San Francisco - The Electronic Frontier Foundation (EFF) today released a video by acclaimed documentarian Brian Knappenberger (The Internet's Own Boy) that explores how and why an unlikely coalition of advocacy organizations launched an airship over the National Security Agency's Utah data center. The short documentary explains the urgent need to rein in unconstitutional mass surveillance, just as the U.S. Senate has introduced a new version of the USA FREEDOM Act.
The video, Illegal Spying Below, is available for re-use under a Creative Commons Attribution 4.0 license here: https://www.youtube.com/watch?v=EsEkmHRbThk
At dawn on June 27, EFF, Greenpeace, and the Tenth Amendment Center launched an airship above the NSA's $1.2-billion data center in Bluffdale, Utah. The 135-foot-long airship carried a banner bearing a downward arrow and the words, "Illegal Spying Below," to bring attention to the facility as well as StandAgainstSpying.org, a website showing how members of Congress voted on legislation that would restrict mass surveillance.
"While it is only one of several data centers, for many people the Bluffdale facility has become a symbol out-of-control, unconstitutional, dragnet surveillance, as well as a threat to the environment," Knappenberger says. "I thought it was important to document this audacious attempt to raise awareness of this secretive facility and pressure Congress to rein in the NSA."
The action prompted thousands of people to contact their members of Congress about NSA surveillance. More than 30 articles were written about the airship, and those articles were collectively shared more than 51,000 times over social media within 72 hours.
"This video shows how a common threat to the freedom of association drew our three organizations together, despite very different missions," EFF Activism Director Rainey Reitman said. "Now it's time for Congress to build a diverse coalition to pass meaningful reform. We launched an airship, they need to land a bill on the president's desk."
Viewers are encouraged to use StandAgainstSpying.org, a site supported by more than 22 organizations, to review their elected representatives' record on surveillance and to send tweets to members of Congress to support meaningful surveillance reform.
Media Relations Coordinator
Electronic Frontier Foundation
About Brian Knappenberger:
Brian Knappenberger is a writer, director and producer who has created award winning investigative documentaries and feature films for PBS FRONTLINE/World, National Geographic, Bloomberg Television and the Discovery Channel. His new film about the life and death of Aaron Swartz, The Internet's Own Boy, debuted at Sundance and is available through iTunes at https://eff.org/r.cyoz. Knappenberger also runs the award winning production company Luminant Media.var mytubes = new Array(1); mytubes = '%3Ciframe src=%22//www.youtube-nocookie.com/embed/EsEkmHRbThk?rel=0%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22281%22 width=%22500%22%3E%3C/iframe%3E';
Share this: || Join EFF
Front Lines of the Open Access Fight: Colombian Student's Prosecution Highlights the Need for Fundamental Policy Reforms
Scientific progress relies upon the exchange of ideas and research. The Internet is the most powerful network the world has ever seen, with the capability to enable this exchange at an unprecedented speed and scale. But outmoded policies and practices continue to present massive barriers that collectively stifle that potential. Many major online research databases are kept under lock and key by publishers, making them extremely expensive to access. Given the subscription model for these repositories, most people cannot afford to pay the fees to read or cite to existing research, let alone know what research and studies have already been published.
Circumventing these barriers can lead to extreme consequences. Aaron Swartz was one of the strongest voices leading the open access movement, and he faced up to 35 years in prison for violating the Computer Fraud and Abuse Act (CFAA), for accessing the JSTOR research database and downloading copies of academic articles. Now Diego Gomez, the Colombian graduate student who faces imprisonment for sharing another researcher's thesis online, is on the front lines of this fight. His story is only one of countless many, but it highlights the problems facing students and academics who are simply trying to access works to further their studies.
It might seem as though the payments are being passed along to academics as compensation for their work, or that they are necessary to cover the costs involved in editing and publishing their research. Yet this is often not the case. Publishers normally give none of the subscription fees to the researchers themselves. Academics generally conduct the research, writing, and peer review processes without compensation from the publishers. Then, still without compensation, those academics usually assign the copyright over their article to the journal, on terms so strict that they can prevent even the authors themselves from making copies of their own articles.
That makes this problem especially frustrating. The high costs of accessing journals is unrelated to funding the research in the first place. Publishers are middlemen who enact high paywalls, making it expensive for academics to access their peers' research for their own work.
But how do they get away with this? It has to do with the culture around academic publishing. Some journals are considered prestigious. For academics, that prestige can mean their research is more highly regarded, which can help advance their career in the field. Unfortunately, this means that their work can only be read by those who can afford to pay for subscriptions, or more commonly, who are affiliated with a university or institution that provides access to them.The Open Access Movement: Fighting for Free and Easy Access to Knowledge
The open access movement is a fight for the continued progress of knowledge, science, and culture, by recognizing the intrinsic importance of enabling scholarly works to be shared widely, cheaply, and easily. There are two basic goals for open access advocates: first, to make research freely available online without cost, through shared digital repositories or open access journals. Second, to make research reusable by promoting the use of open licenses—ensuring that the public can not only read existing works, but can also pick apart the research and build upon it.
In many parts of the world, a major policy goal is to ensure that publicly funded research becomes publicly accessible research. It is founded on the straightforward concept that if the public is already paying for research through their tax dollars, they have a right to see and share what they have paid for. In the US, research that has been funded by government grants from certain major government agencies must be published in open access repositories, like PubMed Central. EFF, along with groups like Creative Commons, SPARC, the Open Knowledge Foundation, and many others, are leading these calls for open access policy reforms.How Copyright and Other Related Laws Stifle Open Access
It's clear that where it's possible—through policy or individual choices by academics—robust open access is the best way for research to advance the goals of academia. But where individuals work towards those goals in the absence of formal policies, they have faced truly draconian penalties. That's because our current copyright system is a poor fit for many academics. Where a reasonable copyright policy should reflect the economic interests of creators and researchers, instead our laws are shaped instead by the lobbying of special interests such as book publishers, movie studios, and music labels, which push for extreme restrictions on how content can be shared and used.
Academics, scientists, and other professionals tend to benefit little from copyright restrictions. And yet they also need to be able to access other new, cutting edge research to read relevant studies and understand what others are doing in the field. Heightened criminalization of copyright, the lack of strong legal safeguards for publicly beneficial and personal uses, and excessive, long copyright terms all fly in the face of these academic goals. The massive penalties that Gomez faces are a prime example. The demands of the copyright industries in the Colombia-US free trade agreement led to extreme policy language in the agreement, which then led Colombia to enact new, harsher criminal sanctions over "unauthorized" sharing and uses of copyrighted works.
In the midst of this experience, Gomez has brought his story to light in hopes of sparking debate and bringing about policy reform. In a recent open letter, he wrote [translated from Spanish]:
I regret that my actions in good faith I can have an impact on my life plan, just because I acted against the barriers to knowledge. [...] From this painful experience I have learned that knowledge really have invisible barriers, main reason now I am committed to activism in favor of open access, to promote the results of scientific research are public and open for everyone's benefit through open access policy.
The inability to readily access important research is an issue that affects us all. Outdated policies and practices must be reformed until we can unleash the Internet's potential to enable free and open access to research and promote the progress of science.
In the US? Send a message to your lawmakers to secure open access to taxpayer-funded researchFair Use and Intellectual Property: Defending the BalanceOpen AccessInternational
Share this: || Join EFF
In part one of this blogpost, we discuss why it makes good sense to contribute to the Tor project on university campuses, and we offer some examples of students who have been able to set up relays or exit nodes in recent years.
EFF realizes that many students may be interested in contributing to the Tor Project, but are unsure of how to get the conversation with their university started. In this post, we offer some tips that we've pulled from successful efforts to establish an exit or a relay node on campus. We also provide some suggestions for addressing concerns students are likely to encounter from their campus administration.
Many campus IT departments may be understandably concerned about the risk of having Tor traffic exit from their network. There is a potential for legally questionable activity to occur over Tor, and anonymized traffic will appear to have originated from the campus. This can cause law enforcement to first come to the campus in search of the origin of the suspicious activity or for DMCA copyright complaints to be sent to the host of the exit node. Though this can often be addressed through an explanation of Tor to the complaining party, and it is rare for the host of an exit node to be troubled by law enforcement, we highly recommend reading our legal FAQ to better understand the risks.
Let’s start with some tactics for organizing on campus. If you encounter resistance, please use and remix our Open Letter Urging Universities To Encourage Conversation About Online Privacy.Start a conversation about Tor on Campus
Ask your friends and other professors if they know of someone working in the computer science, political science, or journalism department that may already advocate for security or online privacy. Students will often need faculty allies to initiate running a Tor node on campus, and often there are already professors and technologists at universities who are familiar with and support the Tor Project. If you don't already have contacts, try searching through your computer science, journalism, political science, or any related departments' websites to see if any professor specializes in online privacy, security, or communications and human rights. Email them to set up a meeting to talk about setting up a Tor node on campus.
Contact a computer science or human rights group on campus. There is a great chance that other students will want to be involved or get excited about the prospect of contributing to the Tor Project. You all can work together to find out who the professors and IT professionals are on campus that you'd need to talk to in order to get the project started.
Start a digital rights campus group. Often the biggest barrier to setting up a Tor node on campus is one of understanding. The faculty and the IT department might not be convinced that supporting a freedom-enhancing technology project is worth the potential risk, so sometimes it might take a series of information sessions and ongoing meetings to demystify Tor for people that are new to the concept of online anonymity. Check out our organizing resources and start a campus group. Setting up a Tor node is a great first project.Understand the Risks and Try to Address Potential Concerns
Try to dedicate a separate IP address to the relay or exit node. Some servers blacklist Tor traffic, so having a separate IP address will help to ensure that only traffic from the dedicated Tor IP address will be blacklisted or affected, and not other users of the campus network who share an IP address with the Tor node. Note that EFF believes that Tor relays should be protected from copyright liability for the acts of their users and that a Tor relay operator can raise an immunity defense under the DMCA as well as defenses under copyright's secondary liability doctrines. However, no court has yet addressed these issues in the context of Tor itself. Check out our legal FAQ, which includes a template for a response to a DMCA notice.
Consider a reduced exit policy. Exit policies allow hosts of Tor nodes to decide what kind of traffic is allowed to travel through their node. The Tor Project has an excellent explainer on the kinds of exit policies available for exit node hosts and how limiting what is allowed to travel through your node can reduce its risk of receiving legal complaints. Most reduced exit policies still allow web browsing activity that may give rise to content-related complaints or investigations.
Set up a reverse DNS entry for the IP address. By setting up a reverse domain name for the IP address running the Tor node, you can help to alleviate knee-jerk reactions from sysadmins and people who see unfamiliar traffic coming from your IP node. A domain name like tor-exit.yourdomain.edu or tor-proxy-readme.yourdomain.edu might be useful.
Set up a Tor Exit Notice. Once you have a good reverse DNS name, you should put some content there that explains what Tor is for those who see the name and try to visit it via HTTP. If you run your DirPort on port 80, you can use the Tor config option "DirPortFrontPage" to display a notice explaining that you are running an exit node. This sample content from The Tor Project website will help educate and inform people who stumble upon the Tor exit node DNS name. Be sure to update the contact info and other places marked with FIXME in the notice.Tell us how it goes
We want to Tor project to become as robust as possible and encourage students contribute in any way they can. Even if you are unable to get past the concerns or bureaucracy of the campus administration, the fact that the conversation has been started is a wonderful contribution in and of itself. At the moment, too many Internet users wrongly associate the need for privacy and anonyminity online with deviance, ignorant to the fact that these tools are essential for journalists, activists, medical and legal professionals, as well as everyday users around the world need to circumvent government censorship to communicate and stay informed.
Email firstname.lastname@example.org to keep us posted, and good luck!
In part one of this blogpost, we discuss why it makes good sense to contribute to the Tor project on university campuses, and we offer some examples of students who have been able to set up relays or exit nodes in recent years.
Share this: || Join EFF
German newspapers recently reported that the NSA targets people who research privacy and anonymity tools online—for instance by searching for information about Tor and Tails—for deeper surveillance. But today, researching something online is the near equivalent to thinking out loud. By ramping up surveillance on people simply for reading about security, freedom of expression easily collapses into self-censorship; speech is chilled; people may become afraid to research and learn.
What effect does this threat to research have on university life? Just this summer student groups at seventeen universities across the country penned open letters in protest of NSA surveillance, calling attention to the pernicious effects of the surveillance state on academic freedom. And despite the fact that the very act of learning about basic online privacy tools subjects one to increased government scrutiny, we sincerely hope this student activism continues.
EFF has long encouraged students and professors to support the Tor project by running a relay on campus. Universities are supposed to be places where exploration and research of new and controversial topics should be encouraged, where freedom of speech and thought should flourish. Although it saddens us that research of any topic in and of itself has become a suspicious activity, it would be tragic if students stopped exercising their First Amendment rights and stopped exploring freedom-enhancing software tools. Anonymity is one way to more freely explore information online.
In fact, the more people use Tor, the safer it is for those who use it. When a university runs a Tor node, the students and professors who back it are contributing to the strengthening of a human rights project that enables a safe, free, and globally connected Internet.
Many are bound to question whether those who seek privacy and anonymity should continue to use Tor knowing that it could subject one to greater NSA scrutiny. After careful consideration, we feel the benefits strongly outweigh the burdens. That’s why we’re continuing the Tor Challenge.
There are plenty of reasons why a university may have reservations about running a Tor relay or exit node on campus. We discuss those concerns as well as ways to address potential risk in part two of this post.Tor is already on campuses
For years, students and professors have been running Tor exit and relay nodes on college campuses. Whether part of a research project or as an independent, activist-minded contribution to the Tor project, these instances of Tor have helped to make the network more robust and diverse.
Take the nodes set up at University of Pennsylvania, for example, where students maintain multiple Tor relays. Or consider the Tor exit node a student was running a few years ago under his desk in a dorm room at Princeton.
"I gradually made my way through different administrative procedures, talking with several administrators and committees, and finally Princeton's general counsel,” recounted the Princeton alum Tom Lowenthal (now a staff technologist at the Committee to Protect Journalists) about his struggle to demystify the Tor project to the campus administration. “It took a while and numerous meetings but I eventually persuaded them that running a Tor exit node is neither illegal nor unethical, but actively altruistic.”
And in Sweden at Karlstad University, student researchers have installed two middle relays and are currently in the midst of setting up an exit node as well. We wish them the best, as it would be a significant contribution to helping make the Internet safer for activists and journalists who rely on online anonymity tools such as Tor.
In Utah, Jesse Victors, a computer science graduate student at Utah State University is running four relays and two exit nodes at the university as part of his ongoing graduate research into online anonymity tools. He also assists new Tor users in discussion forums and even hosted a Reddit AMA to share his experiences earlier this year.
In Southern California, Alex Ryan, a rising sophomore at Caltech is running a relay too. “I had access to some really amazing resources, and I want to do my part to give back,” Ryan reported. “I think it's a really important tool in this day and age, and Tor is a way for people to avoid undue surveillance.”
As the preceding anecdotes illustrate, while some universities may initially object to running a Tor node on campus, it is possible.It makes sense to run a Tor node on university and college campuses
University and college campuses function like Internet service providers unto themselves, delivering and uploading content for tens of thousands of users, hosting hundreds of sites, and maintaining email and other communications platforms for tens and even hundreds of thousands of students, faculty, staff, and alumni. University networks are often also very fast and have a vast IP address space. Tor benefits from a diversity of connections, and university networks are often a wonderful and reliable addition to the set of networks that host Tor nodes. Exit nodes can be configured so as not to be a strain on university.
What’s more, configuring and running a Tor node is a learning experience. All too often, Tor is maligned through associations with illegal or criminal activity. But we know that this is a shallow and incomplete understanding of the uses and purposes of anonymous Internet usage. In fact, Tor was initially developed as a U.S. government project in association with the U.S. Naval Research Laboratory.Fostering safety and human rights online
The truth is that anonymous browsing is essential for the exercise of the basic human right to free expression in countries where the Internet is filtered or blocked by oppressive regimes. Victims of domestic abuse or medical patients often need to explore the Internet and communicate without fear that their identity will be tied to their activity online, and all kinds of professionals, from inventors with trade secrets to lawyers that need to secure the confidentiality of their clients, use Tor to accomplish their work.
Setting up a Tor node on campus can be a vital and exciting learning opportunity. It helps those who are new to Tor shift away from the demonization of a freedom-enhancing technology, and move towards an understanding rooted in reality.
Professors and students who care about human rights and free speech have the opportunity to participate in strengthening a project of human rights technology. The larger and more diverse and dense the network of Tor nodes is, the better the project works. That means that anonymized Internet connections travel faster and people can use the Internet safely and more efficiently.
The ubiquitous use of privacy and security tools is the Internet’s best hope for protecting the people who really need those tools—people for whom the consequences of being caught speaking out against their government can be imprisonment or death. And the greater the number of ordinary people using Tor and Tails, the harder it is for the NSA to make the case that reading about or using these tools is de facto suspicious.
“Tor is also one of the strongest tools to fight against censorship and information control. I am just one person, and I feel very small when faced with these problems,” reported the student at Utah State University who runs six nodes. “I'm proud to help thousands of others preserve their freedoms. 2.4 million used Tor yesterday, and this number will no doubt continue to rise.”
There are a lot of reasons why a university might be concerned about having Tor traffic exit from their network. In a following post, we offer tips on how to get the conversation started on campus and things to think about when running Tor. It is very important to understand the risks as well as ways to lessen those risks; all of this is discussed in part two of this Deeplink.Related Issues: AnonymityStudent and Community Organizing
Share this: || Join EFF
As part of our Open Wireless Movement, we set out to create router software that would make it easier for people to safely and smartly share part of their wireless network. Protecting hosts, so their security is not compromised because they offer open networks, is one of the goals of the router software we released. However, as research published by Independent Security Evaluators (ISE) and others has shown, almost every popular home router has serious security flaws.
In developing the router software, we realized that we also needed to tackle the more fundamental problem of home router security. Instead of just creating an open-wireless friendly router, why not work to improve router security while we're at it?
With this in mind, we're teaming up with ISE to host "SOHOpelessly Broken," a router hacking contest this year at DEF CON 22. Focusing on small office/home office (SOHO) equipment, this contest will reward the discovery of zero-day vulnerabilities in fully updated, popular off-the-shelf SOHO routers, as well as pit contestants against each other in a capture-the-flag style competition targeting routers with outdated, known-vulnerable firmware. (Naturally, all vulnerabilities discovered as part of the contest must be responsibly disclosed to the manufacturer.)
You can sign up to participate on the SOHOpelessly Broken website.
By joining, you'll also have a chance to hack away at our Open Wireless Router. It's looking more and more like our project will be the first home router and firmware—that we know of—to undergo regular, public, third-party security assessments. We also plan to be one of a few router firmwares to automatically self-update with new security patches, eliminating what has been a cumbersome and often-ignored process for consumers—largely at no fault of their own.
Your Router is Probably Insecure, which Can Cause Serious Harm
Last year, researchers at ISE found that a staggering 100% of SOHO routers they evaluated were vulnerable to remote attacks. And a recent study found that 80% of Amazon's top 25 best-selling SOHO wireless routers had security issues. Vulnerabilities revealed in these devices ranged from blatantly obvious issues to absurdly inappropriate back doors. The "moon worm" and several other notable exploits of SOHO routers demonstrate that these issues are not only interesting on a theoretical level, but are appearing in the wild and directly affecting consumers. In some cases, the vulnerabilities exploited were the very same that were discovered and reported months earlier—while the router manufacturer had issued a patch, the issues remained in some router models.
Compromising a router gives an attacker several options for exploitation. Most common are attacks on the domain name system (DNS) used to look up IP addresses. Attackers can point a DNS query to servers that are under their control, thereby redirecting the user to a malicious server, such as a fake banking webpage. The attacker can then steal valuable personal information and passwords. For example, a large-scale operation to steal banking credentials in this manner was identified in Poland this year.
Another use of compromised routers (e.g., through malware that functions like the "moon worm") is to make them part of the botnets that launch spam, phishing, account hijacking, identity theft, and distributed denial-of-service (DDoS) attacks. If we can make it harder for botnets, we can help improve security around the world.
Finally, with the continuing increase of internet connected equipment in homes, a compromised home router affords an attacker a strategic vantage point to launch attacks on targets such as home medical, home automation, or home security equipment.
We Can Build A Better Router
With our Open Wireless Router project and ISE's SOHOpelessly Broken hacking contest, we hope to further demonstrate how insecure these devices are, as well as show the consequences of leaving these security issues unmitigated by the manufacturer or unpatched by the consumer.
Without immediate and dramatic industry-wide improvement, vulnerable routers will remain a threat to individuals, small business, and large enterprises alike. These woefully insecure devices expose our persons and our companies, not just to an invasion of privacy, but to fraud, theft, loss of sensitive data, outages, and disruption of business. It has been over a year since ISE's important research was published, yet not enough has been done. We hope that by raising awareness through our contest and by providing an alternative through our Open Wireless Router, we will move the state of the art in wireless networking in the right direction.Related Issues: PrivacyOpen WirelessSecurity
Share this: || Join EFF
Brian Carver co-authored this post.
Between the net neutrality debate and the Comcast/TWC merger, high-speed Internet access is getting more attention than ever. A lot of that attention is negative, and rightly so: Internet access providers, especially certain very large ones, have done a pretty good job of divvying up the nation to leave most Americans with only one or two choices for decent high-speed Internet access. Many of us don't like those options.
That’s one reason folks have been looking to the FCC to enact neutrality rules. If there’s no competition, customers can’t vote with their wallets when ISPs behave badly. Beyond the neutrality issue, oligopolies also have little incentive to invest, not only in decent customer service, but also in building out world-class Internet infrastructure so that U.S. innovators can continue to compete internationally.
But guess what: we don’t have to rely entirely on the FCC to fix the problems with high-speed internet access. Around the country, local communities are taking charge of their own destiny, and supporting community fiber.
Unfortunately, those communities face a number of barriers, from simple bureaucracy to state laws that impede a community's ability to make its own decisions about how to improve its Internet access.
We need to break those barriers. Community fiber, done right, should be a crucial part of the future of the Internet. To see why, let’s take a deeper dive.What Is Community Fiber?
- Fast, Cheap, and Community Controlled
People love to complain about the speed of their Internet access and with good reason. International surveys regularly show that we pay more, for less, than many other countries.
Fiber is fast. Really fast. Chattanooga's local power utility operates a fiber optic Internet service that currently offers a 1 Gigabit speed package (1,000 Mbps) for just $69.99/month. For most of us that would be a 50x speed increase or better. Many fiber services are also symmetrical, offering the same upload speed as download speed.
Fiber isn’t usually cheap, in part because the companies building it out have focused on business customers. But communities that have deployed residential fiber can typically offer rates that are equal to or cheaper than traditional residential competitors.
- A Universe of Alternatives
As we noted above, in many communities there are only one or two choices for Internet access, most often the local monopoly cable company or the local monopoly telephone company. A recent report illustrated how much people hate these companies, but with no alternative, many continue to pay the Internet bill month after month. And the recent trends suggest that mergers between these giants will further consolidate one's choices for Internet access.
Community fiber, properly deployed and managed, can give at least some of us a way out. One particularly attractive model is called "open access." Under an open access model, the local municipality might be the owner of the fiber infrastructure, but agrees to lease access to the system to anyone on non-discriminatory terms. This opens up the possibility of having many local ISPs competing for your business over the same fiber infrastructure.
- High Speed Access For All
The FCC's 2011 Broadband Progress Report found that rural communities are particularly underserved when it comes to high-speed Internet access. Internet companies just don’t have the financial incentive to invest in building the networks.
Back in the cities, we continue to see "Digital Redlining." Communities of color have been deemed “unprofitable” and “risky” for early private sector telecommunications investments, and often continue to be excluded from that essential private investment.
In contrast, many community fiber projects include a baseline level of service that is provided for free or include plans to build free open wireless networks on top of the fiber infrastructure. Community fiber projects can aim for and achieve truly universal access by taking the matter into their own hands.
- Community Self-Reliance
Another motivator for some community fiber projects is the desire some communities have to be in charge of their own essential communications infrastructure. Rather than wait on an opportunity to win the Google Fiber lottery, they seek to proactively build the high-speed infrastructure their communities need. Many cities believe this is key for economic development, citing the business demand for fiber service.
The city of Santa Monica, California is a great example. Thanks, in part, to a city plan to build out their fiber network any time the streets were being dug up for any other purpose, Santa Monica, aka "Silicon Beach," has become a hub for many technology companies and startups.
- "Smart" Cities of the Future, Here Today
Beyond the schools, libraries, hospitals, and emergency operation centers that municipalities want connected to a fiber network, municipalities also often have assets like traffic lights, parking meters, street lights, surveillance cameras, sprinklers, buses and so on that, if connected to the fiber network or open wireless enabled by that fiber network, can become part of a "smart city" where software controls enable new efficiencies.
Imagine the Director of Public Works using her smart phone to reschedule all the sprinklers in the city with just a few clicks. Proponents argue that in 20 years a city without such a fiber network will seem to us today like a city without paved roads. In this future, that a firefighter might not be able to instantly download a building's blueprints right from the scene of the blaze will seem unthinkable.Challenges Facing Community Fiber
Given the benefits of community fiber, the increasing need for high-speed Internet access, and the simultaneously decreasing number of alternatives, why don’t we all have it? Therein lie some lessons and opportunities.
- Some Cities Have Tied Their Own Hands.
The Berkman Center at Harvard recently released a report that detailed the sad situation in the District of Columbia, which has a robust fiber network that it cannot provide to its own businesses or residents. In 1999, as part of Comcast's franchise renewal negotiations, Comcast offered to provide the District with exclusive use of a portion of its private fiber loop. In exchange, the District agreed not to sell or lease the fiber and not to "engage in any activities or outcomes that would result in business competition between the District and Comcast or that may result in loss of business opportunity for Comcast."
Comcast effectively reneged on its part of the deal, but for complicated reasons the District was still stuck with the “non-compete” obligation. A recent article suggested that hundreds of municipalities have made similar non-compete agreements that may impede a community fiber rollout.
- Twenty States Have Laws That Ban or Hinder Community Fiber
Some states have, typically under intense lobbying efforts by incumbent interests, enacted laws that ban or hinder municipalities from pursuing their own fiber projects.
Fortunately FCC Chairman, Tom Wheeler, has recently made numerous comments indicating that he believes the FCC has the authority to preempt such state laws to enable greater local competition. Two communities affected by them have petitioned the FCC to take action. You can tell the FCC your thoughts about this.
- There Are Good Reasons Not to Want the Government to be Your ISP
Just because a local municipality might own the fiber infrastructure does not necessarily mean it is also best-suited to act as an ISP to residents. Residents might rightly wonder what sort of information sharing practices would become policy, particularly information sharing with law enforcement.
This challenge can be addressed as well. Cities can help resolve privacy concerns by adopting the open access model described above. On this model the local municipality merely leases the fiber and never has to have access to the data on the fiber. Local ISPs that lease the fiber can be held accountable by users that encourage the ISPs to adopt privacy-protecting policies and terms of service.
- Expect Opposition from the Incumbents
Any locality that pursues a community fiber project should be prepared to hear how the sky is falling from the incumbent monopolies. Past experience shows that they will fight hard against anything that might bring about more competition and hence a reduction to their bottom lines. Incumbents may raise various specious arguments and advocates and decision-makers will need to understand and be prepared with counter-arguments. We are preparing a community fiber toolkit for local activists that will help.Conclusion
Community Fiber can play a role in addressing several important problems facing widespread high-speed Internet access, but it faces many challenges as well. Each community will need to tailor its approach to their local circumstances and will want to learn from the experiences of those that have tread this path already. We hope we can raise this issue's profile and shine a light on a path forward.Related Issues: InnovationNet Neutrality
Share this: || Join EFF
When the Australian government first began requiring Internet Service Providers (ISPs) to block websites in 2012, Australians were assured that it would only be used to block the "worst of the worst" child pornography. This week, a discussion paper was issued that proposes to extend this Web blocking regime, so that it would also block sites that facilitate copyright infringement. Funny how that always seems to happen.
You may remember a similar website blocking scenario in the proposed Stop Online Piracy Act (SOPA), which prompted an unprecedented online uprising from Internet users in the U.S. and around the world, that sent the bill down in flames. While the Australian proposal is not the same as SOPA (the blocks would have to be approved by a court, for example), it would share many of the same dangers, such as the rubbery definition of sites "the dominant purpose of which is to infringe copyright."Copyright Infringement Is Not Theft
Also familiar is the old canard being used to justify these new measures, that "piracy is theft"—or in case we were too dense to grasp that metaphor, that it "is exactly the same theft as walking into a DVD store and putting a DVD in your bag and walking out without paying", according to Minister for Communications, Malcolm Turnbull.
Of course, copyright infringement is not theft, because copyright is not a kind of property capable of being stolen. Copyright is a limited set of rights that gives the owner the ability to prevent the public from making some uses of creative material for some length of time.
If a user steps over the line, sometimes a fuzzy one, that separates the legal use of copyright works from those that require a license—for example, if they record a favorite TV show using a PVR (which is legal in both Australia and the United States, for time-shifting purposes) but then save it to watch multiple times (which may not be, at least in Australia), then it is ludicrous to suggest that the user has thereby become a thief. Rather, they may have committed copyright infringement.
If they are honest with themselves, our lawmakers know this—because in Australia (and the U.S.), copyright infringement isn't defined in law using the word "theft" or the same legal standards as theft or larceny. Yet content industry lobbyists have found it to be a convenient metaphor to use to justify heavy-handed penalties for infringement.ISP Liability for Copyright Infringement
Another of those heavy-handed penalties being considered under the Australian proposal is making ISPs liable for users' infringements, unless the ISPs have taken "reasonable steps" to discourage or reduce online copyright infringement. This proposal would effectively undo the effects of the landmark Roadshow Films v iiNet decision of Australia's High Court, which decided in 2012 that ISPs were not liable for failing to suspend or terminate accounts of its users whom rightsholders claimed were engaged in infringement.
Exactly what form these reasonable steps might take remains open for discussion, but a system of warning notices, possibly followed by the throttling of access speeds, has been proposed, and the discussion paper specifically mentions the Copyright Alert System in the U.S. as a model for this. Such a system would entail the surveillance of Internet users by private actors, who would compile a secret database of those suspected of downloading material without authorization.
A justification that the discussion paper gives for this proposal is that Australia's obligations under its Free Trade Agreements with the United States, Singapore and South Korea require it to provide a legal incentive to ISPs to cooperate with rights holders to prevent infringement on their systems and networks. But Australian copyright scholar Matthew Rimmer, who has been sounding the alert about the government's plans, describes as controversial the claim that Australia's trade obligations would require it to take this step.
EFF has long contended that these sorts of free trade negotiations, which take place behind closed doors, and in which copyright users' rights are traded off against the promise of concessions on trade for agricultural and manufactured products, are an entirely inappropriate way for countries to craft copyright laws that meet the needs of their citizens.
One of the dangers of tying copyright laws to trade agreements it that they can reduce a country's flexibility to change its laws when unforeseen circumstances arise—for example, some commentators claim that the U.S. is constrained from permanently legalizing cell phone unlocking.What You Can Do
Public comments on the Australian proposal to introduce website blocking for sites that infringe copyright, and to require ISPs to take steps to deter copyright infringements by users, will be received until September 1. Here is the website with details of how to submit your comments.
At the same time, given the lack of oversight and transparency of the practice of website blocking by Australian government departments generally, there is a separate enquiry into the use of Section 313 of the Telecommunications Act for this purpose—for which the deadline is August 22.Related Issues: Fair Use and Intellectual Property: Defending the BalanceInternational
Share this: || Join EFF
Tell the FCC to stop this disastrous deal.Take Action Now!
Here at EFF, we see a lot of stupid patents. There was the patent on “scan to email.” And the patent on “bilateral and multilateral decision making.” There are so many stupid patents that Mark Cuban endowed a chair at EFF dedicated to eliminating them. We wish we could catalog them all, but with tens of thousands of low-quality software patents issuing every year, we don’t have the time or resources to undertake that task.
But in an effort to highlight the problem of stupid patents, we’re introducing a new blog series, Stupid Patent of the Month, featuring spectacularly dumb patents that have been recently issued or asserted. With this series, we hope to illustrate by example just how badly reform is needed—at the Patent Office, in court, and in Congress.
So without further ado, below is our inaugural Stupid Patent of the Month:
U.S. Patent No. 8,762,173, titled “Method and Apparatus for Indirect Medical Consultation.” This patent issued on June 24, 2014, and dates back to an application filed in November 2007. And what was the novel, nonobvious, deserving-of-patent-protection invention? Here is claim 1 in a nutshell (the full claim is at the end of this post, for those interested)1:
a. take a telephone call from patient
b. record patient info in a patient file
c. send patient information to a doctor, ask the doctor if she wants to talk to the patient
d. call the patient back and transfer the call to the doctor
e. record the call
f. add the recorded call to the patient file and send to doctor
g. do steps a. – f. with a computer.
This is a stupid patent. This is a patent on a doctor’s computer-secretary, or put another way, intermediated communications with a computer. In fact, we don’t see much difference between this patent and the patent invalidated by the Supreme Court in Alice Corp. v. CLS Bank, which claimed the abstract idea of intermediated settlement with a computer.
Given that this patent seems like it should not have been allowed because of its abstract idea, we looked at the file history (the publicly available record of what happened at the patent office). What we found was that the original claim 1 (which was similar but not identical to the claim that eventually was patented) had not claimed a computer. The examiner correctly issued a rejection, saying the claim was abstract and thus wasn’t something that could be patented. In response, the applicant added element (g) (“providing a computer, the computer performing steps “a” through “f””). And the rejection went away.
Somehow, something that wasn’t patentable became patentable just by saying “do it with a computer."
In Alice, the Supreme Court held that an abstract idea cannot be made patentable by the inclusion of a generic computer. But that’s exactly what happened in this case. As a result, this patent gets the honor of being the first entry in our series on Stupid Patents.
It is important to remember that stupid patents like these can do real harm. A patent troll with a similarly dumb patent has sent letters claiming that anyone “communicating health information to patients… by telephone” owes it money. Since defending a patent case can easily cost more than a million dollars, trolls can leverage the threat of these costs to extort settlements. By issuing vague and overbroad software patents like our inaugural Stupid Patent of the Month, the Patent Office is providing the raw material that trolls use to shake down true innovators.
- 1. Here is claim 1 in full:
1. A method of providing indirect medical consultation comprising the steps of:
(a) receiving a telephone call from a person seeking indirect medical consultation from a human health care provider;
(b) during the telephone call of step “a”, recording a set of information from the person, the set of information including
a telephone number,
a name of a patient,
an oral description of the problems with the patient, and
a selected pharmacy;
(c) before contact between the person seeking indirect medical consultation and the health care provider, transmitting this information to the human health care provider who reviews the information, and providing an option for the health care provider to be in telephone contact with the person seeking indirect medical consultation;
(d) after step “c”, based on a command from the health care provider, telephoning the person seeking indirect medical consultation and placing the health care provider in telephone contact with the person;
(e) after step “d”, recording the telephonic conversation between the health care provider and the person seeking indirect medical consultation during the telephone call in step “d”;
(f) compiling a medical record with the information of steps “b” and “e” and transmitting the compiled medical record to the health care provider which compiled medical record includes the recorded telephonic conversation of step “e”; and
(g) providing a computer, the computer performing steps “a” through “f”.
Share this: || Join EFF
Good security practices require us to use different passwords for most or all of the websites and services we interact with. For accounts of any significance, those also need to be strong passwords of one form or another. But if you combine those two requirements (one password per site, most or all passwords are strong) then remembering all of your passwords requires an inhuman display of memory. Of course, when we need to perform inhuman tasks, we use software. And in this case, we use password stores and generators of various sorts. There are a lot of options for password managers out there, but if like us you prefer all of your security-sensitive code to be free, auditable software, then the choices are more limited.
Today, the team from a password manager startup called Mitro will be joining Twitter. As part of the deal, Mitro will be releasing the source to its client and server code under the GPL. We're very pleased to see this happening, and will be advising the Mitro team on how best to turn their startup's code into a sustainable free/open source software project.
Mitro is distinctive amongst free/open source password managers in that it's architected around cloud storage. For security, the online password databases are encrypted with client-side keys derived from your master password. For availability, they are mirrored across three cloud storage providers. With this design (documented here), passwords can be synchronized across all of your computers and devices with minimal effort. They can also be shared across teams and organizations. For those reasons, we're excited about the possibility that Mitro may turn into a valuable piece of infrastructure for the community.
Mitro has committed to funding continued operations of its servers until at least the end of 2014. If their code proves to be secure and popular with the community, we will be advising them on how to create a sustainable home for that infrastructure.
Mitro will succeed if it has an enthusiastic userbase and developer community. Aside from trying out the software, there are lots of things you can do to contribute:
Report any problems — there is a new bug tracker on github, so if you run into a bug or a web site that doesn’t work reliably, please let them know. You can also always tweet @MitroCo.
Contribute documentation — Mitro has some limited documentation on Github. The Mitro team would welcome any contributions to help others use it effectively.
Update, 2014-07-31: revised post to link to Mitro's announcement, and clarify that while the Mitro team is joining Twitter, Mitro itself will continue as an independent corporation.
- 1. For the time being, we don't recommend using the Android variant of Mitro; the Android app is likely to be vulnerable to password theft by malicious apps because of security problems that follow inherently from its use of the Android clipboard. We are presently researching ways to work around this problem.
Share this: || Join EFF
Help us break the FCC out of the Washington bubble. Invite the FCC to your community!Take Action Now!
People have many reasons to be anonymous online, from the political to the personal. One of the most contentious uses of anonymity is in consumer reviews—some reviewers feel they need the protection of anonymity to post the truth, while some businesses claim that it fuels irresponsibility. But the First Amendment protects anonymous speech online, just as it protects the choice to hand out political flyers in person without identifying oneself.
In an amicus brief just filed in the Virginia Supreme Court, EFF explains how the law protects everyone when disagreements about anonymity move from the Internet to the courtroom.
This case concerns reviews of Hadeed Carpet Cleaning, a business in Alexandria, Virginia, posted on the review site Yelp. Hadeed filed suit against the unknown authors of seven reviews that were critical of its business. In order to proceed, Hadeed served Yelp with a subpoena to discover the identity of the seven John Does. Hadeed alleged that it had checked its customer database, and the reviews did not correspond to any actual customers. Hadeed claimed that because the Does weren’t customers, their negative reviews were false and therefore defamatory. Yelp objected, in part, on the grounds that the subpoena did not satisfy the constitutional requirements to protect the authors’ First Amendment right to anonymity. However, both the trial court and the court of appeals held that Hadeed had satisfied Virginia’s statutory procedure for unmasking anonymous speakers and denied Yelp’s motion to quash. Now the case is on appeal to the Supreme Court of Virginia.
At first blush, it might seem odd that the constitutional protection of free speech would also apply to a speaker’s choice to be anonymous. But in fact, the Supreme Court has repeatedly explained that anonymity is so important to our discourse that it should be protected by the First Amendment.
The rule has both historical and political grounding. As the Court put it in 1960, anonymous pamphlets and books “have played an important role in the progress of mankind.” Of particular note are the many anonymously published documents from the founding era of the United States, such as the Federalist Papers, which were crucial in the framing and ratification of the Constitution itself. Perhaps more important, the Court explained that remaining anonymous can protect speakers with unpopular opinions from the tyranny of the majority, which fulfills a core purpose of the Bill of Rights. In essence, protections for anonymity strengthen democracy.
From parody Twitter accounts to message boards for LBGTQ youth, the Internet is a natural home for anonymous speech. But detractors are quick to point out that anonymity makes it harder to hold authors of objectionable speech accountable. Internet users who post defamatory reviews shouldn’t be able to hide behind a veil of anonymity, they say.
It’s a valid concern, one that is embodied in First Amendment law itself. That’s why the right to anonymity is “qualified,” not absolute. But with so much of the law, the difficulty is in how to set the balance. Because the right to anonymity is so crucial in ensuring robust public discussion—a core First Amendment value—it should be given real weight. Anonymous speakers must be protected from harassment by plaintiffs who simply don’t like their message. On the other hand, valid lawsuits shouldn’t be stopped in their tracks just because the defendant is anonymous.
EFF has played an active role in helping courts set this balance, and we’ve stepped in to defend anonymous speakers who are unfairly targeted. As we argue in the new brief, the consensus that has emerged strikes a fair equilibrium: plaintiffs who seek to unmask an anonymous speaker must provide evidence to the court that their case is a strong one. Courts have slightly different ways of phrasing this requirement, but it is essential that they feel satisfied with the plaintiff’s evidence before they order an anonymous speaker to be unmasked.
Therein lies the problem with Hadeed’s claim against the anonymous Yelp reviewers. Hadeed alleged that the reviewers aren’t actually customers, but the lower courts didn’t require it to provide proof. Nor did Hadeed show how the reviews were defamatory. Whether or not what Hadeed claimed was enough under Virginia law, the First Amendment requires significantly more evidence of defamation. We hope the Supreme Court of Virginia will agree.
A special thanks to Matthew Erausquin and the firm of Consumer Litigation Associates, PC for acting as our local counsel in this case.
Share this: || Join EFF
San Francisco - The Electronic Frontier Foundation (EFF) and a coalition of advocacy groups have asked a federal appeals court to block record labels' attempt to thwart federal law in Capitol v. Vimeo—a case that could jeopardize free speech and innovation and the sites that host both.
In this lawsuit, the record labels sued online video site Vimeo, alleging that dozens of sound recordings were infringed in videos posted on the site. A ruling from a district court judge earlier this year found Vimeo could be responsible for copyright infringement, and in doing so imposed new, impossibly high standards for websites hosting user-generated content. In an amicus brief filed Wednesday, EFF argues that the decision undermines the safe harbors created by the Digital Millennium Copyright Act (DMCA), and the innovation and expression those safe harbors make possible.
"The safe harbors give websites a clear set of rules. If they follow the law in their response to complaints from copyright owners, then they can predict and manage their exposure to lawsuits and other legal challenges," said EFF Intellectual Property Director Corynne McSherry. "The safe harbors are critical to the Internet's success as a forum for innovative art, discussion, and expression of all kinds, forestalling crippling litigation that would force most websites to close their doors. Yet the district court created new liability, contrary to the law and the intent of Congress."
At issue in Capitol v. Vimeo are videos that Vimeo employees viewed or interacted with, as well as pre-1972 sound recordings, which receive different copyright protection than post-1972 works. Essentially, the decision would seem to offer service providers an impossible choice: scour the website for any content that anyone could argue might include pre-1972 audio and thereby potentially lose safe harbor protections, or risk expensive copyright litigation.
"This is exactly the result that Congress was trying to avoid with the safe harbors—without them service providers unwilling to risk being sued may decide not to host videos and other works with audio at all," said EFF Staff Attorney Vera Ranieri. "We hope the appeals court steps in to reinforce the law and protect free speech and innovation online."
Also joining EFF's brief are the Center for Democracy and Technology, New Media Rights, the Organization for Transformative Works, and Public Knowledge.
For the full amicus brief:
Intellectual Property Director
Electronic Frontier Foundation
Electronic Frontier Foundation
Share this: || Join EFF
The Fourth Amendment protects us from “unreasonable” government searches of our persons, houses, papers and effects. How courts should determine what is and isn’t reasonable in our increasingly digital world is the subject of a new amicus brief we filed today in San Francisco federal court.
At issue is historical cell site data—the records of the cell towers a customer’s cell phone connects to. The government has long maintained that it’s unreasonable for customers to expect those records to remain private. As a result, the government argues it does not need a search warrant to obtain historical cell site records from cell phone providers.
Federal appeals courts are divided on the issue. In 2013, the Fifth Circuit Court of Appeals, which covers Louisiana, Mississippi and Texas, ruled there was no expectation of privacy in historical cell site data. But last month, the Eleventh Circuit Court of Appeals, which covers Alabama, Florida and Georgia, reached the opposite conclusion, ruling people did have an expectation of privacy in this information.
Federal magistrate judge Nathanael Cousins in San Francisco, who is not required to follow either the Fifth or Eleventh Circuit–he’s bound to follow the Ninth Circuit which hasn’t ruled on the issue yet–recently requested the local U.S. Attorney’s office to explain why the government believed it did not need a search warrant to obtain cell site records. He invited the San Francisco Federal Defender to file a response as well, and we filed an amicus brief supporting a warrant requirement. The ACLU of Northern California and University of San Francisco law professor Susan Freiwald and EFF special counsel Marcia Hofmann also submitted amicus briefs.
A Fourth Amendment “search” is an intrusion upon something in which a person has a subjective expectation of privacy that society considers reasonable. By definition, determining whether a search is “reasonable” requires looking at what society considers to be deserving of privacy protection. So our amicus brief explains why many Americans actually expect this detailed and sensitive location information to remain private, even when it’s stored by phone companies.
It’s clear that people consider location information—which can reveal who we associate with, our patterns of movement, and things like religion, sexual practices, and political affiliations—to remain private. If someone followed you everywhere you went for long stretches of time, you’d probably call the police. While some people may choose to broadcast their location publicly, by posting a picture or “checking in” on social media, for example, historical cell site information is very different. It may show you traveling to or from a doctor or somewhere else you’d like to keep private.
But this isn’t just mere conjecture; the fact that a growing number of states are extending location privacy protection to their citizens is a gauge of societal understandings that it is reasonable to expect this information remain private. While the Fourth Amendment does not depend on state law or statutory guarantees, they are nonetheless compelling evidence of societal understandings of privacy.
Many states protect location information. Police in Hawaii, New York, Oregon and Washington require police to use a search warrant to track a person’s movement with a GPS or other electronic tracking device. In 2012, five justices of the U.S. Supreme Court’s recognized in concurring opinions in United States v. Jones that people can expect information about their movements over an extended period of time, even on public streets, remain private.
After Jones, Colorado, Maine, Minnesota, Montana and Utah passed statutes requiring law enforcement use a search warrant to obtain historical cell site information. Indiana, Virginia and Wisconsin passed laws requiring police to use a warrant if they want to track a cell phone in real time. The state high courts in Massachusetts and New Jersey ruled their respective state constitutions require police use a search warrant to obtain historical cell site records. All of this is compelling proof of Americans expectation their location information is private.
Our amicus brief also explains that the 35-year-old Supreme Court decision in Smith v. Maryland, which found a phone customer had no reasonable expectation of privacy in the phone numbers he dialed over three days, does not mean law enforcement can skirt the warrant requirement here. Our brief notes many states have rejected Smith, including California, who ruled just a few months after Smith was decided that because dialed phone numbers provide a “virtual current biography” about a person, there is an expectation of privacy in them under the state constitution. For the U.S. Attorney in San Francisco, tasked with investigating crimes occurring in Northern California and likely involving suspects throughout the Golden State, to argue that there is no expectation of privacy in historical cell site records ignores the explicit promise California has made to its citizens that certain phone records are private.
Last month, the Supreme Court in Riley v. California extended privacy protections to the contents of cell phones, settling a judicial split by prohibiting police from searching a cell phone incident to arrest. Although the court long ago ruled police could search items like a pack of cigarettes and other things that may be found on a person after they’d been arrested, the court noted that a cell phone was different, a technology that was “nearly inconceivable just a few decades ago.” One of the reasons the court believed a warrant was necessary was the ubiquity of the modern cell phone. In the past, police came across scraps of papers or diaries only sporadically. But today, 90 percent of Americans carry cell phones, the majority of which are Internet connected smartphones that contain text messages, pictures, videos, emails and other sensitive information. The court’s decision to ban searches of cell phone data incident to arrest was a response the privacy implications of technology changing the societal reality.
Judge Cousins and other federal and state courts have an opportunity to follow the Supreme Court’s lead in Riley and ensure that the Fourth Amendment keeps up with accepted expectations of privacy in California and nationwide. As more courts and state legislatures across the country identify and establish privacy guarantees for this data, it has become clear that society recognizes that an expectation of privacy in cell site records is “reasonable.” The only thing that should now be considered unreasonable is the government’s attempt to get historical cell site data without a warrant.Related Issues: PrivacyCell TrackingLocational PrivacyRelated Cases: In re Telephone Info
Share this: || Join EFF
Earlier today, Senator Patrick Leahy introduced a revised version of his USA FREEDOM legislation, the USA FREEDOM Act of 2014, which focuses on telephone record collection and FISA Court reform. While this bill is not a comprehensive solution to overbroad and unconstitutional surveillance, it is a strong first step. EFF urges Congress to support passage of the bill without any amendments that will weaken it.
The new legislation contains a number of key changes from the gutted House version of USA FREEDOM:
The USA FREEDOM Act of 2014 will end bulk collection of phone records under Section 215
EFF, along with other groups, made it clear that we would not support any legislation that did not effectively end bulk collection of call detail records. The Senate version of USA FREEDOM achieves this goal, by limiting collection to instances where there is reasonable suspicion that a “specific selection term” is associated with international terrorism.
The House version of USA FREEDOM used murky language around the phrase “specific selection term,” in particular, raising concerns that a “specific selection term” could include an entire zip code or other similarly broad terms. For purposes of collection of call detail records where there is reasonable suspicion, the Senate version continues to use the definition that a specific selection term is an “individual, account, or personal device.” However, for any other purpose, the term must narrowly limit the scope of a request for information, and cannot include a broad geographic region or an entire electronic communications service provider.
The USA FREEDOM Act of 2014 makes significant improvements to the FISA Court
The new USA FREEDOM makes two key changes to the secretive FISA Court process. First, we were pleased to see that it creates a special advocate position that will serve as an amicus in the court and is intended to advocate for civil liberties and privacy.
Second, it directs the Office of the Director of National Intelligence, in consultation with the Attorney General, to declassify “significant” FISA Court opinions. We would have preferred that this process be overseen directly by the Attorney General, with input from the FISA Court itself. On the other hand, the new USA FREEDOM bill actually defines “significant” (the original USA FREEDOM bill did not), and this definition includes any novel interpretation of “specific selection term.”
The legislation also makes several other improvements. When USA FREEDOM was originally introduced, we were concerned that it would codify “about” searches—the practice of searching for any communication that references a target, in addition to communications to and from a target. We were deeply concerned that this controversial practice would be written into law, and glad that the Senate version removes any reference to that form of searching.
The new legislation also has some small improvements to the initiation and judicial review procedure for national security letters—secretive FBI orders for data that are accompanied by gag orders—as well as pen register and trap-and-trace devices. The bill creates new reporting requirements for the government—including a requirement that the government estimate how many U.S. persons have been affected by backdoor warrantless searches of information collected under the authority of Section 702 of the FISA Amendments Act. And finally, the bill creates a new option for companies to report on national security requests.
What the USA FREEDOM Act of 2014 doesn't do
First and foremost, the USA FREEDOM Act of 2014 does not adequately address Section 702 of the FISA Amendments Act, the problematic 2008 law that the government argues gives it the right to engage in mass Internet surveillance. We remain committed to reform of Section 702. We intend to pursue further reforms to end the NSA’s abuse of this authority.
The legislation also does not affect Executive Order 12333, which has been interpreted by the NSA to allow extensive spying both on foreigners and U.S. citizens abroad. Strictly speaking, we don’t need Congress to fix this—the President could do it himself—but legislation would ensure that a later President couldn’t reinstate 12333 on her or his own.
The legislation may not completely end suspicionless surveillance. With respect to call detail records, it allows the NSA to get a second set of records (a second “hop”) with an undefined “direct connection” to the first specific selection term. Because the “direct connection” standard is vague, the government may seek to construe that phrase to mean less than reasonable suspicion.
Finally, as with all legislation up to this point, the new USA FREEDOM continues to exclude meaningful protections for the rights of non-U.S. persons.
A meaningful first step
The USA FREEDOM Act of 2014 is a real first step because it creates meaningful change to NSA surveillance right now, while paving the way for the public to get more information about what the NSA is doing. We believe that this legislation will help ensure that the NSA reform conversation in Congress continues, rather than shutting it down. That’s why we urge Congress to support the Senate version of USA FREEDOM and pass it without any changes that will weaken its provisions.
Please help us pass this bill. Speak out today.Related Issues: NSA SpyingPATRIOT ActPen Trap
Share this: || Join EFF
It's increasingly rare for Congress to actually pass bills into law, but Friday brought some good news from Capitol Hill: More than a year after the exemption covering phone unlocking expired and a White House petition on the topic collected some 114,000 signatures, a narrow bill offering a limited carve-out for consumers unlocking phones made its way to the President's desk to be signed into law.
This is a win for consumers. There was near universal agreement that the restrictions were unreasonable, ranging from a White House statement calling a phone unlocking allowance "common sense," to a partial solution from the FCC, to a Congressional hearing on phone unlocking and the DMCA. EFF worked with a broad coalition of individuals, companies, and public interest groups to convert that common goal into real policy and to keep dangerous language from the House proposal out of the final version of the bill.
But this is also just a tiny step toward what should be the real goal: fundamental reform of the misguided law that is the heart of the problem. The reason the phone unlocking's legality is even unclear is because of a Digital Millennium Copyright Act (DMCA) provision that prohibits the circumvention of technical measures that restrict copyrighted content. In the case of phones, that copyrighted content could include the actual software running the phone.
Of course, consumers want to be able to unlock their phones so they can use them with the carrier of their choice, and that has nothing to do with copyright infringement. Enforcing the business models of telephone companies is way out beyond what copyright law is supposed to do. Unfortunately, it's not that unusual an application of the DMCA's anti-circumvention provisions. In the 16 years since the DMCA became law, it’s done little to hinder infringements but a lot to shut down innovation and free speech.
The safety valve in that section of the DMCA is a rulemaking procedure that takes place every three years, where members of the public can argue for the Librarian of Congress to grant specific exemptions to the law. An exemption for phone unlocking had been granted in the past, but in the 2012 rulemaking, it was only extended for several months until early 2013.
The legislation we passed last week effectively corrects that error, granting an exemption for the remainder of this three-year term. But it does nothing to address the underlying problem: Copyright law is being used to as a tool against competition and innovation. Further, it gives little consolation to others burned by the DMCA's anticircumvention rules.
With the next round of rulemaking expected to take place in the next year, even this narrow victory could be short-lived. The law requires each exemption to be argued from scratch each time, and there's no shortcut process for "renewing" an already granted exemption. Practically speaking, the Librarian of Congress has been given a strong signal from the legislature on the need for a phone unlocking exemption, but there will still be a time-consuming process of formally making the case. The outcome is important, but in many cases that process is a waste of time for everybody involved.
A much better solution would be to reform that section of the law altogether. Even if we cannot come to a compromise that simply strips the anticircumvention rules out of the law, we should be able to condition their application to cases where there might actually be infringement.
Such a solution is possible. The bill that passed last week was only one of several proposed solutions to the phone-unlocking problem. Representative Zoe Lofgren's bill, the Unlocking Technology Act, took this much better fundamental approach. And even with the urgency of phone unlocking off the table, Lofgren's proposal would be an extremely important improvement to a profoundly broken section of copyright law.
This issue, bubbling under the surface for a long time, is increasingly important as more and more of our appliances, devices, and goods could face the phone unlocking problem: if everything's got a layer of copyrighted software, our ability to own and operate the stuff we own can face hurdles from the DMCA. Our right to repair, to tinker, to repurpose, to resell, all are affected.
As in years past, EFF will push for the best possible exemptions in the triennial rulemaking. But it is also increasingly clear that the rulemaking is not a workable “safety valve.” Last week's phone unlocking success was a partial victory, but users deserve more. Whether it comes from Lofgren's Unlocking Technology Act or elsewhere, we will continue to push for that reform.Related Issues: Fair Use and Intellectual Property: Defending the BalanceDMCADMCA RulemakingInnovationDRM
Share this: || Join EFF
Human Rights Watch and the ACLU today published a terrific report documenting the chilling effect on journalists and lawyers from the NSA's surveillance programs entitled: "With Liberty to Monitor All: How Large-Scale US Surveillance is Harming Journalism, Law and American Democracy." The report, which is chock full of evidence about the very real harms caused by the NSA's surveillance programs, is the result of interviews of 92 lawyers and journalists, plus several senior government officials.
This report adds to the growing body of evidence that the NSA's surveillance programs are causing real harm. It also links these harms to key parts of both U.S. constitutional and international law, including the right to counsel, the right of access to information, the right of association and the free press. It is a welcome addition to the PEN report detailing the effects on authors, called Chilling Effects: How NSA Surveillance Drives US Writers to Self-Censor and the declarations of 22 of EFF's clients in our First Unitarian Church of Los Angeles v. NSA case.
The HRW and ACLU report documents the increasing treatment of journalists and lawyers as legitimate surveillance targets and surveys how they are responding. Brian Ross of ABC says:
There’s something about using elaborate evasion and security techniques that’s offensive to me—that I should have to operate as like a criminal, like a spy.
The report also notes that the government increasingly likens journalists to criminals. As Scott Shane of the New York Times explains:
To compare the exchange of information about sensitive programs between officials and the media, which has gone on for decades, to burglary seems to miss the point. Burglary is not part of a larger set of activities protected by the Constitution, and at the heart of our democracy. Unfortunately, that mindset is sort of the problem.
Especially striking in the report is the disconnect between the real stories of chilling effects from reporters and lawyers and the skeptical, but undocumented, rejections from senior government officials. The reporters explain difficulties in building trust with their sources and the attorneys echo that with stories about the difficulties building client trust. The senior government officials, in contrast, just say that they don't believe the journalists and appear to have thought little, if at all about the issues facing lawyers.
Thanks to ACLU and HRW for adding the important faces of journalists and lawyers to the growing list of people directly harmed by NSA surveillance.Related Issues: Free SpeechNSA SpyingRelated Cases: Jewel v. NSAFirst Unitarian Church of Los Angeles v. NSA
Share this: || Join EFF