Recently, FBI Director James B. Comey, along with several government officials, have issued many public statements regarding their inability to catch criminals due to Apple and Google offering default encryption to their consumers.
We at EFF have been around long enough to see these nearly identical statements being made in the past, and have simultaneously witnessed law enforcement agencies not rendered obsolete. In fact, we’ve seen the exact opposite. The tools available to the law enforcement today are expansive and are much scarier, and require close scrutiny to ensure that civil liberties of millions of people are not jeopardized in the process of catching a few bad guys.
But we certainly felt a bit of déjà vu when we saw current FBI Director Comey’s statements, since they sound eerily like the sentiments expressed by then FBI Director Louis J. Freeh in front of the Senate Judiciary Committee in July 1997. Specifically:
Founding Fathers Wouldn’t Want Us to Have Encryption
A repeated talking point is that the Founding Fathers of America would side with the law enforcement in finding a ‘balance’, that ensures government access to all communications.
In 1997 former Director Freeh said:
… the framers established a delicate balance between "the right of the people to be secure in their persons, houses, papers, and effects (today we might add personal computers, modems, data streams, discs, etc.) against unreasonable searches and seizures." Those precious rights, however, were balanced against the legitimate right and necessity of the police, acting through strict legal process, to gain access by lawful search and seizure to the conversations and stored evidence of criminals, spies and terrorists.
In 2014 Director Comey said:
But the way I see it, the means by which we conduct surveillance through telecommunication carriers and those Internet service providers who have developed lawful intercept solutions is an example of government operating in the way the founders intended...
This is striking to us because even a minimal glance at history reveals that the opposite is true. Thomas Jefferson invented (and used) a wheel cypher. More importantly, it was reportedly frustration with the British resolution of 1785 authorizing the Department of Foreign Affairs to open and inspect any mail related to the safety and interests of the United States that led James Madison, Thomas Jefferson and James Monroe to write to each other in code.
In fact, in the 1999 decision throwing out the government’s export regulations on encryption in EFF’s case Bernstein v. Department of Justice, the Ninth Circuit Court of Appeals noted: “The availability and use of secure encryption may…reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights…but also the constitutional rights of each of us as potential recipients of encryption's bounty."
Private Companies Providing Strong Encryption are Ignorant and Dangerous
Private companies and actors, when providing robust privacy and security for their consumers, need to be educated about their responsibilities to help law enforcement, and Congress and other regulatory bodies should step in.
Encryption is certainly a commercial interest of great importance to this great nation. But it's not merely a commercial or business issue. To those of us charged with the protection of public safety and national security, encryption technology and its application in the information age--here at the dawn of the 21st century and thereafter--will become a matter of life and death in many instances which will directly impact on our safety and freedoms. Good and sound public policy decisions about encryption must be made now by the Congress and not be left to private enterprise. Legislation which carefully balances public safety and private enterprise must be established with respect to encryption.
We understand the private sector’s need to remain competitive in the global marketplace. And it isn’t our intent to stifle innovation or undermine U.S. companies. But we have to find a way to help these companies understand what we need, why we need it, and how they can help, while still protecting privacy rights and providing network security and innovation. We need our private sector partners to take a step back, to pause, and to consider changing course.
We also need a regulatory or legislative fix to create a level playing field, so that all communication service providers are held to the same standard and so that those of us in law enforcement, national security, and public safety can continue to do the job you have entrusted us to do, in the way you would want us to.
Similar arguments are also made in conjunction with the FBI’s desire to turn companies into an extension of the agency by pushing for unraveling the protections provided to companies and free and open source projects to make strong tools under CALEA.
FBI Needs Weak Encryption Because of Terrorism
And despite the 17 year time gap, both men gave very similar reasons for trying to discourage companies from offering their customers tools to protect themselves, playing the politics of fear.
We believe that unless a balanced approach to encryption is adopted… the ability of law enforcement to investigate and sometimes prevent the most serious crimes and terrorism will be severely impaired. Our national security will also be jeopardized.
Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority…. And if the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place.
Yet instead of giving any actual examples of terrorism cases, both men could only muster edge cases in their pitch for weakening encryption. The Intercept did an analysis of some of the examples given by Comey, and the results were less than convincing; in none of the cases was the absence of encryption the key to solving the crime.
Finally, Comey makes a plea to have an open and honest debate about liberty and security because ‘post-Snowden pendulum has swung too far in one direction—in a direction of fear and mistrust (of Government).’ But this framing of the debate is somewhat dishonest given that not a single legislation has been passed by Congress to curtail the dragnet surveillance of millions of innocent Americans and the only entities that have taken significant action to curtail mass surveillance on a national level have been private companies.
So the FBI is just running the same old line against encryption. Luckily, the nation didn’t fall for it in the 1990s and we shouldn’t fall for it now.Related Issues: PrivacyCALEAEncrypting the WebLaw Enforcement AccessSecurityRelated Cases: Bernstein v. US Department of Justice
Share this: || Join EFF
It’s that time of year when people don sinister masks, spray themselves with fake blood, and generally go all out for a good fright. But here at EFF, we think there are plenty of real-world ghouls to last all year-round. Fortunately, we won’t let them hide under your bed. Sometimes our work sounds like science fiction, but the surveillance techniques and technology we fight are all too real. Here are some of the beasts hiding in your backyard that we’ve been fighting to expose:Automated License Plate Readers
Automated License Plate Readers (ALPRs) are cameras that can either be mounted on squad cars or stationary. They read license plates and record the time, date, and location a particular car was encountered. And they’re paving the way for wholesale tracking of every driver’s movements. ALPRs can scan up to 1,800 license plates per minute, and can collect data on vast numbers of vehicles. In Los Angeles, for example, the Los Angeles Police Department and Sheriff’s Department collect data on 3 million cars per week.
Much like metadata about phone calls, the information obtained from ALPRs reveals sensitive personal information. In fact, the International Association of Chiefs of Police issued a report in 2009 recognizing that “recording driving habits” could raise First Amendment concerns, because cameras could record “vehicles parked at addiction-counseling meetings, doctors' offices, health clinics, or even staging areas for political protests.”
Because of this potential for serious invasions of privacy, EFF and ACLU teamed up to ask the city and county of Los Angeles for a week’s worth of ALPR data. The lower court sided with the government after it denied our request, but we’re appealing the ruling.Fusion Centers
Fusion centers are information clearinghouses that enable unprecedented levels of bi-directional information sharing between state, local, tribal, and territorial law enforcement agencies and federal agencies like the FBI and Department of Homeland Security. Bi-directional means that local law enforcement can share information with these agencies while also accessing federal information, through portals like the FBI’s eGuardian database.
Fusion centers are a serious threat to privacy. They magnify the impact of excessive spying by making sure that it gets shared through a vast network of agencies, with almost no oversight.
And oversight is clearly needed. Fusion centers coordinate the National Suspicious Activity Reporting Initiative (NSI), an effort to implement suspicious activity reporting (SAR) nationwide. SAR are intelligence reports that, according to the government, document “behavior reasonably indicative of pre-operational planning related to terrorism or other criminal activity.” And while they do lead to law enforcement contact with innocent people, they do not meet legally cognizable standards for search or seizure under the Fourth amendment. Instead, they lead to racial and religious profiling and political repression. Public records act requests have shown that people of color often end up being the target of SARs.
And that’s not the only way fusion centers threaten privacy and civil liberties. Public records requests have also shown that fusion centers are used to record and share information about First Amendment protected activities in a way that aids repressive police activity and chills freedom of association.
That’s why when the Privacy and Civil Liberties Oversight Board (PCLOB) announced that it was considering looking at the standards for SAR we submitted a comment. We urged PCLOB to review not only SAR standards, but to conduct a thorough assessment of fusion centers in general. We believe that such a review will show what every other review by the government has shown: that fusion centers produce "predominantly useless information," "a bunch of crap," while "running afoul of departmental guidelines meant to guard against civil liberties" and are "possibly in violation of the Privacy Act."Stingrays
Last but not least, we’re keeping an eye on the spreading use of Stingrays.1 These are devices that are used by law enforcement to electronically search for a particular cell phone's signal by capturing the International Mobile Subscriber Identity of potentially thousands of people in a particular area. Small enough to fit in a van, they masquerade as a cell phone tower, and trick your phone into connecting with them every 7-15 seconds. As a result, the government can surreptitiously figure out who, when and to where you are calling, the precise location of every device within the range, and with some devices, even capture the content of your conversations.
Part of what’s so concerning about Stingrays is that we know very little about how they are being used. In the first case to consider the constitutional implications of stingrays, U.S. v. Rigmaiden (in which we filed an amicus brief along with the ACLU) the court denied a motion to throw out evidence obtained using a Stingray. In our brief, we pointed out that the application for a warrant neither made it clear that law enforcement would be using a Stingray nor explained how the device worked. It’s that lack of explanation that we find so concerning.
But what we do know about Stingrays is chilling. They capture data from anybody who happens to be in an area where one is being used, regardless of whether they are suspected of a crime. And some models can even capture contents of communications.
The constitutionality of Stingrays is almost certain to be challenged again, especially after the Supreme Court’s decision requiring a warrant to search arrestee’s cellphones in Riley v. California. We’ll continue to keep an eye out for any cases addressing this technology. In the meantime, we’re doing public records act requests to police departments to learn more about who is using these devices, and how.
We think this technology is scarier than any costume you’ll see on the streets this week. But don’t worry—we’re here to turn the lights on.
- 1. Stingray is the brand name for one model of International Mobile Subscriber Identity locator.
Share this: || Join EFF
What needs to be in your tool belt if you plan to report on a massively funded and ultra-secret organization like the NSA? In the credits of her newly released CITIZENFOUR, director Laura Poitras gives thanks to a list of important security resources that are all free software. We've previously written about CITIZENFOUR and Edward Snowden's discussion of his motivation to release closely guarded information about the NSA. Here's a closer look at the seven tools she names as helping to enable her to communicate with Snowden and her collaborators in making the film.Tor
Tor is a collection of privacy tools that enables users to mask information about who they are, where they are connecting to the Internet, and in some cases where the sites they are accessing are located. The Tor network relies on volunteers to run nodes that traffic can pass through, but connecting is as easy as downloading the Tor Browser Bundle and hopping online. We've helped strengthen the Tor network by running a challenge to encourage more volunteer support, and our newly updated Surveillance Self Defense guide has information for Windows users on how to use the software. The Tor Project was also a winner of EFF's 2012 Pioneer Award.Tails
One of the most robust ways of using the Tor network is through a dedicated operating system that enforces strong privacy- and security-protective defaults. That operating system is Tails—The Amnesiac Incognito Live System—and it's designed to run from a USB stick plugged into nearly any computer, without interfering with already installed software. Tails has received support from a group called the Freedom of the Press Foundation, where Poitras sits on the board alongside Snowden and Glenn Greenwald, who also features prominently in the film.SecureDrop
Also from the Freedom of the Press Foundation comes SecureDrop, a whistleblower submission system designed for journalists who wish to protect the anonymity of their sources. SecureDrop was originally designed by the late activist Aaron Swartz and the journalist Kevin Poulsen, and has been actively developed by Freedom of the Press Foundation and a network of volunteers for the past year. It has been deployed a number of prominent news organizations, including the New Yorker, Forbes, ProPublica, The Guardian, The Washington Post, and Poitras and Greenwald's current publication, The Intercept.GPG Encryption
GPG encryption is the only one of the technologies Poitras mentions that actually gets significant screen time in her film. Throughout her early interactions with Snowden, the two consistently used emails encrypted end-to-end with GPG encryption, represented onscreen with the jumbled letters and numbers you see if you don't have the private key necessary to decrypt. GPG has been criticized for being unfriendly to new users, and it requires that both the sender and receiver are familiar with it. But it may be getting easier to use: we've explained how to do so on Mac, Windows, and GNU/Linux, and the Free Software Foundation has also prepared a guide.OTR Instant Messaging
The Off-The-Record protocol allows for encrypted communication over existing popular instant messaging networks. It is one of the simplest ways for two users to get end-to-end encryption; that is, a communication that is encrypted with a key that only the recipient has, not a trusted third party. Our Surveillance Self-Defense guide outlines how to use OTR for Mac and Windows users. We've also awarded its co-founder Ian Goldberg with a Pioneer Award in 2011.Truecrypt hard disk encryption
While CITIZENFOUR was in production, the pseudonymous team behind the popular Truecrypt software somewhat dramatically stopped supporting its further development. The future of the Truecrypt source code itself is a bit murky, then, but there are still viable alternatives for full-disk encryption. We've got a tutorial for the Windows tool DiskCryptor in our Surveillance Self-Defense guide, as well as general tips for full-disk encryption on Mac and GNU/Linux systems.GNU/Linux
If you find the arguments for free software security tools compelling, you may be interested in using an operating system built on the same principles. GNU/Linux is much broader that some of the other tools mentioned here, and encompasses an enormous number of distinct collections of software, called distributions. Maybe most people won't come home from seeing CITIZENFOUR with a sudden desire to switch operating systems, but it's at least worth exploring.
Snowden's leaks—and the resulting news stories, books, and now documentaries—have profoundly affected the way people around the world think and talk about privacy and mass surveillance. It's encouraging to know that, even in the face of enormous spying programs, average computer users have access to powerful tools that can help keep their communications safe from prying eyes. Learn more about how to defend yourself from that surveillance with our Surveillance Self-Defense Guide.Related Issues: PrivacySecurity
Share this: || Join EFF
Update (Oct. 29, 2014): Yesterday, the Court granted [PDF] Capstone's Motion for Judgment on the pleadings, finding that all claims were invalid for claiming unpatentable subject matter, applying Alice v. CLS Bank. We're glad Capstone fought against these patents and achieved a total victory, despite the significant costs associated with doing so. We're also happy that the court decided this issue early, sparing the parties and the Court additional needless time and expense. We hope this decision motivates others to challenge stupid patents early.
(Original Post, Aug. 21, 2014) We recently wrote about the end of Adam Carolla’s high-profile patent battle with the troll Personal Audio. We had a guess as to why Carolla settled: patent litigation is expensive. Even Carolla, with the backing of numerous fans and supporters, still likely didn’t have enough money to see his case through to the end. Today, we’d like to highlight the case of another patent troll defendant: Capstone Photography.
You probably don’t know Capstone. Capstone is a small photography business based in Connecticut. Although it works with contractors around the country, it has only three part-time employees other than the owners. On New Year’s Eve, 2013, Capstone was sued by Peter Wolf, the owner of a company called Photocrazy, for infringement of three patents: U.S. Patent Nos. 6,985,875; 7,047,214; and 7,870,035.
Here is claim one from U.S. Patent 6,985,875:
1. A process providing event photographs of a sporting event for inspection, selection and distribution via a computer network, comprising the steps of:
taking photographs of at least one participant of a sporting event along at least one point of a course or field thereof;
associating identifying data with each photograph taken, wherein the identifying data is selected from at least one of: a number corresponding to a number worn by a participant, a participant's name, a code acquired from a component worn by a participant, and a date and time, including hour and minute the photograph was taken;
informing the sporting participants of the identifying data;
transferring the photographs to a computer network server;
cataloging each of the photographs in a web-site server according to the identifying data;
accessing the server at a location other than the sporting event and searching for a photograph of a particular sporting event participant utilizing the identifying data; and
displaying the photograph of the sporting event participant for inspection and ordering.
In plain English: Take photos of a race, tag and sort by bib number and date, and search for photos based on that tag via the Internet. That’s it.
We’re having a hard time seeing how this patent “promotes the progress of the sciences and the useful arts” given that it seems to be a patent on numerical sorting and searching. Indeed, the Supreme Court recently ruled that claims that simply add “do it on a computer” to an abstract idea are not even eligible for patent protection. We think the patent clearly fails this test. (It’s also likely not infringed). But because it can take months (and even years) for the court to even consider those issues, they will likely never be decided. Patent litigation is expensive, so many small businesses can’t afford to fight back no matter how weak the patent. That’s part of the problem. Companies can get 20 year “monopolies” after an average of 19 hours of review by the Patent Office. And because the cost to get a patent can be orders of magnitude less than the cost to defend against it, there is an incentive for people to get patents in order to later force defendants into settlement.
Capstone doesn’t have a widely-distributed podcast that it can use to drum up the backing of thousands of fans and supporters. Its owner’s own attempt to crowdfund the defense raised only about $5,000. And although Capstone’s business has been profitable, the owner tells us that because of the patent lawsuit and the costs his company is facing, his business faces the very real prospect of shutting down.
Recent reforms have been helpful to reduce costs for some defendants. For example, the Inter Partes Review (“IPR”) program now being implemented at the Patent Office promises to be a much cheaper way to determine validity. One problem though, is that it is still too expensive for businesses like Capstone. An IPR costs $23,000 in filing fees alone, and requires paying lawyers and often experts as well.
EFF previously advocated for reduced fees for IPR filings by small businesses and others without the ability to fund patent challenges. Unfortunately, the PTO ignored our request. However, the PTO is currently accepting comments regarding the post-grant challenges such as the IPR process. We encourage the public, especially small business owners, to let the PTO know by September 16 that the costs are still too high for many, and absent a lower cost, patent trolls will continue to assert dubious patents against companies they know can’t afford to do anything but settle.Files: capstone_order_granting_motion_for_judgment_on_the_pleadings.pdfRelated Issues: PatentsPatent TrollsInnovation
Share this: || Join EFF
EFF proudly participated in the eighth annual Open Access Week last week, a celebration of making scholarly research immediately and freely available for people around the world to read, cite, and re-use.
We published multiple blog posts each day, including a post from our friends at Wikimedia and a letter from Colombian scientist, Diego Gomez, who is facing up to eight years in jail for sharing a scholarly article online. One theme that seemed to run across all blog posts was that open access doesn't exist in a vacuum: there are laws, policies, and happenings in the world that immensely affect our access to research. Copyright law, for example, not only bolsters the current closed access model of scholarship, but its particulars are becoming stricter as policies extend outside the United States. We encourage you to check out all the blog posts below.Deeplinks
- Celebrating Open Access Week: Research Should be Free, Available, and Open
- Free as in Open Access and Wikipedia
- Open Letter from Diego Gomez: "Access to Knowledge Is a Global Right"
- International Copyright Policy Laundering and the Ongoing War on Access to Knowledge
- Students Re-Launch Open Access Button App to Find Free Access to Scientific and Scholarly Research
- Research Is Just the Beginning: A Free People Must Have Open Access to the Law
- Where Copyright Fails, Open Licenses Help Creators Build Towards a Future of Free Culture
- Open Access Isn't Just About Open Access
We also participated in a reddit AMA ("Ask Me Anything") about open access alongside Creative Commons, the Right to Research Coalition, Open Access Button, and Fundación Karisma. Questions ranged from "What's the biggest obstacle to getting papers out from behind that $30 pay-wall?" to "Have you noticed any countries/regions leading by example?"Events
Groups around the world participated in Open Access Week by throwing parties, talks, and screenings of the documentary about Aaron Swartz, The Internet's Own Boy. We were excited to see Open Access Week serve as the inaugural event for two new digital rights groups: The Tennessee Digital Rights Project and Net Plurality in Berkeley, CA.Open Access Week at Columbia University gathered over 1,000 signatures in support of open access policies, organized a screening of The Internet's Own Boy, and even made a neat video. (CC BY) EFF Activist April Glaser spoke to students part of Berkeley's Net Plurality project after a screening of The Internet's Own Boy. (CC BY) A panel discussion followed a screening of The Internet's Own Boy at the University of Colorado, Boulder. (CC BY) Shareable Graphics
We collaborated with artist and graphic designer, Ty Semaka, to create some graphics to share on social media. These graphics portray a few leaders in the open access movement with their thoughts about why we need to fight for open access. These all licensed under a Creative Commons Attribution License, so feel free to remix and share online.Related Issues: Open Access
Share this: || Join EFF
EFF has criticized Vietnam's crackdown on independent media and bloggers for years, including the imprisonment of Le Quoc Quan and attempts to spy on bloggers and journalists using malware. We are heartened to learn of last week's release of Vietnamese blogger Dieu Cay, but today we join with organizations including Viet Tan, Access, and PEN International to call on the Vietnamese government to immediately release blogger and activist Dang Xuan Dieu, who is serving a 13-year sentence for "attempting to overthrow the government" in response to his advocating for education for children living in poverty, aid to people with disability, and religious freedom in Vietnam. We are especially alarmed by reports Dieu's mistreatment in prison, including humiliation, beatings, and torture.
The mistreatment of Dieu must cease immediately and his unlawful imprisonment must end.
The full text of the letter is available below:
Life of Vietnamese Activist in Danger Due to Gross Mistreatment in Prison
The Vietnamese government should immediately cease the ill-treatment, physical and psychological abuse of Dang Xuan Dieu while in arbitrary detention. News reports of Dang Xuan Dieu being forced to sleep and eat next to his excrement; denied access to adequate food, clean drinking water and regular showers; and subjected to humiliation and torture reveal the inhumane conditions of his detention.
In January 2013, together with 13 activists Dang Xuan Dieu was sentenced to 13 years in prison for “attempting to overthrow the government” based on his work as a community organizer who advocated for education for children living in poverty and aid to people with disability and his writings that highlighted the Vietnamese government’s religious persecution.
International human rights organizations, elected officials and foreign embassies in Hanoi have called for Dang Xuan Dieu’s immediate release. The United Nations Working Group on Arbitrary Detention has ruled that Dang Xuan Dieu and his fellow activists’ detention was arbitrary and unlawful.
According to reports, Dang Xuan Dieu, who is currently serving one of the longest politically motivated sentences in Vietnam, has been held in solitary confinement and subject to physical and psychological abuse as punishment for protesting his ill. On several occasions, prison officials forced Dang Xuan Dieu to “model” while other prisoners painted him into a “half-human/half-beast” figure.
Dang Xuan Dieu has been on prolonged hunger strikes since April 2014 to demand better treatment. In retaliation, prison officials act with impunity and have reportedly let other prisoners beat and treat Dang Xuan Dieu like a “slave.”
Despite the signing of the UN Convention Against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment last November, according to reports from those in detention, the Vietnamese government continues to show blatant disregard for the humane treatment of prisoners.
In light of these reports, we call on foreign embassies in Hanoi to make every effort to visit Dang Xuan Dieu in prison and monitor his health. Attention from distinguished international personnel can and will improve his conditions.
The Vietnamese government must release Dang Xuan Dieu immediately and unconditionally and must take all steps to provide him and other prisoners with humane treatment and appropriate access to sanitary facilities in accordance with their international obligations.
For more information, please contact:
Christine Laroque, Asia Programs Manager, firstname.lastname@example.org and +33
1 40 40 74 09
Jochai Ben-Avie, Policy Director, email@example.com and +1 347 806 9531
Electronic Frontier Foundation
Eva Galperin, Global Policy Analyst, firstname.lastname@example.org and +1 415 436 9333 ex. 111
Cat Lucas, Writers at Risk Programme Manager, email@example.com and +44 20 7324 2539
Media Legal Defence Initiative
Nani Jansen, Legal Director, firstname.lastname@example.org and +44 780 540 4089
Cathy McCann, Researcher, Cathy.McCann@pen-international.org and +44 20 7405 0338
Hoang Tu Duy, Spokesperson, email@example.com and +1 202 596 7951
Share this: || Join EFF
Lumen View is a typical patent troll. Armed with a vague patent on “facilitating bilateral and multilateral decision-making,” it sent out aggressive letters demanding payment. It refused to explain how its targets actually infringed its patent. Instead, it made shakedown offers it knew would be less than the cost of defending a lawsuit. When startup FindTheBest spoke up about Lumen View’s tactics, the troll asked for a gag order. Thankfully, Judge Denise Cote of the Southern District of New York refused the troll’s censorship demand.
Since then, things have not gone well for Lumen View. FindTheBest convinced Judge Cote to declare its patent invalid. After that, the court ordered Lumen View to pay FindTheBest’s attorney’s fees. At the time, this was one of the first rulings applying the Supreme Court's decision on fee-shifting in Octane Fitness. We praised the ruling as a good model for future patent troll cases. The trial court showed a clear understanding of the patent troll’s abusive tactics. These included the attempt to get a gag order, threats to make the litigation especially expensive, and a failure to investigate before filing.
Last week Cote ordered that, to deter future abusive litigation, the fee award should be doubled. She wrote:
This litigation was resolved on the merits because this defendant has the financial ability to resist the plaintiff’s pressure and because it chose to fund a defense in court rather than pay an unwarranted, less expensive licensing fee. It appears that none of the other defendants sued by Lumen made that choice. As a result, but for [FindTheBest]’s financial resources and resolve, Lumen’s predatory behavior would likely have proceeded unchecked. Any award in this action must be substantial enough to deter Lumen from pursuing baseless claims in the manner Lumen used in this case.
This is exactly right. The patent troll business model flourishes because it is cheaper to settle than fight. The so-called inventors behind Lumen View’s idiotic patent are the same people who received a patent for the distribution of press releases via email. That patent was also farmed off to a shell company and used to sue a bunch of companies (and the subject of a TED talk by Drew Curtis). This fee award may deter further campaigns.
While Cote’s ruling is encouraging, we still need systematic patent reform. Shell companies like Lumen View may be able to avoid paying fee awards. The Innovation Act (which overwhelmingly passed the House but stalled in the Senate) would allow defendants to join the real parties in interest (parties that financially benefit from the litigation) and collect any fee award from them. The prospect of fee awards being imposed on losing trolls could also lead to more forum shopping as plaintiffs seek patent-friendly judges. Last year, over 900 patent cases were assigned to a single judge in the Eastern District of Texas. It remains to be seen if judges in other districts will be as tough on abusive troll litigation.Files: lumen_view_v_findthebest_-_order_awarding_fees.pdfRelated Issues: PatentsPatent TrollsInnovation
Share this: || Join EFF
Trade delegates and ministers held another week of secret, back-room meetings over the Trans-Pacific Partnership (TPP) agreement in Australia, which ended yesterday with seemingly little advancement towards a final deal. The most recent leak of the TPP Intellectual Property chapter revealed that on top of the many threats to user rights we've already known about, negotiators are proposing new provisions on trade secrets—and they're among the most atrocious, overreaching provisions in the entire text of the TPP. Since we don't know what has been decided or changed since the May 2014 meeting from which this leak came, we have no way of knowing if the worst of these provisions still remain in the agreement or if they were discussed at all at this latest meeting in Australia.
If you've been following the news about TPP, it can be hard to read the mixed signals coming from different parties involved in the negotiations—most say it's at a standstill, while some others claim they're making progress. But if you look at the political motivations behind these claims, it's clear that even official statements should be read with a high degree of skepticism.
The US Trade Representative (USTR), one of the leading voices in touting the advancement of these TPP meetings, has an interest in boasting about their progress even if there hasn't been any. The USTR needs Congress to pass fast track authority, which would limit Congress' own ability to debate or hold hearings on the provisions of this deal, and restrict them from amending any of the TPP's terms. In that case, in the end, it would all come to an up-or-down vote to pass the entire pact. There is a strong incentive for the USTR to play up any movement being made in the TPP so that they can convince US officials that there is some kind of momentum going for this deal. By playing up the progress that is being made, the USTR can increase its pressure on Congress to pass fast track authority sooner rather than later.
Trade ministers, including USTR head Michael Froman, released a joint statement following their weekend meeting in Sydney. It states that they have made "significant progress" during these talks and that they are crystallizing "the shape" of the agreement. Meanwhile, the Japanese TPP minister had said that there is still no end in sight and other close observers have said the same. It could be likely that the official joint statement from the ministers is exaggerating any notable progress that were made in the talks, in order to avoid accusations that the deal is stalling.
But even if it were stalling now, that doesn't mean we can let our guard down. There are powerful interests at play who have a strong desire to see this thing passed. They've already spent five years negotiating it, likely spending millions, if not tens of millions, of dollars sending delegates around the world to hammer out a deal that would benefit their most influential industries. Congress could pass fast track during the lame duck session after the November elections, or in January during the new Congressional session. If that were to happen, the USTR can then turn around and guarantee to its trading partners that Congress will no longer have the authority to change any of the terms of the deal once its signed. That could be enough to renew the USTR's bargaining power to get those other countries to cave in and concede to the provisions that they now resist and conclude the deal.
The future of the TPP could be decided in the coming months. The ongoing secrecy, paired with the privileged access to texts afforded to corporate advisors, both point to an agency that does not respect the democratic process nor the concerns of the broader public interest. If the USTR is so myopic to believe that it has the authority to carry on the way it has, there's no way of knowing what it, along with its friends in Congress, will do to legitimize this whole process. The most obvious way this could happen is if the USTR and the White House can convince Congress to quickly and sneakily pass fast track without the public having the opportunity to stop it.Related Issues: Fair Use and Intellectual Property: Defending the BalanceInternationalTrans-Pacific Partnership Agreement
Share this: || Join EFF
San Francisco - The Electronic Frontier Foundation (EFF) today released a new report and scorecard that shows what online service providers are doing to protect users from baseless copyright and trademark complaints.
"Who Has Your Back: When Copyright and Trademark Bullies Threaten Free Speech" [PDF] examines how online service providers handle copyright and trademark-based takedown requests. The report expands upon EFF's influential "Who Has Your Back" annual report covering how online service providers protect users' data from government requests.
"When a private citizen or corporation wants to silence speech on a major online platform, the quickest method is often a copyright or trademark complaint," EFF Director of Copyright Activism Parker Higgins said. "EFF has worked for many years to help people whose speech is unfairly targeted by these sorts of complaints, and we've seen how important it is that speech platforms have policies that help protect lawful users."Click to Enlarge
EFF examined 13 companies and issued stars if they met the baseline standards for what a service can do to defend its users' speech against copyright and trademark bullies. The services could receive a maximum of five stars, based on criteria including publicly documented procedures for responses to DMCA takedown notices and counter-notices, how the services handle trademark disputes, and if the company issued detailed transparency reports.
Automattic's Wordpress.com and NameCheap were the only two companies to receive five out of five stars. However, two other companies were recognized for going the extra mile: Etsy, for providing educational guides, and Twitter, for publishing regular and thorough transparency reports. Overall, 10 companies did not publish adequate transparency reports, highlighting an information black hole for consumers. Additionally, four companies missed a star for their counter-notice practices—a critical procedure for restoring content that may have been taken down without cause.
"Major online platforms are essential to online expression, so their policy decisions can have a huge impact on public discourse," EFF Intellectual Property Director Corynne McSherry said. "As users choose which platforms will host their updates, writing, images, and videos, they ought to know which of these services have publicly committed to treating their speech fairly and even helping them fight back against bullies that would try to take it down."
For the shareable infographic:
Director of Copyright Activism
Electronic Frontier Foundation
Share this: || Join EFF
School districts across the country are grappling with how to deal with their students’ use of technology and social media. All too often, in an attempt to protect students, they end up implementing technology polices that give administrators too much power and go too far in restricting what students can do online. Williamson County Schools, a public school district in affluent Williamson County, Tennessee, is one such school district. Recently, a concerned parent, Daniel Pomerantz, brought the policy to the attention of EFF and the ACLU of Tennessee (ACLU-TN). Mr. Pomerantz was right to be concerned.
Earlier today, EFF and ACLU-TN sent a letter to the board on behalf of our client detailing our concerns. As we outline in our letter to the school board, the school district’s technology and Internet policy is troubling in a number of ways. Indeed, the policy violates the First and Fourth Amendment rights of 35,000 Williamson County students across the district's 41 schools. We teamed up with ACLU-TN to demand that the Williamson County School Board immediately suspend the unconstitutional policy.
First, the policy’s social media guidelines impermissibly restrict students’ constitutionally protected off-campus speech. Notably, the policy requires that students get a teacher’s permission before posting photographs of other students or school employees to any social media site. This applies regardless of who took the photo or where the photo was taken.
The policy also vaguely threatens that “[s]tudents are subject to consequences for inappropriate, unauthorized, and illegal use of social media.” Again, this applies to social media use both on and off campus. But the school district does not have authority to punish off-campus speech that is merely “inappropriate” or “unauthorized.” In fact, a district may only punish speech that materially and substantially disrupts the functioning of classrooms. Such off-campus speech is protected under the First Amendment, and the policy violates the First Amendment by threatening to punish social media posts that don’t cause material disruption to the classroom. A student who wanted to steer clear of violations would naturally face pressure to self-censor her posts and the First Amendment’s restrictions on state power are designed to resist exactly those chilling effects.
Second, the policy’s technology guidelines require students to consent to suspicionless searches of any electronic devices they bring to school “at any time” for any “school-related purpose.” This applies regardless of whether or not a school official conducting the search has even “reasonable suspicion” (the very lowest standard) to believe that the search will turn up evidence of wrongdoing. But according to the U.S. Supreme Court, under the Fourth Amendment, suspicionless searches of students are allowed only in very limited circumstances. The policy’s “any time” for any “school-related purpose” language goes far beyond what the Fourth Amendment permits.
Third, the policy’s network security and email guidelines subject students, at all times, to searches of any data and communications they store or transmit on the school district’s network. As above, this applies whether or not the students are even suspected of wrongdoing. The law is clear; students have a reasonable expectation of privacy in their communications and the suspicionless searches authorized by the policy unconstitutionally infringe on this expectation of privacy, again violating the Fourth Amendment.
As we state in our letter to the Williamson County School Board, “Requiring students to sign an agreement waiving constitutional protections in order to participate in fundamental school activities is not permissible.”
Now that the Williamson County School Board is aware of the shortcomings of its technology policy, we hope that it will act swiftly to suspend the policy and replace it with one that respects the constitutional rights of its students. We urge the school board to discuss our letter during its next policy committee meeting on November 3, 2014 and at its next full session meeting on November 17, 2014. Live streaming of the November 17, 2014 board meeting will be available here.Files: finalwilliamsoncountyletter.pdf
Share this: || Join EFF
The Patriot Act continues to wreak its havoc on civil liberties. Section 213 was included in the Patriot Act over the protests of privacy advocates and granted law enforcement the power to conduct a search while delaying notice to the suspect of the search. Known as a “sneak and peek” warrant, law enforcement was adamant Section 213 was needed to protect against terrorism. But the latest government report detailing the numbers of “sneak and peek” warrants reveals that out of a total of over 11,000 sneak and peek requests, only 51 were used for terrorism. Yet again, terrorism concerns appear to be trampling our civil liberties.
Throughout the Patriot Act debate the Department of Justice urged Congress to pass Section 213 because it needed the sneak and peak power to help investigate and prosecute terrorism crimes “without tipping off terrorists.” In 2005, FBI Director Robert Mueller continued the same exact talking point, emphasizing sneak and peek warrants were “an invaluable tool in the war on terror and our efforts to combat serious criminal conduct.”
A closer look at the number of sneak and peek warrants issued (a reporting requirement imposed by Congress) shows this is simply not the case. The last publicly available report about sneak and peek warrants was released in 2010; however, the Administrative Office of the US Courts has finally released reports from 2011, 2012, and 2013.
What do the reports reveal? Two things: 1) there has been an enormous increase in the use of sneak and peek warrants and 2) they are rarely used for terrorism cases.
First, the numbers: Law enforcement made 47 sneak-and-peek searches nationwide from September 2001 to April 2003. The 2010 report reveals 3,970 total requests were processed. Within three years that number jumped to 11,129. That's an increase of over 7,000 requests. Exactly what privacy advocates argued in 2001 is happening: sneak and peak warrants are not just being used in exceptional circumstances—which was their original intent—but as an everyday investigative tool.
Second, the uses: Out of the 3,970 total requests from October 1, 2009 to September 30, 2010, 3,034 were for narcotics cases and only 37 for terrorism cases (about .9%). Since then, the numbers get worse. The 2011 report reveals a total of 6,775 requests. 5,093 were used for drugs, while only 31 (or .5%) were used for terrorism cases. The 2012 report follows a similar pattern: Only .6%, or 58 requests, dealt with terrorism cases. The 2013 report confirms the incredibly low numbers. Out of 11,129 reports only 51, or .5%, of requests were used for terrorism. The majority of requests were overwhelmingly for narcotics cases, which tapped out at 9,401 requests.
Section 213 may be less known than Section 215 of the Patriot Act (the clause the government is currently using to collect your phone records), but it's just as important. The Supreme Court ruled in Wilson v. Arkansas and Richards v. Wisconsin that the Fourth Amendment requires police to generally “knock and announce” their entry into property as a means of notifying a homeowner of a search. The idea was to give the owner an opportunity to assert their Fourth Amendment rights. The court also explained that the rule could give way in situations where evidence was under threat of destruction or there were concerns for officer safety. Section 213 codified this practice into statute, taking delayed notice from a relatively rare occurrence into standard operating law enforcement procedure.
The numbers vindicate privacy advocates who urged Congress to shelve Section 213 during the Patriot Act debates. Proponents of Section 213 claimed sneak and peek warrants were needed to protect against terrorism. But just like we've seen elsewhere, these claims are false. The government will continue to argue for more surveillance authorities—like the need to update the Communications Assistance to Law Enforcement Act—under the guise of terrorism. But before we engage in any updates, the public must be convinced such updates are needed and won't be used for non-terrorist purposes that chip away at our civil liberties.Related Issues: Privacy
Share this: || Join EFF
This Open Access Week, we are celebrating and advocating for unfettered access to the results of research, a movement that has shown considerable progress over the last few decades.
Let's all take a step back, though. Much of the open access movement is forward thinking, offering solutions and policy changes that will help improve access to future scholarship and research. This is crucial, but if we want real and meaningful open access, we must look backward as well. Many of us need access to the trove of existing and still very relevant material that is already locked up behind paywalls. This need has driven individuals to try to make such knowledge openly available—whether by sharing research articles with peers, or by doing whatever it takes to access and analyze the corpus of our collective scholarship.
Too often, however, these efforts are stymied by broad, harsh laws that may seem ancillary to publishing politics and academic debates. That's why the fight for open access must include challenges to the web of laws in which such scholarly discourse exists, such as overbearing copyright laws and unjust computer crime laws. We must acknowledge and fix these legal barriers in addition to pursuing open access policies on an institutional, state, and federal level all around the world. While such proactive policy steps are crucial, they must go hand-in-hand with addressing the bad policies that are already in place.We Need Copyright Laws That Support Open Access to Our Knowledge Commons
Diego Gomez, a biodiversity researcher, could not access the biology papers he needed. Nor could his colleagues—fellow students and scientists in Colombia. Such articles are usually locked up behind expensive paywalls, with prices that add up even when doing a preliminary search. This cost is often mitigated by university subscriptions to journals but even the richest universities can't afford to pay for all the knowledge they need.
So Diego and his colleagues formed an online reading group where they uploaded and shared the latest findings. In an open access world, not only would this be allowed, it would be typical. Unfortunately, Diego soon found himself at the other end of a criminal copyright lawsuit and facing up to eight years in prison.
Paywalls tend to be the issue people point to most often when it comes to academic publishing, but those paywalls depend, in large part, on an elaborate system of copyright licensing. To state an obvious point that nonetheless seems to get lost: the legal key to publishers' ability to control access to knowledge is copyright. Researchers usually assign all their rights to the publisher, and the publisher is then free to parcel out the work as it sees fit.
That's why open access—which means not only availability of scholarly works, but also the ability to share, reuse, remix, and build upon research—relies on flexible copyright policies and open licenses.
Open access today can be divided into two main practices: "gold" open access and "green" open access. Gold open access involves putting research in an open access journal—most of which require publishing the work under a permissive Creative Commons license. The other practice, "green" open access or self-archiving, involves uploading works onto an online repository or a researcher's personal website. In this case, works are still legally bound under an "all rights reserved" scheme. This makes them vulnerable to a copyright claim, such as when giant academic publisher Elsevier sent takedown notices to universities and scholarly websites in late 2013 demanding that "infringing" material—papers uploaded by authors themselves—be removed.
The Elsevier takedowns illustrate an important gap between what researchers want—to be able to archive and share their research—and how copyright laws work. And they remind us that the open access movement must not ignore the underlying problem of over-broad copyright laws. Even with permissive open access policies in place, these inflexible and severe copyright penalties and takedown practices would still exist. The content industries have successfully spread these draconian copyright policies around the world—affecting scientists like Diego, who simply wish to pursue knowledge.We Need Computer Crime Laws That Make Sense
Activist Aaron Swartz was worried about access to existing knowledge, and particularly the vast amount of work tied up in online repositories like JSTOR. Without paying a hefty fee, how can one access these databases of our collected knowledge? How can we run interesting textual analyses? Or identify trends in research, funding, and culture over the years?
Around January of 2011, Aaron downloaded millions of scholarly files from JSTOR. Soon after, he was slammed by an intense prosecution campaign wielding an outdated, much-reviled computer crime law—the Computer Fraud and Abuse Act. Were his political activism done in the physical world, he may have faced lighter penalties akin to trespassing. But simply because his actions involved a computer, he found himself staring at a much more severe punishment.
The open access movement cannot ignore these issues. These cases aren't peripheral to the cause; they're an important part of it. In our push for open access, we must recognize that those pushing for institutional policies are exhibiting one form of activism. There are many other open access activists who are exposing kindred faults in the system, and we must recognize and fix those too.
Between October 20 and 26, EFF is celebrating Open Access Week alongside dozens of organizations from around the world. This is a week to acknowledge the wide-ranging benefits of enabling open access to information and research—as well as exploring the dangerous costs of keeping knowledge locked behind publisher paywalls. We'll be posting on our blog every day about various aspects of the open access movement. Go here to find out how you can take part and to read the other Deeplinks published this week.Related Issues: Open Access
Share this: || Join EFF
Today EFF filed our latest brief in Jewel v. NSA, our longstanding case on behalf of AT&T customers aimed at ending the NSA’s dragnet surveillance of millions of ordinary Americans’ communications. The brief specifically argues that the Fourth Amendment is violated when the government taps into the Internet backbone at places like the AT&T facility on Folsom Street in San Francisco.
As it happens, the filing coincides with the theatrical release of Laura Poitras’ new documentary, Citizenfour. The Jewel complaint was filed in 2008, and there’s a scene early in the film that shows the long road that case has taken. In footage shot in 2011, the United States Court of Appeals for the Ninth Circuit hears argument in Jewel, and an attorney from the Department of Justice tries to convince a skeptical court that it should simply decide not to decide the case, leaving it to the other branches of government.
But the court did not agree to step aside. EFF prevailed on the issue, and the case continued, albeit very slowly. Now, years later, Poitras’ film underscores just how much the conversation around mass surveillance has changed. Americans are overwhelmingly concerned with government monitoring of their communications, and we hope to (finally) have a constitutional ruling in Jewel soon. (And another in Smith v. Obama, and still another in First Unitarian Church of Los Angeles v. NSA.)
Even so, the government continues to try to avoid a decision that any of its various means of mass surveillance is unconstitutional. The current procedural context is this: in July, EFF filed a partial motion for summary judgment requesting that the court rely on uncontested evidence that the NSA taps into the Internet backbone and collects and searches ordinary Americans’ communication to rule that the government is violating the Fourth Amendment. The technology at issue, which the government calls “upstream,” is illustrated here.
Under this surveillance, the government makes a full copy of everything that travels through key Internet backbone locations, like AT&T’s peering links. The government says that it then does some rudimentary filtering and searches through the filtered copies, looking for specific “selectors,” like email addresses.
The government filed its opposition to our motion in September. In our reply, we note that the government is effectively trying to sidestep the Fourth Amendment for everything that travels over the Internet. We explain:
The government . . . contends that [Fourth Amendment] principles have no application here, where the government is unequivocally breaching the security and privacy of the papers and effects of millions of individuals. Its position essentially is that it can circumvent the Fourth Amendment’s core principles by copying communications in transit instead of taking physical possession of the originals, and by searching their contents very quickly with computers instead of searching them with humans. The government further contends that if one of its purposes for the copying and searching the communications is foreign intelligence, then the circumvention is complete, and the Internet has for all practical purposes become a Fourth-Amendment-free zone. The government is wrong.
Our reply brief then unravels the government’s various attempts at constitutional circumvention. Here are some key issues we address:
Tapping into the Fiberoptic Cables is a “Seizure”
We explain that the act of copying entire communications streams passing through splitters at AT&T facilities is an unconstitutional seizure of individuals’ “papers” and “effects.” This should be obvious—our “papers” today often travel over the Internet in digital form rather than being stored in our homes—but the government contends that unless it physically interferes with individuals’ possession of some tangible property, it cannot “seize” anything. This is not so. If it were true that conversations could not be “seized” except by taking possession of physical objects, all warrantless wiretapping (where “recording” is a form of “copying” communications) would be constitutional.
This argument is especially troubling in the Internet age, since the government appears to be claiming that it could make a copy of all Internet communications as long as it did so without physically taking possession of any storage media. No way. The Fourth Amendment doesn’t protect just tree pulp or hard drives. It protects your ability to have control over who sees the information carried in your papers and effects. And by copying everything, the government is plainly “seizing” it.
Searching Quickly is Still a Search
The government also argues that because it is able to conduct its entire seizure and search quickly, there’s no real problem. It claims that the only interest you have in your messages in transit is whether they are delayed—not whether you retain control over them. Again, this isn’t the case. The founders of the United States, in writing the Fourth Amendment and in banning “general warrants,” were concerned about the security of their papers. That concern wouldn’t have simply disappeared had the British troops been able to rifle through their papers at the speed of a computer rather than by hand.
The “Human Eyes” Theory
Relatedly, we explain that the act of using a computer program to scan the contents of the copied communications stream in order to find targeted “selectors” is an unconstitutional search. Although the government concedes that individuals have a reasonable expectation of privacy in their Internet communications, thus triggering the Fourth Amendment, it argues that searching through the contents of those communications via an automated computer program does not compromise that expectation of privacy because the communications are not seen by human eyes. In support of this argument, the government compares its scanning of Internet communications to a police officer’s use of a drug-sniffing dog or a chemical drug test to detect contraband in a suspect’s luggage or a suspicious package, which the Supreme Court has found to not constitute a “search.”
But the government misses the point of the “contraband” cases, which turn not on the involvement of humans, but on the fact that no one has a right to possess contraband, and contraband was the only thing the dog sniffs and chemical tests could identify.
The mass, suspicionless surveillance of millions of Americans’ Internet communications is far broader in scope than these limited contraband investigations. First of all, speech just isn’t contraband, and the government’s “selectors” cannot distinguish between potentially illegal and legal speech. That takes humans. Second, the government’s search terms are far from objective, single-criterion searches. Even scanning for hash functions, which are arguably used to identify only illegal computer files like child pornography, have been found to be a search. Here, the scope is much broader, given the government’s stated foreign intelligence goals. What’s more, the act of choosing the selectors involves an exercise of discretion simply not present when teaching a dog to detect drugs. Americans have a reasonable expectation of privacy in their Internet communications, and the government’s act of searching the contents of those communications is a search, irrespective of whether it uses a human being or an automated computer program to do so.
“Special Needs” Again
Finally, as it did in Smith v. Obama, the government claims that its actions are justified by the “special needs doctrine,” the narrow exception to the warrant requirement that applies to minimally intrusive searches of people with reduced privacy expectations, such as students and those who work with dangerous machinery. While we’re not fans of the doctrine here at EFF, what the government is trying to do with it in this case is truly breathtaking. It argues that it needs no warrant to seize and search every single Internet activity of hundreds of millions of innocent people (who have no reduced expectation of privacy) as long as it does so quickly and a “significant reason” for doing so is collecting foreign intelligence.
We hit back hard on that argument, noting, first, that far from having a minimal privacy interest, our “plaintiffs’ privacy interests in their Internet activities and communications lie at the heart of the Fourth Amendment.” We also note that the government’s intrusion here, while possibly speedy due to its computing power, is extensive, searching “every word from top to bottom” of those hundreds of millions of innocent Americans’ communications.
The government's dangerous “special needs” argument, which apparently the Foreign Intelligence Surveillance Court of Review adopted with regard to the targeted surveillance objected to by Yahoo!, is something the Internet public needs to be aware of. The government is essentially claiming that because there are bad foreign actors online, it should get a free pass from complying with the Constitution whenever it claims a “foreign intelligence” need, and that it gets to do so regardless of how many innocent Americans may be caught up in its net. Or to put it more bluntly, the government is basically saying that its intelligence needs should trump the Constitution, and that no one using the Internet should be able to have a private conversation or engage in private web surfing or information gathering without the government having access.
There’s more in our brief, including our response to the government’s attack on the evidence presented by Mark Klein and the analysis by our expert witness, J. Scott Marcus.
We also filed a motion to strike a second secret brief the government submitted to the court in opposition to our motion for partial summary judgment. As we explain in our motion to strike, it is an extraordinary violation of due process to let the government make secret legal arguments to the court to which we have no ability to respond.
Now that briefing on our motion in Jewel is complete, the next step is oral argument. The court will hear the motion on December 19, 2014 in Oakland, California, and the public is invited.
In the meantime, it is the busiest season for hearings in the NSA spying cases yet. First, on November 4, EFF will participate as amicus in the Klayman v. Obama oral argument before the D.C. Circuit in Washington, D.C. concerning the NSA's telephone records collection. Then, on December 8 in Seattle, Washington, the Ninth Circuit will hear argument by our co-counsel Peter Smith and Luke Malek in Smith v. Obama, the telephone records case we’re handling with the ACLU.var mytubes = new Array(1); mytubes = '%3Ciframe src=%22https://citizenfourfilm.com/player/%22 frameborder=%220%22 width=%22640%22 height=%22470%22%3E%3C/iframe%3E'; Related Cases: Smith v. ObamaKlayman v. ObamaJewel v. NSAFirst Unitarian Church of Los Angeles v. NSA
Share this: || Join EFF
Even the reports that are supposed to provide transparency about the FBI's use of national security lettters (NSLs) are secret—or at least a couple dozen pages of them are. NSLs are nonjudicial orders that allow the FBI to obtain information from companies, without a warrant, about their customers’ use of services. They almost always contain a gag order, which prohibits recipients from even saying they've received the request.
Two Office of the Inspector General (OIG) reports reviewing the FBI's use of NSLs from 2007 and 2008 were reissued earlier this week after having portions declassified. You can see the newly released versions of the 2007 report here and the 2008 report here.
Charlie Savage at the New York Times has reviewed and listed the changes. Some of them make sense. For example, one portion of the 2007 report masked references to a "Virginia Jihad network," which might have been redacted because of an ongoing investigation. But some of the previously classified portions are less explicable, such as the classification of the percentage of requests done under particular statutes. It's unclear what purpose keeping that number secret serves. What is clear is that excessive classification and redaction continue to get in the way of much-needed transparency around NSLs.Related Issues: National Security LettersTransparencyRelated Cases: National Security Letters (NSLs)In re: National Security LetterIn re National Security Letter 2013 (13-80089)In re National Security Letter 2013 (13-1165)
Share this: || Join EFF
Facebook scolded the Drug Enforcement Administration this week after learning that a narcotics agent had impersonated a user named Sondra Arquiett on the social network in order to communicate and gather intelligence on suspects. In a strongly worded letter to DEA head Michele Leonhart, Facebook’s Chief Security Officer Joe Sullivan reiterated that not only did the practice explicitly violate the site’s terms of service, but threatened Facebook’s trust-based social ecosystem.
Facebook has long made clear that law enforcement authorities are subject to these policies. We regard the conduct to be a knowing and serious breach of Facebook’s terms and policies, and the account created by the agent in the Arquiett matter has been disabled.
Accordingly, Facebook asks that the DEA immediately confirm that it has ceased all activities on Facebook that involve the impersonation of others or that otherwise violate our terms and policies.
So far, it is unclear whether the DEA has responded, although the US Department of Justice has independently launched an investigation into the practice. We commend Facebook for holding the agency accountable.
But we also think Facebook should go further in protecting users and the integrity of its services. The DEA isn’t only law enforcement agency creating fake profiles on Facebook, and fake profiles are not the only way that law enforcement agencies routinely violate the site’s terms of service.
Sock Puppet Investigators
Facebook’s “Statement of Rights and Responsibilities” require users to provide their “real names and information” and warn users to “not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission.” In other words, this is a ban on sock puppets: fake accounts that someone creates for deceptive purposes.
According to a lawsuit filed against the DEA, Arquiett was arrested in 2010 on drug charges. She allegedly agreed to allow an agent to search her phone. But the agent did much more than that, taking files from her phone—including suggestive photos of Arquiett as well as pictures of her children. The agent then used them to create a Facebook profile in her name. The agent accepted and made friend requests and engaged in conversations with other users.
While this may be the first time we have heard of the DEA impersonating an actual person, two separate independent studies show that creating fake profiles is commonplace in the law enforcement community.
In 2012, LexisNexis researchers surveyed more than 1,200 federal, state, and local law enforcement agencies and almost 70 percent of agencies surveyed said they use social media to some extent in their investigations. Among those agencies, Facebook was by far the most popular social network site, with 91 percent using it for investigations, 27 percent using it on a daily basis. Alarmingly, the LexisNexis researchers concluded that police “have no concerns around the ethics of creating fake virtual identities as an investigative technique." Approximately 83 percent reported they had no qualms about going undercover online.
LexisNexis even included an anonymous testimonial on how police were able to track a suspect’s location through Facebook:
I was looking for a suspect related to drug charges for over a month. When I looked him up on FB, and requested him as a friend from a fictitious profile, he accepted. He kept “checking in” everywhere he went so I was able to track him down very easily.
A 2013 study [pdf] from the International Association of Chiefs of Police (IACP) mirrored the LexisNexis findings. Out of 500 predominantly municipal law enforcement agencies, more than 58 percent reported that they use fake profiles to gather information.
It’s difficult to determine exhaustively which agencies have adopted this tactic, but some have publicly acknowledged the practice:
- Cincinnati Police Department admitted to CNN that it used undercover profiles for “targeted enforcements.”
- In a DOJ-funded report on social media tactics, IACP revealed that the New York City Police Department has created formal policies for creating alias accounts for use in investigations. (The policies are available on page 169 of this report.)
- The Georgia Bureau of Investigation similarly has a policy (page 157) allowing for aliases to be used in investigations.
- In its policy on the use of social media, the La Vista Police Department in Nebraska says, “Covert undercover operations on the Internet and Social Networking are an effective investigative technique in establishing admissible, credible evidence in support of a criminal prosecution against suspects.”
Creating fake profiles is only one way that law enforcement agencies are actively violating Facebook’s terms of service.
Facebook’s terms say that you must not share your password or “let anyone else access your account.” It further states, “you will not solicit login information or access an account belonging to someone else.” Yet, law enforcement agencies are guilty of these activities, particularly when it comes to screening applicants for jobs. According to a recent article from the San Francisco Chronicle, “The standard practice in most California police departments is to require social-media passwords of job applicants, including those applying for dispatch and jail staff positions.” This past session, the California Legislature attempted to clarify the law to extend a prohibition on this practice in the private sector to public employees—including a provision explicitly prohibiting police agencies from soliciting passwords—but the bill failed to make it to the governor’s desk.
Meanwhile, the FBI has been researching ways to data mine on Facebook, which would be a violation of the ToS that says you cannot “not collect users' content or information, or otherwise access Facebook, using automated means (such as harvesting bots, robots, spiders, or scrapers) without our prior permission.”
Law enforcement agencies have been potentially violating social media networks' terms of service with scraping and "covert accounts" for years (even as far back as when MySpace was the leading social network). We had to go court to find this out, but Facebook has the power to force transparency without litigation.
What Should Facebook Do About This?
Under a White House directive (most recent version here), federal agencies are supposed to sign special, negotiated terms of service with social media providers where they would like to have a presence, including Facebook (example pdf here). Facebook also has special terms of services that are applicable only to state and local government agencies.
These agreements and special terms of services are opportunities for Facebook to demand more of law enforcement. If cops want to use Facebook for public purposes (and according IACP, most agencies find it a “very valuable” for community outreach, collecting tips and disseminating emergency information), then Facebook should make sure they know they must follow the same rules as everyone else.
We’re asking Facebook to spell out, in no uncertain language, that the terms that apply to regular users apply to government agencies as well, including law enforcement. It should remind law enforcement that violating its terms of service—such as by creating fake profiles, using impersonation, requiring passwords from applicants and employees, and data mining—isn’t OK.
But Facebook could, and should, go a step further to restore the public’s trust in their system and require that any law enforcement agency that wants to use Facebook must first develop and publish departmental policies for social media, including their policies for using social media in investigations and in screening job applicants.
It's great that Facebook sent a letter to the DEA, but for the company to protect its users it needs to do more than simply react after the damage has been done.Related Issues: Online Behavioral TrackingSocial NetworksTransparency
Share this: || Join EFF
Snowden's Motivation: What the Internet Was Like Before It Was Being Watched, and How We Can Get There Again
Laura Poitras’ riveting new documentary about mass surveillance gives an intimate look into the motivations that guided Edward Snowden, who sacrificed his career and risked his freedom to expose mass surveillance by the NSA. CITIZENFOUR, which debuts on Friday, has many scenes that explore the depths of government surveillance gone awry and the high-tension unfolding of Snowden’s rendezvous with journalists in Hong Kong. One of the most powerful scenes in the film comes when Snowden discusses his motivation for the disclosures and points to his fundamental belief in the power and promise of the Internet:
I remember what the Internet was like before it was being watched, and there's never been anything in the history of man that's like it. I mean, you could have children from one part of the world having an equal discussion where you know they were sort of granted the same respect for their ideas and conversation, with experts in a field from another part of the world, on any topic, anywhere, anytime, all the time. And it was free and unrestrained.
Snowden’s convictions mirror those of many who have adopted the Internet as a second home, and he speaks to the values that motivate fights over issues like net neutrality and online free speech today.
The Internet is unique among revolutionary communications media because it was designed for—and has thus far maintained—interactivity. People can contribute, create their own websites, publish content, and create code as equals across the network. While communication media of the past—like newspapers, radio, and television—generally relied on their audiences to act as passive recipients of information, the Internet upended these conventions. Instead of merely consuming data, the Internet offered millions across the world an opportunity to publish and interact with data, to engage directly with other people across the world, to launch their own websites, and push their own code. It wasn’t just a technological revolution—it was a social revolution that deeply influenced how people interact with news and data.
But there are threats to the decentralized, collaborative architecture of the Internet. We see this often from corporations seeking to control the online experience, whether that is undermining net neutrality, pushing users toward corporate-owned and regulated spaces like Facebook, or the migration from open web to apps.
Edward Snowden highlighted another serious threat to the Internet: surveillance.
And we've seen the chilling of that and the cooling of that and the changing of that model, towards something in which people self-police their own views, and they literally make jokes about ending up on "the list" if they donate to a political cause or if they say something in a discussion. And it's become an expectation that we're being watched.
We couldn’t agree more. As we argue in First Unitarian Church of Los Angeles v. NSA, the First Amendment protects freedom of association. When the government gets access to records of the communications of political and activist organizations and their members, it knows who is talking to whom, when, and for how long. This data trail tracks the associations of these organizations, revealing who is connected to political, religious and social groups of all stripes. The law has long recognized that government access to associations’ private membership lists can create a chilling effect—people are less likely to associate with organizations when they know the government is watching and when the government can track their associations. In short, surveillance threatens free speech.
So what can be done? Even as EFF’s cases against mass surveillance move through the courts, there’s work to be done to harden systems against mass surveillance.
What does that look like? For individual users, that means using privacy tools to protect your communications from snooping eyes. Our Surveillance Self Defense toolkit has suggestions for more private web browsing, emailing, instant messaging, and more.
For those who run websites and applications, we encourage you to join the Reset the Net movement, and commit to hardening your systems against passive surveillance.
CITIZENFOUR is a powerful documentary that is able to put a very human face on the deep technical and legal issues of surveillance. It’s a film that friends of EFF should go see. It’s also a great film to see with a friend or family member who is a surveillance-defender, as few could walk away from the movie with their trust in government intact.
Watch the trailer here:Privacy info. This embed will serve content from citizenfourfilm.com
Disclosures: I serve on the board of directors of Freedom of the Press Foundation, a nonprofit working to champion press freedom, along with filmmaker Laura Poitras, her colleague Glenn Greenwald, and whistleblower Edward Snowden.var mytubes = new Array(1); mytubes = '%3Ciframe src=%22https://citizenfourfilm.com/player/%22 frameborder=%220%22 width=%22640%22 height=%22470%22%3E%3C/iframe%3E'; Related Issues: PrivacyEncrypting the WebNSA SpyingRelated Cases: First Unitarian Church of Los Angeles v. NSA
Share this: || Join EFF
One of the convictions that drew law professor and former EFF board member, Lawrence Lessig, to co-found Creative Commons was that a narrow and rigid application of copyright law made no sense in the digital age. Copying digital information over long distances and at virtually no cost is what the Internet does best; indeed, it wouldn't work at all if copying wasn't possible.
If all online copying requires permission—a worldview that Lessig has termed permission culture— then a huge part of our modern systems for conveying and creating knowledge will always require explicit and prior permission to operate to avoid risk of future lawsuits. It is permission culture that leads to absurd results such as the criminal charges levied against Diego Gomez for sharing an academic publication with colleagues online.
Creative Commons—and by extension, the broader open access movement that often relies on Creative Commons licenses—pushes back against this worldview, in favor of an alternative vision of free culture, in which creative and knowledge works are freely exchanged, and where demanding permission for re-use and sharing can be the exception, rather than the rule.
CC helps copyright law serve its real purpose, making sure that a system intended for narrow permissions and exceptions does not impede the freedom to share. Creative Commons and similar open access licenses use copyright law to assure users that they have the liberty to copy and share works, and depending upon the choice of license by the author, also the copy to modify them and to distribute modified versions. (Free and open source software licenses work in a similar way.)
But however clever this is, should we be using copyright law—a regulatory system that many believe defaults to requiring authorization —to help guarantee access to knowledge and freedom to share? Some individuals particularly in the free and open source software community have answered “no.” These free and open source software developers reject outright the authority of copyright law to govern the use of the code that they write. This has led to the phenomenon of so-called POSS (Post Open Source Software), whereby developers simply commit their code to openly available code repositories like Github, and express their disdain for copyright law by deliberately refraining from choosing a license. Unfortunately, this practice casts the reuse of the code into a legal grey zone. Code that is not clearly licensed can be confusing for would-be users, because the default assumption is that most copying and reuse will be infringing if the author hasn't permitted it.
In recent years a crop of software licenses have also emerged, such as the Unlicense, and others under more colorful names, that seek to reconcile the fact that programmers and many of their users don't care about copyright law, with the reality that other users of software, and judges, do. For creative works, the CC Zero license serves a similar purpose. Just as the rest of the Creative Commons licenses are an attempt to reflect the desire of authors to do away with the “permission required by default” model of copyright, these licenses attempt to recreate for works the same freedoms users have over material that has passed out of the realm of copyright into the public domain.
These sorts of public domain dedications and licenses are a good compromise, and an important addition to the existing pantheon of free culture and open source licenses that preceded them. As Creative Commons board member Michael Carroll put it before Congress earlier this year, “Some copyright owners feel like they want the option to get out of the copyright system.” Using a legal instrument to opt out of the copyright regime altogether, to the extent the law allows, meets this need.
But those who reject copyright licensing entirely typically do so not because they misunderstand that their code or writing is automatically subject to copyright; rather, they are doing so as a political statement that they don't believe this should be the case. Using a public domain dedication or permissive license that accepts the jurisdiction of copyright law over your work is seen as acceding to the rules of permission culture; refusing to accept this, as quixotic as that may be, is seen as subverting those rules.
Omitting a legally-binding license entirely from a work, while asserting in straightforward language your disavowal of a belief in such licenses, can be a statement about the current state of copyright. In practical terms, however, the existence of modern copyright law works to undo that statement, by dissuading users from taking advantage of such works because of the legal gray area within which they must operate. Copyright law remains a regime to be carefully stepped around, instead of being modernized and fixed at root to offer clearer, simpler choices for creators and users.
the existence of open copyright licenses shouldn’t be interpreted as a substitute for robust copyright reform. Quite the contrary. The decrease in transaction costs, increase in collaboration, and massive growth of the commons of legally reusable content spurred on by existence of public licenses should drastically reinforce the need for fundamental change, and not serve as a bandage for a broken copyright system. If anything, the increase in adoption of public licenses is a bellwether for legislative reform — a signal pointing toward a larger problem in need of a durable solution.
We celebrate the open access movement this week, and the work that academics and readers all around the world do to share knowledge as freely as they can. But we must not forget the desire for a future in which the open access movement wouldn't even be necessary, because open access to our knowledge commons, and particularly academic research, will be the default assumption, rather than the other way around.
Between October 20 and 26, EFF is celebrating Open Access Week alongside dozens of organizations from around the world. This is a week to acknowledge the wide-ranging benefits of enabling open access to information and research—as well as exploring the dangerous costs of keeping knowledge locked behind publisher paywalls. We'll be posting on our blog every day about various aspects of the open access movement. Go here to find out how you can take part and to read the other Deeplinks published this week.Related Issues: Fair Use and Intellectual Property: Defending the BalanceOpen Access
Share this: || Join EFF
The open access movement has historically focused on access to scholarly research, and understandably so. The knowledge commons should be shared with and used by the public, especially when the public helped create it.
But that commons includes more than academic research. Our cultural commons is broader than what is produced by academia. Rather it includes all of the information, knowledge, and learning that shape our world. And one crucial piece of that commons is the rules by which we live. In a democratic society, people must have an unrestricted right to read, share, and comment on the law. Full stop.
But access to the law has been limited in practice. Not long ago, most court document and decisions were only available to those who had access to physical repositories. Digitization and the Internet changed that, but even today most federal court documents live behind a government paywall known as PACER. And until recently, legal decisions were difficult to access if you couldn’t afford a subscription to a commercial service, such as Westlaw, that compiles and tracks those decisions.
The good news: open access crusaders like Public.Resource.Org and the Center for Information Technology Policy have worked hard to correct the situation by publishing legal and government documents and giving citizens the tools to do so themselves.
The bad news: the specter of copyright has raised its ugly head. A group of standards-development organizations (SDOs) have banded together to sue Public.Resource.Org, accusing the site of infringing copyright by reproducing and publishing a host of safety codes that those organizations drafted and then lobbied heavily to have incorporated into law. These include crucial national standards like the national electrical codes and fire safety codes. Public access to such codes—meaning not just the ability to read them, but to publish and re-use them—can be crucial when there is an industrial accident; when there is a disaster such as Hurricane Katrina; or when a home-buyer wants to know whether her house is code-compliant. Publishing the codes online, in a readily accessible format, makes it possible for reporters and other interested citizens to not only view them easily, but also to search, excerpt, and generate new insights.
The SDOs argue that they hold a copyright on those laws because the standards began their existence in the private sector and were only later "incorporated by reference" into the law. That claim conflicts with the public interest, common sense, and the rule of law.
With help from EFF and others, Public.Resource.Org is fighting back, and the outcome of this battle will have a major impact on the public interest. If any single entity owns a copyright in the law, it can sell or ration the law, as well as make all sort of rules about when, where, and how we share it.
This Open Access Week, EFF is drawing a line in the sand. The law is part of our cultural commons, the set of works that we can all use and reuse, without restriction or oversight. Protecting that resource, our common past and present, is essential to protecting our common future. That’s why the open access movement is so important, and we’re proud to be part of it.
Between October 20 and 26, EFF is celebrating Open Access Week alongside dozens of organizations from around the world. This is a week to acknowledge the wide-ranging benefits of enabling open access to information and research—as well as exploring the dangerous costs of keeping knowledge locked behind publisher paywalls. We'll be posting on our blog every day about various aspects of the open access movement. Go here to find out how you can take part and to read the other Deeplinks published this week.Related Issues: Fair Use and Intellectual Property: Defending the BalanceOpen AccessInternational
Share this: || Join EFF
We’re thrilled to announce the relaunch of Surveillance Self-Defense (SSD), our guide to defending yourself and your friends from digital surveillance by using encryption tools and developing appropriate privacy and security practices. The site launches today in English, Arabic, and Spanish, with more languages coming soon.
SSD was first launched in 2009, to “educate Americans about the law and technology of communications surveillance…” and to provide information on how to use technology more safely. Not long after, in the midst of the 2009 Iranian uprising, we launched an international version that focused on the concerns of individuals struggling to preserve their right to free expression in authoritarian regimes.
In the time since the Snowden revelations, we’ve learned a lot about the threats faced by individuals and organizations all over the world—threats to privacy, security, and free expression. And there is still plenty that we don’t know. In creating the new SSD, we seek to help users of technology understand for themselves the threats they face and use technology to fight back against them. These resources are intended to inspire better-informed conversations and decision-making about digital security in privacy, resulting in a stronger uptake of best practices, and the spread of vital awareness among our many constituents.
We invite you to take a look at SSD, and to provide us with feedback (we’ve made it easy: there’s a feedback dropdown on every page). Right now, the site is available in just three languages, but we soon plan to expand, with Vietnamese, Russian, Persian, and several other languages in our sights. And if you think we’ve missed something, please let us know. The threats are always changing, so our advice should change to keep up.
Share this: || Join EFF
San Francisco - The Electronic Frontier Foundation (EFF) launched its updated "Surveillance Self-Defense" report today, a comprehensive how-to guide to protecting yourself from electronic spying for Internet users all over the world.
"Everyone has something to protect, whether its from the government or stalkers or data-miners," said EFF International Director Danny O'Brien. "Surveillance Self-Defense will help you think through your personal risk factors and concerns—is it an authoritarian government you need to worry about, or an ex-spouse, or your employer?—and guide you to appropriate tools and practices based on your specific situation."
Surveillance Self-Defense includes briefings on important security issues, tutorials on using specific privacy software like PGP and OTR, and guides for specific categories of users, like human rights activists or journalism students. People who are just beginning to upgrade their communications privacy can choose the "Security Starter Pack."
"The Internet and other electronic communications have empowered people all over the globe to speak out and make connections in world-changing ways," said EFF Director for International Freedom of Expression Jillian York. "But this has also opened new opportunities for tracking and exposure. Surveillance Self-Defense will teach you to think critically about your Internet use and make good choices even as the technology changes around you."
Surveillance Self-Defense was first launched in 2009, aimed at educating Americans about the law and technology of communications surveillance. The new report expands, revises, and updates the old guide for use across the globe with support from the Ford Foundation. EFF spoke and worked with experts and activists from across the world, from MIT to the Middle East, in developing the guide. The entire Surveillance Self-Defense project is available in English, Spanish, and Arabic, with more languages available soon.
For the Surveillance Self-Defense guide:
International Freedom of Expression Coordinator
Electronic Frontier Foundation
International Outreach Coordinator
Electronic Frontier Foundation
International Rights Director
Electronic Frontier Foundation
Director for International Freedom of Expression
Electronic Frontier Foundation
Share this: || Join EFF