Aggregated News

Breaking Section 230’s Intermediary Liability Protections Won't Fix Harassment - Sat, 03/10/2015 - 08:21

As we've noted before, online harassment is a pressing problem—and a problem that, thankfully and finally, many are currently working on together to mitigate and resolve. Part of the long road to creating effective tools and policies to help users combat harassment is drawing attention to just how bad it can be, and using that spotlight to propose fixes that might work for everyone affected.

But not all of the solutions now being considered will work. In fact, some of them will not only fail to fix harassment, but they will actually place drastic limitations on the abilities of ordinary users to work together, using the Net, to build and agitate real, collective solutions.

One proposal raised recently by Arthur Chu falls into this latter category. Chu suggests that intermediaries—anyone who runs an online server that acts as a host for users' speech—should be made jointly responsible for the content of that speech. His theory is that if you make a middle-man—such as an ISP like Facebook, Twitter, or YouTube, the host of a discussion forum, or a blog author—legally responsible for what their users' or commenters say, then they will have a strong incentive to make sure that their users don't harass others using their platform.

In the United States, the primary protection against such broad intermediary liability is CDA 230—a statute which Chu thinks should be dismantled. As courts in the United States have recognized, the immunity granted under CDA 230 actually encourages service providers and other online intermediaries to self-regulate—i.e., to police and monitor third-party content posted through their services. Prior to the enactment of CDA 230, a service provider could be held liable if it tried to self-regulate but did so unsuccessfully—a framework which actively discouraged intermediaries from regulating potentially objectionable content on their sites.

CDA 230 is currently one of the most valuable tools for protecting freedom of expression and innovation on the Internet. Countries around the world have similar protections for online intermediaries, and, through initiatives including the Manila Principles, human rights groups around the world have campaigned in favor of such protections. Such groups include Article 19, the Association for Progressive Communications, the Committee to Protect Journalists, and Free Press, as well as national human rights organizations from various counties, ranging from Egypt and Pakistan to Australia and Canada.

And there is good reason for the law to protect online intermediaries from liability based on what other people say online. The primary reason so many around the world have fought for, and continue to fight for, intermediary liability protections is straightforward. If you're speaking up for an unpopular truth against powerful interests, one of the best ways they have to silence your objections is to legally intimidate intermediaries. Intermediaries' interests differ from their users, and while many hosts of Internet content make strong statements in favor of their users -- in defense of their ability to speak freely or feel safe online -- given the choice between defending the users and fighting an expensive legal battle (even if there is a good chance they’d win), it's clear which route many will take. Some intermediaries may not have the resources to even consider going to court. In other words, getting rid of CDA 230 liability protection acts as a de facto tax on intermediaries that wish to protect the free expression of their users.

But it's worse than that. An intermediary fearful of liability based on the actions of its users may also proactively modify its site to remove the possibility of a lawsuit altogether. Intermediaries have a powerful ability to control what conversations take place on their networks. In a world where litigation is an ever-present threat, intermediaries will set up environments where contentious conversations never happen in the first place.

For those arguing against CDA 230, that's the whole point of weakening its protections. They argue that intermediaries are best suited to filter and guide online speech until the risk of harassment is eliminated. Hang the sword of litigation over those potential gatekeepers, proponents say, and they'll quickly put in place rules and algorithms to permanently dismiss harassment from their networks, even before it occurs.

But victims of harassment are very low down the list of potential litigants that intermediaries would have to listen to in a post-CDA 230 world. Attorney Ken White phrases it this way in his analysis of Chu’s proposal: “Justice may not depend entirely on how much money you have, but that is probably the most powerful factor.” Before them would come the rich and influential, such as politicians and, in many cases, the harassers themselves. After all, much online harassment is intended to silence the victims and intimidate them into leaving the network. What better way to do so than to threaten the host with a lawsuit if they don't throw the victim offline? The threat might be empty, but if the host isn’t willing to engage in expensive litigation, one threatening letter might be sufficient. Today, CDA 230 helps ensure this can’t happen.

Chu makes the argument that CDA 230 is not universal, and that other countries survive without it. This is technically true. CDA 230 is a U.S. law. But it has been a critical law for protecting online speech and innovation in the US, and most countries either have some form of intermediary liability protection or are gradually increasing such provisions through new law or judgments.

Notably, countries that have experimented with markedly lesser intermediary protections have not solved or mitigated the problem of online harassment. To the contrary, the evidence suggests that opening intermediaries to liability leaves harassment unaffected, while enabling others, including governments and powerful political interests, to use the law to harass and silence legitimate speakers—often those in a less powerful position. For example, India's fifteen year experiment with broad intermediary liability, in the form of the 2000 IT Act, saw no effective limits on harassment. A 2011 study of intermediaries' response to take-down requests under the Indian law showed that out of 7 intermediaries sent a flawed takedown notices, 6 over-complied with the removal request. The laws' key provisions regarding liability and censorship were successfully challenged by Shreya Singhal, after two women were arrested for a comment critical of the public response to the death of a local politician (one of the women had only "liked" the post).

In Thailand, intermediaries share liability with their users. Such shared liability has resulted in cases against the representatives of intermediaries, from private prosecutions against Google's entire board by ex-pat businessmen seeking to shut down a critical blog, to the criminal prosecution of Chiranuch Premchaipron, the manager of a non-profit newspaper whose discussion forum included user comments critical of the monarchy. Yet, Thai intermediaries have not taken any novel steps to combat personal harassment, and the frequency of reported incidents of individual harassment remain no different or may even be higher than comparable countries.

Chu does at least acknowledge the wider effect of overturning CDA 230. In online conversation after posting his op-ed, he conceded that a huge chunk of social media would disappear and challenged the idea that a world without YouTube, Twitter, Vine, and Internet comments in general would be such a great loss. To Chu, it seems that an Internet that worked the same way as a letter to the editor—where only those who reach certain standards of editorial acceptability would have a voice—would be a better Internet.

On this point we respectfully, and strongly, disagree. Those fighting harassment, both offline and on, have used the Internet incredibly effectively to speak up and organize. Raising the issue has led to an uncomfortable conversation which those targeted for criticism: intermediaries, the powerful, and politicians must often wish could go away. Those fighting harassment have been threatened with lawsuits and worse to silence them. An online world without CDA 230 would still allow harassment to exist, but it would profoundly limit the ability of any of us to hear from its targets, recognize the scale of the problem, and identify real, practical solutions.

Speaking up and organizing is what gets pervasive issues like harassment dealt with in the long run. Making intermediaries responsible for policing their users will silence such efforts and lead to an Internet that is safer for powerful actors, but not an Internet that is safe for everyday users.

Related Issues: No Downtime for Free SpeechFree SpeechInternational
Share this:   ||  Join EFF
Categories: Aggregated News

EFF Urges California Supreme Court to Hear a Bad Rap Lyrics Case - Sat, 03/10/2015 - 06:50

Artistic expression can take many forms, whether it’s comedic, dramatic, or even violent. According to a California Court of Appeals opinion, if you choose to artistically express yourself in a violent or threatening manner—let’s say in song lyrics—you could be criminally prosecuted by the State of California even if you never intended anyone to perceive your message as an actual threat.

EFF has signed onto an amicus letter by the ACLU of Southern California that asks the California Supreme Court to revisit the lower court’s decision in People v. Murillo. Legions of artists will risk prosecution under this ruling for artistic speech that they did not intend to be threatening. As a result, they might self-censor, and our artistic palette will be less richly colored because of it.

As explained in the letter, the Court should hear the case for two specific reasons.

First, in considering what constitutes “threatening speech,” the lower court failed to include protections required both by the First Amendment and the general precepts of criminal law when it held that the criminal statute requires only a general intent to communicate rather than a specific intent to threaten. The specific threat statute at issue has not been specifically interpreted in these respects, and the Court should step in to provide clarity.

Second, the lower court disregarded the context of the lyrics when making a point that a reasonable listener would understand the lyrics as a threat. In a previous case, In re George T., the California Supreme Court threw out a criminal threat conviction, under a different threat statute, where the supposed threat was contained in a poem. In George T, the Court found the poetic context of the supposed threat to be critical. As the Court explained, art is subjective by nature, but the Court of Appeals in Murillo used only the objective standard that a reasonable person could construe an artistic work to be a threat.

For above-stated reasons, we ask that the Court grant the defendant’s petition for review, and establish a clear and protective standard for when artistic speech may be criminalized, in order to undo the chilling effect of the lower court’s opinion.

Related Issues: Free Speech
Share this:   ||  Join EFF
Categories: Aggregated News

Meet Shahid Buttar: Helping EFF Fight for Digital Rights in Your Hometown - Sat, 03/10/2015 - 06:24


EFF is pleased to welcome Shahid Buttar to the activism team, where he will direct EFF's work supporting grassroots and student advocacy. Shahid is a constitutional lawyer focused on the intersection of community organizing and policy reform as a lever to shift legal norms. He comes to EFF with deep roots in communities across the country organizing in various ways to combat mass surveillance.

Shahid’s skills and experience will enhance EFF’s outreach efforts, helping us inspire supporters in local communities across the country. He’ll also serve as a resource for grassroots organizations and student groups looking for ways to defend and assert their rights.

EFF is especially interested in nurturing local and college student groups focusing on technology policy. We hope to encourage, help, and connect with groups that want to host surveillance discussion groups, or crypto-parties at local hacker spaces, or advocate for open access rules on campuses, or any number of actions. However your community takes action, if you’re interested in working with EFF on a local event in your area, email Shahid at

Shahid’s experience makes him ideally suited to strategically expand EFF’s outreach efforts. He received his J.D. from Stanford Law School in 2003, where he served as executive editor of the Stanford Environmental Law Journal and spent a semester working as Larry Lessig’s teaching assistant for constitutional law. Directly out of law school, he went into private practice, where he organized a 2004 lawsuit seeking marriage equality for same-sex couples in New York state and represented the campaign finance reform community in a successful appeal before the U.S. Court of Appeals for the District of Columbia Circuit.

Shahid’s heart has always been in advocacy. He left private practice to build the communications team at the American Constitution Society for Law & Policy. He went on to found the program to combat racial & religious profiling at Muslim Advocates, where he launched a FOIA case seeking a still secret FBI policy governing the undercover infiltration of organizing and activist groups.

From 2009 to 2015, Shahid led the Bill of Rights Defense Committee (BORDC) as Executive Director. His work at BORDC included advising local, state, and federal policymakers, journalists, and grassroots organizers about civil liberties and civil rights issues encompassing mass surveillance, targeted surveillance, and law enforcement profiling according to race, religion, and national origin.

Shahid has been a powerful voice for accountable government, transparency, and justice. His comments have appeared in news outlets including The Washington Post, The New York Times, USA Today, FOX News, CNN, Agence-France Presse, Huffington Post, and Democracy Now!. In February 2015, video of his arrest in the U.S. Senate went viral after he posed uncomfortable questions at a Senate Armed Services Committee hearing in which Director of National Intelligence James Clapper testified.

As an organizer, Shahid focuses on connecting people across diverse ideologies and identities, based on their shared concerns about how national security and law enforcement agencies erode civil liberties and the rule of law. He has been active in the peace, Occupy, and Black Lives Matter movements on both coasts and in the Midwest.

Outside his work with EFF, Shahid’s commentary often explores novel arguments supporting social movements. For instance, he has publicly criticized police militarization as both constitutionally offensive, as well as rooted in CIA corruption. His previous publications include national security and foreign policy recommendations, as well as articles exploring the intersection of antitrust principles and tax policy.

Creatively, Shahid DJs and produces electronic music, kicks rhymes, and writes poetry in what he describes as his “spare time.” His work as an artist has taken him around the world, and before audiences as large as 50,000. He’s been making music, building communities, and fighting for justice for 20 years while based in Chicago, the San Francisco Bay Area, and Washington DC.

We are very excited to have him at EFF!

Share this:   ||  Join EFF
Categories: Aggregated News

Argentina Proposes a 100-Year-Plus Copyright Extension on Photography - Sat, 03/10/2015 - 03:22

A new front has opened in publishers' global war on the public domain. Lawmakers of Argentina's ruling party are proposing a vast extension of copyright terms on photography—from 20 years after publication to 70 years after the photographer's death. That means that the term of restriction of photographic works would be extended by an average 120 years.

The law would extend copyrights on works retroactively, so a lifetime of photos that are already in the public domain would be re-captured by copyright. That would bring about a huge amount of legal uncertainty over works that have already been shared, remixed, sold, and modified in innumerable ways. If this bill passes, many tens of thousands of photographs that have been uploaded into cultural archives, including Wikipedia, may have to be erased from the Internet or else they could face civil, or even criminal prosecution failing to do so.

This is why Argentinian digital rights organization, Fundación Via Libre has launched a campaign to fight back against this destructive term extension. They sent a letter to Argentinian lawmakers earlier this week, urging them to conduct proper, public-interest impact assessment and open it to public debate before moving forward with a bill that would have such sweeping impacts on the cultural commons. Now, EFF is one of 38 digital rights and access to knowledge groups urging Argentinian lawmakers to drop this proposal. The letter states (translated from Spanish):

Among the entities affected by the draft bill are museums, archives, and public libraries, as more and more of them digitize their collections and make them publicly available on the Internet. Projects such as the National Library's Trapalanda digital library, and digitization efforts made by the General Archives of the Nation of Argentina will be severely affected by the measure, and will lead to the removal of large amounts of photographs that are openly and publicly accessible on the Internet. Another harmed initiative would be Wikipedia, the online and community non-profit encyclopedia which currently provides free and open access to knowledge. Thousands of photographs that illustrates Argentina's encyclopedic articles of great importance would be eliminated, critically affecting users who use Wikipedia every day for access to knowledge and learning.

This is part of a long disturbing trend towards lengthening the international "norm" of copyright lengths to life of the author plus 70 years—two decades beyond what is required by international law as established by the Berne Convention. The Berne Convention requires life plus 50 years of protection for most works, but for photographs only 25 years from when they were taken, in a rare recognition of the qualitative differences between different classes of copyright work. Admittedly, this points towards an obligation to extend the term of protection for photographs—but only for 5 years, not 120.

This bill comes as we fight 20-year copyright term extensions in six of the 12 countries negotiating the Trans-Pacific Partnership (TPP), where Hollywood has taken advantage of opaque trade negotiations to lengthen and ratchet up restrictions on cultural works behind closed doors.

Big publishers are working with policymakers to make these extensions seem like an imperative that must not be questioned for the sake of "protecting" artists' interests. But it's critical that we push back against this seeming inevitability that more and more culture will become locked up behind longer, ever more extreme restrictions.

If you're in Argentina, support Fundación Vía Libre and their fight against excessive terms on photography.

If you're in the United States, or in the handful of other TPP nations that is under threat from copyright term extensions, visit our TPP Copyright Trap page to find out how you can take action.


Joint letter calling Argentina's lawmakers to oppose the copyright term extension on photographic works [ES] (October 1, 2015)

Related Issues: Fair Use and Intellectual Property: Defending the BalanceInternationalTrade Agreements and Digital RightsTrans-Pacific Partnership Agreement
Share this:   ||  Join EFF
Categories: Aggregated News

Defending Against Overreaching Surveillance in Ethiopia: Surveillance Self-Defense now Available in Amharic - Fri, 02/10/2015 - 04:03

From telecommunications infrastructure to TV and radio airwaves, the Ethiopian government’s controls over communications infrastructure in the country means that even the most private and personal conversations may be exposed to unwarranted surveillance. In some cases, where communications have escaped the government’s strict monitoring system, human informers have been planted, creating an extreme sense of fear among Ethiopians. There’s an implicit understanding in the country that when discussing politics publicly, one should do so in a low voice so that only those whom they trust can hear. In Addis Ababa, the capital city, it’s not uncommon to see people glancing over their shoulders or covering their mouths when having political conversations in coffee shops or taxis. Because of this fear-provoking atmosphere, many Ethiopians stay silent as a means of protecting themselves against surveillance. A common saying in Amharic signifies the rootedness of silence as a commonly-used protection mechanism: “Blowflies won’t get into a closed mouth.”

As part of its broader control mechanism, the Ethiopian government blocks blogs and websites that are critical of the government, uses expensive surveillance software to spy on its own citizens both at home and abroad, and prosecutes bloggers for using encryption tools. Employing anonymity or using a pseudonym is the online equivalent to glancing over one's shoulder or covering one's mouth in public. There are many people who avoid liking, sharing, or commenting on political Facebook posts or tweets unless they are using an anonymous account. Their fear is justified as the government routinely arrests and charges bloggers, online journalists, and social media users for simply using the Internet to speak their mind. And unfortunately anonymity doesn’t always provide the protection that’s needed in countries like Ethiopia. For instance, recently a US-based Ethiopian LGBT rights activist’s Facebook page was taken down after Facebook received numerous reports from users. Although Facebook reinstated the page after realizing the validity of the case, the incident highlighted that using anonymous accounts and encryption tools may not be enough to shield vulnerable minority communities and dissenters from overreaching governments.

Surveillance Self-Defense in Amharic as a way out?

My decision to translate Surveillance Self-Defense (SSD) was prompted by both personal and professional factors. Firstly, I am a victim of aggressive and unlawful wiretapping. When I was in Ethiopia in 2013, the government recorded my telephone conversations and used them as evidence of a “crime” at a sham marathon trial of my Zone9 colleagues. If you just wonder why the ISP let the government wiretap my private telephone conversations, it is because Ethiopia has only one ISP and it’s government-owned. For this reason, the potential for anyone to be wiretapped at any time exists. While translating SSD into Amharic will not solve the entrenched culture of state surveillance in Ethiopia, I believe it is a first step in the fight against state intrusion of the private lives of millions. I felt responsible, having lived under a surveillance state, for making SSD available in one of Ethiopia’s languages. Hence, translating SSD into Amharic is more like an attempt to personally confront an invasive state surveillance system. I saw it as my mission to help people who are forced to live under constant gaze of the Ethiopian government.

Secondly, having spent some time in the virtual world, I feel like an “anthropologist” of the Ethiopian digital space. Ethiopia is a country where there are frequent electricity outages and yet a significant number of Ethiopians access the Internet using cyber cafes. Electricity outages can last for hours or even days and it’s rare to find users who are patient enough to wait until the electricity comes back  to log off their online accounts. When I was in Addis Ababa, I remember kindly logging off from the Facebook and email accounts of users who left their accounts open during an outage. One of the reasons why this happens is because most people do not know how to change their browser’s security. Moreover, there are other widespread, poor digital behaviors carried out by even fairly tech savvy Ethiopian Internet users, such as not turning on transport layer encryption, using similar and/or weak passwords across multiple online services, clicking on links that are not secure, trusting terms and conditions of Internet companies, inadvertently giving away private information to hackers, and more. These kinds of bad habits necessitate SSD in Amharic. Moreover, since the WikiLeaks revelation that the Ethiopian government purchased expensive spying software from Hacking Team, it has become evident that SSD in Amharic is really required.  By publishing SSD in Amharic, EFF’s effort to bring an Ethiopian government to justice for installing spyware on the device of an American citizen of Ethiopian descent will be even more consequential.

More on translation

Whether one follows a form-based (literal) or meaning-based translation, translating SSD’s complex ideas and practices into Amharic was best achieved by reading the guides several times and practicing the tools on various operating systems and mobile devices. An issue I encountered is that there’s a lack of standardized technology terms in Amharic. For instance, the language has no way of differentiating between encryption and cryptography.  As such, I’ve added context to convey such differences in practice.  When faced with ordinary technology terms such as open source, data, link, database, and domain name, I used the free Amharic ICT dictionary along with other Amharic-English dictionaries. In a bid to familiarize the usage of neutral wording for Amharic’s word “gay” I used “Haware Be’esi” from the Ge’ez-English Comparative Dictionary by Wolf Leslau as suggested by an Ethiopian blogger from the LGBT community.

Encouraging people to protect their security online is a significant part of my ongoing privacy activism. It is especially important for those living in a country like Ethiopia where the government has worked hard to convince its people that the reason they are being surveilled is for their own security. It is my hope that SSD in Amharic will show that people don’t have to relinquish their privacy in order to remain secure.

Share this:   ||  Join EFF
Categories: Aggregated News

????? ???? ?????? ????? ???? ???? ?????? ???? ???? ?????? ????? ???? ????? ?????? - Fri, 02/10/2015 - 03:16

????????? ??? ????? ?? ??? ???? ?? ???? ?????? ?????? ????? ???? ?? ???? ??? ????? ?????? ????? ???? ????? ?? ?? ??????? ???? ????? ?? ??? ?????? ???? ???? ?? ???? ??? ??? ?????? ?????? ??????? ?????? ?? ????? ???? ??? ???? ????? ?????? ??? ??? ?????? ?? ??? ??? ????? ?? ???? ??????? ?? ????? ???? ??? ?????? ???? ??? ????? ???? ????? ????? ????? ???? ????? ???? ?? ????? ????? ?????? ?????? ??? ????? ???? ??? ?????? ?????? ???? ?????? ??? ??? ??? ???? ??????? ???? ??? ???? ????? ??? ??? ?? ??? ????? ??? ????? ???? ?????? ?????? ???? ??? ???? ???? ?? ?? ??? ???? ????? ??? ???? ?????? ????? ??????? ??? ????? ??? ????? ??????? ??? ??? ??? “?? ?? ?? ??? ?????” ??? ????? ??? ?????? ????? ?? ????? ???? 

????? ???? ??? ?? ??? ????? ?? ???? ???? ??? ??? ??????? ???? ?? ?? ??? ????? ???? ?? ????? ???? ??????? ????? ???? ???? ?? ??? ?? ?? ???? ????? ????? ????? ????? ??????? ???????? ?? ?????? ????? ???? ?? ???? ???? ??? ???? ???? ???? ?? ?????? ???? ?? ?? ??? ???? ??? ??? ??? ??? ???? ???? ???? ????? ?? ????? ?????? ??? ???? ???? ??????? ???? ?????? ???? ???? ?????? ????? ?????? ??? ?????? ??? ???? ??? ???? ?? ???? ?? ?????? ?????? ?????? ??? ??????? ????? ???? ?????? ?????? ???? ??? ?? ?? ???? (???? ????? ?? ????? ????? ?????? ???? ?????? ?????? ?? ??????? ??? ???? ?? ?????) ????? ???? ????? ????

???? ??? ?? ?? ???? ??? ????? ?? ????? ???? ???? ????? ?????? ???? ???? ??? ????? ?? ???? ???? ????? ????? ???? ??? ????? ??? ?????? ????? ???????? ?????? ?? ??? ????? ????? ?? ??????? ???? ???? ?????? ??? ??? ????? ???? ???? ???? ?????? ?????? ???? ???? ????? ?????? ?????? ???? ??? ????? ????? ?????? ????? ?? ???? ?? ??? ???????? ???? ???? ??????? ????? ?? ???? ?? ?????? ??????

??? ???? ?????? ????? ???? ????? ??? ?????

???? ???? ????? ????? ???? ?????? ??? ?? ????? ?????? ????? ?????? ??? ????? ?? ??-?? ???? ???? ???? ??? ??? ??? ?2005 ?.? ????? ??? ??????? ??? ????? ???? ????? ????? ??? ??? ????? ??????? ?? ????? ??? ???? ???? ?????? ???????? ???? ???? ?????? ??? ??????? ???? ?????? ?????? ???? ?? ??? ????? ??? ?????? ??? ??? ??? ?????? ??? ??? ?????? ?? ??? ??? ??????? ?????? ??? ???? ????? ?????? ???? ???? ????? ????? ????? ?? ?? ??????  ?? ?? ???? ??????? ???? ????? ???? ???? ?? ????? ?? ??????? ??????? ????? ?????? ?? ??? ???? ?? ??? ???? ???? ???? ???? ????? ???? ??? ?????? ???? ?????? ?????? ??? ????? ???? ????? ????? ?????? ????? ?????? ?? ???? ???? ????? ????? ?????? ?????? ??? ????? ??? ??? ???? ???? ??? ???? ???? ????? ???? ?????? ???? ??? ??? ?? ??? ????? ???? ??? ????? ??? ???? ??? ???? ???? ?????

????? ??? ??? ????? ??? ??? ????? ???????? ???? ?????? ????? ??? “?????????” ???? ???????? ????? ????? ???? ???? ??????? ??? ??????? ???? ????? ??????? ?????? ????? ?????? ????? ????????? ??? ??? ?????? ??? ????? ??????? ????? ??????? ?? ??? ?????? ????? ???? ??? ??? ??????? ??? ????? ????? ????? ???? ???? ???? ???? ???? ?? ??? ????? ????? ?????? ????? ???? ?????? ?????? ???? ?? ??? ??????? ????????? ????????? ??????? ??? ????? ????? ??? ?????? ???? ???? ??? ????? ????? ???? ?????? ??????? ???? ????? ?? ????? ????? ??? ??? ??? ???? ???? ????? ????? ??????? ?? ?? ????? ??????? ?? ????? ????? ??? ?????? ???? ????? ???? ??? ???? ???? ???? ?? ??????? ????? ???? ????? ??? ????? ???? ???? ????? ??????? ?????? ?? ??? ???? ????? ????? ?? ?? ??? ???? ????? ????? ??????? ?? ????? ???? ????? ?? ???? ???? ?? ???? ???? ???? ????? ????? ??? ??? ???? ???? ????? ?????? ???????? ??? ?? ???? ???? ?????? ?????? ???? ????? ?.??.?? ???????? ??? ??????

?? ???? ???

???? ???? ?????? ????? ???? ????? ??? ??? ???? ?????? ????? ????? ?? ????? ?????? ????? ?????? ???? ???? ???? ?? ??? ????? ??? ???????? ????? ???? ??????? ?????? ?????? ??? ????? ?????? ???? ??? ???????? ?? ???????? ???? ???? ????? ?????? ?????? ???? ???? ??? ?????? ???? ???? ??? ???? ?????? ???? ????? ????? ???????? ????? ??? ??? ???? ??? ???? ?? ??? ?? ???? ?? ?????? ?????? ??? ?????? ?????-????? ???? ??? ????? ?????? ?????-?????? ???? ??? ????? ????? ???????? ?????? “??” ????? ?? ??? ??? ??????? ?????? “??? ???” ????? ?? ???? ???? ???-?????? ???? ??? ???????? ??? ???????? ??? ?? ???? ?????


????? ????? ???????? ????? ?????? ????? ??? ?????? ??? ??????? ???? ??? ????? ?? ??? ?????? ??? ??? ?? ???? ???? ???? ????? ??? ?????? ??? ????? ?? ???? ??? ??????? ??? ??? ?????? ????? ??? ??????? ???? ????? ??? ????? ?????? ????? ?????? ????? ?? ?????? ??? ???? ??? ????? ?? ????? ???? ??? ??????? ???? ????? ?????? ?????? ??????? ?????? ????????

Share this:   ||  Join EFF
Categories: Aggregated News

France's Government Aims to Give Itself—and the NSA—Carte Blanche to Spy on the World - Thu, 01/10/2015 - 14:46

The United States makes an improper division between surveillance conducted on residents of the United States and the surveillance that is conducted with almost no restraint upon the rest of the world. This double standard has proved poisonous to the rights of Americans and non-Americans alike. In theory, Americans enjoy better protections. In practice there are no magical sets of servers and Internet connections that carry only American conversations. To violate the privacy of everyone else in the world, the U.S. inevitably scoops up its own citizens' data. Establishing nationality as a basis for discrimination also encourages intelligence agencies to make the obvious end-run: spying on each other's citizens, and then sharing that data. Treating two sets of innocent targets differently is already a violation of international human rights law. In reality, it reduces everyone to the same, lower standard. 

Now France's government is about the make the same error as US practice with its new "Surveillance des communications électroniques internationales" bill, currently being rushed through the French Parliament. As an open letter led by France's La Quadrature du Net and signed today by over thirty civil society groups including EFF, states, France's legislators' must reject this bill to protect the rights of individuals everywhere, including those in France.

By legalizing France's own plans to spy on the rest of the world, France would take a step to establishing the NSA model as an acceptable global norm. Passing the law would undermine France's already weak surveillance protections for its own citizens, including lawyers, journalists and judges. And it would make challenging the NSA's practices far more difficult for France and other states.

The new bill comes as a result of France's Constitutional Council review of the country's last mass surveillance bill, which passed with little parliamentary opposition in July. The Council passed most of that bill on the basis of its minor concessions to oversight and proportionality, but rejected the sections on international surveillance, which contained no limits to what France might do.

France already spies on the world. In July, the French newsmagazine L'Obs revealed a secret decree dating from at least 2008, which funded a French intelligence service project to intercept and analyze international data traffic passing through through submarine cable intercepts. The decree authorized the interception of cable traffic from 40 countries including Algeria, Morocco, Tunisia, Iraq, Syria, Sub-Saharan Africa, Russia, China, India and the United States. The report states that France's intelligence agency, the General Directorate for External Security (DGCE), spent $775 million on the project.

Given that the Constitutional Council implied that such practices are almost certainly unlawful as is, the French government has now scrambled to create a framework that could excuse it.

Under the new proposed law, France's intelligence agencies still have an incredibly broad remit. The  law concentrates the power to grant wide-ranging surveillance permission in the office of the Prime Minister, who can sign off on mass surveillance of communications sent or received from overseas. Such surveillance can be conducted when in the "essential interests of foreign policy" or "[the] essential economic and scientific interests of France", giving the executive the widest possible scope to conduct surveillance.

The original surveillance law included limits on data retention when spying on French nationals (30 days for the content of communications, four years for metadata, six years for encrypted data). The new international limits are much longer—one year, six years, and eight years respectively. The law's authors do not justify this longer period, nor do they explain how the intelligence agencies will be able to separate data from each class of target without collecting, analyzing and filtering them all.

The collapsing divide between the lawful, warranted surveillance of ordinary citizens, and the wide-ranging capabilities of the intelligence services to collect signals intelligence on foreign powers and agents, has ended up corroding both domestic and global privacy rights. The U.S. has taken advantage of the lesser protections for non-U.S. persons to introduce the dragnet surveillance of everyone who uses the Internet outside the U.S. Because unprotected foreigners' data is mixed up with somewhat more protected communications of Americans, the U.S. government believes that it can "incidentally" scoop up its own citizens' data, and sort it out later under nobody's oversight but its own.

If the French Parliament passes this bill, it will mean that France has decided to embody and excuse the same practices as the NSA in its own law. It is a short-sighted attempt to cover France's existing secret practices, but the consequences are far-reaching. The limited protections that were included in the original surveillance bill—including assurances that French journalists, judges and lawyers would be protected from dragnet surveillance—will be undermined by their inevitable inclusion in the vacuuming up of all international traffic.

Any attempt by the EU countries to rein back the NSA's surveillance plan by calls for the United States to respect international human rights standards, and data protection principles, will provoke the response that the U.S. is simply exercising the powers that an EU member has already granted itself.

By creating and excusing a double standard France's government dooms everyone to a single, lower standard. It cannot simply shrug off its responsibilities to human rights, its partners in Europe, and the privacy rights of foreigners. If it does so, it will end up undermining the French people's privacy and security as much as it undermines that of the rest of the world.

Related Issues: InternationalSurveillance and Human RightsNSA Spying
Share this:   ||  Join EFF
Categories: Aggregated News

Forward and Back: Celebrating the 2015 Pioneer Awards - Thu, 01/10/2015 - 09:22

2015 Pioneer Award winners and presenters. Photo by Alex Schoenfeldt.

EFF's annual Pioneer Awards ceremony gives the digital civil liberties community a chance to honor the work of those who fight for online freedom through remarkable innovation, activism, journalism, or leadership. At this year's event, held Thursday, September 24, we were proud to celebrate the lives and work of Caspar Bowden, the Citizen Lab, Anriette Esterhuysen and the Association for Progressive Communications, and Kathy Sierra.

The evening opened with a conversation, recorded prior to the event and presented at the ceremony, between journalist Kashmir Hill and whistleblower Edward Snowden. Hill asked Snowden if he had any advice for potential whistleblowers. His response – “Think it through” – drew laughter from the crowd. He also noted that you don't have to be at the top of your field, or an expert, to call attention to injustice. “Whistleblowers are elected by circumstance,” Snowden said. “Be conscious of what you're witnessing.”

Edward Snowden

EFF Executive Director Cindy Cohn presented the first Pioneer Award of the evening, a posthumous tribute to the “tireless, tenacious, and powerful” privacy advocate Caspar Bowden.

“Caspar was one of a kind and easily a Pioneer Award winner many times over,” Cohn said, “and I'm terribly sad he didn't get to hear us say that to him directly.”

Sandi Bowden, Caspar's wife, accepted the award on her late husband's behalf, thanking EFF for “this great tribute to Caspar.” With emotion, she urged everyone in attendance to “continue his fight, his cause, because it's a good one, and it applies to all of us."

Cindy Cohn and Sandi Bowden. Photo by Alex Schoenfeldt.

Eva Galperin, EFF Global Policy Analyst, introduced the Citizen Lab. She lauded its years of intensive, public interest research about state-sponsored malware, and noted that some of Citizen Lab's key findings were proven accurate by the Hacking Team leaks disclosed earlier this year.

“They have been academic, and they have been rigorous, and they have been right, and they have been fully, fully vindicated this year,” Galperin said.

“We consider this to be a great affirmation of the work that we've been doing,” said Ron Deibert, Director of the Citizen Lab, who accepted the award with colleagues Morgan Marquis-Boire and Claudio Guarnieri.

“Getting an award here right now is not only an honor for adult me, but it’s super exciting for teenage me!” said Marquis-Boire, referring to his youthful enthusiasm for cryptography.

Eva Galperin with Claudio Guarnieri, Morgan Marquis-Boire, and Ron Deibert of Citizen Lab. Photo by Alex Schoenfeldt.

EFF International Director Danny O'Brien gave a special address about Offline, a new campaign to highlight individuals imprisoned for their use of technology. Offline uses technology's “disruptive” power for good: engaging in individual activism to keep prisoners' names alive and visible on social media can improve their conditions and even commute death sentences.

Danny O'Brien presents Offline. Photo by Alex Schoenfeldt.

Jeremy Malcolm, EFF Senior Global Policy Analyst, presented the next award to Anriette Esterhuysen and the Association for Progressive Communications. He cited the APC's innovative approach to using the Internet to advance human rights, social justice, and development, as well as Esterhuysen's “fierce” belief that civil society “is stronger when we work together.”

Accepting the award and reading remarks on Esterhuysen's behalf were APC co-founders Mark Graham and Mitra Ardron.

“'The fact that EFF has recognized APC’s work is an enormous motivation and reinforcement that we’re walking in the right direction to build an Internet conceived in practice as a global public good,'” Esterhuysen wrote.

Mark Graham, Jeremy Malcolm, and Mitra Ardron. Photo by Alex Schoenfeldt.

Danny O'Brien presented the final award of the evening to Kathy Sierra. Sierra, unable to attend due to a “rogue pony incident,” emailed her remarks, which Activism Director Rainey Reitman read on her behalf.

“It is actually learning, not freedom, that I personally hold most dear,” Sierra wrote. “But learning depends on the freedom to push boundaries, tinker, explore, void warranties, and violate terms of service. Learning depends on our access to information.”

Rainey Reitman, delivering Kathy Sierra's acceptance remarks. Photo by Alex Schoenfeldt.

The 2015 Pioneer Awards ceremony offered an inspiring opportunity to look forward and back: to the future, and the work that still lies ahead; and to the pioneers who have inspired and helped us get to where we are today. We are grateful to the award winners for their work, to the special guests who joined us at the ceremony, and to the many well-wishers and supporters who joined us in spirit. Thank you for supporting digital civil liberties, and see you next year!

Special thanks to our event sponsors Automattic, No Starch Press, Facebook, O'Reilly Media, and Adobe. Photo by Alex Schoenfeldt.

Each year, EFF Pioneer Award winners are nominated by members of the public. We invite you to keep an eye out for potential nominees and share their accomplishments with us next year at

Share this:   ||  Join EFF
Categories: Aggregated News

Facebook’s Free Basics: More Open, Better Security, but Still a Walled Garden - Thu, 01/10/2015 - 02:20

Last Thursday, Facebook announced changes and clarifications to its zero-rating program formerly known as It’s re-branded the service “Free Basics,” but the overall idea remains the same: mobile users in developing nations can access certain websites without having to pay for the data, by accessing those websites via Facebook’s system. While the changes Facebook has made are positive, we still have some concerns—especially about the dangers posed by Facebook’s central role. But let’s start with the positive.

For one thing, Facebook has made progress in securing the privacy and security of Free Basics’ users. When was announced, we noted that the program prohibited users on feature phones from accessing websites over encrypted HTTPS connections. Facebook has now partially addressed this problem, by enabling encryption (for feature phones that support it) from the user’s phone to Facebook’s proxy server, where the data is then decrypted and re-encrypted before being transmitted to the destination website. Even better, Facebook is also enabling encryption between the end user’s phone and its proxy even when the website itself doesn’t support HTTPS—adding a little more security to what would otherwise be an unencrypted connection. While this isn’t true end-to-end encryption, it does make it harder for government agencies to perform bulk surveillance of Free Basics users. Further, Facebook has committed not to inspect the traffic passing through its proxy server while it’s temporarily decrypted, and to log only data that could be seen even if the traffic truly were end-to-end encrypted: namely the domain (but not the rest of the URL) and the amount of data transferred.

Additionally, Facebook has revised the application criteria for websites that want to participate in Free Basics. Sites no longer have to comply with Facebook’s Statement of Rights and Responsibilities, which Facebook could have used to censor services that provide controversial content (e.g., sexual health resources, religious commentary, or even art). In fact, at this point Facebook hasn't rejected any websites from participating for non-technical reasons. And Facebook has made those technical requirements (which are necessary for websites to work properly on low-end feature phones) much more specific. This constrains Facebook from using ambiguous technical criteria to artificially limit which services it allows into the program.  In other words, Facebook seems to be making a good faith effort to base its decisions about who gets into the program on only technical criteria necessary for websites to operate correctly on feature phones—thus increasing the chances that the websites available via Free Basics won't represent a censored, cherry-picked web.

Still a Walled Garden

These are good and important changes, and we applaud Facebook for making them.  But Free Basics still has one unavoidable, inherent flaw: Facebook’s central role, which puts it in a privileged position to monitor its users traffic, and allows it to act as gatekeeper (or, depending on the situation, censor).

Let’s tackle things from the privacy angle first. Given Facebook’s central role, there is no technical restriction that prevents the company from monitoring and recording the traffic of Free Basics users. Unfortunately, this means there is no guarantee that the good faith promise Facebook has made today to protect Free Basics users’ privacy will be permanent. All we have is Facebook's word that it won't decide at some point in the future to go back on this privacy promise, and start analyzing or mining the traffic passing through its Free Basics proxy server. Unfortunately, given Facebook’s recent actions, that word isn’t completely reliable. After all, this is the company that recently decided to feed tracking data from its Like buttons into its advertising system, despite widespread objection, and still refuses to honor Do Not Track (“DNT”) headers.

Even if we gave Facebook the benefit of the doubt and assumed that the champions of privacy within the company will continue to be influential, Facebook’s central role as gatekeeper creates other problems. As we explained before, by inserting itself in between users and the websites they want to access, “Facebook and its partners have issued an open invitation for governments and special interest groups to lobby, cajole or threaten them to withhold particular content from their service.” While censorship on Free Basics of this sort hasn't occurred yet, it’s still true that Free Basics would be much easier to censor than the real global Internet.

Facebook could address this by encouraging the carriers with which it partners to zero-rate all mobile-accessible websites, thus further limiting Facebook's involvement in vetting the content that is available through the platform. Although we understand why carriers might be reluctant to do that, they could still impose a data cap on the amount of zero-rated data, as an incentive for users to upgrade to a paid service. Such a system would solve all of the pro-access goals that Facebook espouses, with a significantly less distorting effect on the end-user's experience of the Internet than the Free Basics service that exists now.

We’re glad Facebook is taking steps to open Free Basics to as many websites as possible and increase its users’ security.  But Free Basics is still a walled garden run by a single gatekeeper, with all the associated privacy and censorship dangers such a system entails. Just as wasn’t the Internet, Free Basics isn’t really “free.” We hope that this new service isn’t treated as a substitute for what we really need: good, fast access to the entire Internet for all. 

Related Issues: Net Neutrality
Share this:   ||  Join EFF
Categories: Aggregated News

Tell President Obama: Save Crypto From Dangerous Backdoors - Thu, 01/10/2015 - 01:53

It's a critical moment in the global debate over privacy, security, and “backdoors” in encryption technology. Despite all that attention, President Obama has yet to come to a public position on backdoors—i.e., the government mandating, coercing, or pressuring companies to design their systems to give it special access to our data. Experts agree that backdoors of any kind would make all of our communications more vulnerable. He is certainly hearing clamoring from the FBI and a handful of their favorite lawmakers, but he may not know how strongly the public supports privacy. The President needs to hear from you today.

The most recent round of law enforcement demands that developers give the government special access to our personal data has frequently been referred to as the Second Crypto Wars, evoking the government’s unsuccessful efforts in the 1990s to limit encryption to expressly broken “key escrow” technologies like the Clipper Chip or deliberately weakened “export grade” encryption.

There are two major differences, though, between the battles of the 1990s and today: first, we know now that law enforcement and national security agencies ignored the public outcry and spent the last decade attempting to undermine our cryptography technologies in secret. And second, the role that secure, end-to-end encryption plays in protecting everybody's privacy has become much more apparent, as invasions of that privacy from the government, from tracker-happy corporations, and from criminals and other bad actors have become commonplace.

Taken together, that means the Second Crypto Wars are being fought not between obscure government agencies and a ragtag collection of cypherpunks. Instead, the skirmishes of this fight land on the front page of major newspapers, and huge swathes of the general public understand the importance of the issue.

These factors have raised the stakes—and they've increased the chances that those of us concerned about privacy can actually win. With more attention, it's become impossible to frame this debate as a simple matter of the government versus the people. Within the government, divisions that understand the importance of security are actively pushing for wider adoption of strong encryption.

But President Obama has not yet drawn a hard line against crypto backdoors or condemned the practice of forcing developers to give the government special access to our data. If he does, it would be a powerful statement to the holdouts in government still arguing that law enforcement access to our communications is more important than our privacy, our security, and our ability to trust the technology we use every day. To help convince him to make that statement, we want to create the most popular petition in his White House platform's history.

The President should speak out against backdoors and other forms of special access for law enforcement, and he should commit his administration to upholding that principle through six basic tenets:

  • No backdoor or encryption mandates;
  • No key escrow or compelled access mandates;
  • No private agreements to prevent companies from implementing strong, end-to-end crypto;
  • No weakening of encryption standards;
  • Adoption of transparent processes to disclose vulnerabilities; and
  • Adoption of a well-understood set of standards and burdens—conceived through public debate and conversation—regarding government hacking.

Lend your voice to this campaign. Tell President Obama to stand up for security and privacy, and say no to backdoors in our technology.

Related Issues: Security
Share this:   ||  Join EFF
Categories: Aggregated News

Online Ad Company Adopts New ‘Do Not Track’ Standard for Web Browsing - Thu, 01/10/2015 - 00:15
Adzerk Joins Coalition Delivering Stronger Privacy and a Way Forward in the Ad Blocking Impasse

San Francisco – Online advertising company Adzerk will offer compliance with EFF's new “Do Not Track” (DNT) standard for Web browsing starting this week, significantly strengthening the coalition of companies using the policy standard to better protect people from sites that try to secretly follow and record users’ Internet activity. Adzerk serves billions of ad impressions per month, and customers using its technology include Reddit, BitTorrent, and Stack Overflow.

The Electronic Frontier Foundation (EFF) and privacy company Disconnect launched the new DNT standard last month, joined by innovative publishing site Medium, major analytics service Mixpanel, popular ad- and tracking-blocking extension AdBlock, and private search engine DuckDuckGo.

“Adzerk is an important new member of the Do Not Track coalition, helping to protect millions of Internet users and others from stealthy online tracking and exploitation of their reading history,” said EFF Chief Computer Scientist Peter Eckersley. “We are thrilled that consensus keeps growing in the online advertising community: clear and fair practices are essential not only for privacy, but for the ongoing health of the industry.”

DNT is a preference you can set on Firefox, Chrome, or other Web browsers as well as in the iOS or FirefoxOS mobile operating systems, which signals to websites that you want to opt-out of tracking of your online activities. DNT works in tandem with software like Privacy Badger and Disconnect, which not only set the DNT flag but also block trackers and ads that do not respect it. Adzerk is the first online advertising company that is offering its customers—the websites and other online services that show ads—the ability to opt-in to using DNT, which would pass the extra tracking protection on to the sites’ users.

Tracking by advertisers and other third parties is ubiquitous on the Web today, and typically occurs without the knowledge, permission, and consent of Internet users. However, you can see the evidence of this tracking when the online ads you see on one site seem to be based on what you looked at on another site. Meanwhile, the underlying records and profiles of your online activity are distributed between a vast network of advertising exchanges, data brokers, and tracking companies.

“Many websites get much of their operating revenue from online ads, yet the groundswell of discomfort from users about how their private information is being collected and used is leading to a boom in ad-blocking technologies. We need to find a way for privacy and advertising to work together,” said Adzerk Chief Executive Officer James Avery. “The new Do Not Track gives us a way to provide publishers with ads that respect users' privacy and online choices, and which as a result will be visible in more users' browsers”

For more on Do Not Track:

For more from Adzerk:

For more on the ad-blocker debate:

Contact:  PeterEckersleyChief Computer RebeccaJeschkeMedia Relations Director and Digital Rights
Share this:   ||  Join EFF
Categories: Aggregated News

Adblockers and Innovative Ad Companies are Working Together to Build a More Privacy-Friendly Web - Thu, 01/10/2015 - 00:13

Apple's recently-announced support for adblockers on iOS 9 provoked dramatic debate between those who were celebrating the news, and those who were angry over what they see as the company undermining the primary business model for online publishing and journalism.

While both sides of the debate have good points to make, one thing is non-negotiable: users must have the right and ability to install software that blocks content they don't want on their computers, tablets or phones—whether that is ads, trackers, or anything else. In fact, we actually make such software ourselves: our Privacy Badger add-on for Firefox and Chrome, though it isn’t specifically designed to block ads, winds up blocking a lot of them when they attempt to spy on people’s browsing without consent.

Most ads on the Internet are also tracking beacons; every time you see one it records what your were reading or doing when you saw it. For sheer scale, scope, and sophistication, the online advertising industry runs a surveillance operation that is very nearly a match for the NSA's dragnet programs.1 And Privacy Badger makes no apologies for blocking ads when that’s what’s necessary to keep users’ reading habits private in the face of surveillance by ad companies.

But we also believe the Web needs a diverse set of revenue sources, and advertising is an important option that should be open to publishers who want to use it. So rather than blocking ads outright, EFF’s aim has been to incentivize better behavior by advertising companies. To that end we launched our Do Not Track Policy last month, along with a coalition that includes many tracker- and ad-blockers that will as a default unblock ads that respect the policy.

This initiative has been gaining momentum.  Today, we are pleased to announce a first online advertising company, Adzerk, is joining.  Adzerk provides ad serving infrastructure to Reddit, BitTorrent, and a number of other high profile sites.  They will be offering the ability for any publisher using their platform to serve ads that respect Do Not Track requests.  If publishers choose to deploy such ads, they will not be blocked by default by Adblock, Disconnect, Privacy Badger or other coalition members.

Blocking interfaces in browsers and operating systems are not only necessary for user freedom, security, and privacy, but they are actually beginning to produce genuine improvements in the practices of the advertising industry. Apple should be congratulated for helping to make this happen, and those who are fearful about the future of the advertising-funded Web should join us, Adzerk, and other companies in helping to ensure that there are fewer reasons for users to need to block ads in the first place.

Related Issues: PrivacyDo Not Track
Share this:   ||  Join EFF
Categories: Aggregated News

Senator Sheldon Whitehouse Wants to Make the Computer Fraud and Abuse Act Even Easier to Abuse - Tue, 29/09/2015 - 08:17

This summer, Senator Sheldon Whitehouse introduced an amendment to the flawed Cyber Information Sharing Act (CISA) that would make it even worse, by expanding the broken Computer Fraud and Abuse Act (CFAA). EFF has proposed common sense changes to this federal anti-hacking law, many of which were included in “Aaron's law,” recently reintroduced. While CISA was delayed by strong grassroots opposition over the summer, it looks likely to move soon—bad amendments and all. That’s why we’re urging people to take action and tell the Senate to vote no on this and any other dangerous CFAA changes.

CFAA is already broken

The CFAA makes it illegal to intentionally access a computer without authorization or in excess of authorization. But much of what we do online every day—from storing photos in the cloud to watching movies to using social networks to buying a plane ticket—involves accessing other people’s computers, often with a password. The CFAA does not explain what "without authorization" actually means. Overzealous prosecutors have gone so far as to argue that the CFAA criminalizes violations of private agreements like an employer's computer use policy or a web site's terms of service, and have taken advantage of this lack of clarity by bringing criminal charges that aren't really about hacking a computer, but instead about doing things on a computer network that the owner doesn’t like.

A tragic example is the misguided prosecution of activist Aaron Swartz under the CFAA. Aaron committed suicide while facing criminal charges with penalties up to thirty-five years in prison, all for using MIT's computer network to download millions of academic articles from the online archive JSTOR, allegedly without "authorization."

The changes proposed to the CFAA by Senator Whitehouse would give prosecutors and network owners even more ways to abuse the law.

New crimes, less judicial oversight

Whitehouse's amendment would create a new felony crime for damaging a “critical infrastructure computer” “during and in relation to a felony violation of section 1030.” The new provision is redundant, and worsens the CFAA’s already draconian penalties. It also inappropriately strips judges of their ability to determine what kind of sentence is appropriate for the specific individual before them. It prohibits judges from imposing probation instead of jail; and forces them to impose the “aggravated damage” sentence (which has a maximum of 20 years) consecutively to any other sentence imposed, prohibiting the judge from reducing the other sentence to make up for the consecutive sentence it must impose for the “aggravated damage.”

Tailor-made to help indiscriminate prosecution

The amendment would make it much easier to prosecute anyone for trafficking in passwords or similar information through which a computer may be “accessed without authorization.” The amendment changes the mental state required to simply “knowing such conduct to be wrongful,” whatever that means. We think this section is unconstitutionally vague because unlike other mental states well known in criminal law, including the one current in the CFAA—“intent to defraud”—there’s no legal precedent or language in the legislation that explains what “knowing such conduct to be wrongful” means.

A threat to security research

In addition to lowering the mental state required for trafficking in passwords, the amendment would expand the trafficking prohibition to include any “means of access.” This could potentially threaten legitimate security research, by including the critical penetration testing software used by researchers and security consultants. And what about a security researcher disclosing a vulnerability at a conference? Will the DOJ argue the exploit is a "means of access" and that the researcher knew the testing of the exploit was wrongful? In a time when security research is more important than ever, these are just some of the unintended consequences of broadening the CFAA.

A New Weapon: Injunctions

Finally, this amendment would allow the Attorney General to file a civil suit for an injunction (a court order) to stop potential violations of the CFAA that would affect 100 or more computers. While this provision is ostensibly aimed at those who build botnets, the language is very broad, allowing the government to seize computers or other hardware—particularly concerning since attempts to fight botnets in the past through court orders have negatively affected thousands of innocent users. The government would not be required to file criminal charges under the CFAA immediately, or even eventually, and would not have to ever prove that you actually violated the law.  

EFF and other advocates are already telling Congress that this amendment must not pass. If you agree, take a few minutes to email your Senators and tell them to vote no on this and any amendments that will worsen the CFAA.

Related Issues: Cyber Security LegislationComputer Fraud And Abuse Act Reform
Share this:   ||  Join EFF
Categories: Aggregated News

Massachusetts Court Rules Cell Tracking Requires a Warrant[*] - Tue, 29/09/2015 - 07:35

When it comes to the highest court in Massachusetts, it sometimes seems like entire battles are won and lost in the footnotes. In a seemingly straightforward new case, the Supreme Judicial Court has managed to add a wrinkle on top of the already complicated patchwork of law surrounding cell phone location tracking. The court’s opinion today in Commonwealth v. Estabrook sets out what it calls a “bright-line rule” and reaffirms that, in general, the Massachusetts constitution requires a warrant for tracking a person’s location using cell site location information (CSLI). That’s worth celebrating, but cynical readers who are already wondering about the “in general” in the previous sentence should take a look at footnote twelve in the opinion. Meanwhile, all readers should probably buckle in for a somewhat detailed tale of judicial incrementalism.

Estabrook is the successor to an earlier decision by the Supreme Judicial Court called Commonwealth v. Augustine. In both cases, police obtained several weeks of so-called historical CSLI about the defendants, revealing their movements over that period. In Augustine, following arguments made by EFF in an amicus brief, the court established that individuals have an expectation of privacy under the Massachusetts constitution in their past movements revealed by historical CSLI. However, the court also noted that it was “likely” that “there is some period of time” that was “too brief to implicate the person's reasonable privacy interest” and trigger the state constitution’s warrant requirement. In a fateful footnote, it added that “it would be reasonable to assume that a request for historical CSLI of the type at issue in this case for a period of six hours or less would not require the police to obtain a search warrant. 

In Estabrook, EFF and the ACLU of Massachusetts filed an amicus brief represented by Harvard Law School’s Cyberlaw Clinic. As we explained, the Augustine loophole seemingly allowing the warrantless collection of six hours of CSLI was irrelevant to Estabrook’s case, because the police obtained two weeks of CSLI about him. Two weeks is two weeks, even if the police were ultimately interested only in a critical six-hour period around the time of the murder Estabrook was on trial for. The court agreed with our argument precisely:

 [I]n terms of reasonable expectation of privacy, the salient consideration is the length of time for which a person's CSLI is requested, not the time covered by the person's CSLI that the Commonwealth ultimately seeks to use as evidence at trial. . . . It would violate the constitutional principles underlying our decision in Augustine to permit the Commonwealth to request and obtain without a warrant two weeks of CSLI—or longer—so long as the Commonwealth seeks to use evidence relating only to six hours of that CSLI. 

It’s nice to see a court acknowledge the realities of modern surveillance. Too often law enforcement and intelligence agencies successfully argue that they should be able to access large amounts of private information as long as they only use a smaller amount. This argument equates privacy with government-written “minimization procedures.” But as the Supreme Court held last year in Riley v. California, our constitutional rights to privacy protect against overcollection too.

One key way courts put this into practice is by creating bright-line rules that signal to the police and citizens alike what is covered by the warrant requirement. Our Estabrook amicus brief argued that the court should close the Augustine loophole and require a warrant for all CSLI, even for fewer than six hours. Small amounts of location information can be very revealing, and other courts and state legislatures have required warrants across the board. But the court disagreed, describing the Augustine six-hour line as suitably clear.

So clear, in fact, that the court decided it could risk muddying things up again. In a new footnote, it explained that the six-hour exception to the requirement applies only to the “telephone call” variety of CSLI at issue in Estabrook, not “registration” CSLI. The difference is that call CSLI only provides a cell phone user’s location during calls, whereas registration CSLI is created automatically every few seconds when the phone “pings” a nearby cell tower.

Registration CSLI obviously generates a more complete and revealing picture of users’ movements than call CSLI, especially given millennials’ well-known phobia for actually talking on the phone. But that’s hardly enough to serve as the basis for a constitutional rule. Why should you have more protection when you walk around playing Words with Friends than when you actually exchange some words with a friend over the phone?

It’s also very hard to see how this footnoted bright-line rule provides actual clear guidance to the police. Are they supposed to generate warrantless requests to the cell phone providers that ask solely for call CSLI and not registration CSLI? It’s far from clear that the providers could handle such requests, or that courts or defense attorneys in routine cases are technically equipped to sort out the one from the other. The police in Massachusetts should recognize that the most prudent course after Estabrook is to make getting a warrant standard practice.

All of this counsels for a true bright-line rule: a warrant requirement for all CSLI. That’s the rule the Fourth Circuit reached in United States v. Graham, and the rule EFF is urging the Supreme Court to adopt if it agrees to review a contrary decision by the Eleventh Circuit in United States v. Davis. Meanwhile, Massachusetts is also considering whether to legislate for more location privacy protections. We hope they’ll see the wisdom of clear, footnote-free rules.

Related Cases: Commonwealth v. Estabrook
Share this:   ||  Join EFF
Categories: Aggregated News

Taken Offline: Years in Prison for a Love of Technology - Fri, 25/09/2015 - 05:18

Writing a letter with a pen has an odd feeling in a digital age. You pick your words carefully, without a delete key. You urge your hands to recall their best handwriting. You ponder about forms of address and how much space to leave; should I fill the page, or sign off half-way down?

The last time I wrote a letter was to the Syrian technologist, Bassel Khartabil. I had to write a letter, because Bassel's not online right now, despite being an enthusiastic adopter of new technology when it reached his home town of Damascus. Bassel's not online, because he was arrested and thrown in jail for his love of the Internet and free culture, and has now been incarcerated for over three and a half years.

Bassel was seized by Syrian security in March 2012, during the earlier days of the Syrian civil war. With his contributions to Wikipedia and open source, with his enthusiastic support of Damascus' hackerspace, and leadership of Creative Commons Syria, Bassel was a prominent figure online. That, apparently, made him a threat to the Assad government. Now he sits in a Adra prison, offline, as the war he had no part in explodes around him. Earlier this month, opposition forces seized control of one part of the prison, placing him directly on the frontline of the conflict.

The trend of governments to treat technologists and technology users as unpredictable threats who need to be taken offline is on the rise. Every week sees new incidents of arrests and detentions on the basis of ignorance or suspicion of new technology and its users. From the experience of teenager Ahmed Mohamed in Irving, Texas, to the recent detention by Iranian police of tech entrepreneur Arash Zad, users end up harassed or detained in part because of their "dangerous" knowledge of tech.

Hence, Offline: our new contribution to sharing the stories of imprisoned technologists and technology users.

Stories like Saeed Malekpour, a Canadian web developer seized by plain clothes officers while visiting Tehran, tortured and sentenced to life imprisonment for writing code that was re-used without his knowledge on a pornography site. The Zone 9 Bloggers, currently facing charges of terrorism partly because of their attempts to learn and use encryption. Alaa Abd El Fattah, an activist and coder who organized Linux installfests in Egypt and used his knowledge of free software and the web to protest in the Arab Spring, before his persecution and imprisonment by the new Egyptian regime. Eskinder Nega, an old-school Ethiopian journalist whose defiant adoption of online publishing led to a final sentence of eighteen years in prison.

Our cases just scratch the surface of this growing problem. Organizations like Global Voices Advocacy, the Committee to Protect Journalists, the Committee on International Freedom of Scientists, IFEX and the Media Legal Defence Initiative are collectively tracking hundreds of cases of bloggers, online writers, scientists and technologists who are unjustly detained around the world. Each of these groups work to raise awareness and provide legal, financial and logistical support to prisoners, and their friends and family.

Every effort to highlight these cases helps. Over the years, we've heard directly from prisoners like Bassel that international attention gets results. Prisoners whose cases attract publicity are less likely to be mistreated, and more likely to be released early. De-mystifying and explaining who these people really are can help dilute the suspicion or ignorance that technology users face everywhere. By defending these prisoners, you can help prevent others from being targeted in the same way.

Users of the Internet make friends across the world, and all of our cases have a network of supporters who now campaign for their release. You'll find ways to assist these campaigns on every page of Offline. Your support of their work — whether it's contacting your country's embassy to lobby for these individual's release, spreading their story, or just writing them a letter — may well transform a fellow users' life.

As Bassel wrote in his own letter to his supporters from prison, "I can not find words to describe my feelings about everything you did for me. What you did saved me and changed my situation [for the] better." Being offline should never mean being forgotten.

Related Issues: Free SpeechOffline : Imprisoned Bloggers and TechnologistsInternational
Share this:   ||  Join EFF
Categories: Aggregated News

Taken Offline: New EFF Project Shines Light on Coders and Bloggers Imprisoned For Online Free Expression - Fri, 25/09/2015 - 03:19
Activists Targeted by Governments Need Support From Global Digital Community

San Francisco—The Electronic Frontier Foundation (EFF) today launched the Offline project, a campaign devoted to digital heroes—coders, bloggers, and technologists—who have been imprisoned, tortured, and even sentenced to death for raising their voices online or building tools that enable and protect free expression on the Internet.

The Offline project initially presents five cases of silenced pioneers, including the personal stories of technologists like Saeed Malekpour, a Canadian programmer who wrote software for uploading photos to the Web. While visiting Iran, Malekpour was kidnapped, thrown in prison, beaten, tortured, and given a death sentence by an Iranian court. His case, and other cases of coders and online journalists imprisoned by governments for their work in the digital world, have received little attention in the mainstream media and online community.

Offline aims to change that by collecting these important stories and providing links and resources about what the online community can do to support them, defend their names, and keep them safe. More cases will be added to the project in the future.

“Oppressive regimes are silencing those whose work or voices they wish to squelch by throwing them in jail. Offline will shed much-needed attention on these technologists and encourage digital citizens to join campaigns advocating for their freedom," said Danny O’Brien, EFF’s international director. “We see a clear connection between innovators who work to build an open Internet in relative safety and colleagues doing similar work who have been silenced and cut off from the online world we share. We hope to strengthen that association in order to help keep all technologists safe regardless of where they live or travel."

Offline was created in response to an alarming increase in the number of technologists detained or threatened with prison for their work. Another example is tech pioneer Bassel Khartabil, a Palestinian-Syrian software developer who wrote and shared free code as well as information about his home country of Syria. He was arrested and charged in a bid to stifle access to news and free expression. 

“It's a tragedy that our friend and co-developer Bassel is imprisoned, when Syria and the world so badly need his skills and commitment to open, peaceful collaboration," said Jon Phillips, Bassel’s colleague and organizer of the #freebassel campaign. “Until he is free, maintaining the visibility of his situation is vital to shielding him from harm and keeping his spirits up."

Advocacy and campaigns on behalf of imprisoned technologists can make a difference. Saeed Malekpour’s original death penalty was reduced to life imprisonment in 2012 after an international outcry over his sentencing.

“Our past experience has shown that when you shine a light on these prisoners of conscience, sentences are often reduced and conditions improved," said Jillian C. York, EFF’s director for international freedom of expression.

Contact:  DannyO'BrienInternational Jillian C.YorkDirector for International Freedom of
Share this:   ||  Join EFF
Categories: Aggregated News

Our Broken Patent System at Work: Patent Owner Insists the “Integers” Do Not Include the Number One - Fri, 25/09/2015 - 02:57

Patent trolls are a tax on innovation. The classic troll model doesn’t include transferring technology to create new products. Rather, trolls identify operating companies and demand payment for what companies are already doing. Data from Unified Patents shows that, for the first half of this year, patent trolls filed 90% of the patent cases against companies in the high-tech sector.

Core Wireless Licensing S.A.R.L. is one of the patent trolls attacking the high-tech sector. Core Wireless is incorporated in Luxemburg, and is a subsidiary of an even larger troll, Canada-based Conversant. It owns a number of patents that were originally filed by Nokia. It has been asserting some of these patents in the Eastern District of Texas. In one case, a jury recently found that Apple did not infringe five of Core Wireless’s patents. In another case, it is asserting eighteen patents against LG. One of its arguments in the LG case came to our attention as an example of what patent trolls think they can get away with.

In patent litigation, patent owners and alleged infringers often disagree about the meaning of words in patent claims and ask the court to resolve the differences (a process known as “claim construction”). In Core Wireless’ case against LG, the majority of the disputes seem like usual ones in terms of patent litigation.

Except for the dispute about “integer.”

You may have learned what an “integer” was in high school. It’s a common concept many teenagers learn about when they take algebra. In Ontario, Canada, for example (where Conversant is based), teachers discuss integers in the 9th and 10th grades. As defined in the Ontario Curriculum, an integer is: “Any one of the numbers . . . , –4, –3, –2, –1, 0, +1, +2, +3, +4, . . . ” Here’s a PBSMathClub video with a helpful explanation:

Privacy info. This embed will serve content from

It’s pretty clear what an “integer” is. Here are a few more definitions from various sources, all confirming the same thing: “integers” are all of the whole numbers, whether positive or negative, including 0.

But Core Wireless, the patent owner, told the court that an “integer” is “a whole number greater than 1.” Core Wireless is saying that not only are negative numbers not integers, neither are 0 or 1.

This is preposterous.

As one mathematician told us:

The integers are the natural numbers (whole numbers greater than zero), their negatives, and the number zero (very important). So saying that the integers are all whole numbers greater than one is a bit like saying that sweet and sour chicken is just sour sauce because you're missing its negative, and the chicken, which is very important. Or that a turducken is just turkey: we all know that the duck and the chicken are essential.

To be clear: the law allows patent applicants to redefine words if they want. But the law also says they have to be clear that they are doing that (and in any event, they shouldn't be able to do it years after the patent issues, in the middle of litigation). In Core Wireless’ patent, there is no indication that it used the word “integer” to mean anything other than what we all learn in high school. (Importantly, the word “integer” doesn’t appear in the patent anywhere other than in the claims.)

It appears that Core Wireless is attempting to redefine a word—a word the patent applicant freely chose—because presumably otherwise its lawsuit will fail. The Supreme Court has long disapproved of this kind of game playing. Back in 1886, it wrote:

Some persons seem to suppose that a claim in a patent is like a nose of wax which may be turned and twisted in any direction, by merely referring to the specification, so as to make it include something more than, or something different from, what its words express.

Just last year, the Supreme Court issued an opinion in a case called Nautilus v. Biosig Instruments emphasizing that patent claims must describe the invention with “reasonable certainty.” Using a word with a well-known and precise definition, like “integer,” and then insisting that this word means something else entirely is the very antithesis of reasonable certainty.

We hope the district court applies long-standing Supreme Court law and doesn’t allow Core Wireless to invent a new meaning for “integer.” Patent claims are supposed to provide notice to public. The public should not be forced to guess what meaning the patent owner might later invent for the claims, on penalty of infringement damages.

Ultimately, this is just one baseless argument in a bigger case. But it reveals a deeper problem with the patent litigation system. A patent owner wouldn’t argue that “integer” doesn’t include the number one unless it thought it might get away with it. The Patent Office and lower courts need to diligently apply the Supreme Court’s requirement that claims be clear. We also need legislative reform to discourage parties from making frivolous arguments because they think they can get away with it. This should include venue reform to prevent trolls from clustering in the troll-friendly Eastern District of Texas.

var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22369%22 width=%22650%22%3E%3C/iframe%3E'; Files:  core_wireless_claim_construction_brief.pdfRelated Issues: PatentsPatent TrollsInnovation
Share this:   ||  Join EFF
Categories: Aggregated News

Happy Birthday To Everybody: Victory For The Public Domain (With An Asterisk) - Thu, 24/09/2015 - 04:20

It’s now (probably) legal to publicly sing the world's most popular song, thanks to an opinion handed down yesterday by a federal judge in Los Angeles. After years of litigation, the court held that the lyrics1 of "Happy Birthday To You" are not restricted by Warner/Chappell's copyright, handing a solid victory to a group of filmmakers producing a documentary about the song, not to mention the general public.

We’re glad about the ruling, but we can’t help noting that the case casts some of the deeper problems with our copyright system into stark contrast. For one thing, copyright terms are way, way, way too long.

Copyright Terms Are Way, Way, Way Too Long

There is no rational reason why anyone should be restricted from using lyrics written 120 years ago.

And yet, our painfully long copyright terms enable exactly that.

In this case, the effects of hyper-extended terms were significant for the litigants as well as the public. Remember, this was the case that seemed to turn on exciting last-minute "smoking gun" evidence—in the form of a book from 1927. When litigants need to cite evidence that ancient, there's a real problem. And what if there hadn't been a team of impressive law librarians able to dig up that yellowed text?

Warner/Chappell actually faced a similar problem, because the Copyright Office no longer has a copy of the original registration upon which Warner relied. Instead, the company had to trek across the pond to the British Museum, which held on to it this whole time.

Given that term lengths are set by policy, it should ring alarm bells if litigants have to dig in actual museums and rely on ancient records to settle copyright disputes. Those alarm bells might be quieted if we had any evidence that those long terms actually helped promote the progress of science and useful arts—but the preponderance of evidence points the other way.

The Deck Is Stacked Against The Public Interest

This case points to another problem: it’s too easy for concentrated copyright interests, even invalid ones, to beat back the diffuse public interest. Thanks to those ridiculous term lengths, exacerbated by loosened requirements on notice and registration, it can be difficult or impossible to identify the owner of a copyright associated with a work. There’s also the crushing weight of outsized statutory damages hanging over anybody accused of infringement. And if you can’t afford to hire a lawyer, it’s difficult to hold folks who are abusing the system accountable.

The history of royalty payments on Happy Birthday illustrates that dynamic—concentrated interests trump diffuse ones. By some estimates, Warner/Chappell was collecting $2 million a year on these payments. But because it charged each user much less than the cost of litigating, nobody brought suit—not for what we can now say is eight decades of improper copyright claims.

So: Is It Public Domain?

Lots of early reports have trumpeted the news that, after this opinion, the song is now officially in the public domain. That is very nearly true, but even that nice thing is spoiled by our profound orphan works problem.

This court ruled that Warner/Chappell has no legitimate copyright interest in the lyrics—and in fact, that every party claiming a copyright in the lyrics in the eight decades since one particular agreement has been mistaken. But if Warner/Chappell has no copyright, does that mean nobody does?

As a practical matter, the answer is probably yes. If anybody else had a likely claim to the copyright, they would have stepped forward long ago, and not sat idly by while Warner/Chappell was collecting millions in royalties.

Still, the inherent difficulty of dealing with records that date back a century means that it is difficult or impossible to conclusively say who transferred what. People should sing "Happy Birthday" to their heart's content. But for works that are less high-profile than "Happy Birthday," the cloud of uncertainty around such transfers might be enough to keep people from lawfully enjoying our common cultural heritage in the public domain. That's a sad outcome, and one that we should work to avoid—by seeking more reasonable copyright terms, encouraging the Copyright Office to practice better librarianship around records, and generally tackling the orphan works problem.

So, let’s cheer a great win for our common culture—but not forget that we still need to fix our broken copyright system.

Image: Birthday candles by Ed g2s, released under Creative Commons BY-SA 3.0 license.

  • 1. The copyright claim here was just for the lyrics. The melody, written and published earlier, has long been in the public domain. So you could safely hum "Happy Birthday" before this opinion, just not sing the words.
var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22369%22 width=%22650%22%3E%3C/iframe%3E'; Related Issues: Fair Use and Intellectual Property: Defending the Balance
Share this:   ||  Join EFF
Categories: Aggregated News

EFF To North Carolina Supreme Court: Overbroad Anti-Bullying Statute Violates the First Amendment - Thu, 24/09/2015 - 04:17

"Cyber-bullying" and other forms of online harassment are a serious problem. But as we have explained in the past, it is a challenge to craft laws or policies that address the harms caused by online harassment without unduly restricting speech or invading people’s privacy. New York tried and failed. And North Carolina's anti-bullying statute also goes too far. The North Carolina statute is currently being challenged in court, and on Monday, EFF filed an amicus brief urging the North Carolina Supreme Court to throw out the incredibly overbroad law for violating the First Amendment. 

The statute at issue in the case, State v. Bishop, makes it a crime for someone to use a computer to, “[w]ith the intent to intimidate or torment a minor[,] . . . [p]ost or encourage others to post on the Internet private, personal, or sexual information pertaining to a minor.” Under this broad language, it would be a crime for a high school student to post a message on Facebook stating that she recently broke up with her 15-year-old boyfriend because he cheated on her. Such a post would fall into the category of “private, personal, or sexual information” about the ex-boyfriend, a minor.

A student was charged and convicted with violating the statute. The student appealed his conviction, arguing that the statute violated the First Amendment of the U.S. Constitution. But the North Carolina Court of Appeals upheld the anti-bullying law, reasoning that the statute was a restriction on conduct, not speech, and that it was motivated by a content-neutral purpose. The student appealed this decision to the state’s supreme court.

As we explain in our amicus brief to the North Carolina Supreme Court, the court of appeal’s reasoning is plainly wrong.

First, the law clearly restricts speech—i.e., the publication of information on sites such as Twitter or Facebook—not just conduct. As we say in our brief, “Posting something online is an ‘act’ only in the sense that all speech involves acts: putting ink on paper, opening one’s mouth, carrying a sign.” If posting something on Twitter is not speech, then nothing is.

Second, the law restricts communication of particular kinds of facts or statements and is therefore a clear content-based restriction on speech. That this content-based law may have been motivated by a well-meaning purpose does not transform it into a content-neutral one—a fact that the U.S. Supreme Court recently made clear in Reed v. Town of Gilbert.

Courts are supposed to look very carefully at content-based regulations of speech. Such regulations are presumptively invalid, unless the government can prove that the regulation was narrowly tailored and necessary to achieve a compelling government interest. In other words, the government must satisfy strict scrutiny—the most stringent standard of judicial review in the United States. As the Supreme Court stated in Reed, “a law that is content-based on its face is subject to strict scrutiny regardless of the government’s benign motive[ or] content-neutral justification.”

The government should have applied the strict scrutiny standard to North Carolina’s content-based anti-bullying statute. And because the statute is dramatically overbroad and bans a wide range of protected speech, the government could never meet this standard. We hope the North Carolina Supreme Court agrees with us and throws out the court of appeals’ dangerous ruling.

Special thanks to UCLA law professor Eugene Volokh and his students in the Scott & Cyan Banister First Amendment Clinic and local counsel C. Scott Meyers of Ellis & Winters LLP for their work on this brief.

var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22369%22 width=%22650%22%3E%3C/iframe%3E'; Related Issues: Free Speech
Share this:   ||  Join EFF
Categories: Aggregated News

CalECPA and the Legacy of Technology: An Open Letter to Gov. Jerry Brown - Thu, 24/09/2015 - 01:04

This open letter was crossposted to Medium

Dear Gov. Brown,

Electronics, computers, satellites, biotechnology, robotics – these are no longer dreams. They are the driving imperative that is restructuring the world economy. These new technologies are fundamentally changing our communications, agriculture, environment, schooling, financial institutions, family life and our national security.

California is now the leader in these technologies, but we will not remain so unless we mobilize the political will and individual responsibility to act.

Those were your words, delivered on January 9, 1982?—?your final State of the State Address as the 34th governor of California. They are just as true and inspiring today as they were at the dawn of the age of personal computing.

My name is Dave Maass and I work at the Electronic Frontier Foundation in San Francisco. I am writing to you today as someone who has heeded your words and taken individual responsibility to act. I am also writing as part of a movement that has mobilized the political will to put a bill on your desk?—?S.B 178, also known as the California Electronic Communications Privacy Act or CalECPA. The hard truth is California is no longer a leader, not when it comes to how our privacy laws are applied in an era of constant technological growth. We need your signature on this legislation to rebuild trust in the digital economy and the technologies you have long championed.

Gov. Brown, I’ve been digging into historical documents for any hint about what action you might take on CalECPA. I’ve been impressed by your early work on computer literacy in the education system (InfoWorld talked about your “three C’s”: “computing, calculation, and communication with technology”) and the long term impact those measures have had on this current generation of innovators.

Our privacy laws are as outdated as the Apple III. Photo: Thorsten1/CC BY-SA 3.0

News articles talk about how you struggled with the cryptic documentation” for your own Apple III and your friendship with Steve Jobs at the Los Altos Zen Center. Another Apple co-founder, Steve Wozniak, and early employee Dan Cochran tell a humorous story about how, shortly after you left office in 1983, you took a tour of Apple’s Lisa offices—creating a gossip shockwave that you might become the new CEO of the company.

The future you envisioned and nurtured in the late 1970s and early 1980s has come to pass. You presided over the birth of a digital revolution and many of the actions you took as governor helped propel California to the forefront of innovation. Ask anyone who’s moved to California from anywhere else in the world: it’s like taking a ride in a time machine to a science fiction wonderland.

With one exception: our laws. As our devices have shrunk, as their storage capacity has grown, as cloud services have begun hosting more of our information, as we shift to a paperless society, our laws have failed to reflect the privacy protections enshrined in the California Constitution: the guarantee that the people be free from unreasonable searches and seizures. When it comes to our data, we are not being treated with the fairness and respect for our privacy and dignity that the state Constitution requires. New technology may address a lot of contemporary challenges, but problems with the law can only be solved by the same age-old system: the legislative process.

Law enforcement needs a warrant to search through our filing cabinets and drawers, but the law doesn’t provide the same protections for our digital information. CalECPA would ensure police get a warrant for our electronic records, including emails and locational data, regardless of whether it’s held on a device or by online service providers.

The lack of legal clarity?—?with rules guided by inconsistent case law, rather than legislation?—?isn’t just bad for individual privacy. The status quo is also bad for the companies we entrust our data to and the public safety officers who have to navigate the gray areas to protect us.

In 1982, you asked California to mobilize the political will to sustain our status at the top. That is exactly what has happened around S.B. 178 and the issue of digital privacy. The bipartisan bill, sponsored by Sen. Mark Leno (D-San Francisco) and Sen. Joel Anderson (R-San Diego), has drawn support across the spectrum.

A recent poll shows that 82% of Californians believe that a warrant should be required for our data. The long list of the bill’s backers include organizations, such as:

  • Privacy and civil liberties groups: ACLU, Privacy Rights Clearinghouse, Electronic Frontier Foundation, Center for Democracy and Technology, Tech Freedom, and Restore the Fourth
  • Business and consumer interests: California Chamber of Commerce, Small Business California, Bay Area Council, Consumer Federation, and Consumer Action
  • Media and library organizations: California Newspaper Publishers Association, the American Library Association, Media Alliance, Center for Media Justice, and the Internet Archive. (Plus the editorial boards of the Sacramento Bee, Los Angeles Times, and San Francisco Chronicle.)
  • Community justice organizations: Color of Change, Asian Americans Advancing Justice, Centro Legal de la Raza, CAIR, and the National Center for Lesbian Rights
  • Child advocates: ConnectSafely and Common Sense Media

Not only are public interest groups supporting the legislation, but virtually all of California’s large Internet companies?—?Google, Facebook, Adobe, Twitter, Mozilla, Foursquare, reddit, Dropbox, and, of course, Apple?—?have thrown their weight behind the bill. (It’s amusing to think that, had the Apple rumor been true, you might very well be standing with us today to ask for another governor’s signature.)

LinkedIn, a global hub for connecting employers with talent, emphasized that this bill is crucial to ensuring California’s leadership in not just technology, but all economic sectors. As Pablo Chavez, Vice President for Global Public Policy and Government Affairs, writes:

By our estimate, 60 percent of California’s workforce uses LinkedIn?—?and a critical component to their efforts to generate economic opportunity for themselves and others is updating and modernizing the laws that govern access to digital data and communications. [S.B. 178] would help achieve that goal by adding much needed clarity and transparency to existing government access laws, while not unduly hindering legitimate law enforcement investigations.

In years past, law enforcement was resistant to change. This time, after much negotiation, the state’s most influential law enforcement organizations—California District Attorneys Association, California Police Chiefs Association, California State Sheriffs' Association, and the California Statewide Law Enforcement Association—all withdrew their opposition to S.B. 178. The bill does not affect law enforcement’s ability to access basic subscriber information or conduct undercover investigations, and police can get data in emergency situations—when someone’s life is on the line—without a warrant. This emergency provision is balanced with meaningful accountability measures that will bolster public trust.

As the California Sheriffs Association wrote in their neutrality letter: CalECPA ensures “the correct balance is struck between the need for law enforcement to obtain information regarding criminal activities from electronic communications and the privacy interests of those who use email and other forms of electronic communication.”

The San Diego Police Officers Association, representing more than 1,850 sworn officers, has put its full support behind the bill as well. From their perspective, the current legal framework for obtaining digital records is fraught with uncertainty, presenting numerous problems for law enforcement. One reason is the processes for complying with government requests vary widely company to company. As SDPOA President Brian Marvel writes:

In its current form, SB 178 strengthens community relationships and increases transparency without impeding on law enforcement’s ability to serve the needs of their communities. This bill does so by providing a clear process for government or law enforcement agencies seeking access to electronic information such as data stored on cell phones, electronic devices, emails, and digital documents.

SB 178 modernizes the current law to account for assuring privacy of personzal information of Californians regardless of the format in which it is stored.

Hawaii and Texas have both passed laws requiring warrants for content. Illinois, Indiana, Maryland, Minnesota, Montana, Washington and Wisconsin have all passed laws requiring warrants for locational data. Maine and Utah (the latter has been called the “next Silicon Valley”) have passed laws requiring warrants for both.

Gov. Brown, it’s California’s turn.

captivating portrait of you hangs in the state Capitol. If a visitor looks closely, the inscription reads:

“We can pioneer the new technologies that emphasize quality over quantity and we can make the tools to lift millions out of poverty and ignorance. The world still looks to California.”

The world still looks to California, but now California looks to you. Please sign S.B. 178.

Dave Maass
Electronic Frontier Foundation

It’s time to update California’s privacy laws. Tell Gov. Jerry Brown to sign S.B. 178 (CalECPA) today.

var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22369%22 width=%22650%22%3E%3C/iframe%3E'; Related Issues: PrivacyRelated Cases: California's Electronic Communications Privacy Act (CalECPA) - SB 178
Share this:   ||  Join EFF
Categories: Aggregated News



Advertise here!

Syndicate content
All content and comments posted are owned and © by the Author and/or Poster.
Web site Copyright © 1995 - 2007 Clemens Vermeulen, Cairns - All Rights Reserved
Drupal design and maintenance by Clemens Vermeulen Drupal theme by Kiwi Themes.
Buy now