will swear the oath of office, pledging to uphold the Constitution. But as EFF has learned in the course of defending our fundamental rights over four American presidencies, our civil liberties need an independent defense force. Free speech and the rights to privacy, transparency, and innovation won’t survive on their own—we’re here to ensure that government is held accountable and in check.

Technological progress does not wait for politicians to catch up, and new tools can quickly be misused by aggressive governments. The next four years will be characterized by rapid developments in the fields of artificial intelligence, autonomous vehicles, virtual and augmented reality, connected homes, and smart cities. We welcome innovation, but we also expect to see an explosion of surveillance technologies designed to take advantage of our connected world to spy on all of us and our devices, all the time. That data will be used not only to target individuals but to project and manipulate social behavior. What will our digital rights look like during these uncertain and evolving times? Will our current rights remain intact when the baton is passed on once again?

Make no mistake: privacy, liberty, and accountability are not partisan issues.

We’ve seen digital rights come under threat no matter which party controls the Oval Office. In 1995, we sued President Bill Clinton’s Department of Justice to overturn unconstitutional export restrictions on encryption. We sued President George W. Bush over illegal domestic surveillance. We sued the Obama administration for mass surveillance of digital communications. And we expect to file new lawsuits in the next four years. Now, more than ever, we will fiercely resist any legislation, policy, regulation, ruling, or prosecution that would impinge on our civil liberties.

The first 100 days will set the tone for the rest of Mr. Trump’s time in office. The transition team has laid out what they hope to accomplish over this period. Some of the things he and his team said have us preparing for the worst. Based on statements about surveillance, net neutrality, and press freedom, we anticipate attempts to undercut many of the hard-won protections for technology users and thwart efforts to reform broken laws.

But priorities tend to change, sometimes rather quickly. As Mr. Trump’s appointees assume control of every federal agency, and as Congress settles on its balance of power, the new government’s agenda will crystalize. 

Today, EFF lays out how we will fight for your rights over those first 100 Days.

1. We will continue to defend digital rights in court.

If the Trump administration seeks to undermine the constitutional rights of technology users, our litigation team stands ready to go to court. We’ve fought wrongful surveillance and censorship orders for 26 years, and our decades of experience make us uniquely suited to challenge unconstitutional laws and executive orders. We’ve successfully fought for the ability of online service providers to reveal the existence of national security letters and forced the release of secret opinions from the Foreign Intelligence Surveillance Court. We’ll also continue the legal challenges already underway: all 11 of EFF’s active cases against federal agencies will be inherited by the 45th president’s administration. 

2. We will test and leverage the Freedom of Information Act.

EFF has a long history of using FOIA requests and lawsuits to force transparency on our secretive government, and we intend to wield this tool from the earliest days of Trump’s presidency. 

On day one, we will begin filing requests with the goal of assessing how his agencies will carry out the law and the new modest reforms passed by Congress last session. Over time, we will be demanding transparency from agencies within the Department of Justice, the Department of Homeland Security, and the intelligence community on a variety of issues, but especially on surveillance technology, litigating whenever necessary.

3. We will hold Silicon Valley accountable.

From the boardroom executives to the server-room sysadmins, tech companies need to decide whether they’ll defend their users when the government comes knocking. EFF is sending a message: if you stand up for your users, then we’ll stand up for you. That’s why we began the year with a full-page ad in Wired magazine and a series of recommendations for the technology community. We plan to keep the pressure on tech companies—in public and through direct meetings. We will also keep building tools that will empower technology users to hold companies to account, and we will build and explore alternatives to a centralized, surveillance-friendly, Internet.

4. We will reach out to targeted communities to enhance their security and legal capabilities.  

With the arrival of the Trump administration, we are going to dedicate more resources to help those most at risk. We will be providing even more free or at-cost security trainings to groups who may be subjected to increased surveillance under the Trump administration. We’re reaching out to a wide range of activists, Muslim communities, immigrant communities, lawyers, security educators and others. We also will be working to support security educators. While it is impossible to provide trainings to everyone, we will reach out to groups that could significantly benefit. These trainings can help ensure those who dissent are better protected from surveillance.

Many of these groups worry about just how bad it could get if the surveillance apparatus of America’s intelligence services are turned further inward onto domestic political groups. EFF has spent many years working across the world to help activists and dissidents in countries with repressive regimes, from Iran to Russia to China to Ethiopia to Vietnam to Kazakhstan, as well as advise those who might have already been targeted abroad by the United States. We have helped with advice, tools, exposés, and we have learned much from our partners. We are prepared to bring that knowledge home—while continuing to defend the rest of the world from the excesses of the American surveillance state. 

We are also reaching out to organizations to provide our specialized legal expertise in defending free speech, surveillance, and privacy, building new relationships and deepening old ones. When their digital rights are threatened, we will stand up for them in court to challenge invasive policies and laws. 

5. We will work on creating new security education materials.

Surveillance Self Defense has been our flagship security-training tool, providing in-depth, step-by-step guides to threat modeling, understanding different types of encryption, choosing tools that are right for you, and understanding their limitations. We will be expanding, updating, and sharpening these guides in the coming months, including better helping trainers and those in our tech-savvy community who are seeking to digitally protect friends or loved ones. And of course, we will continue to translate SSD into nearly a dozen languages, so that our message reaches people in need, no matter where they are or what language they speak.

6. We will work with the California legislature to resist federal government overreach. 

California has never been in a stronger position to protect the rights of its citizens and residents. The governor and the legislature have drawn a line in the sand on a number of issues, including digital privacy. Right out of the gate, Senate President pro Tem Kevin de León introduced S.B. 54, the California Values Act, which would restrict how data collected by law enforcement is shared with the federal government in order to counter mass deportations, the creation of Muslim registries, and efforts to monitor the public. The bill would also require every state agency to review its confidentiality policies and only collect the bare minimum of information required to carry out its duties. EFF will work with a coalition of justice and community organizations to strengthen this bill, as well as other measures that the legislature may introduce. As the center of the global technology industry, we can also work here for legal changes that can improve user privacy in tech produced by California-based companies, no matter where in the world those users live.

7. We will build the ground game in Washington, D.C.

EFF has redoubled its effort to bring our expertise to Capitol Hill, with a larger team dedicated to knocking on doors in the halls of Congress. Since the election, we’ve connected with dozens of Congressional offices, advocating for our supporters and offering practical instruction on digital privacy. We’re talking to our returning bipartisan allies, among them Sens. Ron Wyden and Rand Paul, who have already distinguished themselves by asking direct questions about mass surveillance from Trump’s nominees. We are also meeting with returning members of Congress whose perspectives on civil liberties and digital privacy may have shifted over the course of tumultuous 2016. There are seven new senators to reach out to as well, including Sen. Kamala Harris, who represents California where EFF is based, and who has been appointed to two committees key to our issues: Homeland Security and Intelligence.

8. We will lead a campaign to end mass surveillance under Section 702 of the FISA Amendments Act.

Regardless of who occupies the White House, mass surveillance of Internet communications is unconstitutional. We are hopeful that even those who defended government surveillance under President Obama will rethink the wide set of surveillance tools that will be handed to the incoming Trump administration. As always, we will fight to protect users’ privacy from government surveillance, including by supporting a warrant requirement for emails, pushing back on new government hacking powers, and calling for a sunset to national security surveillance authorities.

Section 702 of the FISA Amendments Act—one of the legal authorities used to justify the sweeping and warrantless Internet surveillance exposed by former government contractor Edward Snowden—is set to expire at the end of 2017. We are ready to fight alongside principled lawmakers to end this mass surveillance. 

9. We will defend a free and open Internet.

There’s ample reason to believe that Mr. Trump and his appointees, backed by members of Congress, will attempt to dismantle hard-fought net neutrality victories. With new membership, we are expecting the Federal Communications Commission to actively seek ways to roll back consumer privacy rights and allow Internet service providers to stealthily harvest your data so it can be packaged and resold to third parties without your permission. We are prepared to fight efforts to undo the Open Internet Order and allow cable and telephone companies to dictate the future of the Internet. We will continue to play a major role in building the movement to oppose any efforts to undermine Internet freedom in Congress, the Executive Branch, and in the courts.

10. We will cultivate a grassroots movement to defend digital rights in all 50 states.

We are planting seeds to grow dissent at the local level by encouraging and supporting movements to resist surveillance and censorship and to promote a free and open Internet in their own communities. Having launched nine months ago, the Electronic Frontier Alliance already has recruited more than 40 local organizations from over 15 states, which is a solid start toward our long-term goal to identify a group representing the alliance in every state in the country. While we won’t have groups in every state within the first 100 days, we will prioritize expanding into new areas, including in the southern states, such as North Carolina, Georgia, and Texas. We are also committed to working across parties (and not just Republicans and Democrats) to ensure freedom of speech and your right to privacy both to protect you and defend our democracy.

 

Digital privacy and free speech need protection. Become a member today.


Share this: Join EFF
Categories: Aggregated News

First Amendment Protections Don’t End For Anonymous Speakers Who Lose Lawsuits, EFF Tells Court

eff.org - Wed, 18/01/2017 - 04:23
Plaintiffs Don’t Automatically Get to Unmask Anonymous Blogger

Cincinnati—The Electronic Frontier Foundation (EFF) urged a federal appeals court to uphold a judge’s ruling that the identity of an anonymous blogger found to have infringed copyright should remain secret, arguing that courts must balance litigants’ needs to unmask online speakers against the First Amendment protections afforded to those relying on anonymity.

Maintaining one’s anonymity online may be warranted even in cases—like this one—where a court ruled that a blogger infringed a copyright, EFF said in an amicus brief filed with the U.S. Court of Appeal for the Sixth Circuit. The balancing test required by the First Amendment to protect speakers who choose to mask their identity must be applied at every stage of a lawsuit, including after a court finds an anonymous speaker violated the law, EFF said.

EFF believes Signature Management Team LLC v. John Doe marks the first case to consider whether speakers can remain anonymous even after a court rules that they broke the law.

“Plaintiffs don’t get to unmask anonymous bloggers just because they prove liability. The First Amendment requires that judges balance the need for anonymity against the needs of litigants at every stage of a lawsuit,” said Aaron Mackey, EFF Frank Stanton Legal Fellow. “Being able to speak online anonymously allows citizens to air dissenting views without fear of retaliation. Unmasking anonymous bloggers without proper justification can discourage people from speaking out or commenting online, which chills the free speech rights of all Americans.”

The plaintiff is a multi-level marketing (MLM) company that won a judgment against the owner of Amthrax.com, a website and blog that criticizes Amway and other MLM companies. The owner is a former Amway marketer who blogs anonymously. Signature Management sued John Doe for infringing the copyright of its book, which was posted on Amthrax.com.

After a judge ruled its copyright had been infringed, Signature Management sought a court order revealing the identity of John Doe, who feared he would face a slew of abusive comments and threats once his identity was known. The trial judge refused. In doing so, the judge correctly balanced the needs of the plaintiff with the First Amendment protections of the blogger.

For the brief:

https://www.eff.org/document/smt-v-doe-amicus-brief

Contact:  AaronMackeyFrank Stanton Legal Fellowamackey@eff.org
Share this: Join EFF
Categories: Aggregated News

It's Copyright Week: Join Us in the Fight for a Better Copyright Law

eff.org - Tue, 17/01/2017 - 10:32

We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of the law, and addressing what's at stake, and what we need to do to make sure that copyright promotes creativity and innovation.

Copyright law touches everyone. But despite its constitutional mandate to serve the public, policymakers have often treated it as the private preserve of major media and entertainment industries. Those industries built entire empires on copyrighted works, and they’ve shaped the law to reflect their interests and desires. But with copyrighted software and digital technologies now integral to our daily lives, copyright affects everyone – and the law should serve all of us.

Today, copyright law not only impacts the music you hear or the movies you watch, it shapes your ability to communicate with others online, to create, post or share content to online platforms, to make art that talks back to popular culture, and to use, fix, and tinker with your own belongings. When copyright law is out of balance – when content holders are given too much power to control how new technologies and copyrighted works are used – it limits our basic freedoms to access information, to express ourselves, to control our own digital devices, and to innovate to create new tools and creative works.

Established content industries have long sought to use copyright law to expand their monopoly control over culture, pursuing longer copyright terms, for example, and attempting to dictate the design of new technologies that come into contact with creative works. These industries often use lobbying, litigation, and private agreements to reach their aims, and their campaigns sometimes harm the very progress and innovation that copyright is designed to encourage.  But in recent years, Internet users, emerging artists, authors, independent musicians and filmmakers, students, researchers, libraries, and technology users have begun to push back.

Five years ago this week, a diverse coalition of Internet users, non-profit groups, and Internet companies defeated the Stop Online Piracy Act (SOPA) and the PROTECT IP Act (PIPA), bills that would have forced Internet companies to blacklist and block websites accused of hosting copyright infringing content. Had they become law, SOPA and PIPA would have allowed established copyright industries to censor the web, and to constrain its innovative potential. They would also have increased the risk that both government and private entities could remove or block unpopular or critical speech from the Internet.

In the five years since SOPA, new threats have emerged, and we continue to fight alongside our allies to push back against proposals that would expand copyright’s reach and trample on the public interest. But we’re not only fighting against bad legal changes and private agreements that harm the public – we’re taking part in the copyright reform process to fight for a better copyright law that serves everyone, not just established copyright industries.

As part of that work, each year we join together with a diverse range of organizations to advocate for a set of principles for making copyright law work for everyone. This year, we highlight two additional principles. One is that copyright law should reflect the needs of all authors and creators, not just those backed by established copyright industries. This means that conversations around copyright reform should also include the voices of online creators, bloggers, remixers, fan artists, independent musicians and filmmakers, and authors who rely both on internet platforms, and on the limitations on copyright in order to produce and share new works. Another principle is that in the face of increasing anxiety about the vulnerability of freedom of expression online, the relationship between copyright and free speech is more important than ever. We will pay special attention to how both government and private entities use copyright law to undermine Internet users’ freedom of expression.

Here are this year’s Copyright Week principles:

  • Monday: Building and Defending the Public Domain. The public domain is our cultural commons and a crucial resource for innovation and access to knowledge. Copyright policy should strive to promote, and not diminish, a robust, accessible public domain.
  • Tuesday: You Bought It, You Own It, You Fix It. Copyright law shouldn't interfere with your freedom to truly own your stuff: to repair it, tinker with it, recycle it, use it on any device, lend it, and then give it away (or re-sell it) when you're done.
  • Wednesday: Transparency and Representation. Copyright policy must be set through a participatory, democratic, and transparent process. It should not be decided through back room deals, secret international agreements, or unilateral attempts to apply national laws extraterritorially.
  • Thursday: 21st Century Creators. Copyright law should account for the interests of all creators, not just those backed by traditional copyright industries. YouTube creators, remixers, fan artists and independent musicians (among others) are all part of the community of creators that encourage cultural progress and innovation.
  • Friday: Copyright and Free Speech. Freedom of expression is fundamental to our democratic system. Copyright law should promote, not restrict or suppress free speech.

Every day this week, we’ll be sharing links to blog posts and actions on these topics at https://www.eff.org/copyrightweek and at #CopyrightWeek.

If you’ve followed Copyright Week in past years, you may note that this year, we didn’t designate a specific day to focus on fair use. Fair use—the legal doctrine that permits many important uses of copyrighted works without permission or payment—is critical to the law’s ability to promote creativity, innovation, and freedom of expression. Fair use is a part of each of this year’s principles.

As we said last year, if you too stand behind these principles, please join us by supporting them, sharing them, and telling your lawmakers you want to see copyright law reflect them.

 

 

 


Share this: Join EFF
Categories: Aggregated News

Remember Dr. King—and What He Endured

eff.org - Tue, 17/01/2017 - 00:15

Annual celebrations of the life and work of Reverend Dr. Martin Luther King, Jr. often lionize the civil rights era, rightfully focusing on its achievements. 

But celebrations often overlook the federal government’s attempts to “neutralize” the movement. While we remember Dr. King’s many achievements today, we also must remember the documented and unfounded vilification by U.S. intelligence agencies that he, and others in the civil rights movement, endured.

As our nation approaches a new administration, led by a president-elect whose rhetoric has shown little respect for constitutional limits on executive power and armed with an entrenched surveillance state, that experience offers a prescient warning.

A movement in Memoriam

The emergence of the civil rights movement in the 1960s, its triumph over hate to establish desegregation and secure procedural voting rights, and the narrative of interracial struggle for justice—all reflect an inspiring legacy of a grassroots movement that aspired to hold America true to our founding values. As Dr. King succinctly exhorted, the movement called on America to "Be true to what you said on paper." 

The movement was subjected to brutal violence, both by the assassination of its leaders and by the daily brutality of police and vigilantes reacting to the desegregation of public institutions. Dozens of civil rights activists from various backgrounds were murdered during this era, alongside hundreds—if not thousands—of African-Americans as young as 14 year-old Emmitt Till and 11 year-old Denise McNair, whose church in Alabama was bombed by extremists using violent terror to oppose racial integration.

The risks confronting supporters of civil rights grew so acute that the Supreme Court in 1958, in NAACP v. Alabama, granted members of organizations the right to anonymity under the association clause of the First Amendment. EFF cited that decision 55 years later, when we filed First Unitarian Church of Los Angeles v. NSA to challenge the contemporary mass surveillance regime (which we have fought in court since 2008) that turned the right to anonymity on its head.

Violent state suppression of speech

Throughout Dr. King's life, and for a decade (if not longer) beyond it, the FBI pursued what members of the U.S. Senate in 1976 described as "a sophisticated vigilante operation aimed squarely at suppressing…First Amendment rights of speech and association." Those operations, described in internal FBI files as COINTELPRO, have been forgotten by many Americans, but represent a key to understanding why the specter of mass surveillance threatens not only privacy, but also democracy.

For 40 years, FBI Director J. Edgar Hoover presided over a reign of intimidation and terror across Washington. Under his tenure, the FBI blackmailed members of Congress, and infiltrated organizations seeking everything from international peace to equal rights for women.

The Bureau’s aim was not to guard national security from any external threat, but instead to “neutralize” constitutionally protected domestic dissent and people using their rights—including Dr. King. In addition to bugging his hotel rooms, monitoring his movements, and recording his liaisons, the FBI also tried to break up Dr. King's marriage and attempted to prompt his suicide.

Many Americans reacted to seemingly politicized FBI disclosures in the days before the 2016 presidential election with surprise. But the FBI has embroiled itself in partisan controversies since its very origins. From the Palmer Raids through the McCarthy era, from the Green Scare to its infiltration of labor organizing by farm workers, the FBI has a long history of investigating and undermining constitutional rights in the context of political movements.

Under Hoover’s direction, the FBI achieved its written goal: the "neutralization" of domestic social groups speaking out to advance their views as protected by the First Amendment. Hoover's FBI achieved its goals with a fraction of the budget, staff—and none of the computing power—of the FBI today.

Continuing abuses

The story of the FBI's Next Generation Initiative provides a compelling example of how the Bureau’s access to technology has increased its ability to undermine rights in secret. Starting by collecting biometric data of arrestees from local police departments around the country, originally for the stated purpose of identifying undocumented immigrants with criminal records eligible for fast track deportation proceedings, the FBI has built a fully operational facial recognition database including over 400 million records including biometric data of over 115 million Americans.

The Bureau’s aspiration to build a comprehensive biometrics database was kept secret for years, and became public knowledge only after a federal court in 2013 forced disclosure of previously secret documents. Even after its plans became public, the FBI continued to resist legal restraints, lobbying for exemptions to federal privacy requirements.

The FBI’s biometrics bait & switch is hardly unique. The Bureau played fast and loose with the facts again when claiming in 2016 that national security required it to force Apple to create a hack for a device platform that would place the security of millions of users at risk. Then, as now, encryption keeps us safe—whether from despotic regimes abroad (or at home), thieves, foreign state intelligence agencies, or the prying eyes of a neighbor. EFF was glad to see Apple choose user privacy over the ill-considered demands of intelligence agencies, and filed an amicus brief in support of Apple’s position, noting how the FBI’s demands violated the First Amendment in multiple ways.

Beyond hiding its biometric tracking scheme and trying to co-opt device manufacturers, the FBI has also helped extend secret surveillance across and throughout the U.S. For a decade, police departments around the U.S. deployed cell-site simulators (also known as IMSI-catchers or Stingrays) to spy on local cell phone networks without public oversight.

Only after a jailhouse lawyer discovered how the device had enabled authorities to identify him did the public learn about these devices, the latest versions of which are so powerful that they can hack phones, deny service, or plant malware on a device. While half a dozen states and the federal Department of Justice now require police to secure a judicial warrant before using a cell site simulator, only one state prohibits their offensive use.

Throughout the decade that local police kept Stingrays secret from policymakers, they did so at the behest of FBI agreements that required them to do so. The FBI imposed secrecy not only from the public, but even from judges. In multiple jurisdictions, FBI demands forced prosecutors to abandon cases rather than disclose to courts the origins of their evidence as required by Due Process principles.

The FBI also conducts its own surveillance activities, using powers including National Security Letters (NSLs) that have long been predictably abused behind walls of secrecy. We are proud to have challenged NSLs on behalf of organizational clients who recently revealed themselves after years of complying with illegitimate government gag orders that prevented them from informing Congress and the public about their experience.

Will past prove prologue?

Many have voiced concerns that the FBI's entrenched intelligence apparatus could expand under president-elect Trump. Even more dangerous is the specter of its potential politicization, given Trump’s campaign statements reflecting his seeming eagerness to use state intelligence to advance his own political ends.

If politicized, surveillance can insulate a system from accountability from critics and dissidents. That’s why the values offended by surveillance extend beyond privacy to also include dissent and democracy.

Communities organized around any number of pursuits—from advocacy to social services, recreation to religious practice—could find their opportunities dramatically diminished in an era when supporters must risk the ire of the state should they raise their voice. 

Put another way: as long as the mass surveillance regime is available for the next (or any) administration to abuse, democracy hangs in the balance. The system has already been abused by individual agents and contractors to, for instance, spy on their ex-wives and lovers. They may be the canaries in the coal mine. The continuing potential for recurring abuse poses a threat to our entire political system.

A crucial opportunity

Against this backdrop, Congress enters 2017 with a critical deadline looming before it. A statutory pillar of the NSA and FBI’s mass surveillance powers, Section 702 of the Foreign Intelligence Surveillance Act, is scheduled to expire at the end of the year. If Congress does nothing, the legal basis for the NSA’s PRISM and Upstream collection programs (from which raw, unfiltered data became available to the FBI in the waning days of the Obama administration) will expire on December 31.

In years past, Congress has responded to reauthorization deadlines facing surveillance powers in a predictable pattern. After ignoring its oversight responsibilities for years, as the eleventh hour approaches before intelligence powers near their expiration, members cite national security concerns as a basis to ignore not only the need to conduct any oversight but also constitutional limits on executive power.

Congress has repeatedly extended executive surveillance powers without either determining whether they have actually helped security or how much they have undermined democracy by inhibiting participation in the political process. That pattern is poised to recur under the next administration. 

Americans who share a stake in democracy can intervene to prevent these horrors by raising our voices in concert. United resistance has derailed congressional consensus in the recent past, and also driven crucial (if incomplete) policy reform in 2015 when Congress enacted the USA Freedom Act.

To fully honor Dr. King’s legacy, we must bear witness not only to his courage, but also his vision, as well as his sacrifice. Rather than represent a comforting historical figure to assuage America of the burden to realize our founding values in practice, his example should sound a clarion call to resistance, a renewed commitment to hold America “true to what We said on paper.”


Share this: Join EFF
Categories: Aggregated News

Google Launches Key Transparency While a Trade-Off in WhatsApp Is Called a Backdoor

eff.org - Sun, 15/01/2017 - 13:17

The Guardian ran a sensational story on Friday claiming a backdoor was discovered in WhatsApp, enabling intelligence agencies to snoop on encrypted messages. Gizmodo followed up saying it's no backdoor at all, but reasonable, intended behavior. So what's really going on here?

The lost phone, lost message dilemma

The issue at question is WhatsApp's answer to the question of what applications should do when someone's phone number changes (or they reinstall their app, or switch phones).

Suppose Alice sends a message to Bob encrypted with Bob's key K1. Alice's message is stored encrypted at the server until Bob can connect and download it. This behavior is required for any app that allows asynchronous communications (meaning you can send a message to somebody while they are offline), which nearly all popular messaging apps support.

Unfortunately, Bob just dropped his phone in a lake. Later on, Bob gets a new phone and reinstalls WhatsApp. On this new phone, the app will create a new key K2. There are two possible behaviors here:

  • Fail safe: The server can delete the queued message, since it was encrypted with K1, which no longer exists. Bob will never see the message. If Alice has turned on key change notifications, she will be warned that Bob is using a new key. She will be told that her message was not delivered and given the option to re-send it. This is what Signal does.
  • Proceed: The server will tell Alice's phone that Bob has a new key K2, and to please re-encrypt the message for K2. Alice's phone will do this, and Bob will get the message. If Alice has turned on key change notifications, she will then be warned that Bob's key had changed. This is what WhatsApp does.

Note that the second behavior makes the service seem more reliable: it's one less way a message can fail to be delivered.

The issue here is that the second behavior opens a security hole: Bob need not have actually lost his phone for the server to act as if he has lost it. Acting maliciously, the server could pretend that Bob's new key is a key that the server controls. Then, it will tell Alice about this new key, but will not give Alice a chance to intervene and prevent the message from being sent. Her phone will automatically re-send the message, which the server can now read. Alice will be notified and can later attempt to verify the new fingerprint with Bob, but by then it will be too late.

By contrast, the first behavior of failing safe prevents this potential attack vector. As far as reliability, however, it also introduces a case in which messages could fail to be delivered.

What to do if you use WhatsApp

If you are a high-risk user whose safety might be compromised by a single revealed message, you may want to consider alternative applications. As we mention in our Surveillance Self-Defense guides for Android and iOS, we don't currently recommend WhatsApp for secure communications.

But if your threat model can tolerate being notified after a potential security incident, WhatsApp still does a laudable job of keeping your communications secure. And thanks to WhatsApp's massive user base, using WhatsApp is not immediate evidence of secretive activity.

If you would like to turn on WhatsApp's key change notifications, go into Settings ? Account ? Security, and slide “Show security notifications” to the right.

In defense of security trade-offs

The difference between WhatsApp and Signal here is a case of sensible defaults. Signal was designed as a secure messaging tool first and foremost. Signal users are willing to tolerate lower reliability for more security. As anybody who's used Signal extensively can probably attest, these types of edge cases add up and overall the app can seem less reliable.

WhatsApp, on the other hand, was a massively popular tool before end-to-end encryption was added. The goal was to add encryption in a way that WhatsApp users wouldn't even know it was there (and the vast majority of them don't). If encryption can cause messages to not be delivered in new ways, the average WhatsApp user will see that as a disadvantage. WhatsApp is not competing with Signal in the marketplace, but it does compete with many apps that are not end-to-end encrypted by default and don't have to make these security trade-offs, like Hangouts, Allo, or Facebook Messenger, and we applaud WhatsApp for giving end-to-end encryption to everyone whether they know it's there or not.

Nevertheless, this is certainly a vulnerability of WhatsApp, and they should give users the choice to opt into more restrictive Signal-like defaults.

But it's inaccurate to the point of irresponsibility to call this behavior a backdoor.

This is a classic security trade-off. Every communication system must make security trade-offs. Perfect security does no good if the resulting tool is so difficult that it goes unused. Famously, PGP made few security trade-offs early on, and it appears to be going the way of the dodo as a result.

Ideally, users should be given as much control as possible. But WhatsApp has to set defaults, and their choice is defensible.

Detecting bad behavior more easily with Key Transparency

Coincidentally, Google just announced the launch of its new Key Transparency project. This project embraces a big security trade-off: given that most users will not verify their contacts' key fingerprints and catch attacks before they happen, the project provides a way to build guarantees into messaging protocols that a server's misbehavior will be permanently and publicly visible after the fact. For a messaging application, this means you can audit a log and see exactly which keys the service provider has ever published for your account and when.

This is a very powerful concept and provides additional checks on the situation above: Bob and anyone else with the appropriate permissions will know if his account has been abused to leak the messages that Alice sent to him, without having to verify fingerprints.

It's important to note that transparency does not prevent the server from attacking: it merely ensures that attacks will be visible after the fact to more people, more readily. For a few users, this is not enough, and they should continue to demand more restrictive settings to prevent attacks at the cost of making the tool more difficult to use. But transparency can be a big win as a remedy against mass surveillance of users who won't tolerate any reduction in user experience or reliability for the sake of security.

Adding key transparency will not prevent a user from being attacked, but it will catch a server that's carried out an attack.

We are still a long way from building the perfect usable and secure messaging application, and WhatsApp, like all such applications, has to make tradeoffs. As the secure messaging community continues to work towards the ideal solution, we should not write off the current batch as being backdoored and insecure in their imperfect but earnest attempts.


Share this: Join EFF
Categories: Aggregated News

How to Talk to Congress

eff.org - Sat, 14/01/2017 - 10:17

As this year begins with a new president and new Congress taking power, more people than ever want to know how to make their voices heard in Congress. As the Legislative Counsel at EFF, my job is to help the organization and our supporters reach out to Congress more effectively. We've put together this guide in order to share some of our findings about how best to impact decisions in government. This represents years of trial and error at EFF as well as my own experience working in Congress and Washington, D.C. for a number of years before joining the organization.

What Is the Best Way to Communicate with Congress?

At EFF, we have had success asking our supporters to call their lawmakers, email them, and contact them over social media. Each tactic has its advantages and disadvantages, depending on the situation.

When an issue is time-sensitive—for example, a vote in the coming days—you have to pick up the phone and call your representative and two senators to voice your opinion. All other forms of communication such as emails, faxes, and letters take an office weeks to process before they are ever seen by a decision-maker.

Social media campaigns (Twitter campaigns, posts on lawmakers' Facebook pages, etc.) can also be powerful, both because they spread the word publicly and because many staffers are watching social media streams. Each tweet may not have as much impact as a phone call (and we recommend you do both), but when thousands of people participate at once, these campaigns can and do make a difference, particularly when elected officials are contemplating how an issue is covered by the press. Some members of Congress actively watch their own Twitter and Facebook feeds—there have even been times when lawmakers have directly referred to our social media campaigns in their arguments on the floor of Congress. One drawback of social media campaigns is that it can be difficult for lawmakers to tell which tweets are coming from their own constituents.

Twitter campaigns are sometimes the last option when there is very little time left before a vote. Phone calls are typically tallied at the end of the day, whereas an outpouring on Twitter might be noticed in real time the same day as a vote.

In more long-term situations—say, demanding oversight over a federal agency, supporting a bill that is not scheduled for a vote, or demanding that your elected official take a policy position—you can send in an email and meet with the district office (or Washington office if you are traveling there). EFF created a tool called democracy.io to make it as easy as possible for people to write to their members of Congress.

Quality is important: the more personal the communication, the more impact it has on the elected official's thinking. In our Action Center campaigns, we usually provide default text to use in your letter, but we encourage you to edit it to reflect your own experience. We've also seen that referencing recent news articles in your emails or letters can be helpful. Be sure that you also reference the specific bill number you're writing about, and say that you are a constituent. And if you have time, sending a physical letter through snail mail can add a personal touch.

Lastly, one of the most powerful ways to talk to a member of Congress is to attend their townhall meetings and speak to them directly. These are usually hosted when Congress is not in session (see the calendar for 2017 here) and are announced through the member's online newsletter, which you can subscribe to by visiting their website. Townhalls are typically announced 1 to 3 days before they are hosted, so you need to be vigilant. Meeting with staff at the district office or in Washington, D.C., is valuable in conveying public opinion. Those can be set up at any time simply by calling the office (every office line is listed on their congressional website) and asking for a meeting. Just make sure you are calling the right office (go here to look up your House representatives. and go here for your senators) because, again, they will only want to hear from their constituents. For more information on how to set up and prepare for a meeting with a congressional staffer, see our page on contacting Congress.

How are Congressional Offices Structured to Process Public Opinion?

Every member of Congress has two sets of offices, one in Washington, D.C., and district offices in areas where their constituents live. D.C. staffers are responsible for researching and advising senators and representatives on the hundreds of issues Congress covers each year. For virtually every bill that goes through Congress, each member will have a staffer responsible for researching and advising them on that bill. Staffers' advice is influenced by a variety of sources such as local press coverage, national press, research papers, personal experience, lobbyists, and most importantly, voter opinion back home. In addition to these policy staffers, every office has a group of staff who receive your communication (email, phone calls, or letters) and ensure that you get a response. See below for information on how to interpret those responses.

The district office is staffed by people who do "casework;" essentially, that means they work on helping voters back home navigate and understand the federal government services available to them. Sometimes a district staffer will also be the subject matter expert, but that's the exception. That doesn't mean your opinion won't be heard back home, though: district staffers are responsible for meeting with voters and delivering their opinions to the right staff who will help get you a response. If you want to meet with an office in person and don't plan to travel to D.C., you should meet with the district office.

Does My Member of Congress Read My Communication?

This is one of the most common questions we get about Congress. The answer is that it depends on the member. We can say two things for certain, though. First, Congress will never hear you if you never communicate with it. Second, every communication is read and processed in some manner to keep the member informed about what voters back home think.

I have personally worked for a member of Congress who read every single new letter that came to the office and was directly involved with staff-drafted responses. In other words, when a constituent wrote about an issue that was new to the office, the member read the letter and approved the response letter. Once the member's position on an issue was established, staffers could reuse previous responses. These are called form-letter responses.

To give an example of how this works, imagine going into the district office to meet with a staffer to voice your opinion on an EFF issue such as defending encryption. That district staffer may not know the details of the issue or what experts are saying, but they will take notes about your opinion and then send that to the D.C. office so that you get a response. Once your communication is received in D.C., the staff responsible for encryption as a policy matter will check if the member of Congress has taken a position in a form letter they approved and then will immediately send it your way. If they do not have an approved response, then the legislative staff responsible for the issue will be involved in writing a response for approval and will send it through a process to formalize the public statement of that member of Congress. At the end of that process, you can be sure that the written statement you receive represents their official position and that your communication is directly involved in the decision-making process.

Every letter, phone call, or email you send is absolutely critical because frankly, most people do not take the time to contact Congress. When people do rally in sizable numbers, no amount of special interest and campaign contributions can override the perceived opinion of voters back home and how that impacts an elected official's electoral concerns. The more confident a member of Congress feels in the number of people who will vote for them back home if they vote their way, the more resistant they become to opposing influence.

I Got a Response, What Does It Mean?

There are two kinds of letters congressional offices send back to voters. One is crystal clear about their position on the issue because they have settled on their opinion (though that can always be changed with enough of a push from voters back home) and the other is less clear. The "undecided" responses recite various facts about the issue and then conclude with stating that they will "keep your thoughts in mind" or something to that effect. These types of letters happen because the member of Congress remains undecided or simply does not want to take a public position at that time.

Until you have a firm commitment that is favorable to you established by your elected official, you should assume that you have to continue to advocate as a voter and organize others to do the same. Many issues worth fighting for do not get resolved quickly; they require sustained activism on the part of voters to really bring about change. That being said, movements that are persistent, motivated, and widespread regularly bring about changes in law or stop bad changes from happening in Congress. The only parties that do not want you to believe you can make change happen are the special interests that reside in D.C. because they depend on voters back home being silent.

How Do I Get Started and Join the Fight with EFF?

At EFF, we are preparing for the new congressional session and administration and will aggressively fight for your constitutional rights to privacy, free speech, as well as protecting a free and open Internet. However, all of our work depends on you augmenting our voice with your support. So please sign up for our action alerts, make those calls and send those emails when we put out the word, follow what is going on in Congress on our blog, and most importantly, organize your friends and family to join you in standing up for free speech, promoting innovation, and ending the surveillance state.


Share this: Join EFF
Categories: Aggregated News

EFF to Court: Don't Let California Gag IMDb

eff.org - Sat, 14/01/2017 - 08:48

California is trying to gag websites from sharing true, publicly available information about actors in the name of age discrimination. But one online service, IMDb, is fighting back. EFF and four other public interest organizations have filed in a friend of the court brief in the case, urging the court not to allow celebrities to wipe truthful information about them from the Internet.

IMDb.com v. Harris challenges the constitutionality of California Civil Code section 1798.83.5, which took effect January 1, 2017. That law requires “commercial online entertainment employment service providers” to remove an actor’s date of birth or age information from their websites upon request. The purported purpose of the law is to prevent age discrimination by the entertainment industry. The “providers” covered are those which “owns, licenses, or otherwise possesses computerized information, including, but not limited to, age and date of birth information, about individuals employed in the entertainment industry, including television, films, and video games, and that makes the information available to the public or potential employers.” Under the law, IMDB.com, which meets this definition because of its IMDB Pro service, would be required to delete age information from all of its websites, not just its subscription service.

As we wrote in our brief, and as we and others urged the California Legislature when it was considering the law, the law is clearly unconstitutional. The First Amendment provides near absolute protection to publish truthful information about a matter of public interest. And the rule has extra force when the truthful information is contained in official governmental records, such as local government’s vital records, which contain dates of birth.

This rule, sometimes called the Daily Mail rule after the Supreme Court opinion from which it originates, is an extremely important free speech protection. It gives publishers the confidence to publish important information even when they know that others want it suppressed. The rule also supports the First Amendment rights of the public to receive newsworthy information.

Our brief emphasizes that although IMDb may have a financial interest in challenging the law, the public too has a strong interest in this information remaining available. Indeed, if age discrimination in Hollywood is really such a compelling issue, and EFF does not doubt that it is, then hiding age information from the public makes it difficult for people to participate in the debate on the issue, form their own opinions, and scrutinize their government’s response to it.

Joining EFF on the brief are the First Amendment Coalition, Media Law Resource Center, Wikimedia Foundation, and Center for Democracy and Technology.


Share this: Join EFF
Categories: Aggregated News

Obama Expands Surveillance Powers on His Way Out

eff.org - Fri, 13/01/2017 - 10:33

With mere days left before President-elect Donald Trump takes the White House, President Barack Obama’s administration just finalized rules to make it easier for the nation’s intelligence agencies to share unfiltered information about innocent people.

New rules issued by the Obama administration under Executive Order 12333 will let the NSA—which collects information under that authority with little oversight, transparency, or concern for privacy—share the raw streams of communications it intercepts directly with agencies including the FBI, the DEA, and the Department of Homeland Security, according to a report today by the New York Times.

That’s a huge and troubling shift in the way those intelligence agencies receive information collected by the NSA. Domestic agencies like the FBI are subject to more privacy protections, including warrant requirements. Previously, the NSA shared data with these agencies only after it had screened the data, filtering out unnecessary personal information, including about innocent people whose communications were swept up the NSA’s massive surveillance operations.

As the New York Times put it, with the new rules, the government claims to be “reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.”

Under the new, relaxed rules, there are still conditions that need to be met before the NSA will grant domestic intelligence analysts access to the raw streams of data it collects. And analysts can only search that raw data for information about Americans for foreign intelligence and counterintelligence purposes, not domestic criminal cases.

However—and this is especially troubling—“if analysts stumble across evidence that an American has committed any crime, they will send it to the Justice Department,” the Times wrote.  So information that was collected without a warrant—or indeed any involvement by a court at all—for foreign intelligence purposes with little to no privacy protections, can be accessed raw and unfiltered by domestic law enforcement agencies to prosecute Americans with no involvement in threats to national security.

We had hoped for more. In November, we and other civil liberties and privacy groups sent a letter to President Obama asking him to improve transparency and accountability, especially around government surveillance, before he leaves office. This is not the transparency we were hoping for.

We asked that he declassify and release Foreign Intelligence Surveillance Court opinions, shed some much-needed light on how certain foreign-facing surveillance programs are used to target Americans, and more.

Obviously, and not for the first time, we are disappointed in the Obama administration.

In his finals days in office, let the president know about your disappointment in the government surveillance infrastructure he’s bulking up before he hands the reins to Trump. Sign our petition here.


Share this: Join EFF
Categories: Aggregated News

Government Pressure Shutters Backpage's Adult Services Section

eff.org - Fri, 13/01/2017 - 07:27

Succumbing to years of government pressure, the online classified ads website Backpage.com has shut down its adult services section. Just like Craigslist before it, Backpage faced the difficult choice of censoring an entire forum for online speech rather than continue to endure the costly onslaught of state and federal government efforts seeking to hold it responsible for the illegal activity of some of its users.

The announcement came on the eve of a hearing by the Senate Permanent Subcommittee on Investigations (PSI). The hearing was the backdrop for the release of a committee report [PDF] alleging [PDF] that Backpage knew that its website was being used to post ads for illegal prostitution and child sex trafficking, and directly edited such ads to make their illegality less conspicuous or flagged for the posters how to do so themselves.

While acknowledging the horrific nature of sex trafficking, EFF has participated in several cases to remind courts about the importance of preserving strong legal protection under the First Amendment and Section 230 (47 U.S.C. § 230) for Internet intermediaries.

For example, we were counsel for the Internet Archive in two cases, one in Washington state and the other in New Jersey, challenging state laws that sought to hold online companies responsible for hosting third-party ads for illegal sexual transactions (Backpage had brought parallel challenges). We successfully argued that the laws were invalid under the First Amendment and Section 230.

Section 230 is the two-decade old statute passed by Congress to promote online free speech and innovation by immunizing (with certain exceptions) Internet intermediaries from liability for illegal content created or posted by their users. Section 230 immunity holds as long as the companies did not themselves create the illegal content, while editing user-generated content is permitted by Section 230 as long as the editing does not make the content illegal.

We’ve also filed amicus briefs in support of strong legal protection for Internet intermediaries. We filed an amicus brief in an emotionally tough Massachusetts case against Backpage brought by young women trafficked for sex as minors via the website. The court rightly dismissed the case, largely adopting our Section 230 arguments.

Much of Backpage’s fights have hinged on defending fundamental First Amendment rights online. We submitted an amicus brief in a case where Backpage successfully challenged the “campaign of suffocation” by an Illinois sheriff who had illegally coerced major credit card companies to stop doing business with Backpage. Recently, we submitted an amicus brief in a case where Backpage is challenging some of the subpoenas issued by PSI, arguing that the committee’s inquiry into Backpage’s ad moderating practices amounts to improper government interference into core editorial functions protected by the First Amendment—something we also argued Sen. Thune did in relation to Facebook’s “trending” news stories.

During the PSI hearing, senators expressed their disdain for Backpage’s reliance on Section 230 and the First Amendment. Chairman Rob Portman (R-OH) said that Backpage’s invocation of Section 230 is a “fraud on courts, on victims, and on the public.” Ranking Member Claire McCaskill (D-MO) exclaimed, “This investigation is not about curbing First Amendment rights. Give me a break!” And Sen. Heidi Heitkamp (D-ND) said that Backpage has “the audacity to hide behind the First Amendment."

EFF and other civil liberties organizations are all too familiar with the fact that First Amendment rights are often championed by those accused of disseminating unpopular or harmful speech. And when First Amendment rights are weakened for one unsavory person or entity, First Amendment rights become weakened for everyone.

Most disturbing during the hearing, Chairman Portman said that the committee will explore “legislative remedies” to address the problem of online sex trafficking. This surely means a weakening of Section 230 protection for Internet intermediaries, which EFF strongly opposes. Congress already passed the SAVE Act in 2015, which amended the federal criminal statute on sex trafficking to include anyone involved in advertising sex trafficking. This amendment was specifically meant to target online platforms that host ads posted by third parties, and strip those platforms of Section 230 protection since the statute does not provide immunity against federal criminal charges.

Any changes to Section 230 itself, to make it easier to impose liability on companies for user-generated content, would be devastating to the web as we know it—as a thriving online metropolis of free speech and innovation. As my colleague Matt Zimmerman wrote back in 2010 when Craigslist shuttered its adult services section, Section 230 “is not some clever loophole” but rather “a conscious policy decision by Congress to protect individuals and companies who would otherwise be vulnerable targets to litigants who want to silence speech to which they object.”

Matt further explained:

This clear protection plays an essential role in how the Internet functions today, protecting every interactive website operator—from Facebook to Craigslist to the average solo blog operator—from potentially crippling legal bills and liability stemming from comments or other material posted to websites by third parties. Moreover, if they were obligated to pre-screen their users’ content, wide swaths of First Amendment-protected speech would inevitably be sacrificed as website operators, suddenly transformed into conservative content reviewers, permitted only the speech that they could be sure would not trigger lawsuits.

So while Backpage’s announcement suggests that the company’s opponents have at least temporarily won the battle against the adult services section of the website (Backpage has vowed to continue its legal battles), EFF will continue to try to win the war to ensure that both the First Amendment and Section 230 remain strong protectors of Internet intermediaries—the online innovators who enable the rest of us to communicate, engage in commerce, and generally be active participants in our democratic and diverse society like never before.  

Related Cases: Internet Archive v. McKennaInternet Archive v. Hoffman
Share this: Join EFF
Categories: Aggregated News

New Video on Encrypting the Web

eff.org - Fri, 13/01/2017 - 03:29

Encrypting the web is a more important challenge than ever. Now, EFF has teamed up with Sandwich Video and Baratunde Thurston to explain and promote this mission via video. Sandwich is the production company behind some of the best product launch videos in tech, and you may know Baratunde from his work on The Daily Show, The Onion, and New York Times bestseller How To Be Black. We brought these creative forces together to show you why we need to continue moving from non-secure HTTP to more secure HTTPS, and how you, with EFF tech tools HTTPS Everywhere and Certbot, can help us get there.

Share the video with friends and colleagues as another way to show what HTTPS Everywhere and Certbot can do for them, and learn more about our encrypt the web initiative.

%3Ciframe%20src%3D%22https%3A%2F%2Fwww.youtube.com%2Fembed%2FPdnpNJZVUE0%3Fautoplay%3D1%22%20width%3D%22650%22%20height%3D%22365%22%20frameborder%3D%220%22%3E%3C%2Fiframe%3E Privacy info. This embed will serve content from youtube.com

Some websites offer inconsistent support for HTTPS, use unencrypted HTTP as a default, or link from secure HTTPS pages to unencrypted HTTP pages. HTTPS Everywhere is a browser extension for users that fixes these problems by rewriting requests to these sites to HTTPS wherever possible, automatically activating encryption and HTTPS protection that might otherwise slip through the cracks.

Our long-term goal, however, is to make a tool like HTTPS Everywhere unnecessary. This vision of a 100% encrypted web requires web site owners to enable HTTPS and encrypt their websites. Certbot allows domain owners and website administrators to make their own sites secure for free. Using a series of easy-to-follow interactive instructions, Certbot can automatically fetch custom certificates for your domain. Certbot can also automatically configure your webserver to support encrypted traffic and even be set to renew that certificate whenever it’s close to expiring so that you never have to worry about it again.

Certbot is a client for the Let’s Encrypt certificate authority (CA), which is operated by the Internet Security Research Group. CAs play a central identification and verification role in the web encryption ecosystem—and Let’s Encrypt is one of the world’s largest, having issued over 20 million active certificates. Hosting providers can user Let’s Encrypt to offer HTTPS by default to their customers, joining the movement toward free, automatic HTTPS as the default standard.

These tools work together to make a safer, more secure web for everyone, and they are free to use, download, and share. The mission to encrypt the web can only advance when users, website owners, and hosting providers work together, too. Share the video, spread the word, and take action to help us get closer to the mission of encrypting the web.


Share this: Join EFF
Categories: Aggregated News

EFF is Proud to Stand Beside Techdirt in its "First Amendment Fight for its Life."

eff.org - Thu, 12/01/2017 - 11:37

Techdirt, a prominent and critical source for incisive tech reporting and analysis, is defending itself against a $15 million lawsuit that could become a fight for its very existence. That suit was brought by Shiva Ayyadurai, who claims he invented email, and is based on a series of detailed articles Techdirt published disputing Ayyadurai’s claims.

Important note: Techdirt is represented in this suit by Rob Bertsche and Jeff Pyle at Prince Lobel Tye, LLP.

The First Amendment provides vitally important protections for publishers – the Supreme Court ruled that public figure plaintiffs in defamation lawsuits must prove that offending statements about them are in fact false, and that the speaker actually knew they were false or seriously doubted them when they were published. That rule protects speakers, bloggers, and reporters against lawsuits designed merely to squelch critical speech about public figures. Nonetheless, defending against such suits can be very costly.

Techdirt released a statement on the litigation, making clear exactly what hangs in the balance in these kinds of suits:

Defamation claims like this can force independent media companies to capitulate and shut down due to mounting legal costs…this is not a fight about who invented email. This is a fight about whether or not our legal system will silence independent publications for publishing opinions that public figures do not like.

We wholeheartedly agree. Defending against even frivolous defamation and similar lawsuits can be extremely expensive, forcing news sites to shut down or settle the lawsuits under unfavorable terms. Those that settle often must agree to remove the offending content. These results are far from speculative - as Techdirt explains in its statement, Ayyadurai’s lawyer in this case, Charles Harder, has “already . . . [h]elped put a much larger and much more well-resourced company than Techdirt completely out of business.”

Techdirt is a vital resource – it provides a wide audience with independent journalism addressing some of the biggest technology issues of our time. The Internet community wouldn’t be the same without it. But of course this case is not just about Techdirt. It's about freedom of the press generally.

We commend Techdirt for taking on this fight for freedom of expression. And we urge everyone who cares about a free and independent press to support Techdirt in “its First Amendment fight for its life.”

Want to publicly show your support for Techdirt? Add this graphic to your website.


Share this: Join EFF
Categories: Aggregated News

Advertising

 


Advertise here!

Syndicate content
All content and comments posted are owned and © by the Author and/or Poster.
Web site Copyright © 1995 - 2007 Clemens Vermeulen, Cairns - All Rights Reserved
Drupal design and maintenance by Clemens Vermeulen Drupal theme by Kiwi Themes.
Buy now