Aggregated News

Coding with EFF - Fri, 22/08/2014 - 07:31

We at EFF are always excited to unveil new ways for our technically skilled community to help expand and defend our rights online. And time and again our members demonstrate an unbelievable drive and ability to take action in truly game-changing ways. Look at what happened when we asked coders earlier this year to help EFF build our new open-source tool to contact members of Congress. We thought the project would take weeks, but we finished it in two days. That’s because 142 volunteer coders joined forces to help. We were in awe.

Now, in that similar spirit, we are excited to announce yet another way digital rights defenders can help out: Coding with EFF. Join us.

Alongside our policy and legal work, we maintain software projects to defend freedom and enhance privacy and security online.

With the SSL Observatory and Panopticlick, we do data-based research that has improved the behavior of secure websites and tracking networks. HTTPS Everywhere and Privacy Badger, our browser extensions, give hundreds of thousands of users the safety and privacy they need to use the web confidently. STARTTLS Everywhere is pushing industry to implement better email encryption. The Open Wireless Movement aims to improve WiFi router security and performance so that people are comfortable sharing Internet access.

We run these projects with a very small technical team, and with the help of our members and the Internet community—that's you. All of our work is released under free software licenses. We do development and maintenance in public forums and we welcome contributors of all skill levels and backgrounds.

Here are a few examples of work we could use help on:

  • Add more automated tests to HTTPS Everywhere.
  • Make Open Wireless run under qemu or give it translation support.
  • Write tests and translate the UI for Privacy Badger.
  • Find a task that interests you in any project's issue tracker, or file your own.

Visit our Coding with EFF page, find a project you like, join the mailing list, and dive right in.

We're also hiring a full-time Staff Technologist or Senior Staff Technologist. Women and minorities are encouraged to apply.

Share this:   ||  Join EFF
Categories: Aggregated News

MLDI and EFF Petition the UN Working Group on Arbitrary Detention in the Case of Alaa Abd El Fattah - Fri, 22/08/2014 - 04:55

Alaa Abd El Fattah is currently serving a fifteen-year prison sentence for spurious accusations made in connection with his longstanding and influential activism. The Egyptian blogger and activist, who was sentenced in June, has faced years of harassment and arrests from each successive Egyptian government for his work.

EFF has partnered with the Media Legal Defence Initiative—which provides support to bloggers, journalists, and independent media around the world—to submit a petition to the United Nations Working Group on Arbitrary Detention (UNWGAD). The petition was also supported by the Euro-Mediterranean Human Rights Network. We assert that Alaa Abd El Fattah was arbitrarily arrested and detained while exercising, or in situations connected to the exercise of, his right to freedom of opinion and expression, to freedom of association, and the right to take part in the conduct of public affairs, rights guaranteed by the International Covenant on Civil and Political Rights (ICCPR) to which Egypt is party.

On August 18, Abd El Fattah's family announced on Facebook that he had begun a hunger strike, to continue until he achieves his freedom. In the statement, Abd El Fattah was quoted as saying: "I will no longer play the role they’ve written for me."

Like Abd El Fattah's family, we are concerned for his well-being and hold the Egyptian authorities responsible for his safety and health. The petition, submitted on August 21 to the UNWGAD, can be read in full below.

Files:  UNWGAD petition and request for urgent action in the case of Alaa Abd El FattahRelated Issues: Free SpeechDefending Digital VoicesInternational
Share this:   ||  Join EFF
Categories: Aggregated News

Cost of Defending Against A Troll Is More Than Just A Bridge Toll - Fri, 22/08/2014 - 04:34

We recently wrote about the end of Adam Carolla’s high-profile patent battle with the troll Personal Audio. We had a guess as to why Carolla settled: patent litigation is expensive. Even Carolla, with the backing of numerous fans and supporters, still likely didn’t have enough money to see his case through to the end. Today, we’d like to highlight the case of another patent troll defendant: Capstone Photography. 

You probably don’t know Capstone. Capstone is a small photography business based in Connecticut. Although it works with contractors around the country, it has only three part-time employees other than the owners. On New Year’s Eve, 2013, Capstone was sued by Peter Wolf, the owner of a company called Photocrazy, for infringement of three patents: U.S. Patent Nos. 6,985,875; 7,047,214; and 7,870,035.

Here is claim one from U.S. Patent 6,985,875:

1. A process providing event photographs of a sporting event for inspection, selection and distribution via a computer network, comprising the steps of:

taking photographs of at least one participant of a sporting event along at least one point of a course or field thereof;

associating identifying data with each photograph taken, wherein the identifying data is selected from at least one of: a number corresponding to a number worn by a participant, a participant's name, a code acquired from a component worn by a participant, and a date and time, including hour and minute the photograph was taken;

informing the sporting participants of the identifying data;

transferring the photographs to a computer network server;

cataloging each of the photographs in a web-site server according to the identifying data;

accessing the server at a location other than the sporting event and searching for a photograph of a particular sporting event participant utilizing the identifying data; and

displaying the photograph of the sporting event participant for inspection and ordering.

In plain English: Take photos of a race, tag and sort by bib number and date, and search for photos based on that tag via the Internet. That’s it.

We’re having a hard time seeing how this patent “promotes the progress of the sciences and the useful arts” given that it seems to be a patent on numerical sorting and searching. Indeed, the Supreme Court recently ruled that claims that simply add “do it on a computer” to an abstract idea are not even eligible for patent protection. We think the patent clearly fails this test. (It’s also likely not infringed). But because it can take months (and even years) for the court to even consider those issues, they will likely never be decided. Patent litigation is expensive, so many small businesses can’t afford to fight back no matter how weak the patent. That’s part of the problem. Companies can get 20 year “monopolies” after an average of 19 hours of review by the Patent Office. And because the cost to get a patent can be orders of magnitude less than the cost to defend against it, there is an incentive for people to get patents in order to later force defendants into settlement.

Capstone doesn’t have a widely-distributed podcast that it can use to drum up the backing of thousands of fans and supporters. Its owner’s own attempt to crowdfund the defense raised only about $5,000. And although Capstone’s business has been profitable, the owner tells us that because of the patent lawsuit and the costs his company is facing, his business faces the very real prospect of shutting down.

Recent reforms have been helpful to reduce costs for some defendants. For example, the Inter Partes Review (“IPR”) program now being implemented at the Patent Office promises to be a much cheaper way to determine validity.  One problem though, is that it is still too expensive for businesses like Capstone. An IPR costs $23,000 in filing fees alone, and requires paying lawyers and often experts as well. 

EFF previously advocated for reduced fees for IPR filings by small businesses and others without the ability to fund patent challenges. Unfortunately, the PTO ignored our request. However, the PTO is currently accepting comments regarding the post-grant challenges such as the IPR process. We encourage the public, especially small business owners, to let the PTO know by September 16 that the costs are still too high for many, and absent a lower cost, patent trolls will continue to assert dubious patents against companies they know can’t afford to do anything but settle.

Related Issues: PatentsPatent TrollsInnovation
Share this:   ||  Join EFF
Categories: Aggregated News

EFF, ACLU Demolish “It’s Just Metadata” Claim in NSA Spying Appeal - Thu, 21/08/2014 - 07:27
Americans Deserve Full Protection of the Fourth Amendment for their Telephone Records, Groups Argue

Washington, DC - The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) today filed an amicus brief in Klayman v. Obama, a high-profile lawsuit that challenges mass surveillance, arguing that Americans' telephone metadata deserves the highest protection of the Fourth Amendment.

Larry Klayman, conservative activist and founder of Judicial Watch and Freedom Watch, was among the first plaintiffs to sue the National Security Agency (NSA) over the collection of telephone metadata from Verizon customers that was detailed in documents released by Edward Snowden. In December 2013, Judge Richard Leon issued a preliminary ruling that the program was likely unconstitutional, and the case is currently on appeal before the U.S. Court of Appeals for the District of Columbia Circuit.

In the new amicus brief in Klayman v. Obama, the EFF and ACLU lawyers repudiate arguments by U.S. officials that the records are "just metadata" and therefore not as sensitive as the contents of phone calls. Using research and new case law, the civil liberties groups argue that metadata (such as who individuals called, when they called, and how long they spoke) can be even more revealing than conversations when collected en masse.

"Metadata isn't trivial," EFF Legal Fellow Andrew Crocker says. "Collected on a massive scale over a broad time period, metadata can reveal your political and religious affiliations, your friends and relationships, even whether you have a health condition or own guns. This is exactly the kind of warrantless search the Fourth Amendment was intended to prevent."

The brief explains that changes in technology, as well as the government's move from targeted to mass surveillance, mean that the holding of the 1979 Supreme Court case Smith v. Maryland that the government relies on (often called the "third-party doctrine") does not apply. Instead, EFF and the ACLU point to a series of recent key decisions—including the Supreme Court decisions in United States v. Jones in 2012 and Riley v. California in 2014—in which judges ruled in favor of requiring a warrant for electronic search and seizure.

"Dragnet surveillance is and has always has been illegal in the United States," says ACLU Staff Attorney Alex Abdo. "Our country's founders rebelled against overbroad searches and seizures, and they would be aghast to see the liberties they fought hard to enshrine into our Constitution sacrificed in the name of security. As even the president himself has recognized, we can keep the nation safe without surrendering our privacy."

EFF and the ACLU have each litigated numerous First and Fourth Amendment lawsuits related to NSA surveillance and together represent Idaho nurse Anna Smith in a similar case currently on appeal in the Ninth Circuit Court of Appeals called Smith v. Obama. The ACLU is a plaintiff in a case currently pending before the Second Circuit Court of Appeals, ACLU v. Clapper, to be heard on Sept. 2. EFF has two cases—Jewel v. NSA and First Unitarian Church of Los Angeles v. NSA—before the U.S. District Court for Northern District of California.

For the amicus brief:


Andrew Crocker
   Legal Fellow
   Electronic Frontier Foundation

Share this:   ||  Join EFF
Categories: Aggregated News

We Need Sen. Wyden's Help to Fix the Broken, Anti-User Trade Negotiation Process - Thu, 21/08/2014 - 04:44

We have joined more than a hundred organizations and tens of thousands of individuals across the US to oppose secret, undemocratic trade agreements that affect users' rights. Together, we defeated a bill that would have put agreements like the Trans-Pacific Partnership (TPP) on the fast track to approval without any proper Congressional oversight. Now the White House, the United States Trade Representative (USTR), and other policymakers that are beholden to corporate interests are putting massive pressure on Congress to pass something like it again. They just face one problem: the Congress member with the mandate to introduce a new trade authority bill is a strong defender of digital rights and a vocal opponent to the secrecy that shrouds trade agreement. That is Senator Ron Wyden.

For years, Sen. Wyden has demanded more transparency in our trade negotiations. He has recognized that the US should not bind itself to deals whose agenda is dominated by big corporate interests at the expensive of Internet users' rights. He is now in the unique position to fix this broken, secretive process. But while the USTR works towards sealing the deal on the TPP, the Senator is under ever more pressure to lead the passage of a bill that would expedite trade agreements to approval.

Let's ask Sen. Wyden to bring transparency and accountability to trade negotiations once and for all.

They want him to introduce something like Fast Track (also known as Trade Promotion Authority). Under such a law, Congress hands to the president its own constitutional authority to oversee, debate, and set the agenda for US trade policy. When it was in place in the past, it created special rules that empowered the White House to negotiate and sign trade agreements without Congressional oversight. If enacted now, draconian Internet and copyright provisions, buried in omnibus treaties, could get passed with almost no oversight.

So how does Sen. Wyden fit into this? As the Chair of the Senate Finance Committee (which includes the subcommittee on international trade), he is in charge of overseeing congressional trade policies. That's why the White House and the USTR need him to pass a bill that would legitimize their back-room trade negotiations. Thankfully, Sen. Wyden has been an outspoken critic of the secrecy around these agreements. That's why over 25 leading tech companies sent him a public letter calling him to oppose Fast Track. In 2012, he sent a letter to the US Trade Rep calling them to release detailed information about provisions in the TPP that would impact Internet freedoms. He also introduced a bill to the floor in May 2012, demanding the USTR give Congress members full access to the TPP text—the same access afforded to representatives of corporations. In his statement at the hearing introducing this legislation, he said:

It may be the U.S. Trade Representative’s (USTR) current job to negotiate trade agreements on behalf of the United States, but Article 1 Section 8 of the U.S. Constitution gives Congress—not the USTR or any other member of the Executive Branch—the responsibility of regulating foreign commerce. It was our Founding Fathers’ intention to ensure that the laws and policies that govern the American people take into account the interests of all the American people, not just a privileged few.

And yet, Mr. President, the majority of Congress is being kept in the dark as to the substance of the TPP negotiations, while representatives of U.S. corporations—like Halliburton, Chevron, PHRMA, Comcast, and the Motion Picture Association of America—are being consulted and made privy to details of the agreement. As the Office of the USTR will tell you, the President gives it broad power to keep information about the trade policies it advances and negotiates, secret. Let me tell you, the USTR is making full use of this authority.

In the remainder of his statement, he describes how his staff was denied access to the negotiation text even after they had received proper security clearance. In introducing this legislation that summer in 2012, he wanted to make sure that Members of Congress and their staff could simply be afforded the same level of access to the negotiating texts of the TPP as corporate representatives.

So now, as a long time defender of digital rights in Congress, we call on Sen. Wyden to continue defending users' rights against big private interests, and ensure that users' interests are upheld, not trampled on. In our letter to the Senator, we outline some crucial fixes to the current negotiation process. If he is going to introduce a new version of trade authority, we want to make sure it has essential democratic procedures built into it to ensure that users' rights take a front seat in the trade policy debate.

Related Issues: Fair Use and Intellectual Property: Defending the BalanceInternationalTrans-Pacific Partnership Agreement
Share this:   ||  Join EFF
Categories: Aggregated News

U.N. Free Expression Champion, Congressional Internet Defender, and Groundbreaking Counter-surveillance Artist Win EFF Pioneer Awards - Thu, 21/08/2014 - 04:18
EFF to Honor Former U.N. Special Rapporteur Frank La Rue, U.S. Rep. Zoe Lofgren, and artist Trevor Paglen at San Francisco Ceremony Featuring the Yes Men

San Francisco - The Electronic Frontier Foundation (EFF) is pleased to announce the distinguished winners of the 2014 Pioneer Awards: United Nations Special Rapporteur Frank La Rue, U.S. Rep. Zoe Lofgren, and groundbreaking counter-surveillance artist Trevor Paglen.

The award ceremony will be held the evening of October 2 at the Lodge at the Regency Center in San Francisco. Keynote speakers will be Jacques Servin and Igor Vamos, better known as the Yes Men, who are known for their elaborate parodies and impersonations to fight government and corporate malfeasance

Frank La Rue is the former U.N. Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression. From his appointment in 2008 to the end of his term in 2014, La Rue brought technology to the forefront of the fight for free expression around the world, declaring that access to the Internet is a fundamental human right and highlighting the importance of uncensored communication and anonymous speech in increasingly filtered and tracked networks. La Rue also fought the global "book famine" for people with visual and reading disabilities, advocating for an international Treaty of the Blind to reform over-restrictive copyright that hindered the production and distribution of books in accessible formats. Last year, La Rue published a highly influential report on the dangers of widespread state surveillance, arguing that privacy is an essential requirement for true freedom of expression. Before taking his post at the U.N., La Rue spent years working on human rights issues, including bringing genocide cases against the military dictatorship in his native Guatemala in 2000 and 2001.

For nearly 20 years, Rep. Zoe Lofgren has been a crucial voice in Congress on technology, innovation, and free speech—defending the free and open Internet, fighting for privacy and free speech, and blocking dangerous copyright laws while pushing for sensible alternatives. Lofgren rallied congressional opposition to the Stop Online Piracy Act (SOPA), one of the defining moments of Internet activism. Currently, Lofgren is fighting to reform some of the worst legal threats to our digital rights: the Electronic Communications Privacy Act, which regulates our email privacy with outdated standards; the Digital Millennium Copyright Act, which has been used to block phone unlocking, jailbreaking, and our freedom to tinker; and the Computer Fraud and Abuse Act, the law used to unfairly prosecute Aaron Swartz. Lofgren chairs the California Democratic Congressional Delegation, the largest delegation in Congress.

Trevor Paglen is an artist whose work uses methods from science, journalism, and other disciplines in an attempt to "see" the historical moment we live in. Paglen's groundbreaking projects exposing government secrecy have included documenting U.S. government drone flights, using high-end optical systems to photograph top-secret governmental sites, and tracking classified spacecraft in Earth's orbit. In a recent project, Paglen photographed the National Security Agency, the National Reconnaissance Office, and the National Geospatial-Intelligence Agency, releasing the images without restriction for public use. Paglen's visual art has been exhibited at the Metropolitan Museum of Art in New York, the Tate Modern in London, and the San Francisco Museum of Modern Art, among many other places. Paglen is also the author of five books, including Torture Taxi, an early look at the CIA's extraordinary rendition program.

"Each of our Pioneer Award winners has helped the world understand how technology and civil liberties are interwoven into our lives, and each is still working to protect our freedom and fight abuses," EFF Executive Director Shari Steele said. "We are so proud to be able to present them with this year's Pioneer Awards."

Tickets to the Pioneer Awards, which includes access to the general reception and ceremony, are $65 for EFF members and $75 for non-members. Also available are tickets for a special, advance reception featuring some past and present Pioneer Award winners as well as keynoters, the Yes Men. The special advance reception tickets are $250, which includes entry for the ticket holder plus a guest.

Awarded every year since 1992, EFF's Pioneer Awards recognize the leaders who are extending freedom and innovation on the electronic frontier. Previous honorees include Aaron Swartz, Glenn Greenwald and Laura Poitras, Tim Berners-Lee, and the Tor Project, among many others.

To buy tickets to the Pioneer Awards:


Dave Maass
Media Relations Coordinator
Electronic Frontier Foundation

var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22// allowfullscreen=%22%22 frameborder=%220%22 height=%22253%22 width=%22450%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22// allowfullscreen=%22%22 frameborder=%220%22 height=%22281%22 width=%22500%22%3E%3C/iframe%3E';
Share this:   ||  Join EFF
Categories: Aggregated News

Colombia y México se Unirán para Editar Artículos sobre Derechos Digitales en Wikipedia - Wed, 20/08/2014 - 20:18

Traducido por Jacobo Najera, ContingenteMX

Sabado 23 de agosto, EFF participará junto a Wikimedia Mexico, Rancho Electronico, Contingente MX, Fundación Karisma, Panoptykon Foundation, Hackbo, Enjambre Digital, RedPaTodos and May First Mexico se uniran para editar y mejorar artículos en español relacionados con derechos digitales en Wikipedia. En la ciudad de México, el HackerSpace Rancho Electrónico será la sede para el "editatón", mientras que en Colombia el Hacko. Este evento será una colaboración entre dos hackerspaces en América Latina, en compañía con varias organizaciones de derechos digitales y los wikipedistas, que trabajarán en conjunto los contenidos en español, en las entradas relacionadas a los derechos digitales en Wikipedia.

Los editatones son maratones de edición de Wikipedia, en donde los participantes redactan y mejoran sus artículos. El objetivo de este maratón es que las personas aprendan cómo utilizar y mejorar los artículos de Wikipedia, así como contribuir con artículos sobre derechos digitales en la enciclopedia en Internet. Este evento es abierto al público y durará toda la tarde. ¡Si usted es mexicano o colombiano ayúdenos a expandir y mejorar Wikimedia en temas de derechos digitales en español! Encuentra más información sobre el editatón aquí.

Katitza Rodríguez y Leez Wright de la EFF estarán en Bogotá para este evento; acércate a ellas para un día de edición!

Cuándo: Sábado, 23 de agosto 2014 Hora: 3:00 pm (México y Bogotá)

Dónde: Rancho Electrónico / CriptoRally: Fray Juan de Torquemada 76 Entre Bolívar e Isabel La Católica, México DF

Hackbo: Cll 44 No 8-50 oficina 201 Barrio Javeriana, Bogotá, Colombia

Related Issues: InternationalGlobal Surveillance Reform
Share this:   ||  Join EFF
Categories: Aggregated News

Digital Rights Advocates in Mexico and Colombia Unite for Wikipedia Hackathon - Wed, 20/08/2014 - 09:59

Saturday, August 23, EFF will join Wikimedia Mexico, Rancho Electronico, Contingente MX, Fundación Karisma, Panoptykon Foundation, Hackbo, Enjambre Digital, RedPaTodos and May First Mexico to edit and improve the Spanish text of digital rights-related articles on Wikipedia. Joining from Mexico City, hackerspace Rancho Electronico will be hosting its own “editathon,” while hackerspace Hackbo will follow suit in Bogotá, Colombia. This event will be a great collaboration between two hackerspaces in Latin America, along with several digital rights organizations and Wikipedians, who will work together to revise the Spanish content in digital rights entries on Wikipedia.

"Editathons" are hackathons where participants edit Wikipedia entries on a given topic.  The goal of this “editathon” is for people to learn how to use and improve Wikipedia articles while increasing the digital rights content on the internet encyclopedia.  This event is open to the public and will likely last throughout the evening. If you are Mexican or Colombian, help us expand and improve Wikipedia on digital rights issues in Spanish!

Find more information about the editathon here. EFF’s own Katitza Rodriguez and Leez Wright will both be in Bogotá for this event; join them for a day of editing and creating!

When: Saturday, August 23, 2014

Time: 3:00pm (Mexico and Bogotá)

Where: Rancho Electronico / CriptoRally: Fray Juan de Torquemada 76 Entre Bolivar e Isabel La Católica, Mexico DF

Hackbo: Cll 44 No 8-50 oficina 201 Barrio Javeriana, Bogota, Colombia

Related Issues: InternationalGlobal Surveillance Reform
Share this:   ||  Join EFF
Categories: Aggregated News

EFF to Ethiopia: Illegal Wiretapping Is Illegal, Even for Governments - Wed, 20/08/2014 - 05:57

Earlier this week, EFF told the U.S. District Court for the District of Columbia that Ethiopia must be held accountable for its illegal wiretapping of an American citizen. Foreign governments simply do not have a get-out-of-court-free card when they commit serious felonies in America against Americans. This case is the centerpiece of our U.S. legal efforts to combat state sponsored malware.

In February 2014, EFF filed suit against the Federal Democratic Republic of Ethiopia on behalf of our client, Mr. Kidane, an Ethiopian by birth who has been a U.S. citizen over a decade. Mr. Kidane discovered traces of Gamma International's FinSpy, a sophisticated spyware product which its maker claims is sold exclusively to governments and law enforcement, on his laptop at his home in suburban Maryland. A forensic examination of his computer showed that the Ethiopian government had been recording Mr. Kidane’s Skype calls, as well as monitoring his web and email usage. The monitoring, which violates both the federal Wiretap Act and Maryland state law, was accomplished using spyware that captured his activities and then reported them back to a command and control server in Ethiopia controlled by the government. The infection was active from October 2012, through March 2013, and was stopped just days after researchers at the University of Toronto’s Citizen Lab released a report exposing Ethiopia's use of use of FinSpy. The report specifically referenced the very IP address of the Ethiopian government server responsible for the command and control of the spyware on Mr. Kidane’s laptop.

The Ethiopian government responded to the suit with the troubling claim that it—and every other foreign government—should be completely immune from suit for wiretapping American citizens on American soil. Ethiopia’s filing rests on several logic-challenged premises. Ethiopia claims that the recording of Mr. Kidane’s Skype calls and Internet activity at his home in Maryland actually took place in Ethiopia, and is therefore beyond the reach of any U.S. court. Worse still, Ethiopia claims that it had the "discretion" to violate U.S. law, reducing the Wiretap Act to something more like a traffic violation than a serious felony. Interestingly, Ethiopia does not actually deny that it wiretapped Mr. Kidane.

Yesterday, EFF and its co-counsel at Robins, Kaplan, Miller & Ciresi, filed a response knocking down each of Ethiopia’s arguments, noting that not even the U.S. government is allowed to do what Ethiopia claims it had the right to do here: wiretap Americans in America with no legal process whatsoever.  We argue that Ethiopia must be held accountable for wiretapping Mr. Kidane, just as any other actor would be. Neither its status as a government nor the fact that it launched its attack on Mr. Kidane from Ethiopia gives it carte blanche to ignore the law. If Ethiopia legitimately needed to collect information about Americans for an investigation, it could negotiate a deal with the U.S., called a Mutual Legal Assistance Treaty, which would allow it to seek U.S. assistance for something like a wiretap. Otherwise, there simply is no “international spying” exception to the law for foreign governments, nor should there be. When sovereign governments act, especially when they invade the privacy of ordinary people, they must do so within the bounds of the law.  And when foreign governments break U.S. law, U.S. courts have the power to hold them accountable.

This is the next step in what we hope will set an important precedent in the U.S., fighting back against the growing problem of state-sponsored malware.  No matter what one thinks about the NSA spying on Americans inside the U.S. (of course EFF believes that this has gone way far too), it should be easy to see that foreign governments—be they Ethiopia, China, or as EFF itself experienced Vietnam—do not and should not have that right. 

Files:  kidaneopposition.pdfRelated Issues: AnonymityInternationalPrivacyRelated Cases: Kidane v. Ethiopia
Share this:   ||  Join EFF
Categories: Aggregated News

The Good, the Bad, and the Ugly of Adam Carolla’s Settlement with the Podcasting Troll - Tue, 19/08/2014 - 05:41

Big news from Texas: Adam Carolla has settled with the podcasting patent troll Personal Audio. Although the settlement is confidential, we can guess the terms. This is because Personal Audio sent out a press release last month saying it was willing to walk away from its suit with Carolla. So we can assume that Carolla did not pay Personal Audio a penny. We can also assume that, in exchange, Carolla has given up the opportunity to challenge the patent and the chance to get his attorney’s fees.

EFF’s own challenge to Personal Audio’s patent is on a separate track and will continue. Our case is before the Patent Trial and Appeal Board at the Patent Office. We are on schedule for a hearing in December with a ruling likely by April 2015. Carolla’s settlement does not impact our case.

Carolla and Personal Audio have agreed to a “quiet period” where they won’t make any public statements about the settlement before September 30, 2014. Not coincidentally, Personal Audio is still scheduled to go to trial against a number of television companies (NBC, CBS, and Fox) in September. Since Carolla is muzzled, we’ll do our best to explain the significance of the settlement. In short, it’s a mixed result.

The Good

Carolla, his team, and everyone who donated in support deserves massive credit for putting up such a strong fight. The podcasting community showed that it would not be shaken down. Patent litigation is very expensive and most troll targets settle early just to avoid the cost of defense. By fighting back, Carolla forced Personal Audio to actually mount a case and establish that it deserved money. That turned out to be too hard for the troll.

As you probably know, podcasting is not an especially lucrative business. Personal Audio, however, appears to have been unaware of this. In its July press release, the company wrote:

When Personal Audio first began its litigation, it was under the impression that Carolla, the self-proclaimed largest podcaster in the world, as well as certain other podcasters, were making significant money from infringing Personal Audio’s patents. After the parties completed discovery, however, it became clear this was not the case. As a result, Personal Audio began to offer dismissals from the case to the podcasting companies involved, rather than to litigate over the smaller amounts of money at issue.

By forcing Personal Audio to prove that it suffered damages, Carolla made it confront the fact that podcasting generates little revenue (for people that claim to have ‘invented’ podcasting, Personal Audio appears not to have understood the industry at all). Carolla is the one of the most successful podcasters in the business. If suing him makes no economic sense, then it makes no sense to sue any podcaster.

We hope that Personal Audio’s public statements on this issue mean that it has truly abandoned threatening and suing podcasters. Though a press release might not be legally binding, the company will have a hard time justifying any further litigation (or threats of litigation) against podcasters. Any future targets can point to this statement. Carolla deserves recognition for getting this result.

The Bad

By settling now, Carolla gives up the chance to make Personal Audio pay his fees. If a defendant wins on the merits it can get fees in extraordinary cases. Winning fees would be a huge deterrent to future litigation from Personal Audio. Although the Supreme Court recently made it somewhat easier for victorious defendants to get fees, it is still a challenge. Moreover, the judge has a lot of discretion and this case was in the Eastern District of Texas, a forum generally considered quite friendly to trolls. Carolla’s team likely made the calculation that fees would be a long shot.

Even more important, Carolla also loses the opportunity to invalidate the patent. If the case had gone to trial, he would have argued that the patent was invalid because the so-called invention was described or made obvious by other people’s work before Personal Audio filed its patent. Carolla would have been able to use more prior art at trial than EFF (challenges at the Patent Office are limited to printed publications). As Charles Duan at Public Knowledge recently explained, if Carolla had won on the invalidity issue, he would have defeated Personal Audio for all podcasters. A troll can’t sue with patent claims that have been invalidated by a court.

For now, the television companies are still in the case and are headed to trial in September. If they don’t settle, and they win on invalidity, then they would also defeat Personal Audio for the entire public. And EFF’s challenge at the Patent Office will continue. So Personal Audio’s claim to own podcasting is not necessarily saved by this settlement.

The Ugly

The most disappointing aspect of today’s settlement is how unsurprising it is. Almost every defendant, no matter how strong their case, ends up settling with the patent troll. Litigating patent cases is extraordinarily expensive. Carolla raised almost half a million dollars and that still would not have been enough to fund a defense through trial.

Trolls know this and use the cost of defense to extort settlements. In the rare case where someone shows a willingness to fight to the end, the troll will often save its patent at the last moment with a walk-away deal. This is likely what happened in Carolla’s case. It is also what happened when infamous patent troll Lodsys settled for nothing with Kaspersky Lab to avoid trial.

Overall, while some aspects of the settlement are disappointing, we think Carolla did a service to the podcasting community by fighting back. We hope that his example will protect smaller podcasters from further attacks from this troll.

Files:  ecf_272_-_mot_to_dismiss_pa-carolla.pdf personal_audio_press_release_7-29-14.pdfRelated Issues: PatentsPatent TrollsRelated Cases: EFF v. Personal Audio LLC
Share this:   ||  Join EFF
Categories: Aggregated News

Cell Phone Guide For US Protesters, Updated 2014 Edition - Sat, 16/08/2014 - 08:27

With major protests in the news again, we decided it's time to update our cell phone guide for protestors. A lot has changed since we last published this report in 2011, for better and for worse. On the one hand, we've learned more about the massive volume of law enforcement requests for cell phone—ranging from location information to actual content—and widespread use of dedicated cell phone surveillance technologies. On the other hand, strong Supreme Court opinions have eliminated any ambiguity about the unconstitutionality of warrantless searches of phones incident to arrest, and a growing national consensus says location data, too, is private.

Protesters want to be able to communicate, to document the protests, and to share photos and video with the world. So they'll be carrying phones, and they'll face a complex set of considerations about the privacy of the data those phones hold. We hope this guide can help answer some questions about how to best protect that data, and what rights protesters have in the face of police demands.

Before The Protest

Think carefully about what's on your phone. When we last visited this question, law enforcement in many states were arguing that they could search the contents of a phone incident to arrest without a warrant. Today, thanks to the unanimous Supreme Court decision in Riley v. California, that's no longer the case. Still, if you can avoid carrying sensitive data, you don't have to worry about it getting pulled off the phone. That can include photos, your address book, application data, and more. If you don't need it for the protest, consider removing it for the duration.

If you have access to a temporary phone with only the essentials, that might be a better option. Modern smartphones record all sorts of data, and there may be overlooked sources of sensitive information.

Password protect your phone. Password protection can guard your phone from casual searches, but it can still be circumvented by law enforcement or other sophisticated adversaries.

Start using encrypted communications channels. Text messages, as a rule, can be read and stored by your phone company or by surveillance equipment in the area. If you and your friends can get comfortable with encrypted communications channels in advance, that can keep prying eyes off your texts while they're in transit.

Direct messages through social media may be encrypted while in transit, but can be subject to subpoenas from law enforcement. You may wish to explore end-to-end encrypted options, like Whisper Systems's TextSecure,1 Guardian Project's mobile IM software ChatSecure, or the mobile version of Cryptocat, which only store the contents of your communications in an encrypted, unreadable form.

End-to-end encryption does not protect your meta-data. In other words, using end-to-end encrypted communications will keep law enforcement from being able to read the contents of your messages, but they will still be able to see who you're talking to and when you're talking to them.

At The Protest

Keep control of your phone. You may wish to keep the phone on you at all times, or hand it over to a trusted friend if you are engaging in action that you think might lead to your arrest. In any case, you can set the lock screen to turn on quickly, so that if you do lose control of your phone, nobody else gets access easily.

Take pictures and video of the scene. As the ACLU says in a recent Know Your Rights guide, "Taking photographs of things that are plainly visible from public spaces is a constitutional right." Unfortunately, that doesn't stop law enforcement officers from occasionally demanding that protesters stop doing exactly that.

If you're planning to document the protest, you should read the whole guide ahead of time. There are special considerations for videotaping, too, so make sure to brush up on that if you plan to be recording video.

Finally, you may wish to explore options that upload directly to another server. Livestreaming sites, and even social media services, can make sure photos and videos get online before law enforcement officers have a chance to delete them.

Help, I'm being arrested!

You have a right to remain silent—about your phone and anything else. If questioned by police, you can politely but firmly decline to answer and ask to speak to your attorney.

If the police ask to see your phone, tell them you do not consent to the search of your device. Again, since the Supreme Court's decision in Riley, there is little question that officers need a warrant to access the contents of your phone incident to arrest, though they may be able to seize the phone and get a warrant later.

As we said in the last guide, if the police ask for the password to your electronic device you can politely refuse to provide it and ask to speak to your lawyer. Every arrest situation is different, and you will need an attorney to help you sort through your particular circumstance. Note that just because the police cannot compel you to give up your password, that doesn’t mean that they can’t pressure you. The police may detain you and you may go to jail rather than being immediately released if they think you’re refusing to be cooperative. You will need to decide whether to comply.

OK, now how do I get my phone back?

If your phone or electronic device was seized, and is not promptly returned when you are released, you can file a motion with the court to have your property returned. If the police believe that evidence of a crime is on your electronic device, including in your photos or videos, the police can keep it as evidence. They may also attempt to make you forfeit your electronic device, but you can challenge that in court.

Increasingly, we keep our most sensitive communications and personal information on our cell phones. We carry in our pockets these devices that can tremendously enhance our ability to exercise our First Amendment rights, but which also carry serious privacy risks. We hope that with these tips in mind, you can take the necessary precautions with your digital technology.

Last updated August 2014.

  • 1. Currently Android-only, but with iPhone support on the way
Related Issues: PrivacyLocational PrivacySecurity
Share this:   ||  Join EFF
Categories: Aggregated News

Seventh Circuit Saves Batman From Crazy Trademark Attack - Sat, 16/08/2014 - 06:54

The events depicted in the superhero movie The Dark Knight Rises are not real. For example, when Cat Woman pursues software called “Clean Slate” to erase all traces of her criminal past, you are watching a fictional character seek fictional software. If that point strikes you as obvious, then you may have trouble comprehending the trademark claim in Fortres Grand v. Warner Brothers. In that case, software company Fortres Grand claimed that the movie’s use of the words ‘clean slate’ infringed its trademark on a real piece of software with that name.

Last year, with the help of Professor Eugene Volokh and UCLA’s First Amendment Amicus Brief Clinic, EFF filed a brief urging the Seventh Circuit to reject this claim. We explained that trademark claims like this threaten creative expression. There are many reasons why artists might want to use a mark (either real or invented) in a book or movie. Janis Joplin sang, “Lord, won’t you buy me a Mercedes Benz.” And cartoons and movies have used fictional marks (such as ACME or Skynet) that share names with existing products. Artists should not fear litigation every time they use a term that echoes a trademark.

Fortunately, trademark law does not favor silly claims based on fictional products. A major issue before the court was whether, for the purpose of evaluating similarity between the products at issue, it should compare Fortres Grand’s real-world software to the fictional clean slate software or to the movie. The Seventh Circuit wrote that the law “compels lower courts to look to the movie, since it is [Warner Bros.’] only tangible product in the marketplace about which consumers could be confused.” Since a superhero movie is nothing like software, this effectively settled the trademark question. Having decided on that basis, the Seventh Circuit declined to decide whether the First Amendment also provides Warner Bros. with a defense.

While the Seventh Circuit ruled on fairly narrow grounds, its decision should still discourage future frivolous claims against fictional works. Most important, the appeals court affirmed the district court’s decision to throw this case out early on a motion to dismiss. That is good news for smaller creators who, unlike Warner Bros., might not be able to afford protracted litigation. This time, a victory for Batman is a victory for free speech.

Share this:   ||  Join EFF
Categories: Aggregated News

EFF's Defcon 22 T-Shirt Puzzle Explained - Sat, 16/08/2014 - 05:47

This summer we proudly unveiled EFF's fifth limited edition member t-shirt to DEF CON 22 attendees at the annual hacker conference in Las Vegas. Secretive organizations scheming global domination and watching everything you do may not be very far fetched, but we've turned that concept on its head with a digital freedom society-themed motif created by EFF Senior Designer Hugh D'Andrade. Together we are growing our own conspiracy to defend privacy and free expression for all. Hidden within the rich mystic symbolism of the crossing keypair, ethernet cable crest, lockpicks, and anti-surveillance eye is a secret puzzle for you to decipher, the likes of which would make even Voynich jealous! Warning: spoilers are ahead, and you already know too much!

Displayed on the left is the original shirt as seen in plain daylight. But under the shine of a blacklight, the ciphertext is revealed:

[Iikcggu] Gvdw ag etxlku | [Ptjhafvmkx] rqgrva(cgvs urlaiaixcm Asiixl) | [Gwhusu] akksdx bzqaymoukh(gsyi, Jnsrgo) | [Rmtm] mwllzg(ihrl.qv_e? Wkivav)

What does it mean? A second text is highlighted with the blacklight:


Our super secure Key Derivation Function comes in the form of a dictionary. Translated from Latin into English, this phrase becomes:

Everyone has something to hide

And how do you decode the ciphertext? Using a cipher developed in the 16th century called the Vigenère cipher:

[English] Code is speech | [Javascript] assert(code instanceof Speech) | [Python] assert isinstance(code, Speech) | [Ruby] assert(code.is_a? Speech)

The plaintext reminds us of an important ruling made in the historic case Bernstein v. US Department of Justice, which EFF litigated: source code is a form of speech constitutionally protected by the First Amendment. Special congratulations go to 1o57 and the council of 9 for being the first to solve this year's puzzle!

Photo Credit: junkmail.  CC Attribution 2.0 Related Issues: Coders' Rights ProjectComputer Fraud And Abuse Act Reform
Share this:   ||  Join EFF
Categories: Aggregated News

What You Need to Know About the FISA Court—and How it Needs to Change - Sat, 16/08/2014 - 03:39

Should interpretation of the laws and Constitution of the United States take place in one-sided secretive courts, away from the public eye?

For years, it has. But even Foreign Intelligence Surveillance Court (FISC) judges don’t agree on how exactly the FISC should work. Since the Snowden disclosures, hundreds of lawmakers have made it clear that they want to see more transparency in the court by supporting various NSA reforms. Most recently, 18 Senators co-sponsored the new USA FREEDOM Act, S. 2685, which offers a few important changes to the FISC.

So who’s right? A look at the history and procedures of the FISC make it clear: real reform is needed now.

How We Think Courts Work, and How that Measures Up to the FISA Court

As a society, we imagine courts are places where adversarial proceedings take place. In television, literature, and movies, we see each side taking responsibility for gathering the evidence and witnesses that will be most helpful to their argument­. They put forth their evidence and argue the law where applicable. And each side has the opportunity to know and take apart the other side’s evidence.

Of course some court situations are not adversarial. The most commonly known situation is when a judge signs a warrant so law enforcement can conduct a search after hearing only from the cops. But when those warrants result in evidence that is used in court, there’s still a chance to challenge the validity of the warrant and the search—and if they were done incorrectly, that evidence can often be suppressed.

The FISA Court is very different. Created by Section 103 of the Foreign Intelligence Surveillance Act of 1978, the purpose of the FISC is to “hear applications for and grant orders approving electronic surveillance anywhere within the United States.”

The court makes its own rules and operates in secret. It decides matters like the now infamous Verizon order leaked by Edward Snowden, which allowed for the collection of call detail records for millions of innocent Verizon customers. It relies on a general “heightened duty of candor,” meaning that the government is supposed to go to extreme lengths to tell the court everything it ought to know to make the right decision.   

Now, if this was just a simple process of approving applications for surveillance, and if the evidence could later be challenged in court, this might make sense. But, as we’ve learned, this process is not so simple and can involve critical issues of constitutional law and interpretations of what Congress meant in FISA. The court must rely on one-sided information from the government and has to trust that that information is complete. And the data collected by the NSA and FBI under those applications often remains secret, even when it, or information derived from it, is used in criminal proceedings.  

Why the FISA Court Needs to Change

Among the myriad reasons the FISC must change, three stand out.

First, FISA has become a drastically more complicated law than when it was originally passed in 1978, and the role of the FISC has accordingly grown far beyond the bounds of what Congress envisioned. Second, because of those changes, the FISC has created a huge body of secret policy and legal precedent. Finally, the court’s reliance on the government to provide all the necessary information needed to fairly make decisions is not sufficient, something that is painfully obvious as one reads the FISC decisions themselves. It’s also something EFF has recently experienced in our NSA cases.  

The court’s mandate has expanded exponentially since 1978, especially during the 90s. More recently, Section 215 of the PATRIOT Act and Section 702 of the FISA Amendments Act—both of which were passed decades after the initial FISA—granted far broader spying authorities to the government than had existed before, and the government has claimed the right to conduct mass surveillance under these provisions. What Congress originally authorized when creating the FISC, with the Church Committee hearings freshly in mind, was an expedited system of approving individualized warrants for foreign surveillance of specified individuals—much like what regular magistrate judges do with warrants now, with safeguards built in for the national security context.

That bears repeating: When FISA was passed, it authorized individualized warrants for surveillance. Now, the court is approving mass surveillance.

This is key, because as “current and former officials familiar with the court’s classified decisions” told the New York Times in July of last year, the court is no longer simply approving applications. It is “regularly assessing broad constitutional questions and establishing important judicial precedents, with almost no public scrutiny," affecting millions of innocent people. As former FISC judge James Robertson stated to the Privacy and Civil Liberties Oversight Board, “What [the FISC] does is not adjudication, but approval. This works just fine when it deals with individual applications for warrants, but the 2008 (FISA) amendment has turned the FISA court into an administrative agency making rules for others to follow.”

The result of this expansion of the FISC’s role is a body of secret law that, now that some has come to light, has shocked most Americans. The most obvious example of this is, of course, section 215 of the Patriot Act, where “the court’s interpretation of the word ['relevant,'] enabled the government . . . to collect the phone records of the majority of Americans, including phone numbers people dialed and where they were calling from, as part of a continuing investigation into international terrorism.”

The “heightened duty of candor” is not enough. FISC decisions that have been made public are full of descriptions of the NSA not fulfilling its duties and being very slow to inform the court about it. Judge John Bates noted: “The court is troubled that the government’s revelations regarding the NSA’s acquisition of Internet transactions mark the third instance in less than three years in which the government has disclosed a substantial misrepresentation regarding the scope of a major collection program,” and noted “repeated inaccurate statements made in the government’s submission,” concluding that the requirements had been “so frequently and systematically violated that it can fairly be said that this critical element of the overall…regime has never functioned effectively.”

Judges have consistently chastised the NSA for “inaccurate” statements, misleading or incomplete filings and for having “circumvented the spirit” of laws protecting Americans’ privacy.

EFF had its own brush with this problem earlier this year, when we discovered that the government had not even informed the FISC of its duties to preserve evidence. In March, after an emergency hearing, a federal court in San Francisco ordered the government to preserve records of Section 215 call details collection. On that same day, the FISC issued its own strongly worded order in which it mandated the government to make a filing explaining exactly why it had failed to notify the FISC about relevant information regarding preservation orders in two related cases, Jewel and Shubert. This failure had affected the court’s earlier ruling mandating that certain information be destroyed.

It’s clear that the FISC simply can’t rely on the government to get the full picture.

How the FISA Court Needs to Change

The FISA Court must change in at least two ways: it needs a true advocate for privacy and civil liberties in the court and it must have institutionalized, systematic publication of significant opinions.

As former FISC Judge James Carr has stated, reform requires an advocate for targets of surveillance, as well as for privacy and civil liberties. A special advocate for privacy would move the court towards the adversarial model. It would end blind reliance on the government’s candor, which has been proven to be less candid than the FISC itself would like. And a special advocate can bring technical expertise that the FISC might otherwise not have and help spot legal issues that might otherwise go unnoticed.

Publication of significant interpretations of the law is also essential; there must be a public understanding of what the law means in practice. For this to work, declassification should not be held captive by the intelligence community, as is currently the case.  At the very least, the Attorney General and the FISC itself should work together to determine what opinions should be published, based on clear guidelines about what significant interpretations of the law actually are.  This is just a small step, though. The FISC secrecy is just one piece of the overall problem of overclassification, which needs broader reform.

How S.2685, the New USA FREEDOM Act, Measures Up to the Needed Changes

As we’ve noted, the bill makes two big changes to the FISC: it directs the Office of the Director of National Intelligence, in consultation with the Attorney General, to declassify “significant” FISA Court opinions and to summarize opinions that can’t be declassified. And it creates a panel of special advocates with the purpose of advocating “as appropriate, in support of legal interpretations that advance individual privacy and civil liberties.” The special advocates are meant to serve whenever an application “in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a written finding that such appointment is not appropriate.”

Prof. Steve Vladeck at Just Security has pointed out that a recent letter from Judge John Bates arguing against the new USA FREEDOM Act’s FISA Court reforms serves to reinforce exactly why they are needed, and indicates that they may very well be effective. 

Judge Bates, former presiding judge at the FISC, strongly decried several provisions of the new USA FREEDOM Act in his August 5 letter. The letter itself is a little unusual—Judge Bates states that he’s not expressing “preferences on fundamental policy choices,” but makes it clear that he supports the gutted House USA FREEDOM, H.R. 3361.

Judge Bates’ concerns with regards to the special advocate can be summed up like this: non-adversarial proceedings are not a big deal. They happen all the time, and this process allows for lots of great conversation between the court and the government. A special advocate would complicate this. They are more than just an amicus, advising the court. They are advocating for privacy…..but our system isn’t designed to handle adversarial proceedings. An amicus provision, opines Bates, would be preferable. 

And as Judge Carr has pointed out, “An amicus represents no one. Instead, an amicus participates solely for the court’s benefit. This will not achieve true reform, which requires appointment of an attorney to represent the target (whether the target is an individual, group, or the public at large).”

Judge Bates’ concerns are all aimed at maintaining the court as it is. He argues that a special advocate will upset the court's balance. In our opinion, that’s a good thing. Considering Judge Bates' conclusion in his October 2011 opinion that the system has "never functioned effectively," it is surprising that he doesn't agree.

Judge Bates is concerned about potential reluctance on the part of the government to disclose important information to the court if a special advocate position is created. But the government has the obligation to disclose that information no matter what. And what’s more, we already know that the court as it is doesn’t work.

If anything, the special advocate provisions in S. 2685 could be stronger. The special advocate could, when appropriate, have the specific purpose of representing potential targets of surveillance, instead of advocating generally for interpretations of the law that protect civil liberties. Judge Carr points out that counsel for a target is most important “on appeal. Enabling adversarial appellate review is crucial to increased confidence in the FISC and its work.” The special advocate could also have more independence. But the bottom line is that S. 2685’s special advocate provisions are a huge, necessary step forward.

Judge Bates also has concerns about declassification of FISC opinions. S. 2685 directs the Office of the Director of National Intelligence, in consultation with the Attorney General, to declassify “significant” FISA Court opinions. He writes that creating summaries of opinions that can’t be declassified is “likely to result in misunderstanding of the opinion’s reasoning and result,” a concern he believes is “heightened when the only party to the proceeding—in this context, the government—is tasked with preparing the summary.”

In contrast, Judge Carr believes that the FISC must have a significant role in the declassification process for the FISC’s own opinions.

These objections point to potential weaknesses in S. 2685. We believe that a less interested party should be in charge of declassification—the legislation puts the Director of National Intelligence in charge of that process, which is a bit like the fox guarding the hen house.

Judge Bates’ concerns that S. 2685 will interrupt the status quo at the FISC make a strong case that the legislation is a much-needed step in the right direction.

The status quo is broken. S. 2685 starts to fix it.

Share this:   ||  Join EFF
Categories: Aggregated News

Certification Allows US Trade Negotiators to Rewrite TPP Copyright Rules - Fri, 15/08/2014 - 05:11

As the negotiations over the Trans-Pacific Partnership agreement (TPP) continue to trudge along, little new information has leaked because the negotiations are being conducted under conditions of strict secrecy.

But this week, the launch of the TPP: No Certification website has shed new light on one issue that has been often overlooked before now. The United States, exclusively amongst the dozen negotiating partners, is reserving the right to vet other countries' implementation of the agreement before its own obligations come into effect. This has worrying implications for other countries planning to take advantage of whatever flexibilities remain in the TPP text after the negotiations are finished.

For example, the leaked draft of the TPP requires signatory countries to provide “legal incentives for service providers to cooperate with copyright owners.” Since “legal incentives” is so vague, there are several ways in which a country might interpret and implement this—a narrow interpretation might merely require Internet Service Providers (ISPs) to be offered a tax break for hosting anti-piracy banner ads, but if interpreted more broadly it might penalize ISPs millions of dollars unless they disconnect suspected infringers from the Internet.

Certification means that this ambiguity or flexibility could disappear, leaving countries with only one, extreme interpretation of their obligations under the TPP—whatever interpretation the US Trade Representative (USTR) unilaterally decides.

What Does Certification Mean?

Before the TPP becomes binding on any of the negotiating countries, they will each have to undergo a set of domestic procedures to approve the agreement. These vary from one country to another. For most countries, once this domestic approval process has taken place, this will activate its obligations towards all other countries that have undergone a similar approval process.

But only for the United States, its approval of the agreement will take place in two phases. First, Congress gives its overall approval of the TPP text, and second, the implementing laws of each of the other countries must be individually certified before the obligations of the US take effect for that country. This certification is not conducted by an independent body, but by the USTR, based on its own assessment of what was agreed—even if these supposed obligations were not reflected in the final text. Essentially, it's a way for the US to twist the arm of other nations until they enact policies it couldn't get them to agree to during negotiations.

How It Affects Copyright and Patent Laws

The threat of certification is not widely known in itself, but what has been even more obscure is one of the USTR's main motivations for toughening up certification requirements on its trading partners. Some of those partners have a record of passing more flexible copyright and patents laws than the US would like, so they use these certification powers to try to hold those nations ransom until they can get the policies that appease its domestic interests.

Chile, for example, entered into a Free Trade Agreement (FTA) with the United States in 2004, but only in 2010 finalized a system for copyright content takedown. Under this system, unlike under the US DMCA, removal of content by intermediaries requires a court order in order to comply with Chile's constitution and its obligations under the American Convention on Human Rights.

The FTA permits this interpretation, but the USTR has strongly criticized it, urging Chile “to amend its Internet service provider liability regime to permit effective action against any act of infringement of copyright and related rights.” Chile remains on the Priority Watch List of the most recent Special 301 Report [pdf] published by the USTR, for this and other supposed deficiencies in its implementation of the FTA.

Australia provides another example. Australia, like the United States, is a signatory to the WIPO Copyright Treaty. Since 2000 it has had its own equivalent of the DMCA that implements that treaty—relevantly including a prohibition on the use of circumvention devices to bypass technological protection mechanisms (TPMs, also known as digital locks) that prevent digital works from being copied.

Following its conclusion of a trade deal with the United States in 2004, Australia was forced to amend this provision, to toughen it in several ways going beyond its WIPO obligations—including criminalizing circumvention and criminalizing trafficking in circumvention devices. Although the act of circumvention was subject to certain “fair use”-style exceptions, the supply of circumvention devices was criminalized outright. A subsequent Parliamentary Report [pdf] noted this as “a flaw that verges on absurdity,” rendering the circumvention exceptions “to be little more than empty promises.” Yet Australia was forced to agree to these absurd changes in order to satisfy US demands.

Certification and the TPP

The USTR has exercised this power for decades for other trade agreements, yet still, the consequences if it is applied to the TPP are difficult to predict and potentially serious. It would jeopardize the ability for other countries to make use of any positive concessions that they may have been able to negotiate in the TPP's copyright and patent text, that could allow their lawmakers to enact better policies that uphold the interests of users and consumers, or oftentimes, preserve such laws that are already in place.

With certification, the US can get away with not holding up their side of the deal as long as the US decides that other countries are not implementing the agreement to their liking. It is in other words, another stick that the USTR can use to force these countries into passing ever more senseless, draconian digital policies that go beyond the TPP's literal wording.

It's important to remember that the policies the USTR is forcing on to other countries are not representative of what the people in the US want, nor even reflective of the policies that are in place in the US. Certification is another way for the USTR to compel negotiating partners to enact policies that are harmful to users. It is reflective of how much Hollywood, major publishers, and other big corporate interests have captured the USTR's objectives.

The specter of the certification process sounds yet another note of caution for countries negotiating the TPP. They should be very wary in committing themselves to uphold such an agreement in circumstances where the flexibilities they believe they are agreeing to could actually be whittled away at the whim of one of their negotiating partners.

Conversely, if it seeks to gain the trust of both its partners and domestic stakeholders, US trade policy requires radical reform, not only to the flawed certification process, but also to the secrecy of trade negotiations in general, the lack of accountability to the public, and Fast Track proposals that insulate trade agreements even from the scrutiny of Congress itself.

Related Issues: Fair Use and Intellectual Property: Defending the BalanceInternationalTrans-Pacific Partnership Agreement
Share this:   ||  Join EFF
Categories: Aggregated News

Australia and Mexico Must Overhaul Data Retention Mandates - Thu, 14/08/2014 - 10:41

Today, Mexico’s newest data retention law entered into force. The Mexican telecom law compels telecom providers to retain, for two years, the details of who communicates with whom, for how long, and from where. It also allows the authorities access to these details without a court order, exposing geolocation information that reveals the physical whereabouts of Mexicans. Across the Pacific, the Australian government plans to introduce a data retention mandate for Australian Internet Service Providers.  These developments come on the heels of widespread opposition, and skepticism about whether blanket data retention mandates can ever be consistent with human rights law.

On April 8, the Grand Chamber of the Court of Justice of the European Union declared the EU's Data Retention Directive invalid. The top court held that, although the retention of communications data under the Directive was for the legitimate aim of combating "serious crime," the blanket nature of the obligation entailed "an interference with the fundamental rights of practically the entire European population." Essentially, the court criticized the Directive for treating every person as a criminal suspect. The decision was a huge victory for European human rights activists who doggedly fought these draconian rules. The activists waged awe-inspiring advocacy campaigns, pursued effective litigation strategies, and organized what proved to be the largest-ever street protests against excessive surveillance.  In Germany, the battle against the implementation of data retention gathered steam immediately after the law’s passage. The German coalition, AK Vorrat, brought public pressure against it and initiated a lawsuit on behalf of 34,000 citizens. The coalition was successful, as the German constitutional court rejected the data retention law as contrary to fundamental civil liberties guaranteed by the German constitution.

The consequences of data retention mandates are far-reaching, but one particularly troubling outcome is the erosion of journalists’ right to refuse to hand over evidence to law enforcement to protect the confidentiality of their sources. In Poland, the media reported on two major cases where intelligence agencies used retained traffic and subscriber data to illegally disclose journalistic sources.  In Germany, Deutsche Telekom illegally used telecom traffic and location data to spy on about 60 individuals—including critical journalists, managers and union leaders—in order to try to find leaks. And in a particularly egregious case from Ireland, a law enforcement officer reportedly used retained communications data to spy on her ex-boyfriend’s phone activities.

Meanwhile, Latin America saw a judicial rejection of a data retention mandate as early as 2005. An Argentine regulation there had compelled all telcos and ISPs to record, index, and store traffic data for a 10-year period. Argentine civil rights organization, Fundacion Via Libre, fought back with a media campaign, and, in combination with a litigation strategy led by a private sector organization, the regulation was thrown out by the Argentine Supreme Court.

More recently, strong criticisms of data retention mandates have been issued in international policy venues. On March 27, the UN Human Rights Committee (the body of independent experts that monitors implementation of the International Covenant on Civil and Political Rights by its State parties) issued its first-ever official report on privacy in the digital age, calling upon the United States to “refrain from imposing mandatory retention of data by third parties.”

And recently, the Office of the United Nations High Commissioner for Human Rights, Navi Pillay, issued a landmark report, expressly criticizing data retention mandates and stating that they are neither necessary nor proportionate:

Mandatory third party data retention, a recurring feature of surveillance regimes in many States, where Governments require telephone companies and Internet service providers to store metadata about their customers’ communications and location for subsequent law enforcement and intelligence agency access appears neither necessary nor proportionate.

For any surveillance measure to be legal under international human rights law, it must be prescribed by law. It must be “necessary” to achieve a legitimate aim and “proportionate” to the desired aim. This requirement is important to ensure that the government does not adopt surveillance measures that threaten the foundations of a democratic society.

The 13 Necessary and Proportionate Principles in particular, and international human rights law generally, are premised on the assumption that interferences with fundamental rights must be dealt with on a case-by-case basis. In this context, data retention mandates of innocent individuals, by its very nature, eradicates any consideration of proportionality and due process in favor of the indiscriminate interference with the right to privacy—and could never be compatible with States’ human rights obligations. Australia and Mexico must turn back from the dead-end path of data retention mandates, and uphold their international human rights obligations.


International Principles on the Application of Human Rights to Communications Surveillance, updated July 2014

EFF, Article 19: Legal Analysis and Background Materials: International Principles on the Application of Human Rights to Communications Surveillance, May 2014

The Right to Privacy in the Digital Age

Report of the High Commissioner for Human Rights on the right the privacy in the digital age

Annual Report of the Inter-American Commission on Human Rights 2013. Annual Report of the Office of the Special Rapporteur for Freedom of Expression

Human Rights Committee, General Comment 27, Freedom of movement (Art. 12), U.N. Doc CCPR/C/21/Rev.1/Add.9 (1999).

UN Special Rapporteur on the Promotion and Protection of Human Rights and Fundamental Freedoms While Countering Terrorism, A/HRC/13/37UN

Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression, A/HRC/23/40

Related Issues: InternationalMandatory Data Retention
Share this:   ||  Join EFF
Categories: Aggregated News

A Recap of the First EFF CUP Workshop - Sat, 09/08/2014 - 10:50

Updated: August 13th, 11:13AM to clarify that Wickr does not maintain private key servers

At the SOUPS conference in July, we convened the first EFF CUP Workshop. The one-day event brought together a diverse group of software developers and researchers around the common goal of developing an end-to-end encryption communication tool which is both secure and usable. Specifically, our goal was to explore the current state-of-the-art and evaluate the feasibility and usefulness of awarding a prize for the solution today that is closest to this goal.

We began the day with an invited talk from Trevor Perrin (slides here), who's been prolific in this space and started the excellent Modern Crypto mailing lists. Trevor laid out the many technical challenges in secure messaging; for many there are two or three plausible solutions but each has trade-offs and we generally don't know what will be usable for the masses and practical at scale. For example, is it better to build a designated application for secure messaging? Or design a plugin or overlay to bring security to an existing application? There are also a number of unsolved technical problems like verifying the mapping from crypto keys to users. Will users ever find a way for users to intuitively understand and verify key fingerprints? Or can another solution, based on a centralized distribution server with sufficient transparency logs to keep it honest, win out?

Next up we had a number of developers present 2-3 minute demos of their work, which are now available online. We started with four projects showcasing four different approaches to key exchange and verification: Confusion (video) which uses short shared passwords to derive anonymized key exchange messages which are then broadcast; OkTurtles (video) which uses DNSChain (built on NameCoin) to tie public keys to names using a Bitcoin-like block chain; Petmail (video) which allows users to share short invitation-codes and exchange keys over relay servers (which may be anonymous); and SafeSlinger (video), a protocol designed for small groups of people (up to 9) to exchange keys in-person using their mobile devices (though it may also be used remotely). The first three of these projects all are relatively complex and early-stage, with advanced security features. Trying to explain them to a room full of technically-minded people showcased the difficulty in designing an elegant user interface. But they also all demonstrated that there are still many novel architectures possible. SafeSlinger, by contrast, is further along, with deployed apps already being used in practice and looks like a nice breakthrough for in-person key exchange which avoids the traditional problem of users neglecting to carefully compare keys.

Next we heard from two projects aiming to re-imagine email and put users in charge of their data: Mailpile (video), a web-based email interface which can be self-hosted or cloud-hosted and which is designed with PGP support built in; and Kinko (video), a complete mail-transfer agent to be contained in an open-source hardware appliance. Both projects are alpha-stage but represent exciting efforts to make email as elegant and easy as today's commercial webmail without relying on remote storage. The two projects also appear to complement each other well. A key challenge discussed was how to blend PGP-encrypted email with unencrypted email (when communicating with recipients without PGP support), particularly in email threads with multiple participants, and explain this all to users.

Next were Wickr (video) and ChatSecure, both chat applications available for Android and iOS that already have significant numbers of users. The approaches vary: Wickr is a proprietary application with centralized public key servers used for authenticating conversations, while ChatSecure uses the well-known OTR protocol. While many attendees expressed concern about trusting a non-open-source application, it was interesting to contrast Wickr's sales pitch which focuses on simplicity and fun with the security-focused pitches of many other projects.

The next session had demos from Scramble (video), Xmail (video), and Google's End-to-End. All three are browser plugins enabling encrypted communication to be added in a variety of different websites.

Finally we heard from GPGTools (video) and OpenKeychain (video), frontends for GPG in Mac OS X and Android, respectively. PGP, for better and for worse, has been around for quite some time now and both projects reported some struggles with backwards-compatibility issues.

The tool demonstrations and discussions underscored the point that key verification is the catastrophic weakness in all of the available end-to-end cryptosystems.  Beyond that, subsets of them also fail to be usable because of key discovery, installation difficulties, version incompatibilities, or simply bugs -- and of course many fail to be secure for purely technical reasons.  Although some innovation has improved it slightly (shared secrets in OTR, words as session verifiers in RedPhone and SilentPhone) it isn't clear that these techniques are secure against a sophisticated adversary.

After lunch we had two panels. The first was on usability metrics. Ann-Marie Horcher presented a framework for quantifying the difficulty of using software by measuring the number of actions tasks take and the complexity of those actions. While not perfect, this can be a way to get a sense of how complicated an interface is without a large user test. By contrast, Peter Eckersley discussed a more ambitious approach with participants being asked to communicate with each other in an "alternative reality game" that would include simulated man-in-the-middle attacks to try to evaluate how a tool holds up against plausible real-world attacks. This might be the ultimate test of success, but in discussion concerns were raised about the cost of doing this and that it might only be appropriate for comparing the usability of very mature tools.  Adrienne Porter Felt pointed out that preliminary evaluations, walkthroughs and user testing would make more sense to start out with. Overall the panel discussion focused on early, simple tests and panelists agreed that it will be very hard to ever be "done" with a usable and secure messaging app, it will be a process of continual refinement and many projects seem a considerable way from victory.

The final panel of the day focused on the big question of organizing a contest. It was structured as a panel and we had interesting contributions from several panelists with experience in contests and crowd-funding in other contexts (some of these have been successful, but it is clear they need to be designed with care), and Kurt Opsahl on EFF's contest-like Encrypt the Web scorecard, but it quickly led to an open-ended discussion with many attendees participating. A number of design considerations were raised about holding a contest: will we be able to conclusively evaluate projects? Can ensure that the contest fosters a climate of collaboration? Will it be unfair comparing projects with distinct goals? Will we need a large number of different criteria and prizes? Does it make sense to give prize money to projects once they've achieved goals, instead of using the money to help them achieve those goals? Will a contest motivate new work?

A few themes emerged from discussion. One is that most, if not all, projects are not where we'd like them to be, and nearly all of the free/open source efforts are struggling for resources. In particular, only a handful of the free/open source projects have designers or usability evaluators on their teams. One possible explanation was that for financial reasons, designers are much less able to work for free in support of open-source projects than software developers are, so they're rarely involved.  One route discussed was to try to find UX researchers in academia to fill this gap.  Participating academics said that existing HCI conferences and journals would not publish incremental evaluations or attempts to improve encryption tools, because the problem was considered "answered": those tools are unusable.  It was concluded that special issues of journals, new conference tracks, or entirely new workshops would be needed before academic researchers would have career incentives to assist in pushing toward the first usable, secure communications tools.

Another solution proposed for the "design gap" was to introduce and fund designers to work with promising projects.  Some viewed this approach as more relevant to a prize, at least at this stage.  Yet there are also good arguments against switching from a contest paradigm to more of a grant-making paradigm. For one, there's value to singling out a winner for the sake of publicity and encouraging the community to adopt and support a champion, even if the selection process isn't perfect. Second, there are already many organizations supplying grants. One of the core competencies we can contribute is technical expertise to run a contest.

One point of discussion was whether to organize a single large prize contest, or a series of smaller ones. Many projects are still too immature to be evaluated as finished products and we still don't know exactly what criteria we want in the end. Smaller, targeted contests, perhaps on an annual basis, or perhaps a series of rounds building up to a final prize round in the future, might be more practical goals. A synthesis of these ideas was basing the contest on a "scorecard" of both the security and usability properties of tools; there could be a prize for the (potentially distant) goal of reaching a perfect score, but along the way projects could track their progress in meaningful, incremental ways.

Overall, it was a very productive and interesting day. We had not yet made any firm decisions about whether to organize a formal prize. The main goal was to learn as much as possible from the people whose support and participation we'll need to make a contest worthwhile. We certainly achieved that goal, and had a fascinating gathering of a perse group of minds interested in making progress on a challenging but worthwhile problem. Thanks to everybody who helped make it happen!

Related Issues: PrivacySecurity
Share this:   ||  Join EFF
Categories: Aggregated News

Google Boosts Secure Sites in Search Results - Sat, 09/08/2014 - 07:46

In a bold and welcome move to protect users, Google announced on Wednesday that they have started prioritizing sites offering HTTPS (HTTP over TLS) in their page ranking algorithm. Google's Online Security Blog explains that domains with transport layer encryption have a slight advantage in search results, and the preference may grow stronger in the coming months:

For now it's only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

The post also provides solid recommendations for webmasters adopting TLS—use a strong 2048-bit key and check your configuration with the Qualys Lab tool.

This move to protect end users and reward sites taking steps to ensure the privacy and security of their visitors fits into a long tradition of advancing encryption at Google. The company led the field when it introduced HTTPS by default for Gmail and for search in 2010. As revelations of the NSA-GCHQ MUSCULAR program tapping the links between Google data centers came to light in late October 2013, it responded quickly in early November by announcing it would begin encrypting the traffic on its internal network. Google was also an early adopter of STARTTLS, encrypting the traffic between email providers, and recently provided a comprehensive data set to help us understand Internet-wide trends in STARTTLS adoption.

This week's announcement further underlines a commitment to encrypting Internet traffic and keeping user data safe, and encouraging others to do so. We urge Google to go further and carry out its plan to strengthen the preference of HTTPS sites, as well as favoring sites that have configured HTTPS well, such as by enabling Perfect Forward Secrecy.

Qualys, the organization that provides the configuration-testing tool, also has a best practices guide that may be useful for webmasters configuring HTTPS.

Related Issues: Security
Share this:   ||  Join EFF
Categories: Aggregated News

Australian Proposal Would Require Suspicionless Domestic Spying by ISPs - Sat, 09/08/2014 - 06:49

The Australian government announced new anti-terrorism measures this week, in response to the alleged involvement of Australian citizens with extremist groups in countries including Syria and Iraq. Quietly omitted from the briefing at which those changes were announced, but separately leaked to the press this week, were the government's plans to introduce mandatory data retention requirements for Australian Internet Service Providers (ISPs).

These changes are causing an outcry from privacy advocates and political parties alike. And they should.

The new measures remain shrouded in confusion—some of which is coming from its very proponents. There have been conflicting reports about whether users' browser history would be hoovered up by the new surveillance laws. And in a now infamous interview, Attorney General George Brandis struggled to explain how retaining the addresses of websites visited was different than determining what content users were viewing. Prime Minster Tony Abbott also attempted and failed to make the same distinction two days later.

The government has attempted to clarify, emphasizing that the data retained would include the IP addresses of websites visited, as well as the times and durations of visits. Also included would be senders' and recipients' email addresses, IP addresses assigned to users, as well as details of phone calls such as caller and recipient numbers, caller location and duration.

This is still an extraordinary amount of information. And EFF has previously explained why metadata matters at least as much as the content of communications. Users can take no solace in the fact that content is not being collected. As former National Security Agency General Counsel Stu Baker said: “metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.” Metadata includes information like who your contacts are, where and when you go online, and websites that you may legally visit that might be politically subversive, iconoclastic, or simply your own private business. But as a Stanford study earlier this year demonstrated, it can also reveal “medical conditions, firearm ownership, and more.”

So how is the government spinning this? One rationale for data retention sometimes heard in this debate is that ISPs collect some of this metadata already anyway for technical and billing purposes. But this rationale falls short—under Australian privacy law they are not permitted to collect personal data that they do not need, nor are they permitted to retain it for longer than they need it for the purpose of collection. That would all change under this new proposal, which may help explain why ISPs are expressing concerns and confusion about the potential mandate.

Although threatening, the proposal is not exactly new. Most recently it resurrects the subject of a 2012 discussion paper that recommended that ISPs be required to maintain the metadata of users for two years. At the time, a member of the current government, who was then in opposition, likened proposals for data retention to Gestapo tactics, and they were eventually dropped into the lead-up to the 2013 general election.

So if the proposals wouldn't fly in 2012 under the previous government, why now—particularly in light of leaked documents from Edward Snowden that show the role Australia has played in the NSA's invasive surveillance? The Prime Minister himself admits that the terrorist threat has not changed. Yet in a replay of the rushed introduction of similar laws in the United Kingdom last month, the new proposal could become law as soon as next month, before it has even been tabled for consideration of the Cabinet.

It appears the government is attempting to manipulate allegations of Australian citizens' involvement in terrorist activities overseas, to justify a much broader and more intrusive domestic surveillance regime. It's a cynical move, and one that the Australian public should not stand for.

Related Issues: InternationalMandatory Data Retention
Share this:   ||  Join EFF
Categories: Aggregated News

Dear FCC: Get Out of D.C. and Talk to the Over 1 Million Americans Who Support Real Net Neutrality - Sat, 09/08/2014 - 04:08

The FCC is slated to close the written comment window for the net neutrality proceeding on September 10th, but that doesn’t mean that the FCC is going to make up its mind anytime soon. In fact, it doesn’t even mean that the FCC will be done hearing from the public. Technically, the public can continue to comment, and the FCC, if it decides to do so, can continue to listen to Americans who speak out against proposed rules that would allow Internet providers to discriminate against how we access parts of the Net.

This is about the future of our Internet. It’s a big deal and the FCC should treat it as such by holding public hearings in geographically diverse locations around the country to hear directly from Americans who will be affected by the Commission’s net neutrality decision.

The FCC has held public hearings before. In 2007, the Commission hosted a series of events, in places like Nashville, Los Angeles, and Tampa, to discuss how new rules about media consolidation would effect the information needs of Americans.  Thousands of individuals spoke out, standing in line to testify in person, share stories, and build a robust public record that undeniably demonstrated the interest of the public. It’s time to do that again.

Filing a comment with the FCC is largely done via webforms on advocacy sites, like EFF’s own While online comments are a wonderful way to participate, we believe the Commission would greatly benefit from hosting public meetings to hear directly from the vibrant and richly diverse American public. If anyone can tell the FCC what is right and what is wrong with a potential rule set that would allow Internet providers to offer pay-to-play service for certain websites, it will be the students, entrepreneurs, artists, public safety officials, and everyday people for whom the Internet is a vital tool.

While written comments can be powerful, on an issue as important as this one, the Commission should listen to the voices of people who would stand up at a meeting, tell their stories and share their concerns about the future of the Internet. It’s time for the FCC to put faces to the over one million who have written to the Commission to speak out in defense of a neutral net.

So join us in calling for field hearings after the written comment period closes in September. And don’t forget to take action and get your comments into the FCC before September 10th. Now is the time to speak up. Let’s make sure the FCC listens.

Related Issues: Net Neutrality
Share this:   ||  Join EFF
Categories: Aggregated News



Advertise here!

Syndicate content
All content and comments posted are owned and © by the Author and/or Poster.
Web site Copyright © 1995 - 2007 Clemens Vermeulen, Cairns - All Rights Reserved
Drupal design and maintenance by Clemens Vermeulen Drupal theme by Kiwi Themes.