Aggregated News

The Crypto Wars Have Gone Global

eff.org - 3 hours 40 min ago

Recently, Congress heard testimony about whether or not backdoors should be introduced into encryption technologies, a technically problematic proposal that would fundamentally weaken the security of the Internet, according to a recent report written by eleven of the world’s leading cryptographers. But while Congress is reliving these debates from the nineties (we hear they’re in these days), the Crypto Wars are very much alive and well in other parts of the world.

The United Kingdom, Netherlands and Australia have gone farther than the proposals put forward by the FBI by introducing new regulations that seek to weaken and place limits on the development and use of encryption. These efforts, made ostensibly to protect citizens against terrorism, are likely to have severe economic, political and social consequences for these nations and their citizens, while doing little to protect their security.

According to the cryptographers’ report, encryption in fact has a critical role to play in national security by protecting citizens against malicious threats. The harm to the public that can be presented by lax digital security has been illustrated a number of times over recent months: data breaches such as the hack of the Office of Personnel Management compromised the personal information of tens of millions of Americans, while weak or flawed cryptography led to vulnerabilities such as Logjam and FREAK that compromised the transport layer security protocols used to secure network connections worldwide. Encryption is not only essential to protecting free expression in the digital age—it's also a critical part of national security.

This is what makes law enforcement claims that encryption prevents them from pursuing criminals and terrorists so concerning, especially when it’s not backed up by evidence. Testimony by Manhattan’s DA before the Senate Judiciary Committee revealed that the office had encountered 74 iPhones whose full-disk encryption had hindered an investigation, or less than 0.1% of all cases, as EFF’s Nadia Kayyali notes. As Bruce Schneier put it recently in an interview, “[David] Cameron is unlikely to demand that cars redesign their engines so as to limit their speeds to 60 kph so bank robbers can’t get away so fast. But he doesn’t understand the comparable trade-offs in his proposed legislation."

United Kingdom

Cameron has said there should be no “means of communication” which “we cannot read” in the United Kingdom, which has been interpreted by some media outlets as a proposal to ban the use of encryption in the UK.

No legislation has been made available publicly yet, and a spokesperson for the prime minister backed off such claims in recent days, so the exact form of implementation remains to be seen. But to entertain the hypothetical, the consequences of such a move would be quite significant: not only would UK citizens be banned from using secure software and UK companies be banned from producing it, but any sort of free and open source software would be banned, due to an inability to police whether encryption had been introduced in any of the code.

A ban would likely mean, as Cory Doctorow notes, that many companies would have to relocate or completely revamp their servers as operating systems like GNU/Linux and BSD use free and open source code. Popular messaging applications including iMessage and WhatsApp would be banned for their use of encryption. Moreover, anyone entering the UK with a phone or computer from outside of the UK would have to conform to UK standards or have their devices seized at the border.

But the likely proposal, that Cameron will seek to mandate technology companies provide backdoor access to UK law enforcement, is already having a negative impact on UK businesses. A number of technology firms, including Ghost, Ind.ie and Eris Industries, have moved out of the UK over concerns they will be forced to introduce backdoors in their encryption technologies. Leading technology companies including Apple and Google have also expressed trepidation at the UK’s planned expansion of its state power over their products.

The consequences for users’ privacy are even worse. Parliament is expected to revive the Draft Communications Data Bill, commonly known as the Snoopers’ Charter, in its next session. The bill would require Internet service providers to maintain records of users’ communications and would change authorization procedures to allow senior law enforcement officers to give monthly authorizations for bulk collection rather than requiring individual requests for the collection of data.

In combination with a mandate for backdoored encryption, this would mean a dramatic expansion of the UK’s capacity to surveil the communications and metadata of its citizens even as the state diminishes those citizens’ capacity to protect themselves from harm.

The Netherlands

The Netherlands is similarly considering legislation that would combine an expansion in surveillance powers with limits on cryptography in a slightly different form, through the capacity to compel decryption of data. It recently launched public consultation on a proposed update to the Intelligence & Security Act of 2002 which expands the country’s surveillance capabilities to include non-specific interception. In combination with intelligence services’ existing authority to compel anyone to decrypt stored data and communications either by handing over keys or by providing the decrypted data, citizens of the Netherlands face significant incursions on their privacy.

Mandating end-users decrypt their data is in many ways problematic, particularly because it reverses the presumption of guilt. If the user doesn’t have the private key or passphrase to access the decrypted data, there is no way for them to prove this is the case—and they could face felony or misdemeanor charges for their failure to comply.

But the mandate to decrypt also includes other parties, including intermediaries and online service providers, which would introduce another complicated twist. According to analysis of the bill by Matthijs Koot, this provision is written in such a way as to facilitate bulk interception of encrypted communications where mandated by a Minister. The existing law already grants legal room for the use of hacking, which could be used in order to obtain the information necessary to decrypt data, or using third party agents or informants in order to obtain this information, for example by intercepting someone’s keys in order to decrypt their data—all of which would present greater challenges to protecting user privacy.

There’s still time for these provisions to be amended in response to public comments. The Dutch Review Committee on the Intelligence & Security Services has already raised a number of important questions about the bill, including whether the expansion of interception powers will be effective and necessary, how the privacy of innocent citizens should be protected and what the minimum requirements of oversight should be. We’re hopeful that critique will also come from within Parliament, given that Dutch representatives opposed similar measures when proposed by the Council of Europe in January, according to EDRi. But the proposal of such measures is indicative of a range of challenges to encryption broader than UK and US-proposed backdoors.

Australia

Recently passed revisions of Australia’s Defence Trade Controls Act may likewise have a deleterious effect on the development and use of encryption technologies. The DTCA is a permitting regime that regulates trade in military technologies and dual-use technologies, including encryption. The newest list of these technologies introduces the risk of overbreadth by setting an extremely low bar for what forms of encryption classify under this regime—regulating not only encryption software itself, but the systems, electronics and encryption used to implement, develop, produce and test it.

All it takes is for such an ambiguously-written regulation to be re-interpreted or over-enforced, and a country with an apparently positive approach to strong encryption could quickly morph into a state that silences or even prosecutes its own security researchers. While such regulations exist on the statute books, statements by politicians declaring their intent to prevent the privacy of encryption contribute to this climate of uncertainty, without any need for a new law.

In this case, the planned introduction of criminal provisions to the Defence Trade Controls Act has raised serious questions about the safety of distributing or even teaching encryption among researchers. Daniel Mathews, a lecturer at Monash University, is concerned that the specifications are so imprecise that “the only cryptography not covered by the DGSL is cryptography so weak that it would be imprudent to use."

Moreover, they risk being interpreted in such a way as to make the teaching of cryptography and even other areas of mathematics illegal without obtaining a permit. The EFF recently signed on to a letter from members of the International Association for Cryptologic Research expressing concern over the law, saying it “subjects many ordinary teaching and research activities to unclear, potentially severe, export controls." The amendments to the Act were passed in April and will come into effect next year.

The Danger of Setting New Norms

The unintended consequence of these efforts to provide law enforcement unfettered access to communications for users’ privacy and the security of the Internet far exceeds the benefits that would be gained.

Even with amendments, the regularity with which these debates occur presents a risk that they begin to set the norm: given the geopolitical weight of the nations in which they’re being considered there’s potential that such proposals could set precedent for other nations to follow suit. And as EFF lawyer Nate Cardozo noted in a panel at the recent Crypto Summit, even more dangerous is the potential for silent capitulation by technology companies regardless of whether there’s a law on the books.

Already, FBI Director James Comey praised the UK’s proposal for being “a little bit ahead of us” on encryption policy in his testimony before the Senate Intelligence Committee, suggesting such policy measures are progressive rather than outdated and ill-informed. It’s time to leave the Crypto Wars behind, and treat encryption as a part of national security rather than a threat to it.


Share this:   ||  Join EFF
Categories: Aggregated News

Peru Adopts Data Retention Decree: Declares Location Data No Longer Protected

eff.org - Tue, 28/07/2015 - 07:49

The Peruvian President today adopted a legislative decree that will grant the police warrantless access to real time user location data on a 24/7 basis. But that’s not the worst part of the decree: it compels telecom providers to retain, for one year, data on who communicates with whom, for how long, and from where. It also allows the authorities access to the data in real time and online after seven days of the delivery of the court order. Moreover, it compels telecom providers to continue to retain the data for 24 more months in electronic storage. Adding insult to injury, the decree expressly states that location data is excluded from the privacy of communication guaranteed by the Peruvian Constitution.

The decree was adopted with no public consultation by the Executive Branch on the basis of a mandate from the Peruvian Congress to legislate on general public safety and the fight against crime. Moreover, the decree was adopted one day before the celebrations of Peru's independence, a set of holidays that coincides with vacation for most local schools and businesses.

In response to the adoption of the decree, Peruvian digital rights expert and Director of the Peruvian NGO Hiperderecho Miguel Morachimo told EFF:

”This law makes one clear mistake: assuming that geolocalization data from cellphones is not protected by the privacy safeguards under Peruvian Constitution. Following that line of reasoning, the government lifts any kind of protection for this data and gives unfettered access to it to the police and mandates ISPs to retain communications data for up to three years. Any policy like that is controversial in itself, but the fact that it was directly approved by the Executive Branch without prior debate and in the middle of national holiday season is especially undemocratic”.

The decree has significant potential for abuse of its new powers. It ignores the fact that most cellular phones today constantly transmit detailed location data about every individual to their carriers, and that all this location data is housed in one place—with the telecommunications service provider. The police will have access to more precise, more comprehensive and more pervasive data than would ever have been possible with the use of the interception of the content of communications. The Peruvian government should have been more sensitive to the fact that mobile companies are now recording detailed footprints of our daily lives.

International human rights standards

By stating that location data is excluded from guarantees in the Peruvian Constitution of the privacy of communications, the decree contradicts international human rights standards:

On the question of whether communications metadata is protected by the right to privacy, the Inter-American Court of Human Rights decision in Escher v. Brasil makes clear that both content and metadata are protected:                

“[The right to privacy] applies to telephone conversations irrespective of their content and can even include both the technical operations designed to record this content by taping it and listening to it, or any other element of the communication process; for example, the destination or origin of the calls that are made, the identity of the speakers, the frequency, time and duration of the calls, aspects that can be verified without the need to record the content of the call by taping the conversation. In brief, the protection of privacy is manifested in the right that individuals other than those conversing may not illegally obtain information on the content of the telephone conversations or other aspects inherent in the communication process, such as those mentioned.”

Moreover,  the 2014 UN High Commissioner on Human Rights report (A/HRC/27/37 - PDF) on the right to privacy in the digital age emphasized:

“19. [...] it has been suggested that the interception or collection of data about a communication, as opposed to the content of the communication, does not on its own constitute an interference with privacy. From the perspective of the right to privacy, this distinction is not persuasive. The aggregation of information commonly referred to as “metadata” may give an insight into an individual’s behaviour, social relationships, private preferences and identity that go beyond even that conveyed by accessing the content of a private communication. [...]

"20. It follows that any capture of communications data is potentially an interference with privacy and, further, that the collection and retention of communications data amounts to an interference with privacy whether or not those data are subsequently consulted or used. Even the mere possibility of communications information being captured creates an interference with privacy, with a potential chilling effect on rights, including those to free expression and association. The very existence of a mass surveillance programme thus creates an interference with privacy.”

Policy makers must understand that the adoption of broad surveillance powers without adequate safeguards undermines the privacy and security of citizens, and is therefore incompatible with their international human rights obligations. For any surveillance measure to be legal under international human rights law, it must be prescribed by law. It must be “necessary” to achieve a legitimate aim and “proportionate” to the desired aim. This requirement is important to ensure that the government does not adopt surveillance measures that threaten the foundations of a democratic society.

The thirteen Necessary and Proportionate Principles in particular, and international human rights law more generally, are premised on the assumption that interferences with fundamental rights must be dealt with on a case-by-case basis. In this context, data retention mandates for innocent individuals, by their very nature, eradicate any consideration of proportionality and due process in favor of the indiscriminate interference with the right to privacy—and could not be compatible with States’ human rights obligations. Peru must turn back from the dead-end path of data retention mandates, and uphold its international human rights obligations.

What Location Tracking Looks Like

In the meantime, Peruvian citizens should consider requesting access to their own personal data retained by their mobile company in accordance with Peruvian Data Protection Law. In Germany, the politician and privacy advocate Malte Spitz used a similar local data protection law—which like laws in many European countries, gives individuals a right to know what kinds of data private companies retain about them—to force his cell phone carrier to reveal what records it had on him. He received 35,831 different facts about his cell phone use over the course of six months, revealing vast amounts of personal information. To demonstrate just how intrusive this data is, Spitz chose to make it all available to the public.  Watch this remarkable interactive map of Spitz’s location information if you haven’t done so already.

It is time to educate all of our legislators and the general public that sensitive data warrants strong legal protections, not an all-access pass. We hope Peruvian human rights advocates evaluate all necessary legal options for challenging the legality of the measure. EFF will continue to report on mobile and online surveillance in Peru, and delve into the decree in more depth in the days to come.

More information in Spanish: Nueva norma permite a la Policía saber dónde está cualquier persona sin orden judicial

Related Issues: Mandatory Data RetentionSurveillance and Human RightsPrivacy
Share this:   ||  Join EFF
Categories: Aggregated News

TPP Undermines User Control and That's Disastrous for Accessibility

eff.org - Tue, 28/07/2015 - 03:46

The Trans-Pacific Partnership (TPP) threatens all users' ability to access information and participate in culture and innovation online, but it's especially severe for those with disabilities or who otherwise depend on content in accessible formats. That's because it doubles down on broken policies that were heavily lobbied for by Hollywood and other major publishers that impede the distribution of accessible works.

The TPP would force countries to enact harsher restrictions, and in other cases, undermine future efforts to reform laws that are already actively robbing people's autonomy and control over their own devices, purchased content, and online activities. If you've been following this issue, you'd know that this is due to secrecy of negotiations and the overwhelming influence that the copyright industries wield over trade officials.

Of course, all of our rights are at risk when a select group of powerful private interests dominate public policy considerations—but those who have the most to lose are people whose interests are already often marginalized and misunderstood by both companies and policymakers alike. Over the years, this has been especially true in the realm of copyright. The restrictions that pervade copyright enforcement create all kinds of barriers for people with disabilities. They impede legal reforms and even entire technologies that could enable knowledge access and cultural participation for all.

The problem is that most creators and publishers of works, such as books, movies, and software applications, don't readily provide or anticipate alternative formats that are accessible for people with disabilities. One glaring example is what the World Blind Union calls the "book famine," in which only 5% of published books were ever made accessible for the blind and people with print disabilities, and even worse, less than 1% of those available in poor countries.

In short, publishers don't do enough to make works accessible to everyone. They can, and sometimes do, go to some lengths to make their commercial works more accessible—such as by adding subtitles or descriptive audio to movies. Yet these measures don't account for various kinds of unique needs people have, nor address the problem of interoperability of closed formats with third-party or free and open source platforms.

Stronger Global Controls on Circumventing DRM

It's great when rightsholders include meta-data like closed-captioning in their digital files—but if it's locked behind DRM, those subtitles aren't useful for everyone who might want to use them. And sometimes, as with the mess with HDMI captioning standards, this data ends up unavailable for anyone. A quick hack could turn transcriptions into a larger font size, or output them to another assistive device, or another perfectly lawful accommodation. But such hacks are prohibited under the anti-circumvention measures of the DMCA. Even explaining to others how they can improve access is cast as “trafficking” in a circumvention measure.

The TPP extends the United States' ban on interfering with digital rights management (DRM) technologies which would make it extremely difficult to tinker with devices and content or offer services to the disabled to grant them better access without risking criminal liability. The last leak reveals provisions that makes it a crime to distribute tools and methods to get around DRM, irrespective of whether people are using them for financially-motivated infringement.

If someone with a disability wants to circumvent DRM, they either have to do it themselves or use illegally obtained tools to do so. The criminal penalties for sharing anti-circumvention tools could be enough to discourage tech-savvy individuals from sharing them online. This effectively blocks all kinds of creative and educational works from being transformed into accessible works.

The best way to make works accessible is by allowing people to control, modify, and tinker with them themselves. And since most people don't have the time or skills to do it, they should be able to rely on others to do this for them. The most obvious solution would be to create blanket exceptions to copyright that allow people to shift works into accessible formats that fit their needs.

Marrakesh Treaty: A Critical Step Towards Empowering Users with Disabilities

That's exactly what public interest advocates fought for in the Treaty for the Visually Impaired. Also known as the Marrakesh Treaty, it is a UN agreement that came out of the World Intellectual Property Organization (WIPO). It binds signatory countries to create strong use exceptions for the blind and people with visual disabilities to have access to books and illustrations. Individuals or any "authorized" organizations can, under the Treaty, circumvent DRM on ebooks or import accessible books from another participating country for the purposes of enabling people with visual impairments the ability to read those works.

After about a decade of intense negotiations, the Marrakesh Treaty was finally concluded and signed in June 2013. It was a momentous achievement not just for people with visual disabilities, but also users of all kinds. It was the first treaty to ever enshrine the rights of users in international law.

However, this treaty began as a much stronger, more comprehensive project. Its advocates sought to protect and enshrine the rights of people with other kinds of disabilities, as well as win protections for various kinds of uses for a wider array of works. Major publishers and studios ultimately failed at killing the treaty, but in the process they were able to strip it bare of other rights and practical uses. This led to a huge number of possible beneficiaries, like the deaf, becoming left out. This was a direct result of pressure from the copyright industries, who heavily lobbied the U.S. and EU representatives to exclude the deaf from the treaty. Unfortunately, they also succeeded in striking out "audiovisual" works, like films and video games.

The Marrakesh Treaty is still an extremely valuable treaty, and when it's ratified by 20 countries, it will finally go into effect and help address the world book famine among thousands of the world's blind and visually impaired. But the reality is that this treaty alone is not enough to protect the rights of people with disabilities against the barriers created by copyright.

There were several instances when private industry reps, in addition to government representatives, during negotiations cited existed trade agreements' copyright provisions as reason to reject the passage of the Treaty (this argument holds no water, but is an issue we may explore in another blog post). The real danger with the TPP is that it will further tip the policy environment towards rightsholders and away from the public interest. Specifically, the trade agreement could make it even harder to pass more international user-rights focused instruments like the Marrakesh Treaty.

Narrowing of Rights for More People and New Technologies

The passage of the Marrakesh Treaty led to a change in the TPP's Limitations and Exceptions section of the Intellectual Property chapter, expanding the definition of a legitimate use as one that is "facilitating access to works for persons who are blind, visually impaired, or otherwise print disabled" (some of this wording is still contested, but on the whole is included in the most recent leak of the agreement). This was of course a welcome change to see in the TPP.

What's worrying however, is that in order to pass a new international exception for other kinds of disabilities, such as for the deaf, it will require another agonizing, years-long process. While Marrakesh was intended to set a lower limit on the number of potential exceptions for accessibility, the wording of trade agreements like the TPP could turn the same language into an upper limit. This is due to its approach to copyright exceptions, exemplified by its "three-step test" provision. It's a set of criteria that governments must follow in order to pass any new exception (like say, allowing works to be used for educational or even accessibility purposes). In practice, the three-step test can embolden restrictions against using copyrighted works, rather than being more permissive like fair use.

So instead of providing only a narrow right to people with visual impairments, the TPP could include an exception that would help anyone who has difficulty accessing work due to a disability. But unlike at Marrakesh there are no representatives of the disabled to make that argument in the closed negotiating rooms of the TPP.

Advocates for increased accessibility have long understood that it's about creating technology that is accessible for everyone who needs it, not just a few carefully carved out classes of the “officially” disabled. The Marrakesh treaty was a victory for providing global exceptions to copyright to improve digital accessibility, at the cost of only being permitted to offer those for the visually-impaired. The real future is one where the tools to increase accessibility are available and modifiable by those who are best able to customize and improve them: the users themselves. The TPP, by attempting to freeze exceptions at the Marrakesh level or worse, lock us out of that future. And by doing so, it locks out millions from digital content they would otherwise have the right and ability to enjoy.

Related Issues: Fair Use and Intellectual Property: Defending the BalanceInternationalTrade Agreements and Digital RightsTrans-Pacific Partnership AgreementWIPO
Share this:   ||  Join EFF
Categories: Aggregated News

Stop CISA: Join EFF in a Week of Action Opposing Broad "Cybersecurity" Surveillance Legislation

eff.org - Tue, 28/07/2015 - 00:00

How do you kill a zombie bill like CISA? Grassroots action. That's why EFF and over a dozen other groups are asking you to join us in a Week of Action to Stop CISA.  The Senate is likely to vote on the Cybersecurity Information Sharing Act (CISA) in the coming weeks, and only you can help us stop it.

We keep hearing that CISA and the other "cybersecurity" bills moving through Congress are “must-pass” legislation. But just like the original version of CISA, the Cyber Intelligence Sharing and Protection Act (CISPA), we think grassroots activism can stop this legislation in its tracks.

CISA is fundamentally flawed because of its broad immunity clauses for companies, vague definitions, and aggressive spying powers. Combined, they make the bill a surveillance bill in disguise. The bill may even make things worse for Internet users in several ways. That’s why we’re launching a week of action to make sure Congress is getting the message loud and clear:  CISA must not pass.

The Week of Action

EFF and our allies have been hard at work fighting Congress’ cyber surveillance bills. But the most important voices are yours. Here’s how to help:

  1. Visit the Stop Cyber Spying coalition website where you can email and fax your Senators and tell them to vote no on CISA.
  2. Use a new tool developed by Fight for the Future to fax your lawmakers from the Internet. We want to make sure they get the message.
  3. Check out our AMA on Reddit on Wednesday July 29 at 10am ET/7am PT with EFF, Access, Fight for the Future, and the ACLU and let your friends know about it.
  4. Help us spread the word. After you’ve taken action, tweet out why CISA must be stopped with the hashtag #StopCISA. Use the hashtag #FaxBigBrother if you want to automatically send a fax to your Senator opposing CISA. If you have a blog, join us by publishing a blog post this week about why you oppose CISA, and help us spread the word about the action tools at https://stopcyberspying.com/. For detailed analysis you can check out this blog post and this chart.

With your help, we’ll make sure Congress gets the message: now more than ever, we don’t need more cyber surveillance. We need better security. CISA must be defeated because it may make things worse for Internet users in several ways:

New and Invasive Tools for Companies

CISA allows companies to monitor their information systems for broadly-defined threats. Moreover, and equally alarming, the bill authorizes companies to launch countermeasures against perceived attackers, without any safeguards. While it prohibits measures that cause “substantial harm,” it’s unclear exactly what substantial is, leaving open the possibility of measures that cause a significant degree of harm. A letter sent in March by over 25 groups opposing CISA pointed out that, “CISA permits companies to recklessly deploy countermeasures that damage networks belonging to innocent bystanders.”

Overbroad definitions

As if the new authorities weren’t enough, the bill’s broad definitions grant companies even more discretion to decide when to go on the offense against perceived threats. For example, "cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of information or an information system.

Cyber surveillance (with the help of the NSA)

Not only does CISA grant companies more power to obtain “cyber threat indicators" and to disclose that data to the government without a warrant—it requires real time sharing of that information to military and intelligence agencies, including the NSA. In other words, cyber threat indicators shared with any agency would be automatically shared with the NSA—all without requiring companies to strip out personally identifying information.

To make matters worse, CISA grants the government too much discretion in how to use the information for non-cybersecurity purposes. It also contains exemptions to the Freedom of Information Act, which will keep the public in the dark about what information is being collected, shared, or used.

Near-Blanket Immunity

Finally, CISA would create incredibly broad immunity for companies that engage in any of the activities authorized by the bill. This is especially concerning because of the bill’s lack of protection for private information and the ability to launch countermeasures. Any company that merely does significant (but not “substantial”) harm to innocent people or machines will not be liable in court.  

Participating organizations (updated on a daily basis throughout the week)
  • Access
  • ACLU
  • American-Arab Anti-Discrimination Committee
  • American Library Association
  • Association of Research Libraries
  • The Center for Democracy and Technology
  • The Constitution Project
  • EFF
  • Fight for the Future
  • Free Press
  • Freedom of the Press Foundation
  • Gandi
  • Media Alliance
  • Namecheap
  • National Association of Criminal Defense Lawyers
  • New York Tech Meetup
  • The New America Foundation
  • The Niskanen Center
  • Private Internet Access
  • The Sunlight Foundation
  • The X-Lab
Related Issues: PrivacyCyber Security LegislationNSA Spying
Share this:   ||  Join EFF
Categories: Aggregated News

Anatomy of a Copyright Coup: Jamaica's Public Domain Plundered

eff.org - Sat, 25/07/2015 - 03:00

A bill extending the term of copyright by an additional 45 years—almost doubling it, in the case of corporate and government works—sailed through the Jamaican Senate on June 26, after having passed the House of Representatives on June 9. The copyright term in Jamaica is now 95 years from the death of the author, or 95 years from publication for government and corporate works. This makes it the third-longest copyright term in the world, after Mexico and Côte d'Ivoire respectively with 100 and 99 years from the death of the author.

Worse than this, the extension was made retroactive to January 1962. Besides being the year when Jamaica attained independence, 1962 also just so happens to have been the year when Jamaican ska music (a popular genre in its own right, but also a precursor of the even more popular reggae) burst onto the international music scene. The parallels with the extension of the U.S. copyright term in the “Mickey Mouse Protection Act” are quite eerie. But, worse than what happened into the U.S., the retrospective effect of the law means that works that have already passed into the public domain in Jamaica are now to be wrenched back out again. Jamaica will now be one of the last countries in the entire world to enjoy free access to works that are already in the public domain in the United States—such as Charlie Chaplin's The Kid, from 1921.

If Jamaica hoped that this measure would bring in additional royalties for its musicians from overseas markets, then the tactic that it chose to pursue was doomed to failure from the outset. Foreign users of Jamaican copyrights are not bound by the extended copyright term; only Jamaicans are; but conversely, Jamaicans are now obliged to honor foreign copyrights for the full extended term.1 As opposition spokesperson on culture Olivia Grange put it during debate on the new law, “what will happen is that we will, in fact, be paying out to foreign copyright holders in foreign exchange for the continued use of foreign works in Jamaica, while our own rights holders will only benefit up to the 50, 70 or 80 years that exist in other countries”. So all that this measure has accomplished is that citizens of Jamaica, a developing country, will be paying more money into Hollywood's coffers, while Jamaica's own rich cultural heritage draws in not a penny more in return. Yay?

This measure is so stupid on its face that it is a wonder it passed through parliament at all. But what pains us even more is that it was deemed a trivial enough change to the law that it went unreported in the press until it was already a fait accompli. We could've spotted it earlier, and we're not proud of missing it. But it also came as an unwelcome shock to all the other activists with whom we work, including the International Federation of Library Associations and Institutions, whose members in Jamaica have suffered a sudden and severe setback to their mission to preserve and disseminate the early written records of newly-independent Jamaica.

That fact that proposals to lock up copyright works for an additional two, three or four decades or more isn't even considered newsworthy is something that we want to urgently change—especially now that six countries around the Pacific Rim are facing that very prospect, all at the same time, with the impending conclusion of the Trans-Pacific Partnership (TPP) that could enshrine a life plus 70 year copyright term in stone. Copyright term extension is not a positive sum, or even a zero sum game. It enriches big media corporations, not struggling artists; it impedes libraries, archives, educators and people with disabilities; and it locks away an entire corpus of works that belong in the public domain, preventing them from being repurposed by a new generation of artists and innovators (particularly in countries, like Jamaica, that lack a “fair use” right).

Jamaica has sadly fallen into the copyright trap, and it may be too late for it to escape. But it isn't yet too late for Canada, Japan, Malaysia, Brunei, New Zealand or Vietnam. Over the following weeks we will be highlighting the harmful effects of the extension of copyright terms in some of these countries, and providing an easy mechanism for you to use to take action, in these final days of the negotiations of the TPP.

On our TPP's Copyright Trap page we link to more articles about how the threat of copyright term extension under the TPP impacts users around the world.

  • 1. This would not be the case if Jamaican law followed the “rule of the shorter term”, which would allow it to honor foreign copyrights only for the term of protection that they enjoy in their home country. But it doesn't, so you can ignore this footnote.
Related Issues: Fair Use and Intellectual Property: Defending the BalanceTrans-Pacific Partnership AgreementTPP's Copyright Trap
Share this:   ||  Join EFF
Categories: Aggregated News

The Copyright Office Belongs in a Library

eff.org - Fri, 24/07/2015 - 05:39

It's been an exciting summer for the Library of Congress. Last month, the Librarian Dr. James Billington announced he would soon be stepping down, vacating a seat he's held for some 28 years. That announcement came hot on the heels of a new legislative proposal—the nigh-ungooglable CODE Act, which stands for “Copyright Office for the Digital Economy”—to spin the Copyright Office out of the Library and into its own independent agency.

Bound paper copyright catalogs line the shelves of the Copyright Office.

This is no coincidence. The Librarian of Congress has come under fire in recent years for, among other things, failing to ensure that the Copyright Office has the resources and organization it needs to carry out its mission in the modern world. The problem was memorably documented in a Government Accountability Office report earlier this year. But an independent Copyright Office is not the right solution.

In essence, this legislation takes a practical issue—lack of resources—and turns it into a political one. In the process, it promises to recreate the Office as an agency devoted to serving the interests of copyright holders, rather than the interests of the public as a whole.

Libraries—and especially the Library of Congress—have an institutional obligation to the public, to the cause of intellectual freedom, and to the principle of access. As the Library puts it, its mission is “to further the progress of knowledge and creativity for the benefit of the American people.” Given the purpose of copyright itself—to promote the progress of science and the useful arts—that should be the Copyright Office’s mission as well.

Librarians agree. Writing for Library Journal, Duke University's Kevin L. Smith lays out the possible thought process behind making the Copyright Office an independent agency:

The two sponsors, Rep. Chu from California and Rep. Marino of Pennsylvania, both talk about “autonomy,” and Rep. Chu says that the CO should be given “independence and sound legal ground to perform its core mission.” What suggests that the office currently is not able to perform its core mission, or that its autonomy is impeded? This is coded language, in my opinion, for the claims made by entertainment industry lobbyists that the Copyright Office should not reside within a library because they believe that library interests are antithetical to their business needs. In short, they want the Copyright Office freed of the need to balance the public interest with the goals of the legacy content industry; they want more scope for “regulatory capture,” wherein an agency that was created to serve the public interest instead advances the agenda of the very industry it was designed to regulate. In this case, an “independent” Copyright Office would be less encumbered by antiquated notions of “promoting the progress of science and the useful arts” and more subservient to the desires of the publishing and entertainment industry for a stronger monopoly.

(Emphasis ours.)

The American Library Association was also quick with its opposition to the CODE Act proposal, but it cites a different issue: the “solution” simply won't fix the problem.

A successful overhaul of the Copyright Office’s information technology infrastructure cannot be achieved by securing the Copyright Office’s independence from the Library of Congress. We have a much more important problem to solve that cannot be fixed by changing the address of the Copyright Office.

The ALA is correct. The way to solve the problems of the Copyright Office and the Librarian of Congress is not to separate the two. Rather, it's to dedicate resources better and push for more thoughtful leadership. On both counts, a smart choice for Librarian of Congress will help.

There are also historical reasons to leave it in place, dating back to the 1870 law that centralized key copyright functions in the Library. Most notably, the deposit requirement—that authors and artists submit copies of works they are registering for copyright—has provided enormous public value by building up the collection. Of course, the Copyright Office performs other functions. But operations like maintaining a catalog of registrations, providing technical assistance to legislators and executive branch agencies, and providing information services to the public are all better understood as being, on some level, library services.

So both ideologically and pragmatically speaking, any hasty moves to yank the Copyright Office out of the Library should be non-starters. The Copyright Office has an important role to play in protecting the public interest. It’s most likely to play that role if it answers to a Librarian.

Related Issues: Fixing Copyright? The 2013-2015 Copyright Review Process
Share this:   ||  Join EFF
Categories: Aggregated News

What Do We Want From the Next Librarian of Congress?

eff.org - Fri, 24/07/2015 - 05:38

There's a reason “librarians everywhere” were singled out for an EFF Pioneer award in 2000. Time and again, in fights against censorship and intrusive surveillance laws, librarians have been allies of the public, serving as the institutional representation of the ideals of intellectual freedom, unfettered speech, and reader privacy.

Outgoing Librarian Dr. James Billington examines a rare book.

Users need allies like that in the federal government—and they now have a chance to get a new one. The position of Librarian of Congress—the United States' top librarian role—has opened up for the first time in 28 years. President Obama should fill that spot with a candidate that has a strong record of supporting core library values and can help ensure that those values are fully realized in the digital age.

Unfortunately Dr. James Billington, who's been in that office for nearly three decades, has not been that kind of librarian. He’s come under heavy criticism in recent years, in part because he has not provided the technical leadership to bring the library into the 21st century. That criticism is likely underscored by his personal technological preferences, such as communicating with his staff largely via fax.

A re-energized, 21st century Library under a new Librarian could do all kinds of practical good. For example:

  • It could redouble its efforts to digitize its collection and make it accessible online. The Library of Congress has an amazing collection, including vast stores of public domain works, but you still have to go to DC to explore most of it.
  • It could do a better job of overseeing and supporting the Copyright Office, which is responsible for maintaining records of copyright registrations and is an influential voice in the crafting, and even interpretation, of copyright policy. The Registrar has complained that she is not getting the resources she needs to modernize the Office, including long-overdue efforts to bring early Copyright Catalogs online. Some misguided legislators think that solution is to move the department altogether. That’s a bad idea, as we explain in another post: the Copyright Office belongs in a library. But it surely deserves the technological resources it needs to do its job.
  • It could improve access to the Congressional Research Service, which produces non-partisan informational reports for legislators. Those reports are tremendously valuable to the public, but they are only inconsistently available—there is no centralized public collection or catalog. As the New York Times notes, that is absurd.More broadly, the Librarian of Congress could serve as a zealous advocate for user's rights.One important area for Librarian input is the rulemaking process for temporary exemptions to section 1201 of the DMCA—this is the process by which jailbreaking or unlocking cell phones gets temporary clearance, for example, and where we're currently fighting to get new rules for repairing and modifying cars, bringing abandoned video games back online, ripping video streams, and more. The Copyright Office runs the rulemaking, and the Librarian generally, but not always, defers to its judgment. A Librarian that was engaged on users rights could be a much more active voice in that process.

The Librarian of Congress could also be our foremost advocate for libraries across the country. She could help shape an orphan works proposal that was responsive to the needs of the millions and millions of users of copyrighted works, not just a few influential rightsholders. The next Librarian of Congress could throw institutional support behind executive efforts to support encryption and privacy technologies.

Jessamyn West, the librarian whose Librarian of PROgress campaign has become a focal point for this discussion, has been a leading voice on what we can hope for in, to use her term, the #nextLoC. In a post last week, she laid out a wishlist of what she and other members of the library community would like to see.

As she notes, these priorities could certainly match those of somebody who already works in a library—perhaps unsurprisingly, the American Library Association too has advocated that President Obama nominate a professional librarian for the position. But they could also come from somebody who is simply passionate about users rights. Free speech, privacy, and intellectual freedom are core values of both EFF and librarians everywhere, and we can always use another well-placed advocate. We urge the president to choose one.

Related Issues: DMCA RulemakingFixing Copyright? The 2013-2015 Copyright Review Process
Share this:   ||  Join EFF
Categories: Aggregated News

German Authorities Investigate Surveillance Leaks

eff.org - Thu, 23/07/2015 - 06:07

[Correction 7/22/15: The original version of this article stated that the German security services were pressing charges against the blog Netzpolitik.org for publishing articles regarding Internet surveillance. The charges are currently believed by Netzpolitik.org to be aimed at the source of the leaks, not Netzpolitik.org itself. We've corrected the text of the article below, and changed the title and URL of this piece to reflect this change. While it is now less directly relevant to what is known of the Netzpolitik investigation, we've kept the discussion of the legal and global protections against the prosecution of journalists for publishing state secrets. We have posted the original article in its entirety below this revision for reference. We regret the inaccuracy of the original post. ]

The German domestic security service has urged the Federal Public Prosecutor to consider charges of treason as a result of two articles posted earlier this year by Netzpolitik.org, one of Germany’s most influential digital rights blogs. The articles reported on leaked documents regarding the German government’s mass surveillance plans. The German criminal code considers the leaking of state secrets to a foreign power, or to anyone else with the intention of damaging the Republic to be treason: the crime can be punished with up to five year's imprisonment.

According to a statement from the Netzpolitik.org, “We have reported on [mass surveillance] because we deem it necessary to start a social debate.” As the blog further stated:

“These investigations are an attack on the freedom of press and an unacceptable attempt to intimidate against sources and whistleblower concerning a topic which about the public would be furthermore duped and sealed off from without Edward Snowden’s courage."

The first article [English translation here], published back in February, reported on the German government’s plans to collect and monitor masses of Internet data—including social media data—and on the government’s “secret budget” for the program. The article notes that the German government’s plans mimicked the mass data acquisition by the NSA and includes the full text of a leaked secret surveillance budget from 2013. The second article [English translation here], published in April, reported on the German secret service’s plan to set up a new Internet surveillance department dedicated to improving and extending the government’s mass surveillance capabilities—the “Erweiterten Fachunterstützung Internet” or “Extended Specialist Support Internet” department. The German-version of the article includes the full text of a leaked document describing the government’s plans for the new unit.

Netzpolitik learned of the investigation from a radio news story. The case was later confirmed by a Federal Prosecutor's office spokesperson. Under German law, public prosecutors have an obligation to investigate crimes reported to them.

Courts in the United States have long recognized the importance of allowing the press—including blogs—to report freely on leaked government documents involving matters of public concern. Back in 1971, in the seminal Pentagon Papers case, the U.S. Supreme Court struck down an attempt by the U.S. government to bar publication of information of great public concern obtained from documents allegedly obtained illegally by a third party, writing that “Only a free and unrestrained press can effectively expose deception in government.” New York Times Co. v. United States, 403 U.S. 713, 717 (1971).

The United Nations General Assembly, too, has recognized the importance of a free and unrestrained press. According to Article 19 of its Universal Declaration of Human Rights, adopted on December 10, 1948, “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.”

Thirty years later, in 2001, the Supreme Court held that the First Amendment also shields from liability anyone who republishes materials that are a matter of public interest—even if their source obtained the documents in question illegally and even if the republisher knew the documents had been obtained illegally. The Court held that “privacy concerns give way when balanced against the interest in publishing matters of public importance” and that “a stranger’s illegal conduct does not suffice to remove the First Amendment shield from speech about a matter of public concern.” Bartnicki v. Vopper, 532 U.S. 514, 534–35 (2001).

The German experience also reflects this global standard of protection for reporters covering state secrets. Most famously, the early years of the Federal Republic, when politicians orchestrated the raid and arrest of Der Spiegel journalists under a charge of treason for writing about West Germany's defences against Soviet attack, Germans protested with mass demonstrations and riots. The courts refused to consider the charges, and while the newspaper was shuttered for weeks and its reporters held in detention, the Der Spiegel scandal ultimately affirmed Germany's commitment to a free press, and profoundly damaged the careers of the elected officials who originally pushed for the prosecution.

=====

Original Article:

Treason Charges Against German Blog Netzpolitik.org are an Attack on the Free Press

The German domestic security service has pressed charges of treason against Netzpolitik.org, one of Germany’s most influential digital rights blogs, as a result of two articles it posted earlier this year. The articles reported on leaked documents regarding the German government’s mass surveillance plans—a matter of public concern for which Netzpolitik should be commended, not punished, for covering. The German criminal code considers the leaking of state secrets to a foreign power, or to anyone else with the intention of damaging the Republic, to be treason. The crime can be punished with up to five year’s imprisonment.

According to a statement from the Netzpolitik, “We have reported on [mass surveillance] because we deem it necessary to start a social debate.” As the blog further stated:

These investigations are an attack on the freedom of press and an unacceptable attempt to intimidate against sources and whistleblower concerning a topic which about the public would be furthermore duped and sealed off from without Edward Snowden’s courage. (emphasis added). 

The first article [English translation here], published back in February, reported on the German government’s plans to collect and monitor masses of Internet data—including social media data—and on the government’s “secret budget” for the program. The article notes that the German government’s plans mimicked the mass data acquisition by the NSA and includes the full text of a leaked secret surveillance budget from 2013. The second article [English translation here], published in April, reported on the German secret service’s plan to set up a new Internet surveillance department dedicated to improving and extending the government’s mass surveillance capabilities—the “Erweiterten Fachunterstützung Internet” or “Extended Specialist Support Internet” department. The German-version of the article includes the full text of a leaked document describing the government’s plans for the new unit.

Netzpolitik discovered that they were reported to public prosecutors by Germany’s domestic security agency, the Federal Office for the Protection of the Constitution (BfV) from a radio news story. The investigation was later confirmed by a Federal Prosecutor’s office spokesperson. Under German law, public prosecutors have an obligation to investigate crimes reported to them.

Courts in the United States have long recognized the importance of allowing the press—including blogs—to report freely on leaked government documents involving matters of public concern. Back in 1971, in the seminal Pentagon Papers case, the U.S. Supreme Court struck down an attempt by the U.S. government to bar publication of information of great public concern obtained from documents allegedly obtained illegally by a third party, writing that “[o]nly a free and unrestrained press can effectively expose deception in government.”  New York Times Co. v. United States, 403 U.S. 713, 717 (1971)

Thirty years later, in 2001, the Supreme Court held that the First Amendment also shields from liability anyone who republishes materials that are a matter of public interest—even if their source obtained the documents in question illegally and even if the republisher knew the documents had been obtained illegally. The Court held that “privacy concerns give way when balanced against the interest in publishing matters of public importance” and that “a stranger’s illegal conduct does not suffice to remove the First Amendment shield from speech about a matter of public concern.” Bartnicki v. Vopper, 532 U.S. 514, 534–35 (2001).

The United Nations General Assembly, too, has recognized the importance of a free and unrestrained press. According to Article 19 of its Universal Declaration of Human Rights, adopted on December 10, 1948, “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.”

The German experience with the use of treason charges against journalists has reflected this global standard of protection for reporters covering state secrets. Most famously, in the early years of the Federal Republic, when politicians orchestrated the raid and arrest of Der Spiegel journalists under a charge of treason for writing about West Germany’s defenses against Soviet attack, Germans protested with mass demonstrations and riots. The courts refused to consider the charges, and while the news magazine was shuttered for weeks and its reporters held in detention, the Der Spiegel scandal ultimately affirmed Germany’s commitment to a free press—and profoundly damaged the careers of the elected officials who originally pushed for prosecution of the Der Spiegel journalists.

Mass surveillance by a government is undeniably a matter of deep public concern. Netzpolitik should not be punished for reporting on the German government’s plans to surveil—i.e., to spy on—its citizens. Germany's public prosecutor should reject this attempt to intimidate journalists from covering one of the most pressing issues of the day.

Related Issues: Free Speech
Share this:   ||  Join EFF
Categories: Aggregated News

TPP's Copyright Trap

eff.org - Thu, 23/07/2015 - 02:36
Our Last Stand Against Undemocratic International Agreements That Ratchet up Term Lengths and Devastate the Public Domain

Few arguments around copyright are as self-evidently fact-free as the length of its term. Defying economic reasoning, the astonishingly long period of restrictions has only grown over the years, and frequently the newer, longer terms have been retroactively applied to earlier works. The argument against term extension, and retroactive term extension in particular, is so obvious that the Nobel Prize winning economist Milton Friedman reportedly agreed to sign a Supreme Court brief opposing the most recent extension only on the condition that it used the word “no-brainer.”

And yet, copyright term extensions seem to work as a one-way ratchet, increasing every few decades in one country or region, and then getting “harmonized” around the world to match the new maximum. In recent years, those extensions can even be tied to the copyright term of the earliest Mickey Mouse cartoons—a connection that appropriately highlights the role of major corporate lobbying.

But it's not just the Mickey Mouses of the world that get caught in the perpetual extension machine. Our ability to freely build on the most popular media of the generations before us is an important casualty, but it's not the worst one. In its thirst for ever-longer terms, the copyright lobby has jeopardized a century of culture, including a huge number of works that have been “orphaned”—their copyright status is unclear, or the rights holder is impossible to locate, so they cannot be freely archived, built on, or shared.

We've lost a few important battles on copyright term extension in the past—we describe some of these below. But the chance to prevent another round of global copyright term extensions has come around again, as the Trans-Pacific Partnership (TPP) negotiations round their final curve. That's why we're pulling out all the stops to ensure that this time around, the U.S. fails in its attempt to enshrine longer copyright terms around the Pacific rim. It's an ambitious plan, but if we're able to do it, it could spell the end for the copyright ratchet for good.

How Did This Happen?

It wasn't always like this. Two hundred and twenty-five years ago, when the very first U.S. copyright law was signed, it applied to published books, charts, and maps, and terms lasted for just 14 years. In the time since, that has been pushed outward on every axis.

The current term is too long. This point has driven home not just by groups like EFF, but from all sorts of experts. The list include both the current Register of Copyrights Maria Pallante in her proposal for a re-write of the Copyright Act, as well as the previous Register Mary-Beth Peters, who has called the current term length “a big mistake, but one that Congress can make.”

But to pin that mistake on Congress doesn't capture the full picture. It's true that the most recent extension was in part a congressional creation, but the policy laundering mentioned above comes not just from the legislative branch, but also from the executive—frequently in the name of vague trade goals. Supporters of the last major extension, the 1998 Sonny Bono Copyright Term Extension Act, cited a need to “harmonize” with the European Union, despite widespread protests that the global international standard term at the time, life of the author plus fifty years, were already excessive.

Seventeen years later, the TPP represents the continuing attempt to will that standard upwards to life-plus-seventy. Six of the twelve countries negotiating the TPP have life-plus-fifty copyright terms that would be out of compliance with the new de facto “standard” revealed in leaked drafts of the agreement's “Intellectual Property” chapter.

Congress made a mistake extending the U.S. copyright term in 1998—but even today, the U.S. threatens to export that mistake to other countries, without even the pretense of a democratic debate.

Supreme Court Battles

Unfortunately, we also know that term extensions once granted are extremely difficult to reverse. That's why it's called a “ratchet”—the length only goes up. In the U.S., the 1990s copyright extensions faced two major challenges that went up to the Supreme Court. A 2003 case, Eldred v. Ashcroft, challenged the very constitutionality of the change, arguing that it represented an overreach of congressional powers to grant copyright only for “limited times.”

A second case, Golan v. Holder, addressed an international harmonization that pulled works—including classic Hitchcock films, Metropolis, and The Third Manout of the U.S. public domain. The plaintiffs argued that their First Amendment rights to freely use public domain works were restricted once those works were subject to a new copyright status.

Both of these cases attracted massive support from experts, including some of the world's top economists and legal scholars. But each one resulted in a disappointing decision upholding the extensions.

The Facts on the Ground

There's a simple (but false) argument in favor of term extensions: that a longer term creates a greater incentive to produce new works. The problem with that line of reasoning is that, while it may be true for very short terms, it simply does not apply to the massively distended terms we currently face. People may choose to invest more time progressing art and science if they have a monopoly on their work for, say, five years instead of six months. But even if decades of exclusive rights after your own death provides any incentive, that value is too tiny to move the needle, and it comes at a great cost.

Both sides of this inequality—the value of longer copyright terms, and the cost to the public of the public domain held hostage—can be measured. If facts were allowed into the debate on copyright term, Congress would be interested to know that an empirical study calculating the optimal copyright term to incentivize the most works found that the maximum comes at about 14 years—remarkably close to the original U.S. copyright term.

A fact-based Congress would also look to the costs of keeping things out of the public domain: that copyright terms have resulted in a “missing 20th century” of books, with Amazon carrying over twice as many newly published books from (copyright-free) 1850 than from (copyright-bearing) 1950. That public domain images contribute some $250 million of value to Wikipedia each year, and (again, empirically) have been shown to produce articles that are more frequently edited, more commonly read, and of higher overall quality.

Disney can send lobbyists to Congress, and even to international venues, to promote longer terms. The public's representative in those exchanges is supposed to be the elected official. But over and over again, the result has been that the public's viewpoint doesn't get represented at all.

The Public Domain and the Copyright Trap

In the U.S., our public domain is a sorry shadow of what it could be. Since the 20-year retroactive extension went into effect, no published works have entered the public domain through copyright expiration. We can point to the abstract value of the public domain, but we cannot even imagine what might have come of some 17 years of experimentation in precisely the era where creation and publishing tools are more accessible than ever.

We lose the creativity that would take the form of building on top of works in the public domain. We lose access to works that have been orphaned, with no clear owner but a cloud of legal uncertainty that makes preservation too risky.

It doesn't have to be this way, and we certainly don't have to export this legislative disaster. The U.S. shouldn't be pushing for ever-longer terms in unaccountable deals, or force representatives to use their countries' public domains as bargaining chips in sprawling international agreements. Over the next several weeks, we'll be demonstrating the danger of this copyright trap—and we'll give people around the world a chance to speak up and fight back.

We're beginning this fight here at home. If you're an American, we ask that you take a stand today against the U.S. trade administration's plans by urging the U.S. Copyright Office to reaffirm its call for balanced policy to a U.S. Trade Rep that is pushing for an extension that would be anything but. You can make it clear: you don't want our country locked into these excessive terms, or to export them around the world.

On our TPP's Copyright Trap page we link to more articles about how the threat of copyright term extension under the TPP impacts users around the world.

Related Issues: InternationalTrans-Pacific Partnership AgreementTPP's Copyright Trap
Share this:   ||  Join EFF
Categories: Aggregated News

Jeep Hack Shows Why the DMCA Must Get Out of the Way of Vehicle Security Research

eff.org - Wed, 22/07/2015 - 11:43

Security researchers Charlie Miller and Chris Valasek have once again exposed automobile security flaws that allow attackers to take over a vehicle’s crucial systems. In their latest work, they learned how an attacker could remotely control a car over the Internet.

Vehicle manufacturers dismissed prior warnings about flawed security by claiming [PDF] that the exploits relied on physical access to the car. But it has long been known that vehicles’ wireless systems (such as Bluetooth) contain vulnerabilities that would allow a malicious hacker to gain access to critical vehicle functions.

Miller and Valasek took it one step further, revealing one dramatic way that drivers have been left vulnerable in manufacturers’ race to connect vehicles to the Internet. This particular vulnerability relates to Chrysler’s Uconnect system, but it would be naive to imagine that no other vehicles have similar vulnerabilities.

One major reason that serious vulnerabilities have gone undisclosed and unfixed is that laws like Section 1201 of the Digital Millennium Copyright Act chill independent security research. That’s why we filed for an exemption to Section 1201 that would specifically protect security and safety research on vehicle software from DMCA liability. The automakers showed up in force to oppose it (including the “Auto Alliance” trade group, of which Fiat Chrysler is a member), arguing that there was no need for independent security research and that they had the legal right to shut it down – even when researchers only look at code on vehicles they own. We think Miller, Valasek, and other researchers have amply shown the need for independent vehicle security research.

We also asked for a second DMCA exemption for vehicle software, one that would allow competition in the vehicle software space (as well as repairs and customization). If that exemption is granted, an alternative software provider could enter the market to secure your vehicle and you might decide you have more faith in them than in the original manufacturer (or they might offer better functionality, or they might protect your privacy against invasive data collection by auto manufacturers). We would at least see the possibility of competition leading to better practices and spurring innovation among manufacturers.

The Librarian of Congress will issue a final rule this Fall and we are hopeful that he will grant exemptions that bring greater legal certainty to important research and remove Section 1201 as a barrier to innovation, competition, and user choice.

Related Issues: Fair Use and Intellectual Property: Defending the BalanceDefend Your Right to Repair!DMCARelated Cases: 2015 DMCA Rulemaking
Share this:   ||  Join EFF
Categories: Aggregated News

Stop CISA: Join EFF in a Week of Action Opposing "Cybersecurity" Surveillance Legislation

eff.org - Wed, 22/07/2015 - 10:06

How do you kill a zombie bill like CISA? Grassroots action. That's why EFF and over a dozen other groups are asking you to join us in a Week of Action to Stop CISA.  The Senate is likely to vote on the Cybersecurity Information Sharing Act (CISA) in the coming weeks, and only you can help us stop it.

We keep hearing that CISA and the other "cybersecurity" bills moving through Congress are “must-pass” legislation. But just like the original version of CISA, the Cyber Intelligence Sharing and Protection Act (CISPA), we think grassroots activism can stop this legislation in its tracks.

CISA is fundamentally flawed because of its broad immunity clauses for companies, vague definitions, and aggressive spying powers. Combined, they make the bill a surveillance bill in disguise. The bill may even make things worse for Internet users in several ways. That’s why we’re launching a week of action to make sure Congress is getting the message loud and clear:  CISA must not pass.

The Week of Action

EFF and our allies have been hard at work fighting Congress’ cyber surveillance bills. But the most important voices are yours. Here’s how to help:

  1. Visit the Stop Cyber Spying coalition website where you can email and fax your Senators and tell them to vote no on CISA.
  2. While you’re there, use a new tool developed by Fight for the Future to fax your lawmakers directly from our coalition website. We want to make sure they get the message.
  3. Check out our AMA on Reddit on Wednesday July 29 at 10am ET/7am PT with EFF, Access, Fight for the Future, and the ACLU and let your friends know about it.
  4. Help us spread the word. After you’ve taken action, tweet out why CISA must be stopped with the hashtag #StopCISA. Use the hashtag #FaxBigBrother if you want to automatically send a fax to your Senator opposing CISA. If you have a blog, join us by publishing a blog post this week about why you oppose CISA, and help us spread the word about the action tools at https://stopcyberspying.com/. For detailed analysis you can check out this blog post and this chart.

With your help, we’ll make sure Congress gets the message: now more than ever, we don’t need more cyber surveillance. We need better security. CISA must be defeated because it may make things worse for Internet users in several ways:

New and Invasive Tools for Companies

CISA allows companies to monitor their information systems for broadly-defined threats. Moreover, and equally alarming, the bill authorizes companies to launch countermeasures against perceived attackers, without any safeguards. While it prohibits measures that cause “substantial harm,” it’s unclear exactly what substantial is, leaving open the possibility of measures that cause a significant degree of harm. A letter sent in March by over 25 groups opposing CISA pointed out that, “CISA permits companies to recklessly deploy countermeasures that damage networks belonging to innocent bystanders.”

Overbroad definitions

As if the new authorities weren’t enough, the bill’s broad definitions grant companies even more discretion to decide when to go on the offense against perceived threats. For example, "cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of information or an information system.

Cyber surveillance (with the help of the NSA)

Not only does CISA grant companies more power to obtain “cyber threat indicators" and to disclose that data to the government without a warrant—it requires real time sharing of that information to military and intelligence agencies, including the NSA. In other words, cyber threat indicators shared with any agency would be automatically shared with the NSA—all without requiring companies to strip out personally identifying information.

To make matters worse, CISA grants the government too much discretion in how to use the information for non-cybersecurity purposes. It also contains exemptions to the Freedom of Information Act, which will keep the public in the dark about what information is being collected, shared, or used.

Near-Blanket Immunity

Finally, CISA would create incredibly broad immunity for companies that engage in any of the activities authorized by the bill. This is especially concerning because of the bill’s lack of protection for private information and the ability to launch countermeasures. Any company that merely does significant (but not “substantial”) harm to innocent people or machines will not be liable in court.  

Participating organizations (updated on a daily basis throughout the week)

  • Access
  • ACLU
  • American Library Association
  • Association of Research Libraries
  • The Center for Democracy and Technology
  • The Constitution Project
  • EFF
  • Fight for the Future
  • Free Press
  • Freedom of the Press Foundation
  • Gandi
  • Media Alliance
  • Namecheap
  • National Association of Criminal Defense Lawyers
  • New York Tech Meetup
  • The New America Foundation
  • The Niskanen Center
  • Private Internet Access
  • The Sunlight Foundation
  • The X-Lab

    Share this:   ||  Join EFF
    Categories: Aggregated News

    EFF to Commerce Department: We Must Revise Overbroad Export Control Proposal

    eff.org - Wed, 22/07/2015 - 09:18

    EFF has long advocated for greater vigilance over the potential sale of specially-developed surveillance tools to oppressive regimes that use technology to commit human rights abuses. We want those countries to be held legally accountable for such conduct, and have rallied tech companies to take steps to prevent their products and services from being used for censorship and/or to target and harm activists.

    But when we saw the proposal of the Bureau of Industry and Security (BIS) at the U.S. Commerce Department for implementation of the latest changes to the Wassenaar Arrangement export controls—which would require export licenses for the sale of certain surveillance technology—we saw that the BIS had drafted a vague, overbroad, and contradictory set of rules that have the potential to chill legitimate research into security vulnerabilities that will keep data and devices secure from attacks.

    EFF joined a coalition of six advocacy organizations, including Human Rights Watch and the Center for Democracy & Technology, to submit comments this week to BIS urging the government to narrow the rules to focus exclusively on technology designed for government end users or for military or law enforcement end uses, while ensuring that the general-purpose tools we all depend on for our security aren’t swept up in overbroad regulations.

    The goal should be to make it tougher for repressive regimes and criminals to get their hands on and use purpose-built surveillance technologies to target activists and interrupt the free flow of information, without harming distribution of penetration testing and network security tools, we told the Commerce Department.

    The Wassenaar Arrangement is a multi-national agreement intended to control the export of certain "dual-use" technologies. It's a voluntary agreement among 41 participating states that mostly regulates the export of guns, other weapons (such as landmines), and their components (such as fissile material). In December 2013, the list of controlled technologies was amended to include surveillance systems for the first time, in response to reports linking exports of Western surveillance technologies to human rights abuses in countries such as Bahrain and the UAE, Turkmenistan, and Libya.

    In May BIS published its proposed implementation of the 2013 changes, and we were troubled by the vague and overbroad language and definitions of intrusion software that appeared to sweep up many of the common and perfectly legitimate tools used in security research.

    BIS last month released a FAQ that addressed some of our concerns about whether the proposed rules incorporate exemptions for technology in the public domain. But the FAQ failed to ease our concerns about whether, under the proposal, companies would be required to share their zero-day exploits with the government in order to get a license.

    We have urged the Commerce Department in our joint comment to avoid ambiguity and clearly spell out that cybersecurity software and technology generally available to the public are exempt from licensing and tailor the licensing process specifically to human rights concerns.

    “We believe it’s possible for the government to craft a final rule that is narrowly tailored to address the human rights concerns raised by the spread of surveillance technologies without adversely affecting a variety of additional technologies, including important research and testing tools,” we told the government.

    EFF submitted a separate comment of its own urging the Commerce Department to take bold action and eliminate encryption items from export regulation before proceeding with implementation of Wassenaar and revise the proposed rules and reopen a second public comment period. We also strongly encourage the agency to carefully consider constitutional due process and First Amendment implications of any vaguely-worded agreement that would act as an illegal prior restraint on the spread of knowledge

    Files:  Joint Wassenaar Comments EFF Wassenaar CommentsRelated Issues: Export ControlsInternationalSecurity
    Share this:   ||  Join EFF
    Categories: Aggregated News

    Malaysia Drops the Pretense of Not Censoring the Internet

    eff.org - Wed, 22/07/2015 - 06:33

    In 2011, Malaysian Prime Minister Najib Razak promised that Malaysia would never censor the Internet. Speaking at the first Malaysian—ASEAN Regional Bloggers Conference, Najib said: “I have no doubts whatsoever that Malaysia has one of the liveliest blogospheres in the world. And definitely one of the freest if not the most free…[former Prime Minister Dr. Mahathir Mohamad] made the promise to the world that Malaysia would never censor the Internet. My government is fully committed to that wisdom. We intend to keep his word.”

    Four years later, beleaguered by allegations that $700 million in funds were suspiciously transferred from a Malaysian state investment fund into his personal bank account, Najib went back on that promise.

    Blocking of the Sarawak Report

    The UK-based news website the Sarawak Report was blocked in Malaysia on July 19, 2015 upon orders from the Malaysian Communications and Multimedia Commission (MCMC). The site remains inaccessible from within the country unless users access the site on their mobile phones or via a VPN. The MCMC ordered Malaysia’s Internet service providers to take the site down after it published news on the bank transfer allegations, though reports suggest the block has been unevenly enforced.  The MCMC's rationale for their order was that the site has published “unverified information” and posed a threat to “national security.”

    This is the first time Malaysia has publicly acknowledged blocking a political website, and it is particularly notable because the case strikes at the heart of political corruption within the country.

    The story surrounding the suspicious bank transfer initially broke on July 2, when the Wall Street Journal and Sarawak Report published the result of an investigation into a Malaysian investment fund, 1Malaysian Development Berhad (1MDB). The investigators found that hundreds of millions of dollars had been funneled into the private accounts of Najib Razak and his wife, Rosmah Mansor.

    Since then, Najib has responded assertively to the accusations, with his legal representative calling the Wall Street Journal article “political sabotage” and stating that the allegations are “neither here nor there.” Meanwhile, police have launched an investigation into the source of the leaked documents and the “possibility of a conspiracy to subvert Malaysia’s democratic process and topple the prime minister,” according to Inspector General of Police Khalid Abu Bakar. The editor of the Sarawak Report also reported being harassed and stalked by people believed to be employed by United Malays National Organisation (UMNO), the ruling political party in Malaysia.

    Censorship Comes Out Into the Open

    The government's censorship of the Sarawak Report is remarkable both for its unapologetic execution and for its blatant political character, but it is hardly the first time that the government or its supporters have censored Malaysia's Internet—whether openly or less so. During the 2013 general election, strong evidence emerged of Malaysian ISPs throttling access to alternative news portals and pro-opposition content on YouTube. However, when confronted with this evidence, the MCMC denied that any such restrictions had been put in place and simply blamed the outages on congestion.

    The following year, the BBC reported on the Malaysian Prime Minister's response to complaints about raises in the cost of basic goods and services, such as fuel and electricity—to which he responding by simply pointing out that the price of Chinese water spinach, kangkung, had lately fallen. The story went viral, spawning all manner of video parodies and image memes. Embarrassed, government ministers began to call for crackdowns on the phenomenon, only to be stymied by the government's promise that there would be no censorship of the Internet.

    Or were they? Despite the promises, users soon began to share reports about difficulties they had in attempting to access the embarrassing BBC report. Investigations by Malaysian transparency NGO Sinar Project revealed that indeed, it did appear that Malaysian ISPs were blocking or throttling access to the report. Sinar Project not only meticulously documented their findings, but they even released their tools on Github to allow others to replicate their investigation. Yet, once again, the government denied all responsibility for the outages.

    Given this history, it seems highly likely that the blocking of the Sarawak Report is not the first time Malaysia has engaged in political censorship of the Internet—it is merely the first time that the government has openly admitted to it.

    Legal Status of Censorship Under Malaysian Law

    The MCMC has claimed that the temporary block of the Sarawak Report was carried out under the Communications and Multimedia Act of 1998, but Malaysian law does not sanction the censorship of online websites. Specifically, the MCMC referred to Sections 211 and 233 of the Act, which prohibit the provision of “content which is indecent, obscene, false, menacing, or offensive” as well as the “improper use of network facilities or network service.” However, while both of these Sections provide for fines as a penalty for violations of the law, they do not provide for blocking or taking down websites.

    Though the ban reflects Malaysian authorities are increasingly finding extralegal online censorship to be within their comfort zone, the unsophisticated methods of blocking have made circumvention relatively easy for Malaysians. The Sarawak Report created a new URL, sarawak-report.org, that appears to be accessible, even as their main address, sarawakreport.org, is blocked. The block also does not appear to impact browsing from mobile devices.

    Sarawak Report readers appear well-versed in circumvention practices, if the comments on the site’s Facebook page are any indication. (Readers have suggested a wide variety of VPNs, Tor, and web-based proxies to get around the block. For more on these circumvention tools, check out EFF’s Surveillance Self-Defense page on circumventing online censorship.) Yet, even poorly executed online censorship is cause for concern—especially where, as here, it seems to mark a growing willingness to bend the law when deemed to be politically expedient.

    Related Issues: Free SpeechInternational
    Share this:   ||  Join EFF
    Categories: Aggregated News

    PSA: Shipping and Transit, LLC and Electronic Communication Technologies LLC Are Not New Players To the Patent Troll Game

    eff.org - Wed, 22/07/2015 - 05:45

    Have you recently received a patent demand letter or been hit by a lawsuit from either “Shipping and Transit, LLC” or “Electronic Communication Technologies, LLC”? Despite their current SEO-unfriendly names that make it difficult to find information, we want you to know that there’s lots of information out there related to these trolls, just under different names. 

    It is important that those on the receiving end of these trolls’ patent demands can find the resources they need. To that end, more information useful against both of these trolls can be found by searching for ArrivalStar (instead of “Shipping and Transit, LLC”) or Eclipse IP (instead of “Electronic Communication Technologies LLC”). And even though the names are different, the documents linked below show that for practical purposes the new trolls are closely related to the old trolls.

    The connection between ArrivalStar and Shipping and Transit, LLC is not clear. Information about ArrivalStar S.A. and Melvino Technologies, Ltd, respectively (collectively, “ArrivalStar”) is hard to come by. According to a recent ArrivalStar complaint, ArrivalStar S.A. is based in Luxembourg and Melvino in the British Virgin Islands. Other ArrivalStar litigation documents indicate that Peter Sirianni and Martin Kelly Jones were affiliated with ArrivalStar. Mr. Sirianni’s affiliation with ArrivalStar goes back to at least 2012: he signed a court document on behalf of ArrivalStar, indicating he is an officer or agent of ArrivalStar. Jones is a named inventor on ArrivalStar’s patents, and a litigation document indicates he was a witness on behalf of ArrivalStar back in 2008.

    A recent district court filing reveals that Shipping and Transit, LLC is now the owner of the patents previously licensed and owned by ArrivalStar. According to a document filed with the Florida Secretary of State, Shipping and Transit LLC’s members are Peter Sirianni and Martin Kelly Jones. Based on these documents, we believe that although there was likely a technical change in “ownership,” the people "authorized to manage" Shipping and Transit, LLC appear to be the same people that were associated with ArrivalStar.

    As for Electronic Communication Technologies, LLC, the connection to the well-known troll Eclipse IP is easier. A document filed with the Florida Secretary of State shows that Eclipse IP merely changed their name to Electronic Communication Technologies, LLC.

    It’s also worth noting that the ArrivalStar and Eclipse IP share personnel and an address. Documents show that Peter Sirianni is currently affiliated with both Shipping and Transit, LLC and Electronic Communication Technologies LLC. In their state corporate filings, the two companies both list Mr. Sirianni as a member or authorized representative and the companies have the same address in Boynton, Florida as their principal address. The relationship apparently goes back further. A Florida Secretary of State filing shows Peter Sirianni’s affiliation with Eclipse IP goes back to at least to 2010. The filing states that Mr. Sirianni is a manager of Eclipse IP.  In addition, the prosecuting attorney for ArrivalStar’s patents is the attorney-inventor of Eclipse IP’s patents.

    We don’t know why ArrivalStar sold its patents to Shipping and Transit, LLC, or why and Eclipse IP changed its name to Electronic Communication Technologies LLC. But we do know that it decreases the visibility of the previous entities’ trolling campaigns when people search for information on the Internet using the new generic names. Hopefully this post will help people find the information they need.

    Below we’ve included data and links to some important information for both ArrivalStar (Shipping and Transit, LLC) and Eclipse IP (Electronic Communication Technologies LLC). We encourage people to link to this page, increasing the visibility of the links between the former entities (ArrivalStar and Eclipse IP) with the new entities (Shipping and Transit, LLC and Electronic Communication Technologies LLC, respectively). 

    ArrivalStar/Shipping and Transit, LLC Information

    Known U.S. Patents or Applications: 5,400,020; 5,444,444; 5,623,260; 5,648,770; 5,657,010; 5,668,543; 6,278,936; 6,313,760; 6,317,060; 6,363,254; 6,363,323; 6,411,891; 6,415,207; 6,486,801; 6,492,912; 6,510,383; 6,618,668; 6,683,542; 6,700,507; 6,714,859; 6,741,927; 6,748,318; 6,748,320; 6,763,299; 6,763,300; 6,804,606; 6,859,722; 6,904,359; 6,952,645; 6,975,998; 7,030,781; 7,089,107; 7,191,058; 7,400,970; 60/039,925; 60/115,755; 60/122,482.

    Known Foreign Patents and Applications: AT 257265; ?AT 273547;? AU 2608700;? AU 3393300; ?AU 3998401; ?AU 6284999;? AU 6404799; ?AU 6453598; ?AU 7391696;? BR 0007537;? BR 0008670; ?BR 9808005;? CA 2267206;? CA 2283239;? CA 2360288; CA 2363556;? CA 2521206;? CA 2528647;? CN 1345413;? DE 60104824; DE 69631255; EP 0929885; ?EP 0966720;? EP 1261902; ?EP 1264296; MXPA01008914; WO 9814926; WO 0019171; WO 0019170.

    Known litigation in the United States filed by ArrivalStar or Shipping and Transit, LLC (login required).

    EFF articles related to ArrivalStar/Shipping and Transit, LLC:

    Documentation of change of ownership of patents from ArrivalStar to Shipping and Transit, LLC.

    Link to ArrivalStar, now Shipping and Transit, LLC, information at Trolling Effects. 

    Eclipse IP/Electronic Communication Technologies LLC Information

    Known U.S. Patents or Applications: 7,119,716; 7,064,681; 7,319,414; 7,479,899; 7,113,110; 7,482,952; 7,561,069; 7,479,900; 7,876,239; 7,479,901; 7,504,966; 7,538,691; 7,528,742?; 8,068,037; 8,232,899; 8,242,935; 8,284,076; 8,368,562; 8,362,927; 8,564,459; 8,711,010; 8,531,317; 9,013,334; 9,019,130; 14/590,528; 14/592,199; 14/635,380.

    Known Foreign Patents and Applications: None.

    Known litigation in the United States filed by Eclipse IP (as of July 20, 2015, it does not appear that Electronic Communication Technologies LLC has filed any lawsuits in its own name) (login required).

    Decision invalidating certain claims of U.S. Patent Nos. 7,064,681; 7,113,110; and 7,119,716 for failing to recite patentable subject matter under 35 U.S.C. § 101.

    EFF articles related to Eclipse IP/ Electronic Communication Technologies LLC:

    Documentation of name change from Eclipse IP to Electronic Communication Technologies LLC.

    Link to Eclipse IP, now Electronic Communication Technologies LLC, information at Trolling Effects.

    Files:  ArrivalStar Assignment of Patents to Shipping and Transit, LLC ArrivalStar Motion to Change Case Caption ArrivalStar Response to Motion to Compel ArrivalStar v. Connected Telematics Complaint ArrivalStar v. Meitek Interrogatory Responses Eclipse IP 2010 Florida SoS Record Eclipse IP 2015 Florida SoS Record Changing Name to ECT LLC Shipping and Transit LLC Florida SoS RecordRelated Issues: PatentsPatent TrollsInnovation
    Share this:   ||  Join EFF
    Categories: Aggregated News

    FilmOn Can Use Cable Systems’ Copyright License to Stream Broadcast TV

    eff.org - Tue, 21/07/2015 - 08:52

    Lots of our TV-watching comes over the Internet today. Series programming, reality shows, movies, and even sports are available through Internet-based subscription services—nearly everything except for broadcast TV. That’s because many broadcast stations, whose signals go out over the public airwaves for all to receive, have fought tooth and nail in the courts to keep their signals off of the Internet. Internet subscription services like ivi, FilmOn, and Aereo that agreed to follow the same rules, and pay the same copyright royalties, as traditional cable systems have up to now been denied.

    Last week, a court broke new ground. Judge George W. Wu of the U.S. District Court for the Central District of California ruled that TV streaming service FilmOn (which previously went by the names “Aereokiller” and “BarryDriller”) was identical to a cable system for purposes of copyright, and can stream local broadcast channels, including affiliates of NBC, ABC, CBS, and Fox, as long as it pays the fees set by law. This sensible ruling rejects the Internet-phobic position taken by broadcasters and the U.S. Copyright Office, a position that privileges established players like Comcast/NBCUniversal while locking out newer competitors.

    For most people in the U.S., it’s hard if not impossible to get local broadcast TV stations over the Internet. Movies, national TV, and some sports are available through subscription services, but local TV news and weather, local advertising, and community programming usually require an old-fashioned “rabbit ears” antenna on the TV, a roof antenna, or a portable TV set. Of course, the technology to send local broadcast TV to our Internet-connected devices has been around for a while. It’s the same technology that powers services like Netflix and Hulu. Copyright law, not technology, has been the barrier.

    Copyright applies when shows are transmitted “to the public” by cable systems, meaning that cable operators need a license from copyright holders. But copyright law also includes a way for cable systems to get permission to transmit copyrighted programs to subscribers, by following some specific rules and paying a royalty set by the government. That mechanism, known as Section 111, applies to any “facility” that “receives signals” from broadcast TV stations and “makes secondary transmissions” of those signals to paying subscribers.

    Although the law was passed in 1976 with traditional cable systems in mind, nothing in the law says that Internet-based streaming services can’t be considered “cable” systems that are eligible to use the Section 111 license. But several courts have ruled that streaming services that want to retransmit broadcast TV can’t use the license - instead, they would have to negotiate with the copyright holders for every show and every commercial that gets broadcast, something that Congress recognized as practically impossible.

    Starting in 2012, Aereo tried another route: assigning each subscriber an individual, tiny antenna in an attempt to avoid comparisons with a cable service, and thus avoid having to get permission at all. It didn’t work. Last year, the Supreme Court ruled that Aereo was similar enough to a cable system that it was infringing copyright without a license from the TV studios. The Supreme Court emphasized that Aereo behaved like a cable business regardless of whether it used Internet streaming, but the trial court later ruled that Aereo still couldn’t use the license that Congress designed for cable systems. Out of options, Aereo declared bankruptcy late last year.

    The courts left streaming services for broadcast TV in a double bind: they need to get permission from rightsholders, but they can’t get that permission using the streamlined method that Congress created. In practical terms, that means traditional cable systems (primarily large incumbents like Comcast, Time Warner Cable, Cablevision, and Cox) can retransmit broadcast TV to paying subscribers, but newer competitors that use streaming can’t. Protected against competition from streaming technology, cable subscription prices continue to climb.

    Last week’s decision came down on the side of innovation and competition. Judge Wu pointed out that a “facility” that receives broadcast signals and sends them on to subscribers need not be a traditional cable system—an Internet streaming service fits that description too. He pointed out that the Supreme Court, in Aereo’s case, considered cable and streaming services to be extremely similar. And he pointed to many statements by the Supreme Court and other courts that Congress is where the impact of new technologies on copyright should be worked out. He concluded that FilmOn was free to follow the same copyright rules as cable systems, pay the same royalty rates to copyright holders, and stream broadcast TV stations, just like a cable system.

    If it’s upheld, this decision means that other streaming video services like Netflix, Amazon, and Hulu, as well as small businesses and community organizations, can get in the business of helping people watch their local TV stations. Smaller broadcasters and smaller cable operators will likely support the decision (just as many of them supported Aereo at the Supreme Court). That’s because the ability to use Internet streaming in place of traditional cable transmissions gives smaller cable systems more technological options and may help them compete against the giants. And local broadcasters, especially those not owned by national conglomerates, stand to gain from getting their signal out to more people who might have poor TV reception where they live, or prefer to watch on Internet-connected devices.

    Naturally, major broadcasters like Fox have vowed to appeal this ruling. If history is any guide, we can expect statements from some corners of the entertainment industry about how sending free-to-air TV signals over (gasp) the Internet will destroy the television business. In fact, all it will destroy is existing cable and satellite systems’ comfortable position as the only ones who can transmit broadcast TV for a fee. That’s a positive step, and that’s why Judge Wu’s sensible decision should be upheld.

    Related Issues: Fair Use and Intellectual Property: Defending the BalanceRelated Cases: WNET v. AereoFox v. Aereokiller
    Share this:   ||  Join EFF
    Categories: Aggregated News

    Ethiopian Arrests for Internet Security Training Undermine Right to Privacy

    eff.org - Tue, 21/07/2015 - 04:01

    UPDATE: The Lideta Federal High Court today rejected evidence submitted by Zelalem and his colleagues and postponed a verdict in their case until August 21. The defendants had to appear in court without legal representation, since their lawyer had his license revoked by the Ministry of Justice last week. The rejection suggests the Court is likely to accept the prosecutor's evidence, which was gathered after the defendants were taken into custody. If found guilty, they may appeal their sentence.

    The simple act of taking steps to protect oneself online is enough to send a journalist to jail, according to charges issued by Ethiopian prosecutors in several cases to be heard this week. An Ethiopian court will soon hand down verdicts in a number of cases where criminal charges could be assessed for attending or applying to attend Internet security training.

    Five of the Zone 9 bloggers (four of whom are in prison and one who is being tried in absentia) will face a long-awaited verdict in the case on July 29 after the court adjourned a planned hearing on July 20. Seven of the bloggers were arrested under criminal and anti-terrorism charges for acts that include participating in online security training sessions where they learned how to use encryption technologies such as Tactical Tech and Front Line Defenders’ Security in a Box guide. As evidence for their alleged crimes, prosecutors submitted widely available documents including Security in a Box: Tools & Tactics in Digital Security as well as guides on secure passphrases and message encryption to make their case against the bloggers much like EFF’s own Surveillance Self-Defense.

    If convicted, the mandatory sentence in Ethiopia for terrorism and incitement offenses is a minimum of eight years—however hope remains that the court will exonerate the bloggers in the absence of substantive evidence to support the charges, according to Zone 9 founding member Endalk Chala. Already five of the bloggers were released last week, which some have attributed to anticipation of a visit by President Barack Obama at the end of the month.

    In another group of cases, Yonatan Wolde, Abraham Solomon, Bahiru Degu, and Zelalem Workagenhu are facing charges for applying to attend an Internet security and social media training session abroad. All four were detained on July 8, 2014, along with six other locally-based opposition politicians, social media activists, and youths, on suspicion that they have links to the diaspora-based opposition group Ginbot 7. Zelalem, who was the co-organizer of the training session, is also charged with using social media to oust the government and sending reports that appeared on independent Ethiopian satellite service ESAT tv. They will appear in court on July 22 to hear a verdict.

    The regularity of these arrests suggests a concerning trend, in which journalists are being arrested for the suspicion of what they might say or do and detained without any substantive evidence to support their crimes. The United Nations Special Rapporteur on Freedom of Expression David Kaye said in a recent report that not only do such charges “fail to meet the standards for permissible restrictions,” states like Ethiopia “…undermine the rights to privacy and freedom of expression when they penalize those who produce and distribute tools to facilitate online access for activists.”

    “Encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age. Such security may be essential for the exercise of other rights, including economic rights, privacy, due process, freedom of peaceful assembly and association, and the right to life and bodily integrity,” Kaye said in the report.

    Encryption is indeed a powerful tool that not only enables users to communicate securely online, but fosters the kind of conditions that make freedom of expression possible. Its use should never be cause for the deprivation of freedom.                                                                                  


    Share this:   ||  Join EFF
    Categories: Aggregated News

    Scenes from EFF's 25th Anniversary Party and Minicon

    eff.org - Sat, 18/07/2015 - 08:58

    Thank you to those who celebrated with us at EFF's 25th anniversary party and minicon! It was a lovely day full of remembering the important fights of the past 25 years and planning how to face the threats of the next 25. Both the minicon and the party were well-attended, informative, and so much fun. We at EFF are so grateful to those who attended, those who followed along at home, those who gave to the EFF25 member drive, and the many of you who have made our 25 years possible.

    A toast from EFF's fearless leader Cindy Cohn to 25 years of EFF and to all of you.

     

    Minicon

    The day started out with the minicon, a four-hour conference on the past, present, and future of various EFF issues. The three panels, moderated by EFF staff members and bringing together experts with differing backgrounds and perspectives, covered digital activism and what it means for the web to be a public space, copyright and user control issues in an increasingly technical world, and the privacy and security issues of the next 25 years. EFF staff member Nadia Kayyali was on hand to provide practical security training tips throughout the afternoon based on EFF's Surveillance Self-Defense project, and EFF hosted its first-ever CTF hacking challenge.

    Deputy Executive Director and General Counsel Kurt Opsahl kicks off the minicon activities.

    From left, EFF activist Adi Kamdar moderates the Digital Activism panel, with Sina Khanifar, Annalee Newitz, Amie Stepanovich, and Trevor Timm.

    Pam Samuelson, Professor of Law and Information Management at the UC Berkeley, discusses "the next great copyright act" as EFF Legal Director Corynne McSherry looks on during the Copyright and User Control panel.

    Hackers be hacking during the CTF challenge. Congratulations to winner John-Mark Gurney (@encthenet) and runner-up Micah Lee (@micahflee)!

     

    Party

    The party kicked off at 8pm, with hosts Wil Wheaton and Cory Doctorow leading the festivities. We had special toasts, cool interactive art from Sustainable Magic, a photobooth, and plenty of dancing to music from Midtown Social, Dual Core, and A plus D.

    EFF Executive Director Cindy Cohn hugs cofounder John Perry Barlow after his thoughtful and sweet introductory remarks.

    A still from Edward Snowden's kind recorded birthday message to EFF.

    Hosts Wil Wheaton and Cory Doctorow moved back and forth from humor to inspiration all night, here reading excerpts from and comments on Barlow's "A Declaration of the Independence of Cyberspace"

    Midtown Social started the evening with groovy soul, funk, and rock songs.

    Hip hop group Dual Core brought the nerdcore to the party.

    Partygoers (purposefully kept anonymous!) danced 'til late to A plus D's awesome mashups

    It was a long but wonderful day, and we're proud to have such an awesome community. Now it's time for us to face the next 25 years and ensure essential rights have an advocate for years to come.

    Many thanks to our sponsors: Automattic, No Starch Press, O'Reilly Media, Adobe, Kevin Mahaffey, BSides Las Vegas, and OPG Communications! A special appreciation also goes out to Squirrel Herder Productions for excellent event planning and production; thank you for helping make our event so great.


    Share this:   ||  Join EFF
    Categories: Aggregated News

    Launching Democracy.io as a Step Toward a Better Democracy

    eff.org - Sat, 18/07/2015 - 07:46

    We like to think that this week, democracy got a little better.

    A few days ago, we launched Democracy.io, a tool that lets people send an email to their congressional representatives, on any topic they wish, through one super-simple interface.

    Right now, there are many paid advocacy tools that professional activism organizations can use to make sure their members’ voices are heard in Congress. But what about everyday people? If an individual person is concerned about a bill, or wishes Congress would take up some issue, there aren’t many tools available to help them communicate that desire to lawmakers. Instead, they have to hunt down individual congressional websites and fill out three different forms (two for their senators, one for their representative). 

    This gap in online advocacy needed filling. No organization—including us—should have a monopoly on communicating with Congress. Instead, we want anybody to be able to contact Congress, and we think the process should be smooth and simple. Democracy.io does just that.  It’s built on the same free software that EFF uses for our own action center, and connects you to Congress through the open data set created by volunteer web developers across the world

    It’s also our way of paying it forward. When EFF needed a new action center, we put out a request for help. Over 100 volunteer web developers stepped up to help us map congressional forms, especially these five heroes. So it seemed fitting that we give something back to the world in return. That’s part of why Democracy.io isn’t just free software licensed under the AGPL—it’s also totally free to use.

    Democracy.io was built by three volunteers—Sina Khanifar, Leah Jones, and Randy Lubin. (Please take a moment to click through to their Twitter profiles so you can shower them with gratitude.) We really appreciate the efforts they took to make sure the website fit the specifications of our adamantium-grade privacy policy.

    Even as we’re giving this tool to the world, we recognize that there’s a lot of frustration with Congress. That frustration can even turn into feelings of hopelessness and cynicism. Frequently, even committed EFF supporters express a fear that engaging with Washington is a waste of time.

    We share those frustrations. But not engaging with Washington has dire consequences. We can’t let lawmakers craft technology policy with little or no input from Internet users who are affected by those decisions. We don’t want elected officials working in a bubble, immune to the criticisms and concerns of their constituents. So instead of disengaging from DC, we’re working to make sure Internet users are getting through. We know those voices do make a difference because we remember, for example, how important constituents’ communications were in the fight against SOPA.

    We also have heard concerns that lawmakers are already getting too many emails from constituents, and perhaps staffers can’t process them all. We’re skeptical of this. While members of Congress might not enjoy getting all these emails from constituents, it is better for democracy when we keep pressure on lawmakers to do the right thing. Frankly, Lawmakers should be uncomfortable when they’re crafting bad laws. They should have to face criticisms and complaints. Similarly, they should have a chance to hear back from the people when they do good work. And if it’s hard for lawmakers to process all the incoming data from constituents, then they should develop new systems to make sense of it all—not try to block out the voices of voters.

    We are also excited about the potential impact of individualized messages. While advocacy organizations can help prompt many identical emails to members of Congress, Democracy.io helps orchestrate unique letters from individual people choosing to express their own views. The site isn’t designed to facilitate form letters. It’s built to cater to unique letters from each person using the site.

    Democracy thrives when people’s voices are heard in the halls of Congress. The easier it is to do that, the better. It’s that simple. 

    The First Amendment of the United States protects "the right of the people...to petition the Government for a redress of grievances." Democracy.io is a tool to help people exercise that crucial right. We hope you use it.

     


    Share this:   ||  Join EFF
    Categories: Aggregated News

    EFF Defends What’s Her Face? From Facebook

    eff.org - Sat, 18/07/2015 - 05:28

    Back in the fall of 2011, some undergraduates at Yale created a cool class project. As part of their law and technology class, Bay Gross and Charlie Croom built a website and game that allowed Facebook users to discover how many of their “friends” they really know. The site, still available at whatsherface-book.com, asked people to reflect upon how much personal information they share with strangers or distant acquaintances. This June, Facebook sent Gross a message claiming that the site infringed its trademark and demanding it be taken down. EFF has responded on behalf of Gross. As we explain, the website is a clear example of critical commentary protected by the First Amendment.

    When it launched, whatsherface-book.com allowed visitors to play an interactive game where they viewed randomly selected photographs of their own Facebook friends and attempted to name these people from memory. In addition to the quiz, the website included aggregate data and analysis. (This data showed that people recognize only 72% of their Facebook friends.) The site recommended that users preserve their privacy by “unfriending” people that they do not really know.

    Despite its humble origins as a class project, the website received favorable media attention. A Forbes reporter discovered that she didn’t recognize quite a few of her Facebook friends. Others cited the quiz and urged the public to cull their friend list. Although the quiz is no longer playable (due to recent changes in Facebook’s API), the data and commentary are still available. The website has been up now for almost four years.

    Last month, Facebook demanded that the entire site be taken offline. In its message, Facebook claimed that the site infringes and dilutes its trademark. Nonsense. There’s no evidence that anyone has ever been confused about whether the site is affiliated with Facebook. Rather, the site served its purpose: helping the public reflect upon their Facebook use. The First Amendment and trademark law allow for the nominative use (including in domain names) of trademarks to discuss and criticize trademark owners. Our client’s site is classic example of this kind of protected expression.

    In sending its takedown demand, Facebook joins a long list of companies that have misused trademark law in an attempt to censor a critic (see examples here, here, here, and here). Ironically, Facebook has a decent record of helping its users respond to trademark takedowns from third parties. Given this history, it is disappointing to see Facebook send an unfounded trademark takedown of its own.

    It may be that this takedown is an example of mindless over-enforcement rather than an intentional effort to censor. Either way, this kind of demand undermines online expression. Too often, targets are afraid to fight back or can’t find the help they need to do so. Facebook—and all trademark owners—should do better. For example, the company should carefully review the content of a website before demanding that it be removed from the Internet, and stop to consider whether the use it’s worried about is a fair use or otherwise protected. And now that we’ve pointed out the protections that apply in this case, Facebook should do the right thing: respect free speech and abandon its complaint against our client.

    Files:  eff_letter_to_facebook_june-17-2015.pdf facebook_trademark_cd_to_whatsherface.pdfRelated Issues: Fair Use and Intellectual Property: Defending the BalanceFree Speech
    Share this:   ||  Join EFF
    Categories: Aggregated News

    Patent Reform Under Attack, But Needed More Than Ever

    eff.org - Fri, 17/07/2015 - 05:01

    Recent reports from Congress suggest that patent reform might be taken off the table for the summer. This bad news arrives at the same time as a new study showing that patent trolls are more active than ever before. Opponents of reform are trying derail efforts to tackle trolls by insisting that any legislation must include unnecessary changes to procedures for challenging patents the the Patent Office. We urge Congress to remain focused on the real problem of patent litigation abuse.

    Much of the recent debate has focused on post-grant procedures at the Patent Office. Earlier this year, EFF used one of these procedures to successfully challenge key claims from the infamous podcasting patent. We brought our challenge using a relatively new procedure called inter partes review or IPR. Opponents of patent reform are insisting that any legislating include changes reducing access to IPRs and making them less effective as a way to invalidate bad patents. Some have suggested this is the pharmaceutical industry’s poison pill strategy for defeating patent reform.

    It’s frustrating that the poison pill tactic has been somewhat effective. There is no crisis with post-grant review procedures like IPRs. A single hedge fund (acting in partnership with infamous patent troll Erich Spangenberg) filed some IPRs, which people accused of being part of an apparent strategy to manipulate stock prices. It doesn’t appear that this worked especially well for the hedge fund and there is no indication that it will become a significant problem. Meanwhile, the high technology industry is being inundated with thousands and thousands of patent troll lawsuits. Patent troll litigation has been rampant for years and is only getting worse. Rather than give in to the pharmaceutical industry’s scaremongering about an isolated event, Congress should tackle the severe problem that it has been considering for over a year.

    Other criticisms of the bills before Congress fall apart on close inspection. We have published another blog post today countering some of the misinformation that opponents are spreading about the Innovation Act. We’ve been here before. Back in April 2014, the Senate seemed very close to a deal when Harry Reid pulled the plug. Patents returned to the agenda this year and encouraging bills passed both the Senate Judiciary Committee and the House Judiciary Committee. It’s important not to give up on the campaign for legislative patent reform. Legislation is hard and can take multiple attempts. The America Invents Act took almost five years to make its way through Congress.

    Contact your representative and tell them to pass the Innovation Act. The proposed legislation won’t hurt small businesses or legitimate patent owners. Rather, it is targeted at the worst actors and will cut back on rampant abusive litigation from patent trolls.

    Related Issues: PatentsLegislative Solutions for Patent ReformInnovation
    Share this:   ||  Join EFF
    Categories: Aggregated News

    Advertising

     


    Advertise here!

    Syndicate content
    All content and comments posted are owned and © by the Author and/or Poster.
    Web site Copyright © 1995 - 2007 Clemens Vermeulen, Cairns - All Rights Reserved
    Drupal design and maintenance by Clemens Vermeulen Drupal theme by Kiwi Themes.
    Buy now