Aegean Associates, Inc.
5 The Strand, New Castle, Delaware 19720 (USA)
Reported on:
Tue, Mar 11 2014 07:51 -0400
Update, January 2014: Polls continue to confirm the trend. In a poll conducted in December 2013 by the Washington Post, 66% of Americans were concerned "about the collection and use of [their] personal information by the National Security Agency." Americans aren't only concerned about the collection. A recent Pew poll found—yet again—that a majority of Americans oppose the government's collection of phone and Internet data as a part of anti-terrorism efforts.
Since Americans are both concerned with, and opposed to, the spying, it's no surprise that they also want reform. In a November 2013 poll by Anzalone Liszt Grove Research,1 59% of respondents noted that they wanted surveillance reform and 63% said they wanted more oversight of the spying programs. While these polls focused on the larger population of Americans, a Harvard University Insitute of Politics poll focusing on younger Americans (aged 18-29 years old) reaffirmed younger Americans are both wary of the NSA's activities and that a majority do not want the government to collect personal information about them.
Shortly after the June leaks, numerous polls asked the American people if they approved or disapproved of the NSA spying, which includes collecting telephone records using Section 215 of the Patriot Act and collecting phone calls and emails using Section 702 of the Foreign Intelligence Surveillance Act. The answer then was a resounding no, and new polls released in August and September clearly show Americans' increasing concern about privacy has continued.
Since July, many of the polls not only confirm the American people think the NSA's actions violates their privacy, but think the surveillance should be stopped. For instance in an AP poll, nearly 60 percent of Americans said they oppose the NSA collecting data about their telephone and Internet usage. In another national poll by the Washington Post and ABC News, 74 percent of respondents said the NSA's spying intrudes on their privacy rights. This majority should come as no surprise, as we've seen a sea change in opinion polls on privacy since the Edward Snowden revelations started in June.
What's also important is that it crosses political party lines. The Washington Post/ABC News poll found 70 percent of Democrats and 77 percent of Republicans believe the NSA’s spying programs intrude on their privacy rights. This change is significant, showing that privacy is a bipartisan issue. In 2006, a similar question found only 50 percent of Republicans thought the government intruded on their privacy rights.
Americans also continue their skepticism of the federal government and its inability to conduct proper oversight. In a recent poll, Rasmusson—though sometimes known for push polling—revealed that there's been a 30 percent increase in people who believe it is now more likely that the government will monitor their phone calls. Maybe even more significant is that this skepticism carries over into whether or not Americans believe the government's claim that it "robustly oversees" the NSA's programs. In a Huffpost/You Gov poll, 53 percent of respondents said they think "the federal courts and rules put in place by Congress" do not provide "adequate oversight." Only 18 percent of people agreed with the statement.
Americans seem to be waking up from its surveillance state slumber as the leaks around the illegal and unconstitutional NSA spying continue. The anger Americans—especially younger Americans—have around the NSA spying is starting to show. President Obama has seen a 14-point swing in his approval and disapproval rating among voters aged 18-29 after the NSA spying.
These recent round of polls confirm that Americans are not only concerned with the fact that the spying infringes their privacy, but also that they want the spying to stop. And this is even more so for younger Americans. Now is the time for Congress to act: join the StopWatching.Us coalition.
As encryption has become more prevalent in online communications as a countermeasure against surveillance, attackers have sought to circumvent these measures by covertly installing malware on targeted computers that can log keystrokes, remotely spy on users with their own webcams, record Skype calls, and listen in on the computer’s built-in microphone. Sometimes the attacker is a criminal, such as the hacker who used a remote access tool (RAT) to take blackmail photos of Miss Teen USA. Sometimes the attacker is acting in support of a state, like the pro-Assad hackers whose malware campaigns against opposition supporters EFF has been tracking for the last two years. Sometimes the attacker is the government or a law enforcement agency. For example, the NSA’s Tailored Access Operations unit uses covertly-installed malware to spy on targets.
Malware is a tool that most states have their toolbox, and Vietnam is no exception. For the last several years, the communist government of Vietnam has used malware and RATs to spy on journalists, activists, dissidents, and bloggers, while it cracks down on dissent. Vietnam’s Internet spying campaign dates back to at least March 2010, when engineers at Google discovered malware broadly targeting Vietnamese computer users. The infected machines were used to spy on their owners as well as participating in DDoS attacks against dissident websites. The Vietnamese government has cracked down sharply on anti-government bloggers, who represent the country’s only independent press. It is currently holding 18 bloggers and journalists, 14 from a year earlier, according to a report issued by the Committee to Protect Journalists in 2013.
EFF has written extensively about the worsening situation for bloggers in Vietnam, supporting campaigns to free high-profile bloggers such as Le Quoc Quan and Dieu Cay, and criticizing Vietnam’s Internet censorship bill. This report will analyze malware targeting EFF's own staff, as well as a well-known Vietnamese mathematician, a Vietnamese pro-democracy activist, and a Vietnam-based journalist at the Associated Press.
A Campaign Targeting EFF and Associated PressWe will begin with the attack targeting EFF staffers. This marks the first time we have detected a targeted malware attack against our organization by what appear to be state-aligned actors.
On December 20th, 2013, two EFF staffers received an email from “Andrew Oxfam,” inviting them to an “Asia Conference,” and inviting them to click on a pair of links which were supposed to contain information about the conference and the invitation itself. These links were especially suspicious because they were not hosted on Oxfam’s domain, but instead directed the invitee to a page hosted on Google Drive, seen below. In addition, this email contained two attachments purporting to be invitations to the conference.
This targeting is especially interesting because it demonstrates some understanding of what motivates activists. Just as journalists are tempted to open documents promising tales of scandal, and Syrian opposition supporters are tempted to open documents pertaining to abuses by the Assad regime, human rights activists are interested in invitations to conferences. For greater verisimilitude, the attacker should have included an offer to pay for flights and hotels.
Both attachments are the same:
351813270729b78fb2fe33be9c57fcd6f3828576171c7f404ed53af77cd91206 Invitation.hta
351813270729b78fb2fe33be9c57fcd6f3828576171c7f404ed53af77cd91206 Location.hta
The detection rate for this malware is very low, using VirusTotal, we see only one anti-virus vendor out of a possible 47 detecting this as of 19 January 2014.
The same malware was also sent to an Associated Press reporter, masquerading as a Human Rights Watch paper.
In this attack, clicking the link in the email takes the user to the malicious HTML application (.hta) file.
The file meta-data reveals the following information:
Invitation.hta: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Template: Normal, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Mon Nov 19 05:02:00 2012, Last Saved Time/Date: Mon Nov 19 05:02:00 2012, Number of Pages: 3, Number of Words: 395, Number of Characters: 2258, Security: 0
This HTML application contains an encoded executable and also contains a Microsoft Word document named “baviet.doc”:
When the recipient runs the attachment it drops the following files:
C:\Users\admin\AppData\Local\Temp\baiviet.doc
C:\Users\admin\AppData\Local\Temp\xftygv.exe
When "baviet.doc’ is displayed and "xftygv.exe" is run, it causes the following files to be installed:
C:\Program Files\Common Files\microsoft shared\ink\InkObj.dat
C:\Users\admin\AppData\Local\Temp\1959.tmp
C:\Users\admin\AppData\Local\Temp\19A8.tmp
C:\Users\admin\AppData\Local\Temp\1A65.tmp
C:\Users\admin\AppData\Local\Temp\1D72.tmp
C:\Users\admin\AppData\Roaming\HTML Help\help.dat
C:\Users\admin\AppData\Roaming\KuGou7\status.dat
C:\Users\admin\AppData\Roaming\Microsoft\Media Player\PLearnL.DAT
C:\Users\admin\AppData\Roaming\Microsoft\Werfault\WerFault.exe
C:\Windows\Performance\WinSAT\DataStore\Formal.Assessment.WinSAT.xml
C:\Windows\Performance\WinSAT\ShaderCache.vs_3.0
C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.bin
C:\Windows\System32\odbccr64.dll
Several registry changes are made to enable the malicious implant to persist after reboot and the file api-ms-win-core-xstate-l1-1-0.bin is written into the process space of explorer.exe which then instantiates an outbound connection on port 443 to yelp.webhop.org.
At the time of the report, this domain pointed to 62.75.204.91 which hosted the following domains:
tripadvisor.dyndns.info, neuro.dyndns-at-home.com, foursquare.dyndns.tv, wowwiki.dynalias.net, yelp.webhop.org
This has been used as a command and control server for other Vietnamese-affiliated malware:
82f0db740c1a08c9d63c3bb13ddaf72c5183e9a141d3fbd1ffb9446ce5467113 bai viet.hta
9c07d491e4ddcba98c79556c4cf31d9205a5f55445c1c2da563e80940d949356 Unhotien.doc
Examining this malware reveals a relationship to earlier campaigns targeting Vietnamese activists.
Targeting of Vietnamese BloggersIn February of 2013, a Vietnamese blogger and mathematics professor, received the following email:
Like the malware targeting the EFF and the Associated Press, the attachment was an HTML Application. In this case, the attachment was compressed with 7zip.
2fa7ad4736e2bb1d50cbaec625c776cdb6fce0b8eb66035df32764d5a2a18013 Thu moi.7z
extracted:
dd100552f256426ce116c0b1155bcf45902d260d12ae080782cdc7b8f824f6e1 Thu moi.hta
The file meta-data reveals the following information:
Thu moi.hta: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: pluto, Template: Normal, Last Saved By: pluto, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 07:00, Create Time/Date: Thu Mar 1 05:02:00 2012, Last Saved Time/Date: Thu Jan 24 09:28:00 2013, Number of Pages: 3, Number of Words: 277, Number of Characters: 1584, Security: 0
As with the EFF and AP attacks, the HTML application contains an encoded executable ( “zzpauvooos.exe”) and a document (“Doc loi.doc”).
Running “Thu moi.hta” displays “Doc loi.doc” and also drops the following files:
C:\Users\admin\AppData\Local\Temp\Doc loi.doc
C:\Users\admin\AppData\Local\Temp\zzpauvooos.exe
When "‘zzpauvooos.exe" is run, it drops the following file:
C:\Users\admin\AppData\Local\Temp\C947.tmp
And then following command is run:
"C:\Users\admin\AppData\Local\Temp\C947.tmp" --helpC:\Users\admin\AppData\Local\Temp\zzpauvooos.exe D1DF15E4D714BFDB764ECF92AE709D14BCA3E0E6C759CF7C675BE26D0296A63C3B147110AC79543CC31527651D66787152102A66C33710233BD64912707D4E60
Then the following files are dropped onto the system and the original executable is deleted:
C:\Users\admin\AppData\Roaming\Common Files\defrag.exe
C:\Users\admin\AppData\Roaming\Identities\{116380ff-9f6a-4a90-9319-89ee4f513542}\disk1.img
C:\Windows\Tasks\ScheduledDefrag.job
C:\Windows\Tasks\ScheduledDefrag_admin.job
Values are inserted into the Windows registry for persistence and the main implant, disk1.img, contacts the remote command and control domain, static.jg7.org, on port 443/tcp.
A prominent Vietnamese pro-democracy blogger living in California was successfully targeted by this attack, which led to the compromise of her blog and the invasion of her private life.
The group behind these attacks appears to have been operating since late 2009, and has been very active in the targeting of Vietnamese dissidents, people writing on Vietnam, and the Vietnamese diaspora. The appears to be the work of a group commonly known as “Sinh Tử Lệnh” and while it has been anecdotally claimed to be the work of Chinese actors, it seems to be more likely the work of Vietnamese targeting Vietnamese.
EFF is greatly disturbed to see targeted malware campaigns hitting so close to home. While it is clear that this group has been targeted members of the Vietnamese diaspora for some time, these campaigns indicate that journalists and US activists are also under attack. And while longtime activists and journalists might expect to be targeted by a state they regularly criticize, it appears that a single blog post is enough to make you a target for Vietnamese spying.
Related Issues: Bloggers Under FireInternationalPrivacySecurityState-Sponsored MalwareIn the week leading up the two-year anniversary of the SOPA blackout protests, EFF and others are talking about key principles that should guide copyright policy. Every day, we'll take on a different piece, exploring what’s at stake and and what we need to do to make sure the law promotes creativity and innovation. We've put together a page where you can read and endorse the principles yourself. Let's send a message to DC, Hollywood, Silicon Valley, Brussels, and wherever else folks are making new copyright rules: We're from the Internet, and we're here to help.
Defenders of the arts and media have long been some of the staunchest defenders of free speech. That's partly why media executives and lobbyists reacted so bitterly to the millions of people who stood up two years ago to say that the SOPA and PIPA bills would have created a new form of censorship. What was probably going through their heads was, how could the heirs of the Hollywood Ten, who faced persecution from the U.S. government for expressing themselves in film, ever become the censors?
It's hard to look in the mirror and see what you fear. It's easier to deny it or try to explain it away. That's why many supporters of ever-more-restrictive copyright law insist so emphatically that copyright never suppresses speech. Copyright rewards and enables speech, they say, therefore it cannot be a tool of censorship.
This is a little like saying that because X-rays are used to treat cancer, they can never cause cancer. Of course, X-rays can both treat cancer and cause it, depending on the dose and accurate targeting. Copyright is likewise: well-crafted, appropriately limited, it may reward and strengthen creativity. Applied carelessly and indiscriminately, it punishes and suppresses creativity.
In the American legal tradition, there are only a few narrow categories of self-expression that are not protected by the First Amendment's guarantee of free speech, and those categories are not permitted to grow. Yet when the mouthpieces of Big Media insist that our guarantees of free speech do not limit the scope of copyright law, they are inviting the creep of censorship that so many creative people have fought against. It's dangerous to treat copyright as a special exception to free speech, no matter how passionate and heartfelt the cries of "piracy!" Those who would use the law to silence speech that they call libel, sedition, blasphemy, hateful, hurtful, disquieting all make passionate cases for why they need special treatment. They argue that suppressing "bad" speech promotes harmony, order, happiness, and even prevents violence, arguably the most important function of any government (not that censorship actually prevents violence, but that's the argument and it's appealing to many). Copyright is no different. The Russian government has used claims of copyright infringement to silence the independent press. People the world over misuse the U.S. Digital Millennium Copyright Act to make others' political viewpoints disappear.
Big Media wants to claim the power to say what can be on the Internet and what can't, whether through SOPA, domain seizures, or "voluntary" arrangements with Internet gatekeepers. That's the power of censorship whether you call it copyright or not. Censorship is about deciding who can speak, and what people can hear. Government shouldn't have that power, and large corporations with the ear of governments shouldn't have it either. Claiming special privileges to control what people see and hear is what dictators do.
Copyright is, and must be, constrained by free speech. The Supreme Court has said that fair use is a vital safeguard for the First Amendment's guarantee of free speech. That means that when the protection of fair use is taken away, through abuse of DMCA takedowns, by litigation costs, the threat of ruinous legal penalties, or through the use of digital locks (DRM) backed by still more penalties, our freedom of speech suffers. People are threatened with lawsuits or even locked up for speaking about their academic work. Political commentaries are made to disappear in the midst of election season. Artists whose work challenges the messages of popular media are commanded to advertise the very companies they criticize. All of these are violations of the freedom of speech, enabled and perpetuated by copyright.
The only way for Big Media and its apologists to maintain their insistence that copyright is never an instrument of censorship is to deny or trivialize these abuses. Often it takes the form of implying that amateur artwork, work shared with the world on platforms like YouTube, and works of remix are inferior, and that only music from an established label, books with a major publisher, movies in wide cinematic release - or other works by a self-crowned elite class of "creators" - is worth the full protection of the law. The defense of free speech, by the historic champions of the First Amendment, devolves into crass artistic snobbery. Thus the MPAA defends the right to make fair use of a copyrighted Baltimore Ravens emblem in movies by the major studios, while TV studios try to sue the Internet video platforms used by tomorrow's filmmakers out of existence. Free speech for me, but not for thee.
But these free speech elitists can't deny the powerful visual commentary of video remixers like Jonathan McIntosh, the cultural influence of "unauthorized" music blogs like dajaz1.com, or the way that fan fiction gives marginalized communities a way to "talk back" to mainstream culture. And the protections of the First Amendment (and of copyright) don't vary based on artistic merit to begin with.
It really can't be denied: while copyright may encourage and reward some speech, overbroad and abusive copyright law tramples on the freedom of speech—for everyone.
Major media companies, large and powerful Hollywood studios and their legions of lobbyists, venerable publishing houses, and major-label musicians should be the natural allies of all people who fight for freedom of speech, as this fight has been part of their historic role since long before there was an Internet. But copyright remains the blind spot in their commitment to free speech, turning the enemies of censorship into the censors. And that's a truth we need to remind our politicians and policymakers about whenever copyright is on the agenda.
Related Issues: Fair Use and Intellectual Property: Defending the BalanceIn the week leading up the two-year anniversary of the SOPA blackout protests, EFF and others are talking about key principles that should guide copyright policy. Every day, we'll take on a different piece, exploring what’s at stake and what we need to do to make sure the law promotes creativity and innovation. We've put together a page where you can read and endorse the principles yourself. Let's send a message to DC, Hollywood, Silicon Valley, Brussels, and wherever else folks are making new copyright rules: We're from the Internet, and we're here to help.
Today is Internet Freedom Day, the second anniversary of the Internet Blackout that derailed the SOPA/PIPA train. It’s also the culmination of Copyright Week, a week devoted to thinking out loud about how to get copyright right. At EFF, we’ve been tremendously impressed by the criticism and commentary we’ve seen this week about copyrights, copywrongs, the user rights that are still under threat, and how we can best protect them. It’s collected here.
The upshot: The Internet Blackout helped win a crucial battle. Now it’s time to start winning the war. Fortunately, history, technology, and common sense are on our side.
Step one is to make clear that we are not standing down. In the wake of the Internet Blackout, copyright maximalists did their level best to characterize the millions of Internet users who took part as misled and misinformed, more concerned about free stuff than a free Internet, perfectly happy to do whatever Google tells them to do.
We know what really happened. We know that the Blackout expressed the unwavering opposition of a broad coalition of public interest groups, technologists, academics, technology companies (big and small), archivists, authors, artists, musicians, bloggers, and just plain concerned citizens, all of whom correctly saw a grave danger to the future of the Internet. Together, we reminded the U.S. Congress who it works for. We sent an unmistakable message that laws affecting all of us can't be made in a backroom by insiders bearing campaign cash, whether those insiders represent Hollywood or Silicon Valley. We not only took back the democratic process, we dragged it into the 21st century. And we’re not going away.
Step two is to be very clear about what we’re fighting for. For most of us, the goal is not to eliminate copyright altogether or make enforcement impossible, or whatever other cliché the maximalists want to pin on us. The goal is to reintroduce a sense of balance, fairness and rationality, so that copyright can once again serve its purpose under the U.S. Constitution: to promote creativity and innovation.
Insane copyright terms; excessive and unpredictable penalties; laws that punish people for hacking the DRM on their devices in order to repair them, make them work better and fix security flaws—or even talk about it in public; lawsuits that try to stifle new and useful products that enable fair uses; government seizures of blogs that mistakenly include a few infringing links; proposals to force intermediaries to police (and therefore monitor) user-generated content—none of these things serve copyright’s purpose. Here’s what does: sane limits and thoughtful enforcement policies, developed through a transparent and democratic process, based on real evidence of costs and benefits. Policies that take it as a given that a free and open Internet is essential to copyright’s purpose and must not be sacrificed at the altar of copyright enforcement. If that strikes you as radical, with all due respect maybe you are the one who is misled and misinformed. Let's talk.
For the rest of us, consider this a call to arms: it’s time to take back copyright. Want to know what you can do right now? Visit the Copyright Week website for a collection of actions you can take on a variety of issues, and information about why you should. Endorse the Copyright Principles. And stay tuned: we’re just getting started.
Related Issues: Defend Your Right to Repair!DMCANo Downtime for Free SpeechSOPA/PIPA: Internet Blacklist LegislationTerms Of (Ab)UseFree SpeechInnovationDRMOpen AccessTrans-Pacific Partnership AgreementDigital BooksSearch EnginesTransparencyIn the week leading up the two-year anniversary of the SOPA blackout protests, EFF and others are talking about key principles that should guide copyright policy. Every day, we'll take on a different piece, exploring what’s at stake and what we need to do to make sure the law promotes creativity and innovation. We've put together a page where you can read and endorse the principles yourself. Let's send a message to DC, Hollywood, Silicon Valley, Brussels, and wherever else folks are making new copyright rules: We're from the Internet, and we're here to help.
People sometimes treat copyright law as though it's a fixed constant in the universe, like gravity. First the Earth cooled, then the dinosaurs came, and then we got copyright. But that's not the case at all, and it's important to remember this when we think about what's gone wrong with the law and how to make it right. Copyright is a relatively recent invention, born out of a particular cultural background and designed to solve a specific problem at a particular point in history. While we might continue to value what it purports to do we aren't slaves to its precepts: when copyright law no longer ably solves the original problem, or, indeed, when it creates new ones, we need not wring our hands in frustrated woe. If a law has turned into something that no longer works for us then we should feel free to come up with something else that does.
In order to figure out how to move forward it helps to look to the past. Copyright as we know it is only a few hundred years old. It traces its roots to the "Statute of Anne," a law passed in the early 18th Century England to replace an earlier law that gave the government complete control over everything that was published. Naturally this earlier law led to a great deal of censorship, and the push for democratic reform near the end of the 17th Century led to demands that it be changed to something less stifling to the marketplace of ideas.
The result was the Statute of Anne, a law described as "[a]n Act for the Encouragement of Learning." While the law it replaced had been designed to limit what knowledge was available to the public by giving permission to publish to just a few publishers approved by the king, this new law was designed to stimulate the dissemination of knowledge by giving everyone the ability to control how what they wrote was published themselves.
The statute did this by granting authors a "copy right" so that they could have first crack at exploiting the market for the works they created and not be at the mercy of publishers who might otherwise help themselves to these works and keep all the profit for themselves. A common rationale for copyright is that people won't create if it won't ever be worth their while to, so if we want to make sure we do get a lot of creative output we need a system that makes it at least theoretically economically viable to create.
But as we look at our modern copyright law, the distant progeny of the Statute of Anne, it is worth questioning the assumptions wrapped up in it. For one thing, it's worth questioning whether and to what extent people create only when there is a profit motive. The reality is people create all the time, even when there's no guarantee or expectation of ever being paid for it, and often these works can be just as good, if not better, than the ones created by people who are being paid. Furthermore, despite what some advocates for stricter copyright law suggest, copyright has never been a promise of financial success. In fact it's sometimes been a barrier to it, and there are many authors and artists whose influence and commercial appeal took off only after the copyrights on their works had expired and the public could finally get affordable access to them.
It's also important to recognize that the Statute of Anne sought to achieve its stated goal of encouraging learning in a way that very much reflected the Western European tradition of disseminating knowledge through the written word, and in response to the monopolistic power publishers had at the time to be gatekeepers over that knowledge. But it's not the only way to skin this particular cat: in other parts of the world oral traditions and norms that encourage copying have allowed cultures to flourish in their own local idiom, without the need for copyright. So when we think about this law we need to recognize how much it reflects the unique time and place from where it arose and not deprive ourselves of the lessons of openness these other approaches teach us. Copyright is not the only solution to promoting the progress of arts and sciences, and it should not be treated as sacrosanct and immune to reform of its increasingly rigid rules, particularly when its current form is no longer reliably achieving its desired end.
The idea behind the Statute of Anne, which was echoed in the US Constitution a few decades later, is that society is better off when it has access to as many works of authorship as possible. But as EFF and many others have described this week, the monopolies copyright law grants have gotten broader in their scope and application, longer in their duration, and ultimately less effective, if not completely counter-productive, in encouraging more creativity and enabling the public's access to the fruits of that creation. The irony is that as a result, like with the period before the Statute of Anne, we find ourselves in a time when government regulation is actually constricting dissemination of knowledge, rather than enhancing it.
But law is not immutable; indeed, the very existence of the Statute of Anne shows how much it can change when it needs to. When, as now, a law no longer fulfills its objectives, it's time to reshape it into something that does. It's time to fix copyright law so that it can finally get the job done that it was always intended to do.
This is a guest post from tech policy attorney Cathy Gellis. You can follow her on Twitter.
Related Issues: Fair Use and Intellectual Property: Defending the BalanceFree SpeechInnovationEarlier today, President Obama announced a series of reforms to address abuses by the National Security Agency. We were heartened to see Obama recognized that the NSA has gone too far in trampling the privacy rights of people worldwide. In his speech, the President ensured that National Security Letters would not come with perpetual gag orders, brought new levels of transparency and fairness to the FISA court, and ended bulk collection of telephone records by the NSA. However, there is still much more to be done.
We’ve put together a scorecard showing how Obama’s announcements stack up against 12 common sense fixes that should be a minimum for reforming NSA surveillance. Each necessary reform was worth 1 point, and we were willing to award partial credit for steps in the right direction. On that scale, President Obama racked up 3.5 points out of a possible 12.
1. Stop mass surveillance of digital communications and communication records.Score: .2
There are three types of mass surveillance that we know about that we were using to evaluate Obama’s promises in this category: surveillance of millions of phone records under Section 215 of the PATRIOT Act; surveillance of Internet communications internationally under Section 702 of the FISA Amendments Act; and surveillance of communications overseas under Executive Order 12333.
In order to score a full point in this category, Obama would have needed to declare that the executive branch would no longer be using any of these authorities to engage in mass surveillance. He tackled only one of these issues somewhat: the surveillance of telephony metadata under Section 215 of the Patriot Act. Specifically, he acknowledged the recommendations of his review group that the government cease to collect and maintain a database of all Americans’ telephone records. He is ending that program, which is laudable. However, he left open the door to having telecom companies or another third party maintain a similar set of mass data, so even as to 215, we could not give him the full ⅓ of the point.
2. Protect the privacy rights of foreigners.Score: .3
All too often, the NSA’s official position is that foreigners—or anybody deemed sufficiently likely to not be a “U.S. person”—are not given any legal protections under surveillance laws. This situation is unacceptable and out of line with international human rights law, as we’ve put forth in our Necessary and Proportionate Principles, now supported by over 300 organizations worldwide. We demanded that individualized targeting be conducted for non-US persons.
Obama nodded a bit to this situation, and proposed that some reforms be made, but did not give real specifics. While he also did not acknowledge any legal obligations, he did recognize a “special obligation” on U.S. intelligence agencies, and specifically called out a new, higher standard on eavesdropping on foreign leaders. But that’s not enough: privacy consideration should not be a privilege afforded only to top officials. Given these small steps forward but ongoing problems, we’ve given Obama .3 points in this category.
3. No data retention mandate.Score: 0
Obama’s review group recommended that the telephone metadata surveillance program be taken away from the government, suggesting that a third party or even telecom companies themselves be responsible for maintaining a searchable list of our calling records. This approach—mandating companies act as Big Brother’s little helper—won’t alleviate the serious privacy concerns with maintaining a digital record of every call we make.
We had hoped that Obama would make clear that he would reject any form of mandatory data retention. Instead, Obama acknowledged some of the concerns with a data retention mandate but called for “options for a new approach that can match the capabilities and fill the gaps that the Section 215 program was designed to address, without the government holding this metadata itself.” He never specifically rejected the idea of forcing companies or a third party to hold this data, and so he does not receive a point in this category.
4. Ban no-review National Security Letters.Score: .5
The President gets half a point here, since he endorsed ending the permanent gag orders that accompany administrative subpoenas known as National Security Letters, under which the FBI can on its own demand information about you from your communications service providers. We still need specifics, and the details really matter—even fixed-length gags would violate the First Amendment, for example, and gags would still need to be approved by courts—but this was a good and necessary step. Obama didn’t get the other half, though, because he did not agree with EFF and his own review panel that NSLs should only issue after judicial approval. Early in 2014, EFF will ask the 9th Circuit Court of Appeals to find, like the District Court for the Northern District of California already did, that the NSL statute is unconstitutional in its current form.
5. Stop undermining Internet security.Score: 0
The NSA’s systematic efforts to weaken and sabotage the encryption and security technology make us all less safe. But in contrast to his review group’s recommendations to stop those practices, Obama was silent on the issue. That silence is disappointing, as this is a critical problem that has not just undermined the privacy of millions around the world, but poisoned our collective trust in institutions that depend most on it. Zero points.
6. Oppose the FISA Improvements Act.Score: 1
The FISA Improvements Act seeks to codify into law the NSA’s controversial and illegal practice of collecting and storing the telephone records of hundreds of millions of Americans. While Obama’s administration had earlier indicated support for the bill, today’s announcement made clear that Obama was not going to support this program going forward and thus was not supporting the FISA Improvements Act. We would have preferred it if Obama had stated clearly that he would veto any bill that attempts to codify mass telephone metadata surveillance, but we felt this was good enough to merit a point.
7. Reject the third party doctrine.Score: 0
The third party doctrine is an outdated and deeply problematic legal theory that wipes out many of the privacy protections we could otherwise enjoy. It’s the shaky foundation on which some of the most invasive programs by the NSA and other law enforcement agencies rest. Obama should have said that we have a reasonable expectation of privacy in data even though we’ve trusted third party service providers with it—instead, he was silent on the issue.
8. Provide a full public accounting of our surveillance apparatus.Score: .5
In our criteria, we asked that Obama “appoint an independent committee to give a full public accounting of surveillance programs that impact non-suspects around the world” and that this committee “directly engage whistleblowers like Thomas Drake, William Binney, Edward Snowden and others, and include independent technological experts.” For this category, we awarded Obama with a half point because he did appoint his counsel, John Podesta, to lead “a comprehensive review of big data and privacy.” However, it remains to be seen whether this committee will actually provide a full public accounting or engage with the whistleblowers who have much to contribute.
9. Embrace meaningful transparency reform.Score: 0
Fundamental to all of the problems surrounding NSA spying is the fact that the government’s notorious secrecy shields it from any sort of meaningful oversight or accountability. This appears, among other places, in the overclassification of documents that should not actually be secret, in the executive branch’s ruthless campaign against whistleblowers, and in its continued abuse of the “state secrets” privilege in the courtroom. Obama could have announced changes to these secrecy standards, embracing transparency as a default, and making some good on his now laughable election promise to be “the most transparent administration in history.” Instead we got nothing.
10. Reform the FISA court.Score: 1
We gave Obama a full point for these reforms, since he embraced both independent advocates for the FISA court and an annual process of review of FISC decisions for declassification. While we would like the review to be more current, and there is much to be done to ensure that the independent advocacy panel has a real, unfettered role, Obama’s announcement indicated a good direction on both.
11. Protect national security whistleblowers.Score: 0
Obama was clear: “One thing I’m certain of, this debate will make us stronger.” And there is little question that this debate would not have happened without the evidence brought to light by Snowden and other whistleblowers. It might seem that Obama would have some recognition that, but for these individuals, we would not be having this important debate.
Sadly, Obama’s speech today gave no indication of a change in strategy in his administration’s war on whistleblowers. If Obama welcomes this debate, he should stop his attack on the people who have risked so much to help make it happen.
12. Give criminal defendants all surveillance evidence.Score: 0
It’s a cornerstone of our justice system that the accused have the right to see all the evidence against them. That made it very alarming when we learned that the NSA was collecting intelligence and then laundering it into criminal investigations by the Drug Enforcement Agency and other law enforcement groups. This practice conflicts with the protections enshrined in the Fifth and Sixth amendments, and should be stopped immediately. While Attorney General Holder has promised to review the cases, the Administration has not promised to ensure that everyone whose information was shared with law enforcement agencies by the NSA ultimately gets notice. Obama didn’t mention this necessary measure in his speech, and gets no points.
Related Issues: NSA SpyingPresident Barack Obama delivered a speech this morning on proposed reforms to the NSA’s mass surveillance program. To help illustrate what human rights and other organizations around the world are saying internationally, we have highlighted some excerpts that raise awareness of the need to protect the privacy rights of everyone everywhere, regardless of national boundaries:
Cindy Cohn, legal director of the Electronic Frontier Foundation:
”Mass non-targeted surveillance violates international human rights law. It is disproportionate because it sweeps up the communications and communications records of million of innocent people first and only sorts out second what is actually needed. Obama’s reforms take a step forward in recognizing that foreigners deserve at least some privacy, but to be consistent with the rule of law, the NSA must be forbidden from engaging in mass, untargeted surveillance in the U.S. or abroad.”
Steven W. Hawkins, executive director of Amnesty International USA:
"The big picture takeaway from today's speech is that the right to privacy remains under grave threat both here at home and around the world. President Obama's recognition of the need to safeguard the privacy of people around the world is significant, but insufficient to end serious global concern over mass surveillance, which by its very nature constitutes abuse.”
Simon Davies, global privacy advocate, Privacy Surgeon. Former Director General of Privacy International:
US privacy advocates are right to conditionally welcome some of Obama’s reforms, but they should take into account two critically important implications that the President avoided. The first of these is the NSA’s intimate operational partnership with Britain’s SIGINT agency, GCHQ. Nothing in his reform package indicates a brake on the current arrangements which allow GCHQ to collect information on US persons. The second key element is that the proposals appear to merely shift the current collection and retention of metadata from a centralised NSA operation to more of a European-style communications data arrangement that requires commercial entities to maintain a distributed retention. That arrangement in Europe has been deemed unlawful, but there is every chance the US will adopt it. All things considered, the prospects for genuine intelligence reform at the global level are more bleak than they were 24 hours ago.
Tamir Israel, staff lawyer at the Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic:
“The Obama administration deserves credit for recognizing in principle the importance of protecting foreigners' privacy rights. Unfortunately, this recognition in principle is unhelpful, as the President's Directive leaves the U.S. foreign intelligence apparatus' capacity to indiscriminately spy on all the activities of all foreigners all the time largely untouched.”
Carly Nyst, legal director of Privacy International:
"The reforms proposed by President Obama fundamentally ignore those who are spied on simply because they don't have an American passport. We need genuine, effective changes that account for the way the world now communicates. Secret international intelligence-sharing arrangements must come to an end and human rights must be properly guaranteed to humans, not just American citizens."
Brett Solomon, executive director at Access:
“The human right to privacy is universal. The rights of persons outside of the United States are as fundamental as the rights of U.S. citizens. However, the President’s defense of ongoing overseas intelligence collection programs ensures that the citizens of the world will continue to be subject to mass surveillance.”
Claude Moraes, European Parliament member for London, and Rapporteur for the European Parliament Inquiry into the Mass Surveillance of EU citizens:
“Today's speech from President Obama marks a substantial step forward in addressing the serious concerns from EU Member States in relation to NSA activities on mass surveillance and spying. Whilst he has now recognised that there is a need for additional privacy protections in the US for EU citizens, his comments may not have been enough to restore confidence following the confusion and concern over surveillance and spying allegations in relation to EU citizens, EU Member States, EU leaders and EU Institutions. It is clear the language was substantial but there will be a clear pause before EU citizens and other non-US targets of NSA alleged surveillance can feel that they have been assured of protections in law.”
Katitza Rodriguez, EFF International Rights Director:
“Individuals should not be denied human rights simply because they live in another country from the one that is surveilling them. This is why EFF and hundred of NGOs are calling upon the public to sign the Necessary and Proportionate Principles. These 13 Principles establish a clear set of guidelines that define the human rights obligastions of governments engaged in communications surveillance. Tell Obama to put an end to mass surveillance of innocent individuals at home and abroad. Sign the Principles. Join the movement and tweet #privacyisaright”
Related Issues: InternationalState Surveillance & Human RightsNSA SpyingIn the week leading up the two-year anniversary of the SOPA blackout protests, EFF and others are talking about key principles that should guide copyright policy. Every day, we'll take on a different piece, exploring what’s at stake and and what we need to do to make sure the law promotes creativity and innovation. We've put together a page where you can read and endorse the principles yourself. Let's send a message to DC, Hollywood, Silicon Valley, Brussels, and wherever else folks are making new copyright rules: We're from the Internet, and we're here to help.
Here's what makes a new product or service exciting: it enables you to do something you hadn't even thought possible. But with products that build on or incorporate digital technologies and the Internet—both of which dramatically lower the cost of making copies—some of those exciting surprises inevitably rile up people who control copyrights. If the law were to reflect only the interests of those existing rightsholders, they’d have a veto right on all sorts of new technologies.
Instead, we've got a concept called "fair use" that provides innovators and artists with the breathing space use copyrighted works in a variety of ways, without getting permission. It's a versatile doctrine, one we depend on every time we do research using the Google Books database or the Internet Archive, post a screenshot from a favorite video to Tumblr, share news and information on our favorite forums, or watch a TV show recorded to a DVR. Without fair use, some of our favorite technologies simply wouldn't exist.
How do we know? Because for at least a century, these technologies have been threatened and attacked by large rightsholders. Every time, fair use stands in their way, and essential shield for innovation and the public interest. It’s the key to having an innovation culture, as opposed to a permissions culture.
A Supreme VictoryThe fair use doctrine is deeply rooted in US law, but one of its watershed moments for innovation occurred thirty years ago today, in the case of Sony v. Universal (or more commonly, the Betamax case). Hollywood was doing its level best to sue the videocassette recorder out of existence, but the Supreme Court rejected the movie industry's arguments that consumers recording movies and TV shows at home were engaging in massive copyright infringement. Such personal use as time-shifting (recording a show to watch it later, something we take for granted now) were obvious fair uses, said the court, and providing technology to make it happen was not illegal.
Despite all the heavy-handed doom-and-gloom rhetoric from the movie industry—then-MPAA-head Jack Valenti famously claimed to Congress that "the VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone"—the home video market that the case opened up turned out to be good for everybody, quickly providing a major portion of the studios' revenues.
All This Cool StuffThe VCR is just one notable entry in a long line of great developments that rely on fair use. Take, for example:
You might notice that many of these products followed a common story. First, there’s a a great new technology that takes advantage of non-infringing copying in an exciting way. Then rightsholders try to challenge that copying, saying that it is in fact infringing. Then the courts explain that the technology isn't infringing after all.
The danger we face now is that, more and more, the established industries are finding ways to keep that story from ever playing out. Fair use is a powerful and versatile doctrine, but it relies on human judgment. So when we let algorithmic copyright cops like YouTube's Content ID block material because it detects a copy, that preempts the possibility of arguing fair use.
Similarly, when media or devices are wrapped in digital rights management software designed to restrict copying, the law says that circumventing that software is illegal even if the reason you're circumventing it is otherwise lawful. That in turn can short-circuit fair use and lead to chilling effects on products that require reverse engineering.
It's not all bad news, though. For one thing, courts continue to recognize the value and importance of fair use, and Congress plans to discuss it in an upcoming hearing. We'll continue to push for a strong and robust fair use doctrine. Join us by endorsing the Copyright Week principles today.
Related Issues: Fair Use and Intellectual Property: Defending the BalanceFree SpeechInnovationPresident Obama this morning announced a series of reforms his administration will support to rein in surveillance abuses by the National Security Agency.
"The President took several steps toward reforming NSA surveillance, but there's still a long way to go," said EFF Legal Director Cindy Cohn. "Now it's up to the courts, Congress, and the public to ensure that real reform happens, including stopping all bulk surveillance--not just telephone records collection. Other necessary reforms include requiring prior judicial review of national security letters and ensuring the security and encryption of our digital tools, but the President's speech made no mention of these. We're hopeful that the big data and privacy review commissioned by John Podesta will address these issues and the further steps outlined in our scorecard. We also look forward to addressing the underlying constitutional problems with the surveillance in our ongoing lawsuits: Jewel v. NSA and First Unitarian Church v. NSA."
"It was encouraging to see the President recognize the privacy rights of people around the world," said International Rights Director Katitza Rodriguez. "However, the details of Obama's plans to actually protect those privacy rights must conform with international human rights law, specifically that suspicion is necessary to target non-US person for surveillance."
EFF will have additional analysis of the recommendations soon on our Deeplinks blog.
Related Cases: Jewel v. NSAFirst Unitarian Church of Los Angeles v. NSAJust in time for Copyright Week, we're celebrating a huge win for the open access movement. Today, Congress passed the 2014 Omnibus Appropriations Bill. For the most part, it focuses on government spending and budget cuts we've seen covered in the news. But the bill also contains important language (PDF) promoting public access to federally funded research, making sure that taxpayers get a real return their investment.
Specifically, the bill requires federal agencies under the Departments of Labor, Health and Human Services, and Education with research budgets of $100 million or more to provide the public with online access to articles resulting from federally funded research—all within 12 months of publication in a peer-reviewed journal.
This is big. Previously, the National Institutes of Health was the only government agency with a statutory public access mandate. Last year, the White House Office of Science and Technology Policy (OSTP) made moves in this direction by requiring agencies with similar research budgets to formulate, and eventually implement, their own public access policies. While the OSTP memorandum was a heartening step in the right direction, ultimately these crucial practices must be set down in the law, so they cannot be decimated at the whim of a future presidential administration.
Having another public access law on the books is surely cause for celebration—and hats off to all of those who have been fighting the open access fight—but we shouldn't stop here. Ultimately, we want to make sure that the public has full access to taxpayer funded research.
The Fair Access to Science and Technology Research Act (FASTR) would go beyond the provisions laid out in the Omnibus bill by mandating a six-month embargo until research funded by a larger number of departments and agencies is made publicly available online.
Contact your members of Congress today and tell them to support FASTR.
The language in the appropriations bill makes it clear that public access is not as far-fetched as the opposition makes it out to be. Let's get access to the research we fund on the books once and for all.
Files: omnibus-approprations-2014-p1020.pdfRelated Issues: Open AccessEste viernes, el Presidente Barack Obama anunciará los potenciales cambios y reformas que hará a la Agencia de Seguridad Nacional (NSA, por sus siglas en inglés). ¿Qué podemos esperar? Muchas personas se muestran escépticas a la posibilidad que el Presidente vaya a crear límites significativos a las prácticas de la NSA de rastrear las comunicaciones digitales de millones de personas en todo el mundo y más proclives a creer que en lugar de detener realmente el espionaje apenas podría hacer declaraciones pidiendo más transparencia o capas adicionales de supervisión burocrática. Básicamente; esquivar el tema más importante que podía atender para mostrar su liderazgo: controlar la vigilancia del gobierno.
Hemos compilado una lista de soluciones de sentido común que el Presidente podría - y debería - anunciar en su informe el viernes. Muchos de estos son similares a las medidas propuestas por el propio Grupo de Revisión del Presidente sobre Inteligencia y Tecnologías de la Comunicación, que produjo un informe el mes pasado con más de 40 recomendaciones. La siguiente lista no es exhaustiva, pero abarca los problemas centrales de la vigilancia de la NSA. Corregir todos requerirá recorrer un largo camino hacia la recuperación - por parte del estadounidense - de la confianza en su gobierno y resolver algunos de los más atroces abusos de la NSA contra las libertades civiles.
Estaremos pendientes de la presentación de Obama el viernes y les dejaremos saber que reformas está proponiendo, de existir alguna. Puedes ayudar presionando a Obama en los próximos días twiteandoles estas reformas a él.
Vamos a publicar una Tabla de Puntuación justo después del discurso de Obama el viernes. Mientras tanto, tenemos solamente unas horas antes del anuncio. Vamos a usar cada momento para presionar a Obama a que detenga realmente el espionaje masivo.
Related Issues: State Surveillance & Human RightsPrivacyNSA Spying
The US Senate Committee on Finance held a hearing this morning on the new "fast track" bill that was introduced last week. The bill, formally called the Bipartisan Congressional Trade Priorities Act of 2014 or TPA 2014 for short, would have Congress "fast track," or hand over its power over US trade policy, to the White House. In practice, this means elected representatives would have even less oversight, control, and authority over secretive agreements like the Trans-Pacific Partnership (TPP) and the Transatlantic Trade and Investment Partnership (TTIP).
It also means that powerful moneyed lobbyists, like Hollywood Studios, could more easily insert their wish list of copyright enforcement provisions into these international deals. If passed, the bill would effectively eliminate substantive congressional review over these secret agreements and create a dangerous lack of accountability over a long list of policies that should really be written and passed transparently and democratically. Any international trade agreement should be given a full reading, investigation, and confirmation by the public's representatives in Congress.
In October, we joined over a dozen public interest groups in sending a letter to members of the Senate Finance Committee urging them not to grant the Obama administration fast track authority. We wrote:
Agreements such as the TPP require transparency and input from all affected stakeholders, and a fast track process would not permit Congress to provide that essential feedback. The stakes for user's rights are too high, and the process has been too secretive, to allow the administration to enact an agreement without meaningful Congressional oversight.
We hope they heed our call. Members of the Senate Committee on Finance had the opportunity to ask tough questions to the hearing's witnesses about the supposed benefits of fast track, but failed to do so. Instead, many of them used the time to tout the benefits of fast track authority without getting into any of its actual implications. Here are some questions the Senators should have asked:
How will you account for the fact that there are negotiating obligations written into this bill that may be used to justify policies that contradict the US Constitution? Notably, the obligation to provide “strong enforcement of intellectual property rights,” which may counteract our constitutional prerogative “To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.” Fair use, and the other tenets in US law, actively consider the interests of creators *and* users to further this objective. Such principles are nowhere to be seen in TPA 2014.
The main sponsors of the bill will be pushing hard to get this passed in the next few weeks. The US Trade Rep is especially in favor of this bill, and has even written a statement that is full of factual distortions about what fast track would do.
We need to maintain the pressure on our representatives to oppose this bill and keep their proper role over trade policy. Help us fight fast track. Join over 10,000 people in telling your Congress members to shelve TPA 2014. Share this action and tell your friends about why we need to stop TPP and all undemocratic trade agreements.
Related Issues: Fair Use and Intellectual Property: Defending the BalanceInternationalTrans-Pacific Partnership AgreementIn the week leading up the two-year anniversary of the SOPA blackout protests, EFF and others are talking about key principles that should guide copyright policy. Every day, we'll take on a different piece, exploring what’s at stake and and what we need to do to make sure the law promotes creativity and innovation. We've put together a page where you can read and endorse the principles yourself. Let's send a message to DC, Hollywood, Silicon Valley, Brussels, and wherever else folks are making new copyright rules: We're from the Internet, and we're here to help.
You bought it, you own it, right? Not always. Over the past decade, we have been quietly shifting to a world in which both digital goods (like mp3s, video files, and ebooks) and physical goods that contain software (like cars, microwaves, and phones) are never truly owned, but only rented.
Not to worry, say big copyright holders; people don’t want to be owners, because all they really care about is “access,” and more and more content is being made “accessible” in more and more ways. Sure, you might have to pay a premium for the “privilege” of, say, watching the movie you “bought” on more than one device, but no one’s forcing you to do it. Besides, they tell policymakers, just give us more tools to punish unauthorized uses and we promise to build more “authorized” channels – as long as users are willing to pay for them.
There are a lot of reasons they are wrong. Here's just a few:
First, most people have no idea that all they bought was a license. After all, the button they clicked on the Amazon site said "Buy," not "Rent." Little do they know that Amazon has the right to (for example) remotely delete books from their library, without notice, at Amazon’s whim. Or that the holiday special they were planning to see might suddently become "unavailable."
Second, many users don’t just want to “access” content, they want to comment on it and use it in new and different contexts. They want to view it or listen to it via devices and services that don't necessarily have the blessing of the copyright holder. They want to lend a book to a friend, or make a copy on the laptop they are bringing overseas, and they don’t think they should have to pay extra to exercise these basic consumer rights. They want to resell the music and books they are bored with, and use the money to buy new material. Some, like librarians, want to make copies in order to preserve, protect and share our cultural commons.
Third, any notion that “access” is enough cannot possibly make sense when copyright law is inserting itself into arenas beyond movies, books, and music, such as devices. From phones to cars to refrigerators to farm equipment, software is helping your stuff work better and smarter, with awesome new features. And that’s great . . . until it breaks and you want to fix it yourself (or take it to a local repair shop you trust). Or you think of a way to make it work even better that requires tinkering with the software (or some third party does). Or you want to give it to a friend, or re-sell it. Then, you have a problem. Why? Because the license agreement attached to the software in that device (often called an “End User License Agreement” or "Terms of Service") is likely to restrict your ability to tinker with your stuff. Typical clauses forbid reverse-engineering (i.e., figuring out how the software works so you can adapt it), transfer (i.e., giving it to a friend), and even using unauthorized repair sources at all.
Further complication: the software may come with digital locks (aka Digital Rights Management or DRM) supposedly designed to prevent unauthorized copying. And breaking those locks, even to do something simple and otherwise legal like tinkering with or fixing your own devices, could mean breaking the law, thanks to Section 1201 of the Digital Millennium Copyright Act.
And then there’s repair-manual lockdown, which happens when manufacturers refuse to publish crucial repair information (including the manuals themselves, but also things like diagnostic codes for cars)—and then threaten to sue anyone else who tries to do so with a lawsuit for copyright infringement.
The end result: fair uses are impeded, users are disempowered, trained to go hat in hand to the Apple store just to change a battery (rather than doing it themselves). Users are forced to make do with DRM-crippled devices that are fundamentally defective and compromise our security. Medical clinics must waste scarce resources on expensive repair contracts rather than patient care. Independent repair shops are driven out of business. And the electronic waste piles up, as users discard their devices rather then fixing them or donating them for re-use.
In 2005, Make magazine published the Maker’s Bill of Rights, also known as the Owner’s Manifesto. As author Mr. Jalopy succinctly put it, “If you can’t open it, you don’t own it.” These days, the question is not just whether you can open the hood – it’s whether opening the hood might land you in court.
Here’s the good news: there’s growing movement to defend your right to own your stuff – and to make sure ownership continues to mean something. Join us.
Related Issues: Fair Use and Intellectual Property: Defending the BalanceDefend Your Right to Repair!DMCATerms Of (Ab)UseInnovationDRMUPDATE: We've filled out the scorecard following the speech. More analysis to follow.
Click to view image full-size.On Friday, President Barack Obama will announce changes and potential reforms he will make to the National Security Agency (NSA). What can we expect? Many people are skeptical that the president will create meaningful limits to the NSA’s practice of sweeping up the digital communications of millions of people worldwide. Instead of actually stopping the spying, Obama could just make pronouncements calling for more transparency or additional layers of bureaucratic oversight. Basically, he could duck the most important thing he could do to show leadership: rein in government surveillance.
We’ve compiled a list of common-sense fixes that the President could—and should—announce at his briefing on Friday. Many of these are similar to measures proposed by the president’s own Review Group on Intelligence and Communications Technologies, which produced a report with over 40 recommendations last month. The list below is not comprehensive, but it addresses the central problems with NSA surveillance. Fixing all of them will go a long way toward restoring America’s trust in its government and resolving some of the most egregious civil liberties abuses of the NSA.
We’ll be scoring Obama’s presentation on Friday and we’ll let you know which, if any, of these reforms he supports. You can help us pressure Obama in the coming days by tweeting these reforms at him.
We will publish a filled-out scorecard right after Obama’s speech on Friday. In the meantime, we have just days left before the announcement. Let’s use every moment we have to pressure Obama to really stop mass spying.
Related Issues: PrivacyNSA SpyingIn the week leading up the two-year anniversary of the SOPA blackout protests, EFF and others are talking about key principles that should guide copyright policy. Every day, we'll take on a different piece, exploring what’s at stake and and what we need to do to make sure the law promotes creativity and innovation. We've put together a page where you can read and endorse the principles yourself. Let's send a message to DC, Hollywood, Silicon Valley, Brussels, and wherever else folks are making new copyright rules: We're from the Internet, and we're here to help.
Sometime it's hard to believe that we are still arguing about open access to publicly funded research. The issue is as clear as it gets: we paid for the research; most researchers are devoted, by nature and profession, to sharing their work; and the public benefits of open access can be tremendous. So perhaps the right question is, why in the world don't we already have free and open access to publicly funded research, including the ability to not just read but reuse such works?
The answer is equally obvious: the lack of open access is a result of strident opposition by giant academic publishers who treat this issue as struggle for survival. And it is—especially if they will not give up their legacy business models that, in the current climate, position them more as burdensome middlemen and copyright bullies than valuable contributors to the progress of science.
Case in point: A month ago, one such giant academic publisher, Reed Elsevier, sent thousands of takedown notices to researchers, universities, and scholarly websites. These sites were hosting the researchers' own works—what's known as self-archiving or "Green Open Access"—yet technically the articles' copyrights belonged to the publishing giant. (This is because many publishers force researchers to relinquish and assign all copyrights to their works as the price of publishing those works. Because publication is the key to survival in the academic context, the pressure to pay that price is enormous.) While Green Open Access is a tried and true practice with no demonstrable harm to any publishing market, Reed Elsevier nonetheless decided it was time to brandish the mighty stick of copyright and bring it straight down on the academics' heads. That's right: the publishing house chose to make enemies of those very same people who are not only its content providers, but also its clientele.
As Dr. Michael Taylor so eloquently put it:
In essence, this move is an admission of defeat. It's a classic last-throw-of-the-dice manoeuvre. It signals a recognition from Elsevier that they simply aren't going to be able to compete with actual publishers in the 21st century. They're burning the house down on their way out. They're asset-stripping academia.
Dr. Taylor may be right that Reed Elsevier's move was an admission of defeat, but the giant publishers won't go down (or fully embrace new business models) without a fight. They're pushing for horrible legislation and actively lobbying against the good. They're proposing their own deceptive solutions that don't actually give researchers what they want and ensure that publishers retain the ability to restrict meaningful access to research. They have attempted to maintain a publishing status quo that no longer makes sense, for researchers or the public.
Their main weapon is copyright. Once a publisher owns the rights to a scholarly work, it has broad powers to control how it is shared—just as Reed Elsevier is trying to do. Universities have difficulties hosting their scholars' works, and academics feel less comfortable sending their papers to struggling students or researchers halfway around the world. Really powerful, easily searchable, freely accessible databases of cutting-edge research don't get built. Library budgets are crippled by exorbitant subscription costs. The list goes on.
Part of the problem is copyright itself. The assumptions behind the law just don't square well with basic tents of academic life. Researchers don't need copyright as an incentive to publish—doing research and sharing their findings is their profession. Locking up research behind paywalls helps no one but the publishers themselves.
Luckily, advocates for open access and publishing reform are pushing back hard to secure wide access to publicly funded research. And on the national, state, university, and individual levels, we are making real progress. Big Publishing may have big pockets, but individuals like you can help convince lawmakers to support open access to research. Take action today.
Related Issues: Fair Use and Intellectual Property: Defending the BalanceOpen AccessGoogle recently unveiled a feature that consolidates their products even further. Now you will receive an email in your Gmail inbox if someone sends a message to your Google Plus account, even if they don't know your email address.
Some people—perhaps most people—will not want it to be easier for strangers to send messages to their email inbox, even if the stranger won't find out their actual email address. Yet Google has chosen to make this setting opt-out rather than opt-in; in other words, "Anyone on Google+" can by default send you an email (though this setting does have a feature where you have to agree to receive more than one message from a person you don't know). To top it off, the only people who will automatically get an enhanced privacy setting are users with large follower bases, such as celebrities.
Google Plus has for some time had a setting that lets you choose if you want others to be able to send you a personal private message. This feature, as potentially privacy invasive features should be, is completely opt-in. By default unchecked, users understood—whether they had seen the setting or not—that they would not be getting personal private messages using the service. They were given, and the norm became, a more secure mode of privacy.
But now Google has opted them in automatically to this new, highly similar feature—which is addressed on a completely different settings page—reversing the type of privacy users had come to know. The old setting is by default ineffective.
For those of you who do not want to receive messages from strangers directly to their email inbox, here's how to opt out:
Step 1: Go to your Gmail settingsOn the top right of your Gmail home screen, click on the button with a gear on it, then click on "Settings." This will take you to the General settings page.
Step 2: Change the "Email via Google+" settingScroll down till you find the "Email via Google+" setting, where it says "Who can email you via your Google+ profile?" There are four options: "Anyone on Google+," "Extended Circles," "Circles," and "No one."
By default, the setting for most users is set to "Anyone on Google+." If you don't want to receive unwanted emails from others using your Google Plus account, we suggest changing this to "No one" or "Circles."
Step 3: Save changesScroll down and click "Save Changes."
And that's it!
But what about that other privacy setting?You may have noticed in your Google Plus settings that there was an option under "Profile" that says: "Allow people to send you a message from your profile" followed by a drop-down menu. For most people, this is unchecked by default; people could not normally send you private messages from your Google Plus page or by simply knowing your Google Plus account, which is usually tied to your name.
Google, however, decided to make their new email feature—which, in essence, accomplishes the same thing—opt-out. Why would I not want personal private messages via Google Plus on one hand (the old setting) yet be totally okay with personal private emails via Google Plus on the other (the new setting)?
This peculiar coupling of settings and expectations evokes Google's past encounters with privacy mishaps, most particularly the Google Buzz fiasco. While Google may continue the trend of integrating its products together, whether to provide a more seamless experience or to attempt to restore relevance to services like Google Plus, we hope Google will take a less confused stance on privacy in the future and allow its users to opt in rather than out.
Related Issues: PrivacySocial NetworksCustoms & Border Protection recently “discovered” additional daily flight logs that show the agency has flown its drones on behalf of local, state and federal law enforcement agencies on 200 more occasions more than previously released records indicated.
Last July we reported, based on daily flight log records CBP made available to us in response to our Freedom of Information Act lawsuit, that CBP logged an eight-fold increase in the drone surveillance it conducts for other agencies. These agencies included a diverse group of local, state, and federal law enforcement—ranging from the FBI, ICE, the US Marshals, and the Coast Guard to the Minnesota Bureau of Criminal Investigation, the North Dakota Bureau of Criminal Investigation, the North Dakota Army National Guard, and the Texas Department of Public Safety.
CBP stated that these flight logs and a list of agencies it later prepared based on those logs represented all the missions the agency flew on behalf of non-CBP agencies. Yet after EFF and CBP briefed the remaining issues in the case in our Cross Motions for Summary Judgment and on the eve of the pivotal court hearing on those motions in December 2013, CBP announced it “discovered that it did not release all entries from the daily reports for 2010-2012” responsive to EFF’s FOIA request.
Not only do these new flight logs and the accompanying new list of agencies show a striking increase in the overall number of flights (700 versus 500), they also reveal a sharp increase in the number of flights for certain federal agencies like ICE (53 more flights than previously revealed) and the Drug Enforcement Agency (20 more flights). And they also reveal CBP flew 32 additional times on behalf of state and local agencies—including previously undisclosed law enforcement like the Arizona Department of Public Safety and the Minnesota Drug Task Force. Unfortunately, CBP continues to withhold the names of many of these state and local agencies, arguing that revealing them would somehow impede ongoing investigations. However, as we pointed out in our summary judgment brief, disclosing that CBP was working with, for example, the Pima County, Ariz. Sheriff’s Department would not be specific enough to affect any particular criminal operation. It would hardly be surprising that CBP was working with Pima County because it shares a border with Mexico. It is also—at 9,200 square miles—one of the larger counties in Arizona and has one of the highest crime rates of any county in the country—a rate of 4,983 crimes per 100,000 people. Given the large geographic size of and crime rate in this county and others like it, it is hard to imagine that releasing information about which county sheriff’s department CBP is working with would enable suspected criminals in the area to link CBP’s drone surveillance to their particular criminal activity.
The newly-released records reveal other surprising facts, including that CBP was using its sophisticated VADER surveillance system much more frequently than previously thought and was using it for other agencies. This sensor, also known as Vehicle and Dismount Exploitation Radar, was initially developed for use in the Afghanistan War and can detect the presence of people from as high as 25,000 feet. CBP has used this sensor in its surveillance operations since 2011 and used it at least 30 times for other agencies in 2012. The records CBP previously released to EFF contained no specific mention of VADER technology. As noted by the Center for Investigative Reporting, the system has several limitations—not the least of which is that “it can’t tell the difference between a U.S. citizen and noncitizen.”
The records also indicate that CBP’s drones appear plagued with problems; many of the logs indicate missions were terminated or cancelled due to undisclosed issues affecting both the aircraft (General Atomics was often called in to address issues with the Predators) and the surveillance equipment on board (Raytheon, which supplies the RADAR equipment for CBP’s drones was also called in). The VADER system had its own undisclosed problems.
CBP noted in a recent Privacy Impact Assessment (PIA) that it generally flies its drones in support of its primary mission—“border security.” Yet these records indicate just how blurred that mission has become. This is problematic because, as CBP also notes, drones like Predators enable “the monitoring of large areas of land more efficiently and with fewer personnel than other aviation assets.”
As the use of Predators moves from maintaining security at the nation’s borders to general law enforcement elsewhere within the country, more and more people in the United States will be subject to drone surveillance. CBP states in its PIA that it stores data unassociated with a particular investigation for no more than 30 days, but much, if not most of this data will be associated with an investigation and may therefore be stored indefinitely—even if it includes footage of property, vehicles and people unassociated with the investigation.
CBP also states in the PIA that we shouldn’t be concerned about the privacy implications of its drones because their sensors cannot yet identify individual people. However, these sensors are becoming more sophisticated every day, and it won’t be long before surveillance capabilities like "facial recognition or soft biometric recognition, which can recognize and track individuals based on attributes such as height, age, gender, and skin color" are added to CBP’s arsenal. We need to address these issues before that happens.
Sen. Dianne Feinstein was concerned enough about drone surveillance to amend last term’s Senate Immigration Bill to restrict CBP’s flights in California to within three miles of the border. We should be similarly concerned about CBP’s flights throughout the country—especially when CBP still refuses to reveal exactly which state and local agencies it’s working with. We’ll be arguing just that point in the hearing on our Cross Motion for Summary Judgment in the case this coming Wednesday.
Documents:
In order to be comprehensive, we present the documents CBP previously provided alongside the supplemental disclosures referred to in this report. The updates are marked "NEW."
Agency Lists
2010 Flight Logs
2011 Flight Logs
2012 Flight Logs
To the extent there's a poster child for patent abuse, it's MPHJ, the infamous "scanner troll." This week's revelations show us for the first time just how much damage the patent troll has caused. Hint: it's a lot.
MPHJ owns a handful of patents, which it claims covers the basic technology for scanning documents to email. You read that right—simply scanning documents to email.
On Monday, MPJH sued the Federal Trade Commission (FTC) in federal court in Texas. Apparently, the FTC has been investigating MPJHJ since this summer, using its subpoena power, which allows it to get information that ordinary citizens cannot. In December, it presented MPHJ with a draft complaint and, according to MPHJ, threatened to file suit if MPHJ would not enter into a consent judgment (a kind of settlement agreement).
Notably, the MPHJ complaint and the FTC draft complaint provide many missing details surrounding MPHJ's shady dealings, and we've got some highlights for you:
In other words, this is run-of-the-mill extortion, or an attempt to get a quick buck out of small businesses. And not just some small businesses—essentially every small business. MPHJ believes that as long as a business has at least 20 employees and works in certain fields, such as the vaguely defined "professional services," it "very likely" infringes. And if a business has at least 100 employees, no matter what kind of industry it's in? Then, according to MPHJ, it, too, "very likely" infringes. You read that right. Every. Business. In. America.
So what's going on here isn't just about MPHJ and its desire to squeeze money from wherever it can (there are some unsurprising and troubling hints that MPHJ is using the letters to pressure the scanner manufacturers to pay them to lay off their consumers—just another layer of mob-like behavior). Think, for a second, about the proposition that one party can claim that its patents (in this case five—four of which come from the same family) tie up every American business that uses basic scanning technology. Clearly, the patent system isn't working. The patents are too broad and vague, and there is no evidence that they somehow advanced scanning technology. And when these patents end up in the hands of parties like MPHJ, they become tools for abuse.
Congress is close to passing good legislation that would help curb the patent troll disaster, but would largely fail to address the underlying problem of patent quality. The good news is that the Supreme Court has at least two cases on its calendar this term that will get at the heart of the patent quality issue. We'll be filing briefs in those cases asking the Court to set the patent system back to its original moorings—one that is supposed to promote innovation and progress instead of squelching it.
Files: draft_ftc_complt_to_mphj.pdfRelated Issues: PatentsPatent TrollsIn the week leading up the two-year anniversary of the SOPA blackout protests, EFF and others are talking about key principles that should guide copyright policy. Every day, we'll take on a different piece, exploring what’s at stake and and what we need to do to make sure the law promotes creativity and innovation. We've put together a page where you can read and endorse the principles yourself. Let's send a message to DC, Hollywood, Silicon Valley, Brussels, and wherever else folks are making new copyright rules: We're from the Internet, and we're here to help.
This is a guest post from Yana Welinder and Stephen LaPorte, Legal Counsel at the Wikimedia Foundation. If you have comments on this post, you can contact Yana and Stephen on Twitter.
While more commonly known as New Year’s Day, January 1 was also International Public Domain Day. It’s the day when some creative works enter the public domain, which is the collective wealth of works that are not covered by copyright. Public domain works can be freely published, performed, remixed, translated and otherwise shared with the world. They can also be used to write and illustrate the largest online encyclopedia—Wikipedia. In relying on the public domain to provide free knowledge to millions of people around the world, Wikipedia illustrates the need for a growing body of freely-reusable works. Today, there is concern that ever fewer works will enter the public domain because of laws and international agreements extending copyright terms across the world. While January 1, 2014 saw many new works enter the public domain in countries with shorter copyright terms, those works are still under copyright in the United States as a result of the Copyright Term Extension Act of 1998, which increased the term from life of the author plus 50 years to life plus 70 years.
Whether they realize it or not, people rely on the public domain everyday. Millions of people use Wikipedia every day to research, check facts, browse aimlessly and even play games. Wikipedia is a collaborative project with hundreds of thousands of authors, and it relies upon a rich public domain to draw from. Some Wikipedia articles are built on text from older public domain encyclopedias. Other articles may be illustrated by public domain media. For example, when “The Great Gatsby” hit theatres last year, many people turned to Wikipedia to read about the original novel. There, through public domain photographs, they could discover the New York mansions that inspired the story, such as Beacon Towers—a house that has since been demolished. Similarly, when Wikipedia readers are researching Shakespeare, they are able to view a public domain image of his portrait from 1610 (pictured). Because both of these images are in the public domain, readers can download and reuse them in other works, like Wikipedia articles.
Most images featured in Wikipedia articles are hosted on Wikimedia Commons, which is a repository of free media that is also used by newspapers, magazines and other websites. Wikimedia Commons catalogs a wealth of historical works that have entered the public domain. But it also hosts works that have not had their copyright expire. All material created in past 70 years, which includes most in-color photographs, have been uploaded by creators who proactively give up some of their exclusive rights in order to contribute to this collection of reusable media. Their contributions rely on free licenses developed by the free culture movement to establish a landscape of public domain-like material. One example is Creative Commons Zero, a sort of copyright waiver that content creators can affix to their works to disclaim all copyright protection attached to them, effectively contributing the works to the public domain. Another example is Creative Commons Attribution-ShareAlike (CC-BY-SA) license, which requires re-users to re-license their derivatives under the same free license as the original work and attribute the original creator, but otherwise allows free use of the work as if it were in the public domain. Most material on Wikimedia Commons and Wikipedia is licensed under CC BY-SA.
We must defend a vibrant public domain if we want collaborative projects like Wikipedia to continue to thrive. When material is removed from the public domain, it damages projects like Wikipedia and impacts Wikipedia readers and reusers at large. We are disappointed in the decision in Golan v. Holder, which removed content in the public domain by upholding the the Uruguay Round Agreements Act of 19941. Given the impact of the URAA on Wikipedia, the Wikimedia Foundation joined EFF in an amicus brief challenging the URAA a few years ago. When copyright is restored in a work, the public domain suffers. The immediate result is that Wikipedia is not as rich, because removing material from the public domain means that work previously available on Wikipedia may need to be removed.
The Wikipedia community does not take harmful copyright laws lightly. This week also marks the two-year anniversary of the historic moment when Wikipedians decided to black out the English Wikipedia site, joining many other sites protesting the SOPA and PIPA bills—and defeated them! Wikipedia is a living project that has developed over the past 13 years into a massive collaborative resource used by people around the world. It may be difficult for most of us to imagine a time before so much information was freely available on the internet. The annual celebration of Public Domain Day and the anniversary of SOPA is an opportunity to reflect on how projects like Wikipedia thrive when there is a vibrant public domain and remember that we can stand up to protect the public domain when laws put it in peril.
Many thanks to the Wikimedia Legal and Community Advocacy team for their help in preparing this post and, in particular, Michelle Paulson, Dashiell Renaud, Manprit Brar, and Anna Koval. We would also like to thank the Wikimedia community for their helpful comments.
In the week leading up the two-year anniversary of the SOPA blackout protests, EFF and others are talking about key principles that should guide copyright policy. Every day, we'll take on a different piece, exploring what’s at stake and and what we need to do to make sure the law promotes creativity and innovation. We've put together a page where you can read and endorse the principles yourself. Let's send a message to DC, Hollywood, Silicon Valley, Brussels, and wherever else folks are making new copyright rules: We're from the Internet, and we're here to help.
What if a single parking ticket carried a fine of up to a year's salary? What if there were no way to know consistently how much the fine would be before you got it? And what if any one of hundreds of private citizens could decide to write you a ticket? What would happen? People would start avoiding public parking, and stay home more often. Business would decline. The number of false or unfair tickets would rise. Everyone would lose confidence in the system—and in the law—as parking became a huge gamble.
Something very close to this scenario is a reality in copyright law. Copyright holders who sue for infringement can ask for "statutory damages" and, if they win, let a jury decide how big of a penalty the defendant will have to pay—anywhere from $200 to $150,000 per copyrighted work. That's a big problem for Internet users, and everyone else who wants to use creative works in lawful but non-traditional ways. Authors of remix video and fan fiction, bloggers, coders, entrepreneurs and others who create, inform, and empower on the fuzzy edges of copyright law must gamble every day. They risk unpredictable, potentially devastating penalties if a court disagrees with their well-intentioned efforts.
People from across the spectrum of opinion on copyright—including many who generally support more restrictive copyright law—agree that copyright damages are broken and need fixing. In today’s House Judiciary Committee hearing on the scope of copyright, Professors David Nimmer and Glynn Lunney agreed on almost nothing—but both agreed that copyright’s penalty regime makes no sense today.
Different from almost all other areas of the law, plaintiffs in copyright cases don’t have to present any evidence that they were harmed. And aside from setting some broad ranges of amounts for "willful" and "innocent" infringement, the only guidance that the Copyright Act gives to juries in picking an amount is to say that it should be "just."
So, not surprisingly, penalties in actual cases are hugely unpredictable. Sometimes judges and juries try to set a penalty at approximately the value of the infringing goods, or the loss suffered by the plaintiff. When the defendant is a repeat infringer or behaved egregiously, some courts award a small multiple of actual harm, such as double or triple damages, much like in other areas of the law.
Other times, judges and juries set massive penalties with no relationship to either the actual harm caused or the degree of moral condemnation that the defendant deserves. A website owner who copied two copyrighted poems, earning no profit and causing no more than minuscule economic harm, was ordered to pay $300,000.1 More famously, single mother Jammie Thomas-Rasset was ordered to pay $222,000 for sharing 24 songs online, even though the trial judge believed that the record labels' actual harm was about $50.2.
Without guidelines, the penalties awarded change radically from case to case. One music industry company that sued three different defendants in separate suits for the same type of infringement won $10,000 per song in one case, $30,000 in another, and $50,000 in a third.3
This uncertainty, and the possibility of ridiculously high penalties, is toxic to creativity and innovation. High and unpredictable copyright damages are why many filmmakers struggle to obtain the liability insurance their financial backers require. They're part of why entrepreneurs with new products for using and interacting with creative work don't get funded. And they're a big reason why innovative companies like Aereo, Dish, Pandora, and software developers large and small must spend so much time and money on copyright lawyers instead of artists and engineers.
Massive penalties are also one of the main reasons why so many shady lawyers have turned to copyright trolling. Threats of six-figure penalties for sharing a movie or song are credible, because they have actually happened. For a home Internet subscriber, paying a troll $3,000 to go away can look like a better option than gambling with $150,000. Copyright damages can turn a failing movie into a lucrative shakedown scheme—with a cost in human misery. It's no wonder the public has a low opinion of copyright law.
People should be able to use copyrighted work in ways that benefit us all, without worrying that a court will bankrupt them if the court later decides they crossed a fuzzy line. And copyright's penalties should have some connection to actual harm, to keep trolls from using copyright suits as a shady business model. As Congress continues talking about fixing copyright, the penalties should be one of the first things they look at.
