EFF: Updates

Syndicate content
EFF's Deeplinks Blog: Noteworthy news from around the internet
Updated: 6 hours 12 min ago

How To Apply International Human Rights Law to NSA Spying

Tue, Mar 11 2014 21:25 -0400

This past Monday, the Human Rights Committee commenced its one hundredth and tenth session in Geneva from March 10-28.  During this session, the Committee will review the reports of several countries on how they are implementing the provisions of the International Covenant on Civil and Political Rights (ICCPR), an international human rights treaty and one of the bedrocks of human rights protections.

Countries that have ratified the ICCPR are required to protect and preserve basic human rights through various means including administrative, judicial, and legislative measures.  Additionally, these countries are required to submit a report to the Human Rights Committee, a body of independent experts who monitor the implementation of States’ human rights obligations, every four years.  The United States ratified the ICCPR in 1992 and is thus tied to these obligations, and required to regard the treaty the same as it would any domestic law.  The Human Rights Committee will review the US’s human rights records on Thursday, March 13. In particular, the Committee will be scrutinizing the US’s mass surveillance practices and its compliance with Article 17 on the right to privacy.

At the opening session of the Human Rights Committee meeting, the UN High Commissioner for Human Rights, Navi Pillay, made it clear that the topic of privacy and surveillance is a priority: 

“Powerful new technologies offer the promise of improved enjoyment of human rights, but they are vulnerable to mass electronic surveillance and interception. This threatens the right to privacy and freedom of expression and association.”

We are pleased that the Human Rights Committee has the opportunity to clarify the scope of United States legal obligations under Article 17 on the right to privacy, especially in light of the recent revelations on mass surveillance leaked by Edward Snowden. Worldwide, the general public is privy to the fact that several US programs have the potential for serious privacy rights violations in the form of mass surveillance both at home and abroad; a blatant violation of the United States' ICCPR obligations.

We are asking the Human Rights Committee to look at the 13 International Principles for the Application of Human Rights to Communications Surveillance—or more commonly, the Necessary and Proportionate Principles, which are supported by over 400 organizations and 300,000 individuals, as a guide for understanding a State Party’s compliance with Article 17.

Moreover, the Electronic Frontier Foundation and the Human Rights Watch submitted a joint shadow report that flags several issues for the Human Rights Committee to consider when reviewing the United States’ report this Thursday. 

Among the main issues are:

I. The US has extraterritorial obligations to uphold the right to privacy of individuals outside its borders

Given the extraordinary capabilities and programs of the US to monitor global communications, the Committee should ask the US to acknowledge that its obligations with respect to the right of privacy apply extraterritorially to persons whose communications it scans or collects.  To accept otherwise would defeat the object and purpose of the ICCPR with regard to the privacy of borderless, global digital communications.

Accepting the US’s view that the right to privacy does not extend to its actions abroad would defeat the object and purpose of Article 17 as applied to online or digital communications. If states adopted a similar position, it would permit governments to conduct arbitrary or unlawful surveillance on the communications of any persons physically located outside their territory or jurisdiction.  This position would thwart efforts of other governments to protect the privacy rights of their own residents if every other government if free to violate that right.  The US’s position is also contrary to the principle of the universality of rights and suggests that the right to privacy can be abrogated on the basis of citizenship and legal status.

II. Collection of personal information is an interference with privacy

In responding to the Snowden revelations, US government officials have implied that the US does not consider electronic information to have been “collected” until that information is searched or processed in some way.

The Committee should recognize that the acquisition of copying of personal information can constitute an “interference” with the right to privacy under Article 17, regardless of whether the information is subsequently processed, examined, or used by the government.

Furthermore, the US government continues to assert a distinction between the content of communications and “metadata” or transactional data.  Communications metadata generally consists of information other than the content of the communications, including the phone number dialed, time or date of a phone call, mobile phone location information, Internet Protocol address, or website URL visited.  In litigation challenging its communications surveillance programs, the US maintains that while individuals have a “reasonable expectation of privacy” in the content of their communications, they do not have such an expectation for their metadata, and such metadata enjoys significantly weaker privacy protections.  In addition, the US contends that individuals forfeit their privacy rights in information that they share with the third-party company that provides communications services. As a consequence of these two contentions, the US asserts that it may collect metadata from phone and Internet companies without implicating their customers’ legal rights to be free from unwarranted searches and seizures.

We hope the Human Rights Committee directly challenges these arguments.

As explained in the "Necessary & Proportionate Principles," traditionally the invasiveness of communications surveillance has been evaluated on the basis of old categories that are no longer appropriate for measuring the degree of the intrusion that communications surveillance makes into individuals’ private lives and associations. One of the main considerations in drafting the principles has been to ensure that the level of protection accorded to information properly corresponds to the degree of intrusion into people’s lives that can result from access to the data by third parties. Thus any formerly used labels—such as “metadata”—that do not reflect these real-life effects should be rejected.

III. Mass collection of data is fundamentally arbitrary and disproportionate

The Committee should find that mass, indiscriminate collection, search, or retention of electronic information is fundamentally arbitrary and disproportionate.  Dragnet searches or collection on large groups without some threshold showing of individualized suspicion that the information to be acquired is necessary to protect national security, or another legitimate interest of the United States, should be presumptively impermissible.

EFF believes the Principles could assist the commission in developing an understanding of the right to privacy in the light of new technologies. Established international human rights law is often still new in terms of its application in the new global digital world, and one of the main aims of the Principles is to provide guidance and make suggestions in that regard; to ensure that individuals do not lose precious protection built up over many years simply because the concepts and approaches developed in a pre-digital world do not always “fit” the new reality. The Principles look beyond the current set of revelations to take a broad look at how modern communications surveillance technologies can be addressed consistently with human rights and the rule of law.

The question remains: If the Human Rights Committee, after reviewing the fourth periodic report of US, provides the member state with recommendations, also known as “concluding observations,” will the US finally comply?

Michael Posner, the former assistant secretary for human rights said he hoped the US would “take the next step, which is to say, ‘This isn’t just policy—it is an international legal obligation.’ ”

Follow along—the entire US ICCPR review will be webcast on UN TV on March 13 and 14.

Files:  EFF and Human Rights Watch Joint SubmissionRelated Issues: State Surveillance & Human RightsNSA Spying
Share this:   ||  Join EFF

Dish/Disney Deal Means Commercial-Skipping Safe From One Copyright Threat - But Disney Still Wants To Hold Your Remote

Tue, Mar 11 2014 19:44 -0400

One of the two cases against satellite TV company DISH Network settled last week, with Disney ending its quest to have DISH's automatic commercial-skipping feature, AutoHop, made illegal. In addition to calling off its lawyers, Disney agreed to stream some shows from its popular networks like ABC, Disney Channel, and ESPN over the Internet to DISH subscribers. In exchange, DISH agreed to disable the commercial-skipping functionality for three days after a show is aired - corresponding to the period that the Neilsen Company includes in its audience measurements.

We're pleased that Disney dropped its silly legal challenge against DISH's digital video recorder. Although Disney had put together a convoluted legal argument against DISH, at the end of the day Disney could only succeed if it could convince the a federal court that TV-watchers are breaking the law when they skip commercials. As EFF argued in our amicus brief along with Public Knowledge and the Organization for Transformative Works, commercial-skipping is legal no matter how convenient DISH might make it. Disney's effort seemed especially futile after another appeals court rejected a similar case brought by Fox last year.

Still, DISH's agreement to lock out the ad-skipping feature until three days have elapsed from the original broadcast is disappointing, given that the law has nothing to say about commercial-skipping. Aside from dropping a lawsuit that Disney was likely to lose anyway, the quid pro quo for crippling the Ad Hopper seems to be making some programming available to DISH subscribers online. Walling up online video content and making it available only to cable or satellite subscribers - known as the 'TV Everywhere' strategy - seems destined to keep Internet video an add-on to expensive pay-TV packages instead of a low-cost competitor in its own right. If this settlement is just another step down that road, plus a less useful DVR than the one DISH released two years ago, it’s not much cause for celebration.

Related Issues: Fair Use and Intellectual Property: Defending the BalanceDigital Video
Share this:   ||  Join EFF

Facebook's Ongoing Legal Saga with Power Ventures Is Dangerous To Innovators and Consumers

Tue, Mar 11 2014 17:54 -0400

As Facebook turned ten years old last month, a legal case it brought against Power Ventures almost six years ago demonstrates the continued hurdles facing developers who seek to empower users to interact with closed services like Facebook in new and creative ways. In a new amicus brief, we caution the Ninth Circuit Court of Appeals not to extend crippling civil and criminal liability on services that provide competing or follow-on innovation.

Power Ventures made a web-based tool that allowed users to log into all of their social networking accounts in one place and aggregate messages, friend lists, and other data so they could see all their information in one place. To promote its service, it offered a $100 reward to users who could invite, through the Facebook Events system, a certain number of friends to sign up for Power's service. Because of the way Facebook designed its Events system, the messages appeared to come from Facebook directly, although the messages clearly identified the individual user who sent the invitation, as well as Power's service. Facebook eventually blocked one of several IP addresses Power used to connect to Facebook, and Power eventually stopped allowing Facebook users to use Power's service. 

In 2008, Facebook sued Power, claiming it had violated the Computer Fraud and Abuse Act (CFAA) and California Penal Code § 502 when it allowed users to access Facebook data after it blocked a specific IP address Power was using to connect to Facebook data. Facebook also claimed that Power violated the CAN-SPAM Act, the federal law that prohibits sending commercial emails with materially misleading information, when Power encouraged users to invite their friends to try Power. We've filed a number of amicus briefs in this case, arguing that Facebook's theories of liability were wrong and dangerous, and that users have the right to choose how they access their data.

While the district court initially agreed with us that Facebook could not prove a CFAA violation by merely showing that Power violated Facebook's terms of service, it nonetheless ruled in 2012 that Power was liable to Facebook under the CFAA and CAN-SPAM and, in 2013, ordered Power to pay more than $3 million in damages to Facebook, a significant amount that was remarkably less than the staggering $18 million Facebook initially sought. Power is now bankrupt and the case is before the Ninth Circuit, where we again filed an amicus brief in support of Power.

On the CFAA claims, our brief explains working around an IP address block is a common non-criminal act in most instances. The CFAA is intended to go after hackers who circumvent technical restrictions in order to access data they are not otherwise entitled to, not users who utilize a third-party service to access their own data. Plus circumventing a technical block merely enforcing Facebook's terms of service is not a violation of the CFAA. The only way to determine whether Power was violating the CFAA was to look at Power's motivation for working around Facebook's IP block. Here, the facts were in dispute: Facebook claimed Power was trying to circumvent the IP block, but Power claimed its business practice was to use multiple IP addresses and when one was blocked, it stopped trying to access Facebook. But the court never resolved this factual dispute, instead finding that using technology that merely has the capability to circumvent a technical restriction—regardless of what the technology actually did circumvent or regardless of the user's motivation for trying to circumvent—is enough to violate the CFAA. This is a dangerous idea, criminalizing innovations like Power's service, and turning Facebook users that used Power to access their own data into criminals.

Facebook's CAN-SPAM claims are just as dangerous. Congress passed CAN-SPAM to go after big time spammers who hide their identities in order to bombard users with malware and phishing schemes. Captive email systems like Facebook's, where a user has no control over the header information of the message, were not contemplated in CAN-SPAM, which was signed into law on December 16, 2003—two months before Facebook was even launched. Plus the messages weren't misleading since a Facebook user that got an invitation knew all three parties to the communication: the friend who sent the invite, Facebook who facilitated the message, and Power who's service was being promoted. But by finding Power liable, the lower court puts all Facebook users who use Events at unreasonable legal risk. For example, if a Facebook user is in a band and, using Facebook Events, invites friends to a local show with a small cover charge, that user has arguably sent a "misleading" commercial message under CAN-SPAM because, even though the friend sent the message, the header information will show the message came from Facebook. That user could be guilty of a crime and liable for a significant financial penalty for every message sent. This is an absurd interpretation of the law that criminalizes routine Internet behavior.

Facebook's claims here are dangerous, threatening to put the power of law—including serious criminal penalties—behind Facebook and other companies' anti-competitive decisions to thwart consumer choice and innovation that doesn't meet their approval. The information put into a social networking site belongs to the user, who should be able to access, export, and aggregate the data as they please. Hopefully the Ninth Circuit will understand and appreciate this, reversing a lower court decision that equates consumer choice with legal risk.

Files:  EFF Facebook v. Power 9th Circuit Amicus BriefRelated Issues: Terms Of (Ab)UseCoders' Rights ProjectComputer Fraud And Abuse Act ReformRelated Cases: Facebook v. Power Ventures
Share this:   ||  Join EFF

House Introduces FIRST Act, and It's Still Awful for Open Access

Tue, Mar 11 2014 17:23 -0400

The campaign for open access to publicly funded research was going in the right direction: the White House issued a strong mandate last year, federal agencies have taken up the mantle to create public access policies, and the solid open access bill FASTR was introduced in both the House and the Senate.

And then yesterday happened. House Science Committee Chair Lamar Smith and Rep. Larry Buchson introduced the FIRST Act (PDF), a scientific research bill that contains language that sends the progress made on the open access front in the exact opposite direction. We've written about this bill's bad draft language before, and we hoped the substance would change before the bill was introduced. Unfortunately, it did not.

Markup is on Thursday. Tell your lawmakers that the FIRST Act is not the open access reform we need, and to support FASTR instead.

Section 303 of the FIRST Act—which stands for the Frontiers in Innovation, Research, Science and Technology Act, H.R. 4186—restricts access to publicly funded research articles by up to three years. This is unheard of in the world of public access. The current NIH policy, for example, makes sure important health research is publicly available within a year. A three year delay is chilling to scientific and technological progress, especially when many researchers and startups cannot access articles in the first place due to exorbitant journal costs.

The bill also still allows federal agencies to link to final copies of articles, rather than archive them themselves. As the publishing industry is in a period of flux right now, this option is far from scalable; archiving the papers, which is what the NIH—which is responsible for $30 billion of the federal research budget—already does, clearly is a more sustainable option. Having a more centralized source for research papers also lends itself better to meta-analysis and downstream work.

Section 303 puts up too many unnecessary obstacles that hinder the research, academic, and technological communities that its STEM mandate hopes to spur. A prime example: the bill calls for agencies to go through an 18-month planning period to figure out how to implement its policies, which they are already going through right now through the White House mandate. When it comes to FIRST, the only winners are big publishers, who have clearly hijacked the bill's language to serve their own needs.

Let's stop this nonsense. Demand open access reform that actually works.

Files:  hr4186-303.pdfRelated Issues: Open Access
Share this:   ||  Join EFF

Supreme Court Must Set Limits on Cell Phone Searches

Tue, Mar 11 2014 12:03 -0400
Changing Technology Demands New Rules for Police

San Francisco - The Electronic Frontier Foundation (EFF) asked the U.S. Supreme Court Monday to set limits on warrantless searches of cell phones, arguing in two cases before the court that changing technology demands new guidelines for when the data on someone's phone can be accessed and reviewed by investigators.

The amicus briefs were filed in Riley v. California and U.S. v. Wurie. In both cases, after arresting a suspect, law enforcement officers searched the arrestee's cell phone without obtaining a warrant from a judge. Historically, police have been allowed some searches "incident to arrest" in order to protect officers' safety and to preserve evidence. However, in the briefs filed Monday, EFF argues that once a cell phone has been seized, the police should be required to get a search warrant to look through the data on the phone.

"Allowing investigators to search a phone at this point – after the device has been secured by law enforcement but before going to a judge and showing probable cause – is leaving 21st Century technology outside the protections of the Fourth Amendment," said EFF Staff Attorney Hanni Fakhoury. "If we're going to truly have privacy in the digital age, we need clear, common-sense guidelines for searches of digital devices, with meaningful court oversight of when and how these searches can be conducted."

In the not-so-distant past, our pockets and purses carried only limited information about our lives. But in the age of the smartphone, we are walking around with a complete, detailed history of our work schedules, our medical concerns, our political beliefs, and our financial situations. Our phones include pictures of family gatherings, videos of friends, apps that help manage our health and our money, and email and text messages from both our personal and professional lives.

"Our phones include an extraordinary amount of sensitive information – our past, our present, our plans for the future," said Fakhoury. "We can't let investigators rummage through this data on a whim. It's time for the Supreme Court to recognize the important role that judicial oversight must play in searches of cell phones incident to arrest."

Today's brief was filed in conjunction with the Center for Democracy and Technology. The brief was authored with the assistance of Andrew Pincus of Mayer Brown LLP and the Yale Law School Supreme Court Clinic.

For the full brief filed in Riley and Wurie:

For more on search incident to arrest:


Hanni Fakhoury
   Staff Attorney
   Electronic Frontier Foundation

Share this:   ||  Join EFF

EFF to the United Nations: Protect Individuals Right to Privacy in The Digital Age

Mon, Mar 10 2014 15:36 -0400

Today, the Human Rights Committee, a body of independent experts that monitors the implementation of States human rights obligations, is holding its one hundredth and tenth session in Geneva from 10th to 28th March. During this meeting, the Committee will review the reports of the United States (among other countries) on how they are implementing the provisions of the International Covenant on Civil and Political Rights. In particular, the Committee will be scrutinizing the United States' mass surveillance practices and its compliance with Article 17 on the the right to privacy.

We are pleased that the Human Rights Committee now has the opportunity to clarify the scope of United Sates legal obligations under Article 17 on the right to privacy, especially in light of the recent revelations on mass surveillance leaked by Edward Snowden. We call upon the Human Rights Committee to look at the 13 International Principles for the Application of Human Rights to Communications Surveillance—or more commonly, the Necessary and Proportionate Principles, which are supported by over 400 organizations and 300,000 individuals, as a guidance for understanding a State Party’s compliance with Article 17.

EFF believes the Principles could assist the commission in developing an understanding of the right to privacy in the light of new technologies. Established international human rights law is often still new in terms of its application in the new global digital world, and one of the main aims of the Principles is to provide guidance and make suggestions in that regard, to ensure that individuals do not lose precious protection built up over many years simply because the concepts and approaches developed in a pre-digital world do not always “fit” the new reality.  The Principles look beyond the current set of revelations to take a broad look at how modern communications surveillance technologies can be addressed consistently with human rights and the rule of law.

Some of the key factors are:

Protect Critical Internet Infrastructure: No law should impose security holes in our technology in order to facilitate surveillance. Dumbing down the security of hundreds of millions innocent people who rely on secure technologies in order to ensure surveillance capabilities against the very few bad guys is both overbroad and short-sighted. Yet one of the most significant revelations this year has been the extent to which NSA, GCHQ and others have done just that—they have secretly undermined the global  communications infrastructure and services. They have obtained private encryption keys for commercial services relied upon by individuals and companies alike and have put backdoors into and have generally undermined security tools and even key cryptographic standards relied upon by millions around the world. The assumption underlying such efforts—that no communication can be truly secure—is inherently dangerous, leaving people at the mercy of "good guys" and "bad guys" alike. It must be rejected.

Protect Metadata: It’s time to move beyond the fallacy that information about communications is not as private as the content of communications. Information about communications—also called metadata or non-content—can include the location of your cell phone, clickstream data, and search logs, and is just as invasive as reading your email or listening to your phone calls, if not more so. What is important is not the kind of data is collected, but its effect on the privacy of the individual. Thus, the law must require high standards for government access—for criminal prosecutions this means the equivalent of a probable cause warrant issued by a court (or other impartial judicial authority)—whenever that access reveals previously nonpublic information about individual communications. This includes revealing a speaker’s identity if it is not public; the websites or social media one has encountered; the people one has communicated with; and when, from where, and for how long. In the pre-Internet age, the much more limited amount and kind of “metadata” available to law enforcement was treated as less sensitive than content, but given current communications surveillance capabilities, this can no longer be the case. Our metadata needs to be treated with the same level of privacy as our content.

Monitoring Equals Surveillance: Much of the expansive state surveillance revealed in the past year depends on confusion over whether actual "surveillance" has occurred and thus whether human rights obligations apply. Some have suggested that if information is merely collected and kept but not looked at by humans, no privacy invasion has occurred. Others argue that computers analyzing all communications in real-time for key words and other selectors is not "surveillance" for purposes of triggering legal protections. These differences in interpretation can mean the difference between targeted and mass surveillance of communications.

Definitions Matter. This is why one of the crucial points in our Principles is the definition of "communications surveillance", which encompasses the monitoring, interception, collection, analysis, use, preservation and retention of, interference with, or access to information that includes, reflects, or arises from or a person’s communications in the past, present or future. States should not be able to bypass privacy protections on the basis of arbitrary definitions.

Mission Creep: Contrary to many official statements, the modern reality is that state intelligence agencies are involved in a much broader scope of activities than simply those related to national security or counterterrorism. The NSA and its partners, for example, have used the expansive powers granted to them for political and even economic spying—things that have little to do with the safety of the state and its citizens. Worse, the information collected by foreign intelligence agencies, it turns out, is routinely (and secretly!) re-used by domestic agencies such as the Drug Enforcement Agency, effectively bypassing the checks and balances imposed on such domestic agencies.

The Necessary and Proportionate Principles state that communications surveillance (including the collection of information or any interference with access to our data) must be proportionate to the objective they are intended to address. And equally importantly, even where surveillance is justified by one agency for one purpose, the Principles prohibit the unrestricted reuse of this information by other agencies for other purposes.

No Voluntary Cooperation: As we've learned about extralegal and voluntary deals between tech companies and intelligence agencies, it's become increasingly clear that the terms of cooperation between governments and private entities must be made public. The Necessary and Proportionate principles clarify that there is no scope for voluntary cooperation from companies unless a warrant has met the proportionality test.

Combat a Culture of Secret Law: The basis and interpretation of surveillance powers must be on the public record, and rigorous reporting and individual notification (with proper safeguards) must be required. The absence of transparency in surveillance laws and practices reflects a lack of compliance with human rights and the rule of law. Secret laws—whether about surveillance or anything else—are unacceptable. The state must not adopt or implement a surveillance practice without public law defining its limits. Moreover, the law must meet a standard of clarity and precision that is sufficient to ensure that individuals have advance notice of, and can foresee, its application. When citizens are unaware of a law, its interpretation, or its application, it is effectively secret. A secret law is not a legal law.

Notification: Notification must be the norm, not the exception. Individuals should be notified of authorization of communications surveillance with enough time and information to enable them to appeal the decision, except when doing so would endanger the investigation at issue. Individuals should also have access to the materials presented in support of the application for authorization. The notification principle has become essential in fighting illegal or overreaching surveillance. Before the Internet, the police would knock on a suspect's door, show their warrant, and provide the individual a reason for entering the suspect’s home. The person searched could watch the search occur and see whether the information gathered went beyond the scope of the warrant.

Electronic surveillance, however, is much more surreptitious. Data can be intercepted or acquired directly from a third party such as Facebook or Twitter without the individual knowing. Therefore, it is often impossible to know that one has been under surveillance, unless the evidence leads to criminal charges. As a result the innocent are the least likely to discover their privacy has been invaded. Indeed, new technologies have even enabled covert remote searches of personal computers. Any delay in notification has to be based upon a showing to a court, and tied to an actual danger to the investigation at issue or harm to a person. 

Restore Proportionality: Authorities must have prior authorization by an independent and impartial judicial entity in order to determine that a certain act of surveillance has a sufficiently high likelihood to provide evidence that will address a serious harm. Any decisions about surveillance must weigh the benefits against the costs of violating an individual's privacy and freedom of expression. Respect for due process also requires that any interference with fundamental rights must be properly enumerated in law that is consistently practiced and available to the public. A judge must ensure that freedoms are respected and limitations are appropriately applied.

Cross-Border Access Protection: Privacy protections must be consistent across borders at home and abroad. Governments should not bypass national privacy protections by relying on secretive informal data sharing agreements with foreign states or private international companies. Individuals should not be denied privacy rights simply because they live in another country from the one that is surveilling them. Where data is flowing across borders, the law of the jurisdiction with the greatest privacy protections should apply.

More To Be Done: The Necessary and Proportionate Principles provide a basic framework for governments to ensure the rule of law, oversight and safeguards. They also call for accountability, with penalties for unlawful access and strong and effective protections for whistleblowers. They are starting to serve as a model for reform around the world and we urge governments, companies NGOs and activists around the world to use them to structure necessary change. The technology companies’ statement last week is a welcome addition and a good start. It also highlights the conspicuous silence of the telecommunications companies, which appear to have a much bigger and deeper role in mass surveillance.

But while the Principles are aimed at governments, government action isn’t the only way to combat surveillance overreach. All of the communications companies, Internet and telecommunications alike, can help by securing their networks and limiting the information they collect. EFF has long recommended that online service providers collect the minimum amount of information for the minimum time that is necessary to perform their operations, and to effectively obfuscate, aggregate and delete unneeded user information. This helps them in their compliance burdens as well: if they collect less data, there is less data to hand over to the government.

Working together, legal efforts like the Necessary and Proportionate Principles serving as a basis for international and national reforms, plus technical efforts like deploying encryption and limiting information collected, can serve as a foundation for a new era of private and secure digital communications.

Related Issues: InternationalState Surveillance & Human Rights
Share this:   ||  Join EFF

Staff Attorney Daniel Nazer Becomes New 'Mark Cuban Chair to Eliminate Stupid Patents'

Mon, Mar 10 2014 13:42 -0400
EFF Quashes Patent Troll’s Subpoena for Donor Records, Collects 5,000 Signatures in Support of Patent Reform

San Francisco - Electronic Frontier Foundation (EFF) Staff Attorney Daniel Nazer has become the new "Mark Cuban Chair to Eliminate Stupid Patents." Nazer succeeds former Senior Staff Attorney Julie Samuels and will lead EFF's campaign to reform the patent system and smash patent trolls. Samuels has left EFF to become the new executive director of Engine Advocacy, one of EFF's key partners in defending innovation in the start-up sector.

Entrepreneur and Dallas Mavericks owner Mark Cuban funded the title and Nazer's position with a $250,000 donation in 2012. Together, Nazer and Samuels, along with the other members of EFF's Intellectual Property team, have worked tirelessly to reform the patent system on multiple fronts, including in the courts, in Congress, at the White House, and before the US Patent and Trademark Office. On Wednesday, Nazer scored a victory against Personal Audio when a judge agreed to quash the notorious patent troll's subpoena for the names of donors who supported EFF's Save Podcasting campaign.

"This is an exciting time to be working on patent reform," said Nazer, who practiced law at Keker & Van Nest LLP before joining EFF at the start of 2013. "The next few months could see new legislation, important Supreme Court decisions, and action from the president. We need to make sure we get real reform that stops the flood of abusive patent troll litigation. I look forward to building on Julie Samuel's success as the Mark Cuban Chair to Eliminate Stupid Patents."

One of the first items of business will be to push Congress to pass meaningful reform. With the Innovation Act overwhelmingly passing in the House (by a vote of 325 to 91), it is now the Senate's turn. Over 5,000 inventors, entrepreneurs, investors, and concerned citizens have signed EFF's letter urging the Senate to act. EFF will continue to develop TrollingEffects.org, an online clearinghouse of crowd-sourced intelligence on patent trolls launched last year in collaboration with a coalition of organizations and law schools.

"Daniel has been an invaluable colleague, and I know he will head up EFF's patent work with dedication and success," Samuels said. "I look forward to continuing to collaborate with him, and the entire EFF patent team, as we all work toward fixing a broken patent system."

For a high resolution image of Daniel Nazer with formal bio:


Daniel Nazer
   Staff Attorney and Mark Cuban Chair to Eliminate Stupid Patents
   Electronic Frontier Foundation

Share this:   ||  Join EFF

Join the Thousands Who Have Urged the Senate to Pass Quality Patent Reform

Fri, Mar 7 2014 15:56 -0400

Within a week, over 5,000 individuals have urged the Senate to pass meaningful patent reform. These individuals represent over 900 inventors, 700 investors, and well over 1300 entrepreneurs who drive the innovation economy—yet are suffering billions of dollars in losses at the hands of patent trolls and rampant litigation.

What is meaningful reform? There must be immediate changes to remove incentives from the patent troll business model: fee shifting to raise trolls' financial stakes, for example; strong end user protections to stop trolls from targeting users of off-the-shelf technologies; transparency provisions preventing bad actors from hiding behind shell companies, striking with misleading demand letters, then stepping back into the shadows.

But reform must go beyond trolls' present tactics; meaningful reform would strike at the root. We must urge the Senate to put an end to destructive patent troll and troll-like behavior by addressing their weapon of choice: overbroad software patents. While fundamental reform may not be in the picture, the Senate has a chance to reintroduce language—for example, expanding the Covered Business Method provision—that would allow individuals and companies to trim down seriously vague patents after they have been issued.

The House recently passed the Innovation Act, which, while quite comprehensive, dropped its patent quality provisions in a last-minute push to gain the favor of older technology companies and their associated Congressional champions. It lies on the Senate to not only quell the current troll-ridden battlefield, but to also start restoring sanity to the patent system as a whole.

Five-thousand people have spoken out in the last week, and the number is still rising. Join us in securing the patent reform we need this year.

Related Issues: PatentsLegislative Solutions for Patent ReformPatent Trolls
Share this:   ||  Join EFF

EFF Statement on Dismissal of 11 Charges Against Barrett Brown

Wed, Mar 5 2014 16:52 -0400

The U.S. Attorney for the Northern District of Texas today filed a motion to dismiss 11 charges against Barrett Brown in a criminal prosecution that would have had massive implications for journalism and the right of ordinary people to share links. EFF has written extensively about the case and had planned to file an amicus brief on Monday on behalf of several reporters groups arguing for the dismissal of the indictment.

Brown, an independent journalist, was prosecuted after he shared a link to thousands of pages of stolen documents in an attempt to crowdsource the review of those documents—a common technique for many journalists. The records came from the US government contractor, Stratfor Global Intelligence and documented discussions of assassination, rendition and how to undermine journalists and foreign governments. They also included thousands of stolen credit card numbers. Brown had no involvement in the hack, but was charged nonetheless with identity theft.

In response to the decision by the federal prosecutor’s office to drop some, but not all of Brown's charges, EFF issued the following statement:

"We are relieved that federal prosecutors have decided to drop these charges against Barrett Brown. In prosecuting Brown, the government sought to criminalize a routine practice of journalism—linking to external sources—which is a textbook violation of free speech protected by the First Amendment. Although this motion is good news for Brown, the unnecessary and unwarranted prosecution has already done much damage; not only has it harmed Brown, the prosecution—and the threat of prosecution it raised for all journalists—has chilled speech on the Internet. We hope that this dismissal of charges indicates a change in the Department of Justice priorities. If not, we will be ready to step in and defend free speech.”

EFF plans to publish its draft brief and deeper analysis later this week.

Files:  barrett_brown_mtd.pdfRelated Issues: Free Speech
Share this:   ||  Join EFF

Middle Schoolers Win C-SPAN Prizes for NSA Documentaries

Wed, Mar 5 2014 15:39 -0400

Remember when Rep. Mike Rogers likened opponents of pernicious cybersecurity legislation to 14-year-olds? It turns out that middle-school-age students are also well-prepared to debate him on the NSA's programs as well.

EFF congratulates students from two middle schools who took home top prizes in the C-SPAN StudentCam 2014 competition for young filmmakers with their documentaries on mass surveillance. Students were tasked with answering the question: “What’s the most important issue the U.S. Congress should consider in 2014?”

According to the C-SPAN press release:

Peter Jasperse, Antonia Torfs-Leibman and Madeleine Hutchins, eighth graders at Eastern Middle School in Silver Spring, Md., are national First Prize winners in the Middle School division. Peter, Antonia and Madeleine will share $3,000 for their First Prize documentary, 'The NSA: The Lengths of America's Security,' about NSA surveillance."

The video, featuring an interview with author James Bamford, will air on C-SPAN at 6:50 a.m. E.T. and throughout the day on April 23. You can also watch it online.

Ben Blum, a filmmaker at Saint Mark's School in San Rafael, California, scored second place in the same category for his documentary "Data Obsession," featuring EFF Activist Parker Higgins. It will air on Friday, April 11 and you can watch it below:

Privacy info. This embed will serve content from youtube-nocookie.com

If you're a student interested in ways to join our fight against NSA surveillance, please visit https://supporters.eff.org/engage. var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22//www.youtube-nocookie.com/embed/AI4VaRgpDCs%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E';
Share this:   ||  Join EFF

UPDATE: EFF Fights Back Against Oakland's Disturbing Domain Awareness Center

Tue, Mar 4 2014 18:23 -0400

UPDATE- March 5, 2014:

After a grueling meeting where dozens of speakers expressed concerns about privacy, racial profiling, and political repression, the Oakland City Council voted to move forward with a reduced Domain Awareness Center. The motion that was approved will remove city cameras and ShotSpotter from the DAC components, but does not address many of the questions EFF and others have raised. The final vote was a 4-4 tie, with Councilmembers Rebecca Kaplan, Libby Schaaf, Noel Gallo, and Lynette Gibson McElhaney voting no and Councilmembers Dan Kalb, Pat Kernighan, Desley Brooks, and Larry Reid voting yes. Mayor Jean Quan cast the tie-breaking yes vote, and has indicated that she will seek to add more systems to the DAC “one at a time” in the future. EFF will now be scrutinizing the development of the privacy policy and the DAC system itself very closely.

After an encouraging debate at the Oakland City Council meeting on February 18, EFF has submitted another letter opposing Oakland’s Domain Awareness Center (DAC). The DAC is a potent surveillance system that could enable ubiquitous privacy and civil liberties violations against Oakland residents. The city appeared set to approve a resolution that would have handed the City Administrator authority to sign a contract for completion of the project. However, after strenuous discussion, Councilmember Desley Brooks made a motion to delay the vote for two weeks in order to get more information about the potential civil liberties and financial impacts of the DAC. The council passed the motion with 6 yes votes and 2 abstentions.

Phase I of the DAC, funded by a Department of Homeland Security grant, is already operational. It integrates Port security cameras and an intrusion detection system with City of Oakland traffic cameras, city geographic information system (GIS) mapping, and a gun shot detector called ShotSpotter. The information from these various data sources is integrated using “Physical Security Information Management” PSIM. This allows law enforcement and other agencies to access and analyze all of these data sources through a single user interface. This means DAC staff can look at a single screen and see various video and information feeds at once, allowing much more invasive surveillance of Oaklanders.

At the February 18 meeting, speakers raised myriad issues. One of those was the racial profiling of Yemeni, Muslim, and African-American communities already happening in Oakland. Mokhtar Alkhanshali, a community organizer, talked about how law enforcement already targets the thousands of Muslims in Oakland, stating, “I represent people who are afraid to come here." Fred Hampton, Jr., son of the murdered Black Panther Party member Fred Hampton, reminded the council about the legacy of surveillance and targeting experienced by African-American activists.

At issue now is whether the Oakland City Council will approve an expansion of the system to include more data sources, considering all the outstanding questions. The council seemed to hear the concerns raised by community members and asked a lot of their own questions at the meeting. The council directed staff to provide further information. Unfortunately, as EFF’s letter states, the most recent staff report:

continues to punt key issues around the DAC to the future, regardless of the fact that many members of the Council prudently expressed concern about approving the project without a full delineation of what is being approved. These questions include, among others, what types of cameras and other data sources will be included, what relationships and information sharing agreements exist between the City and federal agencies, how DAC analytics will work, how exactly public engagement will occur, when the privacy policy advisory committee will meet and who will be on that committee.

Another major concern expressed at the meeting was the connection between the Domain Awareness Center and other law enforcement agencies, including the FBI. While city staff has repeatedly assured the public and the Oakland City Council that there are no information sharing agreements with federal agencies, the city already works several of them. EFF’s letter addresses this: 

implying that there is any sort of firewall between DAC information and the federal government is disingenuous at best. As has been pointed out to the Council, Oakland already shares information with the FBI through its participation in a Joint Terrorism Task Force. Similarly, the Oakland Police Department participates in the Bay Area Urban Area Security Initiative (UASI), a Department of Homeland Security program. In fact, Renee Domingo is part of the “Approval Authority” for UASI. The Approval authority “provides policy direction and is responsible for final decisions regarding projects and funding,” to UASI.

Implying that the DAC has no relationship to fusion centers is also disingenuous. UASI is one of the primary funders for the Northern California Regional Intelligence Center (NCRIC), the regional Bay Area fusion center. Furthermore, the DAC itself has been “featured” regarding information sharing in relationship to NCRIC and other federal agencies; in a 2013 port security workshop that included Department of Homeland Security, NCRIC and Port of Oakland officials and brought in other federal agencies, law enforcement, and private interests, the DAC and NCRIC were used as models for information sharing relationships.  In fact, pursuant to City Council resolutions, the Oakland Police Department and Fire Department staffed the Northern California Regional Intelligence Center in 2011 and 2012.

EFF joins the ACLU of Northern California, National Lawyers Guild and the Oakland Privacy Working Group (OPWG) in opposing the DAC. A group letter from OPWG has amassed over 35 signatories, including faith leaders, political party leaders, and community groups from the Arab, Muslim, Asian, and African-American communities. The Council has the opportunity to halt the DAC now, and to address the existing systems in place:

A no vote today is not the last step. The Council must then take responsibility for addressing Phase 1 of the DAC. EFF warns the Council that it must seriously consider how exactly a port-only DAC will work, taking into account the serious technical and legal concerns that accompany the DAC even as it currently exists. EFF again reminds the Council that any financial consequences of limiting the DAC are no reason to pursue a course of action that will seriously endanger civil liberties in Oakland. EFF urges the Council to consider the egregious lack of information and transparency that has surrounded this project and to vote against any expansion of the DAC.

Share this:   ||  Join EFF

Mexican Protest Site Censored by GoDaddy — with the U.S. Embassy's Help

Tue, Mar 4 2014 14:18 -0400

The Mexican website 1dmx.org (mirror here), was set up in the wake of a set of controversial December 1st 2012 protests against the inauguration of the new President of Mexico, Enrique Peña Nieto. For a year, the site served as a source of information, news, discussion and commentary from the point of view of the protestors. As the anniversary of the protests approached, the site grew to include organized campaign against proposed laws to criminalize protest in the country, as well as preparations to document the results of a memorial protest, planned for December 1, 2013.

On December 2nd, 2013, the site disappeared offline. The United States host, GoDaddy, suspended the domain with no prior notice. GoDaddy told its owners that the site was taken down "as part of an ongoing law enforcement investigation." The office in charge of this investigation was listed as "Special Agent Homeland Security Investigations, U.S. Embassy, Mexico City." (The contact email pointed to "ice.dhs.gov," implying that this agent was working as part of the Immigration and Customs Enforcement wing, who have been involved in curious domain name takedowns in the past.)

Email received by 1dmx.org owners from GoDaddy.

Luis Fernando García, 1dmx.org lawyer for the protestors, suspected that the call to bring down the site came from further afield than the U.S. embassy, and is suing several authorities in the Mexican courts to discover exactly which government agency passed on the order to the U.S. Embassy. Their court case, announced today, will continue to pursue the Mexican authorities to find the source of the demand, which the case contends violates Mexico's legal protections for freedom of expression.

If there are many questions to be answered by the Mexican authorities about this act of prior restraint on speech, there are no shortage of queries about the United States' involvement in this takedown. Why did GoDaddy take down content with the excuse of it being part of a legal investigation, when the company did not request or relay any formal judicial documents or an official court order? And why is the U.S. Embassy acting as a relay for an unclear legal process that resulted in censorship within the United States?

We look forward to following the result of the website owners' court case in Mexico, and to the responses of GoDaddy and the United States Embassy in Mexico City to this developing story.

Related Issues: Free SpeechBloggers' RightsInternational
Share this:   ||  Join EFF

EFF Urges Supreme Court to Crack Down on Patent Trolls

Mon, Mar 3 2014 18:00 -0400
Two Big Cases Could Protect Software Innovators – and Their Customers – From Patent Lawsuits

San Francisco - The Electronic Frontier Foundation (EFF) urged the U.S. Supreme Court to crack down on patent trolls and the schemes they use to perpetuate their lawsuits in two amicus briefs filed today.

"Patent trolls and their payoff demands depend on a flawed U.S. patent system," said EFF Senior Staff Attorney Julie Samuels, who also holds the Mark Cuban Chair to Eliminate Stupid Patents. "The cases the Supreme Court is tackling this term are prime examples of patent lawsuits gone awry. We're asking the justices today to enforce the law and protect new businesses, new gadgets, and the customers who use these products and services by providing clear rules that crack down on patent trolls."

In Nautilus v. Biosig Instruments, the Supreme Court could curtail vague and ambiguous patents that are currently allowed by the Federal Circuit. Under that standard, patent claims can stand even if "reasonable people can disagree" over the patent's meaning, and no matter "however difficult that task may be" to understand it. This has sparked a rash of vague patents, and EFF asked justices in today's brief to restore the Patent Act's requirement that patent claims be clear.

"Vague patents are extraordinarily prevalent in software, and they are a favorite tool of patent trolls," said EFF Staff Attorney Daniel Nazer. "If you can cleverly craft an ambiguous patent, you can stretch the claims later to cover all sorts of things you hadn't thought of at the time. Clarifying the law here and requiring definite claims is a straightforward, substantial way to improve patent quality and reduce shake-down patent litigation."

Limelight Networks v. Akamai Technologies involves a patent question over Limelight's content-distribution network, which allows for server-side storage of web content. Limelight's customers perform one of the steps of the patent at issue – tagging the remote content – but Akamai wants to enforce its patent anyway. In the brief filed today, EFF argues that Akamai's legal strategy could create a new category of patent defendants: end-users who unknowingly performed one of the steps.

"Imagine what would happen if using a piece of software or other service sold to you legally could result in a major patent infringement case," said Samuels. "Luckily, courts thus far have instituted a common-sense rule protecting end-users and consumers, and we're hopeful the Supreme Court will keep up this trend."

So far this term, EFF has filed four amicus briefs with the Supreme Court on patent and patent troll issues. Last week, EFF urged the court to rein in overbroad patents that are impermissibly abstract in Alice Corp. v. CLS Bank. In December, EFF filed a brief in Octane Fitness, LLC v. Icon Health & Fitness, Inc., urging the court to make it easier for prevailing defendants to get attorney's fees in patent cases.

For the full brief in Nautilus v. Biosig:

For the full brief in Limelight v. Akamai:


Julie Samuels
   Senior Staff Attorney
   The Mark Cuban Chair to Eliminate Stupid Patents
   Electronic Frontier Foundation

Daniel Nazer
   Staff Attorney
   Electronic Frontier Foundation

var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22//www.youtube.com/embed/aGmiw_rrNxk%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22360%22 width=%22480%22%3E%3C/iframe%3E';
Share this:   ||  Join EFF

Obama Nominates Former SOPA Lobbyist to Help Lead TPP Negotiations

Mon, Mar 3 2014 15:35 -0400

President Obama has nominated former SOPA lobbyist Robert Holleyman to join the team of U.S. negotiators leading the Trans-Pacific Partnership (TPP) talks. If confirmed by the Senate, the former chief executive officer of the Business Software Alliance (BSA) would serve as a Deputy to the U.S. Trade Representative. Coincidentally, the current head of the BSA is former White House IP Czar Victoria Espinel.

Holleyman is an interesting choice for the Obama administration, given the current standstill in TPP negotiations. Reports from the TPP ministerial meeting last weekend said that nothing substantive came out of those talks and that an end date for this sprawling deal is growing increasingly uncertain. One of the many topics of contention is the copyright enforcement sections. On these, the U.S. refuses to agree to provisions that would allow signatory countries flexibility in their copyright regimes.

As a result, countries like Chile and Canada are standing firm against U.S. proposals—a stance confirmed by the “Intellectual Property” chapter published by Wikileaks in November. These proposals include provisions that would place greater liabilities on Internet Service Providers, create new tools of censorship, and new restrictions on how users can access and interact with digital content. Instead of allowing other countries to choose their own approaches to copyright, Obama's choice to appoint a prominent supporter of the spectacularly failed SOPA bill indicates the White House's unwillingness to let up on its extreme stance on copyright enforcement.

The evidence of corporate influence on trade talks doesn't stop there. Recent reports revealed that prominent U.S. trade officials had received millions of dollars in bonuses before they left their corporate jobs to take up their position at the Obama administration. Soon after these revelations, the U.S. Trade Rep Michael Froman—who received $4 million in bonuses from banking giant CitiGroup—introduced plans to create a new Public Interest Trade Advisory Committee. If this was an attempt to address our criticism of the overwhelming influence of private interests in setting the U.S. trade agenda, it was—at best—a half-hearted one. As we've pointed out, fundamental issues underlie this trade advisory system, primarily that members would be gagged from discussing or publicly advocating on the provisions they have seen as a result of serving on this committee. This Washington Post graphic clearly illustrates the current dominating influence of corporate industries in these trade advisory committees.

TPP Talks at a Standstill

The pattern of most other TPP countries resisting relatively extreme U.S. proposals is becoming more and more common. According to some sources, Japan and the U.S. are so far from agreement on certain agricultural issues that the U.S. Trade Rep suggested to the other countries that they should exclude Japan from the talks entirely. And senior legislators from seven TPP countries demanded more transparency in negotiations, releasing a statement demanding that the text of the agreement be released before it is signed. Even the Malaysian trade minister said publicly that he would not sign the agreement as long as the text remained secret.

Meanwhile, Obama and the U.S. Trade Rep faces mounting opposition on the domestic front. Lack of concrete assurance from the trade official that he would be steadfast in his push for environmental protections in TPP has apparently eroded the trust of some House Democrats and powerful liberal supporters. Without solid support from his own political base in the House, it will be almost impossible for Obama to get Fast Track authority. Without Fast Track, it's not clear the administration can pass the TPP at all.

Beyond the legislature, the White House lacks popular support for its trade agenda. A recent poll showed that a majority of U.S. voters oppose Fast Track and the TPP. The same survey showed that there are marginally more Republicans who oppose Obama's whole trade agenda, despite the fact that there are many more prominent Republicans in Congress who support handing Fast Track authority to Obama.

TPP's completion becomes ever more tenuous as resistance to its corporate-driven policies continue to dissolve political support for the deal. Yet Obama's nomination of Holleyman suggests that his administration has no intention of removing the draconian copyright policies out of TPP no matter how unpopular or contentious they may be. It also reflects the greater issue at hand—the White House is choosing to heed the demands of Hollywood and other corporate giants and ignore the interests of users.

Those of us in the U.S. need to get our Congress members to oppose Fast Track authority and exercise their constitutional authority to ensure that these trade deals respect our digital rights. It would be an assault on our democratic governance to allow our lawmakers to hand over their own mandate to the White House.

var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22//www.youtube-nocookie.com/embed/iLbfcJgcnyc?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22369%22 width=%22650%22%3E%3C/iframe%3E'; Related Issues: Fair Use and Intellectual Property: Defending the BalanceInternationalTrans-Pacific Partnership Agreement
Share this:   ||  Join EFF

EFF Fights National Security Letter Demands on Behalf of Telecom, Internet Company

Mon, Mar 3 2014 08:45 -0400
Legal Briefings Still Under Seal After Government Demands for Secrecy

The Electronic Frontier Foundation (EFF) filed two briefs on Friday challenging secret government demands for information known as National Security Letters (NSLs) with the Ninth Circuit Court of Appeals.  The briefs—one filed on behalf of a telecom company and another for an Internet company—remain under seal because the government continues to insist that even identifying the companies involved might endanger national security. 

While the facts surrounding the specific companies and the NSLs they are challenging cannot be disclosed, their legal positions are already public: the NSL statute is a violation of the First Amendment as well as the constitutional separation of powers.

“The NSL statute allows the FBI to demand potentially protected information without any court oversight,” EFF Senior Staff Attorney Matt Zimmerman said.  “Furthermore, it permits the FBI to independently gag recipients so that NSL recipients like our clients have no ability to notify their customers or the public that any demands were made, let alone that they went to court to stop them.  Our clients strongly desire to bring their unique perspectives to the ongoing national discussion on intrusive government spying, and they have timely and relevant information to contribute to that debate. However, the FBI’s unconstitutional NSL authority prevents these companies from exercising their rights and taking part in this critically important conversation.”

In March 2013 a federal district court judge in San Francisco agreed with EFF and ruled the NSL provisions unconstitutional, barring future NSLs and accompanying gag orders.  That ruling was stayed pending appeal, however, and the district court has subsequently enforced separate NSLs—including NSLs issued to both EFF clients—and indicates that it will continue to do so until the Ninth Circuit rules on EFF’s challenges. 

“The fight over NSLs and the government’s dangerous practice of bypassing meaningful review by the judicial branch is not an academic one—real people and real companies are involved, battling for their constitutional rights and the rights of their users,” Zimmerman said.  “The district court was right: the First Amendment prevents the FBI from engaging in such invasive, secretive, and unaccountable activities.  We are eager to explain to the Court of Appeals why it should come to the same conclusion.”

EFF also recently re-launched its Frequently Asked Questions page on National Security Letters. Read it at: https://www.eff.org/issues/national-security-letters-faq

For more on the National Security Letter cases: https://www.eff.org/cases/re-matter-2011-national-security-letter


Matt Zimmerman
   Senior Staff Attorney
   Electronic Frontier Foundation

Share this:   ||  Join EFF

EFF Staff to Speak at RightsCon!

Fri, Feb 28 2014 20:37 -0400

The RightsCon summit is making its way back to Silicon Valley March 3-5, opening its doors to human rights experts, engineers, government representatives, and other activists from around the globe who will discuss solutions to human rights challenges. As such, a number of EFF staff members are looking forward to attending and speaking at the three-day conference, which is hosted by our friends at Access.

While EFF encourages you to attend as many RightsCon events as you can, be sure to catch the following:

Monday, March 3, 3:30PM - 4:45PM: State of the Fight Against State-Sponsored Malware featuring Global Policy Analyst, Eva Galperin and Staff Attorney, Nate Cardozo

Monday, March 3, 5:00PM – 6:15PM: The Web Women Want featuring Director for International Freedom of Expression, Jillian C. York

Tuesday, March 4, 12:00PM – 1:15PM: Policy Laundering: Hacking the International Innovation Policy Machine featuring Intellectual Property Director, Corynne McSherry and Global Policy Analyst, Maira Sutton

Tuesday, March 4, 12:00PM – 1:15PM: Watching the Observers: The Impact of Surveillance on Human Rights Documentarians and Journalists featuring Global Policy Analyst, Eva Galperin

Tuesday, March 4, 4:00PM – 5:00PM: Toward Accountability: Reflecting on ICT Industry Action to Protect Users Rights featuring International Director, Danny O’Brien

Tuesday, March 4, 5:15PM – 6:15PM: Demonstrate and Disobey: Protest and Civil Disobedience On and Offline featuring Staff Attorney, Hanni Fakhoury

Wednesday, March 5, 9:00AM – 10:15AM: Competition, Consumers and Trolls: Why You Should Care About Patents featuring Senior Staff Attorney, Julie Samuels

Wednesday, March 5, 10:30AM – 11:45AM: Privatized Enforcement and Corporate Censorship: The Future of Freedom of Expression featuring Director for International Freedom of Expression, Jillian C. York

Wednesday, March 5, 10:30AM – 11:45AM: Securing Justice Safely: Documenting, Distributing, and Adjudicating on Digital Human Rights Data featuring Senior Staff Attorney, Kurt Opsahl

Wednesday, March 5, 2:30PM – 3:45PM: Uncontrolled Surveillance: Regulation and the Export Controls featuring International Director, Danny O’Brien

Wednesday, March 5, 4:00PM – 5:15PM: Fire the Lawyers, Hire the Engineers! – A Debate featuring Legal Director, Cindy Cohn

Wednesday, March 5, 4:00PM – 5:15PM: Location, Location, Location: What Rights Should we Have Against Pervasive Location Tracking? featuring Senior Staff Attorney, Jennifer Lynch and Senior Staff Technologist, Seth Schoen

Aside from the aforementioned events, many members of the EFF staff will be attending RightsCon so be sure to say “hello!”

Click here to find the complete RightsCon program schedule.

Share this:   ||  Join EFF

Two New Decisions Strengthen Cell Phone Privacy in Texas and Washington

Fri, Feb 28 2014 19:43 -0400

On back-to-back days this week, residents in Texas and Washington received some extra legal protection for the contents of their cell phones. These decisions, while only binding on law enforcement within each respective state, could play an important role on the ongoing debate on cell phone privacy specifically, and applying legal protections against unreasonable searches and seizures to new technologies generally. 

Texas: a cellphone is not like a pair of pants or shoes

First, the Texas Court of Criminal Appeals ruled in State v. Granville that an inmate locked in jail maintained an expectation of privacy in the contents of his cell phone even when the phone was out of his custody and in the control of the jail guards. A Huntsville police officer arrested high-school student Anthony Granville on a misdemeanor charge, and he was locked up in jail. Three hours after his arrest, a different officer than the one who arrested him retrieved Granville's phone from the evidence locker and, without a warrant, looked through the contents of the phone for evidence of an unrelated crime.

The government attempted to justify the search by claiming that, similar to clothing worn by an inmate, once the phone was in the control of the jail officials, Granville no longer had any expectation of privacy in its contents. We filed an amicus brief explaining that a cell phone really isn't anything like a pair of pants given the immense amount of data stored on the phone, meaning that police needed to get a warrant to search it. The high court agreed with us, with Judge Cathy Cochran writing unequivocally:

[W]e conclude, as did the court of appeals, that a cell phone is not like a pair of pants or a shoe. Given modern technology and the incredible amount of personal information stored and accessible on a cell phone, we hold that a citizen does not lose his reasonable expectation of privacy in the contents of his cell phone merely because that cell phone is being stored in a jail property room.

Washington: A text message is like a phone call or letter

The next day, the Washington Supreme Court issued a pair of decisions in State v. Hinton and State v. Roden finding that police violated state law when, after seizing a cell phone from a suspect during a drug investigation, it monitored and responded to incoming text messages, arranging drug deals with defendants Hinton and Roden.

The state argued that neither Shawn Hinton or Jonathan Roden had an expectation of privacy in the text messages once they were sent to someone else's phone. Instead, the state argued both men had assumed the risk that their messages could be intercepted by someone else or that the person they thought they were communicating with was really someone else. EFF filed amicus briefs in both cases, explaining that the society's expectation that police won't intercept their phone calls or postal letters extends to the 21st century equivalent, the text message. The court agreed, ruling that police were unauthorized to intercept the conversation, noting that 

unlike letters, which are generally delivered to the home where they remain protected from intrusion, text messages are delivered to a recipient's cell phone instantaneously and remain susceptible to exposure because of a cell phone's mobility. Just as subjecting a letter to potential interception while in transit does not extinguish a sender's privacy interest in its contents, neither does subjecting a text communication to the possibility of exposure on someone else's phone.

Cell phone privacy spreading across the country

These decisions come at a time when cell phone privacy is a hot topic in courts across the country and hopefully the strides made in Texas and Washington will be felt elsewhere. State courts are taking a more aggressive approach to safeguarding privacy than federal courts, especially when it comes to law enforcement searching and tracking cell phones. Last week, the Massachusetts Supreme Judicial Court ruled that police needed a search warrant to obtain historical cell site records from a cell phone provider. New Jersey's Supreme Court reached the same result last year. The Rhode Island Supreme Court heard argument in early February in State v. Patino, a case similar to Hinton and Roden, that involves whether a person has an expectation of privacy in text messages found on someone else's phone. State legislatures have been active too, with Maine and Montana passing legislation last year protecting cell phone location data, and Maryland and Wisconsin considering similar legislation this year. This week's decisions could also go a long way to bringing the law into the 21st century. 

Most importantly, the topic of cell phone privacy will shortly be before the U.S. Supreme Court, which is considering two cases this term on whether police can search a person's cell phone incident to their arrest. The U.S. Supreme Court would be wise to follow the lead of Texas and Washington. This week's decisions both appreciated the breadth of data stored on a cell phone meant it was foolish to analogize to physical items like a pair of pants or old cases involving antiquated technologies. They rejected the false notion that the mere act of exposing a phone or text message to someone else gives the government free reign to intrude and search through the reams of data on a cell phone. Hopefully the U.S. Supreme Court will make the same conclusions, ensuring that the right to privacy in a cell phone isn't just a local right but a national one.

Related Issues: PrivacySearch Incident to ArrestRelated Cases: Washington state text message privacy casesState v. PatinoState v. Granville
Share this:   ||  Join EFF

EFF Asks For Court Records On Warner Brothers' Robo-Takedowns, As Congress Gets Ready To Hear Testimony About Copyright Enforcement Systems

Fri, Feb 28 2014 18:10 -0400

This week, EFF asked a federal court in Florida to unseal records from the Disney v. Hotfile case describing Warner Brothers' system for sending takedown notices to websites. Warner, and the other plaintiffs in the case, want that information kept secret forever. But Congress is asking for input about the notice-and-takedown system created by the Digital Millennium Copyright Act, and a hearing is coming up soon. The Patent and Trademark Office is also holding public meetings on the DMCA. It'll be harder for the public to get involved in these conversations without knowing some basic information about how big copyright holders like Warner decide which files to target for takedowns. And copyright holders can't design their systems to comply with the law if basic parts of the court decisions that interpret the law are kept secret. That's why EFF asked the court to unseal these records.

Under the DMCA, copyright holders or their agents can send notices to Internet sites, declaring that some material posted by users infringes their copyright. The Internet site then has a legal incentive to take the material down, to avoid liability.(In practice, most sites respond to every DMCA notice by taking down the targeted content, even when the notices are improper.) Warner, like some other large media companies, uses some combination of web-crawling search robots and human review to find files that it claims are infringing its copyright, and then sending takedown notices to the sites that host the files.

Hotfile was a file-hosting site (a "cyberlocker") that was sued in 2011 by five major movie studios, including Warner Brothers. The studios claimed that Hotfile wasn't protected by the DMCA, and should be held responsible when Hotfile users posted infringing video files. Hotfile had set up a special Web interface for Warner to send takedown notices. Warner designed a system that apparently used robots to crawl through indexes of Hotfile content looking for movie files.

We don't know how Warner's robots work, or what they are programmed to look for. Warner claims it didn't entrust all of the copyright decisions to software, and there was some human review involved. But Hotfile accused Warner of using its system to take down files that merely had the same name as a Warner movie - even files that weren't video. And Hotfile also claimed that Warner was taking down copies of a free and open source program called JDownloader that Warner had no rights in, but simply didn't want the public to have. Judge Kathleen M. Williams looked at the evidence behind these accusations, and concluded that Warner might be liable under Section 512(f) of the DMCA. That section, which is also the basis of Stephanie Lenz's suit against Universal Music, prohibits copyright holders from sending takedowns without having a basis for believing that the material is infringing.

The court's decision meant that a jury could decide whether Warner was liable. But the parties settled on the eve of trial in November, and Hotfile shut down.

Judge Williams's decision was encouraging, but mysterious – we don’t get to see evidence of how Warner's system works and which of its improper DMCA takedown notices gave rise to liability. So we know that Warner may have crossed a line, but not how or why. Without seeing the facts that went into Judge WIlliams's decision, it doesn't help people design takedown systems that comply with the law, and it doesn't help anyone make informed arguments about the DMCA when Congress takes it up.

We can't do without informed debate. The House Judiciary Committee may hold a hearing on DMCA takedowns in early March. Lawmakers need to hear about how well the system is actually working, and whether it protects Internet users against having their speech curtailed by takedown-bots or overzealous and poorly trained reviewers. Actual data about major DMCA users like Warner is vital.

The courts are public institutions, and their proceedings should be open to the public as much as possible, according to our legal traditions and the First Amendment. We hope the Florida court will open its records on this this important issue.

var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22//www.youtube-nocookie.com/embed/iLbfcJgcnyc?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22369%22 width=%22650%22%3E%3C/iframe%3E'; Related Issues: Fair Use and Intellectual Property: Defending the BalanceDMCARelated Cases: Disney v. Hotfile
Share this:   ||  Join EFF

Change the Future of Copyright in Europe—Submit Your Comments to the European Commission

Thu, Feb 27 2014 21:37 -0400

Tell Europe your views on CopyrightThe European Commission's open consultation on copyright ends in less than a week on Mar. 5. It's a rare and important opportunity for anyone who uses the Internet— whether you are a student or artists, librarian or entrepreneur— to influence the future of innovation policy in the region.

The 80 question "Public Consultation on the Review of the EU Copyright Rules" can be dizzying to tackle on its own, but there are several easy-to-use platforms that can help anyone with navigating the survey.

How to Submit Your Own Comments
  • Let's Fix EU Copyright! — Choose from a list of categories that best describe you, and this site will give you a list of questions that may be relevant to your interests.
  • Copywrongs.eu — Pick from a variety of activities and statements about your experience with copyright, and this site will select related questions for you to answer.
  • Webform: Public Consultation on the review of the EU copyright rules — Use this form if you would like to answer any of the 80 questions. As you answer the questions, you can read other organizations' answers. When you're done, you can download your comments as a text document, and a pop-up will provide you with the address to email it to the European Commission.
  • Tell Europe your views on Copyright — Open Rights Group in the UK has highlighted four pressing questions affecting users. Use this platform to submit your responses.
  • Przyszłość Prawa Autorskiego Konsultacje Europejskie —Modern Poland Foundation has created this platform to make it easy for Polish speakers to submit comments. You can answer one open-ended question about copyright, the 12 they have highlighted, or all 80 questions.
Submission and Guides from Other Organizations

Digital rights organizations across the EU have submitted their own comments, addressing a wide range of restrictive copyright policies that afflict Internet users across the region. You can check out these various replies below:

Related Issues: Fair Use and Intellectual Property: Defending the BalanceInternationalEFF Europe
Share this:   ||  Join EFF

Export regulations on communication and educational technologies loosen for some sanctioned countries and not others—what gives?

Thu, Feb 27 2014 20:01 -0400

With Coursera lifting restrictions for users of its online educational courses in Syria, but upholding restrictions for users in the sanctioned countries of Cuba, Iran, and Sudan, the need for streamlined communication technology policies for countries sanctioned by the U.S. is more necessary than ever.

Cuba, Syria, Sudan, North Korea, and Iran are all currently under heavy U.S. sanctions, which have a negative impact on what communications technologies individuals in these countries can access and use.  EFF believes that all individuals should have the right to access technologies that facilitate communications.  And the U.S. government recognizes the need to modify outdated sanctions that restrict vital communications and educational technologies from citizens living in U.S.-sanctioned countries. So what’s the problem? 

The problem is that the U.S. government’s piecemeal approach to updating these sanctions is largely reactionary and ultimately prioritizes certain countries over others for reasons that are, to put it charitably, hard to discern.

For example, Iran recently received some relief.  According to an article published by the Open Technology Institute, “the Treasury Department’s Office of Foreign Assets Control (OFAC) issued a revised General License D for Iran, clarifying a number of outstanding questions about the original license authorizing the export of hardware, software, and services that enable personal communications. The new General License D-1 replaces the May 2013 General License D, which allows companies to offer laptops, cell phones, anti-virus software, secure chat, and other tools to Iran despite comprehensive U.S. sanctions.”

So good for Iran, but why only them? Unfortunately, attempts by the Treasury and State Departments to clarify and reissue licenses in order to ameliorate confusing or unclear wording for licenses belonging to one sanctioned country leave citizens of other countries rightfully wondering why they don't receive similar treatment. OFAC never provides the basis for these relaxations, adding to the sense of unfairness.

Furthermore, even as the U.S. revises some sanctions regimes in favor of free flow of information, the disjointed way this occurs leaves many U.S. companies on the defensive—since the rules change depending on the recipient country and the penalties are so severe, companies overblock or otherwise restrict access to their products and services in order to protect themselves from liability. So the relaxation of sanctions doesn't even help those who it is intended to help.  As OTI points out: “The Treasury and State Departments have previously struggled to entice U.S. companies to take advantage of existing authorizations, despite four attempts to revise and expand them since 2009.”

To fix this, the U.S. should stop the piecemeal.  Any modifications to sanctions should make it easier for American companies to confidently comply with them and these modifications should apply to all sanctioned countries.  They are begging for it.

Sudanese activist and blogger Dalia Haj-Omar says that the Internet is "the only platform for free civic engagement in Sudan." Meanwhile, an article on AllAfrica.com states: "This is an appeal to empower Sudanese citizens through improved access to ICTs so that they can be more proactive on issues linked to democratic transformation, humanitarian assistance and technology education -- an appeal to make the sanctions smarter."

It’s not just Sudan. Dr. Mahmud Angrini, a Syrian doctor who claims to have taken more than 20 Coursera classes so far, wrote in an email recently to Global Voices: “It's a shame for [the U.S.] to share the Syrian regime in his collective punishment against the Syrian people. Education is an essential part of the humanitarian aid that my people deserve, and now after this decision, we lost one of the last resorts that some Syrians were depending on to continue their learning. Please, if you can, let my voice reaches those who deprived us even from our simplest rights.”

Similarly, a recent piece published on Medium describes the harm being caused to Iranians by technology sanctions.

The U.S. government needs to recognize that U.S. sanctions on communication technology, especially in the piecemeal way they are being handled, are currently causing more harm than good. They need to give clear, unequivocal green light to U.S. companies that are helping people to communicate online, regardless of where they happen to live.


var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22//www.youtube-nocookie.com/embed/iLbfcJgcnyc?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22369%22 width=%22650%22%3E%3C/iframe%3E'; Related Issues: Free SpeechInnovationInternational
Share this:   ||  Join EFF

Back to top