WASHINGTON — The Wall Street Journal reports that Federal Communications Commission Chairman Tom Wheeler will on Thursday propose a new set of rules issued in response to a January federal court decision that tossed out the agency's prior open Internet rules.
The FCC is proposing rules that would kill — rather than protect — Net Neutrality. Tell FCC Chairman Wheeler to throw out his proposed rules. Demand nothing less than real Net Neutrality.Take Action Now!
Narenji ("Orange") was Iran's top website for gadget news, edited daily by a team of tech bloggers who worked from a cramped office in the country's city of Kerman. The site was targeted at Iran's growing audience of technology enthusiasts. Like Gizmodo or Engadget in the United States, it had a simple but popular formula: mixed reviews of the latest Android and iPhones, summaries of new Persian-language apps and downloads, as well as the latest Internet memes (such as the ever-popular "An Incredible Painted Portrait of Morgan Freeman Drawn with a Finger on the iPad").
But now it’s gone. Narenji's front page is stuck in time as it was on December 3, when the entire Narenji team was rounded up by Iran's Revolutionary Guard and thrown into jail. Frozen, too, are Narenji's sister sites—Nardebaan and Negahbaan—that the start-up was beginning to build from Narenji's earlier success.
Narenji's founder, Aliasghar Honarmand, and senior editor Abbas Vahedi, had some reason to be excited for the future. The current President of Iran, Hassan Rouhani, has made encouraging tech entrepreneurism as part of his government's platform, with a $1 billion innovation fund for developing the "knowledge economy." His government has also worked hard to negotiate to lift Western sanctions against the country, boosting the economy and allowing more gadgets to reach Iran's middle class.
Here's the video, broadcast on Iranian state television, of the Narenji team being detained:
The report stated that the bloggers had been funded and trained by "espionage networks…aiming for a 'soft overthrow' of the Iranian regime."
It seems that the Iranian prosecutors believed that one or more of the team had received journalistic training from the BBC while in London, and this was enough to trigger the crackdown. While other bloggers in the same round-up have been released, the majority of Narenji's team are still behind bars, including:
* Aliasghar Honarmand (Founder of Narenji & Owner of Paat Shargh Govashir, the company which owns Narenji)
* Abbas Vahedi (Editor of Narenji)
* Hossein Nozari (Director of Paat Shargh Govashir)
* Reza Nozari (Tech blogger of Nardebaan, sister website of Narenji)
* Ehsan Paknejad (Tech blogger on Narenji)
(The Guardian reported a slightly different list of names: Aliasghar Honarmand, Abbas Vahedi, Alireza Vaziri, Nasim Nikmehr, Malihe Nakhaie, Mohammadhossein Mousavizadeh and Sara Sadjadpour.)
Of these, only Vahedi and Nozari were recently released on bail, with the expectation that they and the others will face a court hearing next month.
The Narenji team's treatment is another example of how technologists are targeted by governments worldwide as a result of their work. It doesn't matter if you're writing a blog about Android development or distributing anti-censorship proxies: to many governments, simply being well-known online or having a latent power to influence or change society through your technical knowledge can quickly turn you into an unacceptable threat to the social order.
Popular but apolitical bloggers like Narenji’s also risk being caught in internecine battles over which they have no control. Iranian political experts we've spoken to consider that Narenji's arrest by the local Kermani Revolutionary Guard may be a deliberate response by local radicals against the Rouhani administration's encouragement of tech entrepreneurs: a signal that makes clear that Tehran should not go too far in its moderation. Narenji's high visibility may not have given them protection against the Revolutionary Guard; rather, it may have made them more of a target.
Predations on the technical community have a long, sad, history. EFF's own birth began with an ignorant and fearful crackdown marshalled against hackers in the United States; politically-motivated prosecutions of techno-activists like Aaron Swartz continue to this day. If we're to stop them from taking place anywhere, whether in the United States, Iran, or Russia, we need to unite to protect and publicize the unjust detention and intimidation of technologists everywhere.
You can help by signing this petition to the Iranian government to release the Narenji team, or raise awareness of their case on social media, using the hashtags #Narenji and #??????. More importantly, spread the word of their case among your own community. The more publicity Narenji gains from ordinary people, the greater the likelihood they will be kept safe in jail, and treated quickly.
Share this: || Join EFF
In an era when email and messaging services are being regularly subject to attacks, surveillance, and compelled disclosure of user data, we know that many people around the world need secure end-to-end encrypted communications tools so that service providers and governments cannot read their messages. Unfortunately, the software that has traditionally been used for these purposes, such as PGP and OTR, suffers from numerous usability problems that make it impractical for many of the journalists, activists and others around the world whose lives and liberty depend on their ability to communicate confidentially.
Particularly in the post-Snowden era, there has been an wave of interest in solving the usability problems inherent in end-to-end encryption: the need to verify the identities and public keys of the people one communicates with; the need to support conversation from multiple laptops, phones and other devices; the need to offer users both a way of keeping logs and reading history – but also performing secure deletion of those logs – from multiple devices; the need to negotiate keys and sessions with other parties even if they are offline.
We are optimistic that, with a carefully thought-out modern design, it should be possible to produce a next-generation secure messaging tool that lets most humans communicate securely without dedicated IT support. But we don't yet know which of the many designs is the best route forward.
To that end, EFF is evaluating the feasibility of offering a prize for the first usable, secure, and private end-to-end encrypted communication tool. We believe a prize based on objective usability metrics (such as the percentage of users who were able to install and start using the tool within a few minutes, and the percentage who survived simulated impersonation or man-in-the-middle attacks) might be an effective way to determine which project or projects are best delivering communication security to vulnerable user communities; to promote and energize those tools; and to encourage interaction between developers, interaction designers and academics interested in this space.
Before moving forward with a prize, we are co-organizing a workshop at the Symposium on Usable Privacy and Security (SOUPS) this July in Silicon Valley. The aim of the workshop will be to share knowledge amongst the projects that are trying to build usable encrypted communications tools, and determine what a metrics-based prize for progress in that field might look like. We encourage interested software developers, usability researchers and UX designers to submit proposals to the workshop. We may be able to provide a limited number of travel stipends for meritorious submissions. You can find further details about the workshop and how to send a proposal here.Related Issues: EFF Software ProjectsPrivacySecurity
Share this: || Join EFF
EFF recently filed comments with the Privacy and Civil Liberties Oversight Board (PCLOB) concerning Section 702 of the Foreign Intelligence Surveillance Amendments Act (FAA), one of the key statutes under which the government claims it can conduct mass surveillance of innocent people's communications and records from inside the US. EFF maintains that the government's activities under Section 702 that we know about are unconstitutional, not supported by the statutory language, and violate international law.1
The PCLOB, created as a result of recommendations by the 9/11 Commission, is an agency charged with ensuring privacy and civil liberties are included in the White House's counterterrorism activities. After a long delay, the board became operational in February 2012. Their first report, issued in January 2014, reviewed the government's use of the Patriot Act to collect all Americans' calling records. The report largely agreed with our concerns about that program, carefully described how it is illegal and recommended the government stop the program. In our recent comments, we urge the PCLOB to take the same careful approach to the government's activities under Section 702.
Specifically, we urge the PCLOB to work on:
1) Transparency: The PCLOB should push for more disclosures about surveillance conducted under Section 702, especially as it impacts innocent people in the US and around the world. The comments outline what is known about two types of spying the government has said are authorized by Section 702: the PRISM program and “upstream” collection. We also point out key information needed to have a real public debate on these issues, including specifics about the programs that have no reasonable harm to national security such as the number of orders sent and the number of US person communications collected. Throughout the comments, we offer specific suggestions about additional technical and policy information that should be made publicly available. This includes whether any of these programs limit or restrict the architecture or technology of private-sector systems. The information will help innocent people around the world understand whether and how their non-suspect communications are being collected, analyzed, used, and retained by the US government.
2) A Constitutional Analysis: As it did concerning the telephone records collection program, we urge the PCLOB to perform a serious Constitutional analysis of the government's activities under Section 702. Section 702 is being used to authorize modern-day general warrants inconsistent with the Fourth Amendment. The comments discuss how the founders specifically rejected the so-called “hated writs” on the grounds, among others, that the writs did not require judicial approval, particularity, and a finding or probable cause prior to seizure and search of the "papers and effects." The comments urge the PCLOB to consider the serious threats to privacy including:
- Searches done "about" a target of surveillance, which collect the content of Americans and trigger Fourth Amendment requirements;
- "Backdoor searches," which are searches of potentially innocent communications sucked into the NSA's databases containing phone calls and emails collected under Section 702;
- The mass collection and analysis of millions of Americans' communications, both domestic and international, which the government claims were merely "incidentally" collected;
- The court review limited to "procedures" for targeting and minimization rather than the actual seizure and searches. This abstract approval is not a sufficient substitute for the Fourth Amendment's requirement of a "neutral and detached" magistrate, especially when the NSA is seizing millions of complicated communications, like "multiple communications transactions" and nested messages including those of innocent users.
- Filtering only by IP address, which is what the government says it does to protect Americans. IP filtering cannot tell what passport a person holds and is grossly insufficient as a way to ensure that only the communications of foreigners abroad are ultimately analyzed. EFF notes specifically that many American websites (including the House of Representatives website) load content from foreign websites with foreign IP addresses and that many Americans use VPNs and other common technological processes which result in Americans having foreign IP addresses.
3) A Statutory Analysis: We also urge the PCLOB to engage in a statutory analysis of Section 702 and note, as it did for Section 215, that the statutory language does not provide for bulk collection. Instead, the statute forbids the government from "intentionally acquiring" fully domestic communications and requires "reasonably designed" procedures. We write: "it strains credulity to think that mass collection from the fiber optic cables located inside the US. is either 'reasonably designed' to ensure that acquisition is limited to persons believed to be outside the US," especially given that the cables carry both international and domestic traffic.
4) An International Analysis: We point out that Section 702 violates international human rights law, as explained in detail in the Necessary and Proportionate Principles. Section 702's mass surveillance is inherently disproportionate and is improperly discriminatory in ignoring the privacy rights of innocent foreigners.
5) Recommending Fixes: We urge the PCLOB to suggest legislative fixes to, or repeal of, Section 702. This includes narrowing definitions in the statute, like "foreign intelligence information;" ensuring a judge approves specific targets; and ensuring more information is released about the programs.
A full copy of the comments can be found here.
- 1. We say "that we know about" because there is still much we don't know about the government's actual use of the statute or its legal interpretations of it. In fact, throughout the paper we identify specific areas where the PCLOB could demand more transparency about government surveillance activities under Section 702, especially as it impacts innocent people worldwide.
Share this: || Join EFF
Across the Arab world, LGBTQ communities still struggle to gain social recognition, and individuals still face legal penalties for consensual activities. In Saudi Arabia, Yemen, and Iraq, homosexuality is punishable by death. In 2001, 52 men were arrested for being gay in Cairo. And in Syria, Algeria, and the United Arab Emirates, being outed as homosexual means facing years in prison. While activists in some countries, such as Lebanon, have made progress toward greater rights, personal security remains an imperative.
In countries where homosexuality remains taboo or punishable by law, it makes sense for lesbian, gay, bisexual, trans*, and other queer-identifying (LGBTQ) people to explore their sexual identity online. But the Internet is increasingly becoming a risky place for exploration. More and more governments in the region are using digital surveillance to entrap, arrest, detain, and harass individuals who visit LGBTQ websites or chat rooms, or who use social media to protest homophobic laws and social stigmas. Meanwhile, nationwide filtering and complicit Internet search companies have censored content relating to homosexuality by blocking websites and restricting keyword searches in countries like Sudan, Yemen, and across the Gulf region.
Fear and self-censorship
In Saudi Arabia, religious police have outed individuals, resulting in their incarceration. One man in the kingdom was arrested by the religious police for using Facebook to find and date other men. This happens often, but it is extremely difficult to collect details of cases, since being publicly accused of homosexuality can ruin one's life. Outed homosexuals may be permanently ostracized from their families, lose all job prospects, and destroy the reputation of their social networks.
Another man in Saudi Arabia was jailed for three years and tortured with 150 lashes after a police officer entrapped him in a public chatroom and asked to meet in person with all of his makeup and drag outfits in tow. Men who are arrested are often detained in a cell designated for gay men in Braiman Prison in Jeddah, where anywhere between 50-75 men have been reported to be packed into a single cell. Men detained in the designated cell have reported that they were entrapped by police while using chat and hook-up sites like Hornet, U4Bear, and WhosHere.
Saudi Arabia isn’t the only country utilizing these tactics. In the United Arab Emirates, where male homosexuality is punishable by death, men have been detained for looking for sex partners in chat rooms (presumably ensnared by covert police officers). And in neighboring Iran, a massive Internet entrapment campaign a few years ago put dozens of men in jail, many of whom were subject to public torture.
Tactics like entrapment—and the severe consequences that follow—undoubtedly lead to self-censorship, as those looking for moral support or partnership online may fear that doing so could ruin their lives.
A range of threats
It’s not just individuals doing the censoring. State censorship of sexual content abounds online, and LGBTQ content in particular is frequently a target. Support and health websites, and LGBTQ publications are regularly shut down or become inactive. As journalist Anna Lekas Miller recently wrote, the Syrian Same Sex Society Network now renders a blank page, while an Egyptian online publication was recently shut down on “security” grounds.
Other countries are known to filter LGBTQ sites nationwide, and U.S. search engine companies have been complicit. Microsoft's Bing service has been found to censor gay and lesbian sites in Arabic countries. A 2010 study revealed that a search for the world “lesbian” on Bing with Arab country settings turned on resulted in the message, “Your country or region requires a strict Bing Safe Search setting, which filters out results that might return adult content.”
LGBTQ individuals and communities are right to be cautious. Combined with the usual range of risks faced by Internet users in the region, these additional threats mean that such communities are particularly vulnerable. Fortunately, there are tools available to help users stay safe online and circumvent censorship.
Our friends at the Tactical Technology Collective have put together a set of digital security tools and tactics for LGBT groups in the Arab world available in both English and Arabic. Written in collaboration with LGBTQ activists from the Arab world, the guide is a prelude to Security in a Box and offers specific advice for the regional context. Today, many privacy-enhancing technologies—such as TextSecure and Tor—are available in Arabic as well. With increased awareness of online threats (thanks to Edward Snowden's revelations about NSA spying), it's become easier than ever to find tools and tactics for staying safe online.Related Issues: Free SpeechAnonymityBloggers Under FireInternational
Share this: || Join EFF
All too often bills are proposed and laws are passed in the United States that are in grave violation of the United States' obligations under the International Covenant on Civil and Political Rights. And all too rarely does U.S. domestic policy get spoken about in terms of human rights laws. A case in point: the recent spate of bills responding to the unlawful mass surveillance conducted by the NSA revealed in the flood of disclosures from whistleblower Edward Snowden.
The NSA's actions are fundamentally at odds with the human rights to privacy, free expression, freedom of information, as well as the basic right to assemble and organize for change. Yet none of the current Congressional legislative proposals, or the expected legislation to be sponsored by President Obama, are good enough to fully comply with the United States' human rights obligations.
To help provide a framework to talk about mass government surveillance in terms of international human rights obligations, EFF worked with a broad spectrum of organizations across the world to craft the 13 International Principles on the Application of Human Rights to Communications Surveillance. The Principles are firmly rooted in well-established human rights law, drawing on the rights to privacy, freedom of opinion and expression and freedom of association.
Our friends at AccessNow measured how the four legislative proposals stack up against the 13 Principles. Unfortunately, none of the proposed solutions fully bring the NSA back within the bounds of human rights laws. But one in particular, the USA FREEDOM Act, is in closest concordance with the Principles.
Two of the bills proposed in Congress, if passed, would actually move the United States in the wrong direction, driving the U.S. further away from the 13 Principles. By far, the worst proposed reform was introduced by Senator Diane Feinstein: the FISA Improvements Act, and it seeks to codify some of the worst aspects of NSA spying into law. Particularly, it attempts to legalize bulk collection, an inherently disproportionate activity that treats everyone who uses communications technology as worthy of surveillance, and without proper judicial review.The wrong reforms
Feinstein’s fake fix is a violation of international law and would more permanently position U.S. surveillance in direct contradiction with the requirements of international law, such as legality, legitimate aim (the idea that surveillance should only occur if there is a well defined legal interest in doing so), and proportionality, all spelled out in the 13 Principles. The NSA’s “collect it all” strategy— which gathers information regardless of whether it pertains to individuals who likely committed a crime—is against international law, which, as the Principles outline, requires that restrictions on human rights be both “necessary” and “proportionate” and subject to meaningful and timely judicial review. The FISA Improvements Act aims to bestow Congressional approval upon the NSA’s bulk collection practices. It’s a terrible bill, and we must not let it pass.
The White House has also indicated that it will offer legislation to reform the NSA’s bulk surveillance, although the details of this proposal have not been revealed. Until the proposed legislation is released, it will be hard to tell if Obama’s reforms would legally protect the right to privacy as required by international law. But the proposals he outlined do contain increased protections for U.S. persons whose call records metadata is unconstitutionally collected, as well as various ways of minimizing how much is collected by limiting the scope of what is searched through when the NSA queries its database of collected call records.
Unfortunately, it appears that the President’s plan will be lacking other features required by the Principles. Obama’s proposals fall silent on the need for increased transparency of the FISA Court, the secret court that’s been making secret interpretations of the law to enable U.S. global surveillance. The White House proposals also offer no details on how non-U.S. persons will be protected from American surveillance. Individuals should not be denied privacy rights simply because they live in another country from the one that is surveilling them.
There’s also the FISA Transparency and Modernization Act, a bill that might look pretty good on its face, in that it pretends to be an attempt to end NSA’s bulk collection of call records. But in truth, it’s an awful bill that actually contains a provision to create an entirely new government "authority" to collect other electronic data that doesn’t require judges to specifically approve the person who is spied on. This bill is a step backwards, and if passed, would put the US further at odds with our international human rights obligations by permitting the collection, retention, and searching of communications records as long as they are considered useful “foreign intelligence information”. That has been interpreted in the past to mean almost “everything” and is totally antithetical to the 13 Principles: governments should only conduct communication surveillance that is legitimate in aim, proportionate to the needs of an investigation, and approved by a competent judicial authority. The FISA Transparency and Modernization Act is just another way to entrench current NSA practices into law.Back on track
Luckily, the USA FREEDOM Act is not so weak, and we think it’s an important first step in putting an end to overbroad and illegal mass surveillance. If passed and interpreted correctly, the bill should put the brakes on the NSA’s bulk collection of call records and (the allegedly discontinued) collection of Internet records. The USA FREEDOM Act, would require that any records collected be relevant to an existing investigation and pertain to the activities of agents of a foreign power. Although, we are very nervous that this language might leave too much room for a broad interpretation, it could signal an improvement.
The USA FREEDOM Act would also bring new levels of transparency to the secret FISA court by requiring all significant decisions made by the court to be disclosed or thoroughly described by the Attorney General. The bill further proposes to assign a special advocate to champion civil liberties in the FISA court and would carve out a route for judicial review of gag orders placed on companies when the federal government compels them to hand over user data. This would be a major step towards restoring due process.
Ending bulk collection of call records and Internet records would move the NSA surveillance activities closer to compliance with international human rights law. The 13 Principles help to define a basic standard of what it means to conduct communications surveillance that is proportionate: for one, any government surveillance should be relevant to the context of an investigation, and the USA FREEDOM Act goes a long way towards meeting a basic standard, in that any government surveillance should be limited to gathering information that is relevant to a specified authorized investigation.
It’s going to be a long road to reform, and we’re still a great distance away from seeing U.S. intelligence gathering practices promote and protect human rights. The USA FREEDOM Act isn't an ideal model for surveillance reform, but passing the bill would be a serious victory and point Congress towards reforms that would help to restore our basic right to privacy, add new levels of transparency to secret legal processes, and help Americans regain a sense of trust in our government.
It's a disservice to our globally connected world and the potential of a borderless Internet to only speak of the NSA's unlawful activities in terms of U.S. law and its effects on U.S. persons. Refusing to talk about mass global surveillance within a framework of international human rights law perpetuates the myth that the United States is not a perpetrator of human rights abuses. That’s why it’s so important to rearticulate U.S. reforms and laws in terms of international human rights. This fantastic graphic from our friends at AccessNow illustrates how far we have to go, but it’s clear that the USA FREEDOM Act is the best option now and a good starting point to truly put an end to illegal NSA surveillance.SIGN THE PETITION TO SUPPORT THE 13 PRINCIPLES AND DEMAND AN END TO MASS SURVEILLANCE
Related Issues: InternationalInternational Privacy StandardsNSA Spying
Share this: || Join EFF
In the highly anticipated oral arguments of ABC v. Aereo yesterday, the Supreme Court expressed serious concerns about the unintended consequences that their ruling could have on technology and cloud services.
The start-up Aereo provides subscribers online access to a DVR that can hold recordings of over-the-air broadcasts made using dime-sized antennas in local markets where it's available. Broadcasters, which make a portion of their money from charging retransmission fees to cable companies, sued Aereo in New York and elsewhere on the theory that its user-directed transmissions are public performances under the law. As such, the broadcasters argue, it is infringing and need to be licensed.
Aereo's technical set-up may be unusual, but—based on the questions posed to attorneys for both sides—the Court seemed to correctly recognize an evaluation of the technological merits are far beyond its duties. This limit reflects an argument we make in our amicus brief: the Court should refrain from becoming a technology regulator.
Rather than diving into technical details, the justices seemed focused on finding a resolution that would keep them out of the technology regulation business. Perhaps more than in any previous Supreme Court argument, the justices and the attorneys acknowledged the value of media locker services that allow users to upload files to a remote server and then download or stream them later. If the Court deemed Aereo's transmissions a "public performance," the questioning went, how could they prevent sweeping up these kinds of services as well?
The line of questioning is encouraging, and suggests the Court is thinking about these issues on a more sophisticated level than the "if value, then right" theory that the broadcasters hoped to advance. Under that theory, broadcasters have a right to restrict or charge services like Aereo that get any value out of existing copyrighted media.
Such a proposition comes from a fundamentally incorrect understanding of copyright law. Again from our brief, the fact that a certain use of a copyrighted work is valuable does not change the statutory interpretation of the law. Where copyright doesn't restrict a certain use, the public—and not just the rightsholder—gets the benefit. Another brief, this one by a collection of copyright professors, notes that copyright law is "a statutory system of detailed and distinct exclusive rights. “ Our brief points out that outside of those exclusive rights, the public should be free to use creative works.
In that way, this case resembles the seminal Sony v. Universal Studios case from 1984, known as the Betamax case, which cleared up legal uncertainty around videocassette recorders and declared the time-shifting they enable a fair use. The Supreme Court found the Betamax VCR to be legal not because it evaluated the technology and deemed it to be a good implementation, but because the VCR simply did not interfere with exclusive rights. Like Aereo's service, the VCR is more valuable because there are broadcasts to record and watch later, but that is not how copyright cases are decided.
The U.S. government and the broadcasters attempted to argue in their briefs that a ruling in this case need not harm cloud computing. The pointed questions from justices implied that they are at least skeptical. Justice Breyer, in particular, noted that applying too broad an interpretation of the public performance right to cloud services like media lockers could jeopardize consumers’ rights, like the first sale doctrine that allows re-sale of copies, and even give copyright holders an unfair advantage in music licensing negotiations.
The Court will probably decide the case by late June. Yesterday’s oral arguments didn’t give much indication of how the Supreme Court will ultimately rule. But they made clear that the Court is rightfully concerned about side effects of too broad a ruling. It's only in the most narrow sense that Aereo is a case about dime-sized antennas. Fortunately, the Court seems to realize that the issues it raises are much, much larger.Related Issues: Fair Use and Intellectual Property: Defending the BalanceInnovationRelated Cases: WNET v. Aereo
Share this: || Join EFF
Congress has been poised to move on powerful legislation to reform the NSA for months, so what’s slowing things down?
It’s been over ten months since the Guardian published the first disclosure of secret documents confirming the true depths of NSA surveillance, and Congress has still not touched the shoddy legal architecture of NSA spying.
There have been myriad NSA bills presented in Congress since last June. None of them are comprehensive proposals that fix all the problems. Many of them seem to be dead in the water, languishing in committee.
However, several proposals remain contenders. Some are deceptive fake fixes, disguised as reform while attempting to further entrench dragnet surveillance, while some of them are an excellent starting point for real change.
Fake fixes to NSA dragnet surveillance are masquerading as real reform
The two fake fix proposals include the FISA Improvement Act (S.1631), which was written by the chair of the Senate Intelligence Committee, Dianne Feinstein, and the FISA Transparency and Modernization Act (H.R. 4291), which was written by the chairs of the House Intelligence Committee. These bills don’t just put lipstick on a pig; they actually create new legal authority for NSA spying while providing political cover to its biggest supporters. And they come as no surprise from Intelligence Committee leaders who have staunchly defended the NSA's programs.
Senator Diane Feinstein’s FISA Improvements Act (FIA) codifies some of the worst interpretations of the Foreign Intelligence Surveillance Act (FISA), one of the laws governing the NSA's spying. Among other issues, the bill would codify the government’s bad interpretation of Section 702 of FISA. The NSA uses Section 702 to justify mass collection and warrantless searches of legalizing of calls and emails. It includes minimal transparency requirements. Introduced by one of the NSA’s biggest defenders, this bill was marked up in secret and passed out of the Senate Intelligence Committee in December of 2013. Fortunately, the FIA hasn’t been voted on, and it has no cosponsors and no companion bill in the House.
The FISA Transparency and Modernization Act, meanwhile, creates a new surveillance regime—while again making only minimal changes to Section 215, which allows bulk collection of telephone metadata. The bill could allow the government to send orders for production of communications records directly to electronic communication service providers without any judicial approval. The bill is still in committee, but it potentially represents more of a threat than the FIA. It has 12 cosponsors, all of whom are hard line NSA supporters.
If you have any doubt about how bogus the FISA Transparency and Modernization Act is, read the op-ed that Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) wrote in support of their bill. They assert that bulk metadata collection “could have prevented 9/11,” ignoring the analysis from both the Privacy and Civil Liberties Oversight Board and the President’s Review Group that suggests that this data has little, if any, security value. They also write that their “bill seeks to restore the American people's confidence in NSA programs”—rather than restoring the rights that have been damaged by NSA programs. Rep. Peter King (R-NY), one of the bill’s co-sponsors, also said: “I don’t think the reforms are necessary, but I think it can save the program.” Fortunately, the public, the Privacy and Civil Liberties Oversight Board, and the 164 members of Congress supporting the USA FREEDOM Act, do not agree with Rep. King.
The authors of the FISA Transparency and Modernization Act are using manipulative language of fear to garner support for their fake fix. But their goal of simply appeasing critics of unconstitutional dragnet NSA surveillance is transparent.
Obama’s elusive promises of reform
President Obama’s response to NSA surveillance has been sluggish. After the first FISA Court order was made public, the President defended NSA surveillance. In recent months, he’s finally conceded that there are problems with dragnet spying and has made specific promises, though he hasn’t really addressed the myriad issues with NSA spying. While we have seen the President's official statement and fact sheet on his proposed reforms, we still haven’t seen his promises become concrete legislative proposals.
So what’s standing in the way of passing legislation today?
There’s an important player in the discussion around NSA legislation, and that person is Rep. Bob Goodlatte (R-VA), the powerful chair of the House Judiciary Committee. Rep. Goodlatte made it clear in a recent interview that any bill addressing NSA surveillance must go through the Judiciary Committee.
The question is when he will exert his authority to make that happen. In his interview with C-SPAN he made some revealing statements about what any potential NSA legislation should look like and his views on current proposals. He made it clear that he believes Congress needs to tackle NSA surveillance, and noted that any legislation from the Judiciary, unlike the FISA Improvements Act, would “go much more strongly towards protecting the civil liberties of Americans while still ensuring that intelligence can be gathered that’s necessary to keep our country safe.” He also indicated both that he wants to see President Obama’s legislation, and that he is working with the authors of the USA FREEDOM Act and others in Congress to figure out “the appropriate way to move forward.”
But there’s already an appropriate way to move forward. While bipartisan conversations about NSA surveillance are a good thing, there’s a strong piece of legislation that Rep. Goodlatte should usher through his committee.
USA FREEDOM: The way forward
The USA FREEDOM Act (H.R. 3361/S. 1599) would make real change to NSA surveillance. This bipartisan bill is sponsored by Rep. Jim Sensenbrenner (R-WI and original author of the USA PATRIOT Act) in the House and Sen. Patrick Leahy (D-VT) in the Senate. While this bill doesn’t address all the issues with NSA spying, it is an excellent start.
The USA FREEDOM Act could end the mass warrantless collection of phone records of millions of people, something President Obama himself has signaled support for. It would limit the government’s authority to search the database of communications collected under Section 702. It would improve the FISA Court by allowing some significant decisions to be published and by creating a special advocate in the court. The bill includes a provision that would allow companies to be more transparent about government access to their data as well. It would even touch on some of the issues with National Security Letters.
Not only is the USA FREEDOM Act a strong proposal, it has the most support of any NSA reform legislation. The same language has been introduced in the House and the Senate, and there are currently 21 cosponsors in the Senate and 163 in the House. And supporters of the bill logged over 71,000 calls in a single day of action in February. Thousands more sent emails. Now, USA FREEDOM needs to be moved through the committee process, marked up, and discussed on the floors of Congress.
Rep. Goodlatte holds a significant amount of power at this point, and while his statements that he takes NSA spying seriously are encouraging, his actions need to match that concern. Goodlatte needs to assert his committee’s jurisdiction over NSA reform legislation now by moving to mark up USA FREEDOM. Waiting for another proposal, from the President or anyone else, is simply unnecessary.
Fortunately, we’ve made it easy for you to contact Congress today and tell them to move forward with USA FREEDOM. If Rep. Goodlatte is your member of Congress, you should note that you want to see his committee take up USA FREEDOM. If your representative hasn’t co-sponsored USA FREEDOM yet, tell them to put their name on the only piece of bipartisan legislation that protects your rights.
We’ve been hearing about how bad the NSA is every day for months, but making sure that the USA FREEDOM Act doesn’t die is where the rubber meets the road.
Share this: || Join EFF
The patent office has issued its first ruling in our challenge to Personal Audio’s so-called podcasting patent. The Patent Trial and Appeal Board (PTAB) found that we have established a “reasonable likelihood” that we will prevail, based on two key pieces of “prior art” evidence. This isn’t a final ruling, but it is an important step forward.
Last October, we filed a petition for inter partes review (IPR) at the PTAB. The IPR process provides an expedited means for the patent office to take a second look at a patent it has already issued. This kind of challenge proceeds in two steps. First, we file our petition. Then, before the IPR actually goes forward, the PTAB must decide whether our petition establishes a “reasonable likelihood” that we would prevail. If we did not satisfy that standard, our petition would simply be rejected.
In our petition, we argued that Personal Audio did not invent podcasting and that parts of its patent should be declared invalid. We presented evidence relating to Internet Pioneer Carl Malamud's "Geek of the Week" online radio show and online broadcasts by CNN and the Canadian Broadcasting Corporation (CBC). Back in February, Personal Audio filed a response arguing that we were unlikely to prevail and urging the PTAB to reject our petition. The PTAB has now found otherwise, ruling that EFF has established a reasonable likelihood of success.
While we are very pleased with PTAB’s overall conclusion, we were disappointed on one point: while the PTAB accepted that the CNN and CBC references were valid evidence to support our claims, it rejected our argument based on Carl Malamud's “Geek of the Week.” The reasons are somewhat technical, but ultimately the PTAB concluded: 1) that a webpage we cited (the NCSA Geek of the Week page) was not sufficiently accessible to count as a “printed publication” under the relevant statute; and 2) that an electronic journal we cited (the “Surfpunk Technical Journal”) was actually a private email exchange. We respectfully disagree with those conclusions and are considering our options for challenging them.
Again, this is not a final determination. Personal Audio will have another opportunity to present evidence and defend its patent before the PTAB makes a final decision. Nevertheless, we are very pleased that our challenge will proceed and look forward to presenting the strongest possible case that Personal Audio did not invent podcasting. The current schedule for the proceeding is available here. Of course, we will keep you updated at our blog and will publish any documents at our case page.
Auspiciously, the PTAB’s decision in this case came right on the tenth anniversary of the launch of our Patent Busting Project. In the last decade, we’ve challenged many patents and most have been either invalidated or narrowed. We’ve also worked to defend 3D printing from overbroad patents by filing pre-issuance submissions. We’ll continue to fight to protect innovators from illegitimate patents.Related Issues: PatentsPatent Busting ProjectPatent TrollsInnovationRelated Cases: EFF v. Personal Audio LLC
Share this: || Join EFF
Two days ago, we asked web developers for help.
EFF and Sunlight Foundation published an open call for help testing a tool and populating an open data format that would make it easier for everyday people to contact members of Congress. We already had a prototype, but we needed volunteers to conduct tests on each and every Congressional website.
We expected the project would take about two weeks to complete, but feared it might take a month or longer. We worried that web developers wouldn’t want to spend hours working on a boring, frustrating, often technically complex task.
Instead, volunteers conquered the project in two days.
Within hours of publishing our blog post, we were flooded by offers of support. People from all over the world contacted us, and many immediately jumped in and started contributing. By 2:30 AM the day we launched, 70 people were already hacking on the project and had submitted over 420 commits.
The following morning, we found even more people had gotten involved. More than a hundred people were helping us write the code after hearing about our project on Hacker News, reddit, and BoingBoing.
Today, we’re declaring victory. Thanks to the hard work of over a hundred volunteers around the globe, we’re incredibly proud to announce the first-ever public domain database for submitting emails to members of Congress.
142 authors helped us build the code. There were over 1,600 commits to the Github repo in the last few days. And we now have pathways for contacting 530 members of Congress. 1
We did it. We just made democracy a little more functional.
Why Everyone Should Be Able to Contact Congress
We wanted to build a tool for contacting congress so that we could ensure that the voices of Internet users would be heard in the halls of Congress. We wanted to feel confident that messages were being delivered when EFF supporters spoke out against bills like SOPA or demanded reform to NSA spying or software patents. We wanted a system that reflected our values—public domain, as secure as possible, and built with free software.
But we didn’t just want to build something for EFF. We wanted to create an open dataset that anybody could use to create similar tools. We wanted to fundamentally make elected officials more accountable to the people by lowering the bar to sending messages to Congress. We hope developers will use the dataset we’ve made for other projects, establishing new ways of interacting with Congress that we might not even have considered.
Today, that dataset exists.
Why People Got Involved
There were a lot of volunteers who worked long hours to finish this tool. Here are some thoughts they shared:
Darrik Mazey, who contributed over 59 commits to the project, said:
"I got involved with this project simply because when you get the opportunity to help an organization that has done so much for digital privacy rights, you don't pass it up. It felt like a chance to do something real to support a cause I strongly believe in, and facilitating communication between the public and their representatives is absolutely necessary for any sort of social improvement."
“It is crucial to support projects to help restore the voice of the public, especially at this moment in history of overwhelming influence of corporate, economic and political elites,” said Moiz Syed, who made 67 commits to the Github repo over the course of two days. "Being a part of this huge collaborative effort, working with people staying up till all hours of the night helping each other, was both an exhilarating and empowering experience."
Lucas Myer, who made 57 commit to the Github repo, said: “The community effort to help with Contact Congress was nothing short of amazing. I think, like me, a lot of developers see the vital role the EFF serves in defending digital rights and civil liberties. Contributing to Contact Congress was a great opportunity to give something back to the EFF while helping build tools to help people more easily contact their representatives.”
Everyone who made over 55 commits to Github will be recognized on the EFF website under a new page we’re creating for volunteer technologists.
Let’s Do This Again Sometime!
We were completely floored by the outpouring of support we got from developers. In less than two days, we accomplished an enormous project that will benefit EFF and democracy. In fact, the experience has us brainstorming about other volunteer projects that could have a dramatic impact on our digital rights.
Here’s an obvious one: every two years, there’s an election that will necessitate us cleaning up our Contact Congress code. If you want to be on an email list that gets contacted to help out with that and other web development projects, just send an email firstname.lastname@example.org and let us know to add you to the mailing list. Whenever we have a challenging project that needs tech volunteers, we’ll let you know.
But there are other ways you can stay involved. If you want to help us build a more secure Web, please help us maintain our free browser add-on, HTTPS Everywhere. Take a look.
And if you’re interested in building cool action campaigns that benefit the freedom online, consider joining the volunteer team at Taskforce.is. EFF has been teaming up with them for the last several months on technology and advocacy projects, and they could use the help of dedicated, skilled, and passionate developers.
And finally, if you really love working on these projects, you should know that EFF is hiring—we’re looking for a web developer with lovely, edgy front-end design skills and a passion for digital rights. Join us.
A ton of people contributed to this project, more than we can name in this blog post. But we want to extend a special thanks to:
- Dan Drinkard, Eric Mill, and the rest of the team at the Sunlight Foundation. They labored on this project for months and months, and created both the original code and bookmarklet for this project.
- Thomas Davis, the sleepless hacker in Australia who single-handedly managed dozens of volunteers through the nights while the US crew slept.
- Moiz Syed, Darrick Mazey, Lucas Myers, Corey Garnett, Aaron Griffith, Steve Crozier, and everyone else who worked late into the night to pull this project together.
- Jason Rosenbaum and the rest of the Action Network team, who dove in and helped both test our tools and manage volunteers.
- David Moore at the Participatory Politics Foundation, whose original project was the inspiration for this project.
- Bill Budington, our staff technologist, who single-handedly wrote our congress-forms tool and without whom none of this would have happened.
And of course, our deepest thanks go to Sina Khanifar, leader of exhausted web developers everywhere and the organizer of this effort. If you have a minute, tweet your thanks to Sina: @sinak.
Thanks, everybody. See you next time!
- 1. The last few members of Congress have buggy forms, and EFF’s staff technologists will be hacking a solution to those in the coming days.
Share this: || Join EFF
You Asked: Tell us all your secrets.
SGT STAR: Good question. I'm not sure how to answer that. Please try rewording your question. I understand simple questions best.
You Asked: In that case, tell us everything.
SGT STAR: That is a good question, however, I am not positive that I understand what you're asking. Try rephrasing your question. I understand simple questions best.
Sgt. Star is the U.S. Army’s dedicated marketing and recruitment chatbot, and he isn’t going to turn whistleblower any time soon. There’s no use threatening him for answers either—he’s programmed to report that kind of hostility to the Army Criminal Investigation Division.
Last year, EFF began to look at how the government deploys chatbots to interact with and collect information from the public. Sgt. Star was a natural place to start, since he’s almost famous. Serving as the Army’s virtual public spokesperson, each year he guides hundreds of thousands of potential recruits through goarmy.com and fields their questions on Facebook.
(On the Media’s TLDR recorded an informative and entertaining podcast about Sgt. Star, our research and the issues AI chatbots raise—listen here.)
Since Sgt. Star wasn’t going to tell us everything he knows without us breaking it down into a thousand simple questions, we decided to just use the Freedom of Information Act to get it all at once. At first the Army ignored our inquiries, but with a little digging and pressure from the media1, we have been able to piece together a sort of personnel file for Sgt. Star.
We now know everything that Sgt. Star can say publicly as well as some of his usage statistics. We also learned a few things we weren’t supposed to: Before there was Sgt. Star, the FBI and CIA were using the same underlying technology to interact with child predators and terrorism suspects on the Internet. And, in a bizarre twist, the Army claims certain records don't exist because an element of Sgt. Star is “living.”
Everything We Know About Sgt. Star
Chatbots are computer programs that can carry on conversations with human users, often through an instant-message style interface. To put it another way: Sgt. Star is what happens when you take a traditional “FAQ” page and inject it with several million dollars worth of artificial intelligence upgrades.
Sgt. Star’s story dates back to the months after the 9/11 attacks, when the Army was experiencing a 40-percent year-over-year increase in traffic to the chatrooms on its website, goarmy.com. By the time the U.S. invaded Iraq, analysts predicted that the annual cost to staff the live chatrooms would be as high as $4 million.
A cost-cutting solution presented itself in late 2003 in the form of an artificial intelligence program called ActiveAgent, developed by a Spokane, Washington-based tech firm called Next IT. After years of trial runs and focus groups, the Army debuted Sgt. Star2 in 2006.
Technology and law scholars, such as Ryan Calo of the University of Washington School of Law and Ian Kerr of the University of Ottawa Faculty of Law, have warned of the threats to privacy posed by bots that combine social manipulation with mass data gathering. As Calo wrote of Sgt. Star in his paper, “Peering HALs: Making Sense of Artificial Intelligence and Privacy”:
As in the context of data mining, a computer equipped with artificial intelligence is capable of engaging thousands of individuals simultaneously, twenty-four hours a day. But here the agent is able to leverage the power of computers to persuade via carefully orchestrated social tactics known to elicit responses in humans. In an age of national security and targeted advertising, citizen and consumer information is at an all time premium. Techniques of AI and HCI [Human-Computer Interaction] create the opportunity for institutions to leverage the human tendency to anthropomorphise and other advantages computers hold over humans (ubiquity, diligence, trust, memory, etc.) to facilitate an otherwise impracticable depth and breadth of data collection.
Through a FOIA request, we were able to quantify Sgt. Star’s reach. According to a spreadsheet provided by the Army, Sgt. Star does the work of 55 human recruiters. Over the last five years, he has answered 10.5 million questions (94 percent of them correctly) in 2.8 million chat sessions. That means, on average, that Sgt. Star is engaging more than 1,550 people each day.
Sgt. Star is currently operated by the Army Marketing and Research Group, a division created in 2012 that operates out of the Pentagon. According to contracting documents, as of 2011, the Army had spent $5 million on the program, plus another couple of million in maintenance contracts3 in the years since.
The Army also revealed to TLDR that Sgt. Star is not so smart that he can increase his own knowledge base. Instead, the Army and Next IT hold monthly meetings to assess and adjust how Sgt. Star responds to questions.
While Sgt. Star may seem innocuous enough, he provides a window into how other agencies may use the technology for far more invasive purposes.
Sgt. Star’s Family
You Asked: Are there other government chatbots?
Sgt Star: I'm here to help you navigate though goarmy.com and answer your questions about the Army. I'm not here to discuss politics.
Sgt. Star has a large family of “intelligence virtual assistants” at Next IT. His brother Spike assists incoming students at Gonzaga University. Ann helps health consumers at AETNA. Travelers interact (and flirt) with Jenn at Alaska Airlines, Alex at United Airlines, and Julie at Amtrak. Next IT’s newest addition is Alme, a healthcare AI designed to help physicians interface with patients. But so far, Sgt. Star is the only federal government chatbot acknowledged on Next IT’s website.
Secretly, however, Sgt. Star does have family at law enforcement and intelligence agencies. According to an inadequately redacted document publicly available on the federal government’s contracting site, FBO.gov, Sgt. Star is built on technology developed for the FBI and CIA more than a decade ago to converse with suspects online. From the document:
LTC Robert Plummer, Director, USAREC PAE, while visiting the Pacific Northwest National Laboratories (PNNL) in late 2003, discovered an application developed by NextIt Corporation of Spokane, WA, that PNNL identified for the FBI AND CIA. The application used chat with an underlying AI component that replicated topical conversations. These agencies were using the application to engage PEDOPHILES AND TERRORISTS online, and it allowed a single agent to monitor 20-30 conversations concurrently.
The bolded text was redacted, but still legible in the document. At this point we don’t know whether the CIA and FBI are still using these bots.4 That will likely take a much longer FOIA process and, considering the redaction, the agencies may not be willing to give up the information without a fight.
Some food for thought: Sgt. Star engaged in almost 3 million conversations over the last five years, and those were people who actually wanted to talk to him. How many people could two CIA and FBI covert bots converse with over 10 years? What happens to conversations that aren’t relevant to an investigation, and how do the agencies weed out the false positives, such as when a chatbot misinterprets a benign conversation as dangerous?
We also know that Next IT developed an artificial intelligence program called ActiveSentry5, specifically designed to identify and neutralize threats to data security within a computer network. According to promotional materials, ActiveSentry’s origin story is very similar to Sgt. Star’s:
Our solution, ActiveSentry, is evolved from a proven technology we developed that has been deployed by government agencies to monitor Internet Relay Chat (IRC) rooms for such suspicious behavior as potential threats to national security, child exploitation, and drug trafficking.
ActiveSentry is not a chatbot, but a kind of patrol guard, watching keystrokes, conversations and monitoring network activity, looking for employee misbehavior and then springing into action. Here’s how Next IT’s founder and CEO described its investigative and evidence-gathering capabilities in a presentation at a homeland security technology showcase:
If bad behavior occurs, ActiveSentry can respond with real-time proactive steps to block the action. It might shut down the computer, shut down the application, alarm a security officer, or give the user a warning. If the security breach is sufficient, ActiveSentry creates a detailed record of everything the user does, stores all the action with date/time stamps, and secures the data for foolproof evidentiary material.
So far, we are unaware of any criminal cases where information gathered by a Next IT bot has been used as evidence. If you do know of such a case, please get in touch with us.
Is Sgt. Star Alive?
You Asked: Are you alive?
SGT STAR: I am a dynamic, intelligent self-service virtual guide, created by the Army, that will help you quickly navigate the GoArmy Web site and retrieve Army-related subject matter, while simultaneously answering questions and directing communication based on interaction with the user.
Generations upon generations of folklorists, philosophers, futurists and science fiction authors have asked the question: at what point does a machine become a living being?
Sorry, we can’t settle that debate. That said, the Army’s FOIA office did use some rather strange language in describing one piece of Sgt. Star’s programming.
In our request, we sought his output script (every possible response in his database) as it stands now, but also for each year since he went live. That way, we could compare how his answers have evolved and grown through military policy changes, such as the end of Don’t Ask Don’t Tell and the ban on women in combat. The Army gave us the 835 current responses, but could not give us the rest. Apparently, the historical scripts don’t exist because the script is a “living body.” The Army’s exact words in describing the spreadsheet of 835 responses:
This collection is the current running content that appears on the site and represents a “living body” of content that reflects the additions and updates to answers that have evolved since the introduction of the Sgt. Star feature.
Do they mean, “living” like the Constitution is said to be a living document? Or are they using it in the sense of Johnny 5 from Short Circuit? We plan to file a FOIA appeal to learn more. Likely what they mean is that they don’t maintain older versions of Sgt. Star’s script because they constantly update a single file. If that’s the case, then that indicates poor record-keeping by the Army. If the FBI treats their bots in the same way, that would raise serious questions about the ability of defendants to challenge the reliability of a bot if they are charged with a crime after the bot’s programming has changed.
The Army also refused to provide us with Sgt. Star’s input patterns, i.e. all the phrases and keywords that he is programmed to recognize, claiming that this information is Next IT’s proprietary material and therefore exempt from FOIA. We will address this in our FOIA appeal; we are not seeking Sgt. Star's underlying off-the-shelf ActiveAgent code, but we would like to see the customization details that give Sgt. Star his distinct Army flavor. It's also worth knowing what Sgt. Star is programmed to flag, even if he’s not programmed to actually respond to it.
Everything Sgt. Star Knows
You can view all of Sgt. Star’s current responses here. It's 288 pages.
Sgt. Star has a seemingly exhaustive supply of answers to questions about military service, from opportunities for dentists and veterinarians to whether soldier are allowed to use umbrellas (only women and under certain conditions). He also has answers that simply exist to deepen his personality, such as his music and film preferences, and information about his Rottweiler, "Chomp." He will also deliver rather in-depth, scientific answers to throwaway questions, including "why is the sky blue?" and "why is grass green?"
For all his character quirks, a user would never mistake Sgt. Star for human—that's just not how he was designed. That can’t necessarily be said for other government bots. Military, law enforcement and intelligence agencies have employed virtual people capable of interacting with and surveilling the public on a massive scale, and every answer raises many, many more questions.
You Asked: Until next time.
SGT STAR: Goodbye.
- 1. Special thanks to Alex Goldman of On The Media for following up with the Army, and journalist Jason Leopold for firing off a supporting FOIA request.
- 2. Technically, he is SGT STAR, with STAR as an acronym for “Strong, Trained And Ready,” which Sgt. Star says all soldier must be before being assigned to a unit or deployed. However, in the development stages, the program used the name “Sgt. Rock.”
- 3. While the Army does work directly with Next IT, it has also contracted out maintenance to two defense contractors—Nakuuruq Solutions and Truestone Communications—both subsidiaries of a corporation owned by the Iñupiat people of Northwest Alaska.
- 4. Next IT is no longer the only company offering pedophile-hunting chatbots. In 2004, a British programmer introduced a product he called “NetNannies.” Last year, Spanish researchers announced another AI, called Negobot.
- 5. ActiveSentry is now marketed by Next IT's affiliate, NextSentry Corporation.
Share this: || Join EFF
In Armenia, online anonymity could be a luxury of the past if a bill that is currently before the Armenian parliament is passed. The bill would make it illegal for media outlets to publish defamatory content by anonymous or fake sources. Additionally, under this bill, sites that host libelous comments that are posted anonymously or under a pseudonym would be required to remove such content within 12 hours unless an author is identified.
Edmon Marukyan, one of the bill’s drafters, explained the goal of the bill saying, “You can remain incognito as much as you like. Write your posts, but if they end up in the media, then someone has to bear responsibility.” Thus this bill was drafted in an effort to hold a party accountable if and when the dissemination of defamatory material on public websites occurs. However, the need for Armenian legislators to target media outlets and hold them responsible for this type of commentary greatly infringes upon the right to freedom of expression and association. Marukyan believes that sites “bear responsibility” for users' comments, but said “the purpose of the bill was to clarify liability, not curb expression.” Unfortunately, the bill would most certainly curb expression—stifling the commentary of those who would no longer feel secure posting on a medium that would require them to reveal their true self.
Holding a public electronic site liable for its users’ commentary is risky, as displayed in a legal analysis of the Armenian bill published in March 2014 by the Organization for Security and Co-operation in Europe (OSCE). The OSCE raises concerns with the bill, mainly criticizing it for its excessively broad scope, vague definitions, and general lack of clarity. The OSCE proposes that Armenia, though not a member state of the European Union (and thus not legally bound to EU law), look to European law and other directives as a guide for determining whether the bill upholds the right to freedom of expression as outlined by the Universal Declaration of Human Rights. Legislation that is noted in the OSCE’s legal analysis includes Directive 95/46/EC (Directive on Data Protection), “a reference text, at European level, on the protection of personal data."
Furthermore, the OSCE notes that since Armenia is a member state of the United Nations, it is obligated to uphold the civil and political rights of individuals outlined in the International Covenant on Civil and Political Rights (ICCPR)—an international treaty aimed at preserving the right to freedom of expression, amongst other liberties. Additionally, the legal analysis points to the International Principles on the Application of Human Rights to Communications Surveillance (the 13 Principles) as another guide for the Armenian parliament to use when determining whether or not the proposed bill is consistent with human rights law.
The OSCE writes that if the bill is passed, it’s “likely to discourage Internet operators from carrying out business in the Republic of Armenia, since the risk of being charged with liability for defamation is apparently doomed to increase.” It would be devastating if certain online platforms that were once available for anonymous users to post and exercise their basic human right to freedom of expression were suddenly inaccessible.
Stay tuned for updates on the bill and click here to read the Legal Analysis of Draft Amendments to the Civil Code of the Republic of Armenia in its entirety.Related Issues: Free SpeechAnonymity
Share this: || Join EFF
While most courts in the United States are adversarial—each party presents its side and a jury, or occasionally a judge, makes a decision—in the Foreign Intelligence Surveillance Court (FISC), only the government presents its case to a judge. While typically two opposing sides work under public review to make sure all the facts are brought to light, in the FISC the system relies on a heightened duty of candor for the government. As is illustrated all too well by recent developments in our First Unitarian v. NSA case, this one-sided court system is fundamentally unfair.
In March, after we learned that the government intended to destroy records of Section 215 bulk collection relevant to our NSA cases, we filed for a temporary restraining order in the federal court in San Francisco. We also filed a motion to correct the record with the FISC, since it was a FISC order requiring the destruction of bulk metadata after five years that was at issue.
Following the emergency hearing on our motion, the San Francisco federal court ordered the government to preserve the evidence. On the same day that the federal court issued its order, the FISC issued its own strongly worded order in which it granted our motion and mandated the government to make a filing with the FISC explaining exactly why it had failed to notify the Court about relevant information regarding preservation orders in two related cases, Jewel and Shubert. This omission influenced the FISC's decision on the government's request for relief, and the FISC was not happy about it.
On April 2, the DOJ made its filing. The government's statements in this document deserve close attention because they illustrate in high-definition the failures of the FISC's one-sided system.
The response essentially says that in hindsight, it is clear to the government why the FISC would have wanted to know about the Jewel and Shubert orders. But the government's filings show that it unilaterally decided it was right about its interpretation of the legal theories in these cases. In so doing, it failed to live up to the heightened duty of candor present in ex parte proceedings by failing to inform the FISC that this was disputed. In essence, the government narrowly interpreted the causes of action in the Jewel complaint, excluding the Section 215 surveillance purportedly authorized by the FISC, and thereby narrowing the evidence it would preserve. By making a decision about what facts were relevant, the DOJ attorneys elevated themselves into the role of a judge.
The government apologized to the FISC for its omission, but it also continues to inaccurately portray the controversy over the legal theories our cases. In fact, the DOJ uses this filing to again present their interpretation of the disagreement over the scope of the cases, failing to mention the various arguments we have made on that issue before Judge White in San Francisco. The DOJ calls our view "recently-expressed," attempting to create the impression that the DOJ had no idea that there was any controversy until 2014. They neglect to mention that we wrote in a 2010 brief that the "government defendants' assertion that 'plaintiffs do not challenge surveillance authorized by the FISA Court' ... misconceives both plaintiffs' complaint and the role of the district court ...."
If this had been a normal court proceeding, each side would present their position in the most favorable light, and the judge would decide who is right. In the FISC, however, this balanced system breaks down. This one-sided system allows for no accountability except in the rare circumstance where the affected parties can raise the issue with the court. Indeed, in most cases, the arguments and the decision are kept secret, and no one can second-guess the government.
This is why we continue to urge Congress to change the laws governing how FISC operates. At a minimum, significant court decisions must be made public, and a privacy advocate should be a part of the process. These improvements won't bring the same kind of balance that can come with an adversarial system, but could at least deliver a semblance of fairness to the process.
Related Issues: NSA SpyingRelated Cases: Jewel v. NSAFirst Unitarian Church of Los Angeles v. NSA
Share this: || Join EFF
UPDATE (4/16/14): We're lowering the threshold for getting prizes, take a look below.
For years, EFF has been helping concerned technology users contact Congress. The EFF community stopped SOPA, we fought back privacy-invasive cybersecurity proposals, we are championing software patent reform, and now we’re demanding real NSA reform—not a fake fix.Here's How To Jump In and Help
- Read the instructions for contributing.
- Check out the GitHub repo.
- Ask questions on IRC: #opencongress on irc.freenode.net.
But we’re at an impasse. Our community has grown significantly in the last few years, and every day we’re confronted with more reasons that users need to be speaking to lawmakers. But no one has a good system for contacting Congress.
Right now, EFF pays a for-profit company using proprietary software so that our friends and members can stop Congress from enacting dumb laws that hurt the Internet.
This rubs us the wrong way. At EFF, we like to practice what we preach, but our third-party action center suffers from proprietary licensing and limited configurability. When we find bugs, we can’t always fix them ourselves or hack around the problem.
It shouldn’t be this way. We shouldn’t have to compromise our principles just so that our friends and members can speak out about important issues. We shouldn’t have to sacrifice security, customizability, or freedom when engaging in political activism.
We can build something new. And better.
For the last few months, EFF and our partners at the Sunlight Foundation have been working on a way to revolutionize how everyday people contact Congress. The resource we're building with Sunlight is in the public domain, released under CC0, and makes it easy to contact members of Congress using online forms. The new action tool we're creating will be free software, so anyone can hack on and improve it. That means it will be customizable—the community can improve it and hold it to the high level of security that should be the standard for all infrastructure projects and tools for change. And it won’t just be for EFF: anybody can customize this system to contact Congress.
Thanks to our partners at Taskforce.is and the Sunlight Foundation, we’ve got a prototype of the new system ready.
Now, we need your help.
Calling all techs.
We finished the basic backend for the new contacting Congress tool, but now we need tech volunteers to help us complete the project.
Here’s the challenge: Each member of Congress has a special form that their own constituents can use to contact them. Each form is different: some require a CAPTCHA, some require a title, some require you to choose a topic from a dropdown list. Our new action center will let you connect directly to these Congressional forms for your elected officials whenever you want to submit a letter about an issue you care about. However, we need to program for each unique form used for individual members of Congress.
To that end, we need volunteers to conduct tests on the forms of each of the 500+ members of Congress. We created a simple bookmarklet that you can install in your browser, then visit our action center hub and test out different members of Congress. It’s easy to use, and it takes 4-10 minutes to test a Congressional form and make sure it works.
How many volunteers do you need?
We’re looking for between 10 and 30 people who can commit time to this project. We’re hoping to find several people who can work 4-5 hours on this, and then we’re hoping for 10 people who will be willing to spend one or two days on this project.
How technical do I need to be?
People contact EFF frequently with offers to help. I want to help you, they tell us. I want to contribute more than just money. What can I do?
This is it. We really need this system to work so that our voices can be heard in the halls of Congress. And we can only be successful if folks like you (yes you) step up and donate a few hours to help us finish this off.
There’s no tool currently available that would do what we want to do using secure, free software. With a system like this in place, EFF’s efficacy in advocating for your rights can increase dramatically.
We can’t do this without the support and engagement of our best supporters. Want to get involved? Email email@example.com.
It’s not hard and we’ll show you how.
We created these instructions (including video) on how to get started.
Most importantly, we’re available on IRC pretty much all the time. If you bump into problems, just let us know and we’ll try to troubleshoot. Find us on #opencongress on irc.freenode.net.
Ready to get involved? Send an email to firstname.lastname@example.org if you want more information or are ready to get involved.
You can also check out the github repo: https://github.com/unitedstates/contact-congress/
We want to show you some love.
The main reason to take part in this is because you want to help EFF and the Sunlight Foundation, and you believe that the world is a better place when everyday people can contact Congress simply and easily.
Nonetheless, we want to shower you with mountains of amazing swag to thank you for your help.
Here are the prize bundles for volunteers who make:
40+15 commits to the project on Github
- Our undying gratitude
- An EFF hat
150+35 commits to the project on Github
- Our undying gratitude
- 1 year EFF membership -- for yourself, as a gift for a friend, or in memory of someone who inspired you.
- An EFF hat
- An EFF sticker pack
- An EFF shirt
300+ 55 commits to the project on Github:
- Our undying gratitude
- 1 year EFF membership -- for yourself, as a gift for a friend, or in memory of someone who inspired you.
- The famous EFF NSA Hoodie
- An EFF hat
- An EFF sticker pack
- An EFF shirt
- Free entry to any EFF-hosted party (typically, this is our Pioneer Awards and our birthday party, both of which are in San Francisco. Note that the DefCon party is hosted for EFF by someone else, so we cannot guarantee entry to that.)
- A public profile on the EFF website, under a soon-to-be-created ‘tech volunteers’ section.
We really need you. Please email email@example.com to let us know if you can help out.
Share this: || Join EFF
Updates to the email privacy law called the Electronic Communications Privacy Act (ECPA) are long overdue. It's common sense that emails and other online private messages (like Twitter direct messages) are protected by the Fourth Amendment. But for a long time, the Department of Justice (DOJ) argued ECPA allowed it to circumvent the Fourth Amendment and access much of your email without a warrant. Thankfully, last year it finally gave up on that stance.
But now it appears that the Securities and Exchange Commission (SEC), the civil agency in charge of protecting investors and ensuring orderly markets, may be doing the same exact thing: it is trying to use ECPA to force service providers to hand over email without a warrant, in direct violation of the Fourth Amendment.
EFF and the Digital Due Process Coalition, a diverse coalition of privacy advocates and major companies, are fighting hard to push a common sense reform to ECPA. The law, passed in the 1980s before the existence of webmail, has been used to argue that emails older than 180 days may be accessed without a warrant based on probable cause. Instead, the agencies send a mere subpoena, which means that the agency does not have to involve a judge or show that the emails will provide evidence of a crime.
Contrary to the position taken by the DOJ, the courts, the public at-large, and EFF, the SEC asserted last week that it can obtain emails with simple subpoenas, issued under ECPA. The Chair of the SEC, Mary Jo White, tried to reassure Rep. Kevin Yoder that the SEC's "built-in privacy protections" make it ok. Unfortunately, Chair White wouldn't explain what are the exact "privacy protections." Rep. Yoder, the sponsor of HR 1852, The Email Privacy Act—a bill with over 200 cosponsors that updates ECPA—was rightfully dubious and tried to no avail to get the Chair to explain why the SEC thinks it can use ECPA to get around the Fourth Amendment.
Just because your emails are on your computer, must not mean they have any less protection than if they were printed on your desk. Many other agencies disagree with the SEC's approach and recognize the Fourth Amendment covers all private communications—whether paper or electronic. It's time for the SEC to update its practices so that it's inline with the courts, public opinion, and with other agencies.
It's also time for the White House to send a clear message to all of its executive agencies. Remember, the SEC consists of five presidentially appointed commissioners. Since November, the White House has failed to respond to a White House Petition demanding ECPA reform. The White House must pronounce loud and clear that it supports HR 1852, The Email Privacy Act, and that government agencies like the SEC should not be using ECPA as a run-around to the Fourth Amendment.
Many courts, including the Sixth Circuit in United States v. Warshak, have already ruled that emails and other private communications are protected by the Fourth Amendment. Congress, through members such as Senators Patrick Leahy and Ron Wyden; and Representatives Kevin Yoder, Tom Graves, and Jared Polis, are pushing common sense reforms to ECPA like HR 1852 The Email Privacy Act. The bills are slowly making its way through Congress, but we can speed them up. Tell your Representative now to support HR 1852 so that we don't leave email privacy laws stuck in the 1980s.
Related Issues: Privacy
Share this: || Join EFF
Let’s just imagine we could transport an Internet-connected laptop back to the 1790s, when the United States was in its infancy. The technology would no doubt knock the founders out of their buckle-top boots, but once the original patriots got over the initial shock and novelty (and clearing up Wikipedia controversies, hosting an AMA and boggling over Dogecoin), the sense of marvel would give way to alarm as they realized how electronic communications could be exploited by a tyrant, such as the one from which they just freed themselves.
As America’s first unofficial chief technologist, Benjamin Franklin would be the first to recognize the danger and take to trolling the message boards with his famous sentiment: Those who would trade liberty for safety deserve neither. (And he’d probably troll under a fake handle, using Tor, since the patriots understood that some truths are best told with anonymity.)
Today the Tea Party movement aspires to continue the legacy of the founders by championing the rights guaranteed by the Constitution and Bill of Rights. Never afraid of controversy, Tea Party activists and elected leaders are fighting against mass surveillance in the courts and in the halls of state legislatures and Congress.
Each year on April 15, Americans pay taxes that keep the government running. It’s a time for reflecting upon whether that money is funding a government for the people, or a government that is undermining the people, supposedly for their own good. After a watershed year of newly disclosed information about the National Security Agency, the Tea Party has plenty to protest about.
How the Founders Fought Mass Surveillance
Mass surveillance was not part of the original social contract—the terms of service, if you will—between Americans and their government. Untargeted surveillance is one reason we have an independent country today.
Under the Crown’s rule, English officials used writs of assistance to indiscriminately “enter and go into any house, shop cellar, warehouse, or room or other place and, in case of resistance, to break open doors, chests, trunks, and other package there” in order to find tax evaders. Early patriot writers, such as James Otis Jr. and John Dickinson, railed against these general warrants, and it was this issue, among other oppressive conditions, that inspired the Declaration of Independence and the Fourth Amendment.
James Madison drafted clear language guaranteeing the rights of Americans, and it bears reading again in full:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Centuries later, the principle still applies, whether we’re talking about emails or your mobile phone. As the Tea Party activists at FreedomWorks told us when we consulted them for this post: the Fourth Amendment does not stop at technology’s door.
(For a more in-depth historical review, check out former EFF legal intern David Snyder's essay, "The NSA's 'General Warrants': How the Founding Fathers Fought an 18th Century Version of the President's Illegal Domestic Spying.")
Tea Party vs. Big Brother
The Tea Party movement is closely associated with the right to bear arms, religious rights, and tax freedom. But, as Brian Brady, a prolific Tea Party activist in San Diego County we also consulted, said: the movement must embrace the Constitution as a whole. Threats to privacy, he says, are also threats to freedom of speech, religion and association. Property rights mean nothing if the government can search your home or computer without probable cause.
In other words, mass surveillance is a manifestation of big government.
Tea Party activists don’t shy away from confrontations that may put them at odds with other groups (particularly on the left), but no one can deny that on the subject of mass surveillance, the movement is on the frontlines protecting every American’s rights.
TechFreedom and gun-rights groups, such as the CalGuns Foundation and the Franklin Armory (named after Ben), have joined unlikely allies such as Greenpeace and People for the American Way to sue the NSA. Represented by EFF, the plaintiffs argue that collecting phone metadata (your number, who you called, when and for how long you spoke), chills the ability for these groups to associate freely, as guaranteed by the First Amendment as well as the Fourth Amendment. FreedomWorks and Sen. Rand Paul have also filed a class action lawsuit against the NSA on similar grounds
Conservative attorney and founder of Judicial Watch Larry Klayman was the first plaintiff to challenge the program's unconstitutionality. So far, his lawsuit in Washington, D.C. has been successful. In December, the federal judge in the case wrote, “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying it and analyzing it without judicial approval.”
Tea Party-affiliated lawmakers have also been pushing back against mass surveillance with a variety of bipartisan legislative reforms; Rep. Justin Amash, for example, came within a few votes of cutting the NSA’s telephone metadata program funding with a budget amendment last July. State legislators who align with the Tea Party have also sponsored bills across the country condemning the NSA, from California State Sen. Joel Anderson’s successful resolution calling for an end to the call records program to Michigan Rep. Tom McMillin’s call for the Department of Justice to prosecute Director of National Intelligence James Clapper for misleading Congress.
Tax, Spend and Surveil
Reason magazine has an excellent essay about IRS and privacy, outlining how the IRS obtains, scours and fails to secure personal data collected from taxpayers, while tax-reform advocate Grover Norquist wrote a worthwhile op-ed in The Daily Caller today about how the IRS exploits the outdated Electronic Communications Privacy Act. But it’s also important to consider that the taxes the government collects ultimately fund the surveillance state. “No taxation without representation” was the rallying cry of the American revolution, and yet here we are today, with the NSA conducting surveillance without adequate checks and balances. Members of Congress complain that they haven’t been properly briefed on the NSA’s programs and judicial approval of these programs is conducted by a secret court that only hears the government’s side of the story. On the local level, law enforcement agencies are adopting new surveillance technologies such as automatic license plate readers, facial recognition and Stingrays with little public input or other oversight.
On the whole, maintaining the mass surveillance state is expensive. There are 17 (that’s right, 17) different federal agencies that are part of the “intelligence community,” each of them involved in various, interconnected forms of surveillance. Some would say there is little concrete evidence of how it has made us safer, but there’s plenty of concrete evidence of how much it has cost. The bottom line? We’re paying the government to unreasonably intrude on our lives. The budget for intelligence in 2013 was $52.6 billion. Of that, $10.8 billion went to the NSA. That’s approximately $167 per person in the United States
For a prime example of the wasteful spending, one only need to read Sen. Tom Coburn’s report, “Safety at Any Price” that outlined the inappropriate spending done under the Department of Homeland Security’s grant program (such as paying for “first responders to attend a HALO Counterterrorism Summit at a California island spa resort featuring a simulated zombie apocalypse.”) This followed on the heels of a harsh bipartisan Senate report criticizing the extreme waste at fusion centers around the country. Federal funds were used to purchase big screen TVs, decked out SUVS, and miniature cameras. To make matters worse, the report found that fusion centers violated civil liberties and produced little information of any use.
Mass surveillance is a symptom of uncontrolled government overreach. The question is what’s the cure?
Defending Privacy is a Patriotic Duty
While every single person has cause to be alarmed by surveillance, those who criticize government policies have particular reason to be concerned. Those who have new, or not yet popular ideas (or, in the case of the Tea Party, old and popular ideas in resurgence) are often targets of overreaching surveillance. It’s not a partisan issue; it’s a constitutional issue.
Activism is most effective when is happens at the personal, local and national levels and the Tea Party has proven it knows how make a ruckus, whether it’s on a personal blog or outside the White House. America needs the Tea Party to keep applying that patriotic passion to NSA reform.
We have also just created a new collection of resources for grassroots activists, including tips on how to organize public events and use the media to spread the word about your issues, as well as a collection of one-page informational sheets that make it easy to explain these issues. And above all, speak out. Help us stop bills that attempt to legalize mass surveillance and join us in demanding real reform.
Stopping mass surveillance—it’s what the first patriots did, and it’s what today’s patriots are doing right now.
Related Issues: PrivacyNSA Spying
Share this: || Join EFF
After seven years of litigation, the basic contours of the Digital Millennium Copyright Act (DMCA) safe harbors should be pretty well established. Unfortunately, a new front may have opened up in a case called Gardner v. CafePress, thanks to a mistaken and dangerous misreading of Section 512.
With the invaluable assistance of Venkat Balasubramani, EFF, joined by the Center for Democracy and Technology, the Computer & Communications Industry Association, and Public Knowledge, has filed an amicus brief in that case. In our brief, we explain our deep concerns about how that recent ruling could have profound consequences for user-generated content sites.
CafePress is a platform that allows users to set up online shops to sell custom physical goods like clothing and stationery. The lawsuit was filed by photographer Steven Gardner, whose wildlife images were included on a user's sales page. CafePress had asked the court to resolve the case as a matter of law (also called summary judgment) because it believed it was clearly protected by the DMCA's safe harbors. The court denied that request, concluding that it could not be sure that CafePress was protected by the DMCA.
Our brief explains why that was a dangerous decision for online speech and innovation. We focus on two issues in particular: (1) the court’s interpretation of the term “service provider”; and (2) the court’s suggestion that image metadata might qualify as a “standard technical measure” under the DMCA—which would mean CafePress's automated stripping of metadata from photos would jeopardize the availability of safe harbor protections. The court could have resolved these arguments in CafePress’s favor as a matter of law. By forcing the parties to go trial on these issues, the court may undermine the purpose of the DMCA safe harbors.
On the first point, it appears that the court conflated CafePress’s online and offline activities as a website and as a producer of physical goods, and adopted a cramped definition of “service provider” that has long since been rejected by numerous courts.
On the second point, the court clearly misunderstood the definition of a “standard technical measure.” This point is pretty technical, but it has serious implications because service providers are required to comply with “standard technical measures” in order to enjoy the legal protections of the DMCA safe harbors.
A standard technical measure, in the sense of DMCA § 512(i) is one that is “used by copyright owners to identify or protect copyrighted works” and “has been developed pursuant to a broad consensus of copyright owners and service providers in an open, fair, voluntary, multi-industry standards process;” is “available to any person on reasonable and nondiscriminatory terms;” and does not “impose substantial costs on service providers or substantial burdens on their systems or networks.”
However, no broad consensus has ever emerged as to any such measure, with respect to metadata or any other technical artifact. In fact, with respect to metadata, industry practices show there is no such consensus: service providers commonly strip metadata from uploaded images. Without a consensus standard, there can be no "technical measure" that a website is required to honor.
And a good thing too. From our brief:
Casting doubt on the practice of removing metadata may also put users at risk. ... Stripping metadata from uploaded images helps protect users’ privacy and security, and should not be discouraged.
But even though there is no broad industry consensus to treat image metadata as a "standard technical measure" for copyright enforcement, the court seems to have made metadata removal a ticket to trial. That's bad news.
Heads up: this case has flown under the radar, but a wrong decision on these points could end up shrinking the effective contours of DMCA safe harbors. Online service providers have a very strong incentive to stay inside those boundaries: the staggering quantity of user-generated content uploaded combined with ridiculously large statutory damages and litigation costs mean any risk of ambiguity is serious.
Service providers need well-established legal safe harbors, because those safe harbors create the space within which new platforms can develop and thrive. That’s good for user speech, and good for online innovation. We hope the court agrees.var mytubes = new Array(1); mytubes = '%3Ciframe src=%22//www.youtube-nocookie.com/embed/g_9sgZIVCJY%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; Files: cafepress_amicus_curiae_brief.pdfRelated Issues: Fair Use and Intellectual Property: Defending the BalanceDMCA
Share this: || Join EFF
The DC Circuit Court of Appeals heard argument today in AF Holdings v. Does 1-1058, one of the few mass copyright cases to reach an appellate court, and the first to specifically raise the fundamental procedural problems that tilt the playing field firmly against the Doe Defendants. The appeal was brought by several internet service providers (Verizon, Comcast, AT&T and affiliates), with amicus support from EFF, the ACLU, the ACLU of the Nation's Capitol, Public Citizen, and Public Knowledge. On the other side: notorious copyright troll Prenda Law.
Copyright trolls like Prenda want to be able to sue thousands of people at once in the same court – even if those defendants have no connection to the venue or each other. The troll asks the court to let it quickly collect hundreds of customer names from ISPs. It then shakes those people down for settlements. These Doe defendants have a strong incentive to pay nuisance settlements rather than travel to a distant forum to defend themselves. The copyright troll business model relies on this unbalanced playing field.
In this case, Prenda sued 1058 Does (anonymous defendants identified only by an IP address) in federal district court in the District of Columbia. It then issued subpoenas demanding that ISPs identify the names of these customers. The ISPs objected to this request arguing that most of the IP addresses were associated with computers located outside of the court's jurisdiction. The ISPs and EFF also showed that Prenda could have used simple geolocation tools to determine the same thing. And we explained that joining together 1000+ subscribers in one lawsuit was fundamentally unfair and improper under the rules governing when defendants can be sued together (known as ‘joinder’).
Unfortunately, the district court did not agree, holding that any consideration of joinder and jurisdiction was "premature." In other words, the court can't consider whether the process is unfair unless and until a Doe comes to the court to raise the issue. By then, of course, it is too late; the subscribers will have already received threatening letters and, in many cases, be reluctant to take on the burden of defending themselves in a far away location.
We believe this ruling was fundamentally wrong. As we've said many times, plaintiffs have every right to go to court to enforce their rights. But they must play by the same litigation rules that everyone else has to follow. To get early discovery, plaintiffs must have a good-faith belief that jurisdiction and joinder are proper. Given the evidence presented to the district court, there is no way Prenda could have formed this good faith belief. So its demand for customer information should have been denied.
The ISPs appealed the district court’s troubling ruling. At the hearing today, the appellate court was particularly interested in the issue of joinder. The court seemed immediately skeptical of the notion of suing 1000 people at once, but wondered if it might be acceptable join together 20 Bittorrent users who had joined the same swarm to acquire the same work. The ISPs and amici said generally no, because the plaintiff can't know whether a given Doe 1 acquired anything from a given Doe 2 – in other words, they aren't necessarily part of the same "transaction or occurrence." We analogized a bittorrent swarm to a casino poker table: over the course of a weekend, a week, or a month, players may come and go, adding and subtracting from the pot, but the players on day one are unlikely to be related to the players on day 4, or day 30.
The ISPs and amici also stressed the issue of burden. While the ISPs were focused on the burden they faced in responding to the subpoenas, EFF directed the court's attention to the fundamental burden on the IP subscribers, noting that the subscribers identified as a result of a subpoena aren't necessarily going to be responsible for any unauthorized activity. An IP address, we explained, only tells you the name on the bill, not who is using the account. In this context, it is crucial that courts attend to the burden on the Does, as well as the ISPs.
The court had a number of question regarding jurisdiction, and directed many of them to counsel for AF Holdings, Paul Duffy. At root, the court seemed to want to know why AF Holdings had not used geolocation tools to help determine where its targets might be located, and why it had not dropped its effort to pursue many of them when the ISPs explained that the Does just weren't in the court's jurisdiction. Finally, the court had some questions about AF Holdings litigation tactics, including the shenanigans that have been widely reported elsewhere.
It is difficult to predict how a court will rule based only on a hearing. But we are encouraged that the judges asked the important and thoughtful questions, and clearly understood both the context and implications of their decision. Many district courts have now concluded that the copyright troll business model is fundamentally unfair, and have taken steps to ensure the judicial process is not abused to foster a shakedown scheme. Let's hope they will soon be joined by the DC Circuit Court of Appeals.var mytubes = new Array(1); mytubes = '%3Ciframe src=%22//www.youtube-nocookie.com/embed/g_9sgZIVCJY%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; Related Issues: Fair Use and Intellectual Property: Defending the BalanceCopyright TrollsRelated Cases: AF Holdings v. Does
Share this: || Join EFF
New documents released by the FBI show that the Bureau is well on its way toward its goal of a fully operational face recognition database by this summer.
EFF received these records in response to our Freedom of Information Act lawsuit for information on Next Generation Identification (NGI)—the FBI’s massive biometric database that may hold records on as much as one third of the U.S. population. The facial recognition component of this database poses real threats to privacy for all Americans.
What is NGI?
NGI builds on the FBI’s legacy fingerprint database—which already contains well over 100 million individual records—and has been designed to include multiple forms of biometric data, including palm prints and iris scans in addition to fingerprints and face recognition data. NGI combines all these forms of data in each individual’s file, linking them to personal and biographic data like name, home address, ID number, immigration status, age, race, etc. This immense database is shared with other federal agencies and with the approximately 18,000 tribal, state and local law enforcement agencies across the United States.
The records we received show that the face recognition component of NGI may include as many as 52 million face images by 2015. By 2012, NGI already contained 13.6 million images representing between 7 and 8 million individuals, and by the middle of 2013, the size of the database increased to 16 million images. The new records reveal that the database will be capable of processing 55,000 direct photo enrollments daily and of conducting tens of thousands of searches every day.
NGI Will Include Non-Criminal as well as Criminal Photos
One of our biggest concerns about NGI has been the fact that it will include non-criminal as well as criminal face images. We now know that FBI projects that by 2015, the database will include 4.3 million images taken for non-criminal purposes.
Currently, if you apply for any type of job that requires fingerprinting or a background check, your prints are sent to and stored by the FBI in its civil print database. However, the FBI has never before collected a photograph along with those prints. This is changing with NGI. Now an employer could require you to provide a “mug shot” photo along with your fingerprints. If that’s the case, then the FBI will store both your face print and your fingerprints along with your biographic data.
In the past, the FBI has never linked the criminal and non-criminal fingerprint databases. This has meant that any search of the criminal print database (such as to identify a suspect or a latent print at a crime scene) would not touch the non-criminal database. This will also change with NGI. Now every record—whether criminal or non—will have a “Universal Control Number” (UCN), and every search will be run against all records in the database. This means that even if you have never been arrested for a crime, if your employer requires you to submit a photo as part of your background check, your face image could be searched—and you could be implicated as a criminal suspect—just by virtue of having that image in the non-criminal file.
Many States Are Already Participating in NGI
The records detail the many states and law enforcement agencies the FBI has already been working with to build out its database of images (see map below). By 2012, nearly half of U.S. states had at least expressed an interest in participating in the NGI pilot program, and several of those states had already shared their entire criminal mug shot database with the FBI. The FBI hopes to bring all states online with NGI by this year.
The FBI worked particularly closely with Oregon through a special project called “Face Report Card.” The goal of the project was to determine and provide feedback on the quality of the images that states already have in their databases. Through Face Report Card, examiners reviewed 14,408 of Oregon’s face images and found significant problems with image resolution, lighting, background and interference. Examiners also found that the median resolution of images was “well-below” the recommended resolution of .75 megapixels (in comparison, newer iPhone cameras are capable of 8 megapixel resolution).
FBI Disclaims Responsibility for Accuracy
At such a low resolution, it is hard to imagine that identification will be accurate.1 However, the FBI has disclaimed responsibility for accuracy, stating that “[t]he candidate list is an investigative lead not an identification.”
Because the system is designed to provide a ranked list of candidates, the FBI states NGI never actually makes a “positive identification,” and “therefore, there is no false positive rate.” In fact, the FBI only ensures that “the candidate will be returned in the top 50 candidates” 85 percent of the time “when the true candidate exists in the gallery.”
It is unclear what happens when the “true candidate” does not exist in the gallery—does NGI still return possible matches? Could those people then be subject to criminal investigation for no other reason than that a computer thought their face was mathematically similar to a suspect’s? This doesn’t seem to matter much to the FBI—the Bureau notes that because “this is an investigative search and caveats will be prevalent on the return detailing that the [non-FBI] agency is responsible for determining the identity of the subject, there should be NO legal issues.”
Nearly 1 Million Images Will Come from Unexplained Sources
One of the most curious things to come out of these records is the fact that NGI may include up to 1 million face images in two categories that are not explained anywhere in the documents. According to the FBI, by 2015, NGI may include:
- 46 million criminal images
- 4.3 million civil images
- 215,000 images from the Repository for Individuals of Special Concern (RISC)
- 750,000 images from a "Special Population Cognizant" (SPC) category
- 215,000 images from "New Repositories"
However, the FBI does not define either the “Special Population Cognizant” database or the "new repositories" category. This is a problem because we do not know what rules govern these categories, where the data comes from, how the images are gathered, who has access to them, and whose privacy is impacted.
A 2007 FBI document available on the web describes SPC as “a service provided to Other Federal Organizations (OFOs), or other agencies with special needs by agreement with the FBI” and notes that “[t]hese SPC Files can be specific to a particular case or subject set (e.g., gang or terrorist related), or can be generic agency files consisting of employee records.” If these SPC files and the images in the "new repositories" category are assigned a Universal Control Number along with the rest of the NGI records, then these likely non-criminal records would also be subject to invasive criminal searches.
Government Contractor Responsible for NGI has built some of the Largest Face Recognition Databases in the World
The company responsible for building NGI’s facial recognition component—MorphoTrust (formerly L-1 Identity Solutions)—is also the company that has built the face recognition systems used by approximately 35 state DMVs and many commercial businesses.2 MorphoTrust built and maintains the face recognition systems for the Department of State, which has the “largest facial recognition system deployed in the world” with more than 244 million records,3 and for the Department of Defense, which shares its records with the FBI.
The FBI failed to release records discussing whether MorphoTrust uses a standard (likely proprietary) algorithm for its face templates. If it does, it is quite possible that the face templates at each of these disparate agencies could be shared across agencies—raising again the issue that the photograph you thought you were taking just to get a passport or driver’s license is then searched every time the government is investigating a crime. The FBI seems to be leaning in this direction: an FBI employee email notes that the “best requirements for sending an image in the FR system” include “obtain[ing] DMV version of photo whenever possible.”
Why Should We Care About NGI?
There are several reasons to be concerned about this massive expansion of governmental face recognition data collection. First, as noted above, NGI will allow law enforcement at all levels to search non-criminal and criminal face records at the same time. This means you could become a suspect in a criminal case merely because you applied for a job that required you to submit a photo with your background check.
Second, the FBI and Congress have thus far failed to enact meaningful restrictions on what types of data can be submitted to the system, who can access the data, and how the data can be used. For example, although the FBI has said in these documents that it will not allow non-mug shot photos such as images from social networking sites to be saved to the system, there are no legal or even written FBI policy restrictions in place to prevent this from occurring. As we have stated before, the Privacy Impact Assessment for NGI’s face recognition component hasn’t been updated since 2008, well before the current database was even in development. It cannot therefore address all the privacy issues impacted by NGI.
Finally, even though FBI claims that its ranked candidate list prevents the problem of false positives (someone being falsely identified), this is not the case. A system that only purports to provide the true candidate in the top 50 candidates 85 percent of the time will return a lot of images of the wrong people. We know from researchers that the risk of false positives increases as the size of the dataset increases—and, at 52 million images, the FBI’s face recognition is a very large dataset. This means that many people will be presented as suspects for crimes they didn’t commit. This is not how our system of justice was designed and should not be a system that Americans tacitly consent to move towards.
For more on our concerns about the increased role of face recognition in criminal and civil contexts, read Jennifer Lynch’s 2012 Senate Testimony. We will continue to monitor the FBI’s expansion of NGI.
Here are the documents:
- 1. In fact, another document notes that “since the trend for the quality of data received by the customer is lower and lower quality, specific research and development plans for low quality submission accuracy improvement is highly desirable.”
- 2. MorphoTrust’s parent company, Safran Morpho, describes itself as “[t]he world leader in biometric systems,” is largely responsible for implementing India’s Aadhaar project, which, ultimately, will collect biometric data from nearly 1.2 billion people.
- 3. One could argue that Facebook’s is larger. Facebook states that its users have uploaded more than 250 billion photos. However, Facebook never performs face recognition searches on that entire 250 billion photo database.
Share this: || Join EFF