A proposal to rewrite parts of copyright law being pushed by the U.S. Patent and Trademark Office would create new restrictions for filmmakers, journalists, and others using recordings of audiovisual performances. Against the background of the the Next Great Copyright Act lurching forward and the Copyright Office convening a new series of roundtables on the Digital Millennium Copyright Act, few have noticed the USPTO push happening now. But these proposals are a classic instance of copyright creep and are dangerous for users, creators, and service providers alike.
The root of this effort is a new international treaty, adopted by WIPO in 2012, that promised to add another layer of legal restrictions on audiovisual performances by giving the performers—actors, musicians, dancers and others—a new veto power over the use of recordings via a copyright-ish right in their performance. At the time, supporters of the treaty (called the Beijing Treaty) insisted it would require only “technical” amendments to U.S. law. Now we are seeing what those “technical” amendments might look like, and it’s not pretty.
In draft legislation submitted to Vice President Joe Biden (in his capacity as President of the Senate), the USPTO proposes that U.S. anti-bootlegging law, which currently applies only to live musical performances, be revised to include all audiovisual “performances.” In addition, the legislation would impose a term limit of 95 years (right now there’s no term limit in the anti-bootlegging law) and clarify that performers’ legal rights are subject to the limitations of the fair use doctrine as well as exceptions for libraries and archives.
There are many problems with this plan. Here are a few:
- Definitions: The definition of “performance” is unclear. Does it include lectures? Political speeches? An a cappella group singing a song that’s in the public domain? A flash mob? This matters a lot, especially for the professional and amateur creators and journalists who will need to obtain a license to capture and share any of these activities, and the even larger group of users who might want to repurpose that material.
- Term: 95 years? Really? Admittedly, that’s better than no term at all, but even better would be, say, 14 years—or even the 50 years term that seems to be contemplated in the Treaty.
- Damages: The current anti-bootlegging statute says that violators are subject to the same penalties as copyright infringers. Depending on that language is interpreted, anyone who records and shares a “performance” and doesn’t get consent from the performer could be on the hook for up to $150,000 (or more depending on how damages are calculated, another messy question) and potentially attorneys’ fees as well.
- Safe Harbors: Currently, it is unclear at best whether the DMCA safe harbors apply to bootlegging claims. That means service providers will worry that any content they host or transmit could subject them to secondary liability if, as will often be the case, the user did not (1) guess correctly about what kinds of consent might be necessary; and (2) obtain that consent.
- Potential for abuse: But even if a court concluded that Section 512 applies to these new rights, we have a decade of experience to show that the Section 512 takedown process will be abused to take down lawful content.
- What about other limitations? It’s great that the our bootlegging provisions will now be explicitly subject to fair use and the library exceptions. But what about the many other limits on the reach of copyrights? Why not import them all?
- Deception: Trade deal supporters often insist that trade agreements involving IP won’t require changes to US law, or only minimal changes. This proposal should serve as a useful demonstration, if such a demonstration were needed, that we can’t trust such claims.
In other words: this is a dangerous proposal. Performers (or, in many cases, the companies to which they transfer their rights) could create new roadblocks to the creation of parodies, mash-ups or new versions of their performances, independent of copyright. It would further complicate the process of clearing rights to audiovisual works, and cast a new legal cloud of uncertainty over the activities of creators, producers, and journalists who build on audiovisual works in compliance with copyright law.
Indeed, we had a perfect example of what’s potentially at stake here less than two years ago, in the infamous case of Garcia v. Google, Inc. The case involved a controversial video—the notorious "Innocence of Muslims" trailer—that was also the center of a political controversy. Actor Cindy Lee Garcia, who appears in the film for five seconds, insisted she has a copyright interest in her performance and, based on that interest, claimed to have a right to have the video taken offline. After Google rejected her DMCA notice, she filed a lawsuit. The Ninth Circuit Court of Appeals ordered Google to take the video down, and keep it down on all of its platforms, effectively editing the online historical record.
After months of legal wrangling—and thousands of pages of briefing from journalists, civil liberties’ groups (including EFF) and service providers—the order was rescinded. But Judge Alex Kozinski wrote a spirited dissent pointing to the Beijing Treaty and concluding it would require recognition of Garcia’s claim.
Garcia v. Google was an object lesson in the power of copyright claims to undermine political debate and expression. We should learn from it. This proposed legislation is a mess that could wreak havoc on our already skewed copyright regime. It needs to be challenged, now, before it goes any further.
We can act today to tell Congress to reject this fundamentally flawed proposal. Write your members of Congress today and urge them to oppose it.Garcia v. Google, Inc
Share this: Join EFF
Confiamos as nossas informações mais sensíveis, privadas e pessoais às empresas que nos fornecem acceso à Internet. Coletivamente, essas empresas estão cientes das conversas online, dos comportamentos, e até das localizações de quase qualquer usuário da Internet. À medida que o público brasileiro vai conhecendo essa realidade, os usuários brasileiros da Internet ficam, com razão, preocupados com a questão da disposição das empresas em assumir uma posição a favor da privacidade e da proteção dos dados. É por isso que o InternetLab, um dos principais centros independentes de pesquisa de política de Internet no Brasil, avaliou as principais empresas brasileiras de telecomunicações, com o propósito de analisar seu compromisso com a privacidade do usuário em face de pedidos governamentais.
O relatório do InternetLab “Quem defende seus dados?” pretende criar um “nivelamento por cima”, incentivando as empresas a competirem pelos usuários com base na sua disposição de defender a privacidade e a proteção dos dados do usuário sempre que for possível. Lançado hoje em São Paulo, Brasil, o “Quem defende seus dados?” é inspirado pelo projeto da EFF “Who Has Your Back”, dos Estados Unidos, criado em colaboração com nosso equipe. O InternetLab desenvolveu sua própria metodologia brasileira para considerar as realidades sociais e legais no Brasil. “Quem defende seus dados?” avalia as práticas e os compromissos públicos das oito maiores empresas de telecomunicações e Internet móvel no Brasil: Claro, Net, Oi-Banda Larga Fixa, Oi móvel, TIM, Vivo-Banda Larga Fixa, Vivo Móvel e GVT.
O relatório incentiva a transparência e as melhores práticas no campo da privacidade e proteção de dados, dando poder ao usuário da Internet sobre suas escolhas como consumidor de serviços. O InternetLab selecionou empresas que, conforme dados da Anatel, proporcionam pelo menos 10% de todos os serviços de acesso à Internet no Brasil — por serviço fixo de banda larga ou por infraestrutura móvel. Esse critério garantiu que o relatório cubra mais de 90% das conexões móveis e de banda larga no Brasil.A Metodologia “Quem defende seus dados?” pretende incentivar as empresas a adotarem melhores práticas, atribuindo estrelas pela conformidade com critérios específicos de privacidade. O InternetLab preparou as categorias e os parâmetros de avaliação baseados no seguinte:
- compromisso público com cumprimento da lei;
- adoção de práticas e políticas a favor do usuário, e
- transparência sobre suas práticas e políticas.
Cada empresas foi avaliada em seis categorias:
- Informações sobre processamento de dados:o provedor oferece informações claras e completas sobre suas práticas de processamento de dados?
- Informações sobre divulgação de dados às autoridades governamentais: o provedor se comprometee a divulgar informações de conta apenas às autoridades governamentais competentes? O provedor se compremete, ainda, a divulgar os registros de conexão apenas mediante ordem judicial?
- Defesa da privacidade nos tribunais: O provedor já disputou na Justiça pedidos abusivos ou normas legais que considera prejudiciais à privacidade dos usuários?
- Participação pública a favor da privacidade: o provedor já participou dos debates públicos sobre projetos de lei e políticas públicas que possam afetar a privacidade, e defendeu projetos que pretendem promever a privacidade?
- Relatórios de transparência: A empresa publica relatórios de transparência contendo a quantidade de pedidos governamentais pelos dados dos usuários e a frequência de cumprimento pela empresa com tais pedidos?
- CATEGORIA DE BÔNUS - Notificação ao usuário: A empresa avisa o usuário dos pedidos governamentais?
A explicação completa de cada categoria encontra-se no site do InternetLab: http://quemdefendeseusdados.org.br/
As empresas tiveram a oportunidade de responder um questionário, de participar de uma entrevista privada, e de enviar quaisquer informações adicionais que achassem relevantes. Todas as informações que resultaram desses procedimentos foram incorporadas no relatório. Essa abordagem é baseada no trabalho prévio da EFF no projeto "Who Has Your Back?", embora as perguntas específicas na pesquisa do InternetLab tenham sido adaptadas ao contexto legal e social brasileiro.Os Resultados
Os resultados indicam que ainda há oportunidadas amplas de melhoria no ámbito da proteção da privacidade do usuário pelos provedores brasileiros. Em geral, os contratos e documentos disponíveis aos usuário são genéricos e não oferecem explicações claras sobre as práticas e circunstâncias nas quais dados podem ser fornecidos às autoridades. Quanto à defesa da privacidade nos tribunais, a maioria dos provedores parece ter tomado medidas para questionar a legislação ou práticas governamentais, mas ainda há muito a se fazer: a TIM foi a única empresa que forneceu evidências de que eles questionaram os pedidos abusivos perante o Poder Judiciário. Quando ao compromisso público com a privacidade, em particular durante as consultas públicas recentes sobre o anteprojeto de lei de proteção de dados pessoais e o Marco Civil da Internet, empresas como a GVT e a Oi parecem ter perdido completamente a oportunidade de defender a privacidade dos usuários. Os resultados também mostram a necessidade de continuar a trabalhar pela transparência: nenhum dos provedores publica relatórios de transparência ou adota políticas de notificação que criem a oportunidade para o usuário defender seus dados. A notificação é imprescrendível para a possibilidade de questionar o pedido ou de buscar outro remédio. Entre as seis categorias, a TIM ganhou o número maior (2 e 3/4) de estrelas e a Oi o número menor (meia estrela).
Para os próximos anos e avaliações, o InternetLab pede aos provedores que se dediquem mais ao comunicarem suas práticas e políticas, ao proporcionarem informações claras aos usuários sobre o tratamento de dados pessoais e registros de conexão, como pedido pelo Marco Civil da Internet, e ao lidar com as ordens judiciais e os pedidos de autoridades administrativos. Também encorajamos os provedores a mostrarem em público como defendem a privacidade, fazendo comunicados de imprensa sobre processos quem questionam a legisação ou pedidos abusivos. Por último, esperamos que os provedores façam um compromisso mais forte com a transparência e incluam informações sobre pedidos de dados em relatórios de transparência.Próximos Passos no Brasil e no Exterior
O InternetLab espera atualizar esse relatório anualmente para incentivar as empresas a melhorarem a transparência e a protegerem os dados pessoais. Assim, todo brasileiro terá acesso a informações sobre o uso e proteção de dados pessoas, e poderá tomar decisões melhor informadas. Esperamos que mais estrelas brilhem no relatório do ano próximo.
Em 2015, a EFF colaborou com ONGs de direitos digitais ao redor da América Latina para apoiar cada país na elaboração de seus próprios relatórios sobre práticas de empresas de telecomunicações. Esses relatórios têm sido publicados pela Fundação Karisma na Colômbia, pela Hiperderecho no Peru, e pela Red en Defensa de los Derechos Digitales no México. A Derechos Digitales no Chile e a TEDIC no Paraguai estão prepaando os seus relatórios para publicação. Cada ONG de direitos digitais pretende atualizar seu relatório anualmente, para incentivar as empresas a melhorarem a transparência e a protegerem os dados dos usuários, tentando criar um "nivelamento por cima" pela transparência e competição.
Em geral, as empresas da América Latina ainda têm muito a fazer para proteger os dados pessoais e serem transparentes sobre quem tem acesso a eles. Por exemplo, a subsidiária mexicana da America Movil, Telmex, publicou uma política de privacidade. Entretanto, a linguagem da política é obscura demais e não ganhou uma estrela. A Claro Colômbia publicou uma política de privacidade, mais foi difícil de encontrar e em grande parte só citou a legislação. No México, Iusacell, Movistar, Nextel e Telcel ganharam meia estrela cada uma, pela publicação de um relatório de transparência pela ANATEL (Asociación Nacional de Telecomunicaciones). Isso é um importante passo inicial. Entretanto, a subsidiária mexicana da America Movil, Telmex, não deu esse passo. Na Colômbia, nenhum dos provedores publicou um relatório de transparência.
Share this: Join EFF
We entrust our most sensitive, private, and personal information to the companies which provide us access to the Internet. Collectively, these companies are privy to the online conversations, behavior, and even the location of almost every Internet user. As this reality increasingly penetrates the Brazilian public consciousness, Brazilian Internet users are justifiably concerned about which companies are willing to take a stand for their privacy and protection of personal data. That is why InternetLab, one of the leading independent research centers on Internet policy in Brazil, has evaluated key Brazilian telecommunications companies’ policies to assess their commitment to user privacy when the government comes calling for their users' personal data.
Their report, “Quem defende seus dados?" ("Who Defends Your Data?"), seeks to create a “race to the top” by encouraging companies to compete for users on the basis of their willingness to stand up for their users’ privacy and data protection whenever possible. Launched today in São Paulo, Brazil, “Quem defende seus dados? is modeled after EFF's US project "Who Has Your Back," created in collaboration with our team. InternetLab has developed its own Brazilian methodology to address the social and legal realities in Brazil. The report promotes transparency and best practices in the field of privacy and data protection, empowering Internet users by educating them about their consumer choices.
“Quem defende seus dados?" assessed the practices and public commitments of the eight largest Brazilian telecommunication and mobile Internet companies: Claro, Net, Oi-Banda Larga Fixa, Oi móvel, TIM, Vivo-Banda Larga Fixa, Vivo Móvel, GVT. InternetLab selected companies that, according to data released by the Brazilian National Telecommunications Agency, each held at least 10% of all Internet access in Brazil—either by fixed broadband or mobile infrastructure. This threshold ensured that the report covered over 90% of mobile and broadband Internet connections in Brazil.The Methodology
“Quem defende seus dados?" is designed to incentivize companies to adopt best practices by awarding stars for compliance with specific user privacy criteria. InternetLab prepared the evaluation categories and parameters based on the following:
- public commitment to compliance with the law;
- adoption of pro-user practices and policies, and
- transparency about practices and policies.
- Information about data processing: Does the ISP provide clear and complete information about data protection practices?
- Information about data disclosure to government authorities: Does the ISP commit to disclosing account information only to competent administrative authorities? Does it commit to provide connection logs only upon a court order?
- Defense of users’ privacy in the courts: Has the ISP judicially challenged abusive data requests or legislation that it considers harmful to user privacy?
- Pro-user privacy public engagement: Has the ISP engaged in public debates about bills and public policies that may affect user privacy and defended projects that aim to advance privacy?
- Transparency reports about data requests: Does the company publish transparency reports containing the quantity of government user data requests and the frequency of company compliance with these requests?
- BONUS CATEGORY - User notification: Does the company notify the user about data requests by the government?
You can read the full explanation of each category on InternetLab's site: http://quemdefendeseusdados.org.br/
The companies were given the opportunity to answer a questionnaire, to take part in a private interview, and to send any additional information they felt appropriate, all of which was incorporated into the final report. This approach is based on EFF’s earlier work with "Who Has Your Back?" in the US, although the specific questions in InternetLab’s study were adapted to match Brazil’s legal environment.The Results
The results show that there is still a lot of room for improvement when it comes to ISPs standing up for user's privacy in Brazil. In general, the contracts and documents which are available to the users are generic and do not provide clear information about practices and circumstances under which user data may be turned over to law enforcement. When it comes to defending user's privacy in court, most of the ISPs seem to have taken steps to challenge laws or question law enforcement practices but there is still much more to be done: TIM was the only company providing evidence that they have challenged abusive requests in court. In terms of taking pro-user privacy public stances, particularly in the recent public consultations regarding the Data Protection Draft Bill and Marco Civil da Internet, companies like GVT and Oi seem to have completely missed the opportunity to stand up for user privacy. The results also indicate a need to work on transparency: none of the ISPs publish transparency reports providing information about data requests or adopt notification policies, giving the user an opportunity to defend the privacy of his/her data. Notification is essential for users to challenge data requests or seek other remedies. Out of the six evaluation categories, TIM earned the most stars (2 and 3/4) and Oi the least (half a star).
For subsequent years and evaluations, InternetLab urges the ISPs to do a better job at communicating their practices and policies, providing users with clear information about the treatment given to personal data and connection logs, as requested by the Marco Civil da Internet, and the ways they deal with court orders and requests from administrative authorities. We also encourage ISPs to be more vocal about their work in standing up for privacy, publishing press releases and other materials about lawsuits challenging laws and abusive requests. Finally, we hope ISPs make a stronger commitment to transparency and include information about data requests in transparency reports.Moving Forward in Brazil and Abroad
InternetLab expects to release this report annually to incentivize companies to improve transparency and protect users' personal data. This way, all Brazilians will have access to information about how their personal data is used and how it is controlled by ISPs so they can make smarter consumer decisions. We hope the report will shine with more stars next year.
In 2015, EFF joined forces with digital rights groups in Latin America to provide support to each country in releasing its own reports on telecommunication companies' practices. Those reports have now been published by Karisma Foundation in Colombia, Hiperderecho in Peru, and Red en Defensa de los Derechos Digitales in Mexico. Derechos Digitales in Chile and TEDIC in Paraguay are preparing reports for publication. Each digital rights organization also expects to release a report annually.
Share this: Join EFF
Thanks to EFF and the ACLU, the government has finally admitted it secretly used a Stingray to locate a defendant in a Wisconsin criminal case, United States v. Damian Patrick. Amazingly, the government didn’t disclose this fact to the defendant—or the court—until we raised it in an amicus brief we filed in the case. In the government’s brief, filed late last week, it not only fails to acknowledge the impact of hiding this fact from the defendant but also claims its warrantless real-time location tracking didn’t violate the Fourth Amendment.
We first learned about this case when it was already on appeal to the Seventh Circuit Court of Appeals and filed an amicus brief arguing the Fourth Amendment protects all of us from warrantless, real-time location tracking. The government suggested to both Patrick and the trial court that it had relied on location information obtained directly from Sprint. However, we suspected they had instead used a Stingray.Stingrays Allow Indiscriminate Dragnet Searches of All Cell Phones in an Area
Stingrays, otherwise known as cell-site simulators, act as a fake cell-phone tower. They can be small enough to fit in a car and allow the government to direct all cell phones in the area to connect to it instead of the real tower. In doing so, the government can get a very precise picture of exactly where those phones are located—much more precise than many other types of location tracking technologies.
Stingrays are especially pernicious surveillance tools because they collect information on every single phone in a given area—not just the suspect’s phone—this means they allow the police to conduct indiscriminate, dragnet searches—in some cases on up to 10,000 phones at one time. They are also able to locate people inside traditionally-protected private spaces like homes, doctors’ offices, or places of worship and can be configured to capture the content of communications.The Milwaukee Police Department Tried to Hide its Use of a Stingray
In this case, the police first told Patrick they’d relied on “information obtained from an anonymous source” to find him sitting in the passenger seat of a car parked in an alley in Milwaukee. It wasn’t until six months after his arrest that they revealed they’d tracked him through his cell phone, and even then they implied they’d gotten location information directly from the cell phone service provider. The government never got a search warrant to use any kind of technology to find Patrick in real time.
As we’ve seen in other cases involving Stingrays, the government did everything it could in this case to hide the fact that it used a Stingray—from the court that issued the pen register/trap and trace order, the court that heard Patrick’s motion to suppress the evidence, and even from Patrick, himself. In police reports, the officers said only that they “‘obtained information’ of Patrick’s location; . . . had ‘prior knowledge’ that Patrick was occupying the vehicle; . . . [and] ‘obtained information from an unknown source’ that Patrick was inside the vehicle at that location.” And even at an evidentiary hearing where officers admitted to cellphone tracking, they would only acknowledge, cryptically, that they’d received “electronic information” confirming Patrick was in the vehicle. When Patrick’s attorney asked what “electronic information” meant, the officer on the stand would say only that it involved “tracking [a] cell phone.” The judge cut off any further questioning at that point.
Luckily, in our amicus brief we were able to point the court to Milwaukee Police Department logs showing the police had used a Stingray on the very same day Patrick was arrested, under strikingly similar circumstances.1 We also directed the court to a non-disclosure agreement, which the Milwaukee police signed just months before Patrick was arrested. In this standard FBI-issued NDA, signed by many other state and local agencies across the country, the police department agreed not to tell anyone (even the judge) in any civil or criminal proceeding that it had used a Stingray. It also agreed to dismiss any case—at the FBI’s request—if the court tried to force it to reveal anything about the device.
Once we presented these facts to the appellate court, the government finally admitted it used a Stingray but would not concede this should have any impact on the legal analysis in this case. In a footnote to the brief the government filed last week, it even appeared to blame Patrick for failing to raise this at the trial court.The Government Admits it Needs a Probable Cause Warrant to Conduct Real-Time Location Tracking
Interestingly, even though the government doesn’t think it’s secret use of a Stingray impacts this case, it admits that using technology to track someone’s location in real time (whether through location information obtained from the phone company or by using a Stingray) is a “search” for Fourth Amendment purposes. It also admits it needs probable cause and a search warrant to legally execute such a search. This appears to be the first time the government has admitted these things in an appellate case.
But the government also argues it didn’t violate the Fourth Amendment in this case because it actually got a warrant—or maybe, in the alternative, the equivalent of a warrant (the police had a warrant to arrest (not search) Patrick and a court order (not a search warrant) to track Patrick’s phone). In a confusing and somewhat circular argument, the government asserts that because it submitted a “sworn affidavit” in support of its request for the pen/trap order, the order must have actually been a search warrant—if it hadn’t been a warrant, then it “wouldn’t have needed a finding of probable cause, which it contained.”The Seventh Circuit Should Follow Maryland and Find Secret, Warrantless Stingray Use Unconstitutional
It’s now up to the Seventh Circuit to try to make sense of this argument (or maybe just to send the case back to the trial court for a new trial). If the appellate court decides to take this issue on, we hope it follows a recent Maryland appellate decision, State of Maryland v. Andrews (another case where we were amicus), where the court held unanimously that the Baltimore Police Department’s very similar secretive behavior and failure to get a search warrant before using a Stingray violated the defendant’s constitutional rights. Andrews is the first appellate decision that we know of where a court has ever looked at police use of a Stingray. We hope it sets a very persuasive precedent to all courts that secret, warrantless Stingray use violates the Fourth Amendment.
- 1. Huge thanks to privacy advocate and EFF friend Mike Katz-Lacabe for obtaining this information under Wisconsin’s public records statutes and sharing it with EFF and ACLU!
Share this: Join EFF
We're excited to welcome to EFF the newest member of our tech operations team, Rocket Lee. Rocket comes to EFF with deep and wide ranging experience, and said after joining the team, "I'm really excited to be part of the Tech Ops team… contributing to help make everything run smoothly."
Rocket's experience spans several disciplines. They studied game design in grad school at MIT through the Comparative Media Studies program and designed a thesis project entailing a seven-day alternate reality game for 15 players called Civilité based on The Count of Monte Cristo by Alexander Dumas.
In addition to their work on design and gaming, Rocket's personal interests include a dedication to worker cooperatives and the transformative ownership and participation they can enable. Beyond researching and promoting co-ops, Rocket has also helped build a few in practice, including web design & development consultancies Small Multiples and Quilted, and Out of Order Games, where they work with colleagues on innovative games. Their latest project is the groundbreaking board game, "Bloc by Bloc: the Insurrection Game."
Rocket brings formidable new skills to the Tech Ops team, citing EFF's projects as a reason they grew inspired to join the team. "There are very few other organizations I'd feel comfortable working at because very few share my values."
Share this: Join EFF
EFF to FCC: Consumers Need Strong ‘Unlock the Box’ Rules That Bring Competition, Innovation to Set-Top Boxes
Washington, D.C.—The Electronic Frontier Foundation (EFF) urged the Federal Communications Commission (FCC) to adopt robust, consumer-friendly “Unlock the Box” rules that will give Americans access to more innovative, useful, and creative devices and software for watching pay cable and satellite television.
The FCC’s proposed “Unlock the Box” rules will allow any manufacturer to create and market devices or apps that will connect consumers to their cable or satellite TV feeds. The proposal will lead to a new generation of navigation devices that let viewers search and play shows on cable, online services, or over-the-air broadcasts from a single clicker, app, or box.
“Unlock the Box” is a long-overdue effort to open up the closed world of TV set-top boxes to competition. For decades pay-TV customers have had no choice but to rent set-top boxes—and while the cost of the TVs and computers they use for viewing has dropped by 90 percent, the cost of cable set-top boxes that often contain three-generations-old technology have risen 185 percent. Recently, some pay-TV companies have begun making some programming available through apps on other devices, but they remain in complete control of the design and function of those apps, while competitors are locked out.
In comments to the FCC today, EFF urged adoption of “Unlock the Box” rules that maintain user privacy, allow testing by security researchers, and steer clear of loopholes that would enable cable and satellite TV companies to use copyright and other laws to maintain control over consumer devices for navigating TV viewing.
“Clunky, technologically-backwards rental set-top boxes that cost consumers an average of $231 a year and earn billions for cable companies are a frozen artifact of a bygone era. A handful of companies now maintain a monopoly over how consumers access the programming they pay for,’’ said EFF Senior Staff Attorney Mitch Stoltz. “Competition will drive innovation in features and allow consumers to vote with their dollars for devices that are easier to use, have more sophisticated search functions, and integrate multiple sources of programming.”
Cable and satellite companies, movie studios and other major media companies allege “Unlock the Box” rules will lead to unauthorized access to their content, and that building tools for finding and viewing TV content should require permission.
This is nonsense, EFF told the FCC today. The proposed rules don’t permit consumers to access content they haven’t paid for or authorize copying or distribution of TV programming. Copyright laws don’t give rightsholders the power to control the features of your home video devices, or to dictate how you can find and watch the programming that you pay for.
EFF is also urging the FCC to ensure that manufactures of new navigation tools are subject to strong privacy standards that will give consumers the same protections they currently have. EFF warned against giving cable and satellite TV companies authority to decide which devices comply with consumer protection rules—this would only give them another opportunity to attempt to control the device market or exclude competition.
“Consumers need privacy protections, and while competitive device makers aren’t subject to FCC regulations we believe they should be subject to the same legal standards for privacy as cable and satellite TV companies,” said EFF Senior Staff Attorney Lee Tien. “For too long every effort to improve the pay-TV experience for consumers has been derailed by companies that control set-top boxes. If ‘Unlock the Box’ rules are implemented, consumers will be the winners.”Contact: MitchStoltzSenior Staff Attorneymitch@eff.org LeeTienSenior Staff Attorney and Adams Chair for Internet Rightslee@eff.org
Share this: Join EFF
The Let's Encrypt certificate authority issued its two millionth certificate on Thursday, less than two months after the millionth certificate. As we noted when the millionth certificate was issued, each certificate can cover several web sites, so the certificates Let's Encrypt has issued are already protecting millions and millions of sites.Let's Encrypt certificates issued by date
This rapid adoption has made Let's Encrypt one of the world's largest public certificate authorities by number of certificates issued, and almost all of them are protecting domains that never supported HTTPS before. The Internet needs to migrate away from the insecure HTTP protocol, and we're very pleased to be helping to make that possible.
This milestone has arrived shortly after the Let's Encrypt CA service left beta status (we still consider the Python client to be in beta, and that will probably continue for another few months). Let's Encrypt is steadily helping to make HTTPS encryption more and more conveniently available to everyone, across the entire Web.
EFF co-founded the Let's Encrypt CA with Mozilla and researchers from the University of Michigan. Akamai and Cisco joined the project as founding sponsors, and many other organizations have stepped up to sponsor the project since launch. If you'd like to help, you can donate to EFF or ISRG, or if you're a coder, help us to improve the server or client software.
And if you're a web hosting company, web platform provider, or content delivery network, why not help us get to three million certificates sooner by integrating Let's Encrypt with your services and offering HTTPS to all of your users?
Share this: Join EFF
Defenders of the NSA's mass spying have lost an important talking point: that the erosion of our privacy and associational rights is justified given the focus of surveillance efforts on combating terrorism and protecting the national security. That argument has always been dubious for a number of reasons. But after a November 2015 ruling [.pdf] by the secretive Foreign Intelligence Surveillance Court (FISC) was unsealed this week, it's lost another chunk of its credibility. The ruling confirms that NSA's warrantless spying has been formally approved for use in general criminal investigations. The national security justification has been entirely blown.
That's because the secret court, over the objection of its hand-selected amicus, determined that once information is collected by the NSA for "foreign intelligence" purposes under section 702 of the FISA Amendments Act, that information can be searched by the FBI for regular criminal investigations without any need for a warrant or prior court oversight. Although the FISC has signed off on the FBI's procedures claiming this authority for years, this ruling from late 2015 may be the first time the FISC has actually considered their legality.
Section 702 is the law that the government uses to conduct two massive NSA programs: access to communications as they travel the Internet backbone (called Upstream) and access to communications stored with service providers like Google and Facebook (called Prism).
According to this ruling, communications like email and Facebook posts collected by the government under the broad authority of section 702 that the FBI has access to—including all "raw" Prism data—can be mined for any "evidence of a crime" and used against you, even if you're inside the United States.
The amicus appointed by the FISC, Amy Jeffress a former DOJ attorney, argued:
the FBI may query the data using U.S. person identifiers for the purposes of any criminal investigation or even an assessment. There is no requirement that the matter be a serious one, nor that it have any relation to national security...[T]hese practices do not comply with....the Fourth Amendment.
The FISC Court did not listen to its amicus. Instead it applied some faulty (not to mention scary) bootstrap reasoning.
The court questioned whether it's constitutional for the FBI to query NSA intelligence databases to find information to use against Americans in regular criminal investigations unrelated to national security. Government lawyers suggested that "targeting" and "minimization" procedures erase the harm that surveillance causes to Fourth Amendment principles, though we’ve explained why those procedures impose inadequate limits and allow unconstitutional spying to continue. We're also reminded of Justice Roberts' recent observation: "the Founders did not fight a revolution to gain the right to government agency protocols."
Nevertheless, the FISC court decided that, instead of determining whether the Fourth Amendment was violated by the specific use of NSA collected information against particular Americans in criminal investigations, it only had to determine whether the program "as a whole" violated the Fourth Amendment. To do that, it perverted a prior case decided by the FISA appeals court, called the FISCR.
That case, In Re Directives [.pdf], upheld national security surveillance as a "special need" not subject to the Fourth Amendment's normal warrant requirement, and reasonable specifically because this surveillance was not used for "garden-variety law enforcement." While we disagree with the In Re Directives case, it plainly rested its analysis on when "surveillance is conducted to obtain foreign intelligence for national security purposes."
But according to the FISC, that justification only applies at the time of initial collection (including the kind of massive overcollection that is occurring under 702) and can be completely abandoned once the government has its mitts on your communications.
The upshot is that the government needs a national security or foreign intelligence purpose only for the initial collection and analysis of information. Once it has communications in its custody, those limitations no longer apply and the government can troll through it for whatever law enforcement purpose it wants without having to worry about getting a pesky warrant.
Of course we know that the government has lost track of how many things are illegal. So it's open season.
This is a constitutional problem. Quite apart from the bait and switch opportunities it creates for the FBI, it's like saying it's OK for school officials to set up a drug testing program for non-law enforcement purposes, and then once it’s set up, they can completely abandon that purpose and start testing students to simply to put them in jail. Or that the government can set up a program to test pregnant women for drugs with a goal to get them into treatment, but also hand the information over to the police and use the threat of prosecution as additional leverage.
The Supreme Court rejected the latter scenario as unconstitutional in Ferguson v. City of Charleston in 2001. Other Supreme Court cases make clear that even holistic, programmatic assessments of Fourth Amendment "reasonableness"—like the one the FISC engages in here—must take into account the invasiveness of these programs. Searching vast databases containing the full content of emails and every website visited by nonsuspect Americans without a warrant is about as invasive as it gets.
This FISC decision is flawed for all of these reasons. But we won't get a chance to present those flaws to the court of appeals, much less the US Supreme Court, because in cases before the secret surveillance court only the government, not the amicus (or those of us whose communications are swept up in these massive programs) is allowed to appeal.
Still, two things are good about this decision. First, we know about it. Second, the court appointed an amicus who did try to get the court to recognize at least some of the Fourth Amendment problems with the government’s actions. Those are both new developments for the FISC, and both are due to parts of the USA Freedom Act that EFF championed.
We still have a long way to go, but without those sections of the law, we wouldn’t be able to raise our concerns here. Just as important, we wouldn’t be able to use this bad decision to educate Congress about yet another reason why it should let section 702 expire when it comes up for renewal in December 2017.
Share this: Join EFF
The Brazilian Chamber of Deputies is about to vote on seven bills that were introduced as part of a report by the Brazilian Parliamentary Commission of Inquiry on Cybercrimes (CPICIBER). Collectively, these bills would be disastrous for privacy and freedom of expression in Brazil. That's why EFF is joining a coalition of Brazilian civil society groups in opposing the bills. As the vote takes place on April 27, it's crucial that we voice our concerns to CPICIBER members now.
The CPICIBER was created in July 2015 by House President Eduardo Cunha as a request from Sibá Machado (PT). The CPICIBER was charged with investigating online crimes and their effects on the Brazilian economy and society. The CPICIBER worked from August 2015 to April 2016 and published a report with an analysis of how Brazil is dealing with a high number of crimes against the financial system and the increase in racist messages online. The report provides recommendations for how the country should respond to the threat of online crime. Although many stakeholders participated in the CPICIBER hearings, the report ultimately gave in to excessive panic about the Internet. The final proposals represent a range of repressive measures that trample on free expression and privacy rights.
Along with our partners at ARTIGO19, Access Now, Coding Rights, Intervozes and Instituto Beta, The Electronic Frontier Foundation urges everyone to tell members of the CPICIBER to oppose these draconian bills:
The bills proposed by the CPICIBER contain alarming proposals such as:
- Allowing police warrantless access to IP addresses;
- Requiring sites and apps to monitor content to prevent new sharing of materials already deemed offensive by court decision;
- Criminalizing improper computer system access that presents a “risk of misuse or disclosure” of data, even if no actual misuse or disclosure occurs—broad and vague terms that also apply to actions with no criminal intent, jeopardizing legitimate security research that might never be done if obtaining prior permission were a legal requirement;
- Allowing judges, in direct violation of net neutrality rules, to block sites and applications that are used for criminal purposes or that don’t comply with demands for user information.
As the CPICIBER will be discussing this proposed legislation, it is important for Brazilians to keep the pressure on! The fight against cybercrime must not threaten the Brazilian Marco Civil da Internet (the 2014 law that protects certain Internet freedoms), let alone the Brazilian Constitution!
The proposed bills roll back existing safeguards for freedom of expression and privacy online and could be disastrous for the future of the Internet in Brazil. In the words of Instituto Beta Executive Director Paulo Rená:
After dozens of public hearings, a report was presented with seven draft bills and more than a handful of serious threats to fundamental human rights protection in the digital realm. In particular, it undermines some of the core guarantees of Marco Civil da Internet.
Jamila Venturini, researcher at the Center for Technology and Society at FGV Law School in Rio, continued:
The writing in some of the proposed bills is ambiguous and may legitimize abuses to the principle of net neutrality and the protection of freedom of expression and privacy online. This represents a setback to the guarantees granted to Internet users by the Marco Civil da Internet, ignoring the long and open process of discussions that led to its approval in 2014 and going against some of the main international human rights guidelines.
Lucas Texeira, Technical Director, Coding Rights:
In a world where the divide between online and offline gets more blurred every day, Brazilian people who care about openness and freedom should pay close attention to what is at stake here and engage in the debate. Various measures promoted by the CPICIBER report—such as warrantless access to IP addresses—put rights such as freedom of speech, privacy and self-determination in great peril, especially in Brazil, a country with such a high occurrence of police abuse against political activists, human rights defenders, journalists, and other vulnerable groups.
Veridiana Alimonti, coordinator of Intervozes:The bills would allow law enforcement to gather IP addresses without a warrant and would make standards for already-established crimes even more vague so that they may encompass conduct that is not necessarily illegal. Websites and apps would be compelled to monitor all published content, automatically taking down anything considered 'offensive.' ISPs would be required to monitor and block Internet applications that don’t cooperate with law enforcement, something that is already too often used disproportionately by the Judiciary. If these bills are passed, all users have the potential of being targeted as criminals by websites and ISPs. These online surveillance bills are an enormous threat to digital rights and great setback from what we achieved with ‘Marco Civil’ of the Internet!
Coding Rights, Instituto Beta, Intervozes: Considerações sobre a CPI de Crimes Cibernéticos
Share this: Join EFF
The federal district court in San Francisco in EFF’s National Security Letter (NSL) cases has unsealed its order from last month, which denies our clients’ long-running First Amendment challenges to the NSL statute.
This is the first public decision interpreting the NSL statute since it was amended last year by the USA FREEDOM Act, and unfortunately, it’s a disappointing one. Although the court previously found the statute unconstitutional, it held that Congress successfully addressed these problems by passing USA FREEDOM.
EFF and our clients disagree with this ruling, and we will be appealing it to the United States Court of Appeals for the Ninth Circuit.
How Did We Get Here?
NSLs are a form of government subpoena that allow the FBI to request basic subscriber information and toll billing records from wire and electronic communications providers. The NSL statute also allows the FBI to issue self-certified “non-disclosure orders” preventing recipients from even saying they have received an NSL. The self-certification means that a court does not review the FBI’s decision to send an NSL or to impose these gag orders in advance.
The government has issued hundreds of thousands of NSLs since 2001, nearly all of them accompanied by gag orders. But in spite of a documented history of abuse, NSLs have generated few legal challenges precisely because of the intimidating gag orders that accompany nearly every NSL.
EFF’s clients are two of the exceptions. We represent unnamed service providers—referred to by the court as Petitioner A and Petitioner B—who received several NSLs in 2011 and 2013 respectively. In response to an initial challenge by Petitioner A, the court in 2013 found that the NSL statute was unconstitutional because it allowed the FBI to prevent recipients from even stating that they had received an NSL.
In that 2013 decision, the court correctly recognized that because the government can silence recipients in advance, NSL gag orders are presumptively unconstitutional “prior restraints” under the First Amendment.
In order to constitutionally impose a prior restraint, the government must ensure that numerous safeguards apply, including prompt judicial review and a demonstration that a gag is actually necessary. In 2013, the court determined that the NSL statute failed on these fronts because it allowed the government to impose indefinite gags in every case, with no obligation for judicial review. Even when review did occur, the statute severely limited the court’s ability to weigh its necessity, in some cases simply forcing the court to uphold the gag based on an FBI official’s certification.
The government appealed the 2013 ruling to the United States Court of Appeals for the Ninth Circuit, which heard argument in October 2014. But before the appeals court could issue an opinion, Congress amended the NSL statute as part of USA FREEDOM. In light of these changes, the Ninth Circuit delayed issuing a definitive ruling and sent the case back to the district court. Now that court has ruled on the amended statute, and we’re once again headed to the Ninth Circuit. Our clients have been totally prevented from speaking about these NSLs for the entire time the case has been pending, as debates over the NSL power have continued in Congress and in the public.
Although USA FREEDOM introduced only superficial changes to the NSL statute, it satisfied the district court that the new NSL regime is constitutional.
The most notable change brought by USA FREEDOM is that the amended law makes official an FBI practice called “reciprocal notice,” adopted by the Bureau in response to a 2008 ruling by the Second Circuit in New York. Under the reciprocal notice procedure, the government goes to court to justify the gag order only if an NSL recipient notifies the FBI of its desire for judicial review in the first place.
But according to the Supreme Court’s decision in Freedman v. Maryland, that’s not enough. When the government imposes a prior restraint, it must bear the burden of immediately going to court and proving its necessity. Otherwise, in most cases speakers faced with the uphill battle of challenging an unconstitutional gag themselves will simply choose to comply. In the case of the new “reciprocal notice” requirement, the recipient still bears the burden of objecting to the gag order, which is enough to deter most recipients. Even when they do object, the statute does not require courts to rule promptly. As a result, the FBI’s decision to gag NSL recipients is a de facto permanent one in the vast majority of cases. The First Amendment does not allow such a censorship regime.
In its new order in our cases, the district court acknowledged that USA FREEDOM’s kludgy reciprocal notice procedure does not live up to the high First Amendment standards in Freedman, but it still called this new procedure good enough. That’s because the court agreed with the Second Circuit that NSLs are not “classic prior restraints” because they do not gag “those who customarily wish to exercise rights of free expression,” such as movie exhibitors and book publishers. This might have seemed plausible when the Second Circuit first wrote it in 2008, as it was less common for companies to speak publicly about government requests for customer information.
But these days, after the immense public debate caused by the Snowden revelations, service providers regularly publish transparency reports about government data requests, and companies like Apple, Microsoft and Google engage in public fights against overbroad requests and gag orders. Users are very concerned about the privacy and security of their data held by these companies. And contrary to the court’s assumption, many providers—like our clients—want to talk about these requests.
But even if it were true that gagged communications providers aren’t “classic speakers,” NSLs are classic prior restraints. The First Amendment has never reserved its highest speech protections for only the most talkative—just the opposite, in fact. Prior restraints arise when the government preemptively tells someone they cannot engage in speech, which is exactly what NSL gag orders do.
The court did, however, recognize that gag orders distort public discussion of NSLs, since recipients cannot identify themselves and discuss their experiences. Both Petitioner A and Petitioner B submitted declarations describing the ways in which they were barred from this debate, particularly surrounding the passage of USA FREEDOM itself.
A Silver Lining
Yet another of the numerous ways in which the amended NSL statute remains unconstitutional is its directive that a court should uphold an NSL gag order if the court finds “reason to believe” that harm “may result” if the recipient discloses the information in the NSLs. This fails to meet the First Amendment’s requirement that prior restraints be objectively and definitely “necessary” to prevent such harm. Again, in our case, the court determined that the highly deferential “may result” language in the statute was close enough.
But when it came to applying this low bar to one of the NSLs received by our client Petitioner A, the court found that the FBI could not justify the gag order. This means that the FBI’s one-sided, secret assertions that our client must be gagged in this case have now proven to be totally unsupported. If the government does not appeal this ruling, our client will be able to identify itself after many years of being gagged. It will also be able to reveal the contents of the NSL it received in this case, marking only the second time that the public has seen an unredacted NSL.
While this isn’t the complete invalidation of the statute we’d hoped for, it is a partial vindication of our clients’ fortitude in challenging these NSLs. We hope the Ninth Circuit will reverse the rest of the district court’s disappointing ruling.Related Cases: National Security Letters (NSLs)In re: National Security LetterIn re National Security Letter 2013 (13-80089)In re National Security Letter 2013 (13-1165)
Share this: Join EFF
San Francisco - A federal judge has unsealed her ruling that National Security Letter (NSL) provisions in federal law—as amended by the USA FREEDOM Act—don’t violate the Constitution. The ruling allows the FBI to continue to issue the letters with accompanying gag orders that silence anyone from disclosing they have received an NSL, often for years. The Electronic Frontier Foundation (EFF) represents two service providers in challenging the NSL statutes, who will appeal this decision to the United States Court of Appeals for the Ninth Circuit.
“Our heroic clients want to talk about the NSLs they received from the government, but they’ve been gagged—one of them since 2011,” said EFF Deputy Executive Director Kurt Opsahl. “This government silencing means the service providers cannot issue open and honest transparency reports and can’t share their experiences as part of the ongoing public debate over NSLs and their potential for abuse. Despite this setback, we will take this fight to the appeals court, again, to combat USA FREEDOM’s unconstitutional NSL provisions.”
This long-running battle started in 2011, after one of EFF’s clients challenged an NSL and the gag order it received. In 2013, U.S. District Court Judge Susan Illston issued a groundbreaking decision, ruling that the NSL power was unconstitutional. However, the government appealed, and the Ninth Circuit found that changes made by the USA FREEDOM Act passed by Congress last year required a new review by the District Court.
In the decision unsealed this week, the District Court found that the USA FREEDOM Act sufficiently addressed the facial constitutional problems with the NSL law. However, she also ruled that the FBI had failed to provide a sufficient justification for one of our client’s challenges to the NSLs. After reviewing the government’s justification, the court found no “reasonable likelihood that disclosure … would result in danger to the national security of the United States,” or other asserted dangers, and prohibited the government from enforcing that gag. However, the client still cannot identify itself because the court stayed this portion of the decision pending appeal.
“We are extremely disappointed that the superficial changes in the NSL statutes were determined to be good enough to meet the requirements of the First Amendment,” said EFF Staff Attorney Andrew Crocker. “NSL recipients still can be gagged at the FBI’s say-so, without any procedural protections, time limits or judicial oversight. This is a prior restraint on free speech, and it’s unconstitutional.”
The NSL statutes have been highly controversial since their use was expanded under the USA PATRIOT Act. With an NSL, the FBI—on its own, without any judge’s approval—can issue a secret letter to communications service providers, requiring the service to turn over subscriber and other basic non-content information about their customers. The gag orders that the FBI routinely issues along with an NSL have hampered discussion and debate about the process.
For the full unsealed order:
For more on National Security Letters:
Share this: Join EFF
Together with Public Knowledge and R Street, EFF filed an amicus brief today asking the Supreme Court to consider and overturn a troubling decision from the Federal Circuit. If allowed to stand, the lower court’s decision could undermine the right to use, resell, tinker with, and analyze the devices you own.
The case is called Impression Products, Inc. v. Lexmark International, Inc. and it concerns the arcane but important question of patent exhaustion. This is patent law’s version of “first sale,” the doctrine in copyright law that says that once a consumer buys a copy of a work, she owns it and can do what she wants with that copy. Patent law is similar. Once a patent owner sells a product, it cannot later claim that that product’s use or sale is infringing.
In its decision, the Federal Circuit made two important rulings. First, it said that as long as a sale is “restricted” (this could be as simple as a notice placed on disposable packaging), patent rights can be reserved by the patent owner and sale does not result in exhaustion. Second, the court ruled that an authorized sale overseas by the US patent owner does not exhaust US patent rights.
These twin rulings give patent owners a roadmap for undermining consumer ownership. As a consumer, you might not even know about what notices were placed on goods earlier in their ownership history. And because patent infringement generally does not require “intent,” you could find yourself liable for the use of goods that you purchased legally and that the patent owner has already been paid for.
Our brief explains that the Federal Circuit’s decision undermines centuries of law upholding the right of individuals to use and resell their possessions. Allowing patent owners to control goods even after sale harms liberty and autonomy. Patent owners like Lexmark (which tries to impose one-use-only limits on its ink cartridges) could try to restrict otherwise legal modifications, add-ons, resale, reverse-engineering, and security research. We hope the Supreme Court takes this case and restores our right to pwn the things we own.
Share this: Join EFF
A secretive trade agreement currently being negotiated behind closed doors could lay down new, inflexible copyright standards across the Asia-Pacific region. If you are thinking of the Trans-Pacific Partnership (TPP), think again—we're talking about the lesser-known Regional Comprehensive Economic Partnership (RCEP). While RCEP doesn't include the United States, it does include the two biggest Asian giants that the TPP omits—China and India. So while you won't read about it in the mainstream U.S. press, it's a very big deal indeed, and will assume even more importance should the TPP fail to pass Congress.
When we reviewed the first leaks of the RCEP's intellectual property chapter, they contained quite simply the worst provisions on copyright that we had ever seen in a trade agreement, but we also hoped that these extravagant claims put forward by Japan and South Korea did not represent anything like the final compromise text that would be likely to emerge. About one year later, how much closer towards that compromise have we advanced? Thanks to a more recent leaked version of the RCEP from Knowledge Ecology International (KEI), we can begin to answer that question. This post compares some of the pertinent provisions of RCEP to equivalent provisions of the TPP [PDF].Copyright Term
An important change from the previous leaked text, and an important distinction from the TPP, is that the current text of RCEP contains no requirement for countries to extend the copyright term beyond the minimum specified in the Berne Convention, which is usually the life of the author plus 50 years. This means that for countries that have not already extended their copyright term—and have not signed and ratified the TPP—RCEP would allow them to maintain their existing copyright term.Enforcement
RCEP's enforcement provisions and those of the TPP are uncomfortably close. The draft civil damages Article 9bis 2 of RCEP is close to a mirror of Article 18.74 of the TPP, in providing for courts to use measures such as lost profits and the market price or suggested retail price of goods in calculating damages for trademark or copyright infringement. Korea also proposes that each country should provide statutory damages in an amount sufficient to constitute a deterrent to future infringements.
Mirroring provisions found in Articles 18.74 and 18.77 of the TPP, Articles 9bis 6 and 9quater 6 of RCEP would allow courts to order the destruction not only of infringing goods, but also materials and implements used in their creation, such as servers used for hosting copyright-infringing files.
As in Article 18.77 of the TPP, Article 9quater 1 of RCEP would criminalize any copyright or trademark infringement that occurs on a “commercial scale”. By Article 9quinquies 5 of RCEP, the use of a recording device in a cinema is also made a criminal offense, apparently irrespective of any copyright exception such as fair use that could make that recording lawful.ISP Liability
The ISP liability provisions in Article 18.82 of the TPP are quite elaborate, in an apparent effort to push most countries towards a DMCA-like system of notice and takedown, while still accommodating those countries with existing systems that don't conform to this model. The equivalent provision of RCEP is stripped of most of this complexity, and simply provides that countries should adopt enforcement measures that “endeavor to apply to infringement of copyright or related rights over digital networks, which may include the unlawful use of means of widespread distribution for infringing purposes.”
Japan proposes a footnote that notes that this could be accomplished by means of a safe harbor regime that limits remedies against online service providers, while preserving legitimate interests of rights holders. However, the footnote does not specify the details of how such a regime should operate. This is both good and bad. It is certainly good that RCEP does not prescribe a single, inflexible model, such as notice and takedown. However, it also fails to require countries to protect Internet intermediaries from liability for their users' content.
Article 9quinquies 3, proposed by Korea, would also require parties to “take effective measures to curtail repetitive infringement of copyright and related rights on the Internet”—essentially suggesting something like a graduated response regime to warn and/or penalize Internet users who are suspected of copyright infringement. In tandem with this, the following Article would authorize either “competent authorities” (Japan) or “an administrative or judicial procedure” (Korea) to disclose personal information of alleged infringers to a rightsholder who claims infringement.DRM
The RCEP proposals on Digital Rights Management (DRM) in Article 2.3 are a little more flexible than the equivalent Article 18.68 of the TPP. While RCEP still requires legal protection and remedies against the circumvention of DRM, this only covers DRM that constrains uses of the work that are not otherwise authorized or permitted by law.
Thus under RCEP, it would probably not be against the law to circumvent DRM in order to view DRM-protected content on a device of your choosing, or to copy parts of it for a fair use purpose, or for other purposes that are consistent with copyright law. This is an important limitation of the scope of a DRM circumvention provision.
To achieve the same result under the TPP, a country would have to pass exceptions to their DRM circumvention law, which can only be done after demonstrating an actual or likely adverse impact of the law on non-infringing uses. While the end result could be the same, the TPP's “protections first, exceptions later” approach is a more roundabout way of limiting the effect of the DRM provision than the RCEP approach of constraining its scope to begin with.
The TPP also provides for penalties for the supply of devices or services that are primarily to be used for DRM circumvention (a narrow exception is carved out for institutions such as libraries, museums and non-profit broadcasters). If these acts are carried out for commercial purposes, the penalties become criminal. Such penalties are not replicated under RCEP, although Korea is advocating for the inclusion of at least civil penalties for the supply of circumvention devices or services.Limitations and Exceptions
For some reason, the parties have found it necessary to confine the availability of copyright limitations and exceptions using the same narrow language in Article 2.5 of RCEP as is found in in Article 18.65 of the TPP. Although the same narrow three-step test is also found in the Berne and TRIPS conventions, the overall impact of this is that the treatment of limitations and exceptions in RCEP begins from a very negative starting point.
Australia then proposes a half-hearted positive obligation, modeled on that from 18.66 of the TPP, that each party “shall endeavour to provide an appropriate balance in its copyright and related rights system by providing limitations and exceptions… for legitimate purposes including education, research, criticism, comment, news reporting, libraries and archives and facilitating access for persons with disability.” The following sub-paragraph clarifies that this might include exceptions for fair use.
Even those who have taken a more charitable view of this provision than EFF does have suggested that it could have been improved [PDF] if the language “shall endeavour to” had been replaced with a more positive obligation to pursue balance in copyright. It is a shame that, based on the current text, the RCEP negotiators have failed to avail themselves of this obvious opportunity for improvement of the TPP, while remaining consistent with it.Broadcasters Rights
Based on the current text proposals, RCEP may actually impose more stringent protections for broadcasters than the TPP does. The TPP allows authors, performers and producers to control the broadcast of their work, but it does not bestow any independent powers over those works upon broadcasters. RCEP, in contrast, could create such new powers; potentially providing broadcasters with a 50 year monopoly over the retransmission of broadcast signals, including retransmission of those signals over the Internet.
India's preferred language for this proposal would even provide broadcasters with a right to prohibit the reproduction of fixations (that is, recordings) of broadcasts, independent of the rights of the copyright owner over that same content. This is such an extreme proposal that it is currently considered off the table in the ongoing negotiations for a broadcasters' treaty at the World Intellectual Property Organization (WIPO).
These proposals for new monopoly powers for broadcasters are unnecessary, since broadcast content is already protected by copyright in most cases, and in those cases where it isn't—such as the broadcast of public domain material—there are very good reasons why such content ought to be freely available for retransmission, fixation, and reuse. That's why EFF is opposing plans for a broadcasters rights treaty at WIPO.Trade Secrets
The TPP's trade secrets language in Article 18.78 is more extensive than international law requires, and indeed is something of a mash-up of conventional trade secrets protection with U.S. cyber-espionage law. RCEP strips this back to the basics, with countries providing a few different options, all of which are based around the well-established international legal norms from the TRIPS Agreement.
Having said that, the RCEP negotiators' failure to explicitly address the need for exceptions to trade secret protection for whistleblowers, journalists, and other disclosures in the public interest, represents another missed opportunity.Conclusion
Without such an overbearing influence from Hollywood lobbyists, RCEP does manage to avoid some of the worst excesses of the TPP—such as the extension of copyright term, the prescriptive ISP liability regime, the most restrictive DRM provisions, and the expansion of trade secrets law. But other provisions, most notably on enforcement, are largely unchanged from the TPP.
By the same token, RCEP fails to improve much on the TPP in areas where it quite easily could; most notably in the language on limitations and exceptions, which fails to require countries to include an equivalent to fair use in their copyright laws.
Finally, the proposed language on related rights for broadcasters is actually worse than the TPP. The TPP negotiators were wise to mostly avoid this topic, being that it is currently still under negotiation at WIPO, whereas RCEP has plunged ahead and sought to enshrine obligations for the protection of broadcasters that remain controversial and untested around the world.
Worst of all is that none of these problems would have come to light if the text of the agreement had not been leaked. Like the TPP before it, the RCEP is being negotiated in a secretive fashion, behind closed doors, without adequate input from Internet users or any other of the stakeholders whose lives and livelihoods it will affect.
The next round of RCEP negotiations will take place behind closed doors in Perth, Australia, next week. It will be the first round at which negotiators will open the doors by a little crack, to allow some presentations from public interest groups. However, this is not enough. In the light of this latest leak, the negotiators ought to follow the recommendations of the Brussels Declaration on Trade and the Internet, and formally release the draft text to the public.
Share this: Join EFF
As networked computers disappear into our bodies, working their way into hearing aids, pacemakers, and prostheses, information security has never been more urgent -- or personal. A networked body needs its computers to work well, and fail even better.
Graceful failure is the design goal of all critical systems. Nothing will ever work perfectly, so when things go wrong, you want to be sure that the damage is contained, and that the public has a chance to learn from past mistakes.
That's why EFF has just filed comments with the FDA in an open docket on cyber-security guidelines for medical systems, letting the agency know about the obstacles that a species of copyright law -- yes, copyright law! -- has put in the way of medical safety.
The problem is Section 1201 of the Digital Millennium Copyright Act, which prohibits tampering with "effective means of access control" that restricted copyrighted works. The law was a creature of the entertainment industry, which saw an opportunity to create new business models that transferred value from their customers to their shareholders. CDs didn't have digital locks, so was easy to convert the music you bought on CD to play on your digital home stereo, phone, and car. DVDs have digital locks, so all you can legally do with the movies you buy on DVD is watch them. If you want to get at that latent value in your discs -- the value of watching a movie on a phone, or backing it up in case you scratch your disc, for example -- you have to buy the movie again.
To keep these business models intact, large content holders sued and threatened security researchers who disclosed flaws in systems with digital locks, arguing that sharing research that required circumvention violated the DMCA. As a result, systems with digital locks became a no-go zone for security research, meaning that their flaws fester for longer before being brought to light and fixed.
And then it got weird.
Increasingly, every machine and device has a computer inside it, from cars to thermostats to fancy new lightbulbs. Manufacturers realized that merely by shellacking the minimum plausible digital lock around these devices, they could use the DMCA to enforce the same high-profit restrictions that had been the purview of the entertainment industry until then.
First it was phones that would only run software from the manufacturer's app store. Then it was cars that could only be diagnosed and repaired by authorized service centers that only used the manufacturer's official, high-priced replacement parts. Then it was everywhere: thermostats and lightbulbs, yes, and tractors and voting machines, too.
And, of course, medical devices.
Manufacturers who use digital locks to restrict the configurations of their devices get a lot of commercial benefit. They can force doctor's offices to pay recurring license fees for the diagnostic software that works with these gadgets. They can restrict access to service and even consumables -- why allow just anyone's insulin to be installed on your pump when the inkjet printer people have demonstrated a way to charge vintage Champagne prices for something that costs pennies a gallon?
But a profit motive that might conflict with users' best interests isn't the worst problem. The great danger is safety. Medical implants are increasingly equipped with wireless interfaces, because:
a) they're cheap; and
b) it's hard to attach a USB cable to a device that's been implanted in your chest cavity.
That means that bugs in medical implants can be exploited over their wireless interfaces, too. For example: lethal shocks from implanted pacemakers and defibrillators. It was not for nothing that former VP Dick Cheney had the wireless interface on his pacemaker deactivated (future software updates for Mr Cheney's heart-monitor will thus involve general anaesthesia, a scalpel, and a rib-spreader).
However you feel about copyright law, everyone should be able to agree that copyright shouldn't get in the way of testing the software in your hearing aid, pacemaker, insulin pump, or prosthetic limb to look for safety risks (or privacy risks, for that matter). Implantees need to know the truth about the reliability of the technology they trust their lives to.
That's why today, EFF asked the FDA to require manufacturers to promise never to use the DMCA to attack security research, as a condition of certifying their devices. This would go a long way to protecting patients from manufacturers who might otherwise use copyright law to suppress the truth about their devices' shortcomings. What's more, it's an approach that other groups have signed up for, as part of the normal process of standardization.
We think Congress should modify the DMCA to make it clear that it doesn't apply to devices that have no nexus with copyright infringement, but patients can't wait for this long-overdue reform. In the meantime, agencies like the FDA have a role to play in keeping patients safe from devices that work well, but fail badly.
Share this: Join EFF
Tech experts and industry representatives squared off against law enforcement officials in two sessions of lively testimony today in front of the House Energy and Commerce committee. Today's hearing is the latest in the ongoing battle in the courts and legislature commonly called the second “Crypto Wars,” after a similar national debate in the 1990s.
Two witnesses on the law enforcement panel offered a chilling proposal to deal with the well-documented weakness that any domestic encryption ban would do little against the hundreds of encryption products developed and sold internationally. Thomas Galati of the NYPD and Charles Cohen of the Indiana State Police argued that software could be kept off American computing devices by exerting legal pressure on the Android, Apple, and Blackberry app stores.
That proposal would seem to leave to app store gatekeepers the nigh-impossible task of ensuring none of the software it carries comes with “warrant-proof” cryptographic options. But worse, it cuts right to the core of fundamental computing freedom questions and cues up the next legislative battle to address what software people are allowed to run on their devices.
It's a scenario envisioned by EFF Special Advisor Cory Doctorow in his essay Lockdown: as long as we're using the kinds of general purpose computers that power our phones, laptops, and increasingly everything else, the only way to remove capabilities is by requiring DRM software and other spyware to make sure users are in compliance.
The laws that currently aim to enforce those kinds of restrictions piggyback on copyright law, and create uncertainty around phone jailbreaking, to pick a relevant example. EFF has argued for—and won—explicit exemptions to those laws, allowing users to install software from alternative app stores. It's not hard to imagine that if a proposal to regulate encryption software through app store chokepoints were to proceed, it would be accompanied by pressure to tighten those restrictions.
At another point in the hearing, lawmakers pressed the FBI's Amy Hess on the role of third-party “grey hat” hackers in accessing the data on the iPhone at the heart of the hotly contested “Apple v. FBI” case. Representative Diana DeGette of Colorado suggested those capabilities might be cultivated internally instead.
Hess disagreed, saying the FBI will always need to seek the cooperation of industry and academic experts. That might have been an opportunity to discuss the duty FBI and other agencies have in disclosing vulnerabilities to those same tech industry companies—an area EFF has worked to shine light on through Freedom of Information Act requests and lawsuits concerning the Vulnerabilities Equities Process (VEP). Unfortunately, no lawmakers pushed Hess on the question.
The second panel—made up of industry and tech representatives—seemed to serve as a fact-checking service for the first. Apple's General Counsel Bruce Sewell, for example, categorically denied three allegations made about his company in the previous panel, saying Apple has not provided source code to the Chinese government, has not actively “thrown away” keys it once used to assist law enforcement, and has not announced passcode protection for the next generation of its iCloud backup software.
Other irresponsible statements from the first panel went without comment. When Charles Cohen, the Indiana State Police commander, was asked about information that is more accessible to surveillance now than before cell phones, he drew a blank. “I'm having problems thinking of information that is available now that was not before. From my perspective, thinking through investigations that we previously had information for, when you combine the encryption issue along with shorter and shorter retention periods for Internet service providers … it might be difficult to find an example of an avenue that is now available that was not before.” It's possible that Cohen is not familiar the myriad ways in which cell phone metadata, content, and location tracking are being used by law enforcement—but that would be quite a surprise, given the Indiana State Police's long history with the technology.
Ultimately, it's a step forward that a congressional committee has summoned tech expertise into the room, if only to explain why law enforcement wasn't able to compromise our security in the first Crypto Wars. Speaking to a representative who floated the idea of a key escrow system, University of Pennsylvania Associate Professor of Computer and Information Science Dr. Matt Blaze explained: “I just want to caution that the split-key design, as attractive as it sounds, was also at the core of the NSA design of the Clipper Chip, which was where we started over two decades ago.” Blaze should know; his research discovering a fatal flaw in the Clipper Chip protocol is often credited with sinking the project.
Meanwhile in the Senate, draft legislation could threaten uncompromised cryptography altogether. U.S. readers, tell your Senators to oppose the Burr-Feinstein backdoor proposal today.
Share this: Join EFF
Last month, EFF moved to intervene in a patent case in order to unseal records we believe have been improperly kept from the public. Yesterday, the court granted EFF’s motion to intervene, and in doing so, rejected a troubling argument being put forth by the patent owner.
The case is Blue Spike v. Audible Magic. As we noted in our blog post last month, numerous documents, including at least three court opinions, have been completely withheld from the public. The sealed documents are highly substantive, and from what we can gather, would help the public better understand what, exactly, Blue Spike claims to have invented.
EFF moved to intervene in the case, arguing that the public has a right to know what arguments and evidence are being presented to the court. This is true for all court records, unless a party can show that disclosure harms them in a particular way that overrides the public’s right of access, something that hasn’t occurred in this case.
In response, Blue Spike argued that EFF had no “standing” to ask the court to unseal documents. That is, Blue Spike argued that a desire to access documents was not enough to allow the court to hear EFF’s claim. If it were, Blue Spike argued, that would mean that anyone could intervene in order to get documents unsealed.
Blue Spike also argued that it was improper for EFF to publicly “malign” its patent (which we selected as September 2014’s Stupid Patent of the Month). It even complained that EFF had “admitted it intends to change the patent landscape.” But the fact that Blue Spike does not like EFF’s speech or our policy goals has no bearing on our First Amendment right to access court proceedings. It is crucial that the public have access to court records to properly analyze and comment on litigation. This is true whether one is a staunch supporter or a strong critic of the current system. Access is guaranteed to the entire public.
Blue Spike is not the first, and it is likely not the last, to argue that members of the public can’t challenge the confidentiality of the courts. But what Blue Spike and others who make this argument fail to understand is that the public presumptively have rights to access court documents and the law makes clear they shouldn’t have to intervene in order to access them. Unfortunately, too often we see courts allowing parties to seal documents without making the parties demonstrate that sealing is appropriate. This improperly places the burden on the public to seek unsealing when the burden should be on the parties to seal.
Public access [to judicial records] serves to promote trustworthiness of the judicial process, to curb judicial abuses, and to provide the public with a more complete understanding of the judicial system, including a better perception of its fairness.
We’re glad the court granted EFF’s motion and rejected Blue Spike’s argument. But we shouldn’t have had to intervene in the first place.
Share this: Join EFF
San Francisco—The Electronic Frontier Foundation (EFF) filed a Freedom of Information (FOIA) lawsuit today against the Justice Department to shed light on whether the government has ever used secret court orders to force technology companies to decrypt their customers’ private communications, a practice that could undermine the safety and security of devices used by millions of people.
The lawsuit argues that the DOJ must disclose if the government has ever sought or obtained an order from the Foreign Intelligence Surveillance Court (FISC) requiring third parties—like Apple or Google—to provide technical assistance to carry out surveillance.
The suit separately alleges that the agency has failed to turn over other significant FISC opinions that must be declassified as part of surveillance reforms that Congress enacted with the USA FREEDOM Act.
EFF filed its FOIA requests in October and March amid increasing government pressure on technology companies to provide access to customers’ devices and encrypted communications for investigations. Although the FBI has sought orders from public federal courts to create a backdoor to an iPhone, it is unclear to what extent the government has sought or obtained similar orders from the FISC. The FISC operates mostly in secret and grants nearly every government surveillance request it receives.
The FBI’s controversial attempt to force Apple to build a special backdoor to an iPhone after the San Bernardino attacks underscored EFF’s concerns that the government is threatening the security of millions of people who use these devices daily. Many citizens, technologists and companies expressed similar outrage and concern over the FBI’s actions.
Given the public concern regarding government efforts to force private companies to make their customers less secure, EFF wants to know whether similar efforts are happening in secret before the FISC. There is good reason to think so. News outlets have reported that the government has sought FISC orders and opinions requiring companies to turn over source code so that federal agents can find and exploit security vulnerabilities for surveillance purposes.
Whether done in public or in secret, forcing companies to weaken or break encryption or create backdoors to devices undermines the safety and security of millions of people whose laptops and smartphones contain deeply personal, private information, said EFF Senior Staff Attorney Nate Cardozo.
“If the government is obtaining FISC orders to force a company to build backdoors or decrypt their users’ communications, the public has a right to know about those secret demands to compromise people’s phones and computers,” said Cardozo. “The government should not be able to conscript private companies into weakening the security of these devices, particularly via secret court orders.”
In addition to concerns about secret orders for technical assistance, the lawsuit is also necessary to force the government to comply with the USA FREEDOM Act, said EFF Senior Staff Attorney Mark Rumold. Transparency provisions of the law require FISC decisions that contain significant or novel legal interpretations to be declassified and made public. However, the government has argued that USA FREEDOM only applies to significant FISC decisions written after the law was passed.
“Even setting aside the existence of technical assistance orders, there’s no question that other, significant FISC opinions remain hidden from the public. The government’s narrow interpretation of its transparency obligations under USA FREEDOM is inconsistent with the language of the statute and Congress’ intent,’’ said Rumold. “Congress wanted to bring an end to secret surveillance law, so it required that all significant FISC opinions be declassified and released. Our lawsuit seeks to hold DOJ accountable to the law.”
For the full complaint:
Share this: Join EFF
Fair use is one of the biggest undelivered promises of a report of the Australian Law Reform Commission to the Australian government two years ago, which recommended improvements to Australian copyright law. Instead of delivering a fair use exception, the government slapped users with onerous new enforcement provisions such as SOPA-style web blocking and data retention, along with a now-shelved attempt at a graduated response code for penalizing users suspected of infringement.
Strangely, these new strict enforcement provisions have failed to transform Australia into a more innovative and productive economy, and so the government has finally turned its attention back to other copyright reforms such as fair use, by way of a new inquiry of its Productivity Commission. Cue the entry of Australia's big media and entertainment conglomerates, who funded a fear-mongering report by PricewaterhouseCoopers (PWC) claiming that the introduction of a fair use exception to copyright would bring near-apocalyptic consequences for Australia's creative sector, while failing to deliver significant benefits.
Economics is an inexact science, but policymakers give economic data a lot of deference, even when they don't quite understand it. Even so, a lay person's reading of the PWC report is enough to exposes how ridiculous its conclusions are. Just to take one example, one of the sources used by PWC for their data is four-year old data from Consumers International, which rates countries according to the flexibility of their copyright laws. Because the PWC report can't find a strong correlation between copyright flexibility and GDP per capita in those countries, they conclude that "a host of other factors explain GDP per capita than copyright flexibility alone", as if fair use proponents had ever claimed otherwise. It so happens that this Deeplinks author was also the editor of the Consumers International data set cited by PWC, and knows its limitations quite well; suffice it to say that it can't be used to draw any conclusions one way or the other about the effect of copyright flexibility on GDP.
There are, however, narrower case studies that can be usefully used to illustrate the real benefits of fair use to users and innovators; and these, the PWC report largely ignores. Thankfully, some such examples are given in a counter-report released this week by Global Expert Network on Copyright User Rights, authored by IP professors from Australia, the USA and Canada. As this counter-report explains, these benefits include the legalization of many fair use activities and the industries that support them, including time-shifting of lawfully-acquired content, reverse-engineering, cloud services, and text and data mining.
The authors of the counter-report conclude:
None of the claimed costs of fair use identified in the PWC Report are likely to occur. What is likely to follow fair use is that innovators and creators in Australia will find it easier to do their work and the providers of new technology will find it easier to market their products. These will result in modest gains to Australian society over time, likely with little in the way of costs. Further study of the impact of fair use in other countries is under way and well deserved. But the PWC Report does little to add to that endeavour.
Let's hope that the Australian government casts an appropriately critical eye over the industry-funded PWC report, and finally gives fair use a fair hearing.
Share this: Join EFF
Cisco custom-built the so-called “Great Firewall of China,” also known as the “Golden Shield.” This system enables the Chinese government to conduct Internet surveillance and censorship against its citizens. As if that weren’t bad enough, company documents also revealed that, as part of its marketing pitch to China and in an effort to meet its customers needs, Cisco built a special Falun Gong module into the Golden Shield that helped the Chinese authorities identify, locate, and ultimately persecute practitioners of that religion by, for example, creating profiles of them that could be used during interrogations and forced conversions (i.e., torture).
Five years ago, victims sued Cisco for the human rights abuses they suffered as a result of the Falun Gong module. The case, Doe I v. Cisco Systems, is currently pending before the U.S. Court of Appeals for the Ninth Circuit. The plaintiffs are Falun Gong practitioners who allege that the company knowingly and purposefully designed and sold specific technologies to the Chinese government that aided and abetted human rights abuses, including torture, against them. We filed an amicus brief in January in favor of the plaintiffs.
Cisco recently submitted its responsive appellate brief (and the plaintiffs filed their reply) and one of its arguments made us do a double-take. Cisco claims that because U.S. export law doesn't ban it from selling its equipment to China, the company is immune from civil liability for the human rights abuses it facilitated. Cisco even went so far as to argue that the U.S. government’s recent dropping of overbroad proposed rules for regulating surveillance technologies under the Wassenaar Arrangement—rules that EFF strongly argued should be dropped—establishes that Cisco should be immune.
Specifically, Cisco argues that since Congress and the Department of Commerce regulate exports to China of guns and other “crime control and detection” equipment but do not ban the export of the “Internet infrastructure” products that Cisco sells, Cisco should be held completely immune for aiding and abetting human rights abuses.
There are two insurmountable problems with this argument.
First, the suggestion that the lack of a prohibition on export creates an immunity from civil liability is wrong.
Cisco tries to use the “political question doctrine,” a rule crafted by the Supreme Court to bar courts from reviewing policy choices and making decisions on policy matters, particularly those related to foreign relations, that should be left to Congress or the executive branch. However, the Supreme Court has made clear that courts have authority to hear matters that are “legal in nature.” Thus “it goes without saying that interpreting congressional legislation is a recurring and accepted task for the federal courts,” the Court said. This is true even if a court’s “decision may have significant political overtones."
Not only did Congress not expressly immunize Cisco from legal liability for selling its products to the Chinese government, a well-settled law applies that allows the company to be sued: the Alien Tort Statute (ATS). The ATS allows non-citizens to file lawsuits in U.S. courts for wrong-doing, such as human rights abuses, that violate international law. Thus, this case is about a violation of the ATS (and other laws), not about policy choices. Many cases have political overtones, including international overtones. But that doesn’t mean any case involving exports is so “political” as to be barred from judicial review. The courts have a duty to interpret the ATS to determine whether Cisco can be held liable for breaking U.S. law by knowingly and purposefully assisting in human rights abuses suffered abroad.
Second, the fact that Congress hasn’t banned the export of general “Internet infrastructure” technology to China doesn’t address whether Cisco, in selling its specific and customized “Internet infrastructure” (i.e., surveillance) technology to the Chinese government—understanding that it was going to be used in the persecution of Falun Gong practitioners—violated the ATS.
Finally, Cisco wrongly claims that it can’t be sued for facilitating human rights abuses because the Commerce Department tried, and then backed off of, adding “surveillance technologies” to the Wassenaar Arrangement, a 2013 international agreement that the U.S. signed to control the export of “dual-use” technologies (i.e., those that governments can use for both legitimate purposes and to violate human rights). The Commerce Department withdrew its 2015 proposed rules to implement the agreement after much public opposition, led in part by EFF.
We opposed the proposal because it was overbroad and would have had serious unintended consequences for the good guys—the information security researchers, penetration testers, security consultants, academics, and other hackers who try to improve security and privacy online. In other words, the regulations, in attempting to control surveillance software, would have made it difficult to create and share security software that we all rely on. We were pleased that the Commerce and State Departments recently agreed to renegotiate the Wassenaar Arrangement’s language at the multinational level.
But none of this has anything to do with whether companies like Cisco can be sued for customizing and selling surveillance technologies to repressive regimes with the understanding that they will be used to violate human rights. Cisco’s attempt to try to leverage the Wassenaar discussions into legal immunity for itself is unfounded and should fail.
Ultimately, we believe that export regulations are not the most effective mechanism for protecting human rights, a point underscored by the fact that notorious spyware seller Hacking Team regularly received export clearance by its home country Italy under the Wassenaar Arrangement. Rather, it is critically important that actual victims of human rights abuses—such as the plaintiffs in the ATS case against Cisco—have direct legal mechanisms to seek justice.Related Cases: Doe I v. Cisco
Share this: Join EFF
The Google Books case is over after a decade of litigation, leaving in its wake new guidance on the reach of the fair use doctrine and, not incidentally, protection for an extraordinary public resource for finding books and information.
Last fall, the Second Circuit issued a long-anticipated ruling soundly rejecting the Authors Guild’s claim that the Google Books Project infringes copyright. The Authors Guild asked the Supreme Court to review that ruling, and today the Supreme Court said no. That decision means the Guild has run out of options, at least in the courts.
The Court’s decision is not a surprise, but it will be disappointing to some content holders, who insist that the Second Circuit’s ruling is a prime example of “fair use creep.” In their view, fair use was intended to protect only new “creativity” (such as purely artistic works), not technological uses such as the mass digitization Google engaged in to create the Google Books database.
The real problem is not “fair use creep,” but “copyright creep.” Fair use provides breathing space in copyright law, making sure that control of the right to copy and distribute doesn’t become control of the right to create and innovate. New technologies and services, like the Google Books Project, depend on the creation of multiple copies as a matter of course. At the same time, copyright terms cover works many decades old and copyrighted software appears in more and more devices. Taken together, these developments mean the potential reach of copyright may extend ever further. Fair use makes sure that the rights of the public expand at the same time, so add-on creativity and innovation can continue to thrive.
As Judge Pierre Leval observed in the Second Circuit ruling the Authors’ Guild tried to overturn, fair use promotes “copyright’s very purpose”:
The ultimate goal of copyright is to expand public knowledge and understanding, which copyright seeks to achieve by giving potential creators exclusive control over copying of their works, thus giving them a financial incentive to create informative, intellectually enriching works for public consumption . . . Thus, while authors are undoubtedly important intended beneficiaries of copyright, the ultimate, primary intended beneficiary is the public, whose access to knowledge copyright seeks to advance by providing rewards for authorship.
The Supreme Court made the right call. Its decision will finally end this litigation, and leave intact a fair use doctrine that is robust and flexible enough to counterbalance the copyright creep that would stifle new innovation and creativity.Related Cases: Authors Guild v. HathiTrustAuthors Guild v. Google, Part II: Fair Use Proceedings
Share this: Join EFF