Over the last few months, Pakistan's Internet community has been fighting to stop the passage of one of the world's worst cyber-crime proposals: the Prevention of Electronic Crimes Bill (PECB). Thanks in part to the hundreds of messages sent to Pakistan's senators, they secured a major victory this week—public assurances from key members of Pakistan's Senate that they will oppose the bill in its entirety. There's still work to be done, but it's a strong sign that public opposition is working.
As we've noted before, the PECB is a hodge-podge of failed and poorly-drafted solutions to a motley assortment of Internet bugbears, from spam to hate speech to criminal hacking. It includes provisions that would create unaccountable censorship systems, criminalize ordinary Internet user behavior, and instigate universal data retention for Pakistan's Net users: data that will be shared with foreign governments without consent.
Despite the near-universal condemnation by the technical community, the PECB passed Pakistan's lower house in April 15 with only a dozen lawmakers present. Opponents feared that the government would be able to smuggle the law just as quickly through the Parliament's upper house, the Senate.
Bolo Bhi, and the Digital Rights Foundation held a meeting Tuesday with Pakistani politicians to warn them of the consequences of the bill. It was a timely intervention: that very day, the bill's supporters tried to introduce it to the floor of the Senate for another rushed vote. Thankfully, at least some of the Senate has been listening to the concerns of technologists and civil liberties groups. Opposition politicians at the meeting assured the organizers that they understood the many problems with the bill, and had heard the calls from Internet users to stop the bill.
The Senators said they'd heed the calls for public consultations that the bills' drafters have ignored, and push not just for amendments, but for Pakistan's government to start from scratch with a brand new proposal. Senator Shahi Syed, who heads the Senate's IT committee, expressed his confidence that the house would not pass the PECB in its current form, and that a public hearing on the bill would allow the public to take part in the process.
It looks like the Pakistan government's attempt to rush the PECB through has hit a roadblock. But we need to keep the pressure on. If you're a citizen or resident of Pakistan, you can reach out to the Senate via Twitter using our PECB action alert. Tell them you support throwing out this ridiculous bill now.
Share this: Join EFF
San Francisco—On Tuesday and Wednesday, May 24-25, Electronic Frontier Foundation (EFF) Staff Attorney Kit Walsh and Senior Staff Attorney Mitch Stoltz will participate in public roundtable discussions about the impact of U.S. copyright law on freedoms to investigate and improve the software embedded in everyday products, devices, and appliances.
The discussions, being held at University of California Hastings College of the Law in San Francisco, are hosted by the U.S. Copyright Office, which is studying copyright issues related to the “Internet of Things” and the consequences of Section 1201 of the Digital Millennium Copyright Act (DMCA). Section 1201, while intended to prevent infringement of copyrighted media, has also blocked people from accessing software that controls everything from their mobile phones and video games to cars and insulin pumps.
Section 1201 was enacted to combat copyright infringement of digital works by making it unlawful to circumvent access controls on those works, such as the encryption on a DVD. Because of the broad definition of a copyrighted work, however, Section 1201 gives legal teeth to manufacturers who want to lock product owners out of the ability to tinker with, repair, or modify their own software-enabled devices. The restrictions have also prevented independent researchers from evaluating the software in cars and other devices for impacts on security, safety, privacy, and even the environment.
At the roundtable discussions, Walsh will speak about how overly-broad copyright restrictions on everyday products combine with one-sided end user license agreements to frustrate user freedom, research, and innovation. Stoltz will speak about Section 1201's overreaching restriction on circumventing technologies that control devices and products, and the burdensome, every-three-year procedure to get exemptions from Section 1201.
U.S. Copyright Office Roundtables for Software-Enabled Computer Products and Section 1201 Studies
EFF Staff Attorney Kit Walsh
EFF Senor Staff Attorney Mitch Stoltz
Tuesday, May 24, 9 am to 2:45 pm
Wednesday, May 25, 9 am to 4:15 pm
UC Hastings College of the Law
Alumni Reception Center
200 McAllister St.
San Francisco, CA 94102
Contact: KitWalshStaff Attorneykit@eff.org MitchStoltzSenior Staff Attorneymitch@eff.org
Share this: Join EFF
Zen. The word has come to be associated with simplicity, intuition, and a sense of enlightenment. It originates from a branch of Buddhism that emphasizes meditation and self-reflection as the way to achieve enlightenment.
Naturally, given the cultural cachet of the word, it’s been adopted to various degrees by businesses and other organizations. One of these is Zendesk, maker of customer helpdesk software that businesses use to answer and resolve customer questions and complaints.
We recently became aware of Zendesk’s tactics via the ordeal of a WordPress plugin called Comet Cache, formerly known as ZenCache. To put it very simply, Comet Cache allows websites running on the WordPress platform to create a temporary storage area where users visiting the site can quickly find the information they’re looking for, rather than fetching the data every time from the database, which can be quite expensive when accounting for computing power and other resources.
Suffice to say, Comet Cache has nothing do with customer helpdesk software.
However, that didn’t stop Zendesk from demanding the company to change its name. In a letter sent by Zendesk’s attorneys to Comet Cache, one of the reasons Zendesk gave for why “ZenCache” could be confused with “Zendesk” was:
[B]oth the Zendesk and ZenCache products are offered with free trials; in fact, all use of ZenCache “Lite” product version appears to be free… Removing cost from the equation eases the decision to sign up for and use the ZenCache product, reduces the level of though and deliberation involved, and consequently may increase the chance of confusion.
It’s hard to distinguish whether the above is a Zendesk sales pitch or a baseless legal argument. Offering a product for free, especially one not competing with yours, doesn’t mean it somehow increases the likelihood of confusion warranting trademark protection. And the fact that ZenCache wasn’t even marketed directly at business, unlike Zendesk, the likelihood of confusion is nonexistent.
Before the US Patent and Trademark Office, Zendesk has filed close to 49 oppositions to companies’ attempts to trademark their products and services that contain the word “zen.” We haven’t analyzed all of them, but wouldn’t be surprised if Zendesk’s legal arguments in some of those proceedings were a little shaky as well.
In the letters that Zendesk sends to companies, it seemingly realizes that it doesn’t have a monopoly over the word “zen” and its use in technology. The company’s lawyer wrote to Comet Cache (and in identical letters to others in the past):
At the outset, my client understands that there are a variety of marks in use in the technology industry that contain the word “ZEN” in some form or another. Zendesk is under no illusion that they possess the exclusive right to use the terms ZEN as a trademark within the field of technology generally, or software more specifically. However, my client believes that certain ZEN-formative marks, used in conjunction with particular types of good or services, may create a likelihood of consumer confusion that such products are offered by or associated or affiliated with Zendesk.
The first part of the paragraph seems sensible, but the latter half is where Zendesk’s words don’t match its actions. Despite what the letter says, Zendesk appears to be sending their letter to technology companies with names that start with “zen,” even if that company doesn’t compete with Zendesk in any way.
Unlike a koan—a logic-defying riddle told by a Buddhist master to their students designed to bring them on the path of enlightenment—there’s a logical solution to all of this. Perhaps Zendesk would be well advised to self-reflect on whether it’s trademark trolling is actually worth the trouble.
If you’re someone who has received similar letters from Zendesk, we would be interested in hearing from you.
Share this: Join EFF
Dear Sen. Chuck Grassley,
I work at the Electronic Frontier Foundation (EFF), an organization that fights for digital rights in the U.S. and abroad. Like you, my colleagues and I are deeply concerned about the U.S. patent system and the strain that patent trolls impose on American businesses. We think that as a respected senior senator and chair of the Judiciary Committee, you’re perfectly positioned to bring comprehensive change in the remaining months of this congressional session.
We’ve watched over the past few years as the momentum in Congress on patent reform has ebbed and flowed, and sometimes it seems that there’s no end in sight. Here at EFF, we know that patent reform is on Americans’ minds. When we encourage our supporters to write to their members of Congress about patent bills, we reliably inspire thousands of emails and phone calls.
Yet, every time it’s appeared that a patent reform bill might finally be ready for a vote in Congress, it suddenly vanishes from the agenda. Meanwhile, patent trolls continue to chill American innovation. We can’t keep waiting for a time when reform becomes politically convenient.
You know this better than anyone: patent trolls are not an academic issue for Iowa businesses. They’re a serious threat. In the words of Ames businessman and repeat troll target Al Meyers, "The harm is real, as it reduces the investments that can be made to make Iowa’s and the nation’s products more competitive in the world market."
We were glad when you told Politico that fighting trolls is still a top priority for you. EFF has a great deal of admiration for the Protecting American Talent and Entrepreneurship Act (PATENT Act), a bill that you shepherded into the Senate. But we were puzzled to hear that you’re not planning for the Senate Judiciary Committee to move forward with the Venue Equity and Non-Uniformity Elimination Act (VENUE Act), a bill whose reforms complement those in the PATENT Act perfectly.
You’ve said that you don’t want a venue reform bill to compromise the chances of passing a more comprehensive patent reform bill. But more than anyone else in Congress, you have the power to make sure that doesn’t happen.
The VENUE Act addresses one root cause of many of the patent system’s shortcomings: the fact that patent owners can file litigation in whatever forum they think will give them the greatest advantage. Forum shopping lets patent owners exploit any differences between districts in their favor. Savvy patent trolls know that, and that’s why they overwhelmingly file in just a few districts.
The VENUE Act would require the patent owner to file in a district where it makes sense—for example, where the defendant’s principal place of business is, where the patent owner has a working manufacturing facility, or where the invention was developed.
Since the VENUE Act was introduced, it’s earned numerous endorsements from civil society organizations and the tech industry. These groups represent a wide range of perspectives and interests, but we all recognize that Congress needs to address forum shopping in patent litigation head-on.
The VENUE Act shouldn’t be in competition with the PATENT Act. Indeed, its provisions would enhance each of the important reforms in the PATENT Act. Without legislation addressing the venue problem, the reforms in the more comprehensive bill could be compromised.
For example, the PATENT Act would require plaintiffs in patent suits to disclose what parties have financial interests in the outcome of the case and to report every complaint they’ve filed on the same patent in the three years prior. That’s a great reform. All too often, patent litigation suffers an extreme imbalance of information. Defendants are required to provide a great deal of information about their own business practices, but in the shadowy world of patent assertion entities, it can be very difficult for a defendant to determine who’s actually behind a lawsuit and who stands to benefit from it.
Unfortunately, courts vary widely in their own transparency practices. A few districts routinely let litigants seal substantial portions of the documents filed in patent cases, sometimes even sealing their own rulings. It’s great to require plaintiffs to disclose their financial interests and prior litigation, but in jurisdictions that seal more documents than necessary, those disclosure requirements will do very little to equip future defendants with information about the plaintiffs’ histories.
The PATENT Act has a provision intended to give defendants more leverage to ask the court for a fees award in cases where the plaintiff was clearly in the wrong. But it’s unlikely that courts will apply new fee-shifting standards consistently. Today, judges in the notoriously patent-owner-friendly Eastern District of Texas almost never grant motions for fees. Since fee shifting is largely within the judge’s discretion, improved fee-shifting provisions could give plaintiffs even more incentive to sue in sympathetic jurisdictions.
Another factor that can often give patent trolls an unfair advantage is the cost of discovery, the process whereby litigants request information and documents from each other that will be relevant to the case. Discovery can be very expensive for defendants in patent suits; often, victims of patent trolling opt to pay the demanded licensing fee rather than continue with the discovery process.
The PATENT Act wisely addresses this problem. It delays discovery until after certain initial trial motions, including motions to dismiss the case. That way, in cases in which the patent holder is clearly and factually wrong, the defendant would be able to file a motion to dismiss before undergoing discovery. Once again, though, this reform could be less effective in trolls’ preferred districts, given the Eastern District of Texas’ well-documented reluctance to dismiss cases and costly discovery process.
And on it goes. When the PATENT Act goes into effect, differences will naturally emerge in the ways that courts implement its provisions. Predictable patterns in judges’ perspectives aren’t necessarily a bad thing, but current venue laws let patent owners turn those differences into unfair advantages. Without venue reform, other measures designed to protect innovators from patent trolls can backfire, simply giving trolls further incentive to sue in the most troll-friendly courts.
Sen. Grassley, with your leadership, Congress can finally pass a truly comprehensive patent reform package that includes venue reform. Thousands of Americans who care about bringing fairness to a broken patent system will stand with you.
Electronic Frontier Foundation
Share this: Join EFF
Fort Belvoir, Virginia—The Electronic Frontier Foundation (EFF) asked a U.S. Army Court of Criminal Appeals Wednesday to overturn Chelsea Manning’s conviction for violating the Computer Fraud and Abuse Act (CFAA), arguing that the law is intended to punish people for breaking into computers systems—something Manning didn’t do.
Manning is serving a 35-year sentence for her role in the release of approximately 700,000 military and diplomatic records to Wikileaks. She was convicted of 19 counts in all, including one under the CFAA. Her CFAA conviction stems from using unauthorized software to access a State Department database, which was prohibited by the database’s acceptable use policy.
The CFAA makes it illegal to intentionally access a computer connected to the Internet without authorization, but it doesn’t specify what “without authorization” means. Although the CFAA is aimed at computer break-ins, data theft, and destruction of computer systems, overzealous prosecutors have taken advantage of the law’s vague language to bring criminal charges that go beyond Congress’s anti-“hacking” purpose.
"Congress intended to criminalize the act of accessing a computer that you aren’t authorized to access, such as breaking into a corporate computer to steal user data or trade secrets or to spread viruses. The law should not be used to turn a violation of an employer’s computer use restrictions into a federal crime. That’s what happened here," said EFF Legal Fellow Jamie Williams.
In an amicus brief filed Wednesday, EFF told the U.S. Army Court of Criminal Appeals that violating a written policy, which restricted Manning from using unauthorized software to access a State Department database, is not a crime under the CFAA. Because most employers impose one-sided computer use policies on their employees, such an interpretation would potentially turn millions of Americans into criminals on the basis of innocuous activities, like browsing Facebook or viewing online sports scores at work in violation of company policy.
"Three federal circuit courts have recognized that violating computer use policies isn’t a crime under the CFAA, and we’re urging the Army court to follow suit,” said EFF Staff Attorney Andrew Crocker. “We have also urged Congress to adopt Aaron’s Law, named after late programmer and activist Aaron Swartz, who faced CFAA charges. The law which would ensure that people won't face criminal liability for violating terms of service agreements or other solely contractual agreements.”
The Center for Democracy & Technology and the National Association of Criminal Defense Lawyers joined EFF in filing the brief.
For our amicus brief:
Correction: an earlier version of this press release misstated the number of documents leaked. It's approximately 700,000 records.
Share this: Join EFF
The White House has been curiously quiet on the Trans-Pacific Partnership front, following its earlier fanfare about the agreement when it was signed in February. Yesterday with the release of the U.S. International Trade Commission (USITC)'s almost 800-page report on the TPP's Likely Impact on the U.S. Economy and on Specific Industry Sectors [PDF], we can expect the rhetoric to be ramped up again, in attempt to sell the agreement to an increasingly skeptical Congress and public.
However, the USITC report doesn't actually give the administration much to go on. It estimates that by 2032 the TPP would expand U.S. real income by a measly $57.3 billion (0.23 percent). Real GDP growth would be even smaller at $42.7 billion (0.15 percent), and employment would be a negligible 0.07 percent higher. Belying the touted "Made in America" rhetoric of the United States Trade Representative (USTR), foreign imports would actually grow more than U.S. exports (by $48.9 billion, as against $27.2 billion).
Although the likely overall economic impact of the TPP is useful to know, EFF's particular interest is in the effects of the digital provisions such as the tough new copyright and trade secret rules, and the e-commerce provisions. The latter include a weak guarantee that businesses can transfer their data across borders (but with no similar protection for users), restrictions on mandating the disclosure of software source code (even for the purpose of enhancing security), and mostly meaningless provisions on net neutrality and cryptography standards.Agreement Would Likely Benefit Industry 
On intellectual property, the USITC offers only the most general statement that these provisions "would likely benefit U.S. industries that rely on trademarks, patents, copyrights, trade secrets, and other IPRs by reducing their losses from infringement and increasing exports and foreign sales opportunities for their products and services". Submissions from industry lobbyists are cited in support of this proposition, but none from TPP critics. Even if taken at face value, the USITC report tells us nothing that we didn't already know, and more importantly it fails to address the countervailing costs of the provisions to users, other industry sectors, and public institutions.
Similarly on the e-commerce topics, which the USITC labels "Digital Trade and Computer Services", it offers no economic data at all. It claims in the report and in its accompanying press release that "Many stakeholders consider two new electronic commerce provisions that protect cross-border data flows and prohibit data localization requirements to be crucial to the development of cross-border trade in services, and vital to optimizing the global operations of large and small U.S. companies in all sectors." Yet it presents no evidence that what these stakeholders consider to be the case, actually has any credible basis.
Misleadingly, the report cites a Public Citizen and CIPPIC paper [PDF] on the TPP in support of the proposition that rules prohibiting forced localization will boost the competitive advantage currently enjoyed by U.S. cloud-based services. In fact the relevant passage of the cited paper merely notes that the USTR has made that claim, and gives no independent assessment of its veracity. Public Citizen have also said [PDF] that the TPP would "undermine access to knowledge, creativity, and autonomy over digital devices and content"; yet criticisms such as this are nowhere to be found in the USITC report. On the other hand criticisms from industry that the TPP doesn't go far enough are included—notably criticisms that the financial services sector should have been covered by the data localization ban.Costs to the Public Ignored
We shouldn't have expected anything more, but this report is a whitewash. It fails to acknowledge, let alone to challenge, criticisms of the agreement made by public interest advocates such as EFF, relying instead only on the say-so of industry stakeholders that the TPP will benefit their sector. Even if those industry statements are taken completely at face value, they discount the real costs of the TPP's rules to many other affected communities, including but not limited to startups, students, journalists, libraries, artists, and fans.
The minuscule benefits projected in the USITC's report do nothing to justify the very real costs of the TPP that will be borne here and around the world. No monetary value is or can be placed on the loss of sovereignty that results from us locking in our current broken copyright system, so that we no longer have the flexibility to adopt better rules. None can be placed on the lost opportunity to include users in developing more meaningful global standards on net neutrality, or on other digital issues. No measure is placed on the value of works lost from the public domain for a further 20 years.
In light of these omissions, how can the USITC report be taken seriously? If anything, it reconfirms that the TPP is a bad deal, and that our Congressional representatives ought not to hesitate to reject it. Call on them to do exactly this by taking action now.
Share this: Join EFF
Visiting an art exhibit featuring works about the U.S. war on terror or going to a lecture about Islam wouldn’t be cause for worry—unless you found out that the government was monitoring and keeping track of attendees. At that point, some people would be spooked and stay away, sacrificing their interests and curiosity to protect their privacy, not look suspicious, or stay off a list some intelligence agency might be keeping.
Government surveillance has that chilling effect—on our activities, choices and communications—and carries serious consequences. We argue in our lawsuit First Unitarian Church of Los Angeles, et al v. NSA that the government’s collection of phone records violates the First Amendment rights of our clients—churches and civil and human rights organizations—by discouraging members and constituents from associating and communicating with them for fear of being spied on.
Now two new studies examining the use of Facebook and Wikipedia show that this chilling effect is real. Both studies demonstrate that government surveillance discourages speech and access to information and knowledge on the Internet. What happens is that people begin to self-police their communications: they are more likely to avoid associating with certain groups or individuals, or looking at websites or articles, when they think the government is watching them or the groups/people with whom they connect. This hurts our democracy and society as a whole.
The Facebook study, published in Journalism & Mass Communications Quarterly, showed that people censor themselves on the social network, refraining from posting comments voicing minority views when they’re aware that the National Security Agency (NSA) monitors online activities.
Participants in the study were told of NSA monitoring and shown a fictional Facebook posting about U.S. airstrikes against ISIS. They were asked about their willingness to comment, share, and like the post, or create a new post about the same topic. They were also asked whether they supported or opposed U.S. airstrikes, what they thought most other Americans believed about the airstrikes, and whether surveillance is necessary for national security.
The study showed that people who are aware of government surveillance and support it are significantly less likely to speak out when their views differ from what they perceive to be the majority opinion. As Dr. Elizabeth Stoycheff, Wayne State University assistant professor of journalism and new media and study author, writes:
This is the first study to provide empirical evidence that the government’s online surveillance programs may threaten the disclosure of minority views and contribute to the reinforcement of majority opinion… These individuals expressed that surveillance was necessary for maintaining national security and they have nothing to hide. However, when these individuals perceive they are being monitored, they readily conform their behavior—expressing opinions when they are in the majority, and suppressing them when they’re not.
The Wikipedia study, to be published in an upcoming issue of the Berkeley Technology Law Journal, found a dramatic fall in monthly traffic to Wikipedia articles about terror groups and their techniques after the June 2013 disclosures of the NSA PRISM surveillance program by whistleblower Edward Snowden. The study looked at 48 Wikipedia articles that contained terrorism-related keywords tracked by the Department of Homeland Security, such as “suicide attack” and “dirty bomb.”
Article views dropped 30 percent after June 2013, which supports “the existence of an immediate and substantial chilling effect,” wrote author Jonathon Penney. He also found that monthly views continued to fall, suggesting that the chilling effects of NSA surveillance are long term. The study, he says, has “implications for the health of democratic deliberation among citizens” and the broader health of society.
The government itself uncovered evidence in a recent survey that its surveillance causes Americans to limit their online activity. The Department of Commerce’s National Telecommunications and Information Administration (NTIA) found that in a survey of 41,000 U.S. households that use the Internet, one in five avoided online activity because of concerns about data collection by the government.
These studies provide evidence of what we have long argued—our freedom to read what we choose online and communicate and associate with others privately is profoundly affected by the prospect of the government looking over our shoulder. It’s changed our behavior, whether that means not commenting on a Facebook post about terrorism, avoiding a Wikipedia page, or steering clear of certain organizations.
The stakes are high for the 24 diverse political and activist groups that are our plaintiffs in First Unitarian. They connect people to advance political beliefs, and sometimes take dissenting positions on issues. Government surveillance of phone records to and from these groups, which work with whistleblowers, dissidents, Muslims, patients, gun owners, laborers, and others, have hurt their ability to carry out their missions. Their members and potential clients simply don’t want to call them, visit them on the web, or email them when they know the government is watching. The Council on American-Islamic Relations (CAIR)-Ohio, a community service and civil rights organization that assists Muslim facing racial profiling, harassment, and discrimination, has seen a decrease in communications from its constituency of Muslim Americans. Calguns, a group that assists California gun owners in exercising their rights, has also experienced fewer communications from members who want their communications with the group to be confidential. Human Rights Watch, another plaintiff, says fewer people are reporting human rights abuses—the organization can no longer guarantee security and confidentiality in their communications and those people contacting the group fear retaliation.
We’ve documented these and other affects of the government surveillance in our court filings. We argue that phone record collection violates our clients’ freedoms to associate with others to advance political beliefs. Their work is hampered by the fact that people are deterred from contacting them and they can’t guarantee confidentiality because of government surveillance.
Penney points out that courts, legal scholars, and researchers have been skeptical about the extent and even the existence of the chilling effects of government surveillance. We think these studies strongly support that phone record collection has discouraged Americans from communicating and speaking out, and should put that skepticism to rest.Related Cases: Jewel v. NSAFirst Unitarian Church of Los Angeles v. NSA
Share this: Join EFF
Allegations that Facebook’s “trending” news stories are not actually those that are most popular among users drew the attention of Sen. John Thune (R-SD), who sent a letter of inquiry to Facebook suggesting that the company may be “misleading” the public, and demanding to know details about how the company decides what content to display in the trending news feed. Sen. Thune appears particularly disturbed by charges that the company routinely excludes news stories of interest to conservative readers.
Congressional inquiries usually come with the tacit understanding that Congress investigates when it thinks it could also legislate. Yet any legislative action in response to the revelations would run afoul of the First Amendment. It is possible that Sen. Thune, as chairman of the Senate Commerce Committee, sees Facebook as engaging is “unfair or deceptive” trade practices, but that still does not create a legal basis for regulating what amounts to Facebook’s editorial decision-making.First Amendment Protects Facebook’s Editorial Decisions
In Miami Herald Publishing Co. v. Tornillo (1974), the Supreme Court held that under the First Amendment, the government may not tell a private publisher what to print or not to print, nor may the government punish a publisher for making editorial decisions. The Court stated:
The choice of material to go into a newspaper, and the decisions made as to limitations on the size and content of the paper, and treatment of public issues and public officials—whether fair or unfair—constitute the exercise of editorial control and judgment.
Although that case involved a newspaper, the constitutional rule is just as applicable to the Internet, where a wide range of websites—from newspapers’ digital homes to social media platforms native to the online space—have the right to be free from government interference with their publishing practices.
Even if Congress never takes any action, Sen. Thune’s letter alone—questioning Facebook’s editorial decisions—is an improper intrusion into editorial freedom. Moreover, such an official government inquiry into constitutionally protected activity can create a “chilling effect” that dissuades individuals, even companies, from acting in wholly legal ways.
Sen. Thune’s letter is a close cousin to the tactic deployed by the sheriff of Cook County, Illinois, who wrote letters on official letterhead urging credit card companies to stop providing payment processing services to classifieds websites like Backpage.com, while suggesting that the companies might be legally culpable if they refused to heed the sheriff’s request. Backpage challenged the sheriff’s actions and the Seventh Circuit Court of Appeals held that the sheriff violated the website’s First Amendment rights.
As a Republican, Sen. Thune seems offended that Facebook might be purposefully excluding conservative news stories. But conservatives were outraged when the FCC proposed conducting a newsroom survey in 2014. Republican lawmakers and conservative commentators complained that the Obama administration was maneuvering to control media content in violation of the First Amendment. And Sen. Thune himself, in 2007, criticized those in Washington, DC, who, he said, were “reviving an old idea that the government can, and should, regulate the reporting of news, information and ideas.”Facebook Should Be Fair and Transparent About Its Content Policies
There is a distinction that we want to emphasize: Facebook as a curator of news stories—exercising editorial judgment just like any other media outlet—and Facebook as a social media platform and host of user-generated content.
As a legal matter, in both roles, Facebook is protected by the First Amendment and thus has a right to publish content online free from government interference. As a policy matter, however, it would behoove the company to be more transparent about its content policies.
While it is understandable that Facebook users might want more transparency about what goes into producing the “trending” news feed (including whether the company is exercising political bias), we are more concerned about how Facebook acts in its more prominent role as a host of user-generated content.
As a social media platform, Facebook solicits and displays often highly personal text and images that individuals post to express themselves and connect with their loved ones and communities. People around the world have come to significantly rely on Facebook, even in life-and-death situations.
Yet the company reorders, emphasizes and minimizes posts to everyone’s news feed. And it enforces its terms of service in a selective manner: deleting some posts, censoring some images, and throwing some users off its service, while letting other apparent offenders go unpunished. We have criticized Facebook for unclear content policies and arbitrary enforcement of its terms of service.
At onlinecensorship.org, EFF is tracking such behavior by private social media companies. Whether a company justifies its actions by referencing its terms of service or some other reason, we want to better understand patterns in social media censorship. We encourage individuals who have had their own content removed or their account suspended to report their experiences there.
Facebook has a right to make its own decisions about what it does or does not say online. But it when it comes to providing a service that enables others to speak as well, Facebook should be fair and transparent about how it handles other people’s content—and the company should always expect to have its decisions explored and debated by its users and the wider public.
Share this: Join EFF
In a victory for the First Amendment and public access to court proceedings, a magistrate judge ruled in favor of EFF’s motion to unseal documents in a patent case in the Eastern District of Texas. This means that the patent owner in that case, Blue Spike, will no longer be able to shield from the public its arguments about how the defendant infringes its patents. Also, the court has indicated that it will publish public versions of important rulings that, until now, had been completely hidden from the public.
In March, we moved to intervene in this case arguing that the parties’ practice of filing significant documents under seal violated the public’s First Amendment right to access court filings. In April, the court allowed EFF to intervene and asked for more briefing regarding whether any material should be unsealed.
In its response, Blue Spike did not dispute that the First Amendment applied. Instead, it argued that because EFF wanted to write more blog posts about Blue Spike—posts Blue Spike felt were disparaging—the public should not be allowed to examine Blue Spike’s claims of infringement. In other words, because Blue Spike does not agree with EFF’s commentary about its litigation, it contends that we (and the public at large) should not see the relevant court records at all.
This argument is exactly backwards. As we pointed out in our response, EFF's speech (or indeed, any member of the public's speech) regarding Blue Spike's patent litigation is precisely what the First Amendment protects. The fact that Blue Spike thinks the public and press will be interested in discussing what's in court records actually confirms that they should generally be open to the public.
As was written recently by United States Magistrate Judge Smith, the rise of sealing in judicial cases (not only patent cases) is like “a velvet curtain is being drawn across wide swaths of traditionally public judicial business” and “absent good public information about what courts are doing, justice and the rule of law are left groping in the dark.”
The court’s ruling requires the parties to file public-redacted versions of court filings that were previously completely under seal. Although the parties will be given an opportunity to make limited redactions of genuinely confidential material (like trade secrets), the court has made it clear that it expects such redactions to be quite limited.
We’re gratified that the court promptly granted our motion to unseal. We look forward to reporting more on Blue Spike’s litigation and what it tried so desperately to hide from the public.
Share this: Join EFF
This week, the Malaysian Parliament went back into session to consider a series of amendments to the Communications and Multimedia Act 1998 that, if passed, will further chill online speech and worsen the Malaysian regime's persecution of journalists, bloggers, and activists. The amendments may pass as early as next week, even before the public has had an opportunity to see them. We've written about the planned amendments before, based on the scattered information we had about them from leaks and rumors, but local activists have brought to light another likely feature of the planned amendments that is equally or more concerning: a requirement to register political blogs and websites.
There are numerous problems with such a requirement. Most fundamentally, the need for registration of any online publisher is an unwarranted incursion on freedom of expression. A 2003 Joint Declaration of intergovernmental rapporteurs on freedom of expression and the media specifies that "journalists should not be required to be licensed or to register." The reasons are obvious: by withholding registration or threatening to do so, the government can silence dissenters and skew public discourse in its favor.
But even leaving the freedom of expression issue aside, on a simply practical level the maintenance of a register of political blogs, news portals, and websites is an unmanageable task. What is the definition of a political blog? Does this also cover a personal blog which occasionally comments on current events? What is a news portal? Does it include a news aggregation website? However these questions are answered, there will be so many edge cases that the registration system is likely to be ineffective, as well as casting a grey legal cloud over the online speech of ordinary Malaysians.
This week a coalition of nine Malaysian civil society organizations have expressed their concern with these and other aspects of the proposed amendments:
We are concerned that the proposed amendments are politically motivated with the sole purpose of imposing legal restrictions to public’s right to access to political information and to freedom of expression. … Decisions to restrict freedom of information and expression should follow due process of the law and international standards and norms. It should be clear, least restrictive, necessary and proportionate. This at minimum, requires a court order.
EFF shares these concerns, and calls on Malaysia's ruling party to withdraw the amendments from the current session of Parliament pending their release to the public for consultation and review. A few days after we published our last article about the crackdown on political speech in Malaysia, the Malaysian Insider, one of Malaysia's few independent online news sources that had been blocked by the government for its reporting on official corruption, finally shut its doors. The following month, Malaysia bombed out in the latest World Press Freedom Index, achieving a ranking of 146 out of 180 countries—lower than Burma (Myanmar). The passage of the current amendments to the Communications and Multimedia Act would mark a further downturn in the country's slide towards repression.
Share this: Join EFF
We're pleased to report that Sony Music backtracked on its accusation of copyright infringement against the Hudson Valley Bluegrass Association, and HVBA's educational video remains freely available to the public. But the music label’s response leads us to think that Sony's misuse of copyright and of YouTube’s automated enforcement system will continue.
We wrote last week about how YouTube’s system, Content ID, incorrectly flagged HVBA’s own video as infringing. The video, an hour-long lecture on the history of bluegrass music, triggered the Content ID filters because it contained three clips of bluegrass recordings copyrighted by Sony, each around 30 seconds and surrounded by a discussion of the music and its historical relevance. That’s an obvious fair use under copyright law, one that any human reviewer with minimal training would recognize.
A fair use doesn’t require permission from the copyright holder, or a fee. It’s the sort of use that’s free to all. But when HVBA’s webmaster wrote to Sony Music and asked them to withdraw the Content ID match, the company responded by asking for a $500 “administrative fee” and detailed information about HVBA’s use of the song clips. Fortunately, HVBA’s webmaster knew her rights, and after some prodding—and a post by EFF—Sony Music agreed to withdraw its claim.
We're glad Sony stopped trying to block or monetize HVBA’s video. But the company’s response is troubling all the same. A Sony executive emailed HVBA to say that the company “has decided to withdraw its objection to the use of its two sound recordings” and “will waive Sony Music’s administrat[ive] fee.” That sounds like Sony was simply acting out of courtesy, when in fact the company had no right to demand a fee, by any name, for an obvious fair use. Other YouTube users with less knowledge of the law may have been convinced to pay Sony $500 or more, and provide detailed information, for uses of the music that the law makes free to all.
As Congress and the Copyright Office review the law and examine the effectiveness of automated systems like Content ID, they should keep in mind that automated flagging or filtering combined with misleading statements about a company’s legal rights can lead to abuse. That's another reason why YouTube-style automatic filtering should never be mandated by law, and why we need real penalties for false takedowns.
Share this: Join EFF
Update: This hearing has been vacated. In an order issued late Tuesday, the judge asked for supplemental briefing from the parties. A new hearing date may be set once that briefing is complete.
San Francisco – On Thursday, May 19, at 10 am, the Electronic Frontier Foundation (EFF) will urge a federal judge to let the public see records about “Hemisphere,” a massive drug enforcement database containing decades of telephone metadata.
Reporters at the New York Times uncovered the Hemisphere program in 2013. Funded by the Drug Enforcement Agency (DEA) and the White House’s Office of National Drug Control Policy, Hemisphere places AT&T employees inside law enforcement agencies to facilitate quick access to call records data—including who called who, when, and how long they spoke—typically without any court oversight. The New York Times found that investigators were encouraged to keep Hemisphere “under the radar” by using “parallel subpoenas” and then “walling off” Hemisphere information from public scrutiny.
EFF filed a Freedom of Information Act (FOIA) request to learn more about the program and how it was used by law enforcement, but the government released only a small amount of heavily redacted records in response. At Thursday's hearing, EFF Senior Staff Attorney Adam Schwartz will argue that the government must stop misusing public records law to hide information about Hemisphere.
Electronic Frontier Foundation v. Department of Justice
EFF Senior Staff Attorney Adam Schwartz
Thursday, May 19
United States District Court
450 Golden Gate Avenue, 15th Floor, Courtroom B
San Francisco, CA
For more about Hemisphere and EFF’s FOIA lawsuit:
Share this: Join EFF
All this week, EFF has been at the World Intellectual Property Organization (WIPO) in Geneva, debating with delegates from around the world at the 32nd session of the Standing Committee on Copyright and Related Rights (SCCR). We could write an exhaustive report of the discussions at the meeting (tl;dr: proposals for a broadcasting treaty continue to edge forward, while rich countries remain at loggerheads with users and poorer countries about copyright exceptions for education and libraries). But what's more remarkable are the persistent themes that are recurring in these discussions, as well as the motivations of regional groups, rightsholders and individual countries that propel them.
In a nutshell, Europe and the United States seem deadset on pressuring each other (and the rest of the world) towards their respective versions of copyright law, while avoiding making any changes to the law themselves. This is both a blessing and a curse; it means that the negotiations over a new treaty for broadcasters remain a drawn-out tussle in which Europe seeks to replicate its law giving special rights to broadcasters, and the United States mostly resists, promoting instead a slimmed down version that would only address broadcast signal piracy.
However Europe is equally resistant to even discussing copyright limitations and exceptions that don't currently exist in its law, and unfortunately the United States delegation doesn't care enough to push the matter, leaving the heavy lifting to nonprofit stakeholders such as the International Federation of Library Associations and Institutions and Electronic Information for Libraries. Meanwhile, industry groups refuse to countenance any limit on their own monopoly powers, even when such a limit is plainly in the public interest and addresses a pressing need. For example, libraries and archives seek the legal authority to preserve orphan works, and to source and lend works across national borders, while people with disabilities other than blindness or vision impairment need similar flexibilities to those now extended to print-disabled people.
What about digital issues? Here, the most relevant developments took place not only in the SCCR's plenary session, but also at side meetings held during lunch breaks, including one held by the International Federation of the Phonographic Industry (IFPI), and a second held by EFF. At the IFPI meeting on May 10, industry panelists argued that intermediaries such as YouTube “hide behind” the safe harbor provisions of the DMCA and its equivalents to gain access to content, often uploaded by users, without advance permission from copyright owners. Of course, YouTube also automatically scans this content and share revenues with copyright claimants, which the law does not require it to do; and in most cases the industry is more than willing to take these payments rather than issuing requests to take the content down.
Industry complaints about content platforms' reliance on copyright safe harbors were also repeated at EFF's meeting by the representative from Brazil, Marcos Alves de Souza, who is the principal author of a paper on copyright in the digital environment that had first been tabled at the preceding WIPO meeting by the Group of Latin American and Caribbean Countries (GRULAC). The GRULAC paper does not recommend that copyright safe harbors be eliminated—this would be a disaster for platforms and users alike—but does raise a range of possible solutions to the low returns that artists receive for the use of their work online, and the lack of transparency about how these returns are calculated.
Independent recording artist Imogen Heap touched on the same theme of transparency in her keynote presentation at EFF's side-meeting. Imogen outlined her vision of a blockchain-enabled, distributed open database of music metadata, that she calls Mycelia. Although it remains mostly a vision for now, the widespread adoption of Mycelia-enabled services could, in theory, provide better transparency to artists about how and where their works are being used, as well as enabling many new innovative uses of music, both free and paid. The following question and answer given during her presentation gives a flavor of Imogen's vision (you can watch a recording of it here):
Q: 15 years ago we had a global music database in the form of Napster, which was of course shut down because it wasn't remunerating artists, but do you think that Mycelia could enable the re-emergence of a peer-to-peer music sharing culture that does also remunerate artists?
A: Well, the problem with Napster was that they did an amazing thing, you know, they had all of the music in the entire planet, pretty much, up available for people to use. What a shame that the labels couldn't, you know, use that to their advantage, and you know, take the technology and go wow, what could we do with this. You know they really, really missed a trick there. They reacted too late and then as a result they've been kind of clawing their way back and everybody else has been leading the way with new technologies and they've just been kind of left behind going “help, we're going to figure this out somehow, we're going to get back to the CDs when we made loads of money”. So this is another point in time where we have this incredible new technology which can really, really change things, not just for music but for everything around the world, it's a real game changer.
Regrettably, the approach of the music industry establishment, at WIPO and elsewhere, is frequently much less imaginative and more reactive. Blaming online content platforms for the low returns that artists receive, and moves to target them with additional responsibilities or obligations, are symptomatic of that approach. (And this phenomenon is far from unique to WIPO, see for example the link tax proposals in Europe.) This approach also stands in very stark contrast to the treatment that another challenged industry sector, the broadcasting sector, is receiving from the very same committee. Whereas Internet platforms find themselves under fire for the low returns that artists receive, broadcasters are being courted with special new rights. It is difficult to account for this disparity in treatment as anything other than a clash between established industry interests and newer innovators.
The approach taken by the GRULAC proposal falls somewhere in between. It correctly identifies a real problem faced by many artists, particularly smaller artists, in deriving adequate economic value from the use their creative work online. Amongst the possible solutions that it identifies is the creation of a global database of rights, which overlaps with Imogen Heap's vision for Mycelia. But some of the other the ideas raised require a lot more analysis and discussion. Today, EFF shared our thoughts on the proposal at the SCCR meeting:
The Electronic Frontier Foundation welcomes the GRULAC paper on copyright in the digital environment. Although there are parts of the analysis that we do not agree with, it is clearly a topic long overdue for discussion, and the paper takes a refreshingly clean slate approach to the challenges that the transition to the digital environment poses to copyright owners and users. For example, the paper frankly acknowledges that the default assumption that reproduction of works requires the permission of the copyright owner is a poor fit for the digital environment, given that on the Internet reproduction is a routine and integral feature of the network.
Some of the possibilities to address this disconnect, such as replacing the requirement for permission with a duty to pay equitable remuneration to copyright owners, are interesting topics for discussion, though we would have to ensure that such solutions did not introduce their own problems. In any event, EFF observes with dismay that many such avenues for creative solutions to the digital disconnect may be foreclosed by plurilateral agreements that some members have entered into outside of WIPO, such as the Trans-Pacific Partnership, and this in itself should be a serious concern for this committee.
Leaving that aside, what other policy options pointed to in the GRULAC paper stand out? We believe that a good place to start would be to look at the adequacy of copyright limitations and exceptions in the digital and online environment, and in particular, the extent to which open, flexible and general copyright exceptions such as fair use are a more appropriate fit than closed list exceptions. The need for stronger protection of the rights of users to bypass Technological Protection Mechanisms to access and use lawfully acquired content is also a vital topic of concern.
As to the issue of improving the transparency of payments made to artists by labels and online platforms, we consider that there may be merit in addressing this also, but we would encourage the committee to look creatively at technical solutions to this problem, rather than leaping to the assumption that heavy regulation of platforms may be required, as this may create more problems than it solves. For example, yesterday the recording artist Imogen Heap spoke at an EFF side event in Room B, to talk about how blockchain technology might be useful in developing a global music database such as that suggested in the GRULAC paper.
In conclusion for now, we thank GRULAC again for its most stimulating contribution and we look forward to participating in ongoing open-ended discussions of the committee on the issues that it presents.
As frustrating as the long-winded discussions at WIPO often are, our ability to participate in them is a key advantage that this multilateral forum has over the secretive, closed-door negotiations over copyright that take place in trade negotiations such as the Trans-Pacific Partnership. (During the only closed-door session of the week, we were still permitted to listen in, even though we weren't allowed to contribute or share notes.) If future global norms around copyright in the digital environment are to be discussed—and there is an urgent need that they should be—we look forward to participating in that process in this relatively open, multistakeholder format.
Share this: Join EFF
The California Assembly Committee on Judiciary recently approved a bill (AB 2880) to grant local and state governments' copyright authority along with other intellectual property rights. At its core, the bill grants state and local government the authority to create, hold, and exert copyrights, including in materials created by the government. For background, the federal Copyright Act prohibits the federal government from claiming copyright in the materials it creates, but is silent on state governments. As a result, states have taken various approaches to copyright law with some granting themselves vast powers and others (such as California) forgoing virtually all copyright authority at least until now.
EFF strongly opposes the bill. Such a broad grant of copyright authority to state and local governments will chill speech, stifle open government, and harm the public domain. It is our hope that the state legislature will scuttle this approach and refrain from covering all taxpayer funded works under a government copyright.What Does the Bill Do?
AB 2880 sets out to "clarify" that all works created by public entities are eligible for intellectual property restrictions. This includes trademarks, patents, trade secrets, and copyrights. As things stand today, works created by California state and local governments (like reports, video, maps, and so on) aren't subject to copyright except in a few special cases. That ensures that Californians who funded the creation of those works through their tax dollars can use those works freely.
The bill would change California from having one of the best policies on copyright of any U.S. state to among the worst. It authorizes public entities to register copyrights in their work. That means that state and local governments will have the power to seek statutory damages that can reach as high as $30,000 per infringement and potentially as life altering as $150,000 for willful conduct against people who use state-created materials. Therefore, if a citizen infringed on a state owned copyright by making a copy of a government publication, or reading that publication out loud in a public setting, or uploading it to the internet, they could be liable for statutory damages. The harms felt by this bill's approach are wide ranging because it would take very little to claim that a work is protected by copyright law.
Imagine local officials having the power to issue a DMCA takedown notice of YouTube videos of city council meetings simply because they did not like them (sounds crazy? read on).Chilling Effect on Free Speech
We've seen many copyright claims that are in reality attempts to censor speech. California local and state governments are not exempt from the temptation of suppressing disfavored speech under a copyright claim as evidenced by the Teixeira case. In 2015, the city council of Inglewood had filed a lawsuit against a citizen (Teixeira) for uploading video clips of city council meetings to YouTube with his criticisms of the mayor. The lawsuit was dismissed by the court outright because California cities don't have the power to claim copyright. The court went even further to explain how Mr. Teixeira's use of the videos to criticize the mayor was a fair use. So while the litigation ended on the correct note (though it cost Inglewood taxpayers $110,000 in legal fees), it demonstrated how copyright law can be abused in the hands of government.
If all works produced by state and local government from city council recordings to documents that embarrassed a local official become subject to copyright law, the Teixeira case really represents a harbinger of things to come. Citizens concerned with litigation threats will refrain from sharing or copying government works despite the fact that their tax dollars created those works. Worse yet is the perverse incentive for governments to litigate given the substantial money that can obtained through statutory damages.Restrictions on Open Government
In an attempt to address this obvious potential for censoring the public by exerting copyright controls on state owned works, the bill provides an exemption for all works requested under the California Public Records Act (CPRA) but explicitly reserves all of the powers granted to a holder of a copyright (the holder in this instance being the government). That means a state or local government cannot resist a CPRA request for a document on the grounds of protecting copyright. But by explicitly reserving all of the exclusive rights given to a copyright holder, the state and local governments keeps extraordinary powers to restrain the ability for a citizen to distribute documents they obtain through a CPRA request. Those powers could be used in many ways such as denying a citizen the right to make copies, distribute copies, create derivative works of the original, or to publicly perform or display the work. While fair use might apply, its application can be uncertain and risky, and it's no substitute for keeping copyright out of the mix altogether.A Massive Loss to the Public Domain
Currently, California has one of the most citizen-friendly state copyright regimes on the books where a vast majority of state created works are free to the public with only five exceptions. All other audio, visual, and written work of state and local govenment employees is in the public domain upon creation and free for the public to use however they see fit. For the most part, this follows the federal model where works created by taxpayer money are by default owned by the public.
The federal approach makes sense when we consider the goals of the intellectual property clause in the Constitution. The purpose of providing a limited government monopoly through copyright was to incentivize creativity and provide a market mechanism to monetize that creative expression. However, governments do not need an incentive because their source of funding comes from taxes and the government employees creating the works are already compensated by the public. The general policy rationale against governments from exerting copyrights over publicly funded works is founded on the premise that public funding means public property and that it belongs to citizens by default.
EFF hopes that the state legislature will recognize the fundamental problems with AB 2880's approach and forgo covering all state and local government works under copyright law. As the LA Times Editorial Board correctly noted at the conclusion of the Teixeira case, "there's something fundamentally outrageous about using tax dollars to sue a taxpayer over the use of a public record that taxpayers paid to create."
If you're a California resident, tell your legislators to reject this dangerous bill.
Share this: Join EFF
Until recently, it was uncontroversial that you could take books or music from your collection, and lend them, sell them, or give them away.
Rightsholders, however, have long tried creative ways to restrict your ability to do these things, as they believe it would let them make more money by either charging you for the privilege or simply by reducing “competition” from the sale or lending of used media.
Of course, making media less valuable for the purchaser would also hurt sales of that same media, but only if the reduction in value is apparent to purchasers. A seller could both maintain high prices and strip away the ability to resell or lend books if enough purchasers don’t notice at the time of sale that they’re getting less for their money.
Enter the “Buy Now” button. A team of researchers from UC Berkeley and Case Western have published a study showing that customers think they are getting traditional ownership rights when they buy digital media online, even when a vendor’s site includes legal terms (often buried in click-wrap agreements) purporting to limit those rights.
In the study, customers purchased digital media from a fictional website with either a “Buy Now” button, a “License Now” button, or a purchase button accompanied by a plainly-written, point-by-point account of the rights that would and would not be granted. The researchers also presented the “Buy Now” button for hardcopy media sales to measure purchasers’ baseline understanding of the rights they get when purchasing traditional media.
Customers clicking “Buy Now” overwhelmingly believed for that they would “own” both digital and hard copy media, and have the right to keep it indefinitely and use it on a device of their choice. Little did they realize that their digital copy could be taken away or simply be discontinued when a vendor went out of business or stopped supporting the product.
Most of the people who understood that they have the right to lend or gift their hard copies also believed they had those rights for digital works, though the numbers were diminished (and, sadly, many people weren’t confident in the rights they clearly do have to resell or lend hard copies of books and music).
When the button was changed to read “License Now,” customers’ expectations did not significantly change (they were less likely to say they "owned" the product, but just as likely to believe they had the rights that come with ownership). When, however, customers were presented with a plainly-written summary of the rights that were and were not granted, this did cause a corresponding change in people’s expectations. The paper reinforces the truism that no one reads fine print online terms, even in a research study. If vendors really wanted customers to understand what’s in their terms, they could easily craft informative summaries as the researchers did.
The researchers also confirmed that customers value and would be willing to pay more for the right to lend, the right to resell, and the right to use the media on a device of their choice.
Of course, a customer’s willingness to pay obviously depends on what they think they’re getting. If customers believe they are already getting space-shifting, lending, and resale rights when they are not, then prices are being artificially inflated and vendors are profiting from keeping customers ignorant.
The actual status of these rights is complex and the law is not yet settled. For example, while traditional protections like copyright’s “first sale” doctrine should allow you to resell your mp3s, Redigi was successfully sued for attempting to create an online marketplace to enable people to do just that. As another example, the fine print on websites is not necessarily effective at altering customers’ legal rights; contract and copyright doctrines interact to determine how enforceable such an agreement might be and whether it strips a purchaser of “ownership” rights.
What is clear is that vendors are selling something far less valuable than what customers think they are buying. When a transaction objectively looks like a sale to a reasonable customer, the customer should get the legal rights that come with purchase, even if the vendor figuratively has their fingers crossed behind their back in the fine print.
Share this: Join EFF
EFF is proud to introduce Certbot, a powerful tool to help websites encrypt their traffic. Certbot is the next iteration of the Let's Encrypt Client; it obtains TLS/SSL certificates and can automatically configure HTTPS encryption on your server. It's still in beta for now, but we plan to release Certbot 1.0 later this year.
As you may know, Let’s Encrypt is a certificate authority, co-founded by EFF, Mozilla, and researchers from the University of Michigan. With the help from many others, Let’s Encrypt is now one of the world’s largest certificate authorities, used by millions of people around the world to enable HTTPS on their website.
Certbot communicates with the Let’s Encrypt CA through a protocol called ACME. While there are many ACME clients available to choose from, Certbot continues to be the most popular choice for organizations and developers that run their own webservers.
Back in April, we announced we would be transitioning the client to become an EFF project. The client will have a new name, to avoid confusion with the Let's Encrypt CA and organization, and it will no longer be the official ACME client for use with Let's Encrypt. But don't panic! The software for the Let's Encrypt client has always been primarily developed by EFF and open source contributors from around the world, and that's not changing. But this does mean that the client will no longer be hosted by ISRG, the parent organization of the Let's Encrypt CA.
Along with the rename, we've also launched a brand new website for Certbot, found at https://certbot.eff.org. The site includes frequently asked questions as well as links to how you can learn more and help support the project, but by far the biggest feature of the website is an interactive instruction tool. To get the specific commands you need to get Certbot up and running, just input your operating system and webserver. No more searching through pages and pages of documentation or Google search results!
While a new name has the potential for creating technical issues, the Certbot team has worked hard to make this transition as seamless as possible. Packages installed from PyPI, letsencrypt-auto, and third party plugins should all continue to work and receive updates without modification. We expect OS packages to begin using the Certbot name in the next few weeks as well. On many systems, the current client packages will automatically transition to Certbot while continuing to support the letsencrypt command so you won't have to edit any scripts you're currently using.
Despite the rename and Certbot's new home at EFF, the client will continue to work as it always has. It will still get certificates from Let's Encrypt and automatically configure HTTPS on your webserver. With Let's Encrypt issuing its three millionth certificate in the last week, Let's Encrypt and Certbot have no plans of slowing down on their mission to help build a Web that is encrypted by default.
Share this: Join EFF
Dear member of the World Wide Web Consortium's Advisory Committee,
You may have heard that over the past year we've been trying to insert legal safeguards into the Encrypted Media Extensions project at the W3C, which standardizes streaming video DRM. We've previously been opposed to the W3C adopting EME, because of the legal issues around DRM, and because DRM requires user agents to obey third parties, rather than their owners.
However, we think that there's a compromise that both DRM advocates and opponents should be able to live with.
I'm writing today to see if you will support us in an upcoming W3C vote on the charter of the Media Extensions Group, where we will be proposing this compromise.
This letter briefly describes briefly the problem, our proposed solution, and what you can do to help.The Problem
Our major problem with DRM is legal, not technical. In the USA, section 1201 of the Digital Millennium Copyright Act (DMCA) forbids breaking DRM, even for lawful purposes, and gives companies the legal tools to threaten and silence security researchers who discover defects in their products (because disclosure of a defect might help people break the DRM).
Neither of these legal effects are good for open standards (you don't have to take our word for it).
Giving vendors the power to silence security researchers doesn't make users safer -- it just makes vulns last longer in the wild, exploitable by bad guys (from autocratic state security services to organized crime).
Equally significant in the world of open standards is protecting interoperability. The normal course of things in technology is that one company may make a product that interoperates with another company's products, provided that they don't violate a patent or engage in some other illegal conduct. But once DRM is in the mix, interoperability is only legal with permission.
Here's an example: if the W3C defines a data-type, anyone can make a user-agent that can receive and render that data. The people designing user agents might do things that the people running the servers disapprove of (for example, blocking pop-up ads), but that's not illegal -- so long as you don't break the law, the company serving the data can't dictate how the companies making the clients must handle it.
With EME, and for the first time in W3C history, a protocol is being designed explicitly to allow companies who serve data to use the law to shut down companies that render it, even if they do not infringe copyright. Features as simple as a pause button, or time-shifting, or even changing the gamut to adapt to color blindness can't be undertaken without permission from the companies serving the video, without falling afoul of the DMCA.
Not just the DMCA, either. The US Trade Representative has made adopting DMCA-like anticircumvention rules a condition of trade with the USA in most of the world.Our Solution
We've proposed a simple solution, patterned after the existing W3C patent policy. The patent policy doesn't take a position on whether patents are good or bad, but it does hold that standards are more open if you don't have to license a patent to implement them, so W3C members are required to promise not to sue others for practicing their patents when implementing W3C recommendations.
Our proposal does the same thing, except for anti-circumvention rights (rather than patents). Members who participate in the Media Extensions Working Group will have to make a legally binding promise not to use anti-circumvention laws to aggress against security researchers or implementers.
All other rights and causes of action -- trade secrecy, copyright, tortious interference, breach of contract -- are intact. We did a survey of US case-law on anti-circumvention and all the cases in our survey could have proceeded even if the private plaintiff was a party to our covenant -- so we're not proposing to take away any of the legal rights businesses are depending on for legitimate business, only for threats and chilling effects.What We Want From You
The Media Extensions Working Group has had its charter renewed until September, and it's unlikely that EME will be ready to be a recommendation by then. The last charter renewal was controversial, with a diverse group of members objecting to the renewal unless the covenant was made a condition of participation.
For the next extension, we're building a coalition of W3C members who will ask that the charter only be renewed with a mutually agreed-upon covenant as an exit condition.
Will your organization commit to objecting to the renewal in September, unless a nonaggression covenant is added as an exit-condition?
I would love to discuss this further with you, either by email or on the phone, if you prefer. In the meantime, here's some links with more detail:
- History of EME and the covenant at the W3C
- Interoperability use-cases blocked by EME
- Open Source Initiative on covenants in EME-like standards
- Security researchers who support this proposal
Representative to the W3C Advisory Committee for the Electronic Frontier Foundation
Share this: Join EFF
Michael Ratner, a friend of EFF who dedicated his life as a human rights attorney to fighting for justice, passed away earlier today.
Michael was a staunch defender of civil liberties, forging new pathways for using the court systems and advocacy to fight for justice. As the president emeritus of the Center for Constitutional Rights and a formidable social justice attorney, Michael crossed paths with EFF around Wikileaks and related whistleblower cases, among others. CCR was our co-counsel in the early NSA spying cases. But more importantly, Michael was one of our legal heroes, unafraid to use law and lawsuits to try to address human rights problems in the U.S. and around the world. We have modeled our EFF litigation approach, in part, on the strong work he did. Michael’s many-decades career was colored by his commitment to human dignity, and he fought to ensure that we had a government accountable to the people—and that those who opposed government overreach would be protected and defended.
As an author, attorney, thought-leader, activist, speaker, and friend, Michael helped further the civil liberties movement and inspired hundreds of others both in the law and outside of it. We at EFF will miss him dearly, and mourn his loss.
Michael lived the life many of us dream of living. He used his 72 years on earth as a tool for good, and he used his intellect and his courage to fight for justice, even in the most vexing of cases. He died having accomplished more to create positive change in the world than most people ever dream to create. His legacy is a democratic society that is stronger because of the dissent, transparency, free speech, and tolerance that he helped nourish.
Michael’s death is a reminder that our lives are too brief to waste on the sidelines. The threats to liberty have not abated. Our society still suffers from privacy invasions, speech restrictions, and government surveillance, while those who work to shine a light on these problems often face disproportionately harsh penalties. Such battles will not be won by those who excuse themselves from the fight, who eschew politics, fear controversy, or grow cynical and exhausted in the face of mounting pressure. Now more than ever, we need those who can live with Michael’s courage. In honor of Michael’s lifetime of advocacy, we reaffirm our commitment to bringing lawsuits and otherwise taking a stand to defend civil liberties. Michael may have left us, but the work will continue.
Share this: Join EFF
Attorneys for the Oracle and Google companies presented opening statements this week in a high-stakes copyright case about the use of application-programming interfaces, or APIs. As Oracle eagerly noted, there are potentially billions of dollars on the line; accordingly, each side has brought “world-class attorneys,” as Judge William Alsup noted to the jury. And while each company would prefer to spend their money elsewhere, these are businesses that can afford to spend years and untold resources in the courtroom.
Unfortunately, the same can’t be said for the overwhelming majority of developers in the computer industry, whether they’re hobbyist free software creators or even large companies. Regardless of the outcome of this fair use case, the fact that it proceeded to this stage at all casts a long legal shadow over the entire world of software development.
At issue is Google’s use in its Android mobile operating system of Java API labels—a category of code Google (and EFF) previously argued was not eligible for copyright. Judge Alsup, who demonstrated some proficiency with programming Java in the first leg of the case, came to the same conclusion. But then the Federal Circuit reversed that position two years ago, and when the Supreme Court declined to hear the issue, there was nowhere left to appeal. With this new decision on copyrightability handed down from above, Google and Oracle now proceed to litigate the question of whether Android’s inclusion of the labels is a fair use.
If Google wins at this stage, it’s tempting to declare the nightmare of that Federal Circuit opinion behind us. After all, fair use is a right—and even if API labels are subject to copyright restrictions, those restrictions are not absolute. Google prevailing on fair use grounds would set a good precedent for the next developer of API-compatible software to argue that their use too is fair.
Tempting, but not quite right. After all, there is a real cost to defending fair use. It takes time, money, lawyers, and thanks to the outrageous penalties associated with copyright infringement, comes with a substantial risk. Beyond all those known costs, wedging a layer of copyright permissions culture into API compatibility comes with serious unknowable costs, too: how many developers will abandon ideas for competitive software because the legal risks are too great?
There’s a reason people say that if you love fair use, you should give it a day off once in a while. Even the vital doctrine of fair use shouldn’t be the only outlet for free speech. In many areas, an absence of copyright, or the use of permissive public licenses, can foster more creativity than fair use alone could. Sadly for now, in the world of software development it’s the paradigm we have.Related Cases: Oracle v. Google
Share this: Join EFF
A series of bluegrass history lectures has become the latest victim of the bullying that is enabled by content filtering systems like YouTube’s Content ID.
The Digital Millennium Copyright Act’s safe harbors protect websites like YouTube, Vimeo, Twitter, and many others against runaway copyright lawsuits. They also protect people’s fair use rights when they post their own creations online, by ensuring that online platforms don’t have to assume the risk of a user’s fair use case going the wrong way. But automated filtering and takedown systems on platforms like YouTube—systems that the DMCA doesn’t require—flag obvious fair uses as potential infringement, including educational work around the history of music itself. That’s why it’s alarming that major entertainment companies want Congress to scrap the DMCA’s safe harbor and make automatic filtering the law.
The Hudson Valley Bluegrass Association was founded “to knit together the bluegrass community of musicians and fans.” Besides hosting jam sessions and concerts, the non-profit association gives lectures on the history of this American art form. These “Evolution of Bluegrass” lectures, which take place in a classroom in Poughkeepsie, New York, are also posted to YouTube for others to learn from. As you might expect from lectures on music history, these hour-long sessions include many short music clips, typically of about 30 seconds, played over still images of bluegrass musicians and surrounded by commentary.
HVBA’s use of clips from old bluegrass recordings is a clear fair use under copyright law. The clips are short, the purpose of the videos is educational, and the group does not earn money from its videos. Plus, no one is likely to forego buying the complete recordings simply because they heard a clip in the middle of an hour-long lecture.
Still, HVBA’s videos have repeatedly been caught up by YouTube’s automatic filters, which are known as Content ID. Most of the matches came from Sony Music and its subsidiaries. This had several consequences for HVBA: ominous warnings from YouTube, the lecture videos being blocked in various countries, and HVBA making numerous entreaties to the record labels to withdraw the Content ID matches. Mostly, they did.
But the situation changed this year. When HVBA’s webmaster emailed Sony Music to explain that the use of music clips in the lecture videos was fair use, Sony’s representative responded that the label had “a new company policy that uses such as yours be subject to a minimum $500 license fee,” and that “if you are going to upload more videos we are going to have to follow our protocol.” Sony’s representative didn’t say that she believed the video was not a fair use. Instead, she implied that even a fair use would require payment, and that Sony would keep using YouTube’s Content ID system against HVBA until they paid up.
This is absurd. When using copyrighted material qualifies as a fair use, the user doesn’t need to get a license, permission, or to pay a fee. This exchange suggests that Sony’s representative didn’t know the law, or else knew it full well but tried to coerce HVBA into paying anyway. The Content ID system simply funneled a fair user like HVBA into this misleading exchange with Sony.
Content ID is not the law—yet. It’s a private system set up between YouTube and major entertainment companies like Sony Music, and it exists outside of the regular notice-and-takedown process created by the DMCA’s safe harbor provisions. But the titans of entertainment, and some of their friends in government, want that to change. At Congressional hearings and in formal comments, they have asked Congress to throw out the DMCA’s safe harbor and replace it with something like Content ID on steroids: a law that would require every website and service to match user-posted material against every takedown request ever sent, and then block anything that matches, or even prevent them being uploaded at all.
Changing notice-and-takedown into notice-and-censor would be a disaster for Internet users because, as HVBA’s experience shows, computers are terrible at identifying fair use. If automatic copyright filters become a legal requirement for every user-content website, more people like HVBA will be forced to run a gauntlet of permissions, appeals, and mistakes, just to communicate their own creative works and educational materials. Many, like HVBA, could be pressured to pay licensing fees for uses that require none. Congress needs to preserve and strengthen the safe harbors, not scrap them for a speech-chilling, notice-and-censor approach.
Share this: Join EFF