This week, on the edges of RightsCon Southeast Asia in Manila, Philippines, digital rights groups from around the world came together for two days of intensive work to finalize a new, ambitious standard to safeguard freedom of expression and innovation online. The approach the document takes to further these objectives is by focusing on the liability of Internet intermediaries—such as search engines, web hosts, social networks, domain hosts and ISPs—for online content of their users. Hence the document, officially launched today to applause from delegates of every continent, is named the Manila Principles on Intermediary Liability.
The six simple principles that the document advances, in summary form, are:
- Intermediaries should be shielded by law from liability for third-party content
- Content must not be required to be restricted without an order by a judicial authority
- Requests for restrictions of content must be clear, be unambiguous, and follow due process
- Laws and content restriction orders and practices must comply with the tests of necessity and proportionality
- Laws and content restriction policies and practices must respect due process
- Transparency and accountability must be built in to laws and content restriction policies and practices
By chance, on the very same day that the Manila Principles were released, a far-reaching court decision [PDF] was handed down that shows exactly why principles such as these as important. The decision, of the Supreme Court of India, struck down the notorious Section 66A of the Information Technology Act, which since 2009 had allowed both criminal charges against users and the removal of content by intermediaries based on vague allegations that the content was “grossly offensive or has menacing character”, or that false information was posted “for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will”. Not only is the potential overreach of this provision obvious on its face, but it was, in practice, misused to quell legitimate discussion online, including in the case of some of the plaintiffs in that case—two young women, one of whom made an innocuous Facebook post mildly critical of government officials, and the other who “Liked” it.
The court's judgment ruled that section 66A infringed the fundamental right of free speech and expression guaranteed by Article 19(1)(a) of the Constitution of India. Justice Nariman wrote:
Information that may be grossly offensive or which causes annoyance or inconvenience are undefined terms which take into the net a very large amount of protected and innocent speech. A person may discuss or even advocate by means of writing disseminated over the internet information that may be a view or point of view pertaining to governmental, literary, scientific or other matters which may be unpalatable to certain sections of society. … In point of fact, Section 66A is cast so widely that virtually any opinion on any subject would be covered by it, as any serious opinion dissenting with the mores of the day would be caught within its net. Such is the reach of the Section and if it is to withstand the test of constitutionality, the chilling effect on free speech would be total.
The relevance to the Manila Principles arises in that the intermediary liability provisions of Indian law were also under consideration in the case. Section 79 of the Act provided that an intermediary's immunity from liability could be suspended if it fails to take down content upon “receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit [an] unlawful act”. The court ruled—channelling principle 2 of the Manila Principles—that section 79 did not make intermediaries liable for such illegal content unless they failed to comply with a court order directing them to remove it. The court did not go further and strike down rules that allow for court-ordered blocking, as we think it should have done, but nonetheless this case is a victory against government overreach that attempts to use intermediaries as a chokepoint to restrict constitutionally protected communication online.
This landmark Supreme Court of India decision vindicates the approach we took in the Manila Principles, holding that there are no circumstances in which private parties should be able to force content offline simply by sending a notice to an Internet intermediary; because this opens the floodgates for the infringement of users' freedom of expression and other human rights online, as well as inhibiting intermediaries from offering innovative services that build on user-generated content. We'll be writing more about the Manila Principles on Intermediary Liability in future posts. Meanwhile, we encourage you to read the principles in full and to add your endorsement if you agree that intermediaries should not be made liable for their users' communications, in order to promote freedom of expression and online innovation.Related Issues: Free SpeechInternational
Share this: || Join EFF
There’s some good news coming from the White House today that deserves repeating. Reuters is reporting that Ned Price, a spokesman from the President’s National Security Council, has unequivocally stated:
If Section 215 sunsets, we will not continue the bulk telephony metadata program.
Section 215 of the Patriot Act is the authority that the NSA, with the FBI’s help, has interpreted to allow the U.S. government to vacuum up the call records of millions of innocent people. It expires on June 1.
Some journalists and privacy advocates have speculated that, even if Section 215 were to expire in the absence of other legislation, bulk collection could continue under Section 102(b) of Public Law 109-177, which some have said would allow investigations that began before the expiration of Section 215 to continue. In November, Charlie Savage at the New York Times reported that the provision could mean that:
as long as there was an older counterterrorism investigation still open, the court could keep issuing Section 215 orders to phone companies indefinitely for that investigation.
We agree with ACLU deputy legal director Jameel Jafeer that “it would be ‘perverse’ to interpret the exception as permitting the government to ‘bootstrap itself into permanent Section 215 authority.’” But we do think that looking for loopholes in the language that governs surveillance makes perfect sense—after all, the government’s twisted interpretation of words related to surveillance is well-documented.
That’s why we’re pleased to see this announcement. If the importance of the June 1 expiration of Section 215 wasn’t already apparent, it’s clear now. With the clock ticking, Congress is running out of time to pass legislation that will reform bulk surveillance.
In fact, despite the Administration’s push for reform legislation, it looks increasingly likely that the next vote Congress will face on NSA spying is the June 1 sunset. That’s why contacting Congress about the vote is so important—lawmakers should understand that their vote is a statement about where they stand on the Constitution.
And, while the White House also claimed in its comments to Reuters that Section 215 is a “critical security tool,” the Administration’s own Presidential Review Group stated in a report [pdf]:
the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks[.]
Unless the Administration is playing the same kind of word games with “critical” and “essential” as it has with other words, it's pretty clear that if Section 215 isn’t even essential, it’s hardly critical. Other analyses of Section 215, both from the government and from outside researchers, have come to the same conclusion.
If you agree that it’s time to end mass surveillance, contact Congress and tell them what you expect to see: a no vote on reauthorization of Section 215 on June 1, along with some real comprehensive reform to NSA spying.Related Issues: NSA SpyingRelated Cases: Smith v. ObamaFirst Unitarian Church of Los Angeles v. NSA
Share this: || Join EFF
Manila - An international coalition launched the “Manila Principles on Internet Liability” today—a roadmap for the global community to protect online freedom of expression and innovation around the world.
“All communication across the Internet is facilitated by intermediaries: service providers, social networks, search engines, and more. These services are all routinely asked to take down content, and their policies for responding are often muddled, heavy-handed, or inconsistent. That results in censorship and the limiting of people’s rights,” said Electronic Frontier Foundation (EFF) Senior Global Policy Analyst Jeremy Malcolm, who helped spearhead the principles. “Our goal is to protect everyone’s freedom of expression with a framework of safeguards and best practices for responding to requests for content removal.”
EFF, Centre for Internet Society India, Article 19, and other global partners unveiled the principles today at RightsCon, a major international conference on the Internet and human rights held this week in Manila. The framework outlines clear, fair requirements for content removal requests and details how to minimize the damage a takedown can do. For example, if content is restricted because it’s unlawful in one country or region, then the scope of the restriction should be geographically limited as well. The principles also urge adoption of laws shielding intermediaries from liability for third-party content, which encourages the creation of platforms that allow for online discussion and debate about controversial issues.
“People ask for expression to be removed from the Internet for various reasons, good and bad, claiming the authority of myriad local and national laws. It’s easy for important, lawful content to get caught in the crossfire,” said Jyoti Panday from the Centre for Internet and Society India. “We hope these principles empower everyone—from governments, to intermediaries, to the public—to fight back when online expression is censored.”
The principles and supporting documents can be found online at https://www.manilaprinciples.org, where other organizations and members of the public can also express their own endorsement of the principles.Contact: Jeremy MalcolmSenior Global Policy Analystjmalcolm@eff.org Rebecca JeschkeMedia Relations Director and Digital Rights Analystrebecca@eff.org
Share this: || Join EFF
Facebook recently updated its community standards. As the company noted in the announcement accompanying the change, their “policies and standards themselves are not changing,” but that they wanted to provide more clarity to a set of existing rules that have often been misunderstood by users.
While some of the changes provide significantly more detail as to the reasoning behind certain content restrictions, others fall short. And unfortunately, the updated standards do very little to solve the continuing problem of account suspensions for “real names” violations.
Even in the last week and a half Facebook has continued to suspend users for violations of its “real names” policy, a policy which we’ve argued causes real world harm. In the latest story to get publicity, a teen with the legal name Isis King had her account suspended by Facebook for a names policy violation—until a media inquiry. The latest update to the community standards won’t change the experience of users like Isis King, but it does clarify where Facebook stands.
Prior to the change, the standards read: “On Facebook people connect using their real names and identities.” Because Facebook asks for ID when handling appeals and blocks certain words from being entered in the “name” fields at account creation, most users have assumed that when Facebook says “real name,” the company really means “legal name.”
Following a spate of account takedowns last fall, however, Facebook’s Chief Product Officer, Chris Cox, posted a statement in which he said: “our policy has never been to require everyone on Facebook to use their legal name.” Shortly thereafter, we noted a shift in the company’s language in notifications to users. A section on account security in the Community Standards now reads, in part:
Using Your Authentic Identity: How Facebook's real name requirement creates a safer environment.
People connect on Facebook using their authentic identities. When people stand behind their opinions and actions with their authentic name and reputation, our community is more accountable...
Nevertheless, the company’s Statement of Responsibilities—the legal text underpinning the Community Standards—still contains language referring to real names:
Facebook users provide their real names and information, and we need your help to keep it that way.
While we’re glad to see that Facebook is changing how it communicates this guideline to users, it’s a very small change in the face of the continuing reports that Facebook is suspending users’ accounts for name policy violations.
Facebook’s content policies—and how they are implemented—have often left users confused. For example, the company told us that images of mothers breastfeeding were never meant to be restricted, yet numerous instances of such photos being removed have led to a persistent belief that the company bans such images.
The latest iteration of the community standards is intended to provide additional clarity to users. As the New York Times’ Vindu Goel put it, “[Despite] its published guidelines, the reasoning behind Facebook’s decisions to block or allow content are often opaque and inconsistent.”
In respect to some topics, Facebook has certainly met their goal. The section on sexual violence and exploitation, for example, lays out numerous examples of what the company deems unacceptable. A section on “attacks on public figures” clarifies that Facebook does not remove criticism of public figures...unless it constitutes hate speech, in which they treat the content as they would if the target were not famous.
Other sections leave more to be desired. While Facebook’s rules about “dangerous organizations” make clear that groups engaged in “terrorist” or “organized criminal” activity have no place on the platform, there is no additional clarity on how terrorist groups are defined, despite some evidence that the definitions are underpinned by US law.
If a person’s account is suspended, those appeals are read by real people who can look into the specifics.
Although Facebook instituted an appeals process in 2011, the process is only available for users whose Page or Profile has been removed; that is, there is no process for appealing when other content—such as photos, posts, or videos—are removed. Furthermore, the process is ambiguous and doesn’t seem to make much of a difference to users, many of whom have contacted us following account suspensions.
The appeals form itself is hard to find. It's accessible through the help center. But Facebook doesn’t seem to actually highlight it as an option in the endless screens users find themselves in when trying to verify their “authenticity.” Once users find themselves in that process, they are directed to update their name, instead of being sent to the appeal. When they click on the link Facebook provides to its help center during the name verification process, that link goes to lists of ID, not to the appeal.
In fact, the appeal isn’t available unless an account has been entirely disabled. Some users have had the experience of providing ID to Facebook with a legal name that didn’t match their real name, only to have Facebook put that legal name on the account. We’ve been contacted by users with abusive stalkers, users who have public-facing jobs that use their drag name, and others who’ve had this experience. Those users can’t access the appeals form once their account is erroneously restored.
Finally, in an impressive display of irony, the appeals form requires users to upload an ID. In other words, it requires users who are having issues with Facebook’s process of verifying identity (using an ID) to restore accounts to do exactly that— upload an ID, before even getting the chance to talk to someone. Considering that accounts have been restored with incorrect names in dangerous situations, users’ hesitancy to upload an ID just to file an appeal is understandable.
If Facebook cares about its users, it should make its appeals process easier to access and easier to use. It should allow appeals for all types of removed content, not just Profiles and Pages. And it certainly shouldn’t require ID as the first step.
While we think it’s good that Facebook decided to provide more clarity about its policies, it might be better served by improving those policies and ensuring that Facebook is an accessible, open platform for its millions of users worldwide.Related Issues: Free SpeechAnonymityInternational
Share this: || Join EFF
When does an online fantasy cross the line into criminal conspiracy? That’s the issue the Second Circuit Court of Appeals is currently weighing in United States v. Gilberto Valle, the so-called “cannibal cop” case. EFF filed an amicus brief in support of Valle today, arguing that finding him guilty of conspiracy based on his online statements would put us in the scary realm of “thoughtcrime.”
Valle was a New York City police officer charged with and convicted of both conspiracy to kidnap and violating the Computer Fraud and Abuse Act (“CFAA”). Earlier this month, we filed a separate amicus brief in Valle’s appeal of his CFAA conviction, arguing that it was a dangerous expansion of criminal law. But the conspiracy charges are equally troubling, stemming from discussions Valle had in chat rooms on fantasy role-playing fetish websites involving cannibalism. The government alleged that these discussions were more than just fantasy role-playing, and actually a concerted criminal plot to kidnap and eat women.
The district court judge threw out the jury's conspiracy verdict in an 118-page ruling, stating “the nearly yearlong kidnapping conspiracy alleged by the government is one in which no one was ever kidnapped, no attempted kidnapping ever took place, and no real-world, non-Internet-based steps were ever taken to kidnap anyone.” But the government has appealed the reversal of the conspiracy conviction, so we’ve filed another amicus brief in support of Valle, arguing that the trial court got it right.
The court ultimately believed—and we agree—that finding Valle guilty of conspiracy based on his online statements would hold him guilty of thoughtcrime (or “crimethink” in Newspeak). It’s understandable that a jury would find the discussions taking place in these chat rooms disgusting. Juries are instructed to leave emotion out of the deliberation room and to coldly apply the facts to the law, but that can be hard to do in cases involving controversial facts. That’s why it’s important for reviewing judges to independently examine the context of speech in order to determine whether speech loses its protected status and is fairly determined “criminal.”
That’s exactly what we tell the Second Circuit to do in our amicus brief: rather than simply deferring to the jury’s finding of guilt, the court needs to independently examine the context of the speech and determine whether it rises to conspiratorial speech that is criminal and unprotected by the First Amendment. Courts have routinely used their own independent review of speech to determine whether speech qualifies as soliciting or inciting a criminal act, slander, libel and other forms of unprotected speech. Our brief explains why it should be no different when it comes to speech alleged to be part of a criminal conspiracy. The Center for Democracy & Technology, Marion B. Brechner First Amendment Project, National Coalition Against Censorship, Pennsylvania Center for the First Amendment and a number of First Amendment and Internet law scholars also signed onto the amicus brief.
More critically, we note that this independent review is especially important in cases involving controversial facts like this one, to ensure that bad facts (and emotion-driven juries) don’t create bad law that will have an effect beyond the case at hand. The lower court’s meticulous review of the facts of the case and the speech at issue—ultimately concluding that Valle’s speech was fantasy rather than part of a true conspiracy—should serve as a blueprint for other courts looking at allegedly criminal speech. Hopefully the Second Circuit will follow the lower court’s lead and find—after conducting its own independent review—that Valle’s fantasies were not a criminal conspiracy.United States v. Gilberto Valle
Share this: || Join EFF
Open government advocates file requests for public records because it’s not only our right, but our duty as citizens to find out what the government is doing in our name, how officials are spending our tax dollars, what kinds of mistakes they’re making, what problems our communities face, and how we can improve society through policy changes.
Unfortunately, some public officials interpret transparency as a threat, best answered not with documents, but intimidation, insults, and other forms of retaliation.
In this fourth and final round of The Foilies—EFF’s Sunshine Week “awards” for outrageous experiences in pursuing public records—we’re focusing on how government agencies (and one rock star) lashed out at citizens and journalists for attempting to unearth unflattering truths. We’ll also cover a few cases where that behavior had consequences.Chilliest Home Visit
Marshall County Sheriff’s Department (Tennessee)
Alex Friedmann of Prison Legal News was investigating abuses and misconduct in the Marshall County Jail by filing requests for records. That didn’t sit well with the local sheriff, Norman Dalton, who demanded Friedmann show up in person to file the request, which Friedmann pointed out was a clear contradiction of official policy. When Dalton refused to hand over the records, Friedmann sued.
As a local TV station, WSMV, reported:
Not only did the sheriff's office deny him those requests, but Dalton admitted on the witness stand to ordering background checks on Friedmann, calling the [Tennessee Department of Safety and Homeland Security] and even going to Friedmann's house.
Friedmann won his case, while Dalton lost his reelection bid later that year.The Guacamoia Prize
When the University of Oklahoma booked Jack White for a gig, the intrepid student reporters at The Oklahoma Daily filed a brief records request for the rock star’s contract. It turned out the school was paying around $80,000 for the show, but that wasn’t the only cost. White’s rider [PDF]—a list of requests musicians provide in advance of the show—made some bizarre demands, including there be no bananas on the premises and that he be provided with a bowl of homemade guacamole. He even included the specific recipe. The students published the whole thing.
Jack White didn’t take it well. During the performance he ridiculed the concept of freedom of information and the freedom of press and later his booking company blacklisted the university for future performances with its artists. White then went onto his blog to further chastise the students, writing in all lowercase:
am i disappointed in young journalists at their school paper? absolutely. but i forgive them, they’re young and have learned their lesson about truth and ethics hopefully.
Obviously the students were well within their rights to see how their tuition is being spent. In solidarity, EFF made some guacamole from the recipe—chunky, just the way White likes it.Most Passive-Aggressive Release of Records
San Diego County District Attorney’s Office
In early 2014, a Mexican national and his cohorts were arrested for allegedly illegally funnelling money into San Diego County District Attorney Bonnie Dumanis’ campaign for mayor. The DA claimed she knew nothing about the donations, saying “I have nothing to hide,” and, indeed, public records requests for communications with or involving the donor turned up very little.
Then, during court hearings, it emerged that Dumanis had in fact written a college recommendation letter on behalf of the donor’s son. Immediately, the press filed requests under the California Public Records Act, demanding the document. Dumanis refused, claiming that the letter was private correspondence, despite the fact that it used her official title and was written on her office’s letterhead.
Only when the press joined together to threaten a lawsuit, did the District Attorney release the letter—but not to the reporters who had asked for it. Instead, one TV station scored the exclusive by saying they supported her position and promising a friendly interview that would emphasize that she didn’t break the public records law.Best Tweeted Apology
NBC reporter Scott MacFarlane was seeking records related to the 2013 Navy Yard shooting under the Freedom of Information Act. Then the Navy accidentally sent him internal correspondence in which the staff processing his FOIA discussed their strategy to push back against what they called a “fishing expedition,” including providing him with a “costly” estimate to influence him to narrow his FOIA request.
Now, to us, this is such a common practice across government agencies, big and small, that we just take it for granted. But what’s surprising here is how the Navy reacted when the memo went public. The Navy ordered a review of the FOIA office, sent MacFarlane a direct apology, then tweeted it out publicly:Best Comeuppance
Metropolitan Housing Alliance (Little Rock, Arkansas)
The Arkansas Democrat-Gazette filed public records requests with the Metropolitan Housing Alliance, Little Rock’s affordable housing authority, for work orders and tenant complaints for the previous two years. The head of the agency responded with a $16,378 invoice to hire outside contractors to process the request and purchase supplies, something that isn’t allowed under the state’s Freedom of Information Act. The paper enlisted the help of the Pulaski County Prosecuting Attorney Larry Jegley to obtain an arrest warrant from a judge since Arkansas is one of the few places where breaking open records laws is a crime, in this case, a Class C Misdemeanor.
It was the first time in the Jegley’s 23-year history as prosecutor he has had to take it this far. As the newspaper reported:
"Usually, we can work things out for people to get the documents they're entitled to -- that's ultimately what it's all about," Jegley said, calling this instance with the housing agency "over the top," "outrageous" and "absolutely indicative of bad faith on the part of the agency and the responsible individuals."
Forte pleaded “not guilty,” and the case is set for trial this spring.
For earlier posts from The Foilies:jack_white_contract.pdf
Share this: || Join EFF
Twenty-four Million Wikipedia Users Can’t Be Wrong: Important Allies Join the Fight Against NSA Internet Backbone Surveillance
Last week, the ACLU filed a welcome additional challenge to the NSA’s warrantless Internet backbone surveillance (aka “Upstream” surveillance) on behalf of Wikimedia and a number of other media and human rights organizations. We applaud all of those involved in bringing the case. It adds another avenue of attack on one of the NSA’s most audacious programs—tapping into the very backbone of the Internet and thereby putting all of our online activities under scrutiny.
Wikimedia, the non-profit that operates Wikipedia, succinctly explained in a blog post why the NSA’s “collect it all” mentality is dangerous: it forces Wikipedia users to “look over their shoulders before searching, pause before contributing to controversial articles, or refrain from sharing verifiable but unpopular information.”
The Upstream surveillance challenged by Wikimedia is also challenged in EFF’s longstanding lawsuit, Jewel v. NSA. (Laura Poitras’ Academy Award-winning documentary Citizenfour even features a hearing in the Jewel case back in 2011.) Jewel is a class action on behalf of ordinary Americans brought in San Francisco federal court, whereas the Wikimedia case was filed by non-profit organizations and is pending in Maryland federal court.
Both cases are now supported by the NSA’s public admissions that what it calls Upstream involves copying Internet traffic—including e-mails, chat, web browsing and other communications—as the data traverses the fiber optic backbone of the Internet. As our graphic below shows—adapted slightly from one we used in Jewel and based on admissions contained in previously secret court orders (pdf) and the Privacy and Civil Liberties Oversight Board report (pdf) and other sources—the NSA sits between Internet users, such as Wikipedia visitors and editors, and web servers like Wikipedia’s. It intercepts their communications in order to copy and then analyze and filter them. (Links to the government admissions and other documents supporting this graphic are available here.) This includes reviewing both the content and the metadata of messages retained past an initial filter.
The NSA claims that Section 702 of the FISA Amendments Act (FAA) authorizes them to collect your communications involving “non-US persons,” but of course you have a right to have a private conversation with someone abroad and to access information stored on a website hosted abroad without the government involved at all. And even by the government’s own description, its Internet backbone collection routinely sweeps up and searches through the content of a tremendous number of purely domestic communications, where the requirement to get a warrant is unequivocal.
Like the Wikimedia plaintiffs, EFF has argued in Jewel that Internet backbone surveillance violates Internet users’ constitutional rights. Specifically, we argue that by copying traffic from the backbone, the NSA has improperly seized communications, and by then searching the copied material for “selectors” such as e-mail addresses, it has carried out an unreasonable search in violation of the Fourth Amendment.
Last month, however, the court issued a disappointing decision on the Upstream collection in Jewel. The court wrote that despite reams of public evidence, including the government’s own admissions, the plaintiffs had failed to paint a complete enough picture of the program to establish their standing. It also said that the additional information needed was just too secret to serve as a basis for a court decision about whether the constitution has been violated. As a result, the District Court found that a “full and fair adjudication” of our clients' Fourth Amendment claims would require consideration of evidence covered by the state secrets privilege and would risk harm to national security.
We disagree with this ruling and will continue to pursue our claims. We believe it is dangerous in a democracy to allow claims of secrecy to prevent evaluation of whether the government has invaded the constitutional rights of millions of innocent Americans. Such secrecy is especially inappropriate when it is used to preclude consideration of a program that is already widely acknowledged by the government. Moreover, the law actually provides a mechanism for considering secret evidence concerning electronic surveillance without harm to national security, and this same court had previously ruled that this mechanism largely displaced the state secrets privilege.
Most importantly, however, we are loudly cheering on our colleagues at the ACLU, Wikimedia and others in their challenge to Upstream collection. We need to reaffirm that our constitutional rights aren’t subject to a national security exception and reinstate the bedrock American freedom of innocent people to engage in private conversation.Related Cases: Jewel v. NSA
Share this: || Join EFF
Senate Intelligence Committee Advances Terrible "?C?y?b?e?r?s?e?c?u?r?i?t?y?"? ?B?i?l?l? Surveillance Bill in Secret Session
The Senate Intelligence Committee advanced a terrible cybersecurity bill called the Cybersecurity Information Sharing Act of 2015 (CISA) to the Senate floor last week. The new chair (and huge fan of transparency) Senator Richard Burr may have set a record as he kept the bill secret until Tuesday night. Unfortunately, the newest Senate Intelligence bill is one of the worst yet.
Cybersecurity bills aim to facilitate information sharing between companies and the government, but their broad immunity clauses for companies, vague definitions, and aggressive spying powers make them secret surveillance bills. CISA marks the fifth time in as many years that Congress has tried to pass "cybersecurity" legislation. Join us now in killing this bill.
The newest Senate Intelligence bill joins other cybersecurity information sharing legislation like Senator Carper's Cyber Threat Sharing Act of 2015. All of them are largely redundant. Last year, President Obama signed Executive Order 13636 (EO 13636) directing the Department of Homeland Security (DHS) to expand current information sharing programs. In February, he signed another Executive Order encouraging regional cybersecurity information sharing and creating yet another Cyber Threat Center. Despite this, members of Congress like Senators Dianne Feinstein and Richard Burr continue to introduce bills that would destroy privacy protections and grant new spying powers to companies.
New Countermeasures and Monitoring Powers
Aside from its redundancy, the Senate Intelligence bill grants two new authorities to companies. First, the bill authorizes companies to launch countermeasures (now called "defensive measures" in the bill) for a "cybersecurity purpose" against a "cybersecurity threat." "Cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of the information system.
Even with the changed language, it's still unclear what restrictions exist on "defensive measures." Since the definition of "information system" is inclusive of files and software, can a company that has a file stolen from them launch "defensive measures" against the thief's computer? What's worse, the bill may allow such actions as long as they don't cause "substantial" harm. The bill leaves the term "substantial" undefined. If true, the countermeasures "defensive measures" clause could increasingly encourage computer exfiltration attacks on the Internet—a prospect that may appeal to some "active defense" (aka offensive) cybersecurity companies, but does not favor the everyday user.
Second, the bill adds a new authority for companies to monitor information systems to protect an entity's hardware or software. Here again, the broad definitions could be used in conjunction with the monitoring clause to spy on users engaged in potentially innocuous activity. Once collected, companies can then share the information, which is also called “cyber threat indicators,” freely with government agencies like the NSA.
Sharing Information with NSA
Such sharing will occur because under this bill, DHS would no longer be the lead agency making decisions about the cybersecurity information received, retained, or shared to companies or within the government. Its new role in the bill mandates DHS send information to agencies—like the NSA—"in real-time." The bill also allows companies to bypass DHS and share the information immediately with other agencies, like the intelligence agencies, which ensures that DHS's current privacy protections won’t be applied to the information. The provision is ripe for improper and over-expansive information sharing.
Overbroad Use of Information
Once the information is sent to any government agency (including local law enforcement), it can use the information for reasons other than for cybersecurity purposes. The provisions grant the government far too much leeway in how to use the information for non-cybersecurity purposes. The public won’t even know what information is being collected, shared, or used because the bill will exempt all of it from disclosure under the Freedom of Information Act.
In 2012, the Senate negotiated a much tighter definition in Senator Lieberman's Cybersecurity Act of 2012. The definition only allowed law enforcement to use information for a violation of the Computer Fraud and Abuse Act, an imminent threat of death, or a serious threat to a minor. The Senate Intelligence Committee's bill—at the minimum—should've followed the already negotiated language.
The bill also retains near-blanket immunity for companies to monitor information systems and to share the information as long as it's conducted according to the act. Again, "cybersecurity purpose" rears its overly broad head since a wide range of actions conducted for a cybersecurity purpose are allowed by the bill. The high bar immunizes an incredible amount of activity. Existing private rights of action for violations of the Wiretap Act, Stored Communications Act, and potentially the Computer Fraud and Abuse Act would be precluded or at least sharply restricted by the clause. It remains to be seen why such immunity is needed when just a few months ago, the FTC and DOJ noted they would not prosecute companies for sharing such information. It's also unclear because we continue to see companies freely share information among each other and with the government both publicly via published reports, information sharing and analysis centers, and private communications.
A Fatally Flawed Bill
This fatally flawed bill must be stopped. It's not a cybersecurity, but a surveillance bill. And it can be voted on at any time. Get in touch with your Senator, tell them to vote no on the bill, and to not cosponsor the Senate Intelligence Committee's Cybersecurity Information Sharing Act of 2014.Related Issues: Cyber Security Legislation
Share this: || Join EFF
This week is Sunshine Week, an annual celebration to promote government transparency and access to information. As a public interest organization dedicated to these ideals, EFF continues to call on Congress to update the Freedom of Information Act, a key tool for citizens to obtain federal government records and to hold federal agencies accountable.
Two FOIA reform bills are pending in Congress. The Senate bill is the FOIA Improvement Act of 2015 (S. 337), which the Senate Judiciary Committee passed in February. The House bill, the FOIA Oversight and Implementation Act of 2015 (H.R. 653), has yet to be considered by the House Committee on Oversight and Government Reform.
An important aspect of both bills is that they narrow Exemption 5, which permits an agency to withhold inter-agency or intra-agency “pre-decisional” memos and other documents that reflect the agency’s “deliberative process” in reaching a final decision. Congress’ legitimate policy goal in enacting Exemption 5 was to permit some level of confidentiality in order to promote candor among agency employees.
Both bills create a time limit for documents withheld under Exemption 5, meaning that even if Exemption 5 technically applies to records, if the records are older than 25 years from the date of the FOIA request, the agency cannot withhold them from disclosure. The House bill goes a step further and requires disclosure of “records that embody the working law, effective policy, or the final decision of the agency.”
These reforms are important, particularly the language in the House bill, because Exemption 5 has been inappropriately used by many federal agencies to withhold documents that are arguably final decisions. The exemption has been used by the Justice Department, in particular, to withhold opinions by the Office of Legal Counsel (OLC), which is considered the authoritative source on how the Executive Branch interprets the law.
We lost a FOIA lawsuit last year that sought to obtain an OLC opinion that authorized the FBI’s use of “National Security Letters” to obtain citizens’ call logs without legal process and contrary to existing law. The ACLU and the New York Times won a similar lawsuit to obtain the OLC opinion authorizing the “targeted killing” of Americans only because the government had voided its ability to invoke Exemption 5 when it made various public statements about the targeted killing program.
One disappointing aspect of the FOIA reform bills is that they do not include a public interest balancing test for Exemption 5. Such language was originally included in the Senate bill last Congress, but it was stripped out at the last minute and not included in either bill this Congress. A public interest balancing test would require the disclosure of records if the public interest in doing so outweighs the agency’s interest in withholding the documents. This would give federal judges the power to order disclosure even if the agency appropriately invokes Exemption 5. The House bill does include language that directs the agencies to generally consider “whether the release of the records would be in the public interest because it is likely to contribute significantly to public understanding of the operations or activities of the government.”
If FOIA made clear that agencies cannot withhold documents that reflect the “working law, effective policy, or the final decision of the agency,” and agencies and judges must consider the public interest in disclosure even if Exemption 5 technically applies, perhaps we would have won our lawsuit and the ACLU and New York Times would not have had to rely on unique facts to win their case. Without public access to OLC opinions, which have also authorized torture and warrantless wiretapping, the federal government creates a body of secret law, which is antithetical to a democratic society.
Notwithstanding the importance of narrowing the scope of Exemption 5, it is important to note that FOIA exemptions are generally discretionary, meaning that even if an exemption technically applies to a request, an agency has the discretion to disclose the records anyway. The FOIA reform bills would force greater transparency by codifying the Obama administration’s policy that agencies should implement FOIA under a presumption of openness and that records should only be withheld if the agencies can “reasonably foresee” harm from disclosure, not merely because an exemption technically applies. This would prohibit future administrations from shifting to a less transparent FOIA policy, which was the case with the last Bush administration.
The FOIA reform bills also strengthen the Office of Government Information Services (OGIS), also known as the FOIA ombudsman, that works with requesters and agencies to resolve FOIA disputes in order to avoid costly litigation. Both bills clarify that OGIS can issue its annual report (with recommendations for how agencies can improve FOIA implementation) without obtaining prior approval from any other Executive Branch agency or office, which has been a problem in the past. The Senate bill also provides that OGIS can issue advisory opinions on disputes between requesters and agencies at anytime, either pursuant to its own discretion or a request from a party (current law only authorizes advisory opinions pursuant to OGIS’s discretion and after mediation fails).
Finally, both bills mandate the creation of a “consolidated online request portal” to provide the public with a “one-stop shop” for submitting FOIA requests to federal agencies, which is already underway by a few select agencies at FOIAonline.
While the FOIA reform bills could go further in improving FOIA implementation, they both offer meaningful changes that would enhance government transparency and advance the public’s right to know. We urge Congress to be true to the spirit of Sunshine Week and pass FOIA reform legislation as soon as possible.
Share this: || Join EFF
Government agencies sure love their black markers.
For transparency activists, receiving overly redacted documents is a guilty pleasure. Sure, we'd all prefer to have the records unmarred by secrecy (except for narrow occasions, such as when the black-outs legitimately protect people's privacy), but sometimes those redactions are the first indication that we've hit pay dirt. Other times, these redactions provide comic relief.
In anticipation of Sunshine Week, EFF called for the public to submit the most absurd redactions they've seen for for The Foilies, our new “awards” for shenanigans in the Freedom of Information process. The big takeaway from the nominations we received: redactions can be unintentional conceptual art.Most Surreal Retirement Party
Federal Bureau of Intelligence
USA Today reporter Brad Heath submitted a FOIA request to the FBI for documents related to a retirement party, to which he believed a certain controversial figure had been invited. Rather than just rejecting the record request altogether, to the agency's credit, the FBI's FOIA team went through the photos one by one, adding white squares to mask the faces of all the attendees in an admirable attempt to balance transparency and confidentiality.
The result: a surreal photo album from the Blockhead family reunion.
Worth noting for future redactors: faces are censored with boxes, but hugs and kisses on the cheek are censored with irregular hexagons.
U.S. State Department
We'll let ProPublica journalist T. Christian Miller explain the back story of this gem:
This was a State Department cable returned as part of a request of all cables from the U.S. Embassy in Liberia to the State Department between 2005 and present. The cables were an important source of information in ProPublica and Frontline’s project called Firestone and the Warlord about how the iconic American tire company helped finance warlord Charles Taylor’s rise to power. In fairness, the State Dept. delivered only one cable in this format, with type so tiny I called it Lilliputian Font, maybe 4 pt in actual size. So it was probably an accident. But it was about the “worst forms of child labor in Liberia.” So who knows?Most Ironic Literary Redaction
Tie: Ibrahim v. DHS opinion and Seattle Public Schools
Ask us to choose between Kafka and Orwell and you'll get a hung jury. But instead of throwing the case out, we're just going to split the foil down the middle.
The first is from an infamous "No Fly" case, in which a Malaysian professor, Rahinah Ibrahim, sued to get her name taken off the Department of Homeland Security's No Fly list, since it had wound up there by accident. After an eight-year battle, Ibrahim received a favorable decision from the judge last year. The version of the opinion made public was chockful of redactions, including this deliciously ironic one:
(h/t Ars Technica)
Technically the second request was just a few days outside our cut off point, but we're making an exception because it's just too perfect to hold for another year. This one was nominated by Isaiah Earhart, a parent of a child in the Seattle Public Schools system, who was seeking information about administration of the school's robotics club in 2014. The text of the email was redacted under an attorney-client privilege exemption, but note the ironic signature quote:Most Mysterious Mystery Meat
Chicago Public Schools
Monica Eng of WBEZ filed a records to learn what kind of ingredients make up school lunches fed to students. Chicago Public Schools came back with this frustratingly vague response:
Burlington County Times staff writer Sharon Lurye, who sent in this nomination, commented, "No need to worry about what's in the mystery meat in the cafeteria. These chicken nuggets are guaranteed to be made only from 100% chicken nuggets." According to Eng, the school district released the actual list of ingredients a few days later after the Illinois Attorney General got involved.
For other posts from The Foilies:Transparency
Share this: || Join EFF
The Supreme Court took a major step in cutting back on abstract software patents last June when it issued its landmark ruling in Alice Corp. v. CLS Bank. In essence, the court said that abstract ideas implemented by conventional computer process are not eligible for patent protection. Since then, the PTO has attempted to write guidance applying the law to pending patent applications. Unfortunately, the PTO has floundered and continues to grant far too many invalid patents. This week EFF filed public comments asking the Office to do more to ensure its examiners apply the new law.
In our comments, we criticize the PTO’s latest statement on Alice. The main problem with the PTO’s interim guidance on patent eligibility is that it doesn’t really provide much guidance. Faced with the challenge of applying recent rulings, the Office simply summarizes a series of court decisions without explaining how examiners should apply them to new applications. Even worse, the PTO has included some old decisions from lower courts that are, at the very least, questionable law after Alice.
We think the PTO should instead focus on explaining how Alice has changed the law. Most important is to emphasize to examiners that abstract ideas and functions implemented by conventional computer processes are no longer patent eligible. Prior Federal Circuit authority held that a programmed general purpose computer was a patent-eligible machine. That is no longer the law.
Our comments identify a number of recently-issued patents that should not have been granted after the Alice ruling. For example, US Patent No. 8,978,130 was just issued and is basically a patent on getting parental permission (but over a computer with authorization codes). Figure 7 from this patent is shown here. Back in 2013, the examiner rejected a number of the proposed claims writing: “Examiner advices [sic] the applicant to add hardware (i.e., micro-processor or computer processor) to the claim language.” Under now-overruled law, it was often enough to simply tack on generic hardware to save an abstract software patent claim. Alice changed that. Nevertheless, the examiner never revisited the eligibility issue and allowed the patent.
The Supreme Court’s decision in Alice will only help if the PTO applies it diligently. Even bad patents are useful to trolls as litigation weapons since they are so expensive to overturn. To cut the problem off at the source, we need the PTO to stop the flood of invalid software patents.Files: EFF Comments Regarding Interim Eligibility GuidanceRelated Issues: PatentsPatent TrollsInnovation
Share this: || Join EFF
Last year, the current President of the European Commission, Jean-Claude Junker, declared that his number one priority was to “create a digital single market for consumers and businesses,” in which “consumers can access music, movies and sports events on their electronic devices wherever they are in Europe and regardless of borders”.
This is a dream that many Europeans share, and is reflected in the draft report for the European Parliament put together by Julia Reda, which EFF commented on last month. Reda's proposals to the Commission provide a road-map for how to get from here to there—from a convoluted system of 28 different markets, each with different copyright rules, towards a system where licensing rules and users' rights are harmonized, much as they are between the 50 United States.
Reda's report, which is one of two reports on copyright that the European Parliament is preparing as non-binding inputs for the Commission, has drawn proposed amendments from four of the Committees of the Parliament. Votes on those amendments are coming up between March 24 and May 7 (the full complexity of this process is illustrated in the diagram below, prepared by our friends at EDRI, who also have a document pool with more information).
The majority of the proposed amendments from other Parliamentarians are disheartening for Europeans wishing to see real copyright reform. The amendments would gut the report of some of its key recommendations, including that copyright limitations and exceptions should be unified across Europe, that there should be a European version of “fair use”, and that DRM should not be allowed to inhibit users from accessing works in ways that copyright law allows.
Many of these proposals make high-sounding references to the need to preserve Europe's cultural diversity. This sounds good on the surface, but these are actually an argument in favor of retaining 28 different sets of copyright laws, all with their own distinct sets of copyright limitations and exceptions. This would make the dream of a single European digital market all but impossible.
One of the problems behind the lack of vision displayed by these European Parliamentarians is that they have not been exposed to a balanced cross-section of views of all stakeholders. In particular, a new cross-cutting Working Group on Intellectual Property Rights and Copyright Reform, which contains representatives from all of the groups who have commented on Reda's report, is being briefed only by a narrow retinue of lobbyists and analysts who hold views favorable to rightsholders.
Today, EFF joined 23 other organizations and networks in writing to the Coordinator of the Working Group, Jean-Marie Cavada, to ask that it ensure a more balanced representation of views going forward. The letter states:
Making copyright rules future-proof requires a holistic approach. This can only be achieved if the full spectrum of stakeholders is adequately represented and given a chance to speak in front of Members of Parliament who will ultimately be tasked with passing new copyright legislation.
It will still be an uphill battle to achieve meaningful copyright reform for Europe's almost 800 million citizens—the process of European lawmaking is slow, baroque, and beset with weak points where compromises can creep in. But a good first step in keeping the dream of a digital single market for Europeans alive would be to ensure that copyright users, and not just rightsholder lobbyists, get a fair chance to be heard.Related Issues: Fair Use and Intellectual Property: Defending the BalanceInternationalEFF Europe
Share this: || Join EFF
Police practices came under intense public scrutiny in 2014, as citizens raised further questions about the use of mass surveillance technologies and deadly force. From Ferguson to New York City, from Alameda County to Tucson, watchdogs have sought records to hold law enforcement agencies accountable for abuses. As one might expect, many of these local and federal police agencies have shunned sunlight, often citing absurd excuses to withhold documents.
For Sunshine Week, EFF began collecting transparency horror stories for The Foilies, our new “awards” to highlight problems citizens face in the Freedom of Information Act and other public-records request processes. So many of the nominations involved secrecy within law enforcement agencies that we decided to compile them together for today’s Round 2 of the Foilies.
EFF has been engaged in a years-long battle over various surveillance technologies, including lawsuits against Los Angeles law enforcement agencies over automatic license plate readers (ALPRs) and against the U.S. Department of Justice over cell-phone tracking devices on planes. We’re glad that we’re not the only ones working to shine light on these issues.Special Achievement in Battery Draining, Mass Surveillance Category
City of Lansing/Lansing Police Department’s Automatic License Plate Readers
The Lansing Police Department purchased a set of automatic license plate readers, little cameras that cops mount on the trunks of their cars to capture the license plate of any other car nearby. Yet, when a local resident filed a records request for ALPR data, he was told it didn’t exist due to “malfunctioning of the automated LPR technology.”
A few weeks later, the Lansing City Attorney sent a second letter admitting that a few months of ALPR data did exist and that it was all an “internal misunderstanding.” The letter further explained that the police were using ALPR less and less due to myriad problems, including the devices “draining the car batteries” and “hot sheets not downloading automatically.”
Nevertheless, the city refused to hand over the limited data in their possession. In earlier justifications for using ALPR, police had cited case law to claim “that a person traveling on public roads has no expectation of privacy in his movements.” Now, however, the city is claiming that data must be withheld because “disclosure of the information would constitute a clearly unwarranted invasion of an individual’s privacy.”Most Egregious Nationwide Conspiracy to Hide Surveillance Technologies
Federal and local law enforcement agencies across the United States
We received scores of nominations regarding law enforcement use of “Stingrays,” also known as IMSI catchers, devices that emulate cell towers to track mobile phone users. In San Diego, the city attorney refused to turn over documents related to Stingrays, even ones already available on the city's website. The Tacoma Police Department responded to a request for non-disclosure agreements with that same company with four completely blacked out pages. We received similar stories from Erie County in New York and the city of Charlotte, but perhaps the FBI’s secrecy was the worst.
The FBI told Muckrock it couldn’t locate a log of non-disclosure agreements with police departments regarding Stingrays, only to later find it and claim that document would be withheld in full. In Daniel Rigmaiden’s FOIA battle over Stingrays, the FBI tried all sorts of tricks to withhold the records, including arguing that “the stigma of working with the FBI would cause customers to cancel the companies’ services and file civil actions to prevent further disclosure of subscriber information” and that releasing the information would result in “economic retaliation against the United States.” The FBI has also butted into local public-records cases to keep the information from becoming public. In one affidavit, the FBI even claimed that any official who released Stingray details to a media organization could face 20 years in prison and a $1 million fine.
These cases may just be the tips of a field of icebergs.Most Dubious Delay in Providing Police Use of Force Records
Corpus Christie Police Department
A Texas woman made a selfie-style video as she was put in a chokehold by a police officer in a Whataburger parking lot. After the YouTube clip went viral, Mike Rekart of Photographyisnotacrime.com put in a public records request for the department “use of force” policy.
Corpus Christie police stalled release of the document, claiming it was “copyrighted” and required special authorization. That delay gave the department enough time to amend the policy so that the version they eventually gave the requester was not the version in place during the controversial chokehold.Most Outrageous Argument for Withholding Police Use of Force Records
Victoria Police Department
In Victoria, Texas, a police officer was caught on dashcam video throwing a senior citizen to the ground and zapping him with a Taser. When Rekart tried to obtain the policy related to use of force and weapon discharges, the police asked [PDF] the Texas Attorney General to rule that these could be kept secret, because release “could impair an officer’s ability to arrest a suspect by placing individuals at an advantage in confrontations with police.”
Citizens have a right to know what to expect when interacting with police, so they can behave in a way that won’t get them choked, Tased, or shot. Similarly, citizens should know what to expect in terms of surveillance technologies, so they can participate in crafting policing policies and priorities in their communities. Yes, transparency gives the public an advantage, but that’s also an advantage for law enforcement, through trust-building and mutual understanding. Sunshine makes us all safer.
For other posts from The Foilies:lpd-appeal_letter.pdf alpr_response_to_hoffmeyer_2-1.pdf 251763881-victoria-use-of-force-req-ag-opinion-2.pdfRelated Issues: TransparencyRelated Cases: Automated License Plate Readers (ALPR)
Share this: || Join EFF
Attention California: the privacy and security of your driver licenses are under threat from a new scheme to massively expand how photo IDs are shared and analyzed by law enforcement agencies.
Over the last few months, an obscure panel within the California Department of Justice (DOJ) has been taking steps to connect the statewide law-enforcement system for accessing driver license photos and mugshots, Cal-Photo, with a national network of other states’ photo systems. The plan also calls for combining facial recognition with Cal-Photo for investigators to use in the field. The so-called “advisory committee”—made up of representatives from police advocacy groups—has advanced these issues to “priority status,” undeterred by numerous warnings these efforts would violate state laws.
EFF sent a letter to this advisory committee last week, demanding they put the brakes on the project immediately. With the group and its subcommittee's next meetings set for March 25, we’re calling on Californians to also send emails opposing the projects.
If you want to follow the paper trail with us, you'll first need to learn some acronyms, including acronyms within acronyms.
CLETS stands for the California Law Enforcement Telecommunications System, the giant computer network that links up law enforcement agencies across the state and allows them to access driver license and photo IDs through Cal-Photo as well as other types of data and records.
Overseeing this system is the CLETS Advisory Committee (CAC) and its Standing Strategic Planning Subcommittee (SSPS), both of which are made up of delegates from groups such as the California Peace Officers Association, the California Police Chiefs Association, and the California State Sheriffs Association, as well as representatives from the Department of Motor Vehicles, the Office of Emergency Services, and the California Highway Patrol.
Another acronym is NLETS, the National Law Enforcement Telecommunication System, a private, non-profit-operated system that describes itself as “the premiere interstate justice and public safety network in the nation for the exchange of law enforcement-, criminal justice-, and public safety-related information.” The Cal-Photo system links to tens of millions of photos; this represents one of the great potential mother lodes to NLETS, which offers grant money to states in an effort to expand its network.
In August 2014, SSPS began reviewing a list of law-enforcement goals approved in 2009 to see whether they were still beneficial today. Goal 8 is “Expand Cal-Photo’s capability to share photos on a national basis; and, deploy facial recognition as an investigative tool.”
A DMV representative told SSPS that neither photo-sharing nor facial recognition are possible under “current statutory and regulatory authority,” and asked the subcommittee to remove the goal from the strategic plan. However, representatives from the sheriff’s association and the California League of Cities pushed back hard, saying the issue was too important to drop. CAC approved the recommendation later that day and SSPS began making arrangements to meet with the DMV to pursue this goal.
Here's how this debate appeared in the SSPS meeting minutes [PDF]:
At the next SSPS meeting in December 2014 [PDF], members reported that they had met with the DMV director, who reiterated that several laws stand in the way of photo-sharing and even more statutes would block the implementation facial recognition. The delegate from the California Peace Officers’ Association shrugged that off, saying he believed a review of the statutes would indicate that law-enforcement access would “probably be appropriate.”
SSPS voted to begin organizing closed-door meetings between the heads of the state’s top law enforcement associations and the DMV director to discuss ways to move forward. In the meantime, they decided to begin building the photo-sharing infrastructure, starting with a $50,000 system that would connect NLETS and CLETS to give California cops access to other states’ DMV photos through California’s SmartJustice web app.
Although this would be a one-way exchange, a SSPS member from the California justice department said it would “pave the way for California to share photos with other states.”
Within days of the meeting, California DOJ staff assigned to CLETS began issuing invitations to associations and applying for a grant from NLETS—which NLETS approved within two weeks.
In the grant application [PDF], the California DOJ made it clear that the underlying plan was to first implement one-way sharing as a way to pressure the DMV to get on board with the greater goal of mutual exchange.
They further added:
As CAC and SSPS began coordinating its high-level meeting with law-enforcement associations, the DMV issued a legal analysis [PDF] concluding that the California Legislature must directly authorize such photo-sharing with NLETS.
“No affirmative authorization is found in existing state statutes that would require or allow the transmission and wholesale sharing of DL/ID photos between Cal-Photo and NLETS,” the DMV wrote. The DMV also articulated grave concerns about privacy and security, claiming it would “open the door to random accessing of photos” and that the DMV would be unable to track the sources of data breaches.
By our count, that’s three times the CLETS committee and subcommittee has been told that their plans run counter to the law and three times they’ve decided to move forward anyway. There may be a fourth time, depending on how those closed-door meetings went, which we may learn more about at the committees’ March 25 meetings in Folsom.
EFF is extremely concerned about the prospects of police around the country having the ability to access Californians’ records with insufficient accountability measures in place. We have also long been wary of the growing use of facial recognition technology, which can allow police to identify everyday citizens who aren’t involved in a crime, including through scanning photos on social media. Most of all, we are alarmed at how quickly these advisory committees are moving forward while dismissing the DMV’s legal concerns.
Decisions of this magnitude must be made with full public engagement and the involvement of the legislature, not in obscure committee meetings or in closed-door sessions with law enforcement lobby groups.
The full document set from CAC/SSPS, including correspondence and technical specifications, is available here.Files: eff_letter_cac-ssps_3-10-2015.pdf ssps-meeting-minutes-081214_0.pdf ssps-meeting-minutes-12022014_0.pdf brody_grant_application.pdf dmv_analysis.pdf full_cac-ssps_document_collection.pdf cac-meeting-agenda-120214_4.pdf cac_meeting_minutes_8-12-14_0.pdf
Share this: || Join EFF
"We are deeply concerned about this situation in which important decisions for our nation’s culture and society are being made behind closed doors" reads a joint public statement from Japanese activists who are fighting the copyright provisions in the Trans-Pacific Partnership (TPP). A group of artists, archivists, academics, and activists, have joined forces in Japan to call on their negotiators to oppose requirements in the TPP that would require their country, and five of the other 11 nations negotiating this secretive agreement, to expand their copyright terms to match the United States' already excessive length of copyright.
Negotiators have reportedly agreed to set their copyright terms to the length of an author's life plus 70 years. Since the news was leaked, there has been growing opposition among Japanese users, artists, and fans against this copyright expansion—which is nicknamed the "Mickey Mouse Law" there due to Disney's heavy lobbying that led to the copyright extension in the United States nearly two decades ago. The issue gained substantial awareness when prominent Japanese copyright lawyer, Kensaku Fukui, wrote a blog post about the TPP's threats to Japanese Internet users and culture that went viral a month ago.
Then in a widely-covered public press event last week, representatives of the Japanese digital rights organizations, MIAU, Creative Commons Japan, and thinkC, presented a joint statement endorsed by 63 organizations and businesses that describes the threats that the TPP's copyright provisions would pose to Japan's culture. The event was also streamed online, where over 15,000 users tuned in to watch. Several creators, including playwright Oriza Hirata, cartoonist Ken Akamatsu, journalist Daisuke Tsuda, and Yu Okubo of the online digital archive, Aozora Bunko, and others, joined the announcement to support the campaign against over-restrictive copyright rules in the TPP. In their presentation, they discussed how lengthy copyright leads to a massive orphan works problem and an environment that make cultural archiving and preservation exponentially more difficult.
In addition to opposing lengthy copyright terms, the anime and fan-art community are also concerned about the TPP's criminal enforcement provisions. There is a particular section that says that "competent authorities may act upon their own initiative to initiate a legal action without the need for a formal complaint" by the copyright holder. The fear is that this would lead to a major crackdown on derivative works, including written or drawn fan fiction, recorded music covers of songs, or cosplayers, who may upload photos of themselves dressed as characters. These are all elements of Japan's thriving “otaku” culture, which has spread around the world and brought in millions of dollars for Japanese creators. Japan does not have a U.S.-style fair use system, in which there are flexibilities for uses based upon the nature, purpose, amount, and effect of the use on the market for the original copyrighted work. So Japanese fans could be criminally liable for their work if any "competent authority" can claim that a derivative work constitutes criminal copyright infringement. This would have a huge chilling effect on vibrant communities of fan fiction that exist on Japanese websites.
Both the copyright term expansion and the non-complaint provision previously failed to pass in Japan because they were so controversial. Now that we at least know for certain that copyright extensions could pass in the TPP, the media there is finally taking notice. The organizers made national news as major Japanese news outlets covered the event.
We are thrilled to see this issue get such mainstream attention in Japan, and support their statement calling on negotiators to remove all controversial copyright provisions from the TPP, including the copyright term extensions, criminal enforcement, anti-circumvention of DRM, intermediary liability, and others. The EFF is also working alongside the Fair Deal Coalition, the international coalition of digital rights groups from TPP-negotiating nations, to create a project to fight the TPP copyright extensions. Stay tuned for this new global effort to stop the TPP from capturing more of our valuable shared culture through the trap of copyright's restrictions.Related Issues: Fair Use and Intellectual Property: Defending the BalanceInternationalTrade AgreementsTrans-Pacific Partnership Agreement
Share this: || Join EFF
A few years back, we challenged a patent belonging to ArrivalStar, the notorious patent troll that was sending demand letters to municipal authorities across the country for offering real-time updates on bus and train arrival times. We got many of ArrivalStar’s claims invalidated (or at least significantly narrowed) by the Patent Office—but that was just for one patent.
Unfortunately, ArrivalStar has over 30 patents on its “inventions,” giving it seemingly endless opportunities to make similarly frivolous claims. In fact, ArrivalStar was by some measures the most litigious patent troll in 2013, but despite that, it almost never had any of its claims actually decided. ArrivalStar behaves like the classic troll that uses the cost of defense to pressure settlements while avoiding decisions on the merits. Indeed, when the Public Patent Foundation challenged ArrivalStar on behalf of the American Public Transportation Association, the troll settled almost immediately rather than stand by the merits its claims.
We recently heard that ArrivalStar had moved on from municipal agencies and was now sending demand letters to new targets, specifically small businesses that email customers tracking information for packages.
Here’s a letter recently sent to TheRealReal, a luxury consignment online shop. In the letter, ArrivalStar claims that at least three of its patents (U.S. Patent Nos. 6,904,359; 6,952,645; and 7,400,970) are infringed when TheRealReal sends an email letting its customer know a shipment is on its way. This is what ArrivalStar characterizes as a “communication of a notification relating to the status of a mobile vehicle” (among other terms used by ArrivalStar) that it contends infringes its various patents.
In its letter, ArrivalStar uses common patent troll tactics. The letter notes that it has licenses with “several hundred companies” and that “many of these licenses were granted in settlement of patent infringement actions.” In a later part of the letter, ArrivalStar states that “litigation can result in an enormous recovery after trial” and “the process generally proves to be extremely costly and time consuming for both parties.” In other words: pay up now, otherwise this will get really expensive.
ArrivalStar also marked its letters, in bold, underlined, and in all-caps, “FOR SETTLEMENT PURPOSES ONLY PURSUANT TO FRE 408" making it seem like the letters had to be kept confidential. (Many targets of letters like this may not realize that ArrivalStar’s claims of confidentiality are essentially bogus. Federal Rule of Evidence 408, or “FRE 408,” limits the use of certain evidence in court; it does not allow ArrivalStar to unilaterally impose confidentiality restrictions.)
In its letter, ArrivalStar also included a list of companies that have taken licenses to ArrivalStar’s patents. But what a small business on the receiving end of this letter may not realize is that one company is conspicuously absent: FedEx.
And this omission is extremely important.
The target of the ArrivalStar letter in this case, TheRealReal, ships everything via FedEx. In fact, ArrivalStar explicitly included a screen shot of TheRealReal’s letter, showing the FedEx tracking number, as evidence of alleged infringement.
Only one problem for ArrivalStar: FedEx has a license to the entire ArrivalStar portfolio of patents, meaning that ArrivalStar cannot assert patent infringement against a company simply using a FedEx feature (in legal terms, we call this “patent exhaustion”). FedEx, after learning of this claim, sent a letter to ArrivalStar ordering the troll to immediately stop harassing its customers.
Even though ArrivalStar was asserting claims that it almost surely couldn't assert, ArrivalStar sent another demand letter, this time related to U.S. Patent No. 6,317,060. In this letter, ArrivalStar seemed to argue that a claim term requiring “storing data associated with a plurality of vehicles” didn’t actually require any data relating to vehicles at all!
Unfortunately for ArrivalStar, TheRealReal had lawyers—unlike many small businesses targeted by patent troll demand letters. And those lawyers pushed back. ArrivalStar initially asked for $45,000 to license patents that had already been licensed. TheRealReal’s lawyers replied with a scathing letter, and in a poetic turn, noted that the true value of ArrivalStar’s patents “is to hold a Damoclean sword of patent litigation defense costs over the heads of businesses, such as TheRealReal, that actually provide goods and services that consumers want.” TheRealReal offered them $5,000 instead. (To be clear, we think they offered more than what we think the troll’s patents are worth.)
The two parties have apparently “settled.” We don’t know the details of that settlement, but we hope TheRealReal gave ArrivalStar exactly what it should have gotten: nothing.
But even if they didn’t hand over a single cent, TheRealReal had to spend time and money dealing with ArrivalStar’s frivolous claims. And countless other businesses, simply using FedEx services and receiving similarly duplicitous letters, may be caving to the troll’s demands. This is why we need patent reform. Until we get it, that “Damoclean sword” will continue to hang over small businesses that dare become successful enough to attract the attention of patent trolls. Take action today.Related Issues: PatentsPatent TrollsInnovation
Share this: || Join EFF
In Jewish religious law, there is an offence called lifnei iver (literally, “before the blind”), that prohibits placing stumbling blocks before blind people, deriving from a verse of scripture also accepted by Christians and Muslims. This offense seems so obvious that it hardly requires a scripture verse to call it out. But the authors of the Torah obviously didn't count on the Motion Picture Association of America (MPAA), who are doing exactly that.
The stumbling block in question is a reported attempt to link the ratification of a WIPO treaty for people who are blind (the Marrakesh Treaty to Facilitate Access to Published Works by Visually Impaired Persons and Persons with Print Disabilities) with the ratification of a completely unrelated and earlier treaty, the Beijing Treaty on Audiovisual Performances that benefits the motion picture industry.
The United States has already signed both treaties, but merely signing a treaty does not make it law; that also requires it to be sent to the U.S. Senate and approved with a two-third majority, after which the President can formally ratify it and thereby commit the United States to comply with it. Some treaties may also require Congress to pass legislation to implement the obligations that the treaty sets out.
The Marrakesh Treaty doesn't require any such legislation for its implementation—since it already accords with US law. The United States therefore can and should show leadership by ratifying this treaty immediately, and thereby bringing it closer to the 20 ratifying states that it requires before it comes into effect. This would bring the written word to millions of blind, visually impaired and print disabled people from around the world, who are currently starved of books. It's a no-brainer.
Not so the Beijing Treaty. This treaty would bestow new 50-year copyright-like rights upon audiovisual performers such as actors, musicians and dancers—who are generally already paid for their work when they perform. So what good is this extra layer of added monopoly rights? You won't be surprised to learn that it benefits the corporate rightsholders, who in most cases will require the performers to sign away their rights.
The Beijing Treaty acknowledges this reality through a provision that allows the full transfer of rights to the producer of an audiovisual work; a provision that was prompted by the U.S. delegation during the last round of negotiation of the treaty, in response to Hollywood demands [PDF]. Thus, these new monopoly rights will serve only to enlarge the bulging copyright portfolios of the motion picture industry, leaving performers no better off than before.
Incredibly, it gets worse. The treaty would also allow “performers” (which, remember, usually means Hollywood producers) to restrict the availability of their performances, years after they have already been made public. A current case that foreshadows this is the decision in Garcia v. Google, Inc, whereby a professional, paid film actor is suing to prevent the distribution of her performance. This essentially amounts to censorship of the film, of which her performance was only a small part. During argument in this case (which is subject to appeal), a Ninth Circuit judge expressly referred to the Beijing Treaty, suggesting that it supported the actor's case—or would do, if it were law.
The potential ramifications of this are vast and troublesome: performers (or, in practice, the companies to whom they transfer their rights) could create new roadblocks to the creation of parodies, mash-ups or new versions of their performances, independent of copyright. It would further complicate the process of clearing rights to audiovisual works, and cast a new legal cloud of uncertainty over the activities of creators and producers who build on audiovisual works in compliance with copyright law.
The Beijing Treaty would also require U.S. law to be changed to recognize a new set of “moral rights” of performers, which include the right to attribution for a performance, and the right to preserve its “integrity”. Moral rights are strongly recognized in civil law countries such as France, but the United States has always resisted recognizing them—and for good reason. Whilst it is fair that an artist receives attribution for their work, to allow them to control how the performance is used after its fixation goes too far. It impinges upon the separate First Amendment rights of the producer of an audiovisual work, limiting their creative freedom to meld the contributions of performers into a unified whole copyright work.
At a bare minimum, if the U.S. is to implement the Beijing Treaty, then it is imperative that the "fair use" right is fully extended to the new regime, to limit the impact of the new performers' rights on legitimate uses of their performances.
But we would much rather the treaty was simply abandoned as the thoroughly bad idea that it is. Would this put the United States in breach of its international obligations? Hardly; the US often signs treaties that it later decides not to ratify. Many of these are far more important than the Beijing Treaty—they include the International Covenant on Economic, Social, and Cultural Rights (CESCR), the Kyoto Protocol, the Comprehensive Test Ban Treaty, the Rome Statute of the International Criminal Court (ICC) the Convention on Discrimination against Women (CEDAW), and even the Convention on the Rights of the Child (for which the only other hold-outs are Somalia and South Sudan).
So the reason for linking the Beijing Treaty with the Marrakesh Treaty is pretty obvious. Normally the Senate might look askance at approving an untested, special-interest treaty that will require changes to US law, all for the benefit of wealthy Hollywood studios (or maybe not… but we can dream). However, when you link it to a treaty that would help millions of blind people around the world, then opposing the Beijing Treaty becomes much politically tougher, even for well-meaning Senators who might otherwise have reservations.
Linking these treaties together is a thoroughly immoral proposition. In other words, it's typical MPAA Capitol Hill politics. Placing stumbling blocks before the blind.Related Issues: InternationalBroadcasting TreatyWIPO
Share this: || Join EFF
You can read more about EFF’s analysis of the policy here, but these are the basics:
- The policy has some weaknesses—it could have restricted use of the DAC more than it does, and it isn't a cure-all for racial profiling or other outstanding issues with law enforcement in Oakland.
- The private right of action, which makes it easier for anyone to sue over violations of the policy, as well as the criminal consequences in the policy, are crucial to give the policy any real teeth. The City Council must pass an ordinance to give these pieces of the policy effect, and the PSC should recommend that it do so.
- Changing the city’s whistleblower ordinance so that anyone, not just employees, can report abuse, and to increase the number of ways that whistleblowers can report.
- Passing a new surveillance equipment ordinance that would require “Informed public debate about any surveillance technology proposal prior to acquisition or pursuing funding,” which EFF and ACLU strongly recommend as law enforcement use of surveillance technology continues to spread. This is aimed at ensuring that situations like the last-minute, secretive purchase of a stingray in Santa Clara County don’t happen in Oakland.
For Oakland residents, this is a unique chance to push for city policy that reflects your values. In addition to commenting online, the PSC meeting on April 14 is a good way to express your thoughts on the policy and additional recommendations as well. After the PSC meeting, the full City Council will consider the policy. We’ll continue to provide updates and reminders of these dates as the policy moves.
Share this: || Join EFF
Welcome once again to Sunshine Week! It’s that time of year when journalists, citizen watchdogs, community activists, data wizards, political gadflies, public-records litigators, and open-gov fanatics come together to champion the cause of transparency and commiserate over the obstacles we face everyday while chasing sunlight.
A few weeks ago, EFF put out a call for nominations for The Foilies, a set of awards to recognize some of most absurd, frustrating, and outrageous interactions with the government that the transparency community experienced in 2014. We received dozens of submissions crossing the spectrum, from local citizens butting heads with city officials to national media organizations struggling against some of the largest federal agencies. With the help of the Sunlight Foundation, Muckrock, and CJ Ciaramella of the FOIA Rundown we filtered the most noteworthy, sorted them by broad themes, and we will be rolling them out in batches over the course of the week.
Today we’re issuing the first batch of winners. We're calling these the Process Foilies, because sometimes it’s the public-records process itself that gets in the way of transparency, whether its exorbitant fees, epochal waiting periods, or institutional indifference.Most Expensive FOIA Estimate
Drug Enforcement Administration’s “El Chapo” Files
In March 2014, Muckrock user John Dyer filed a Freedom of Information Act request for records associated with the DEA’s involvement in capturing Mexican drug lord Joaquin “El Chapo” Guzman in Mexico. The DEA responded that they had identified 13,051 potentially relevant case files and they'd be happy to provide them as long as Dyer paid $1,461,712 in fees upfront for search fees—potentially the highest FOIA estimate in history. As a token of their good faith, the DEA told Dyer he could have two hours of search time and 100 pages of copies for free.Semper Absurdus Medal
US Marine Corps’ Five Oldest FOIA Requests
If Inception was actually a comedy of errors about paperwork, then FOIA requester Jason Smathers might’ve been cast in Leonardo DiCaprio’s place. Like entering a dream within a dream, Smathers filed a FOIA request in 2010 for the Marines’ five oldest FOIA requests.
Four years later, everything that could’ve gone wrong has gone wrong. Months at a time passed with no response to his follow-up emails, except for the occasional automatic “away” message. The request was bounced between administrators, put on hold during the government shutdown, and stalled when an employee retired. In 2014, the Marines told Smathers that the files he sought were sent to an encrypted, external archiving server, which then crashed and had to be sent out for repair, with no estimate when it might be back in service. Now four years on, his request for old requests is well on its way to becoming an old request itself.Most Analog-Age Excuse
The Mississippi Department of Human Services’ Metal File Fasteners
In April 2014, The Hechinger Report set out to investigate the quality of Mississippi’s licensed childcare centers and filed a public records request with the Mississippi Department of Human Services for a year’s worth of inspection reports. As Education Reporter Jackie Mader writes:
These reports are public records, but are not published anywhere. That means if a parent would like to see an inspection report before enrolling their child in a center, they must file a public records request, which for parents in the poorest and most rural parts of the state, can be an immense challenge, if not impossible.
Mississippi gave The Hechinger Reporter a quote of $26,527, claiming it would take 45 minutes to compile each 10-page record, at a cost of $40 per hour. Some of that effort would involve redacting children’s personal information and standing at the copying machine, but that wasn’t the only cost. As the department lawyers told the state’s ethics commission after The Hechinger Report filed a complaint (bolding added):
...the Department's child care licensing files are paper files maintained in expandable file folders - they are not digital, because they involve a great deal of handwritten inspection and investigation notes. A staff member will then remove all of the responsive paperwork for the past year from the files of each of the 438 facilities. (We would point out that all of the files are 2-hole punched at the top with metal fasteners, so it is somewhat time-consuming to remove paper from the files.)Soggiest Records
The Great FBI Flood of 2011
Kevin Savetz of AtariPodcast.com wanted to see if the FBI has investigated Atari or Mattel. Meanwhile, Miles Madison wanted to know if the FBI had investigated a certain Romanian cycling champion. Both received this response:
On September 8, 2011, the facility where the records are stored suffered a catastrophic flood that temporarily prohibits access to these records. Remediation is ongoing for the records stored in this facility. Unfortunately, we are unable to determine if, or when, these records will be available for review.
After he got nowhere with his appeal, Madison filed a new FOIA request in August 2014, this time seeking all records relating to the flood, including damage assessments, the remediation plan and its associated costs, and any reports outlining the cause of the flood. Seven months later, the FBI still hasn’t provided any documents to prove that the records will ever be salvaged.Least Transparent Transparency
New York Police Department’s Freedom of Information Law (FOIL) Materials
Frustrated with being stymied the NYPD’s FOIL unit, Muckrock’s Shawn Musgrave filed a FOIL request for the handbooks and training materials that guide the FOIL units’ processing of requests. No dice, a “records access officer” wrote back, those documents are exempt from FOIL because they are attorney work product and covered by the attorney-client privilege.
Come celebrate The Foilies with EFF, Sunlight Foundation, and Muckrock in Washington, DC on March 19. Details here.Files: hechinger_report.pdfRelated Issues: Transparency
Share this: || Join EFF