Deeplinks
It’s been a rough few weeks for legal challenges to NSA surveillance. First, a federal district court in Maryland dismissed a lawsuit brought by the ACLU challenging the NSA’s Upstream surveillance of the Internet backbone. Then, the Second Circuit Court of Appeals refused to grant the ACLU a preliminary injunction against the NSA’s bulk telephone records program, despite having previously found that the program was illegal. Essentially washing its hands of the case, the court refused to even consider the ACLU’s arguments that the phone records program is unconstitutional because the program will stop in its current form at the end of November.
Businesses should not be able to restrict customers’ speech
Are there limits to what a company can put in a standard form contract, like a click-through agreement? Can a company take away its customers’ freedom of speech?
The Consumer Review Freedom Act, now pending in Congress (S.2044, H.R.2110), would limit several ways that companies attempt to keep their customers from criticizing them on the Internet.
Good news for Firefox users sick of online trackers shadowing their every click: Mozilla just released Tracking Protection for use with their private browsing mode.
As we wrote previously, we think it's important for users to be able to protect themselves from non-consensual online tracking. That's why we created Privacy Badger, which enforces Do Not Track around the Web. But it's also important for browser vendors to join in the fight to protect user privacy. Mozilla has done just that with today's announcement.
This report was co-written by MuckRock Editor JPat Brown. MuckRock Co-founder Michael Morisy, MuckRock Intern Lukas Knight, and EFF Activism Intern Annelyse Gelman also contributed to this report. Another version appears at MuckRock.com.
Law enforcement agencies around the country are increasingly embracing biometric technology, which uses intrinsic physical or behavioral characteristics—such as fingerprints, facial features, irises, tattoos, or DNA—to identify people, sometimes even instantly. Just as the technology that powers your cell phone has shrunk both in size and cost, mobile biometric technologies are now being deployed more widely and cheaply than ever before—and with less oversight.
A storm is brewing over use of the 5.8 GHz unlicensed band of the radio spectrum as telecommunications companies plan to expand their LTE networks outside their traditional, licensed ranges and into the same unlicensed bands used by Wi-Fi, cordless headsets, and plenty of other consumer technology.
This weekend marks the third annual Aaron Swartz Day hackathon, and a chance for you to meet up with other people working to use technology to make the world a better place. Once again, cities around the world will host two days of meetups.
The Internet Archive in San Francisco is the main event hub, with film screenings, talks from developers working on projects started or inspired by Aaron, a mini-conference of privacy-enhancing technologies, and a two-day hackathon.
Update [11/9/2015]: President Obama formally notified Congress of his intent to sign the TPP on Thursday November 5—90 days after which he may sign the agreement and send the agreement to Congress for ratification.
Facebook has responded to an October 5 open letter from a global coalition, including EFF, about its broken “authentic name policy.” Facebook’s response is a step in the right direction. It's also not the last change to the policy we’ll see, since Facebook notes “we’re making changes now and in the future.” Facebook says it “want[s] to reduce the # of people asked to verify ID.” Facebook and the Nameless Coalition share that goal, and these suggestions will help achieve it. But they still leave some users out in the cold.
Imagine if public figures were given veto power over creative works that depicted or referenced them. Every biographer would need permission from his or her subject. Every documentary film producer would need to run the film by the people featured in it. Every cartoonist would need permission for every caricature. Our ability to make art that is inspired by, or comments on, the real world would be sharply limited.
EFF, along with the Center for Democracy & Technology and the Association of Alternative Newsmedia, submitted an amicus brief to the U.S. Court of Appeals for the Seventh Circuit in the case of Backpage.com v. Dart.
Backpage.com sued Thomas Dart, the sheriff of Cook County, Illinois, arguing that the sheriff’s successful campaign to get Visa and MasterCard to cease providing financial services to the website amounted to informal government censorship in violation of the First Amendment.
We agree.
EFF is pleased to announce that our client, Chris Roberts, is now in the possession of all of his digital devices that had been held by the FBI since April 2015.
Earlier this year, Mr. Roberts was detained for tweeting about airplane network security. When he landed in Syracuse, the FBI escorted him off the plane, questioned him for several hours, and seized all of his computer equipment.
Update: The final text of CISA is being negotiated right now. Take action here.
CISA passed out of the Senate by a disappointing vote of 74-21 last week. The bill has already passed out of the House, and now it goes to a conference committee to work out any differences between the House and Senate version, back to both houses for an up or down vote without any amendments, and then to the President’s desk. Unlike previous years, we haven’t heard any veto threats for CISA, so it’s clear some version of the fundamentally flawed bill will become law.
Last month, Chinese security researchers uncovered a security vulnerability in an Android software library developed by the Chinese search giant Baidu, and when it comes to security vulnerabilities, this one’s a whopper. It allows an attacker to remotely wreak all sorts of havoc on someone’s phone, from sending fake SMS messages to downloading arbitrary files to installing other apps without the user’s authorization.
The widespread deployment of the vulnerable software library makes things even worse. The library, known as the Moplus SDK, is used by over 14,000 separate Android apps. By some estimates, as many as 100 million unique Android devices were vulnerable. And that isn’t even the worst of it.
Little by little, the government is opening up about its use of computer security vulnerabilities. Last month, the NSA disclosed that it has historically “released more than 91% of vulnerabilities discovered in products that have gone through our internal review process and that are made and used in the United States.” There should probably be an asterisk or four accompanying that statement. But more on that in a minute. First, it’s worth examining why the government is being even the slightest bit forthcoming about this issue.
Affirming his previous ruling that the NSA’s telephone records collection program is unconstitutional, a federal judge ordered the NSA to cease collecting the telephone records of an individual and his business. The judge further ordered the NSA to segregate any records that have already been collected so that they are not reviewed when the NSA’s telephone records database is queried. The order comes 20 days before the NSA program is set to expire pursuant to the USA FREEDOM Act.
Today, in a strong opinion from the Federal Circuit, an attempt for rightsholders to use an obscure trade court to block the “importation” of digital data was rejected. The Federal Circuit held that a court that has the ability to block “articles that infringe” does not have the ability to block digital data.
Preliminary Injunction Cannot Bar Respublika From Using “Stolen” Kazakhstan Emails in Its Reporting
The Republic of Kazakhstan has been blocked from using the U.S. court system to censor one of its most vocal and effective critics. In a victory for free speech rights, United States District Judge Edgardo Ramos in New York said the First Amendment protects the independent news organization Respublika from the government’s censorship tactics. Respublika, which reports critically on Kazakhstan’s ruling regime, published government emails that Kazakhstan claims were stolen, posted to the Internet and then indexed on a website called “kazaword.”
As Judge Ramos recognized, the First Amendment “protects the publication of the kazaword documents by anyone other than those directly involved in their purported theft.”
The House Judiciary Committee, tasked with copyright reform in the Next Great Copyright Act process, has taken its long-running hearing show on the road. This week, members of the committee attended sessions in northern and southern California. The line-up of experts in Santa Clara yesterday was diverse and impressive, and included people like Internet Archive founder Brewster Kahle, noted musician Zoe Keating, iFixit CEO and DMCA activist Kyle Wiens, and of course EFF's own staff attorney Kit Walsh.
Good news for Palestinians: According to several August news reports, a 3G mobile network might be finally coming their way. After years of struggling with 2G speeds, the Israeli government and the Palestinian Authority are reported to have come to an agreement that would result in Israel releasing the frequencies required for 3G and possibly 4G services.
Everybody knows we here at EFF are big fans of Do Not Track (an HTTP header users can have their web browsers send to websites, indicating that they don’t want the websites to track them). That’s why we developed Privacy Badger, a browser extension that blocks third parties that don’t honor Do Not Track (DNT) requests. It’s also why we continue to expand our DNT Coalition—a group of companies and organizations who have committed to honor DNT requests on their websites.
EFF has long fought for the public’s right to use federal and state public records laws to uncover controversial and illegal law enforcement techniques. That’s why we filed an amicus brief in a federal appellate court case this week asking it to reconsider a decision that makes it much easier for law enforcement agencies such as the FBI to conceal their activities.
Last month, EFF and I scored a major victory for video game archiving, preservation and play – we got an exemption to the Digital Millennium Copyright Act for some archival activities related to video games.
Before I throw a bunch of shade, I want to emphasize that the exemption is a victory for the video game archiving community. Although there were flaws in what the Library of Congress granted, more legal leeway in this space is a net positive.
Internet users generally think of YouTube as a platform where, if you play by the copyright rules, the content you post is safe from takedown and, if it's taken down improperly, you have some recourse. But that's not the case, thanks to an additional barrier to lawful sharing: meet YouTube's “contractual obligations.”
YouTube has made special deals with certain rightsholders that allows them to dictate where and how their content can be used on the site.
If your video uses content controlled by these rightsholders, and they object to that use, YouTube will take your video offline and won't restore it unless you can get the rightsholder's permission. Because the takedown isn't subject to the DMCA, the rightsholder has no legal obligations to consider whether your use is a lawful fair use.
UPDATE 11-19-15: The trial of the seven Moroccan human rights workers has been delayed until January 2016, in part because of the increased international attention these cases have garnered.
On November 19, the Moroccan government will put seven activists on trial as part of its ongoing crackdown on journalists and human rights defenders.
New Copyright Bot Raises Questions About Fair Use and Privacy
In general, Facebook has some pretty decent copyright policies. If you upload content to Facebook and it’s removed because of a bogus takedown request, you can file a counter-notice via a form on Facebook’s website. If the claimant doesn’t take action against you in a federal court in 14 days, your content is restored. That’s how it’s supposed to work, and Facebook usually does it right. Unlike some platforms, it also doesn’t ding users as “repeat offenders” based on multiple phony claims.
The U.S. Department of Education (ED) is considering a rule change that would make the educational resources the Department funds a lot more accessible to educators and students—not just in the U.S., but around the world. We hope to see it adopted, and that it sets the standard for similar policies at other government agencies.
Sign the petitionIf you live in San Francisco (or spend much time on social media) you probably saw a lot of discussion last month about Proposition F, a controversial proposal to regulate short-term property rental services like Airbnb. You may also know that Airbnb spent millions opposing the measure, many times the budget of the proposition’s supporters. Here’s what you might not know: the bill’s opposition also got a little unexpected assistance from the DMCA (Digital Millennium Copyright Act) takedown process.
Confirmed cases of misuse of California’s sprawling unified law enforcement information network have doubled over the last five years, according to records obtained by EFF under the California Public Records Act.
That adds up to a total 389 cases between 2010 and 2014 in which an investigation concluded that a user—often a peace officer—broke the rules for accessing the California Law Enforcement Telecommunications System (CLETS), such as searching criminal records to vet potential dates or spy on former spouses. More than 20 incidents have resulted in criminal charges.
On Friday, the major US movie studios quietly backed away from the worst parts of the censorship power-grab they attempted in July in the Paramount v. John Does (MovieTube) case. The studios are still hoping to take MovieTube’s Internet domain names away, but they are no longer asking for an order commanding the entire Internet to act as censors for them—a dangerous proposition that would open the door to more censorship and impede legitimate speech.
EFF and Public Knowledge filed comments today at the United States Patent and Trademark Office discussing proposed changes to Patent Office trials. Our comments focus on making the process more fair and accessible for small entities that need to challenge bad patents.
Our first set of comments relates to proposed changes to inter partes review and covered business method review. Congress created these procedures in the America Invents Act, passed in 2011, to allow quicker and more efficient review of issued patents. We make a number of suggestion for how the current rules could be improved to promote fairness. For example, we argue that the rules should clearly require both petitioners and patent owners to support affirmative factual statements with evidence.
The U.S. Trade Representative (USTR) fears the grassroots tech community, and rightly so. Internet users are the community that killed SOPA and PIPA in the U.S. Congress and ACTA in the European Parliament. The USTR is right to fear that the same could happen to the Trans-Pacific Partnership agreement (TPP).
Like clockwork, cynical calls to expand mass surveillance practices—by continuing the domestic telephone records collection and restricting access to strong encryption—came immediately following the Paris attacks. These calls came before the smoke had even cleared, much less before a serious investigation completed. They came from high places too, including CIA head John Brennan and New York Police Commissioner Bill Bratton.
Seasoned law enforcement officers and the heads of spy agencies should know better than jump to conclusions before the facts are in. Sadly, these premature demands for more surveillance in the wake of tragedies are not unprecedented.
In what we very much hope launches a “race to the top” to protect online fair use, today YouTube announced a new program to help users fight back against outrageous copyright threats. The company has created a ‘Fair Use Protection’ program that will cover legal costs of users who, in the company’s view, have been unfairly targeted for takedown.
La organización peruana defensora de los derechos digitales Hiperderecho junto con la Electronic Frontier Foundation, lanzaron hoy “¿Quién Defiende Tus Datos?”, un reporte que evalúa las prácticas de privacidad de las empresas de comunicación digital que los peruanos utilizan cada día.
The Peruvian digital rights organization, Hiperderecho, together with the Electronic Frontier Foundation, launched ¿Quién Defiende Tus Datos? (Who Defends Your Data?) today, a report that evaluates the privacy practices of digital communication companies that Peruvians use every day.
Europe is very close to the finishing line of an extraordinary project: the adoption of the new General Data Protection Regulation (GDPR), a single, comprehensive replacement for the 28 different laws that implement Europe's existing 1995 Data Protection Directive. More than any other instrument, the original Directive has created a high global standard for personal data protection, and led many other countries to follow Europe's approach. Over the years, Europe has grown ever more committed to the idea of data protection as a core value. In the Union's Charter of Fundamental Rights, legally binding on all the EU states since 2009, lists the “right to the protection of personal data” as a separate and equal right to privacy. The GDPR is intended to update and maintain that high standard of protection, while modernising and streamlining its enforcement.
We were out on the streets this week to march against the Trans-Pacific Partnership (TPP) agreement in the U.S. Capitol. We were there to demonstrate the beginning of a unified movement of diverse organizations calling on officials to review and reject the deal based on its substance, which we can finally read and dissect now that the final text is officially released.
We wrote earlier this month about the Consumer Review Freedom Act (S. 2044, H.R. 2110), a bill that would prohibit businesses from using form contracts to prevent their customers from sharing negative reviews of their products and services online, or using bogus copyright claims to censor reviews they don’t like. We also joined a group of peer organizations in signing a letter in support of the bill.
It is a truth universally acknowledged that a government, in the wake of a national security crisis—or hostage to the perceived threat of one—will pursue and in many cases enact legislation that is claimed to protect its citizens from danger, actual or otherwise. These security laws often include wide-ranging provisions that do anything but protect their citizens' rights or their safety. We have seen this happen time and time again, from the America's PATRIOT Act to Canada's C-51. The latest wave of statements by politicians after the Paris bombing implies we will see more of the same very soon.
Plenty of businesses rely on third-party payers: parents often pay for college; insurance companies pay most health care bills. Reaching out to potential third-party payers is hardly a new or revolutionary business practice. But someone should tell the Patent Office. Earlier this year, it issued US Patent No. 9,026,468 to Securus Technologies, a company that provides telephone services to prisoners. The patent covers a method of “proactively establishing a third-party payment account.” In other words, Securus patented the idea of finding someone to pay a bill.
Earlier this year it was revealed that Lenovo was shipping computers preloaded with software called Superfish, which installed its own HTTPS root certificate on affected computers. That in and of itself wouldn't be so bad, except Superfish's certificates all used the same private key. That meant all the affected computers were vulnerable to a “man in the middle” attack in which an attacker could use that private key to eavesdrop on users' encrypted connections to websites, and even impersonate other websites.
FCC will not seek to ban free software from wireless routers, according to a clarification it made earlier this month on a rulemaking related to radio devices. An earlier draft of the official proposal included a specific reference to device manufacturers restricting installation of the open-source project DD-WRT.
What if, in response to the terrorist attacks in Paris, or cybersecurity attacks on companies and government agencies, the FBI had come to the American people and said: In order to keep you safe, we need you to remove all the locks on your doors and windows and replace them with weaker ones. It's because, if you were a terrorist and we needed to get to your house, your locks might slow us down or block us entirely. So Americans, remove your locks! And American companies: stop making good locks!
We'd all reject this as a bad idea. We'd see that it would make us all vulnerable, not just to terrorists but to ordinary thieves and bad guys. We'd reject undermining our daily security in favor of a vague potential that in some cases, law enforcement would be guaranteed, quick, easy access to our homes. We'd say to the FBI: Stop right there. We need more security in the wake of these attacks, not less.
The NSA’s collection en masse of the call detail records of millions of ordinary Americans ended quietly at midnight November 29. The bulk collection was phased out after a 180-day transition period provided for in the USA FREEDOM Act. The USA FREEDOM Act was signed by President Obama on June 2, 2015, and amended section 215 of the USA PATRIOT Act, which the NSA had claimed gave it authority to collect the records, to specifically prohibit the bulk collection.
We wrote previously on what that means for the collection of records and how it affects our cases against the NSA.
The Prevention of Electronic Crimes Bill (PECB) has received harsh criticism inside and outside of Pakistan since its radical re-drafting in April of this year. A coalition of Pakistan’s leading online rights groups and businesses warned the current version, written with no input from legal experts or technologists, would “adversely impact the IT industry…. and [the] constitutional rights and safeguards guaranteed to citizens”. Human Rights Watch went further, saying it constitutes “clear and present danger to human rights”. But it took one of Pakistan’s leading legal experts on computer crime jurisprudence, Zahid Jamil, to call the bill “by far the worst piece of cybercrime legislation in the world.”
Deeplinks Topics
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- Innovation
- International
- Know Your Rights
- Privacy
- Trade Agreements and Digital Rights
- Security
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anonymity
- Anti-Counterfeiting Trade Agreement
- Biometrics
- Bloggers' Rights
- Broadcast Flag
- Broadcasting Treaty
- CALEA
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- CyberSLAPP
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA
- DMCA Rulemaking
- Do Not Track
- DRM
- E-Voting Rights
- EFF Europe
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- FTAA
- Genetic Information Privacy
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- ICANN
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- OECD
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- Patents
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Printers
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- RFID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student and Community Organizing
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- TRIPS
- Trusted Computing
- Video Games
- Wikileaks
- WIPO
- Transparency
- Uncategorized
eff.org/nsa-spying
