Earlier today, Senator Patrick Leahy introduced a revised version of his USA FREEDOM legislation, the USA FREEDOM Act of 2014, which focuses on telephone record collection and FISA Court reform. While this bill is not a comprehensive solution to overbroad and unconstitutional surveillance, it is a strong first step. EFF urges Congress to support passage of the bill without any amendments that will weaken it
The new legislation contains a number of key changes from the gutted House version of USA FREEDOM:
The USA FREEDOM Act of 2014 will end bulk collection of phone records under Section 215
EFF, along with other groups, made it clear that we would not support any legislation that did not effectively end bulk collection of call detail records. The Senate version of USA FREEDOM achieves this goal, by limiting collection to instances where there is reasonable suspicion that a “specific selection term” is associated with international terrorism.
The House version of USA FREEDOM used murky language around the phrase “specific selection term,” in particular, raising concerns that a “specific selection term” could include an entire zip code or other similarly broad terms. For purposes of collection of call detail records where there is reasonable suspicion, the Senate version continues to use the definition that a specific selection term is an “individual, account, or personal device.” However, for any other purpose, the term must narrowly limit the scope of a request for information, and cannot include a broad geographic region or an entire electronic communications service provider.
The USA FREEDOM Act of 2014 makes significant improvements to the FISA Court
The new USA FREEDOM makes two key changes to the secretive FISA Court process. First, we were pleased to see that it creates a special advocate position that will serve as an amicus in the court and is intended to advocate for civil liberties and privacy.
Second, it directs the Office of the Director of National Intelligence, in consultation with the Attorney General, to declassify “significant” FISA Court opinions. We would have preferred that this process be overseen directly by the Attorney General, with input from the FISA Court itself. On the other hand, the new USA FREEDOM bill actually defines “significant” (the original USA FREEDOM bill did not), and this definition includes any novel interpretation of “specific selection term.”
The legislation also makes several other improvements. When USA FREEDOM was originally introduced, we were concerned that it would codify “about” searches—the practice of searching for any communication that references a target, in addition to communications to and from a target. We were deeply concerned that this controversial practice would be written into law, and glad that the Senate version removes any reference to that form of searching.
The new legislation also has some small improvements to the initiation and judicial review procedure for national security letters—secretive FBI orders for data that are accompanied by gag orders—as well as pen register and trap-and-trace devices. The bill creates new reporting requirements for the government—including a requirement that the government estimate how many U.S. persons have been affected by backdoor warrantless searches of information collected under the authority of Section 702 of the FISA Amendments Act. And finally, the bill creates a new option for companies to report on national security requests.
What the USA FREEDOM Act of 2014 doesn't do
First and foremost, the USA FREEDOM Act of 2014 does not adequately address Section 702 of the FISA Amendments Act, the problematic 2008 law that the government argues gives it the right to engage in mass Internet surveillance. We remain committed to reform of Section 702. We intend to pursue further reforms to end the NSA’s abuse of this authority.
The legislation also does not affect Executive Order 12333, which has been interpreted by the NSA to allow extensive spying both on foreigners and U.S. citizens abroad. Strictly speaking, we don’t need Congress to fix this—the President could do it himself—but legislation would ensure that a later President couldn’t reinstate 12333 on her or his own.
The legislation may not completely end suspicionless surveillance. With respect to call detail records, it allows the NSA to get a second set of records (a second “hop”) with an undefined “direct connection” to the first specific selection term. Because the “direct connection” standard is vague, the government may seek to construe that phrase to mean less than reasonable suspicion.
Finally, as with all legislation up to this point, the new USA FREEDOM continues to exclude meaningful protections for the rights of non-U.S. persons.
A meaningful first step
The USA FREEDOM Act of 2014 is a real first step because it creates meaningful change to NSA surveillance right now, while paving the way for the public to get more information about what the NSA is doing. We believe that this legislation will help ensure that the NSA reform conversation in Congress continues, rather than shutting it down. That’s why we urge Congress to support the Senate version of USA FREEDOM and pass it without any changes that will weaken its provisions.
Please help us pass this bill. Speak out today.Related Issues: NSA SpyingPATRIOT ActPen Trap
Share this: || Join EFF
It's increasingly rare for Congress to actually pass bills into law, but Friday brought some good news from Capitol Hill: More than a year after the exemption covering phone unlocking expired and a White House petition on the topic collected some 114,000 signatures, a narrow bill offering a limited carve-out for consumers unlocking phones made its way to the President's desk to be signed into law.
This is a win for consumers. There was near universal agreement that the restrictions were unreasonable, ranging from a White House statement calling a phone unlocking allowance "common sense," to a partial solution from the FCC, to a Congressional hearing on phone unlocking and the DMCA. EFF worked with a broad coalition of individuals, companies, and public interest groups to convert that common goal into real policy and to keep dangerous language from the House proposal out of the final version of the bill.
But this is also just a tiny step toward what should be the real goal: fundamental reform of the misguided law that is the heart of the problem. The reason the phone unlocking's legality is even unclear is because of a Digital Millennium Copyright Act (DMCA) provision that prohibits the circumvention of technical measures that restrict copyrighted content. In the case of phones, that copyrighted content could include the actual software running the phone.
Of course, consumers want to be able to unlock their phones so they can use them with the carrier of their choice, and that has nothing to do with copyright infringement. Enforcing the business models of telephone companies is way out beyond what copyright law is supposed to do. Unfortunately, it's not that unusual an application of the DMCA's anti-circumvention provisions. In the 16 years since the DMCA became law, it’s done little to hinder infringements but a lot to shut down innovation and free speech.
The safety valve in that section of the DMCA is a rulemaking procedure that takes place every three years, where members of the public can argue for the Librarian of Congress to grant specific exemptions to the law. An exemption for phone unlocking had been granted in the past, but in the 2012 rulemaking, it was only extended for several months until early 2013.
The legislation we passed last week effectively corrects that error, granting an exemption for the remainder of this three-year term. But it does nothing to address the underlying problem: Copyright law is being used to as a tool against competition and innovation. Further, it gives little consolation to others burned by the DMCA's anticircumvention rules.
With the next round of rulemaking expected to take place in the next year, even this narrow victory could be short-lived. The law requires each exemption to be argued from scratch each time, and there's no shortcut process for "renewing" an already granted exemption. Practically speaking, the Librarian of Congress has been given a strong signal from the legislature on the need for a phone unlocking exemption, but there will still be a time-consuming process of formally making the case. The outcome is important, but in many cases that process is a waste of time for everybody involved.
A much better solution would be to reform that section of the law altogether. Even if we cannot come to a compromise that simply strips the anticircumvention rules out of the law, we should be able to condition their application to cases where there might actually be infringement.
Such a solution is possible. The bill that passed last week was only one of several proposed solutions to the phone-unlocking problem. Representative Zoe Lofgren's bill, the Unlocking Technology Act, took this much better fundamental approach. And even with the urgency of phone unlocking off the table, Lofgren's proposal would be an extremely important improvement to a profoundly broken section of copyright law.
This issue, bubbling under the surface for a long time, is increasingly important as more and more of our appliances, devices, and goods could face the phone unlocking problem: if everything's got a layer of copyrighted software, our ability to own and operate the stuff we own can face hurdles from the DMCA. Our right to repair, to tinker, to repurpose, to resell, all are affected.
As in years past, EFF will push for the best possible exemptions in the triennial rulemaking. But it is also increasingly clear that the rulemaking is not a workable “safety valve.” Last week's phone unlocking success was a partial victory, but users deserve more. Whether it comes from Lofgren's Unlocking Technology Act or elsewhere, we will continue to push for that reform.Related Issues: Fair Use and Intellectual Property: Defending the BalanceDMCADMCA RulemakingInnovationDRM
Share this: || Join EFF
Human Rights Watch and the ACLU today published a terrific report documenting the chilling effect on journalists and lawyers from the NSA's surveillance programs entitled: "With Liberty to Monitor All: How Large-Scale US Surveillance is Harming Journalism, Law and American Democracy." The report, which is chock full of evidence about the very real harms caused by the NSA's surveillance programs, is the result of interviews of 92 lawyers and journalists, plus several senior government officials.
This report adds to the growing body of evidence that the NSA's surveillance programs are causing real harm. It also links these harms to key parts of both U.S. constitutional and international law, including the right to counsel, the right of access to information, the right of association and the free press. It is a welcome addition to the PEN report detailing the effects on authors, called Chilling Effects: How NSA Surveillance Drives US Writers to Self-Censor and the declarations of 22 of EFF's clients in our First Unitarian Church of Los Angeles v. NSA case.
The HRW and ACLU report documents the increasing treatment of journalists and lawyers as legitimate surveillance targets and surveys how they are responding. Brian Ross of ABC says:
There’s something about using elaborate evasion and security techniques that’s offensive to me—that I should have to operate as like a criminal, like a spy.
The report also notes that the government increasingly likens journalists to criminals. As Scott Shane of the New York Times explains:
To compare the exchange of information about sensitive programs between officials and the media, which has gone on for decades, to burglary seems to miss the point. Burglary is not part of a larger set of activities protected by the Constitution, and at the heart of our democracy. Unfortunately, that mindset is sort of the problem.
Especially striking in the report is the disconnect between the real stories of chilling effects from reporters and lawyers and the skeptical, but undocumented, rejections from senior government officials. The reporters explain difficulties in building trust with their sources and the attorneys echo that with stories about the difficulties building client trust. The senior government officials, in contrast, just say that they don't believe the journalists and appear to have thought little, if at all about the issues facing lawyers.
Thanks to ACLU and HRW for adding the important faces of journalists and lawyers to the growing list of people directly harmed by NSA surveillance.Related Issues: Free SpeechNSA SpyingRelated Cases: Jewel v. NSAFirst Unitarian Church of Los Angeles v. NSA
Share this: || Join EFF
Yesterday we filed a motion for partial summary judgment in our long running Jewel v. NSA case, focusing on the government's admitted seizure and search of communications from the Internet backbone, also called "upstream." We've asked the judge to rule that there are two ways in which this is unconstitutional under the Fourth Amendment:
- The admitted seizure of communications from the Internet backbone, for which we have government admissions plus the evidence we received long ago from Mark Klein.
- The government's admitted search of the entire communications stream, including the content of communications.
We're very proud of this motion (especially the infographic), and we're hoping that this shifts the conversation around the world to how the surveillance actually happens, rather than the U.S. government's self-serving word games about it.
As this motion progresses, here are a few points to keep in mind:
1) Government Admissions: This motion is based almost entirely on the government's formal, acknowledged admissions. This is because a Motion for Partial "Summary Judgment," such as this one, cannot be decided if the parties disagree about material facts. It is a common litigation strategy to make a motion based upon the undisputed facts so that the court can rule on an important legal issue, even if there are other facts that are not yet agreed upon.
In essence, we are saying that even if you accept the government's own descriptions of its internet backbone spying, the spying is still unconstitutional. You can see which formal government statements we're relying on at pages 4-9 of the motion, some of which are directly attached in the Declaration of Richard Wiebe.
That doesn't mean that EFF thinks that the government's current description is correct or complete about what they are actually doing. We've watched the government play fast and loose with the facts—and even outright lie to Congress—too many times for that. In this case, many careful watchers of the government believe that the government isn't actually filtering out some wholly domestic traffic—stage 2 in our brief—or at least isn't doing it in the way it says it is. But because to win this motion we do not need the judge to decide whether the government is telling the truth about the filtering, we have included stage 2 in our description. Our argument is that the government's searching violates the Fourth Amendment even if stage 2 occurs.
2) Domestic backbone only: This motion is based on the domestic backbone surveillance as it has been described in the government's released documents, including Foreign Intelligence Surveillance Court opinions. This is what the government sometimes calls "upstream" and claims is allowed by FISA Amendments Act section 702 (50 USC 1881a). To be clear, this motion does not address other areas of government mass surveillance. For example, we know that the government also conducts sweeping mass collection outside of the United States of both Americans' and foreigners' communications under Executive Order 12333 as well as other kinds of surveillance inside the U.S. This motion is just about the Fourth Amendment violations due to domestic surveillance through tapping into the Internet backbone.
Note also that EFF does not think section 702 of the FISA Amendments Act actually authorizes the backbone collection. Section 702 says nothing about mass seizure and searches, much less authorizes them. But in any event, the orders of the FISC issued under section 702 are not the warrants that the Fourth Amendment requires—so the technique is unconstitutional even if 702 applies.
3) Backbone collection isn't just at the telecommunications "border": One reason that many people, including our expert J. Scott Marcus, don't believe that the government is simply searching through international or foreign-to-foreign communications when it engages in backbone collection is that those collections aren't just happening at the US "border" for communications. The "border" for these purposes would be where the undersea fiber optic cables come up out of the ocean and satellite links come down into the country. For example, none of the undersea cables land in San Francisco, as shown by these maps: Transpacific Cable Landings: Western US, which is a blow up of this cool interactive map. Nor, according to expert analysis, would it be the right location to intercept satellite feeds into and out of the country. Meanwhile, a screenshot of a Snowden slide from a Brazilian news report shows that the government has a large number of collection points in the US heartland, far from any international border.
There are lots of other reasons to be skeptical of the government's claims, but our point in the motion is that even if they are limiting their searches to communications that cross the border, the searches are still unconstitutional. This is because they admittedly includes Americans' communications when they speak to someone abroad or access a website hosted abroad, something we talk about on pages 6-8 of the motion and also again on pages 19-20 in footnote 22.
4) Word games to watch out for: As we try to make clear in the motion, especially at footnote 13, the government uses a very different definition of "collect" or "acquire" than most people do, limiting "collection" or "acquisition" to stage 4, when the communications are actually stored in the government's database. An easy place to see this is in DNI Clapper's explanation for denying to Senator Wyden that the U.S. government is “collecting” data on millions or hundreds of millions of Americans. Clapper told NBC's Andrea Mitchell: “[T]here are honest differences on the semantics when someone says ‘collection’ to me, that has a specific meaning, which may have a different meaning to him [Senator Wyden].” DNI Clapper's position is not new. A 1982 Department of Defense manual says that information is considered to be collected only after it has been “received for use by an employee of a DoD intelligence component,” and that “[d]ata acquired by electronic means is ‘collected’ only when it has been processed into intelligible form,” without regard to when the information was initially acquired by a surveillance device.
These are just four things that may help you keep track of the discussion as this fight continues.Related Issues: NSA SpyingRelated Cases: Jewel v. NSA
Share this: || Join EFF
San Francisco - The Electronic Frontier Foundation (EFF) today presented a federal court with a detailed explanation of how the NSA taps into the Internet backbone and requested the judge rule that the agency is violating the Fourth Amendment by copying and searching the collected data.
EFF argues there are now enough agreed-upon facts in our lawsuit, Jewel v. NSA, to reach a constitutional conclusion. To shed light on how the mass surveillance violates the Fourth Amendment, EFF crafted a new infographic that details each stage of the surveillance. The graphic is freely available for republication.
"We believe there is enough on the record now for the judge to rule that both the initial mass seizure and the subsequent searching of the content of Internet communications are unconstitutional," EFF Legal Director Cindy Cohn said. "By installing fiber-optic splitters on the Internet backbone, and then searching through tens of millions of Internet communications it collects, the NSA is conducting suspicionless and indiscriminate mass surveillance that is like the abusive 'general warrants' that led the nation's founders to enact the Fourth Amendment."
Jewel v. NSA was filed in 2008 on behalf of San Francisco Bay Area resident Carolyn Jewel and other AT&T customers. EFF has amassed a mountain of evidence to support the case, including documents provided by former AT&T telecommunications technician Mark Klein showing that the company has routed copies of Internet traffic to a secret room in San Francisco controlled by the NSA. Telecommunications specialist and former FCC technical adviser J. Scott Marcus also has given expert testimony confirming the mass, domestic nature of the collection. Other whistleblowers—including Thomas Drake, Bill Binney and Edward Snowden—have revealed more detail about how this technique works and feeds data into the NSA's massive collection of communications. Over the last year, the government has confirmed that it searches the content of much of what it collects as part of its "upstream" activities without a warrant. Instead, it currently claims the searches are justified under Section 702 of the FISA Amendments Act.
"By sitting on the Internet 'backbone' at key junctures, the government is operating a digital dragnet—a technological surveillance system that makes it impossible for ordinary Americans not suspected of any wrongdoing to engage in a fully private online conversation, to privately read online, or to privately access any online service," Cohn said. "The Constitution was written to ensure that Americans felt secure in their papers, digital or otherwise, and we're asking the judge to rule that the NSA's mass seizures and searches are illegal."
EFF is also currently fighting with the NSA over its failure to preserve evidence, including years of Internet-backbone data it collected, as well as telephone records and Internet metadata. Jewel v. NSA is one of three of EFF's cases aimed at ending NSA spying. The two others are First Unitarian Church of Los Angeles v. NSA and Smith v. NSA.
Note on Graphic: The graphic is available under the Creative Commons Attribution License. Attribute to Electronic Frontier Foundation/Hugh D'Andrade.
For the infographic:
Electronic Frontier Foundation
Share this: || Join EFF
EFF's position on net neutrality simply calls for all data that travels over the Internet to be treated equally. This means that we oppose ISPs blocking content based on its source or destination, or discriminating against certain applications (such as BitTorrent), or imposing special access fees that would make it harder for small websites to reach their users. We have called for the FCC to assume firm legal authority to protect the neutrality of the net from these sorts of abuses, while explicitly forbearing from going any further to regulate the Internet.
Do we maintain this same position internationally? Absolutely. Users from around the world suffer the same sorts of problems—such as the blocking of VoIP services in the Caribbean, to the recently-defeated proposal to authorize a tiered Internet in Mexico, to deals that Spotify is striking with providers in countries such as Austria to offer flat-rate access to its own music streaming service, while users pay full price for competing services. In all of these cases, just like in the US, the result is to tilt the playing field in favor of deep-pocketed incumbents, and against startups and noncommercial content providers.
Does this mean that the same strategies that we are advocating in favour of net neutrality in the US should also apply to the rest of the world? Well, no. There is, of course, no international equivalent of the FCC (nor would we want one), so that rules out the option of global net neutrality rules—though there are global multi-stakeholder bodies discussing the development of non-binding principles or guidelines for net neutrality, which EFF is following.
This makes net neutrality regulation a domestic issue, and the correct approach to take will vary based on each country's circumstances. For example, countries like Japan, the Netherlands and Canada already have open access policies that require competitors to share access to network infrastructure on fair terms. In some cases (such as Australia, Sweden and Singapore) this has been accompanied by functional or structural separation of the dominant telecommunications operator, and/or by significant public funding for a national broadband network.
In yet other countries (such as South Korea and Hong Kong, China) competition flourishes even in the absence of open access or net neutrality rules, thanks in part to low barriers to entry for new broadband service providers resulting from those countries' smaller geographies, along with a low-cost regulatory environment. Open internet rules in these countries may not be such a priority as it is in the United States, where the broadband market is less competitive—and as EFF knows well, regulating without good reason can introduce new problems.
But in countries where threats to net neutrality have emerged or can be clearly seen on the horizon, this can provide good reason to support narrow, targeted open Internet rules.Digital divide
Where things get more complicated is that there is a second problem that prevents users from around the world from accessing the Internet on fair terms. It's called the digital divide. This simply means that due to a combination of high access prices and low incomes, the cost of an unrestricted, neutral Internet connection in many countries is unaffordable to most. In some of those same countries, a solution offered by mobile providers is to offer “zero rating” of popular services.
What is zero rating? Similar to “fast lane discrimination”, where content providers pay a network provider to prioritize their content on its network, a service that is zero rated can be accessed for free from a (usually mobile) subscriber's device. In contrast, accessing competing services will eat into the subscriber's capped data allowance, or will incur extra fees if that allowance has been used up.
Services that are typically zero rated by providers in developing countries include the world's biggest Web properties—Google, Facebook and Twitter—as well as messaging services like WhatsApp, KakaoTalk and WeChat that can reduce the high cost of communicating through phone calls and SMS messages.
The zero rating of a Internet service is negotiated between the content provider and the network, and in most cases the terms of this negotiation are kept secret. An exception is the non-profit Wikipedia, which although certainly also a big Web property, does operate transparently in its negotiations with providers, and neither pays nor receives payment in exchange for its zero rating.
It goes without saying that users will be much more inclined to access a zero rated service than one for which they need to pay, and that this tilts the playing field in favor of the zero rated content owner. On its face, this isn't neutral at all. Yet some have argued that it is worth allowing poor consumers to access at least part of the Internet, even if they are shut out from accessing the rest of it because they can't afford to do so.
However, we worry about the downside risks of the zero rated services. Although it may seem like a humane strategy to offer users from developing countries crumbs from the Internet's table in the form of free access to walled-garden services, such service may thrive at the cost of stifling the development of low-cost, neutral Internet access in those countries for decades to come.
Zero-rating also risks skewing the Internet experience of millions (or billions) of first-time Internet users. For those who don't have access to anything else, Facebook is the Internet. On such an Internet, the task of filtering and censoring content suddenly becomes so much easier, and the potential for local entrepreneurs and hackers to roll out their own innovative online services using local languages and content is severely curtailed.
Sure, zero rated services may seem like an easy band-aid fix to lessen the digital divide. But do you know what most stakeholders agree is a better approach towards conquering the digital divide? Competition—which we can foster through rules that reduce the power of telecommunications monopolies and oligopolies to limit the content and applications that their subscribers can access and share. Where competition isn't enough, we can combine this with limited rules against clearly impermissible practices like website blocking.
This is the vision of net neutrality that EFF is working towards, both in the United States and around the world. We firmly believe that all the world's citizens deserve access to an open, neutral and secure Internet, in all its chaotic, offensive and wonderful glory. Whilst we appreciate the intent behind efforts such as Wikipedia Zero, ultimately zero rated services are a dangerous compromise.Related Issues: Net NeutralityInternational
Share this: || Join EFF
Today, the House Judiciary Committee is holding a hearing on "remedies" in copyright law—that is, the penalties, injunctions, and other means of challenging and penalizing alleged infringement. This is hugely important: fixing copyright’s remedy provisions (like excessive, unpredictable monetary penalties and government seizures of domain names) is key to ensuring that copyright does its job—helping to encourage creativity—without unduly interfering with free speech and innovation.
To help the Judiciary Committee, and to explain why fixing this part of copyright law is so important, EFF is releasing a white paper today. Collateral Damages explains how copyright’s system of “statutory damages” chills free speech and harms innovation. Statutory damages are automatic penalties of $750 to $150,000 per infringed work that a judge or jury can award to copyright holders without the copyright holders having to present any proof of their actual harm. This system leads to excessive penalties, like $222,000 against a home Internet user for sharing 24 copyrighted songs. It’s also wildly unpredictable, with vastly different amounts being awarded by different juries for the same conduct, making lawsuits a gamble.
Collateral Damages lays out some of the problems this system causes. The threat of excessive and unpredictable damages is why many filmmakers struggle to obtain the liability insurance their financial backers require. It's part of why innovators with new products that necessarily use and improve on creative work can't find investors. And it's one of the main reasons why so many unscrupulous lawyers have turned to copyright trolling to turn a failing movie or pornographic video into a litigation cash cow.
Copyright doesn't need these excessive penalties to accomplish its purpose. EFF’s whitepaper suggests some ways that Congress can fix statutory damages, including requiring evidence of harm when it’s available and eliminating statutory damages for those who rely on fair use in a reasonable way.
Statutory damages are likely to be a major topic at today’s hearing, and also at roundtable discussions that the Department of Commerce is holding next week: in Los Angeles on July 28 and Berkeley, California on July 29.
Six years ago, a federal judge implored Congress to reform copyright's penalties. Let's hope Congress is finally ready to listen.Related Issues: Fixing Copyright? The 2013-2014 Copyright Review Process
Share this: || Join EFF
In many parts of the developing world, students face barriers to access academic materials. Libraries are often inadequate, and schools and universities are often unable to pay dues for expensive, specialized databases. For these students, the Internet is a vital tool and resource to access materials that are otherwise unavailable to them. Yet despite the opportunities enabled by the Internet, there are still major risks to accessing and sharing academic resources online.
A current situation in Colombia exemplifies this problem: a graduate student is facing four to eight years in prison for sharing an academic article on the Internet. He wasn't making a personal profit from sharing the article—he simply intended for other scientists like him to be able to access and cite this scientific research.
Diego Gomez, 26, is a Master's student who has been researching biodiversity and working on the conservation of reptiles and amphibians for several years in the South American region. Throughout his young career, the biggest obstacle he faced was in accessing academic resources that existed on global research databases. As a student at a small university in Armenia, the availability of research papers was so limited that he often had to save money to make trips to Bogotá to access biological collections, articles, and databases only available to him at natural history museums and libraries at the capital city.
Over time, he increasingly came to depend on the Internet. It enabled him to read relevant research, share documents, and communicate with others in his field. Despite the online resources that were available, there were still major barriers that prevented him from accessing the plethora of research that existed. So when he and others came across papers that were crucial to their work, they often shared it online for other researchers to access. Gomez says:
The important thing is to make a correct citation, attributing researchers’ work by indicating their name and year of publication and, of course, not claiming the work of another researcher, but to recognize it and value it. Therefore, what we usually do is to reference the findings and make them available to those who need them.
One day a couple of years ago, he came across a paper that was especially useful to his field work. He then later shared the research online on the site, Scribd. The author of the paper then filed a lawsuit over the “violation of [his] economic and related rights.” Under the allegations of this lawsuit, Gomez could be sent to prison for up to eight years and face crippling monetary fines.The Criminal Charges
He is being sued under a criminal law that was reformed in 2006, following the conclusion of a free trade agreement between Colombia and the United States. The new law was meant to fulfill the trade agreement's restrictive copyright standards, and it expanded criminal penalties for copyright infringement, increasing possible prison sentences and monetary fines.
Colombian digital rights organization, Fundación Karisma, is supporting Gomez in his case to fight against these excessive criminal charges. Carolina Botero, staff attorney at Fundación Karisma writes (translated from Spanish):
The rationale is the potential damage that "piracy" in the industry generates. Without prejudice to the pending debate on the subject, it should be clear that the actions of users, non-profit activities, and sharing, are not crimes. […] In a society that has a disruptive technology like the Internet, the exercise of the rights to education, access to science and culture, and respect for freedom of expression must be respected.
Colombia does not have flexible fair use system like in the United States. It has a closed list of exceptions and limitations to the rights of authors (derecho de autor). This list was issued more than 20 years ago and are narrowly tailored to some specific situations that are not at all applicable to the digital age. Therefore none of these will apply directly to his case even if it was done for educational purposes.
There is a Supreme Court ruling that further weighs this legal consideration in his favor. In 2008, the highest Colombian court ruled that an infringing activity can only be criminal if there was intention to profit from the copyrighted work. The decision was partially based on international law—the Berne Convention, which carries an exceptions and limitations framework called the three-step test. This test is a way of determining whether a certain use is legal as long as it doesn't conflict with the “normal exploitation of the work and does not unreasonably prejudice the legitimate interests of the author.” Since Gomez was clearly not sharing academic articles for personal profit, there is firm ground to assert that his actions were not criminal. Botero of Fundación Karisma comments on this point:
In 2011, Diego published on the Internet a thesis that was defended in 2006. The fact that a scholar author believes that after 5 years someone who spreads his scientific findings is harming his economic interests totally ignores the importance of science in development, in this case, in the conservation of the biodiversity in Colombia, the second most biologically diverse country in the world.
This case exemplifies the real life harm of overreaching restrictions due to excessive laws that protect the “economic rights” of authors. Gomez only wanted to share these articles to further his life mission to protect native wildlife and to allow others with a similar passion to access this research. He is only one of countless thousands who risk themselves every day to push against the prohibitive restraints of copyright. We need major reform of our laws, both internationally and domestically, to ensure that people are not made criminals for promoting scientific progress and exercising their creative expression. In other words, for doing exactly what authors' rights laws are allegedly intended to do.
Diego Gomez has written about his story (translated from Spanish)
Fundación Karisma's website Compartir No Es Delito (Sharing is not a Crime)Related Issues: Fair Use and Intellectual Property: Defending the BalanceOpen AccessInternational
Share this: || Join EFF
Yesterday, ProPublica reported on new research by a team at KU Leuven and Princeton on canvas fingerprinting. One of the most intrusive users of the technology is a company called AddThis, who are employing it in “shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com.” Canvas fingerprinting allows sites to get even more identifying information than we had previously warned about with our Panopticlick fingerprinting experiment.
Canvas fingerprinting exploits the fact that different browsers have slightly different algorithms, parameters, and hardware for turning text into pictures on your screen (or more specifically, into an HTML 5 canvas object that the tracker can read1). According to the research by Gunes Acar, et al., AddThis draws a hidden image containing the unusual phrase “Cwm fjordbank glyphs vext quiz” and observed the way the pixels would turn out differently on different systems. This builds on a fingerprinting technique that was first presented by Keaton Mowery and Hovav Shacham in 2012.
The main distinction is that the canvas fingerprint can’t be blocked by cookie management techniques, or erased with your other cookies. This is inconsistent with the White House’s promise that “Visitors can control aspects of website measurement and customization technologies used on WhiteHouse.gov.” The website’s How To instructions are no help, because they are limited to traditional cookies and flash cookies. AddThis’ opt out is no more helpful, as it only prevents targeting, not tracking: “The opt-out cookie tells us not to use your information for delivering relevant online advertisements.”
The White House is far from alone. According to the researchers, over 5,000 sites include the canvas fingerprinting, with the vast majority from AddThis.What You Can Do to Protect Yourself From Canvas
- 1. HTML 5 canvas fingerprinting should not be confused with the type of supercookie that can be created by force-caching images and then using the HTML5 Canvas to read them back, as demonstrated by the evercookie project
Share this: || Join EFF
In the TV series Person of Interest, two government artificial intelligence programs—one gone rogue—can access virtually every surveillance camera across New York City, including privately operated ones in places like parking garages, hotels, and apartment complexes. The creators of the show try to stay one step ahead of modern technology. So the question is: do cities really create networks of interconnected private and public security cameras?
Yes, they do. If you're going to San Diego Comic-Con (and the Person of Interest team is), you'll want to pull on your Batman mask or slather on the Sith paint if you're passing any of the marked locations on this new map. You could very well be under surveillance as part of the San Diego Police Department's "Operation Secure San Diego."
Operation Secure San Diego—ostensibly intended so first responders could get a view of a crime as it’s happening—encourages private businesses to allow the cops to access their surveillance video cameras. It also gives officers sitting in their squad cars the power to tap directly into live feeds. The first to share its streams was Hotel Indigo, a hotel popular with the Comic-Con set in San Diego's Gaslamp district.
Whether you’re a resident or tourist, Operation Secure San Diego should make you a little nervous. SDPD wants to reassure you. As they write in a "news flash":
We are very cognizant of the impact this may have on privacy issues and the public's perception of being on video. The SDPD can assure you that we have procedures in place that allow the viewing only when summoned to the Hotel Indigo (or any additional partner) for a service call.
That might be comforting... if it were actually true.
San Diego technologist Jeff Hammett got curious and filed a public records act for those procedures. He did not get them, because now, according to SDPD, these procedures don’t exist. Here’s what SDPD told Hammett:
There are no responsive documents for your request to any copies of procedures regarding viewing these camera feeds. Operation Secure San Diego is still in the development stages. There are no procedures at this time.
In 2010, Hotel Indigo's manager assured reporters that police could only access the hotel's four lobby cameras when called to the scene and that police would be limited to watching the feeds live, no recording. Four years later, a written police policy does not exist and, without a policy, there can be no way of identifying policy violations.
Nevertheless, Hammett was able to obtain the list of 40 locations that are already in Operation Secure San Diego’s network, most of which are government property, such as trolley stops and police substations. Several, however, are on private property, including the cameras at Hotel Indigo and Prudential Realty, just blocks away from the San Diego Convention Center.
San Diego has a legitimate interest in public safety, including during massive events like San Diego Comic-Con, but it hasn’t been shown that this interest warrants a system of interconnected surveillance cameras or police access to private video feeds—especially in a city like San Diego that brags about “hav[ing] such a low crime rate.” Even if this were shown, SDPD needs to do a better job of defining the limits of this program.
Who can access the feeds and under what circumstances? What kind of paper trail is created when they access a feed? San Diego has been playing with facial recognition systems; are these being applied to the feeds? How long after a reported incident can SDPD continue monitoring the cameras? Does a police officer have the technological access to turn on a camera by himself, at any time, or only during a crisis or with authorization from higher up? Have the feeds been tested for security vulnerabilities?
Then there's the big question: can some vigilante, crime-predicting artificial intelligence program built by the sinister guy from Lost tap into it through a backdoor?
So many questions and so few answers. Maybe SDPD will be watching you, maybe they won't. One thing we can say is that we hope to see you at Comic-Con. EFF will be at Alaska Robotics’ exhibition hall booth (#1134) 2 - 3 p.m. on Friday, Saturday, and Sunday. Also check out EFF's Guide to Comic-Con.
Irony Update: Ten minutes after this post went live, the San Diego Police Department tweeted:"SDPD welcomes Comic Con visitors to town. We look forward to seeing a lot of superheroes."
Share this: || Join EFF
Tell the FCC why Net Neutrality is important to you.Take Action Now!
O dia 10 de julho marca um ano desde que a EFF e uma coalizão de centenas de especialistas e ativistas de direitos humanos deram os últimos retoques nos Princípios Necessários e Proporcionais.
Esses 13 Princípios explicam como a legislação internacional de direitos humanos deve ser aplicada à vigilância governamental. Desde então, os Princípios vêm recebendo forte apoio em todo o planeta, alimentado em parte pela indignação popular com a espionagem realizada pela NSA1, GCHQ2 e outras agências de inteligência mencionadas nos documentos revelados pelo denunciante Edward Snowden. Ativistas locais e nacionais do México à Coreia do Sul, passando pelo Canadá e pelo Brasil, vêm usando os Princípios como forma de pressão para obter proteções mais sólidas contra a vigilância digital governamental. Já os vimos usados em litígios, legislação, trabalhos administrativos, campanhas de sensibilização e em diversas outras ocasiões, além de terem sido debatidos na elaboração de políticas públicas tanto no âmbito regional quanto internacional.
Hoje estamos publicando uma versão atualizada dos Princípios Necessários e Proporcionais, incorporando o excelente retorno que recebemos durante o ano que passou. A intenção primordial das mudanças era elucidar a linguagem para captar melhor a intenção original e, em alguns pontos, simplificar tanto a linguagem quanto a estrutura, removendo possíveis ambiguidades, melhorando a gramática e diminuindo a redundância. Também fizemos uma mudança significativa na seção “Notificação ao Usuário”.
O núcleo do grupo para o projeto de elaboração consistiu das organizações Electronic Frontier Foundation, Privacy International, Access, Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic e Center for Internet and Society-India, além da consultoria da Article 19, Open Net Korea, the Association for Progressive Communications e outras organizações ao redor do mundo.
Abaixo resumimos as alterações que merecem atenção:
Primeiro parágrafo e ao longo do texto: Acrescentamos “atividades, poderes ou autoridades” a “leis e regulamentos” para nos certificar de que estejam incluídos todos os atos praticados pelos governos. Isto não deve deixar nenhuma dúvida de que os Princípios abrangem atividades como a vigilância da NSA realizadas sob o Decreto-Lei 12333 dos Estados Unidos.
Primeiro parágrafo: Acrescentamos a palavra “esclarecer” para descrever a intenção dos Princípios de reiterar que estes não reivindicam mudança nas normas e na legislação internacional de direitos humanos. Pelo contrário, argumentamos em favor de sua aplicação adequada no contexto digital. A palavra “esclarecer” é uma construção comum para denotar que nenhuma lei nova está sendo colocada em questão. Também acrescentamos a formulação “padrões e leis de direitos humanos” por uma questão de correção gramatical e sintaxe.
Preâmbulo e ao longo do texto: Acrescentamos “vários outros direitos humanos” aqui e ao longo do texto para deixar claro que não se trata somente do direito à privacidade, mas também de liberdades fundamentais, tais como as liberdades de associação e de expressão. Essa expressão também sinaliza que os Princípios não tratam da totalidade dos direitos humanos, uma vez que o direito à vida, por exemplo, não tem relação com eles.
Âmbito de aplicação: Acrescentamos essa subseção para maior clareza e adicionamos a seguinte frase explicativa: “Os Princípios e o Preâmbulo são holísticos e auto-referenciais — cada princípio e o preâmbulo devem ser lidos e interpretados como parte de um quadro mais amplo e, lidos em conjunto, cumprem um objetivo singular: assegurar que as leis, políticas e práticas relacionadas à Vigilância das Comunicações sigam os padrões e leis internacionais de direitos humanos, além de protegerem adequadamente direitos humanos individuais tais como privacidade e liberdade de expressão”.
Âmbito de aplicação: Sentimos que era importante salientar que a inteligência e a segurança nacionais estão incluídas no âmbito dos Princípios, bem como todas as outras funções governamentais — inclusive “o cumprimento da lei, a proteção da segurança nacional, o recolhimento de dados de inteligência ou alguma função governamental”.
Âmbito de aplicação: Procuramos esclarecer o papel das entidades do setor privado. “As empresas têm a responsabilidade de respeitar a privacidade de um indivíduo e outros direitos humanos, particularmente tendo em conta o papel chave que desempenham no planejamento, desenvolvimento e difusão de tecnologias; na habilitação e oferecimento de serviços de comunicação; e na facilitação de determinadas atividades de vigilância estatal”.
Definição de informações protegidas: Trouxemos a definição da parte inferior do parágrafo para o topo, mas não alteramos o conteúdo.
Primeiro parágrafo do preâmbulo: Para deixar as coisas mais claras, acrescentamos que a vigilância das comunicações “interfere” no direito à privacidade “dentre uma série de outros direitos humanos”. Como resultado, pode ser justificada “apenas” quando determinada pela lei, necessária para atingir um fim legítimo e proporcional ao fim almejado.
Quinto parágrafo das definições: Acrescentamos “bem como as técnicas invasivas usadas para realizar a Vigilância das Comunicações” com o intuito de esclarecer que técnicas como a instalação de malware podem ser a base para determinar que uma informação é protegida tanto quanto a abrangência ou a natureza sistêmica da vigilância.
Proporcionalidade: Entendemos que esta pode ser percebida como uma grande mudança, mas esperamos que, no final das contas, não seja tão substancial. Devido à confusão sobre o papel dos dois testes contidos nos princípios originais, tentamos elaborar um único teste que abrangesse os dois anteriores, permitindo que ambos os crimes e as “ameaças específicas a um Fim Legítimo” servissem como base para a vigilância. Isso também auxilia que o teste esteja conectado ao Princípio do Fim Legítimo.
Autoridade Judicial Competente: Esclarecemos que deve haver uma autoridade judicial “independente”.
Notificação do Usuário: Esta foi outra grande mudança em resposta ao retorno que tivemos. Novamente, tentarmos esclarecer e simplificar este ponto e vincular qualquer atraso na notificação à possibilidade de que o propósito da vigilância torne-se inepto ou a um perigo iminente para a vida humana. Eliminamos a cláusula que exigia que se emitisse a notificação no final do processo de vigilância, mas também especificamos que essa determinação deve ser feita pela Autoridade Judicial Competente, e que a notificação deve acontecer após a cessação do risco e que a decisão deve ser, também ela, tomada por uma autoridade judicial.
Transparência: Acrescentamos alguns esclarecimentos para exigir números “específicos”, não apenas agregados. As informações agregadas não são suficientemente úteis para permitir ao público compreender como os poderes de vigilância estão sendo utilizados.
Escrutínio Público: Especificamos que os mecanismos de fiscalização devem possuir a autoridade para determinar publicamente a legalidade da vigilância das comunicações, incluindo o alcance da conformidade com estes princípios. Sem a capacidade para determinar se a prática de vigilância supervisionada é realmente legal, o escrutínio pode se tornar irrelevante ou ser visto como mera burocracia.
Salvaguardas Contra o Acesso Ilegítimo e Direito a Medidas Eficazes: Acrescentamos o “Direito a Medidas Eficazes” na seção de medidas com a finalidade de alertar para o direito no próprio título.
Breve histórico: Finalmente, acrescentamos um breve histórico do desenvolvimento dos 13 Princípios ao final do texto para explicar a história da iniciativa e da consulta final, que foi realizada para verificar e esclarecer problemas textuais e atualizar os Princípios de forma apropriada. O efeito e a intenção dos Princípios não foram alterados por essas mudanças.
1Agência de Segurança Nacional dos Estados Unidos.
2Serviço de inteligência britânico.Related Issues: InternationalGlobal Surveillance Reform
Share this: || Join EFF
More than 100,000 people will descend on San Diego Comic-Con this week, including yours truly representing the Electronic Frontier Foundation. If you’re one of the the lucky badge-holders with an interest in protecting Internet freedom, I’d love to chat with you and give you a sticker (while supplies last, obviously). Our friends at Alaska Robotics and musician Marian Call have generously offered us a spot at their table. You can find me there (#1134 in the main exhibition hall) from 2 - 3 pm on Friday, Saturday and Sunday.
But EFF isn’t the only opportunity at SDCC to ponder issues of surveillance, tech policy, free speech, and intellectual property. We’ve compiled this schedule of panels worth checking out this year.
Also, you should check out our report on the San Diego Police Department's public-private surveillance camera network.
Are you a creator with a project, panel, or table at SDCC that ties into issues EFF covers? Send details to email@example.com and I'll stop by and add you to our next update.
When the trailer for a new TV show starts off with a 12-year-old being arrested for hacking NASA, you know EFF is interested in hearing more. CBS’s new series, Scorpion, is loosely based on hacker Walter O’Brien, and follows his team of technologists as they seek to counteract global crises.
Thursday, July 24, 2014 12:05 pm - 1:10 pm - Ballroom 20
This new documentary tracks the demise of the Atari Corporation, including an investigation into the hundreds of thousands of copies of the E.T. video game buried in the New Mexico desert. Admittedly, there’s no real connection to EFF’s core issues here, except in the sense that a lot of us grew up on the Atari and miss it badly.
Friday, July 25, 2014 3:30 pm - 4:30 pm - Room 5AB
This panel examines how media technology has exploded over the last 18 months, from apps to social media, and how this has elevated fan fiction, “gift culture,” and transformative works. The discussion is moderated by Heidi Tandy of FYeahCopyright.com, which is described as “the Snopes of copyright & trademark law (for fangirls, fanboys, creators & hipsters).”
Friday, July 25, 2014 7:30 pm - 8:30 pm - Room 26AB
Lawyers attending Comic-Con can pick up continuing legal education credits by attending the panels in the Comic Book Law School series, which are led by Michael Lovitz, author of The Trademark and Copyright Book comic book. In this panel, a group of attorneys will discuss the impact of several cases that EFF has been tracking closely, including Tarantino v Gawker, the battle over whether Sherlock Holmes is in the public domain, and an appellate court’s decision to force YouTube to remove “The Innocence of Muslims.”
Saturday, July 26, 2014 10:30 am - 12 pm - Room 30CDE
NASA’s Advanced Exploration Systems Director Jason Crusan, Intel Resident Futurist Brian David Johnson, and Rethink Robotics Senior Engineer Jennifer Barry will share their visions of the near-future of robotics and how that compares to the alternately loyal and menacing depictions of robots in pop culture.
Saturday, July 26, 2014 11 am - 12 pm - Room 7AB
EFF are big fans of the Organization for Transformative Works, who we’ve partnered with on amicus briefs and submitting requests to the Library of Congress. The group, which champions the rights of fan creators and protects them from wrongheaded intellectual-property attacks, is partnering up with DeviantArt for this panel, in which they promise to “bring out their lawyers to explain how you can go to sleep at night, dream the dream of fans, and never have to hide under the bed.”
Saturday, July 26, 2014 3:30 pm - 4:30 pm - Room 2
At last year’s Comic-Con, the creators of the CBS show rolled out an extended preview of the series that relied heavily on the fallout from the Snowden files. This time around, Executive Producer Greg Plageman and cast members will take questions on the fourth season of the science fiction (although scarily close to reality) series that examines the ethical and privacy issues surrounding big data, mass surveillance, artificial intelligence, and predictive technology.
Saturday, July 26, 2014 6:15 pm - 7:00 pm - Room 6BCF
Within SDCC there is an academic sub-event called the Comics Arts Conference. In this session, panelists will discuss how the comics reflect contemporary global debates, including how comics of the 1940s and 1950s foreshadowed the current debate over drones.
Sunday, July 27, 2014 10:30 am - 12 pm - Room 26AB
Comic Book League Defense Fund Panels
For decades upon decades, comic books artists and writers have pushed the boundaries of speech and authorities have sought to censor them. One of the most notorious chapters of history is the Comics Code, when the industry—faced with calls for regulation from Congress—decided to censor itself. This year, the free speech heroes at the Comic Book Legal Defense Fund are taking a look at the history of the Comics Code, including the controversial work of Fredric Wertham, who claimed that violent media and comics damaged childhood development. They will also host their annual Banned Comics! panel and a “live art jam” where artists are challenged to create art on the spot that violates the defunct Comics Code. Make sure to stop by their table (#1920) for free-speech literature and gear.
The History of the Comics Code Thursday, July 24, 2014 1 pm - 2 pm - Room 30CDE
Dr. Wertham's War on Comics Friday, July 25, 2014 1 pm - 2 pm - Room 30CDE
Tales from the Code-True Stories of Censorship Saturday, July 26, 2014 12:00 pm - 1:00 pm - Room 30CDE
Banned Comics! Saturday, July 26, 2014 1 pm - 2 pm - Room 30CDE
You Can't Draw That! Live Art Jam Sunday, July 27, 2014 12:15 pm - 1:45 pm - Room 5AB
Share this: || Join EFF
El 10 de Julio marca un año desde que EFF y una coalición de cientos de expertos y activistas de DDHH pusieron los toques finales a los Principios Necesario y Proporcional.
Estos 13 Principios articulan cómo la ley internacional de los derechos humanos se debe aplicar a la vigilancia gubernamental. Los Principios han recibido desde entonces firme apoyo en todo el mundo, impulsados parcialmente por la indignación popular ante el espionaje de la NSA, el GCHQ y otras agencias de inteligencia remarcada en los documentos filtrados por el denunciante Edward Snowden. Activistas locales y nacionales de México a Corea del Sur y de Canadá a Brasil han utilizado los Principios para presionar por protecciones más fuertes contra la vigilancia digital gubernamental. Los hemos visto utilizarse en litigio, legislación, trabajo administrativo, campañas de promoción y más, y debatidas en ambos lugares de política regional e internacional.
Hoy en día, estamos publicando una versión actualizada de los Principios Necesario y Proporcional, incorporando la excelente retroalimentación que hemos recibido en el último año. La intención primordial de los cambios era clarificar el lenguaje para captar mejor la intención original y, en algunos lugares, simplificar el lenguaje y la estructura, eliminar posibles ambigüedades, limpiar la gramática, y reducir la redundancia. También hemos hecho una modificación de fondo en la sección "Notificación".
El grupo central de redacción del proyecto consistió en la Electronic Frontier Foundation, Privacy International, Access, Samuelson-Glushko Canadian Internet Policy y la Clínica de Interés Público, y el Centro para Internet y Sociedad de la India, en consulta con Artícle 19, Open Net Corea, la Asociación para el Progreso de las Comunicaciones y otras organizaciones de todo el mundo.
A continuación resumimos los cambios que merecen atención:
Primer párrafo y en todo: Hemos añadido las "actividades, poderes o autoridades" a "leyes y reglamentos" para estar seguros de capturar todos los actos ejecutados por los gobiernos. Esto debería dejar ninguna duda de que los Principios alcanzan actividades como la vigilancia de la NSA realizado bajo la Orden Ejecutiva 12333
Primer párrafo: Hemos añadido la frase "clarificar" para describir la intención de los Principios de reforzar que estos mismos principios no están abogando por un cambio en el derecho y las normas internacionales de derechos humanos.
Nuestra postura, en lugar, va por su adecuada aplicación habida cuenta del contexto digital. La palabra "clarificar" es una construcción de uso común para indicar que ninguna nueva ley está siendo contemplada. También agregamos la expresión "derecho y las normas de derechos humanos" para dar cuenta de la gramática y la sintaxis correcta.
Preámbulo y en todo: Hemos añadido "y una serie de otros derechos humanos" aquí y de manera similar en otros lugares para tener claro que esto no es solamente sobre el derecho a la privacidad, sino también acerca de las libertades fundamentales como la libertad de asociación y de expresión. También esta frase indica que los principios no son acerca de todos los derechos humanos: ya que, por ejemplo, el derecho a la vida no se refiere a los Principios.
Ámbito de aplicación: Hemos añadido esta subsección para una mayor claridad y añadimos esta frase para explicar: "Los Principios y el Preámbulo son holísticos y autorreferenciales - cada principio y el preámbulo debe ser leída e interpretada como una parte de un marco más amplio que, tomados juntos, lograrán un objetivo singular: asegurar que las políticas y prácticas relacionadas con la vigilancia de las comunicaciones se adhieran a las obligaciones internacionales de derechos humanos y la adecuada protección de los derechos humanos individuales como la privacidad y la libertad de expresión ".
Ámbito de aplicación: Hemos tratado de aclarar el papel de las entidades del sector privacidad. "Las empresas privadas tienen la responsabilidad de respetar la privacidad individual y otros derechos humanos, en particular dado el papel fundamental que desempeñan en el diseño, desarrollo y difusión de tecnologías.; permitir y proporcionar comunicaciones; y en la facilitación de determinadas actividades de vigilancia del Estado".
Definición de información Protegida: movimos la definición de la parte inferior del párrafo a la parte superior, pero no cambió el contenido.
Primer párrafo del preámbulo: Para mayor claridad añadimos que la vigilancia de las comunicaciones "interfiere" con el derecho a la intimidad "entre una serie de otros derechos humanos" Como resultado de ello, "sólo puede" justificarse cuando es prescrita por la ley, es necesaria para lograr una finalidad legítima y proporcionada al objetivo perseguido.
Quinto párrafo de definiciones: Hemos añadido "o técnicas invasivas utilizadas para lograr la vigilancia las Comunicaciones" para aclarar que las técnicas, como la instalación de malware, pueden ser la base para determinar que algo es información protegida tanto como la capacidad de penetración o la naturaleza sistémica de la supervisión.
Proporcionalidad: Entendemos que esto puede ser percibido como un gran cambio, pero esperamos que no sea muy sustancial en el final. Debido a la confusión sobre el papel de las dos pruebas que los principios originales contenían, intentamos hacer una única prueba encarnando las dos previstas anteriormente, lo que permite tomar tanto a los delitos y las "amenazas específicas a un objetivo legítimo" como base para la vigilancia. Esto, enlaza de nuevo, provechosamente, la prueba al Principio del objetivo legítimo.
Autoridad Judicial Competente: Aclaramos que tiene que ser una autoridad judicial "independiente".
Notificación del usuario: Este es el otro cambio importante como respuesta a la retroalimentación. Una vez más, hemos intentado clarificar y simplificar esto y vincular cualquier retraso en la notificación al riesgo de que la finalidad de la vigilancia se pondría en peligro o si existe un peligro inminente para la vida humana. Hicimos eliminar la disposición que requiere un aviso al final de la vigilancia, pero también especificamos que dichas determinaciones deben ser realizados por autoridad judicial competente y que la notificación ha de suceder después de que haya pasado el peligro y que la decisión tiene que ser hecha por una autoridad judicial .
Transparencia: Hemos añadido un par de aclaraciones para exigir números "específicos", y no simplemente agregados. Los agregados no son lo suficientemente útiles para que el público entienda cómo se utilizan las autoridades de vigilancia.
Supervisión Pública: Podemos especificar que los mecanismos de supervisión deben tener la autoridad para tomar determinaciones públicas sobre la legalidad de la vigilancia de comunicación, incluyendo la medida en que se ajusten a estos Principios. Sin ser capaz de determinar si la práctica de vigilancia supervisada es en realidad legal, la supervisión puede llegar a ser irrelevante o ser vista como un saludo a la bandera.
Salvaguardias contra acceso Ilegítimo y derecho a un recurso eficaz: Se añade el "Derecho a un recurso eficaz" en la sección de recursos, para desencadenar el derecho en el propio título.
Breve historia: Por último, se añadió una breve historia de la evolución de los 13 Principios al final del texto para explicar la historia de la iniciativa y la consulta final, que se realizó para determinar y aclarar problemas textuales y actualización de los Principios en consecuencia. El efecto y la intención de los Principios no han sido alterados por estos cambios.Related Issues: InternationalGlobal Surveillance Reform
Share this: || Join EFF
July 10 marks one year since EFF and a coalition of hundreds of experts and human rights activists put the finishing touches on the Necessary and Proportionate Principles.
These 13 Principles articulate how international human rights law should be applied to government surveillance. The Principles have since received strong support across the globe, fueled in part by the popular outrage over spying by the NSA, GCHQ and other intelligence agencies highlighted in documents leaked by whistleblower Edward Snowden. National and local activists from Mexico to South Korea to Canada to Brazil have used the Principles to push for stronger protections against governmental digital surveillance. We’ve seen them used in litigation, legislation, administrative work, advocacy campaigns and more, and debated in both regional and international policy venues.
Today, we are publishing an updated version of the Necessary and Proportionate Principles, incorporating the terrific feedback we have received over the past year. The overriding intention of the changes was to clarify the language to better capture the original intent and, in some places, simplify the language and the structure, remove possible ambiguities, clean up grammar, and reduce redundancy. We have also made one substantive change to the "Notification" section.
The core drafting group for the project consisted of the Electronic Frontier Foundation, Privacy International, Access, Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic, and the Center for Internet and Society-India, in consultation with Article 19, Open Net Korea, the Association for Progressive Communications and other organizations around the world.
Below we summarize the changes that merit attention:
First paragraph and throughout: We added “activities, powers, or authorities” to "laws and regulations" to be sure to capture all acts done by governments. This should leave no doubt that the Principles reach activities such as NSA surveillance conducted under Executive Order 12333
First paragraph: We added the phrase "clarify” to describe the Principles' intent to reinforce that these principles are not advocating for a change in international human rights law and standards. We argue instead for their proper application given the digital context. The word “clarify” is a common construction to denote that no new law is being contemplated. We also added the formulation “human rights law and standards” to account for proper grammar and syntax.
Preamble and throughout: We added "and a number of other human rights" here and similarly elsewhere to be clear that this is not only about the right to privacy but also about fundamental freedoms such as the freedoms of association and expression. Also this phrase signals that the Principles are not about all human rights: since, for example, the right to life doesn’t relate to the Principles.
Scope of application: We added this subsection for clarity and added this sentence to explain: "The Principles and the Preamble are holistic and self-referential – each principle and the preamble should be read and interpreted as one part of a larger framework that, taken together, accomplish a singular goal: ensuring that policies and practices related to Communications Surveillance adhere to international human rights obligations and adequately protect individual human rights such as privacy and freedom of expression."
Scope of application: We felt it was important to point out that national security and intelligence fall within the ambit of the Principles, as well as all other governmental functions: "...including, enforcing law, protecting national security, gathering intelligence, or another governmental function."
Scope of application: We sought to clarify the role of privacy sector entities. “Business enterprises bear responsibility for respecting individual privacy and other human rights, particularly given the key role they play in designing, developing, and disseminating technologies; enabling and providing communications; and in facilitating certain State surveillance activities.”
Protected information definition: We moved the definition from the bottom of the paragraph to the top but did not change the content.
First paragraph of preamble: For clarity we added that communications surveillance “interferes” with the right to privacy “among a number of other human rights.” As a result, it “may only” be justified when it is prescribed by law, necessary to achieve a legitimate aim, and proportionate to the aim pursued.
Fifth paragraph of definitions: We added "or invasive techniques used to accomplish Communications Surveillance" to clarify that techniques, like installation of malware, can be the basis for determining that something is protected information as much as the pervasiveness or systemic nature of the monitoring.
Proportionality: We understand that this might be perceived as a big change, but hopefully not very substantive in the end. Because of confusion about the role of the two tests that the original principles contained, we tried to make one test embody both of the tests provided before, allowing for both crimes and "specific threats to a Legitimate Aim" as a basis for surveillance. This also helpfully ties the test back to the Principle of Legitimate Aim.
Competent Judicial Authority: We clarified that it has to be an "independent" judicial authority.
User Notification: This is the other big change in response to feedback. Again, we attempted to clarify and simplify this and to tie any delay in notice to whether or not the purpose for the surveillance would be jeopardized or if there is an imminent danger to human life. We did eliminate the provision that required notice at the end of the surveillance, but we also specified that these determinations must be made by Competent Judicial Authority and that notice must happen after the risk has passed and that the decision has to be made by a judicial authority as well.
Transparency: We added a couple of clarifications to require "specific" numbers, not just aggregates. Aggregates are not sufficiently helpful to allow the public to understand how surveillance authorities are being used.
Public Oversight: We specify that oversight mechanisms should have the authority to make public determinations as to the lawfulness of its communication surveillance, including the extent to which they comply with these Principles. Without being able to determine whether the overseen surveillance practice are actually lawful, oversight may become irrelevant or be seen as a rubber stamp.
Safeguards Against Illegitimate Access and Right to Effective Remedy: We added the “Right to Effective Remedy” In the remedies section, to trigger the right in the title itself.
Brief history: Finally, we added a short history of the development of the 13 Principles at the end of the text to explain the history of the initiative and the final consultation, which was conducted to ascertain and clarify textual problems and update the Principles accordingly. The effect and the intention of the Principles has not been altered by these changes.Related Issues: InternationalGlobal Surveillance Reform
Share this: || Join EFF
San Francisco - The Electronic Frontier Foundation (EFF) has released a beta version of Privacy Badger, a browser extension for Firefox and Chrome that detects and blocks online advertising and other embedded content that tracks you without your permission.
Privacy Badger was launched in an alpha version less than three months ago, and already more than 150,000 users have installed the extension. Today's beta release includes a feature that automatically limits the tracking function of social media widgets, like the Facebook "Like" button, replacing them with a stand-in version that allows you to "like" something but prevents the social media tool from tracking your reading habits.
"Widgets that say 'Like this page on Facebook' or 'Tweet this' often allow those companies to see what webpages you are visiting, even if you never click the widget's button," said EFF Technology Projects Director Peter Eckersley. "The Privacy Badger alpha would detect that, and block those widgets outright. But now Privacy Badger's beta version has gotten smarter: it can block the tracking while still giving you the option to see and click on those buttons if you so choose."
EFF created Privacy Badger to fight intrusive and objectionable practices in the online advertising industry. Merely visiting a website with certain kinds of embedded images, scripts, or advertising can open the door to a third-party tracker, which can then collect a record of the page you are visiting and merge that with a database of what you did beforehand and afterward. If Privacy Badger spots a tracker following you without your permission, it will either block all content from that tracker or screen out the tracking cookies.
Privacy Badger is one way that Internet users can fight the decision that many companies have made to ignore Do Not Track requests, the universal Web tracking opt-out you can enable in your browser. Privacy Badger enforces users' preferences whether these companies respect your Do Not Track choice or not. Advertisers and other third-party domains that are blocked in Privacy Badger can unblock themselves by making a formal commitment to respect their users' Do Not Track requests.
"Users who install Privacy Badger aren't just getting more privacy and a better browsing experience for themselves—they are providing incentives for improved privacy practices and respect for Do Not Track choices across the Internet," said Eckersely. "Using Privacy Badger helps to make the Web as a whole better for everyone."
EFF wishes to thank Professor Franziska Roesner at the University of Washington for exceptional work in enhancing Privacy Badger's widget-handling algorithms.
To install the beta version of Privacy Badger:
Technology Projects Director
Electronic Frontier Foundation
Share this: || Join EFF
EFF is releasing an experimental hacker alpha release of wireless router software specifically designed to support secure, shareable Open Wireless networks. We will be officially launching the Open Wireless Router today at the HOPE X (Hackers on Planet Earth) conference in New York City, aiming to bring aboard members of the hacker community. This release is a work in progress and is intended only for developers and people willing to deal with the bleeding edge.
The software aims to do several things that existing routers don't do well—or don't do at all. We are beginning a journey that we hope will attract supporters and fellow travelers to help reach the following goals:1
- Allow small business and home users to easily enable an open network, so guests and passersby can get an Internet connection if they need one, while keeping a password-locked WPA2 network for themselves and their friends or coworkers.
- Let you share a bounded portion of your bandwidth on the open network, so guest users cannot slow down your Internet connection or use a large portion of your monthly quota.2
- Provide state-of-the-art network queuing, so most users can expect an improved Internet experience—especially with latency-sensitive applications—compared to what commonly available consumer grade routers are delivering today.
- Offer a minimalist, secure, and elegant Web user interface to set up and configure the router. Advanced, non-minimalist administrative options are accessible by SSH.
- Advance the state of the art in consumer Wi-Fi router security and begin turning back the growing tide of attacks against them. Most or all existing router software is full of XSS and CSRF vulnerabilities, and we want to change that.
- Include a secure software auto-update mechanism. In addition to using HTTPS, firmware signatures and metadata are fetched via Tor to make targeted update attacks very difficult.
We are offering this hacker alpha release to engage enthusiastic technical users who would like to help us test, develop, improve, and harden the Open Wireless Router. Currently the software runs on one specific model of hardware (the Netgear WNDR3800) and is based on the CeroWRT project. If you have a WNDR3800 router, you can get the developer preview image here and learn how to flash it here. If you'd like to hack on the code base, you can find code and instructions on building it at Github.
This Open Wireless Router prototype is made possible by the generous contribution of project resources and developers from ThoughtWorks, which came about through their exemplary social impact program. We are also very grateful for assistance from Dave Täht of CeroWRT and the Wi-Fi router hackers at Independent Security Evaluators (ISE).
- 1. For further details, questions, and offers of assistance, please start with the FAQ and Github pages. If that does not suffice or for press inquiries please contact Ranga Krishnan
- 2. The prototype implementation includes a defined ceiling for instantaneous guest throughput as well as a long-term quota. In the future, we will implement a dynamic ceiling so that while you aren't using your network, guests can temporarily borrow it at full speed if enough quota remains available.
Share this: || Join EFF
Former State Department Executive Calls Executive Order 12333 a “Legal Loophole” for Spying on Americans
“What kind of data is the NSA collecting on millions, or hundreds of millions, of Americans?"
That’s the question John Napier Tye, a former State Department section chief for Internet freedom, calls on the government to answer in his powerful op-ed published today by the Washington Post. In it, Tye calls the NSA's surveillance operations abroad, conducted under Executive Order 12333, a threat to American democracy, stating that this power “authorizes collection of the content of communications, not just metadata, even for U.S. persons.”
Executive Order 12333, signed by President Ronald Reagan on December 4, 1981, established rough guidelines for intelligence community activities taken abroad, including the collection of signals intelligence for surveillance purposes.
Although we've previously sounded the alarm about government surveillance under E.O. 12333, it received increased public attention in October 2013, when a classified slide provided to the Washington Post by former NSA contractor Edward Snowden diagramed how the NSA tapped the main communication links of Yahoo and Google data centers around the world. The Washington Post pointed to the authority granted to the NSA under Executive Order 12333, quoting former NSA chief analyst John Schindler who said, “Look, NSA has platoons of lawyers, and their entire job is figuring out how to stay within the law and maximize collection by exploiting every loophole. It’s fair to say the rules are less restrictive under Executive Order 12333 than they are under FISA [the Foreign Intelligence Surveillance Act]."
Tye bolstered this view in his op-ed, noting that the chairman of the Senate Select Committee on Intelligence herself did not believe that Congressional oversight of 12333 authorities was sufficient. Tye points out that the current architecture of many Internet services results in digital communications traveling or being stored beyond US borders – and that this data can then be collected by the NSA without court approval or a report to Congress.
Tye questions the constitutionality of this level of data collection, stating: “I don’t believe that there is any valid interpretation of the Fourth Amendment that could permit the government to collect and store a large portion of U.S. citizens’ online communications, without any court or congressional oversight, and without any suspicion of wrongdoing.”
Tye also notes that data collection under E.O. 12333 was of deep concern to the president’s Review Group on Intelligence and Communication Technologies, which addressed the matter as part of Recommendation 12 in its report:
Recommendation 12 urges that all data of U.S. persons incidentally collected under such authorities be immediately purged unless it has foreign intelligence value or is necessary to prevent serious harm. The review group further recommended that a U.S. person’s incidentally collected data never be used in criminal proceedings against that person, and that the government refrain from searching communications by U.S. persons unless it obtains a warrant or unless such searching is necessary to prevent serious harm.
The White House understood that Recommendation 12 was intended to apply to 12333. That understanding was conveyed to me verbally by several White House staffers, and was confirmed in an unclassified White House document that I saw during my federal employment and that is now in the possession of several congressional committees.
In that document, the White House stated that adoption of Recommendation 12 would require “significant changes” to current practice under Executive Order 12333 and indicated that it had no plans to make such changes.
All of this calls into question some recent administration statements. Gen. Keith Alexander, a former NSA director, has said publicly that for years the NSA maintained a U.S. person e-mail metadata program similar to the Section 215 telephone metadata program. And he has maintained that the e-mail program was terminated in 2011 because “we thought we could better protect civil liberties and privacy by doing away with it.” Note, however, that Alexander never said that the NSA stopped collecting such data — merely that the agency was no longer using the Patriot Act to do so. I suggest that Americans should dig deeper. (emphasis added)
The op-ed concludes with the same question Senator Ron Wyden asked Director of National Intelligence James Clapper years ago, and that we've been asking for years: what kind of data is the NSA collecting on millions, or hundreds of millions, of Americans?
It’s time for the NSA and the Obama Administration to give the American public an honest answer.
Read the entire article here.
Related Cases: Jewel v. NSAFirst Unitarian Church of Los Angeles v. NSAEFF v. NSA, ODNI - Vulnerabilities FOIA
Share this: || Join EFF
EFF has filed the final brief in its dispute with the government over evidence preservation in Jewel v. NSA, one of our ongoing lawsuits against mass surveillance. As the brief explains, the government has admitted to destroying years of evidence of its mass spying, and this destruction continues today. In fact, at an emergency hearing in June, the government claimed that it was incapable of complying with a court order to preserve evidence relating to the mass interception of Internet communications it is conducting under Section 702 of the FISA Amendments Act.
The new brief responds to questions posed by the court at the June hearing. First, we debunk the government’s secret reinterpretation of the Jewel lawsuit as only challenging the spying program as authorized by the President, and not when authorized by Section 702 or by the Foreign Intelligence Surveillance Court (even though the program itself did not change).
Second, we explain why the court should grant an "adverse inference," a ruling that we can assume that the destroyed evidence would show that our plaintiffs’ communications and records were in fact swept up in the NSA’s mass spying programs. Given the government’s claims that preserving Section 702 evidence is impossible, the adverse inference would keep the plaintiffs from being harmed by this ongoing destruction.
We hope for a ruling soon on the government’s duty to preserve evidence and the adverse inference we ask for in the brief.Related Cases: Jewel v. NSA
Share this: || Join EFF
The Federal Communications Commission is about to make a critical decision about whether Internet providers will be allowed to discriminate against certain websites. The issue is network neutrality—the principle that Internet providers must treat all data that travels over their networks equally. On Tuesday, EFF filed comments with the FCC to weigh-in on this critical debate.
Without network neutrality, companies like Comcast and Verizon will be permitted to charge websites to reach users faster. This would be a disaster for the open Internet. When new websites can’t get high-quality service, they’ll be less likely to reach users and less likely to succeed. The result: a less diverse Internet.
We want the Internet to live up to its promise of improving the way we communicate, learn, share and create. We want it to continue to foster innovation, creativity, and freedom. We don’t want regulations that will let ISPs turn into gatekeepers, making special deals with a few companies and inhibiting new competition, innovation, and expression.
Here’s an overview of how network discrimination hurts free expression and innovation, how we can safeguard against it, and what EFF—with your help—is doing about it.The Dangers of Discrimination
Net neutrality is not just about slowing down websites’ access to users. Equally important, it also protects against other forms of pay-for-play and unfair discrimination. Here are a few ways ISPs have throttled or blocked content in the past.
- Comcast was caught interfering with their customers’ use of BitTorrent and other peer-to-peer technologies
- A Canadian ISP slowed down all encrypted file transfers
- The FCC fined Verizon for charging consumers for using their phone as a mobile hotspot
- "Fast lane" discrimination allows wireless customers without data plans to access certain sites but not the whole Internet?
These practices pose a dire threat to the engine of innovation that has allowed hackers, startup companies, and kids in their college dorm rooms to make the Internet that we know and love today.The FCC’s Past Attempts at Net Neutrality
The FCC proposed rules in 2010 that were designed to address net neutrality, though they were never enforced. Verizon immediately sued the FCC and the issue was tied up in the courts for the next four years.
We had many concerns about the FCC’s old net neutrality rules. As we explained in comments in 2010, the FCC's rules would have allowed ISPs free rein to discriminate as long as it was part of “reasonable efforts to… address copyright infringement.” This broad language could lead to more bogus copyright policing from the ISPs.
We were also uncomfortable giving the FCC power to over-regulate the Internet, and so we were concerned about the broad authority the FCC claimed when proposing the rules in 2010. Not to mention that the FCC has a sad history of being captured by the very industries it’s supposed to regulate while ignoring the interests of the Internet-using public. In the early 2000s, for example, the commission essentially ignored the comments of hundreds of thousands of Americans who opposed media consolidation.
In January of this year, the issue came to a head. A federal court ruled that the FCC didn’t have authority to pass the old net neutrality rules in the way that it did, sending the FCC back to the drawing board to create new rules to keep Internet providers in check.
In response, the FCC has proposed the plan we’re debating today. Unfortunately, these proposed rules would allow companies like Comcast and Verizon to give preferential treatment to favored websites and web applications. This is exactly the type of unfair environment that could inhibit innovation and speech.We Need Some Rules of the Road
Currently, the FCC does not have the authority to stop Internet access providers from making special deals to speed up or slow down access to websites. This is because in 2002 the FCC classified the Internet as an “information service” like videoconferencing. And just as the FCC can’t tell videoconferencing services what rates they can charge, under the current rules, the FCC can’t tell Internet providers not to charge websites to reach users at faster speeds.
To get to a place where the FCC can actually enforce narrow net neutrality rules, the FCC first needs to change how it classifies high-speed Internet access. The FCC could reclassify the Internet as a “telecommunication service” like telephone service. That would give the agency the authority to enact rules to prevent non-neutral conduct by Internet providers.Strict Limits on FCC Authority
While we want to ensure the FCC has the authority it needs to prevent abusive network discrimination by Internet access providers, we don’t think the FCC should have free rein to regulate other aspects of the Internet. The FCC’s role needs to be narrow, firmly bounded, and limited to specific problems, like prohibiting Internet providers from charging any kind of fees for prioritization—and promoting local competition with a renewed “open access” rule. The FCC should also sharply define its regulatory reach with forbearance. Essentially, forbearance is the process by which the FCC expressly commits to not apply certain rules to a particular communications service. Without it, a whole set of policies will be applied to the Internet that were originally created for telephone systems (in the 1934 Communications Act).
So while EFF thinks it’s important that the FCC reclassify Internet access as a telecommunications service in order to create some bright-line rules against network discrimination, we think it’s equally important for the FCC to limit its authority to only do what is needed to preserve an open Internet—and no more.
Ultimately, we’d prefer to see more competition and community solutions, but while that's in the works, EFF thinks that the FCC needs to enact a few rules of the road to protect users from the kinds of non-neutral behavior we’re already beginning to see from Internet providers.How You Can Help
The FCC has opened a “rulemaking” process, where the agency has asked the public to weigh-in on its proposed rules. We created a tool, DearFCC.org, to help everyone take part in this important debate. While the first round of commenting ends at midnight Friday, the public has up until September 10 to submit comments.
If the FCC embraces rules that allow wealthy incumbent websites to pay for premium access to Internet users, the services we see in the future could be the same companies that are popular today. But we want to expect the unexpected. To get there, we have to make certain new businesses and services are able to meaningfully connect to users.
This rulemaking process is one of our best opportunities to be heard. Visit DearFCC.org and tell your story today.Learn more about this issue:
- Net Neutrality and Transparency Principles Must Extend to Mobile Internet Access Too
- What on Earth Is Going On at the FCC? A Guide to the Proposed Net Neutrality Rules
- Forbearance: What It Is, Why It’s Essential to Net Neutrality
- The FCC and Net Neutrality: A Way Forward
- Neutrality Begins At Home: What U.S. Mayors Can Do Right Now to Support a Neutral Internet
- Net Neutrality Will Require Us to Shine the Light on Internet Providers
- In Harm's Way: The Dangers of a World Without Net Neutrality
Share this: || Join EFF