Aggregated News

EFF Wins Release of Warner Bros. Documents On Robo-Takedown System

eff.org - Sat, 27/09/2014 - 07:47

A federal judge in Florida ruled Thursday that Warner Brothers Entertainment must release key information about its automated scheme to send copyright infringement notices to websites. The documents will give the public a better look into robo-takedowns and their potential for abuse as Congress considers changes to the Digital Millennium Copyright Act (DMCA).

The ruling comes in response to EFF’s request to release records from the Disney v. Hotfile lawsuit, in which several movie studios accused the cyberlocker site Hotfile of copyright infringement based on Hotfile users’ sharing of movie files.

Hotfile countersued Warner for abusing the DMCA’s takedown procedure, which allows copyright holders to have user-posted material taken down from many sites based only on an accusation of copyright infringement. Hotfile accused Warner of repeatedly sending notices about material that was not Warner’s, including files that shared common words like “box” and “fringe” with the titles of Warner films, and even copies of a software program called JDownloader that Warner had no rights in but didn’t want the public to have.

A judge found that Warner might be liable under Section 512(f) of the DMCA, which prohibits sending takedowns without having a basis for believing the content is actually infringing a copyright owned by the person initiating the takedown. The judge ruled that Hotfile had presented enough evidence of abuse that a jury could decide the issue. But before the case could be heard by a jury, the parties settled, and Hotfile shut down. So there was evidence that Warner may have crossed the line, but the details have been held under seal, inaccessible to the public. In February, EFF asked the court to release the sealed records that explain the court’s decision, including aspects of Warner’s robo-takedown system that Hotfile had challenged.

At an oral hearing in the Miami federal courthouse on Thursday, attorney Dineen Pashoukos Wasylik argued for EFF. Noting that court records are normally supposed to be open to the public, Judge Kathleen Williams ordered Warner to release certain information within ten days of Thursday’s ruling, and to propose a schedule for releasing the rest.

This ruling couldn’t come at a better time for the public.  Throughout the year the Patent and Trademark Office has conducted a series of public events on the DMCA’s takedown process, and the U.S. House Judiciary Committee has held a hearing.  More information about how the DMCA process has been abused – particularly through automated takedown systems with inadequate human review – will help us improve it, and hold people responsible when they use this powerful tool of censorship abusively or without caution. The sealed documents from the Hotfile case will help.  We’re pleased that Judge Williams preserved the public’s right to open court proceedings here, and we are looking forward to a close analysis of the Warner documents when they are released.

Related Issues: Fair Use and Intellectual Property: Defending the BalanceDMCAFixing Copyright? The 2013-2014 Copyright Review ProcessRelated Cases: Disney v. Hotfile
Share this:   ||  Join EFF
Categories: Aggregated News

Nine Epic Failures of Regulating Cryptography

eff.org - Sat, 27/09/2014 - 07:40

Update 9/26/14: Recently Apple has announced that it is providing basic encryption on mobile devices that they cannot bypass, even in response to a request from law enforcement. Google has promised to take similar steps in the near future. Predictably, law enforcement has responded with howls of alarm.

We've seen this movie before. Below is a slightly adapted blog post from one we posted in 2010, the last time the FBI was seriously hinting that it was going to try to mandate that all communications systems be easily wiretappable by mandating "back doors" into any encryption systems. We marshaled eight "epic failures" of regulating crypto at that time, all of which are still salient today. And in honor of the current debate, we've added a ninth.

They can promise strong encryption. They just need to figure out how they can provide us plain text. - FBI General Counsel Valerie Caproni, September 27, 2010

[W]e're in favor of strong encryption, robust encryption. The country needs it, industry needs it. We just want to make sure we have a trap door and key under some judge's authority where we can get there if somebody is planning a crime. - FBI Director Louis Freeh, May 11, 1995

If the government howls of protest at the idea that people will be using encryption sound familiar, it's because regulating and controlling consumer use of encryption was a monstrous proposal officially declared dead in 2001 after threatening Americans' privacy, free speech rights, and innovation for nearly a decade. But like a zombie, it's now rising from the grave, bringing the same disastrous flaws with it.

For those who weren't following digital civil liberties issues in 1995, or for those who have forgotten, here's a refresher list of why forcing companies to break their own privacy and security measures by installing a back door was a bad idea 15 years ago:

  1. It will create security risks. Don't take our word for it. Computer security expert Steven Bellovin has explained some of the problems. First, it's hard to secure communications properly even between two parties. Cryptography with a back door adds a third party, requiring a more complex protocol, and as Bellovin puts it: "Many previous attempts to add such features have resulted in new, easily exploited security flaws rather than better law enforcement access."It doesn't end there. Bellovin notes:

    Complexity in the protocols isn't the only problem; protocols require computer programs to implement them, and more complex code generally creates more exploitable bugs. In the most notorious incident of this type, a cell phone switch in Greece was hacked by an unknown party. The so-called 'lawful intercept' mechanisms in the switch — that is, the features designed to permit the police to wiretap calls easily — was abused by the attacker to monitor at least a hundred cell phones, up to and including the prime minister's. This attack would not have been possible if the vendor hadn't written the lawful intercept code.

    More recently, as security researcher Susan Landau explains, "an IBM researcher found that a Cisco wiretapping architecture designed to accommodate law-enforcement requirements — a system already in use by major carriers — had numerous security holes in its design. This would have made it easy to break into the communications network and surreptitiously wiretap private communications."

    The same is true for Google, which had its "compliance" technologies hacked by China.

    This isn't just a problem for you and me and millions of companies that need secure communications. What will the government itself use for secure communications? The FBI and other government agencies currently use many commercial products — the same ones they want to force to have a back door. How will the FBI stop people from un-backdooring their deployments? Or does the government plan to stop using commercial communications technologies altogether?

  2. It won't stop the bad guys. Users who want strong encryption will be able to get it — from Germany, Finland, Israel, and many other places in the world where it's offered for sale and for free. In 1996, the National Research Council did a study called "Cryptography's Role in Securing the Information Society," nicknamed CRISIS. Here's what they said:

    Products using unescrowed encryption are in use today by millions of users, and such products are available from many difficult-to-censor Internet sites abroad. Users could pre-encrypt their data, using whatever means were available, before their data were accepted by an escrowed encryption device or system. Users could store their data on remote computers, accessible through the click of a mouse but otherwise unknown to anyone but the data owner, such practices could occur quite legally even with a ban on the use of unescrowed encryption. Knowledge of strong encryption techniques is available from official U.S. government publications and other sources worldwide, and experts understanding how to use such knowledge might well be in high demand from criminal elements. — CRISIS Report at 303

    None of that has changed. And of course, more encryption technology is more readily available today than it was in 1996. So unless the goverment wants to mandate that you are forbidden to run anything that is not U.S. government approved on your devices,  they won't stop bad guys from getting  access to strong encryption.

  3. It will harm innovation. In order to ensure that no "untappable" technology exists, we'll likely see a technology mandate and a draconian regulatory framework. The implications of this for America's leadership in innovation are dire. Could Mark Zuckerberg have built Facebook in his dorm room if he'd had to build in surveillance capabilities before launch in order to avoid government fines? Would Skype have ever happened if it had been forced to include an artificial bottleneck to allow government easy access to all of your peer-to-peer communications?This has especially serious implications for the open source community and small innovators. Some open source developers have already taken a stand against building back doors into software.
  4. It will harm US business. If, thanks to this proposal, US businesses cannot innovate and cannot offer truly secure products, we're just handing business over to foreign companies who don't have such limitations. Nokia, Siemens, and Ericsson would all be happy to take a heaping share of the communications technology business from US companies. And it's not just telecom carriers and VOIP providers at risk. Many game consoles that people can use to play over the Internet, such as the Xbox, allow gamers to chat with each other while they play. They'd have to be tappable, too.
  5. It will cost consumers. Any additional mandates on service providers will require them to spend millions of dollars making their technologies compliant with the new rules. And there's no real question about who will foot the bill: the providers will pass those costs onto their customers. (And of course, if the government were to pay for it, they would be using taxpayer dollars.)
  6. It will be unconstitutional.. Of course, we wouldn't be EFF if we didn't point out the myriad constitutional problems. The details of how a cryptography regulation or mandate will be unconstitutional may vary, but there are serious problems with nearly every iteration of a "no encryption allowed" proposal that we've seen so far. Some likely problems:
    • The First Amendment would likely be violated by a ban on all fully encrypted speech.
    • The First Amendment would likely not allow a ban of any software that can allow untappable secrecy. Software is speech, after all, and this is one of the key ways we defeated this bad idea last time.
    • The Fourth Amendment would not allow requiring disclosure of a key to the backdoor into our houses so the government can read our "papers" in advance of a showing of probable cause, and our digital communications shouldn't be treated any differently.
    • The Fifth Amendment would be implicated by required disclosure of a private papers and the forced utterance of incriminating testimony.
    • Right to privacy. Both the right to be left alone and informational privacy rights would be implicated.
  7. It will be a huge outlay of tax dollars. As noted below, wiretapping is still a relatively rare tool of government (at least for the FBI in domestic investigations -- the NSA is another matter as we now all know). Yet the extra tax dollars needed to create a huge regulatory infrastructure staffed with government bureaucrats who can enforce the mandates will be very high. So, the taxpayers would end up paying for more expensive technology, higher taxes, and lost privacy, all for the relatively rare chance that motivated criminals will act "in the clear" by not using encryption readily available from a German or Israeli company or for free online.
  8. The government hasn't shown that encryption is a problem. How many investigations have been thwarted or significantly harmed by encryption that could not be broken? In 2009, the government reported only one instance of encryption that they needed to break out of 2,376 court-approved wiretaps, and it ultimately didn't prevent investigators from obtaining the communications they were after.This truth was made manifest in a recent Washington Post article written by an ex-FBI agent. While he came up with a scary kidnapping story to start his screed, device encryption simply had nothing to do with the investigation.  The case involved an ordinary wiretap. In 2010, the New York Times reported that the government officials pushing for this have only come up with a few examples (and it's not clear that all of the examples actually involve encryption) and no real facts that would allow independent investigation or confirmation. More examples will undoubtedly surface in the FBI's PR campaign, but we'll be watching closely to see if underneath all the scary hype there's actually a real problem demanding this expensive, intrusive solution.
  9. Mobile devices are just catching up with laptops and other devices.  Disk encryption just isn't that new. Laptops and desktop computers have long had disk encryption features that the manufacturers have absolutely no way to unlock. Even for simple screen locks with a user password, the device maker or software developer doesn't automatically know your password or have a way to bypass it or unlock the screen remotely.Although many law enforcement folks don't really like disk encryption on laptops and have never really liked it, and we understand that some lobbied against it in private, we haven't typically heard them suggest in public that it was somehow improper for these vendors not to have a backdoor to their security measures.That makes us think that the difference here is really just that some law enforcement folks think that phones are just too popular and too useful to have strong security.  But strong security is something we all should have.  The idea that basic data security is just a niche product and that ordinary people don't deserve it is, frankly, insulting.  Ordinary people deserve security just as much as elite hackers, sophisticated criminals, cops and government agents, all of whom have ready access to locks for their data.  

The real issue with encryption may simply be that the FBI has to use more resources when they encounter it than when they don't. Indeed, Bellovin argues: "Time has also shown that the government has almost always managed to go around encryption." (One circumvention that's worked before: keyloggers.) But if the FBI's burden is the real issue here, then the words of the CRISIS Report are even truer today than they were in 1996:

It is true that the spread of encryption technologies will add to the burden of those in government who are charged with carrying out certain law enforcement and intelligence activities. But the many benefits to society of widespread commercial and private use of cryptography outweigh the disadvantages.

The mere fact that law enforcement's job may become a bit more difficult is not a sufficient reason for undermining the privacy and security of hundreds of millions of innocent people around the world who will be helped by mobile disk encryption.  Or as Chief Justice of John Roberts recently observed in another case rejecting law enforcement's broad demands for access to the information available on our mobile phones:   "Privacy comes at a cost."

Related Issues: Free SpeechAnonymityExport ControlsInnovationPrivacyCALEARelated Cases: Bernstein v. US Department of Justice
Share this:   ||  Join EFF
Categories: Aggregated News

Eight Epic Failures of Regulating Cryptography

eff.org - Fri, 26/09/2014 - 17:00
They can promise strong encryption. They just need to figure out how they can provide us plain text.
- FBI General Counsel Valerie Caproni, September 27, 2010

[W]e're in favor of strong encryption, robust encryption. The country needs it, industry needs it. We just want to make sure we have a trap door and key under some judge's authority where we can get there if somebody is planning a crime.
- FBI Director Louis Freeh, May 11, 1995

As noted in late September, the FBI is on a charm offensive, seeking to ease its ability to spy on Americans by expanding the reach of the Communications Assistance to Law Enforcement Act (CALEA). Among other things, the government appears to be seriously discussing a new requirement that all communications systems be easily wiretappable by mandating "back doors" into any encryption systems.

(Encryption allows users to have private conversations and secure transactions, among other uses, on technologies from cell phones to web browsing to email. Learn more about encryption from EFF's Surveillance Self-Defense guide.)

If this sounds familiar, it's because regulating encryption was a monstrous proposal officially declared dead in 2001 after threatening Americans' privacy, free speech rights, and innovation for nearly a decade. But like a zombie, it's now rising from the grave, bringing the same disastrous flaws with it.

For those who weren't following digital civil liberties issues in 1995, or for those who have forgotten, here's a refresher list of why forcing companies to break their own privacy and security measures by installing a back door was a bad idea 15 years ago. We'll be posting more analysis when more details on the "new" proposal emerge, but this list is a start:

  1. It will create security risks. Don't take our word for it. Computer security expert Steven Bellovin has explained some of the problems. First, it's hard to secure communications properly even between two parties. Cryptography with a back door adds a third party, requiring a more complex protocol, and as Bellovin puts it: "Many previous attempts to add such features have resulted in new, easily exploited security flaws rather than better law enforcement access."

    It doesn't end there. Bellovin notes:

    Complexity in the protocols isn't the only problem; protocols require computer programs to implement them, and more complex code generally creates more exploitable bugs. In the most notorious incident of this type, a cell phone switch in Greece was hacked by an unknown party. The so-called 'lawful intercept' mechanisms in the switch — that is, the features designed to permit the police to wiretap calls easily — was abused by the attacker to monitor at least a hundred cell phones, up to and including the prime minister's. This attack would not have been possible if the vendor hadn't written the lawful intercept code.

    More recently, as security researcher Susan Landau explains, "an IBM researcher found that a Cisco wiretapping architecture designed to accommodate law-enforcement requirements — a system already in use by major carriers — had numerous security holes in its design. This would have made it easy to break into the communications network and surreptitiously wiretap private communications."

    The same is true for Google, which had its "compliance" technologies hacked by China.

    This isn't just a problem for you and me and millions of companies that need secure communications. What will the government itself use for secure communications? The FBI and other government agencies currently use many commercial products — the same ones they want to force to have a back door. How will the FBI stop people from un-backdooring their deployments? Or does the government plan to stop using commercial communications technologies altogether?

  2. It won't stop the bad guys. Users who want strong encryption will be able to get it — from Germany, Finland, Israel, and many other places in the world where it's offered for sale and for free. In 1996, the National Research Council did a study called "Cryptography's Role in Securing the Information Society," nicknamed CRISIS. Here's what they said:

    Products using unescrowed encryption are in use today by millions of users, and such products are available from many difficult-to-censor Internet sites abroad. Users could pre-encrypt their data, using whatever means were available, before their data were accepted by an escrowed encryption device or system. Users could store their data on remote computers, accessible through the click of a mouse but otherwise unknown to anyone but the data owner, such practices could occur quite legally even with a ban on the use of unescrowed encryption. Knowledge of strong encryption techniques is available from official U.S. government publications and other sources worldwide, and experts understanding how to use such knowledge might well be in high demand from criminal elements. — CRISIS Report at 303

    None of that has changed. And of course, more encryption technology is more readily available today than it was in 1996.

  3. It will harm innovation. In order to ensure that no "untappable" technology exists, we'll likely see a technology mandate and a draconian regulatory framework. The implications of this for America's leadership in innovation are dire. Could Mark Zuckerberg have built Facebook in his dorm room if he'd had to build in surveillance capabilities before launch in order to avoid government fines? Would Skype have ever happened if it had been forced to include an artificial bottleneck to allow government easy access to all of your peer-to-peer communications?

    This has especially serious implications for the open source community and small innovators. Some open source developers have already taken a stand against building back doors into software.

  4. It will harm US business. If, thanks to this proposal, US businesses cannot innovate and cannot offer truly secure products, we're just handing business over to foreign companies who don't have such limitations. Nokia, Siemens, and Ericsson would all be happy to take a heaping share of the communications technology business from US companies. And it's not just telecom carriers and VOIP providers at risk. Many game consoles that people can use to play over the Internet, such as the Xbox, allow gamers to chat with each other while they play. They'd have to be tappable, too.
  5. It will cost consumers. Any additional mandates on service providers will require them to spend millions of dollars making their technologies compliant with the new rules. And there's no real question about who will foot the bill: the providers will pass those costs onto their customers. (And of course, if the government were to pay for it, they would be using taxpayer dollars.)
  6. It will be unconstitutional.. Of course, we wouldn't be EFF if we didn't point out the myriad constitutional problems. The details of how a cryptography regulation or mandate will be unconstitutional may vary, but there are serious problems with nearly every iteration of a "no encryption allowed" proposal that we've seen so far. Some likely problems:
    • The First Amendment would likely be violated by a ban on all fully encrypted speech.
    • The First Amendment would likely not allow a ban of any software that can allow untappable secrecy. Software is speech, after all, and this is one of the key ways we defeated this bad idea last time.
    • The Fourth Amendment would not allow requiring disclosure of a key to the backdoor into our houses so the government can read our "papers" in advance of a showing of probable cause, and our digital communications shouldn't be treated any differently.
    • The Fifth Amendment would be implicated by required disclosure of a private papers and the forced utterance of incriminating testimony.
    • Right to privacy. Both the right to be left alone and informational privacy rights would be implicated.
  7. It will be a huge outlay of tax dollars. As noted below, wiretapping is still a relatively rare tool of government. Yet the tax dollars needed to create a huge regulatory infrastructure staffed with government bureaucrats who can enforce the mandates will be very high. So, the taxpayers would end up paying for more expensive technology, higher taxes, and lost privacy, all for the relatively rare chance that motivated criminals will act "in the clear" by not using encryption readily available from a German or Israeli company or for free online.
  8. The government hasn't shown that encryption is a problem. How many investigations have been thwarted or significantly harmed by encryption that could not be broken? In 2009, the government reported only one instance of encryption that they needed to break out of 2,376 court-approved wiretaps, and it ultimately didn't prevent investigators from obtaining the communications they were after.

    The New York Times reports that the government officials pushing for this have only come up with a few examples (and it's not clear that all of the examples actually involve encryption) and no real facts that would allow independent investigation or confirmation. More examples will undoubtedly surface in the FBI's PR campaign, but we'll be watching closely to see if underneath all the scary hype there's actually a real problem demanding this expensive, intrusive solution.

The real issue with encryption may simply be that the FBI has to use more resources when they encounter it than when they don't. Indeed, Bellovin argues: "Time has also shown that the government has almost always managed to go around encryption." (One circumvention that's worked before: keyloggers.) But if the FBI's burden is the real issue here, then the words of the CRISIS Report are even truer today than they were in 1996:

It is true that the spread of encryption technologies will add to the burden of those in government who are charged with carrying out certain law enforcement and intelligence activities. But the many benefits to society of widespread commercial and private use of cryptography outweigh the disadvantages.

Related Issues: Free SpeechAnonymityExport ControlsInnovationPrivacyCALEARelated Cases: Bernstein v. US Department of Justice
Share this:   ||  Join EFF
Categories: Aggregated News

Counter-Surveillance Success Stories to Inspire Digital Rights Advocates

eff.org - Fri, 26/09/2014 - 10:53

Concerned European Internet users will descend upon Brussels on September 26 to participate in Freedom Not Fear 2014—a European week of action aimed to fight against a widespread surveillance state. Since 2008, a coalition of European organizations has met annually under the banner of Freedom Not Fear to fight against online spying, and to challenge the hyperbolic rhetoric of fear that permeates the security and privacy debate. The Freedom Not Fear movement emerged from widespread outrage to the European Union's 2006 Mandatory Data Retention Directive. Since its origins, Freedom Not Fear’s message has been: fundamental rights like privacy, free expression, due process, and democratic participation are jeopardized when reactionary, fear-driven surveillance systems penetrate our societies.

EFF is joining this year’s Freedom Not Fear campaign by featuring a collection of Counter-Surveillance Success Stories from activists who worked (and continue to work) tirelessly to protect our fundamental rights. These counter-surveillance success stories will be a part of a toolkit provided to the digital rights advocates in Latin America that EFF’s International Rights Director Katitza Rodriguez will be collaborating with as she continues her six-month tour of the region this fall. Throughout the trip, she and the other activists will share best practices on how to combat growing surveillance trends in their respective countries and work to create and promote privacy-enhancing solutions. 

As part of this project, we’ve identified some of the best strategies for challenging overreaching proposals that threaten to erode civil liberties. Visit our Counter-Surveillance Success Stories collection to read the case studies that illustrate how digital freedom activists around the world have successfully challenged surveillance practices and proposals. We hope to see this list of examples continue to grow.


Share this:   ||  Join EFF
Categories: Aggregated News

Petition to Obama Administration: End the Harassment and Targeting of Reporters

eff.org - Fri, 26/09/2014 - 07:42

Imagine the United States without independent reporters. Where would the news come from? Press releases and corporate statements? Government-run media? And more importantly, what would we have missed over the last century? Watergate, COINTELPRO, the CIA’s manipulation of politics in Vietnam—none of these things would be common knowledge without courageous reporters, who were willing to publish stories on scandals that rocked the entire country.

A free press has always been an essential part of any democracy. That’s why repressive governments insist on state control over media. That’s why the very first addition to the Constitution, the First Amendment, protects freedom of speech. 

And that’s why EFF is joining over 60 organizations supporting the Committee to Protect Journalists’ (CPJ) #RightToReport petition. The petition calls on the Obama Administration to:

1. Issue a presidential policy directive prohibiting the hacking and surveillance of journalists and media organizations
2. Limit aggressive prosecutions that ensnare journalists and intimidate whistleblowers
3. Prevent the harassment of journalists at the U.S. border

The petition has been signed by intrepid journalists such as Christiane Amanpour of CNN, Glenn Greenwald of The Intercept, and Spencer Ackerman of the Guardian. It has also garnered the support of advocacy organizations like the ACLU and EFF, media giants like Associated Press, as well as international signatories like the Bahrain Press Association. This diverse group agrees: it is urgent that journalists be able to do their jobs without fear of being targeted by the government.

Many of the individual and organizational signatories have experienced the very harassment the petition aims to address—especially those involved in national security reporting. Laura Poitras, documentary filmmaker and staff at The Intercept, has been stopped at the border nearly 40 times. Glenn Greenwald’s partner David Miranda was detained at the Heathrow airport for nine hours. Journalist James Risen is currently in legal proceedings for refusing to reveal a confidential source. And the NSA “hacked into Al Jazeera's internal communications system.” These are only a few of the stories about the kind of intimidation and harassment reporters face today.

CPJ’s petition makes it clear: “The free flow of information and the right of journalists to do their jobs in the digital age must be protected.” If you support the right of journalists to keep us all informed world citizens, sign the petition today. Your voice will be in good company.

Related Issues: Free SpeechNSA Spying
Share this:   ||  Join EFF
Categories: Aggregated News

Ilham Tohti, Online Voice of China's Uyghurs, Sentenced to Life in Prison

eff.org - Fri, 26/09/2014 - 03:42

On Tuesday, Chinese Uyghur scholar, Ilham Tohti, was sentenced to life in prison after a court in Urumqi—the capital of the Xinjiang Uyghur Autonomous Region—found him guilty of the crime of inciting separatism. This is one of the severest sentences given to a political dissenter in communist China that has been seen in recent years.

Mr. Tohti is an economics professor and co-founder of Uyghur Online, a website dedicated to examining the relationship between the Han Chinese—the dominant ethnic group in China—and the Uyghurs—a traditionally Muslim people living primarily in the Xinjiang region of Northwest China.  Since the website’s 2006 inception, Tohti has been a target of Chinese authorities, who consider Tohti’s Uyghur advocacy efforts outspoken and radical.   

Tohti has been critical of Chinese government policies in Xinjiang, but has also attempted to peacefully bring understanding of the Uyghurs to the Han Chinese.  PEN International has been campaigning for Tohti since July 2009 when he was detained for speaking out about ethnic rioting that occurred in Urumqi in July 2009.  After being held and interrogated, he was released over a month later in late August 2009.  After his arrest, Chinese authorities prevented Tohti from leaving the country by detaining him at airports and frequently placing him under house arrest.  

Tohti’s recent trial concluded after only two days; when the final verdict was decided, Tohti was heard proclaiming “It’s not just! It’s not just!.”  The Uyghur American Association released a statement on Tuesday saying it believes “the sentencing is intended to silence peaceful Uyghur dissenters to Chinese state repression and confirms the government’s disregard for meaningful Uyghur participation in solving regional tensions.”

According to the New York Times, China’s shockingly drastic sentencing of Tohti and other moderate Uyghur activists “will only lead to further radicalization of Uighurs and a rise in violence, including the kind encouraged by foreign jihadist groups.”

EFF joins human rights advocates around the globe in calling for the immediate release of Mr. Tohti.


Share this:   ||  Join EFF
Categories: Aggregated News

Australian Government Scrambles to Authorize Mass Surveillance

eff.org - Thu, 25/09/2014 - 08:50

This week, Australian Prime Minister Tony Abbott used recent terrorist threats as the backdrop of a dire warning to Australians that “for some time to come, the delicate balance between freedom and security may have to shift. There may be more restrictions on some, so that there can be more protection for others.”

This pronouncement came as two of a series of three bills effecting that erosion of freedoms made their way through Australia's Federal Parliament. These were the second reading of a National Security Amendment Bill which grants new surveillance powers to Australia's spy agency, ASIO, and the first reading of a Counter-Terrorism Legislation Amendment (Foreign Fighters) Bill that outlaws speech seen as “advocating terrorism”. A third bill on mandatory data retention is expected to be be introduced by the end of the year.

Whilst all three bills in this suite raise separate concerns, the most immediate concern—because the bill in question could be passed this week—is the National Security Amendment Bill. Introduced into Parliament on 16 July, it endured robust criticism during public hearings last month that led into an advisory report released last week. Nevertheless the bill was introduced into the Senate this Tuesday with the provisions of most concern still intact.

In simple terms, the bill allows law enforcement agencies to obtain a warrant to access data from a computer—so far, so good. But it redefines “a computer” to mean not only “one or more computers” but also “one or more computer networks”. Since the Internet itself is nothing but a large network of computer networks, it seems difficult to avoid the conclusion that the bill may stealthily allow the spy agency to surveil the entire Internet with a single warrant.

Apart from allowing the surveillance of entire computer networks, the bill also allows “the addition, deletion or alteration of data” stored on a computer, provided only that this would not “materially interfere with, interrupt or obstruct a communication in transit or the lawful use by other persons of a computer unless … necessary to do one or more of the things specified in the warrant”. Given the broad definition of “computer”, this provision is broad enough to authorize website blocking or manipulation, and even the insertion of malware into networks targeted by the warrant.

Capping all this off, the bill also imposes a sentence of up to ten years imprisonment upon a person who “discloses information … [that] relates to a special intelligence operation”. Although obviously intended to throw the hammer at whistleblowers, the provision would apply equally to journalists. Such a provision could make it impossible for Australians to learn about the activities of their own government that infringe international human rights laws.

All in all, this sweeping bill would hardly be out of place in the NSA's pantheon alongside the USA PATRIOT Act. But unlike the United States, Australia does not have a written Bill of Rights in its Constitution, making its freedom-abridging laws even harder to challenge in court.

Nevertheless Australia is a signatory to all major regional and global human rights instruments including the International Covenant on Civil and Political Rights which provides that “No one shall be subjected to arbitrary or unlawful interference with his privacy”, and that “Everyone shall have the right to freedom of expression”. Australia, like all other nations of the world, is also addressed by the Necessary and Proportionate Principles that provide more detailed guidance on how to apply international human rights standards in the context of communication surveillance.

It is far from clear that a proper balance can be struck by rushing this draconian bill through Parliament at a time when elevated fear of terrorism may lead to important civil liberties safeguards being forgotten or deliberately overruled. Australians should call on their government, before it is too late, to withdraw this bill for further consideration. If not, this may mark the week in history when it became easier for the Australian government to surveil and manipulate the Internet at will.

References:

Data Retention as Mass Surveillance An Australian Perspective: A contribution to the Necessary and Proportionate Week of Action http://www.rogerclarke.com/DV/DRPS.html

13 Principles Week of Action: Fighting Surveillance Law in Australia https://www.eff.org/deeplinks/2014/09/australians

13 Principles Week of Action: While Australia Shirks Its International Human Rights Obligations, Australians Wait On The Rest Of The World to Act https://www.eff.org/deeplinks/2014/09/13-principles-week-action-while-australia-shirks-its-international-obligations

Related Issues: InternationalSurveillance and Human Rights
Share this:   ||  Join EFF
Categories: Aggregated News

Where Books Are Banned, The Internet Can Be a Lifesaver

eff.org - Wed, 24/09/2014 - 17:44

The censorship or banning of books is a phenomenon that occurs in countries around the world. Books that are considered “scandalous” or inciteful in some way are often targets of censorship by governments, schools, libraries and other entities.

In the United States, as NPR explains, books have historically been banned for violence and sexual content, as well as profanity, and continue to be banned by individual school districts. In Australia, the sale of certain books—such as Bret Easton Ellis’s American Psycho—is restricted to readers 18 and over. In Egypt, books challenging the political status quo are often targets of censorship. Amazon maintains a list of countries where particular books cannot be shipped. And the list goes on.

For individuals living in countries with high levels of censorship, the Internet has become a means for circumventing restrictions on book sales. Access to online bookstores and platforms like Kindle have, for example, helped people in China get around the infamous Great Firewall. New platforms like Oyster provide reading materials in English that might not be available for purchase, either due to censorship or lack of demand. And free platforms like Project Gutenberg create access where cost or censorship is an issue.

But for some, these workarounds have restrictions as well. Copyright and related licensing restrictions can curtail access to books in certain places; for example, a new book on atheism in the Arab world by journalist Brian Whitaker is unavailable for purchase in the Middle East and Africa, apparently due to international distribution issues. App stores sometimes restrict access to book platforms out of copyright or liability concerns, as well as when faced by government pressure. And restrictions on international banking—not to mention the cost of e-books—can limit people in many countries from taking advantage of online book platforms.

In Sudan, books can be especially hard to come by. Not only does the government confiscate and ban books and harass authors, but high customs taxes have forced numerous bookstores to close over the past few years.

“Online access to books is so important for the new generation,” says Sudanese activist Dalia Haj Omar, but US sanctions prevent individuals from accessing a number of sites and resources that would allow young Sudanese to circumvent restrictions on reading and learning. Among the sites that are unavailable to Sudanese are Khan Academy and the Google Play Store.  

Despite the sanctions, which Haj Omar is working to reform, she says that young Sudanese are finding ways around the various restrictions, and points to an article in the New York Times detailing Khartoum’s literary revival. It describes the work of Abdullah Al-Zain, the man behind a monthly book swap event called Mafroush (“displayed”). "The Internet is not necessarily an enemy of books," says Al-Zain. Indeed.

Related Issues: International
Share this:   ||  Join EFF
Categories: Aggregated News

EFF Asks President Obama To Support Open Innovation

eff.org - Wed, 24/09/2014 - 10:07

Every few years, the White House updates its Strategy for American Innovation and asks for comments from the public. EFF’s submission explains that overly restrictive intellectual property regimes can stifle innovation by limiting the ability of researchers to build upon existing knowledge. Our comments address three topics on that theme.

Patents: A flood of low-quality software patents has fueled the growth of patent trolling. These lawsuits are especially harmful to innovative small businesses and startups. EFF urges the Administration do more to improve patent quality and to support legislative reform (such as the Innovation Act which passed the House last year) to reduce abusive patent litigation.

Open Access to Knowledge: Our innovative future relies upon understanding the knowledge of the past and present. Unfortunately, scholarly papers are often locked up behind expensive paywalls and stored in unusable formats. For this reason, EFF urges the Administration to not only follow through with its agenda to provide public access to taxpayer-funded research, but also to make sure future policies allow for truly open access, reuse, and innovation.

DMCA Section 1201: The so called “anti-circumvention” provisions of the DMCA were ostensibly intended to stop copyright infringers from defeating anti-piracy protections added to copyrighted works. In practice, however, these provisions have been used to stifle a wide array of legitimate activities. The DMCA has been used to block competition in laser printer toner cartridges, garage door openers, videogame console accessories, computer maintenance services, and mobile phones. We urge the Administration to support legislative reform such as the Unlocking Technology Act, introduced last year by Representative Zoe Lofgren.

President Obama has already taken some positive steps on these issues (particularly to improve the patent system and promote open access). But much more remains to be done. EFF urges the Administration to prioritize reform of overly-restrictive IP regimes. This is essential for a balanced innovation policy that promotes the public interest.

Files:  electronic_frontier_foundation_comments_regarding_strategy_for_american_innovation.pdfRelated Issues: Fair Use and Intellectual Property: Defending the BalanceDMCAPatentsPatent TrollsInnovationDRMOpen Access
Share this:   ||  Join EFF
Categories: Aggregated News

Local Use of Military Equipment is Drawing Scrutiny—But Local Use of Surveillance Equipment and Training Needs Attention Too

eff.org - Wed, 24/09/2014 - 06:02

Since the police shooting of Michael Brown and the response in the streets, militarization of the police, especially with surplus military hardware like armored vehicles, has been a hot topic, both in the news and in Congress. And that's a good thing.

But the equipment we can see on the news isn’t the only thing flowing from our military to local cops. Alongside armored vehicles and guns, local police are getting surveillance technology with help from the federal government. And while we don’t know the full contours of that aid, what we do know is worrisome and should spur further scrutiny, both locally and nationally.

The risks of militarizing the local cops are easy to see—and they’re compounded by folding local law enforcement into homeland security. Military technology, and suspicionless mass surveillance, are based on a military mindset— everyone is a possible enemy and no one deserves privacy. While some lawmakers justify this shift by pointing to the “war on drugs” and “the war on terror,” the United States is not technically a war zone. This raises the specter of the Posse Comitatus Act, passed in the late 1800s to prevent use of the military in domestic law enforcement. 

Congress is Finally Taking a Look into the Transfers of Hardware

Fortunately, Congress is starting to take seriously some parts of this transformation of local law enforcement. On September 9, spurred on by the horrifying use of military technology on the streets of Ferguson, the Homeland Security and Governmental Affairs Committee held a hearing on “the effectiveness of federal programs that provide state and local police with surplus military equipment and grant funding for exercises and for training.” The hearing looked at the Department of Defense (DOD) 1033 program—which allows the DOD to give away for free surplus equipment to local law enforcement, the Department of Homeland Security's (DHS) Homeland Security Grant Programs, and the Department of Justice's Justice Assistance Grant (JAG) program.

Each of these three programs has transferred millions of dollars of equipment and funding to local law enforcement, from bayonets to drones. This includes funding for fusion centers, the state and local criminal intelligence information clearinghouses that allow local law enforcement to access and input information into federal databases like the FBI’s eGuardian without even meeting a "probable cause" standard

The hearing gave the committee a chance to hear direct testimony from representatives of these three programs, as well as other experts and stakeholders. Written statements from speakers are available here. Senators closely questioned the representatives of each of the three programs, revealing some startling truths:

  • The DOD and DHS do not provide any training to departments that get equipment or money from them, including high tech surveillance equipment like drones and mine-resistant ambush-protected vehicles (MRAPs).
  • None of the agencies look into whether a state or local law enforcement agency is under active investigation or has a history of civil rights or civil liberties violations.
  • Prior to Ferguson, these three officials had never met, even though they were providing similar equipment and funding for equipment to the same police departments.
  • The total number of pieces of controlled property, such as weapons, currently in the possession of law enforcement agencies is approximately 460,000.

The questions that were not answered, or partially answered, were also revealing:

  • “What (is) the difference between a militarized and increasingly federalized police force and a standing army?"
  • "When was the last time you can recall that equipment from the 1033 program was used for counterterrorism?”

The overall picture that emerged was that the federal officials are willing to fund surveillance and military technologies to local law enforcement but provide little or no training to police officers—and have no policies in place to ensure this equipment isn’t misused. The White House is conducting a review of these programs, and while there is no clear timeline for completion, it's a step in the right direction

Surveillance Deserves a Look Too

Congress and the White House need to include surveillance technologies in their inquiries. The same money that funds MRAPs and night vision goggles also funds intelligence gathering at the local level. DHS's Homeland Security Grant Program directly funds fusion centers. In fact, its 2014 grant announcement emphasized that funding fusion centers and integrating them nationally is a high priority. And DHS Urban Area Security Initiative money funds events like Urban Shield, a 4 day long event that featured "preparedness" exercises as well as a marketplace of military and surveillance technology.

Another possible avenue for review is the Privacy and Civil Liberties Oversight Board (PCLOB). PCLOB asked for public comments on its proposed mid- and long-term agenda, which includes an examination of the “functional standards" used for Suspicious Activity Reporting (SAR),” a program coordinated through fusion centers.1 EFF, along with others, submitted comments encouraging PCLOB to take a close look more generally at fusion centers. The comments emphasized that accountability for fusion centers, like all the programs reviewed in the Senate hearing, is a major problem: 

The bidirectional flow of data in fusion centers, as well as interagency cooperation and jurisdictional blurriness, makes accountability and a clear understanding of the applicability of laws and regulations difficult… In the midst of this ambiguous and opaque environment, fusion centers have access to a staggering amount of data including the FBI's eGuardian database and a variety of other federal databases. They may even potentially have access to unminimized NSA data. And as data gathered under the problematic SAR standards is entered into these databases, the lines of responsibility for unconstitutional invasions of privacy and civil liberties become ever more unclear.

Local Cops, Local Action

There is a silver lining to all of this, though. Unlike the onerous task of reforming the NSA, FBI, and other federal agencies, addressing militarization of and surveillance by local law enforcement is much easier for grassroots activists. Groups like the coalition that helped push the Urban Shield exercise out of Oakland, the coalition that stopped Berkeley from purchasing an armored vehicle, and the coalition that helped to stop the purchase of a drone in Alameda County, are springing up all over the country.

For those concerned about the use of military surveillance equipment domestically, it’s a good time to do some research into your own local government to find out not only whether they are obtaining the kinds of military equipment that you can see, but also whether they are obtaining surveillance technologies that you can’t. Public records act requests are a great way to find out whether your town or city has gotten any of these funds and how it has, or plans to, spend them. Let us know what you find out, and let your elected officials know what you think.

  • 1. Suspicious activity reporting (SAR) is a criminal intelligence report that is generated by law enforcement or private parties and routed through fusion centers.

Share this:   ||  Join EFF
Categories: Aggregated News

Banned Books Week: Celebrating Free Expression and the Open Flow of Information

eff.org - Wed, 24/09/2014 - 05:55

It’s Banned Books Week! An annual event held in the last week of September, Banned Books Week seeks to draw attention to books being banned or challenged in libraries and schools while promoting free and open access to knowledge.

Here at EFF, we’re celebrating Banned Books Week by revisiting our favorite banned and challenged works and checking out some of the texts at issue in important First Amendment cases. It's directly in line with our work fighting for your rights to free expression and open access to information.

Supporting a movement to call attention to book bans is important, because librarians are often the first line of defense against attacks on intellectual freedom, whether these attacks come in the form of censored speech, invasions of privacy, or restrictions on finding information. EFF recognized that role in 2000 with a Pioneer Award dedicated to "Librarians Everywhere." And libraries and schools are especially vital resources in communities where individuals rely on public computers for access to information, or where students want to explore issues they may feel uncomfortable discussing with adults.

In the US, attempts to ban books have often been found to violate the First Amendment and the rights of the students to access information. They amount to censorship that directly contradicts the spirit of learning and engagement that make libraries so valuable.

These challenges are not just an artifact of the past. The American Library Association’s Office for Intellectual Freedom collects reports of challenges and publishes a list of the top ten most challenged works every year. Each year, they receive hundreds of reports, but 85% of challenges and bans are thought to go unreported.

Just this year, a high school principal canceled the school’s summer reading program rather than have students read Little Brother, EFF Special Advisor Cory Doctorow’s bestselling young adult novel about challenging a dystopian surveillance state. Though it was published in 2008, elements of the book are scarily prescient given what we now know about mass surveillance technologies. It's an especially apt text for sparking discussion and thought in the context of our current national and global conversations about surveillance and the rule of law, but the principal was concerned about its supposed lauding of questioning authority and “hacker culture.”

To see that sort of argument in 2014 is disappointing. But fortunately, it's easier than ever to learn about this censorship and route around it. Cory and his publisher, Tor Books, publicized the censorship and sent 200 copies of Little Brother to the school, but it's also available for purchase or even free download from his site.

Care to join us in celebrating Banned Books Week? Go ahead and read a new banned book or reread one of your favorites, then check out the great resources and activity ideas available at the Banned Books Week and ALA sites. You can also fight against censorship and for open access in libraries and schools by asking your librarian about filtering software on library computers and signing our Open Access petition.


Share this:   ||  Join EFF
Categories: Aggregated News

Back to School: Get Your Digital Rights Student Group Started Right Away

eff.org - Wed, 24/09/2014 - 01:31

Watch for it. This year student protest and resistance to mass surveillance might be bursting at the seams. The Internet, which students across the world have grown up with, is under threat. And now more than ever, student leaders are contacting EFF, wanting to know how to get involved to protect our rights online.

Now is the time to organize. We’re calling on all concerned students, whether new organizers or seasoned campus leaders, to join the growing movement to fight for our right communicate and innovate, unhampered by oppressive government surveillance and creativity-stifling copyright law.

Surveillance chills speech. When we know that researching politically controversial topics might make us targets for increased government scrutiny, we are less likely to research. Digital privacy is an intellectual freedom issue. And that’s why we’re thrilled to bring this movement to college campuses.

When we say organize, we mean use your network and institutional resources to create a space for discussion, debate, and campaigns. If there’s already a group of people interested in digital rights, start an official university club so others can find you easily and join. If there’s a professor whose work or interests intersect with the topic, ask her to help plan an event.

Form a Student Group for Digital Freedom

There have always been student groups for those interested in technology and other student groups for those interested in human rights, but now there is an immediate need for these conversations to merge.

Here are some tips to help you get started:

  • Go to the student organization office to find out what is needed to become official
  • Find a faculty sponsor or ally to work with on future events
  • Pick an awesome name
  • Create a website, logo, and mailing list to discuss news and organize campaigns
  • Solidify a regular meeting time so it’s easy for new members to join
  • Hang up posters and flyers to advertise your meetings in the journalism department, the law school, in the political science department, and of course, the computer science department

For your first meeting, consider also offering a skill share or a guest speaker, like a professor who specializes in related field. This might attract even more participants. One event idea is a cryptoparty, where everyone brings their laptop and learns tools and techniques to protect themselves from illegal surveillance.

Organize An Event

One of the best ways to find out who is interested in these topics on campus is to organize an event. At the event, you can collect email addresses from those who come and start a listserve to keep the conversation going. Here’s a email sign-up sheet you can use.

It’s important to always be creative and open to fun ideas, and we have some event ideas that are pretty easy to unpack and get started:

  • Host a screening and discussion of the Internet’s Own Boy, a documentary about the life and trial of Internet activist Aaron Swartz. Use EFF’s discussion guide and tips for organizing a successful screening
  • Organize a speaker or panel discussion on topics like digital privacy, hacking, copyright and remix culture, or net neutrality. EFF is happy to try to send a speaker to your campus, but please be in touch well in advance, april@eff.org
  • Throw a cryptoparty! There’s never a shortage of people who want to learn ways to protect themselves from pervasive surveillance online. Send an email to folks from the journalism and computer science departments to see if they’d like to partner.

These events should be fun and informational. Everyone should feel welcome, so be sure to do lots of diverse outreach, thinking creatively about communities who might be particularly interested in the topic.

Once you find a good room and start doing outreach, be sure you have all the materials you need to make the event a success. This includes technology the room might need, like a microphone or a projector, as well as an information table at the front, where people should be encouraged to sign up for the email list and take handouts. EFF has plenty of one-pagers on digital rights that you can print out and use.

The Time Is Now

There’s no time to waste. The school year has just begun and student groups are forming. Try to get yours together to display at your university’s fall student club fair or in time to get an event together for this semester. Let us know if you get something organized. Email april@eff.org to keep us in the loop!

Reach out to everyone, because no matter what folks are primarily concerned about, the centrality of technology and electronic communication to all organizing for social justice and political change means that digital rights should matter to everyone.

Let’s do this. After all, it’s our Internet, and we have to fight to protect it. We look forward to working with you.

Related Issues: NSA SpyingStudent and Community Organizing
Share this:   ||  Join EFF
Categories: Aggregated News

New Video Exposes Canadian Spy Agency's Unchecked Surveillance Program

eff.org - Tue, 23/09/2014 - 07:58

The Canadian government's surveillance of innocent Canadians is secretive, expensive, and out-of-control—that’s the message of a new video launched this morning by Canadian digital rights organization, OpenMedia.ca. The group is leading a large, non-partisan, Canadian coalition of organizations calling for effective legal measures to safeguard Canadians from government spying.

The video reveals how information collected by government spy agency, CSEC (Communications Security Establishment Canada), can expose intimate details about Canadians’ private lives, including their financial status, medical conditions, political and religious beliefs, and even sexual orientation. CSEC was caught as they spied on thousands of innocent Canadian air travelers earlier this year.

Privacy info. This embed will serve content from youtube-nocookie.com

Canadians can keep in touch with the campaign to rein in CSEC by joining the Canadian Protect Our Privacy Coalition. The coalition includes over 60 major organizations and over a dozen academic experts and is calling for effective legal measures to protect Canadians’ privacy from government spies. Over 40,000 Canadians have pledged to support the Coalition at http://OurPrivacy.ca.

More Information:

OpenMedia.ca’s infographic on CSEC data collection can be found at: https://openmedia.ca/sites/openmedia.ca/files/Metadata_Infographic_CTA.png

var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22//www.youtube-nocookie.com/embed/NK4zY2IVhqk%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; Related Issues: InternationalSurveillance and Human Rights
Share this:   ||  Join EFF
Categories: Aggregated News

Statement on the Use of Finfisher by Members of the Freedom Online Coalition

eff.org - Sun, 21/09/2014 - 19:57

Documents recently released by WikiLeaks have brought new evidence to the public eye that the intrusive surveillance spyware FinFisher may be in use by several members of the Freedom Online Coalition, including Mongolia, Netherlands, and Estonia.1

If this evidence is correct, it should rightly raise serious concerns around the world. FinFisher is notorious malware—software that allows those who use it to place programs, often called Trojans, remotely onto computers and devices operated by others, usually without the target's knowledge much less consent.  

Once downloaded onto a target’s computer, FinSpy allows the operator of the Trojan to spy on the target's activities.  The operator can read a target’s email correspondence, search and take possession of documents on the target’s computer, monitor web surfing and chat conversations. It even allows the operator to remotely switch on the microphone of the computer and the webcam in order to extend surveillance beyond the computer to what is happening around it.

These intrusive tools have in the past been used by Bahraini and Ethiopian governments to spy on human rights activists. Unchecked by strong legal and technical safeguards protecting against unnecessary or disproportionate surveillance, the use of such software can undermine the integrity and security of computer and networking equipment and harm 'an internet free and secure'.2

Finfisher spyware is at the center of EFF's case against the Ethiopian government, for use against an American citizen in his home in Maryland.3

During the Freedom Online Coalition meeting in Tunisia, June 2013, a number of civil society organizations made a statement,4 reiterating the importance of the Necessary and Proportionate Principles and asking the governments to engage in a meaningful dialogue with civil society about these principles, the concept of privacy by design, and the international human rights framework which should also be applied to the technical architecture of communications and surveillance systems, ensuring that technological and policy protections are developed in parallel.  

The Principles require a careful and public technical, legal and policy framework around digital surveillance tools such as those sold by Finfisher, one that can only be developed through such a dialogue. We would like to make use of this opportunity to repeat the request for a response and meaningful dialogue, which is of crucial importance for the Freedom Online Coalition and its engagement with stakeholders.





  • 1. https://wikileaks.org/spyfiles4/customers.html
  • 2. https://www.freedomonlinecoalition.com/how-we-work/working-groups/working-group-1/
  • 3. https://www.eff.org/cases/kidane-v-ethiopia
  • 4. http://nawaat.org/portail/2013/06/19/freedom-online-coalition-a-call-to-governments-from-civil-society/
Related Issues: InternationalSurveillance and Human Rights
Share this:   ||  Join EFF
Categories: Aggregated News

Tor Challenge Inspires 1,635 Tor Relays

eff.org - Sat, 20/09/2014 - 13:07

Good news for whistleblowers, journalists, and everyone who likes to browse the Internet with an added cloak of privacy: the Tor network got a little stronger. Tor—software that lets you mask your IP address—relies on an international network of committed volunteers to run relays to help mask traffic. And that network is stronger now, thanks to the 1,000+ volunteers who participated in our second-ever Tor Challenge.

The goal of the Tor Challenge is simple: to improve the Tor network by inspiring people to run relays. These relays are the backbone of the Tor network; they're the machines that actually forward and anonymize Tor users' communications. We also see this Challenge as an opportunity to educate people about the value of Tor, address common misconceptions about Tor, and give technically oriented folks a concrete, somewhat measurable way of promoting freedom and privacy online.

This is the second time we’ve held this challenge, and the outpouring of support from the technical community far exceeded our hopes. When launching this campaign in June, we were hoping to surpass 549 participating relays—the total number of relays that took part in the challenge in 2011. And that was an ambitious number; 2011 was during the Arab Spring, and the EFF Tor Challenge was one small way that technologists could lend support to democratic activists who relied on Tor to organize and reach the larger Web. We hoped that this year we’d be able to inspire just as much participation.

The results far outstripped our hopes: we had nearly three times as many participating relays. That’s over 1,600 relays—either new or increased in bandwidth—helping to strengthen the Tor network.

Here’s a breakdown of the results:

  Tor Challenge 2011 Tor Challenge 2014 Exit Relays 123 326 Middle Relays 299 1203 Bridges 127 106 Total Participating Relays 549 1,635

One of the reasons this campaign was so successful was that we teamed up with three other organizations: the Free Software Foundation, Freedom of the Press Foundation, and the Tor Project. These organizations’ promotional efforts were key to the campaign’s success.

The other key? Over 1,000 individuals who cared enough to help contribute bandwidth to the Tor network. Our gratitude goes out to each of the participants. Thanks for making the Internet a little more private and a bit more resistant to censorship.

Special thanks to Dr. Karsten Loesing of the Tor Project for making these awesome graphs of the challenge.


Share this:   ||  Join EFF
Categories: Aggregated News

Court Lets Cisco Systems Off the Hook for Helping China Detain, Torture Religious Minorities

eff.org - Sat, 20/09/2014 - 10:30

Chinese citizens who suffered forced detention, torture, and a panoply of brutal human rights abuses at the hands of the Chinese government have been engaged in a high profile court case against Silicon Valley mainstay Cisco Systems for many years. Those Chinese citizens suffered yet another indignity in a California court a couple of weeks ago: a district judge dismissed the case against Cisco without even giving them the chance to gather evidence on the key point where the court found them wanting. The court noted that even though Cisco may have designed and developed the Golden Shield system for the purpose of tracking, identifying and facilitating the capture of Chinese religious minorities, Cisco would not be held liable because it didn’t do enough in the U.S. to facilitate human rights abuses. EFF attempted to file an amicus brief in the case after oral argument, but it was rejected.

The case seems high techit's about Cisco’s Golden Shield, a set of sophisticated technologies that include specific purpose-built parts for persecution of the Falun Gong.  But it’s actually fairly simple:  at what point does a company that intentionally builds tools that are specially designed for governmental human rights abuses become liable for the use of those tools for their intended (and known) purposes? 

No tech company should be held accountable when governments misuse general use products to engage in human rights abuses. This isn’t about bare routers or server logs. The case alleged and presented some strong early evidence that Cisco did far more – including:

  • A library of carefully analyzed patterns of Falun Gong Internet activity (or “signatures”) that enable the Chinese government to uniquely identify Falun Gong Internet users;
  • Highly advanced video and image analyzers that Cisco marketed as the “only product capable of recognizing over 90% of Falun Gong pictorial information;”
  • Several log/alert systems that provide the Chinese government with real time monitoring and notification based on Falun Gong Internet traffic patterns;
  • Applications for storing data profiles on individual Falun Gong practitioners for use during interrogation and “forced conversion” (i.e., torture);

It also included a presentation by Cisco to the Chinese authorities highlighting the special tools Cisco offered for persecuting what it called “Falun Gong evil religion.” Using such terms about any ethnic or religious group in an internal presentation regarding a government project should be a red flag for anyone concerned about human rights.

The court acknowledged these allegations, noting that the complaint alleges “individual features customized and designed specifically to find, track and suppress Falun Gong,” and that the tools were actually used for those purposes: “Golden Shield provided the means by which all the Plaintiffs were tracked, detained and tortured.” The complaint also alleged that much of Cisco’s work building the specific tools to target this religious minority was conducted from its San Jose offices.

In an ordinary lawsuit, those allegations, which are credible and in some places confirmed, would be enough to let a party get into the evidence phase of a case, passing a motion to dismiss. Think about federal criminal law, where all that is needed for a criminal conspiracy is an agreement to commit a crime and an overt act. Similarly, in patent and copyright law, the standard of “inducement” liability allows responsibility for someone else’s actions when someone “distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement.”  And there is no question that some Cisco’s “overt acts” and “affirmative expressions” to foster human rights abuseslike designing and developing Falun Gong identification and tracking modulestook place in San Jose.

In fact, the US government felt that there was a sufficient nexus to the U.S. to launch an indictment of Megaupload in Virginia based on far fewer connections to possibly illegal acts by its customers in the U.S. than Cisco had with its Chinese governmental customers.  Good thing for Cisco that the Chinese government is just arresting, torturing and forcibly converting Falun Gong rather than committing copyright infringement. 

So why is the standard so much higher for engaging in torture or forced conversion than it would be for bank robbing or patent or copyright infringement? The answer is that it shouldn’t be. The key law relied upon in the case, the Alien Tort Statute, requires, after a 2013 Supreme Court decision called Kiobel v Royal Dutch Petroleum, that plaintiffs show that the matter “touch and concern” the United States in order for the case to proceed here. The phrase that is not defined and courts have not yet developed a unified approach to it, but the District Court here apparently decided that since the actual human rights violationsthe torture, forced conversions and arbitrary arrestoccurred in China, there wasn’t a sufficient nexus even though there were strong allegations that the specific technologies developed to target the Falun Gong for those abuses was intentionally and knowingly developed here.

We are deeply disappointed in the ruling and think the court got it wrong, as did an earlier court in Maryland. As our world becomes more networked, technology has the capacity to connect people worldwide to unlimited information and other people. But technological advances have also been abused by authoritarian regimes to repress people and to facilitate crimes against humanity. The Golden Shield in China has been a tool for social repression, censorship, surveillance like no other one earth, and China relied on it to hunt down, detain, imprison and “disappear” untold numbers of people.

As a great exporter of advanced technology, American companies like Cisco can’t plead ignorance about the ways in which our technology is used when they specifically and knowingly build the tools for those uses. And when a company like Cisco customizes and crafts technology for an authoritarian regime, it has a responsibility to consider the very human consequences of its actions. That’s why EFF has created guiding principles for technology companies to help them avoid assisting repressive governments. While the District Court here fell short short in holding companies accountable (it also failed to take into account a decision of the Ninth Circuit just days before that lowered the standard for holding companies like Cisco liable), we still have an opportunity to teach US companies to act in ways that respect and uphold human rights, both in the courts and elsewhere. Cisco may have blood on its servers, but other Silicon Valley companies can choose a different path.

Files:  10973373-0-28677.pdf
Share this:   ||  Join EFF
Categories: Aggregated News

Opportunity Missed: Why We're Not Thrilled By Restoration of PACER Access to "Old" Court Records

eff.org - Sat, 20/09/2014 - 07:21

The Administrative Office of the United States Courts (AO) announced on Friday that it would make reams of court records once again accessible through PACER, the federal courts' digital warehouse for its court files. Many advocates are cheering this decision. But we are not. It's a big missed opportunity to provide free access to this trove of court records.

Presumably the AO realized it had made a huge mistake last month when it abruptly removed access to thousands of “old” records from four courts of appeals and one bankruptcy court because access to the records was purportedly incompatible with the new electronic filing and retrieval system the AO was rolling out. Most of these records were not “old” at all. For one court, the Federal Circuit, the removal affected all records in closed cases filed prior to March 1, 2012. For the Second and 11th Circuits, the removal affected all records in closed cases filed prior to January 1, 2010.

Access advocates, including EFF, were understandably outraged by this action, especially given that it came without warning and no public discussion. And ultimately, members of Congress chimed in with their disapproval, including Sen. Patrick Leahy, the chair of the Judiciary Committee, who wrote a letter on Sept. 12 to Judge John Bates, the head of the AO, urging that public access to the documents be restored. Six representatives, led by Rep. Zoe Lofgren, made a similar request just yesterday.

But we also saw this as a unique opportunity for openness rather than as a strike against it.

For years, access advocates have railed against PACER because it is a fee-based service, charging 10 cents per page for search results and 10 cents per page for documents retrieved. Court documents and case files can be voluminous; these dimes quickly add up to prohibitive costs for researchers, historians, advocates, and anyone else without a large research bankroll. As a result, efforts to provide free access have sprung up, many of which we have written about before, such as Public.Resource.Org and Free Law Project. Several of these groups collaborated on RECAP, a Firefox and Chrome extension that allows PACER users to donate the documents they view to the Internet Archive, where they can then be accessed by other users without incurring fees.

The AO has always opposed such efforts. The free services compete with PACER. If those seeking to search and view court files used the free services instead of PACER, then the AO would reap less money in fees.

Thus the opportunity: with these records off PACER—for whatever reason—the AO had no financial interest in them and no argument to oppose free public access to these records. The AO could put the ex-PACER records online in bulk in a way by which they could be retrieved by third parties. These third parties could then make the records searchable and retrievable—for free. In fact, this is exactly what Public.Resource.Org and Free Law Project, using its CourtListener platform, suggested should happen in its August 27 letters to the affected courts. And perhaps such a move could set a precedent and encourage the AO and individual courts to regularly age their records off of PACER and make them freely available.

The restoration of access to these records through PACER is therefore coming at a significant lost opportunity cost. The AO once again has a fee-driven excuse to obstruct free access, and no incentive to facilitate free access.

Moreover, it is unclear exactly what access is being restored. The AO announced it is making the records available again by converting the docket sheets—the index pages for each case—to PDFs. These PDFs will presumably link to the court records. But it is unknown where the court records themselves actually reside, and what guarantees we have that access to them will be maintained. Moreover, by converting the dockets to PDFs, the searchability of the records will not be improved and could potentially be comically worse.

So we can't wholeheartedly cheer today's announcement. And it's one reason we'll continue to advocate for free access to court records and encourage lawyers and researchers to install RECAP to help build a free alternative to PACER.


Share this:   ||  Join EFF
Categories: Aggregated News

13 Principles Week of Action: While Australia Shirks Its International Human Rights Obligations, Australians Wait On The Rest Of The World to Act

eff.org - Sat, 20/09/2014 - 05:34

This is a guest post from Angela Daly and Angus Murray, members of the Policy and Research Standing Committee, Electronic Frontiers Australia. Angela is also a member of the Australian Privacy Foundation's board of directors.

Between 15th-19th of September, in the week leading up the first year anniversary of the 13 Necessary and Proportionate Principles, EFF and the coalition behind the Principles will be conducting a Week of Action explaining some of the key guiding principles for surveillance law reform. Every day, we'll take on a different part of the principles, exploring what’s at stake and what we need to do to bring intelligence agencies and the police back under the rule of law. You can read the complete set of posts at: https://necessaryandproportionate.org/anniversary. The Principles were first launched at the 24th Session of the United Nations Human Rights Council in Geneva on 20 September 2013.  Let's send a message to Member States at the United Nations and wherever else folks are tackling surveillance law reform: surveillance law can no longer ignore our human rights. Follow our discussion on twitter with the hashtag: #privacyisaright

13 Principles Week of Action: While Australia Shirks Its International Obligations, Australians Wait On The Rest Of The World to Act

One of the most important treaties of international human rights law is the International Covenant on Civil and Political Rights (ICCPR), which has been signed and ratified by most of the world’s countries. Contained within the rights and liberties set out in this treaty are the right to free expression (Art 19) and the right to privacy (Art 17). Although all of these countries have signed and ratified the ICCPR, Australia, Canada, New Zealand, the United Kingdom and the United States have exhibited blatant disregard for the rights contained therein by forming the Five Eyes (FVEY) coalition of countries which engage in mass surveillance of their populations.

The ‘above the law’ existence of FVEY was only brought to the public’s attention as a result of Edward Snowden’s leaked documents, and was revealed to be fundamentally at odds with international human rights principles. Indeed, this lack of compliance with human rights has resulted in various legal challenges to the FVEY activity. One of these challenges has been spearheaded by advocacy group Privacy International, which has been tackling the UK arm of FVEY. Initially attempts to compel the release of information relating to the scope and powers of FVEY via Freedom of Information requests to Government Communications HQ (GCHQ) were denied. Now Privacy International has brought a claim before the European Court of Human Rights.

The essence of this claim is that the refusal to release this information is a violation of free expression as enshrined in Art 10 of the European Convention on Human Rights. The lack of public information about the exact nature of the FVEY partnership, given its impact on the rights to free expression and privacy of millions of people throughout the world, ought to be of grave concern to all. We in Australia are watching these developments overseas with great interest, particularly given the lack of means at our disposal to challenge aspects of FVEY and/or Australia’s very participation in the partnership and disregard for its international obligations.

Australians suffer from a lack of enforceable human rights compared to citizens of the other FVEY countries. While the ICCPR has been signed and ratified by Australia, the rights it contains are, on the whole, not actionable in national law. At the domestic level, Australia does have a written Constitution, but no comprehensive bill of rights. A weak right to political communication has been implied into the Constitution by the Australian courts, but its scope is very limited, and there remains no enforceable right to privacy. So as Australians we are left to watch developments in other FVEY countries, and hope that these challenges to mass surveillance and aspects thereof are successful.

Any striking down of the FVEY partnership by courts in other countries could possibly have spillover effects for Australians and their free expression and privacy rights. Thus they may cause the rights recognized in these other countries’ legal systems to have some positive extraterritorial reach in Australia. However, the fact remains that despite our country being an enthusiastic participant in FVEY’s mass surveillance activities and shirking from its international human rights obligations, we are disadvantaged compared to citizens of the other FVEY countries in our scant rights protection and must await developments in other parts of the world rather than be able to hold the Australian government to account for violations of our human rights.

Related Issues: InternationalSurveillance and Human Rights
Share this:   ||  Join EFF
Categories: Aggregated News

Bill Introduced in Congress to Let You Actually Own Things, Even if They Contain Software

eff.org - Sat, 20/09/2014 - 03:10

We’ve written before about how copyright is chipping away at your right to own devices you’ve bought and paid for—from e-books to toasters and even your car. Time and again, people who want to modify their own property or sell it to others are told that they can’t, because their property comes saddled with copyrighted code they’re not allowed to modify or give away when they are done with the device.

At last, someone in Congress has noticed how “intellectual property rights” are showing up in unexpected places and undermining our settled rights and expectation about the things we buy. Today, Representative Farenthold announced the introduction of the You Own Devices Act (YODA). If a computer program enables a device to operate, YODA would let you transfer ownership of a copy of that computer program along with the device. The law would override any agreement to the contrary (like the one-sided and abusive End-User License Agreements commonly included with such software). Also, if you have a right to receive security or bug fixes, that right passes to the person who received the device from you.

It’s reassuring to see some pushback against abusive contract terms that consumers have no opportunity or leverage to negotiate. YODA is an important first step towards addressing the problem with restrictive licenses on embedded software.

Let’s hope it’s just the beginning. Legal fixes are also needed to protect digital first sale and the right to access and modify software in devices you own. First sale refers to the idea that you can re-sell or lend a copyrighted work that you obtained lawfully without needing the permission of the copyright owner. This is what lets you borrow a book or CD from a friend or library, buy used DVDs, and so on. Unfortunately, a federal district court in New York decided that first sale was too narrow to apply to digital music files in most normal circumstances. If other courts follow that ruling, we may need a legislative fix to preserve the ownership rights people have traditionally had when purchasing copyrighted works.

The right to access and modify software in your own devices is also under siege. Section 1201 of the Digital Millennium Copyright Act prohibits you from breaking (or working around) digital locks on copyrighted works  —including software—even if you own that copy of the work and the device on which it rests, even for lawful purposes such as fair use! This law has stifled security research, prevented people from tinkering and improving on technology, inhibited remix culture, and denied blind and deaf people access to knowledge and culture. Further examples abound.

So we have real work to do—but it’s great to see legislators taking important steps in the right direction.  YODA is one such step, and we hope Congress goes on to restore these other rights of users who have purchased devices with embedded software and want to actually own them. 

Related Issues: DMCATerms Of (Ab)UseInnovationDRM
Share this:   ||  Join EFF
Categories: Aggregated News

13 Principles Week of Action: The World Needs More Whistleblowers

eff.org - Fri, 19/09/2014 - 09:09

This is a guest post from Sana Saleem, Advisory Board Member, Courage Foundation. If you have comments on this post, you can contact Sana on Twitter.

In the week leading up the first year aniversary of the 13 Necessary and Proportionate Principles, EFF and the coalition behind the 13 Principles will be conducting a Week of Action explaining some of the key guiding principles for surveillance law reform. Every day, we'll take on a different part of the principles, exploring what’s at stake and what we need to do to bring intelligence agencies and the police back under the rule of law. You can read the complete set of posts at: https://necessaryandproportionate.org/anniversary. Let's send a message to Member States at the United Nations and wherever else folks are tackling surveillance law reform: surveillance law can no longer ignore our human rights. Follow our discussion on twitter with the hashtag: #privacyisaright

The World Needs More Whistleblowers

During the Stockholm Internet Forum this year, a State Department representative was quick to flaunt reforms put in place by the US Government to ‘counter US mass surveillance programmes.’ However, he was unwilling to respond when faced with the simple question “If you are willing to reform laws and mend things, why not honor the man who triggered it, why not bring Edward Snowden home?”

Too often, whistleblowers aren’t valued for the reforms they instigate. Even as government worldwide are considering new ways to limit mass surveillance, there is scant discussion about the need to honor and protect whisteblowers.

The world needs more whistleblowers because those in positions of power are often expert as hiding corruption from the public. People with integrity and a desire for truth and justice within the political system are often our best hope for bringing light to this corruption.

But as much of the world’s press extensively reports on Wikileaks and the Snowden revelations, we must not dismiss the trepidation that comes with reporting the truth and exposing misuse of power. This trepidation will not dissipate unless there is a collective effort to protect and defend whistleblowers, and reform laws that allow for prosecuting them.

There’s also the pressing need to keep using the information provided by whistleblowers to push for necessary reforms and protections. Today is Day 4 of the ‘Necessary and Proportionate’ week of action. The EFF and the coalition behind the 13 Principles are calling on governments to ensure surveillance law reform is guided by key principles. Today we focus on principle 4: the ‘Integrity of Communications and Systems, Safeguards Against Illegitimate Access, Protection on Whistleblowers, and Right to An Effective Remedy’.

What is meant by the ‘Integrity of Communications and Systems’ in practice? The NSA, or any other government for that matter, should not be able to compel service providers or hardware or software vendors to build surveillance or backdoors into their systems. These companies also should not collect or retain particular information purely for state surveillance purposes.

We now have confirmation that governments are going above and beyond compelling companies to build backdoors into their services. In an article posted on The Intercept this week journalist, documentary maker and Intercept co-founder Laura Poitras documents how the NSA is tapping into Germany’s largest telecommunications providers by accessing the passwords of the system administrators. This revelation was greeted with both shock and deep anger by the telco engineers. Governments need to go beyond merely not forcing companies to comply with backdoor requests, they must put an immediate stop to the accessing whole systems covertly. This point addresses the second element of principle 4, when state authorities illegitimately access personal data.

There is no possibility of protecting against this when it’s happening behind the backs of service providers and hardware and software vendors. This leaves the onus on governments, who, in democratic societies, are accountable to their citizens. The third part of this is an onus on government to protect their whistleblowers. The Obama administration, in what the Nieman Reports has labeled the “Big Chill”, is operating amid unprecedented secrecy—while attacking journalists trying to tell the public what they need to know

Former New York Times executive editor Jill Abramson:

Several reporters who have covered national security in Washington for decades tell me that the environment has never been tougher or information harder to dislodge,"

Abramson said

"One Times reporter told me the environment in Washington has never been more hostile to reporting."

Protection of whistleblowers is critically important for the protection of a just society. But it’s not just whistleblowers under attack: it is also increasingly difficult to advocate for whistleblowers given the government and the media’s treatment of those who seek to protect whistleblowers.

The Courage Foundation was set up to provide legal and policy support for those who have made a decision to stand up to the abuse of power, risk their career and, in some cases, family life, so that our liberties are protected. It is for this reason that the need to provide stronger protections for whistleblowers, in such a difficult climate, is incredibly important.

Finally, what happens when the state conducts illegal and warrantless surveillance against its citizens? Snowden’s revelations have revealed state intrusion into the lives of hundreds of millions of Americans and citizens around the world, without proof for suspicion. Does the legal system allow us to challenge such surveillance in court? If it does, what would happen to the US government if they were found guilty of illegally surveilling you or me? The Necessary and Proportionate principles argue for civil and criminal penalties imposed on any party responsible for illegal electronic surveillance and those affected by surveillance must have access to legal mechanisms necessary for effective redress.

Tomorrow is Friday, day 5, in which the EFF and its supporters around the world will call on governments to improve safeguards for International Cooperation and Extraterritorial Application of Human Rights Law. The Courage Foundation stands beside the EFF’s campaign and calls on all rights groups and activists seeking to preserve an Internet free from surveillance to support this campaign.

It was little over a year ago when Edward Snowden performed an act of remarkable conscience. Snowden’s actions have empowered a generation of us to stand up to abuses and to do the right thing, even when it’s not convenient. With the increasing power and resources of state surveillance programs, the world is in dire need of more whistleblowers to continue this fight.

Related Issues: InternationalSurveillance and Human Rights
Share this:   ||  Join EFF
Categories: Aggregated News

Advertising

 


Advertise here!

Syndicate content
All content and comments posted are owned and © by the Author and/or Poster.
Web site Copyright © 1995 - 2007 Clemens Vermeulen, Cairns - All Rights Reserved
Drupal design and maintenance by Clemens Vermeulen Drupal theme by Kiwi Themes.
Buy now