HTTP/2 302 server: nginx date: Thu, 16 Oct 2025 15:53:36 GMT content-type: text/plain; charset=utf-8 content-length: 0 x-archive-redirect-reason: found capture at 20160908220143 location: https://web.archive.org/web/20160908220143/https://www.eff.org/rss/updates.xml server-timing: captures_list;dur=1.066502, exclusion.robots;dur=0.037193, exclusion.robots.policy;dur=0.018265, esindex;dur=0.023320, cdx.remote;dur=66.809420, LoadShardBlock;dur=497.063998, PetaboxLoader3.datanode;dur=269.405119, PetaboxLoader3.resolve;dur=75.832065 x-app-server: wwwb-app222 x-ts: 302 x-tr: 625 server-timing: TR;dur=0,Tw;dur=993,Tc;dur=0 set-cookie: wb-p-SERVER=wwwb-app222; path=/ x-location: All x-rl: 0 x-na: 0 x-page-cache: MISS server-timing: MISS x-nid: DigitalOcean referrer-policy: no-referrer-when-downgrade permissions-policy: interest-cohort=() HTTP/2 200 server: nginx date: Thu, 16 Oct 2025 15:53:38 GMT content-type: application/rss+xml; charset=utf-8 content-length: 574782 x-archive-orig-server: nginx x-archive-orig-x-content-type-options: nosniff x-archive-orig-x-drupal-cache: HIT x-archive-orig-etag: "1473370976-1" x-archive-orig-access-control-allow-origin: * x-archive-orig-content-language: en x-archive-orig-x-frame-options: SAMEORIGIN x-archive-orig-cache-control: public, max-age=1800 x-archive-orig-last-modified: Thu, 08 Sep 2016 21:42:56 GMT x-archive-orig-expires: Sun, 19 Nov 1978 05:00:00 GMT x-archive-orig-via: 1.1 varnish x-archive-orig-strict-transport-security: max-age=31536000; includeSubdomains x-archive-orig-via: 1.1 varnish x-archive-orig-fastly-debug-digest: 3d61ca001d9b50f83350a5e4bac3449cb287e7bcda708604c4dbcc0dabbe3c18 x-archive-orig-content-length: 574782 x-archive-orig-accept-ranges: bytes x-archive-orig-date: Thu, 08 Sep 2016 22:01:43 GMT x-archive-orig-via: 1.1 varnish x-archive-orig-age: 194 x-archive-orig-connection: keep-alive x-archive-orig-x-served-by: cache-sjc3134-SJC, cache-ams4425-AMS x-archive-orig-x-cache: HIT, HIT x-archive-orig-x-cache-hits: 1, 1 x-archive-orig-vary: Cookie,Accept-Encoding cache-control: max-age=1800 x-archive-guessed-content-type: text/xml x-archive-guessed-charset: utf-8 memento-datetime: Thu, 08 Sep 2016 22:01:43 GMT link: ; rel="original", ; rel="timemap"; type="application/link-format", ; rel="timegate", ; rel="first memento"; datetime="Fri, 16 May 2008 15:16:35 GMT", ; rel="prev memento"; datetime="Mon, 05 Sep 2016 09:29:33 GMT", ; rel="memento"; datetime="Thu, 08 Sep 2016 22:01:43 GMT", ; rel="next memento"; datetime="Fri, 09 Sep 2016 18:32:03 GMT", ; rel="last memento"; datetime="Mon, 22 Sep 2025 21:50:57 GMT" content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org wwwb-events.archive.org x-archive-src: archiveteam_archivebot_go_falconk_www_eff_org_20160908/www.eff.org-inf-20160908-192557-24ozg-00000.warc.gz server-timing: captures_list;dur=0.677440, exclusion.robots;dur=0.025157, exclusion.robots.policy;dur=0.012789, esindex;dur=0.013128, cdx.remote;dur=10.673657, LoadShardBlock;dur=195.850883, PetaboxLoader3.datanode;dur=266.481098, load_resource;dur=379.879147, PetaboxLoader3.resolve;dur=202.852629 x-app-server: wwwb-app222 x-ts: 200 x-tr: 677 server-timing: TR;dur=0,Tw;dur=1174,Tc;dur=0 x-location: All x-rl: 0 x-na: 0 x-page-cache: MISS server-timing: MISS x-nid: DigitalOcean referrer-policy: no-referrer-when-downgrade permissions-policy: interest-cohort=() accept-ranges: bytes https://www.eff.org/rss/updates.xml EFF's Deeplinks Blog: Noteworthy news from around the internet en https://www.eff.org/press/releases/eff-court-industry-groups-bogus-copyright-case-will-block-public-access-written-laws <div class="field field-name-field-pr-subhead field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Monday Hearing in Lawsuit Against Public.Resource.Org</div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal"><span>Washington, D.C.—On Monday, September 12, Electronic Frontier Foundation (EFF) Legal Director Corynne McSherry will urge a federal court to</span><span><span> confirm that the public has a right to access and share the laws, regulations, and standards that govern us and cannot be blocked by overbroad copyright claims.</span></span></p> <p class="MsoNormal"></p> <p class="MsoNormal"><span>The court in Washington, D.C., is hearing arguments in two cases against EFF client <a target="_blank" href="https://public.resource.org/">Public.Resource.Org</a>, an open records advocacy website. In these <a target="_blank" href="https://www.eff.org/cases/publicresource-freeingthelaw">suits</a>, several industry groups claim they own copyrights on written standards for building safety and educational testing they helped develop,</span><span> and can<span> deny or limit public access to them even </span>after the standards have become part of the law. Standards like these that are legal requirements—such as the National Electrical Code—are available only in paper form in Washington, D.C., in expensive printed books, or through a paywall. By posting these documents online, </span><span><span>Public.Resource.Org seeks to make these legal requirements more available to the public that must abide by them. </span>The industry groups allege the postings infringe their copyright, even though the standards have been incorporated into government regulations and, therefore, must be free for anyone to view, share, and discuss. </span></p> <p class="MsoNormal"></p> <p class="MsoNormal"><span>McSherry and co-counsel Andrew Bridges at Fenwick &amp; West will argue at the hearing that <a target="_blank" href="https://www.eff.org/deeplinks/2016/01/no-one-owns-law-everyone-owns-law">our laws belong to all of us</a> and private organizations shouldn’t be allowed to abuse copyright to control who can read, excerpt, or share them. They will be assisted by EFF Senior Staff Attorney Mitch Stoltz and Fenwick &amp; West Associate Matthew Becker.</span></p> <p class="MsoNormal"></p> <p class="MsoNormal"><span>What:<br /> Hearing in <i>ASTM v. Public.Resource.org and AERA v. Public.Resource.org</i></span></p> <p class="MsoNormal"></p> <p class="MsoNormal"><i><s><span><span></span></span></s></i><span>Who:<br /> EFF Legal Director Corynne McSherry</span></p> <p class="MsoNormal"></p> <p class="MsoNormal"><span>When:<br /> Monday, September 12, 9:30 am</span></p> <p class="MsoNormal"></p> <p class="MsoNormal"><span>Where:<br /> Courtroom 2, 2^nd Floor<br /> U.S. District Court for the District of Columbia<br /></span><span><span>333 Constitution Ave. N.W.</span><br /> Washington, D.C. 20001</span></p> </div></div></div><div class="field field-name-field-contact field-type-node-reference field-label-above"><div class="field-label">Contact:&nbsp;</div><div class="field-items"><div class="field-item even"><div class="ds-1col node node-profile node-promoted view-mode-node_embed clearfix"> <div class=""> <div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Corynne</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">McSherry</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Legal Director</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:corynne@eff.org">corynne@eff.org</a></div></div></div> </div> </div> </div><div class="field-item odd"><div class="ds-1col node node-profile view-mode-node_embed clearfix"> <div class=""> <div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Mitch</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Stoltz</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Senior Staff Attorney</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:mitch@eff.org">mitch@eff.org</a></div></div></div> </div> </div> </div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%20to%20Court%3A%20Public%27s%20Right%20to%20Access%20the%20Law%20Should%20Not%20be%20Blocked%20by%20Bogus%20Copyright%20Case%20&amp;url=https%3A//www.eff.org/press/releases/eff-court-industry-groups-bogus-copyright-case-will-block-public-access-written-laws&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%20to%20Court%3A%20Public%27s%20Right%20to%20Access%20the%20Law%20Should%20Not%20be%20Blocked%20by%20Bogus%20Copyright%20Case%20&amp;u=https%3A//www.eff.org/press/releases/eff-court-industry-groups-bogus-copyright-case-will-block-public-access-written-laws" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/press/releases/eff-court-industry-groups-bogus-copyright-case-will-block-public-access-written-laws" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%20to%20Court%3A%20Public%27s%20Right%20to%20Access%20the%20Law%20Should%20Not%20be%20Blocked%20by%20Bogus%20Copyright%20Case%20&amp;url=https%3A//www.eff.org/press/releases/eff-court-industry-groups-bogus-copyright-case-will-block-public-access-written-laws" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Thu, 08 Sep 2016 16:31:14 +0000 Karen Gullo 92912 at https://www.eff.org https://www.eff.org/deeplinks/2016/09/must-watch-senator-ron-wyden-heads-senate-floor-today-oppose-mass-hacking <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>In a few hours, Senator Wyden will be going on the floor of the Senate to argue against <a href="https://www.eff.org/deeplinks/2016/04/rule-41-little-known-committee-proposes-grant-new-hacking-powers-government">updates to Rule 41 of the Federal Rules of Criminal Procedure</a>. </p> <p>You may have already heard of Rule 41: EFF and allied digital rights groups have been <a href="https://noglobalwarrants.org/">raising the alarm</a> about this extra-legislative rule change. In short, the pending updates would make it easier for the government to get a warrant to hack<a class="see-footnote" id="footnoteref1_59hrg2x" title="We are using the term “hacking&quot; here because it’s been accepted in the common vernacular. However, we recognize that there are many legitimate forms of security research and experimentation that also fit a larger definition of hacking. " href="#footnote1_59hrg2x">1</a> into computers. It would be easy for law enforcement agents to forum shop, finding the most sympathetic judges in the country to approve these vague and dangerous warrants.</p> <p>What do we mean by "hack into computers"? In this case, the term refers to a wide range of poorly-defined techniques such as deploying malware to search, copy, and transmit private files from private computers, breaking into secure systems and accounts, exploiting vulnerabilities in widely-used software to turn our devices into surveillance tools, and much more.</p> <p>Those who care most about privacy will be most impacted by these rule changes. Under the proposal—which goes into effect automatically on December 1—almost any district judge in the country could authorize law enforcement to remotely search or hack into the computers of people using privacy protective technology like Tor or a VPN.</p> <p>Senator Wyden is fighting back. His bill, the <a href="https://www.congress.gov/bill/114th-congress/house-bill/5321/text">Stopping Mass Hacking Act</a>, would stop these misguided rule changes from going into effect. This would give Congress time to carefully consider the issue of government hacking, ensure necessary safeguards for privacy and civil liberties, and hear from information security and tech policy experts before rushing to change our current process. </p> <p>Please <a href="https://www.senate.gov/floor/">tune in to watch Senator Wyden</a> at 1:15 PM Eastern/10:15 AM Pacific. You can also show your support by <a href="https://noglobalwarrants.org/">signing our petition</a>. </p> <ul class="footnotes"><li class="footnote" id="footnote1_59hrg2x"><a class="footnote-label" href="#footnoteref1_59hrg2x">1.</a> We are using the term “hacking" here because it’s been accepted in the common vernacular. However, we recognize that there are many legitimate forms of security research and experimentation that also fit a larger definition of hacking. </li> </ul></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Must%20Watch%3A%20Senator%20Ron%20Wyden%20Heads%20to%20the%20Senate%20Floor%20Today%20to%20Oppose%20Mass%20Hacking&amp;url=https%3A//www.eff.org/deeplinks/2016/09/must-watch-senator-ron-wyden-heads-senate-floor-today-oppose-mass-hacking&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Must%20Watch%3A%20Senator%20Ron%20Wyden%20Heads%20to%20the%20Senate%20Floor%20Today%20to%20Oppose%20Mass%20Hacking&amp;u=https%3A//www.eff.org/deeplinks/2016/09/must-watch-senator-ron-wyden-heads-senate-floor-today-oppose-mass-hacking" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/09/must-watch-senator-ron-wyden-heads-senate-floor-today-oppose-mass-hacking" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Must%20Watch%3A%20Senator%20Ron%20Wyden%20Heads%20to%20the%20Senate%20Floor%20Today%20to%20Oppose%20Mass%20Hacking&amp;url=https%3A//www.eff.org/deeplinks/2016/09/must-watch-senator-ron-wyden-heads-senate-floor-today-oppose-mass-hacking" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Thu, 08 Sep 2016 16:03:52 +0000 rainey Reitman 92906 at https://www.eff.org https://www.eff.org/deeplinks/2016/09/end-headphone-jacks-rise-drm <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>With the recent iPhone 7 announcement, Apple confirmed <a href="https://www.stereogum.com/1893065/no-control-thoughts-on-the-end-of-the-headphone-jack-and-the-future-of-digital-music/franchises/but-whos-buying/?platform=hootsuite">what had already been widely speculated</a>: that <a href="https://www.theverge.com/2016/9/7/12823596/apple-iphone-7-no-headphone-jack-lightning-earbuds">the new smartphone won’t have a traditional, analog headphone jack</a>. Instead, the only ways to connect the phone to an external headset or speaker will be via Bluetooth or through Apple’s proprietary Lightning port.</p> <p>Those tiny wireless earbuds aren’t the only thing that just became easier to lose. So did users’ freedoms.</p> <p>The reasons for Apple abandoning the analog jack may be innocuous. Apple is obsessed with simple, clean design, and this move lets the company remove one more piece of clutter from the phone’s body. It advertises that <a href="https://www.nytimes.com/2016/09/08/technology/apple-iphone.html">the move helps make the phone more water-resistant</a>. And certainly, many people prefer a wireless listening experience. But intentionally or not, by removing the analog port, Apple is giving itself more control than ever over what people can do with music or other audio content on an iPhone. It’s also opening the door to <a href="https://www.techdirt.com/articles/20160812/16502635229/why-apple-removing-audio-jack-iphone-would-be-very-very-very-bad-move.shtml">new pressures to take advantage of that power</a>.</p> <p>When you plug an audio cable into a smartphone, it just works. It doesn’t matter whether the headphones were made by the same manufacturer as the phone. It doesn’t even matter what you’re trying to <i>do</i> with the audio signal—it works whether the cable is going into a speaker, a mixing board, or a recording device.</p> <p>With the headphone jack gone, every other option is controlled by the iPhone’s software. With Bluetooth, the phone can distinguish between different types of devices and treat them differently. <a href="https://developer.apple.com/programs/mfi/">Apple can choose</a> which manufacturers get to create Lightning-compatible audio devices. As our colleague Cory Doctorow pointed out, big content companies could take advantage of that control:</p> <blockquote><p>Once Apple gets the ability to add DRM, the record industry gets the ability to insist that Apple use it ("A phaser on the mantelpiece in Act One must go off by Act 3" - Pavel Chekov, Star Trek: TOS). In 2007, Steve Jobs published his <a href="https://web.archive.org/web/20070207234839/https://www.apple.com/hotnews/thoughtsonmusic/">Thoughts on Music</a>, in which he said, basically, that the record industry had forced Apple to put DRM in its ecosystem and he didn't like it. The record industry is still made up of the same companies, and they still love DRM. Right now, an insistence on DRM would simply invite the people who wanted to bypass it for legal reasons to use that 3.5mm headphone jack to get at it. Once that jack is gone, there's no legal way to get around the DRM.</p></blockquote> <p>In other words, if it’s impossible to connect a speaker or other audio device to an iPhone without Apple software governing it, then it’s simple for Apple to place restrictions on what devices or functions are allowed. Because US law protects DRM technologies, it may be illegal to circumvent that restriction, even if you’re doing it for completely lawful purposes. Having created the possibility of restricting audio output to select devices, Apple will be under pressure to use it. TV and film producers insist on having the power to <a href="https://www.eff.org/deeplinks/2016/04/new-rules-pay-tv-set-top-boxes-are-about-innovation-and-competition-not-copyright">decide which devices can receive video</a>. Can we really believe they will leave audio alone if outputs become entirely digital?</p> <p>Besides, with only Apple earbuds currently supporting the Lightning audio connection, the only way to connect an iPhone 7 to a recording or mixing device will be over the <a href="https://www.theverge.com/circuitbreaker/2016/6/21/11991302/iphone-no-headphone-jack-user-hostile-stupid">suboptimal Bluetooth connection</a> or a dongle provided by Apple. Other developers must <a href="https://developer.apple.com/programs/mfi/">ask Apple for permission</a> to create and sell Lightning-compatible devices. It's possible that iOS or specific apps will be able to <a href="https://www.publicknowledge.org/news-blog/blogs/do-not-adjust-your-television-mpaa-controllin">disable the dongle</a>. Any device that requires the 3.5 mm jack—your cherished audiophile headphones from the 80s; the <a href="https://mosen.org/an-iphone-without-a-headphone-jack-the-accessibility-ramifications/">converter you rely on</a> to hear your phone on your hearing aids—just became less useful.</p> <p>Will Apple take advantage of its newfound power to restrict your listening experience? It’s hard to say—and <a href="https://www.buzzfeed.com/johnpaczkowski/inside-iphone-7-why-apple-killed-the-headphone-jack">the company itself has been adamant that it won’t</a>. But you shouldn’t have to depend on a manufacturer’s permission to use its hardware however you like. If Apple had kept the analog jack, then the iPhone would be less susceptible to content industries attempting to push the company to regulate product use. What you can do with your hardware should be determined by the limits of the technology itself, not its manufacturers’ policy decisions.</p> <p>One more thing. This story isn’t about just Apple; it’s about the <a href="https://www.eff.org/issues/dmca">Digital Millennium Copyright Act</a>’s protection for digital rights management (DRM) technologies. Section 1201 of the DMCA makes it illegal to bypass DRM or give others the means of doing so. <a href="https://www.eff.org/deeplinks/2016/07/research-and-remixes-law-wont-allow">Until that changes</a>, DRM lets technology manufacturers cast a cloud of legal uncertainty over common uses of their products. It’s a law that needs fixing.</p> </div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=The%20End%20of%20Headphone%20Jacks%2C%20the%20Rise%20of%20DRM&amp;url=https%3A//www.eff.org/deeplinks/2016/09/end-headphone-jacks-rise-drm&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=The%20End%20of%20Headphone%20Jacks%2C%20the%20Rise%20of%20DRM&amp;u=https%3A//www.eff.org/deeplinks/2016/09/end-headphone-jacks-rise-drm" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/09/end-headphone-jacks-rise-drm" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=The%20End%20of%20Headphone%20Jacks%2C%20the%20Rise%20of%20DRM&amp;url=https%3A//www.eff.org/deeplinks/2016/09/end-headphone-jacks-rise-drm" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Thu, 08 Sep 2016 14:28:48 +0000 Elliot Harmon 92908 at https://www.eff.org Commentary Fair Use and Intellectual Property: Defending the Balance DMCA Innovation Analog Hole DRM https://www.eff.org/deeplinks/2016/09/users-continue-rock-against-tpp-three-new-tour-dates <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>The <a href="https://www.rockagainstthetpp.org">Rock Against the TPP</a> concert tour continues to gather steam as it makes its way around the country, giving voice to users whose concerns about the <a href="https://www.eff.org/issues/tpp">Trans-Pacific Partnership</a> are being ignored. This Friday, the event will hit San Francisco, and there's still time for you to <a href="https://www.rockagainstthetpp.org/san-francisco-ca/">claim your free tickets</a>. Hip hop stars Dead Prez and punk legend Jello Biafra are headlining the event, joined by nine other acts in an event that will rock long into the night. EFF will also be there, as well as at a teach-in on the following day, to explain how the secretive deal will impact your digital rights.</p> <p>Watch some exciting footage from previous events in Seattle and Portland in the video below:</p> <div class='mytube' style='width:560px;'><div class='mytubetrigger' id='mytube1'><img width='560' height='315' class='mytubethumb' src='https://www.eff.org/sites/default/files/mytube/yt_9ugC4NG1Zoc.jpg' alt='mytubethumb' /><img src='https://www.eff.org/sites/all/modules/mytube/play.png' class='mytubeplay' alt='play' style='top:127.5px;left:250px;' /></div><!--mytubetrigger--><div class='mytubetext' id='mytubetext1'><a href="https://www.eff.org/deeplinks/2008/02/embedded-video-and-your-privacy">Privacy info.</a> This embed will serve content from <em><a rel="nofollow" href="https://www.youtube.com/embed/9ugC4NG1Zoc">youtube.com</a></em><br /></div></div><p> We are also delighted to announce three new tour dates around the country (and, for the first time, across the border!), leading all the way up to the post-election lame duck period in November, when the chances of the agreement being presented to Congress are highest. Each of these concerts will be free, open to all ages, and accessible to those with disabilities. The new dates are:</p> <ul><li><a href="https://act.openmedia.org/rocktpp/">September 16: Toronto, ON</a>, featuring Anti-Flag, Rebel Diaz, Evan Greer, Taina Asili, Test Their Logik, New Tradition, Mineta, and DJ Dynamic.</li> <li><a href="https://www.rockagainstthetpp.org/boston-ma/">October 7: Boston, MA</a>, featuring Mirah, Debo Band, Foundation Movement, Taina Asili, Bell's Roar, and Evan Greer.</li> <li>November 30: Washington, DC, with a line-up to be announced soon.</li> </ul><p>The artists and organizers of the Rock Against the TPP concerts come from a variety of political backgrounds and are concerned about a diversity of issues. One key issue that EFF and the other groups share is a concern about the <a href="https://www.eff.org/deeplinks/2015/04/leaked-tpp-investment-chapter-reveals-serious-threat-user-safeguards">investor-state dispute settlement (ISDS) provisions</a> that entitle foreign companies to sue the United States government over laws or regulations that hurt their business, even if those laws or regulations are in the broader public interest.</p> <p>Additionally, EFF has some more specific concerns, including but not limited to the <a href="https://www.eff.org/deeplinks/2015/07/tpp-copyright-trap-our-last-stand-against-undemocratic-international-agreements">extension of the term of copyright</a> in half of the TPP countries, rules that would prevent other countries from <a href="https://www.eff.org/deeplinks/2015/12/how-tpp-perpetuates-mistakes-dmca">improving their copyright safe harbor laws</a>, and criminal penalties for <a href="https://www.eff.org/deeplinks/2014/10/cyber-espionage-and-trade-agreements-ill-fitting-and-dangerous-combination">whistleblowers and journalists</a>. You won't hear much about these other shortcomings in the TPP from some of the <a href="https://www.eff.org/deeplinks/2015/07/big-tech-does-not-speak-internet">big tech companies</a>, because they managed to secure a single provision they were seeking that promotes the "cross-border transfer of information by electronic means." But that provision isn't particularly meaningful anyway (it only applies to companies, and would do nothing to stop government censorship), and isn't worth the cost of the agreement's more onerous and inflexible provisions, which would lock outdated elements of our law in stone and export them across the world.</p> <p>Although the TPP's fortunes may seem to be waning, President Obama has <a href="https://blogs.wsj.com/washwire/2016/09/07/anti-trade-uproar-aside-obama-says-hes-optimistic-on-pacific-rim-deal/">reiterated his intention</a> to push the deal through during the lame duck session of Congress which begins after the November presidential election. That's why it's important for us to keep this issue hot throughout the election season, ensuring that the undemocratic agreement doesn't stand a chance of slipping into law. You can help by attending the Rock Against the TPP concert nearest you and bringing your friends along with you. <a href="https://www.rockagainstthetpp.org">Grab your free ticket</a>, and we hope to see you there.</p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Users%20Continue%20to%20Rock%20Against%20the%20TPP%20With%20Three%20New%20Tour%20Dates&amp;url=https%3A//www.eff.org/deeplinks/2016/09/users-continue-rock-against-tpp-three-new-tour-dates&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Users%20Continue%20to%20Rock%20Against%20the%20TPP%20With%20Three%20New%20Tour%20Dates&amp;u=https%3A//www.eff.org/deeplinks/2016/09/users-continue-rock-against-tpp-three-new-tour-dates" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/09/users-continue-rock-against-tpp-three-new-tour-dates" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Users%20Continue%20to%20Rock%20Against%20the%20TPP%20With%20Three%20New%20Tour%20Dates&amp;url=https%3A//www.eff.org/deeplinks/2016/09/users-continue-rock-against-tpp-three-new-tour-dates" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Wed, 07 Sep 2016 21:38:13 +0000 Jeremy Malcolm 92895 at https://www.eff.org Commentary Trans-Pacific Partnership Agreement https://www.eff.org/press/releases/eff-court-government-must-inform-people-its-accessing-their-emails-personal-data <div class="field field-name-field-pr-subhead field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Ignoring Duty to Provide Notice When Invading Users’ Privacy Is Unconstitutional</div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal">Seattle, Washington—The Electronic Frontier Foundation (EFF) told a federal court today that the government is violating the U.S. Constitution when it fails to notify people that it has accessed or examined their private communications stored by Internet providers in the cloud.<span>  </span></p> <p class="MsoNormal"></p> <p class="MsoNormal">EFF is supporting Microsoft in its <a target="_blank" href="https://www.wsj.com/articles/microsoft-sues-justice-department-over-secret-customer-data-searches-1460649720">lawsuit</a> challenging portions of the Electronic Communications Privacy Act (ECPA) that allow the Department of Justice (DOJ) to serve a warrant on the company to get access to customers’ emails and other information stored on remote servers—all without telling users their data is being searched or seized. In a <a href="https://www.eff.org/document/microsoft-v-justice-department-amicus-brief">brief </a>filed in <i>Microsoft v. Department of Justice </i>in U.S. District Court in Seattle, EFF, joined by Access Now, New America’s Open Technology Institute, and legal scholar Jennifer Granick, said Fourth Amendment protections against unreasonable searches and seizures by the government apply to all of our information—no matter what the format or where it’s located.</p> <p class="MsoNormal"></p> <p class="MsoNormal"></p> <p class="MsoNormal">“Whether the government has a warrant to rifle through our mail, safety deposit boxes, or emails stored in the cloud, it must notify people about the searches,” said EFF Senior Staff Attorney Lee Tien. “When electronic searches are done in secret, we lose our right to challenge the legality of law enforcement invasions of privacy. The Fourth Amendment doesn’t allow that, and it’s time for the government to step up and respect the Constitution.”</p> <p class="MsoNormal">Microsoft sued DOJ earlier this year challenging <a target="_blank" href="https://www.eff.org/deeplinks/2012/12/deep-dive-updating-electronic-communications-privacy-act">ECPA</a> provisions enacted 30 years ago, long before the emergence of ubiquitous cloud computing that now plays a vital role in the storage of private communications. The government has used the transition to cloud computing as an opening to conduct secret electronic investigations by serving search warrants on Internet service providers seeking users’ emails, the lawsuit says. The government, which wants the case thrown out, doesn’t let account holders know their data is being accessed because of the unconstitutional ECPA provision, while service providers like Microsoft are gagged from telling customers about the searches.</p> <p class="MsoNormal"></p> <p class="MsoNormal"></p> <p class="MsoNormal">“When people kept personal letters in a desk drawer at home, they knew if that information was about to be searched because the police had to knock on their door and show a warrant,” said EFF Staff Attorney Sophia Cope. “The fact that today our private emails are kept on a server maintained by an Internet company doesn’t change the government’s obligations under the Fourth Amendment. The Constitution requires law enforcement to tell people they are the target of a search, which enables them to vindicate their rights and provides a free society with a crucial means of government accountability.”<span>  </span></p> <p class="MsoNormal"><span></span>EFF thanks Seattle attorney Venkat Balasubramani of FocalLaw P.C. for his assistance as local counsel.<span>  </span></p> <p class="MsoNormal">For the brief:<br /><a target="_blank" href="https://www.eff.org/document/microsoft-v-justice-department-amicus-brief">https://www.eff.org/document/microsoft-v-justice-department-amicus-brief</a></p> <p class="MsoNormal">About this case:<br /><a target="_blank" href="https://www.eff.org/cases/microsoft-v-department-justice">https://www.eff.org/cases/microsoft-v-department-justice</a></p> <p class="MsoNormal"> </p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-contact field-type-node-reference field-label-above"><div class="field-label">Contact:&nbsp;</div><div class="field-items"><div class="field-item even"><div class="ds-1col node node-profile node-promoted view-mode-node_embed clearfix"> <div class=""> <div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Lee</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Tien</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Senior Staff Attorney and Adams Chair for Internet Rights</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:lee@eff.org">lee@eff.org</a></div></div></div> </div> </div> </div><div class="field-item odd"><div class="ds-1col node node-profile view-mode-node_embed clearfix"> <div class=""> <div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Sophia</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Cope</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Staff Attorney</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:sophia@eff.org">sophia@eff.org</a></div></div></div> </div> </div> </div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%20to%20Court%3A%20Government%20Must%20Inform%20People%20That%20It%E2%80%99s%20Accessing%20Their%20Emails%2C%20Personal%20Data%20&amp;url=https%3A//www.eff.org/press/releases/eff-court-government-must-inform-people-its-accessing-their-emails-personal-data&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%20to%20Court%3A%20Government%20Must%20Inform%20People%20That%20It%E2%80%99s%20Accessing%20Their%20Emails%2C%20Personal%20Data%20&amp;u=https%3A//www.eff.org/press/releases/eff-court-government-must-inform-people-its-accessing-their-emails-personal-data" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/press/releases/eff-court-government-must-inform-people-its-accessing-their-emails-personal-data" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%20to%20Court%3A%20Government%20Must%20Inform%20People%20That%20It%E2%80%99s%20Accessing%20Their%20Emails%2C%20Personal%20Data%20&amp;url=https%3A//www.eff.org/press/releases/eff-court-government-must-inform-people-its-accessing-their-emails-personal-data" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 02 Sep 2016 22:40:22 +0000 Karen Gullo 92875 at https://www.eff.org https://www.eff.org/deeplinks/2016/08/6-questions-effs-new-researcher-gennie-gebhart <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p></p><center><img src="/files/styles/large/public/2016/08/30/gebhart_headshot.jpg" height="343" width="250" /></center> <p>EFF is pleased to welcome researcher <a href="https://www.eff.org/about/staff/gennie-gebhart">Gennie Gebhart</a>, the newest member of the activism team. Gennie will be working to defend your right to privacy and security online.</p> <p>Gennie has a Master’s degree in Library and Information Science from the University of Washington. She’s published research on Internet censorship, zero rating, and access to knowledge. While at UW, she co-founded the university’s Open Access Initiative.</p> <p>I caught up with Gennie to ask her a few questions about her past work and what she’ll be bringing to EFF.</p> <p><b>What are you most excited about working on here?</b></p> <p>I’m excited to bring my social science research background into EFF’s advocacy work. With EFF behind it, that kind of research has the potential for broad readership and immediate impact—every researcher’s dream!</p> <p><b>You've been a part of the open access movement for a long time. Why is open access important?</b></p> <p>Open access is so important because closed access is so entrenched. We are up against hundreds of years of a publisher-centric, pay-to-play system that suddenly no longer makes sense when we transfer it from a primarily paper world to a primarily digital one. That tension between openness and restrictions is so interesting to me, both in open access and in other areas of digital rights work. As we make content and processes and information in general more and more open, it inevitably brings up more questions about where and how we need to think about privacy and security in new ways.</p> <p><b>What role do librarians play in the digital rights movement?</b></p> <p>Historically, I see libraries as the traditional institutional protector of privacy—that’s why I went into the field. For so many user groups—particularly homeless, youth, or unemployed communities that rely on public libraries—librarians are among the last lines of defense against surveillance. In that way, fighting for the user is at the core of librarianship, and it’s at the core of what I hope to do with EFF, too.</p> <p><b>What did you learn from your research on <a href="https://www.policyforum.net/consolidating-control-in-cyberspace/">Internet censorship in Thailand</a>? What surprised you?</b></p> <p>Our key insight was really a confirmation of a broader pattern in censorship work: you can’t address state censorship problems without also addressing freedom of expression and surveillance. Users don’t just need to <i>access</i> information safely—they also need to be able to <i>use</i> and create and engage with that information without fear of state interception or punishment. But the technology that we put under the “censorship circumvention” umbrella often stops at giving users technical access, and does not address the much more complicated problem of how to combat self-censorship and all the psychosocial tactics repressive states can use to stem the free flow of information.</p> <p>A broader takeaway for me was that when it comes to censorship circumvention tools, there can be surprisingly little overlap between the problems computer science research is trying to solve and the problems that real users face on the ground. What users need—simple, easy-to-find, flexible tools—is not what the research community tends to promote—more complicated, technically novel, one-size-fits-all approaches.</p> <p><b>What's your favorite t-shirt you own?</b></p> <p>Without a doubt, the <a href="https://www.redbubble.com/people/pierre45/works/11354056-guerilla-open-access?p=t-shirt">Open Access jolly roger</a>.</p> <p><b>Any funny CouchSurfing stories?</b></p> <p>Too many to count. My favorite is from the first time I ever CouchSurfed. I was moving to Rome on Christmas Eve, and I wanted nothing more than to find a real Italian family Christmas dinner. I was pretty nervous about the prospect of staying with strangers from the Internet, so I just booked a hostel for myself and put out a request for someone to just host me for a meal. Through several twists and turns, though, I ended up driving three hours to Naples straight from the airport with then-Internet-stranger-now-friend Stefano, crashing not one but two Italian family Christmas dinners, and staying with Stefano and his friends for two weeks. Since then, I’ve jumped into CouchSurfing and never looked back.</p> <p>I have “surfed” far more than I have “hosted” on CouchSurfing over the past few years, so now that I am getting settled in San Francisco I am hoping to host more and finally balance out my CouchSurfing karma.</p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=6%20Questions%20for%20EFF%27s%20New%20Researcher%20Gennie%20Gebhart&amp;url=https%3A//www.eff.org/deeplinks/2016/08/6-questions-effs-new-researcher-gennie-gebhart&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=6%20Questions%20for%20EFF%27s%20New%20Researcher%20Gennie%20Gebhart&amp;u=https%3A//www.eff.org/deeplinks/2016/08/6-questions-effs-new-researcher-gennie-gebhart" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/6-questions-effs-new-researcher-gennie-gebhart" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=6%20Questions%20for%20EFF%27s%20New%20Researcher%20Gennie%20Gebhart&amp;url=https%3A//www.eff.org/deeplinks/2016/08/6-questions-effs-new-researcher-gennie-gebhart" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 02 Sep 2016 18:33:45 +0000 Elliot Harmon 92818 at https://www.eff.org Announcement https://www.eff.org/deeplinks/2016/09/shadow-brokers-publish-powerful-nsa-spy-tools-demonstrating-flaws-nsas-approach <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><h2 class="MsoNormal">The Vulnerabilities Equities Process in Unaccountable, Secretive, and Nonbinding</h2> <p class="MsoNormal">A group calling itself the Shadow Brokers recently <a href="https://www.washingtonpost.com/news/the-switch/wp/2016/08/17/nsa-hacking-tools-were-leaked-online-heres-what-you-need-to-know/">released</a> powerful surveillance tools publicly on the Web and promises to publish more dangerous tools for the price of one million bitcoin – or to whomever makes the best offer, if they can’t get to a million.<a class="see-footnote" id="footnoteref1_zr2ea8q" title="The Shadow Brokers aren’t making much progress of getting their 1 million bitcoin, but you can watch their progress. Look for the rickrolling Easter Egg in the transaction IDs." href="#footnote1_zr2ea8q">1</a><a href="#_ftn1" name="_ftnref1" title="" id="_ftnref1"></a></p> <p></p> <p class="MsoNormal">The Intercept has <a href="https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/">confirmed</a> that at least one of the surveillance tools released online is “covered with the NSA’s virtual fingerprints,” making it all but certain that this tool and the others released by the Shadow Brokers came from within the agency. The SECONDDATE program, which the Intercept analyzed and compared to information in an NSA manual provided to them by whistleblower Edward Snowden, is designed to redirect a target’s browser to an NSA controlled server which then infects the target computer with malware.</p> <p class="MsoNormal">The hacking tools in question rely on zero day vulnerabilities, i.e. vulnerabilities in software that the vendor doesn’t know about and has had “zero days” to fix. In particular, the tools were exploiting zero day vulnerabilities in <a href="https://blogs.cisco.com/security/shadow-brokers">Cisco</a> and <a href="https://fortiguard.com/advisory/FG-IR-16-023">Fortinet</a> firewalls.</p> <p class="MsoNormal">We don’t know how these sophisticated surveillance tools got out. Shadow Brokers —which some <a href="https://cybersecpolitics.blogspot.com/2016/08/why-eqgrp-leak-is-russia.html">speculate</a> is working for or on behalf of the Russian government—claim to have broken into the NSA (or rather, into Equation Group, an offensive hacking group within the NSA). Shadow Brokers <a href="https://web.archive.org/web/20160815190445/https://theshadowbrokers.tumblr.com">wrote</a>:</p> <blockquote><p class="MsoNormal">We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons.</p> </blockquote> <p class="MsoNormal">That’s one possibility. Others, like <a href="https://www.reuters.com/article/us-intelligence-nsa-commentary-idUSKCN10X01P">James Bamford</a>, have speculated that the tools may have come from an internal leak, an employee or contractor at NSA who decided to take the tools. Edward Snowden, who knows a bit about this sort of thing, <a href="https://twitter.com/Snowden/status/765513662597623808">suggests</a> that this leak may be at least in part the result of NSA agents failing to clean up old servers.</p> <p class="MsoNormal">Lots of people want to speculate on how this leak could have happened and on whether there are more powerful hacking tools that will go public soon. But that’s missing the bigger question: is it time to create a real process that could, in some circumstances, force the NSA to disclose security flaws to American companies, so vulnerable systems can get patched?</p> <p class="MsoNormal">The United States government has been using offensive hacking techniques for decades, but there’s been remarkably little public debate on the matter, either in Congress or the media. And it’s no wonder: for the most part, the NSA’s digital attacks are shrouded in secrecy, and only a handful of attacks ever see the light of day. </p> <p class="MsoNormal">The federal government says that it does <a href="https://web.archive.org/web/20160316074258/https://www.nsa.gov/public_info/news_information/2015/ncsam/discovering_solving_sharing_it_solutions.shtml">tend</a> to disclose software vulnerabilities, but the process now is so shrouded in secrecy that there’s no way for investigative journalists or the public to verify that assertion. But even Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, has <a href="https://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities">acknowledged</a> that, "Building up a huge stockpile of undisclosed vulnerabilities while leaving the Internet vulnerable and the American people unprotected would not be in our national security interest."</p> <p class="MsoNormal">The Equation Group hack underscores the fact that the NSA is not a perfect fortress. A future leak like the Shadow Brokers’ could lead to even more harmful security vulnerabilities being made public. Or perhaps disclosure won’t happen publicly online: powerful nation-states may hack into NSA systems to steal this information–or offer significant financial compensation to insiders willing to pass on secrets–and then use it secretly. Even if that doesn’t happen, without public data on the so-called rate of “bug collision”, <a class="see-footnote" id="footnoteref2_a2cbf0r" title="When exploits found and used by one party, e.g. the NSA, are discovered by others, e.g. China, they’re said to &quot;collide.&quot;" href="#footnote2_a2cbf0r">2</a> we have to take the NSA’s word that the security vulnerabilities it uncovers will never be discovered by an unfriendly government and used for spying, or by criminals and used for malicious hacking.</p> <p class="MsoNormal">Ari Schwartz, the former White House National Security Council Senior Director for Cybersecurity, <a href="https://fedscoop.com/ari-schwartz-shadow-brokers-incident-nsa-vep">told FedScoop</a> that he expected another incident of software vulnerabilities leaking online in the "near future." He also indicated that there was another route: "It would be better to have vulnerabilities shared with vendors directly from the U.S. government rather than having them leak out from other sources attributed to the U.S. government."</p> <p class="MsoNormal"> The current—nonbinding—process for assessing whether a given security vulnerability should be disclosed is known as the Vulnerabilities Equities Process, some details of which <a href="https://www.eff.org/cases/eff-v-nsa-odni-vulnerabilities-foia/">EFF has obtained through a FOIA suit</a>. The government is supposed to follow this process to decide whether to tell tech companies about their security flaws, or hang onto the knowledge and try to exploit the flaws in the future. But the current process is broken: even <a href="https://www.lawfareblog.com/everything-you-know-about-vulnerability-equities-process-wrong">strong NSA proponents admit as much</a>. There is no reporting requirement that would allow the American public to know what percentage of the vulnerabilities discovered are sent on to the software vendors, and no way for us to know whether high profile security vulnerabilities ever go through this process. Even Congress is kept largely in the dark.</p> <p class="MsoNormal">We are <i>not</i> saying that the U.S. government shouldn’t ever keep and use security vulnerabilities for intelligence purposes, or that the U.S. government shouldn’t purchase zero day exploits. These can and have been powerful tools for our intelligence agencies to safeguard our country. But like any intelligence tool, transparency and strong accountability are necessary to prevent abuse and unintended consequences. And when it comes to security vulnerabilities, it’s impossible to tell whether the NSA is going too far because they’ve gone to great lengths to block public and Congressional oversight of this matter.</p> <p class="MsoNormal">Whenever the NSA decides to exploit a security vulnerability instead of disclosing it to the software vendor, it’s making a bet that another nation-state or malicious hacking group like the Shadow Brokers won’t also find it. With the currently available data, the public has no way of analyzing whether that’s a good bet. Even worse, the NSA isn’t just wagering their own money in this high stakes poker game: they’re betting with the computer security of hundreds of millions of computer users.</p> <p class="MsoNormal">The Equation Group leak should be a wake up call to decision makers that we need to publicly debate the issue of government hacking, and that should start with a Congressional hearing that includes testimony from cybersecurity experts and civil society. Unless civil society and the information security community speak up now, we run the risk that these decisions will be made without our input. It’s time to roll up our sleeves and get to work.</p> <ul class="footnotes"><li class="footnote" id="footnote1_zr2ea8q"><a class="footnote-label" href="#footnoteref1_zr2ea8q">1.</a> The Shadow Brokers aren’t making much progress of getting their 1 million bitcoin, but you can <a href="https://blockchain.info/address/19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK?offset=50&amp;filter=0">watch their progress</a>. Look for the rickrolling Easter Egg in the transaction IDs.</li> <li class="footnote" id="footnote2_a2cbf0r"><a class="footnote-label" href="#footnoteref2_a2cbf0r">2.</a> When exploits found and used by one party, e.g. the NSA, are discovered by others, e.g. China, they’re said to "collide."</li> </ul><script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/eff-v-nsa-odni-vulnerabilities-foia">EFF v. NSA, ODNI - Vulnerabilities FOIA </a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=The%20Shadow%20Brokers%20Publish%20NSA%20Spy%20Tools%2C%20Demonstrating%20Possible%20Flaws%20in%20the%20NSA%E2%80%99s%20Approach%20to%20Security%20Vulnerabilities&amp;url=https%3A//www.eff.org/deeplinks/2016/09/shadow-brokers-publish-powerful-nsa-spy-tools-demonstrating-flaws-nsas-approach&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=The%20Shadow%20Brokers%20Publish%20NSA%20Spy%20Tools%2C%20Demonstrating%20Possible%20Flaws%20in%20the%20NSA%E2%80%99s%20Approach%20to%20Security%20Vulnerabilities&amp;u=https%3A//www.eff.org/deeplinks/2016/09/shadow-brokers-publish-powerful-nsa-spy-tools-demonstrating-flaws-nsas-approach" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/09/shadow-brokers-publish-powerful-nsa-spy-tools-demonstrating-flaws-nsas-approach" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=The%20Shadow%20Brokers%20Publish%20NSA%20Spy%20Tools%2C%20Demonstrating%20Possible%20Flaws%20in%20the%20NSA%E2%80%99s%20Approach%20to%20Security%20Vulnerabilities&amp;url=https%3A//www.eff.org/deeplinks/2016/09/shadow-brokers-publish-powerful-nsa-spy-tools-demonstrating-flaws-nsas-approach" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 02 Sep 2016 18:09:51 +0000 rainey Reitman 92862 at https://www.eff.org Commentary Security Government Hacking and Subversion of Digital Security https://www.eff.org/deeplinks/2016/08/how-keep-your-whatsapp-data-whatsapp <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><span>WhatsApp’s plans to share user information—including phone numbers, contact lists, and usage data—with parent company Facebook threaten users’ privacy and control over their data. We describe details of this data sharing arrangement and the new privacy policy that makes </span><span>it</span><span> possible in </span><a href="https://www.eff.org/deeplinks/2016/08/what-facebook-and-whatsapps-data-sharing-plans-really-mean-user-privacy-0"><span>a previous bl</span><span>og post</span></a><span><span>. </span></span></p> <p><b>Existing Wh</b><b><span>atsApp users have until September 25 to </span></b><b><span>click through this update and </span></b><b><span>agree or not agree to </span></b><b><span>Facebook using their WhatsApp data to suggest friends and serve ads</span></b><b><span>. </span></b><span>Unfortunately, WhatsApp’s </span><span>UI</span><span> does not offer clear information about what the new privacy policy </span><span>will change</span><span>, and buries </span><span>mechanisms for opting out</span><span>. We urge WhatsApp to make available settings and options more obvious to users. Until then, see below for steps to </span><span>change your account settings and keep your WhatsApp data on WhatsApp. </span></p> <ol><li> <p><span>When you open WhatsApp on your phone, you will see this update screen. Click “Read more…” on the bottom.</span></p> <p></p><center><img src="/files/styles/large/public/2016/08/31/1.png?itok=gLwI9_e3" alt="" class="image-large" height="480" width="270" /></center></li> <li> <p><span>This takes you to more information about the new privacy policy. At the bottom of the screen, <b>uncheck</b> the box for “Share my WhatsApp information with Facebook…”<br /></span></p> <p></p><center><img src="/files/styles/large/public/2016/08/31/2.png?itok=_mpdhKr-" alt="" class="image-large" height="480" width="270" /></center></li> <li> <p><span>Once you uncheck the box, you will see this pop-up box confirming that your account information <i>won’t </i>be used on Facebook.<br /></span></p> <p></p><center><img src="/files/styles/large/public/2016/08/31/3.png?itok=Ds_yESIx" alt="" class="image-large" height="480" width="270" /></center></li> <li> <p><span>Now that your screen looks like this, click “Agree.” This will direct you back to your normal WhatsApp homepage.<br /></span></p> <p></p><center><img src="/files/styles/large/public/2016/08/31/4.png?itok=fl_at8h7" alt="" class="image-large" height="480" width="270" /></center></li> </ol><p><span>If you already agreed to the new privacy policy and would like to undo it, you have 30 additional days after you clicked “Agree” to change your settings to “Don’t share” once and for all.</span></p> <ol><li> <p><span>Use the three dots in the upper right of your screen to navigate to “Settings” and click “Account.”<br /></span></p> <p></p><center><img src="/files/styles/large/public/2016/08/31/5.png?itok=lVnuO0vM" alt="" class="image-large" height="480" width="270" /><p></p></center></li> <li> <p><span><span>Toggle “Share my account info” to the left. A grey pop-up box will ask if you are sure you don’t want WhatsApp to share your data with Facebook. Tap “Don’t share.”<br /></span></span></p> <p></p><center><img src="/files/styles/large/public/2016/08/31/6.png?itok=NjO_WFjB" alt="" class="image-large" height="480" width="270" /></center></li> <li> <p><span><span>Your screen should look like this, with “Share my account info” greyed out. </span><span>You can click the arrow in the top left to get back to your settings and then to your normal WhatsApp homepage.<br /></span></span></p> <p></p><center><img src="/files/styles/large/public/2016/08/31/7.png?itok=BiWlo0_J" alt="" class="image-large" height="480" width="270" /></center></li> </ol><p><span><span>Note</span><span> that your WhatsApp information will still be passed to Facebook </span><a href="https://www.whatsapp.com/faq/general/26000016"><span><span>for </span></span></a><a href="https://www.whatsapp.com/faq/general/26000016"><span><span>other</span></span></a><a href="https://www.whatsapp.com/faq/general/26000016"><span><span> purposes</span></span></a><span> </span><span>such as</span> “improving infrastructure and delivery systems, understanding how [Facebook and WhatsApp] services...are used, securing systems, and fighting spam, abuse, or infringement activities." Changing your settings does ensure, however, that Facebook will not use your WhatsApp data to suggest friends or serve ads.</span></p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=How%20to%20Change%20Your%20WhatsApp%20Settings%20Before%20Facebook%20Data%20Sharing%20Begins&amp;url=https%3A//www.eff.org/deeplinks/2016/08/how-keep-your-whatsapp-data-whatsapp&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=How%20to%20Change%20Your%20WhatsApp%20Settings%20Before%20Facebook%20Data%20Sharing%20Begins&amp;u=https%3A//www.eff.org/deeplinks/2016/08/how-keep-your-whatsapp-data-whatsapp" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/how-keep-your-whatsapp-data-whatsapp" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=How%20to%20Change%20Your%20WhatsApp%20Settings%20Before%20Facebook%20Data%20Sharing%20Begins&amp;url=https%3A//www.eff.org/deeplinks/2016/08/how-keep-your-whatsapp-data-whatsapp" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Wed, 31 Aug 2016 22:43:50 +0000 Gennie Gebhart 92824 at https://www.eff.org Commentary Privacy Social Networks https://www.eff.org/deeplinks/2016/08/what-facebook-and-whatsapps-data-sharing-plans-really-mean-user-privacy-0 <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="western">WhatsApp is establishing data-sharing practices that signal a significant shift in its attitude toward privacy—though you wouldn’t know it from the privacy policy update that popped up on users’ screens last week. The new policy lays the groundwork for alarming data sharing between WhatsApp and its parent company Facebook. The update screen that users see, however, mentions only benign new features like WhatsApp calling, and requires a user to click a “Read more” link to see any mention of how the data sharing arrangement will work for users. Where WhatsApp could have offered users up-front information and choices, the UI as it stands buries critical details and options. If WhatsApp wants to merge user data with Facebook, it should give users opportunities to make choices about their privacy—starting with a clearer, more informative UI.</p> <h3 class="western"><b>Broader data sharing</b></h3> <p class="western">While WhatsApp previously passed no user information to its parent company Facebook or vice versa, the new privacy policy allows WhatsApp to directly integrate some user data with the social network. WhatsApp’s update describes this as “improving your Facebook ads and products experiences.” The impact on users and their privacy, however, goes much further.</p> <p class="western">If you use both WhatsApp and Facebook, this change will give Facebook access to several pieces of your WhatsApp information, including your WhatsApp phone number, contact list, and usage d<span>ata (e.g. when you last used WhatsApp, what device you used it on, and what OS you ran it on). </span><span>With confusing wording, the update correctly points out that your phone number and messages will not be shared </span><i><span>onto</span></i><span><span> Facebook. </span></span><span><span>This</span></span><span> </span><span>means</span><span> </span><span>that your</span><span> data </span><span>will </span><span>not</span><span> be shared publicly on </span><span>your Facebook page or anywhere else on</span><span> Facebook’s platform. </span><span>Instead, it will be shared </span><i><span>with</span></i><span><span> Facebook—that is,</span></span><span> </span><span>Facebook systems and the “Facebook family of companies.” While WhatsApp’s privacy-friendly end-to-end encryption remains, and the company ensures users i</span>t will <span>not</span> share their data directly with advertisers, this nevertheless presents a clear threat to users’ control of how their WhatsApp data is shared and used.</p> <p class="western">In its first <a href="https://www.whatsapp.com/legal/?l=en">privacy policy </a><a href="https://www.whatsapp.com/legal/?l=en">c</a><a href="https://www.whatsapp.com/legal/?l=en">hange</a> since 2012, WhatsApp offers some motivations behind the shift, including detecting fraud and spam, getting a better count of unique users between the two platforms, and enabling “business-to-consumer” communication in the form of appointment reminders, flight updates, receipts, and other commercial notifications typically sent via SMS or email.</p> <p class="western">Most critically for user privacy, however, sharing this kind of metadata also gives Facebook an enhanced view of users’ online communication activities, affiliations, and habits, and runs the risk of <span>making private WhatsApp contacts into more public Facebook connections</span>. With this new data, for example, Facebook will be able to suggest WhatsApp contacts as Facebook friends. Facebook can also use the data to show “more relevant” ads. In an <a href="https://blog.whatsapp.com/10000627/Looking-ahead-for-WhatsApp">announcement accompanying the privacy policy update</a>, WhatsApp offers the example of “an ad from a company you already work with, rather than one from someone you’ve never heard of”—a frightening prospect considering the data coordination and sharing required for Facebook to know <a href="https://www.eff.org/deeplinks/2012/09/deep-dive-facebook-and-datalogix-whats-actually-getting-shared-and-how-you-can-opt">the companies with whom you do business</a>.</p> <h3 class="western"><b>Law enforcement policy lags behind</b></h3> <p class="western">Despite these expanded uses for WhatsApp data, WhatsApp’s law enforcement policies have not changed along with its privacy policy. In particular, WhatsApp has still not committed to providing advance notice to users about law enforcement and government requests for user data. Providing notice is an industry-wide best practice, and we have noted WhatsApp’s <a href="https://www.eff.org/who-has-your-back-government-data-requests-2015#whatsapp-report">failure to meet it</a><span> </span>in the past.</p> <p class="western">With tech companies often acting as the sole gatekeepers between user data and law enforcement, transparency from tech companies regarding data requests is often the only way to give users a chance to get a lawyer, fight overly broad subpoenas, and understand when and why their data is being accessed. Knowing that a certain company is committed to giving users notice could even make law enforcement stop and think twice about unnecessarily broad requests. If WhatsApp is going to move forward with more direct data sharing with private companies, it also needs to make this long overdue commitment regarding public authorities.</p> <h3 class="western"><b>Permanent changes and bigger questions</b></h3> <p class="western">Until September 25, existing WhatsApp users can change their settings to prevent Facebook from suggesting friends or serving ads based on WhatsApp data. We offer a step-by-step guide <a href="https://www.eff.org/deeplinks/2016/08/how-keep-your-whatsapp-data-whatsapp">here</a><span>. </span></p> <p class="western"><span>After</span> that however, new accounts will <i>not</i> have the option to refuse these expanded uses of their data. Instead, the only option available to new users will be whether to join WhatsApp at all under the new privacy policy and all of the data sharing it entails.</p> <p class="western"></p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=What%20Facebook%20and%20WhatsApp%E2%80%99s%20Data%20Sharing%20Plans%20Really%20Mean%20for%20User%20Privacy&amp;url=https%3A//www.eff.org/deeplinks/2016/08/what-facebook-and-whatsapps-data-sharing-plans-really-mean-user-privacy-0&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=What%20Facebook%20and%20WhatsApp%E2%80%99s%20Data%20Sharing%20Plans%20Really%20Mean%20for%20User%20Privacy&amp;u=https%3A//www.eff.org/deeplinks/2016/08/what-facebook-and-whatsapps-data-sharing-plans-really-mean-user-privacy-0" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/what-facebook-and-whatsapps-data-sharing-plans-really-mean-user-privacy-0" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=What%20Facebook%20and%20WhatsApp%E2%80%99s%20Data%20Sharing%20Plans%20Really%20Mean%20for%20User%20Privacy&amp;url=https%3A//www.eff.org/deeplinks/2016/08/what-facebook-and-whatsapps-data-sharing-plans-really-mean-user-privacy-0" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Wed, 31 Aug 2016 22:34:23 +0000 Gennie Gebhart 92822 at https://www.eff.org Commentary Privacy Social Networks https://www.eff.org/deeplinks/2016/08/unambitious-european-copyright-plans-offer-little-users <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>In our <a href="https://www.eff.org/deeplinks/2016/08/european-copyright-leak-exposes-plans-force-internet-subsidize-publishers">previous piece</a> about a leaked European impact assessment on copyright, we described how the foreshadowed changes to European copyright law would place onerous new responsibilities on Internet platforms to scan your uploaded content on behalf of large entertainment companies. We also described how the changes would give news publishers a new, copyright-like veto power over the publications of snippets of text from news stories, even if these are merely by way of linking to the publisher's website.</p> <p>Since then, there has been a further leak; this time, of the <a href="https://www.politico.eu/wp-content/uploads/2016/08/Directive.pdf">draft text of the Directive</a>—that is, the new law—that the European Commission proposes to introduce to enact its plans. The new leak is mostly consistent with the impact assessment, but with a little more detail. In particular, we learn that the new veto power (or "link tax") for news publishers over the online publication of snippets would last for 20 years from the date of publication of the news story.</p> <p>Although the elements of the new law that we highlighted in our previous post remain the headlines, there's lots more to the Commission's plans than this. Here we run down some of the other proposed changes, including new rules to facilitate access to television broadcasts online, new copyright exceptions for education, data mining, and archival, and new measures to broaden access to out of commerce works. All of these things sound good on the surface—but they come with some annoying limitations, as we'll see.</p> <h3>Broadcasting: No Digital Single Market for Video on Demand</h3> <p>Unlike in the United States where a work has a single copyright nationwide, in the European Union, copyright in the work exists separately in each of its 28 member states. This means that if a publisher or broadcaster wants to make a work available across Europe, it may need to negotiate 28 separate agreements with the copyright owner's various national representatives. In the case of broadcasting, this has been mitigated somewhat by a rule which said that if you are broadcasting from one country and the signal remains under your control up until the point where it is received in another country, you only need to license the material once, in its so-called "country of origin". There's also a separate but related rule which applies to retransmissions of broadcast streams by third parties—these too are allowed across European borders, subject to payment of a single statutory license fee that takes care of payments to copyright holders.</p> <p>The problem is that these rules don't apply to broadcasts across the Internet, and they don't apply to "video on demand" services. The European Commission's proposed solution is to extend the "country of origin" rule to Internet broadcasts including catch-up TV, allowing the original broadcaster to make their broadcasts available in other European countries across the Internet. It is also proposed to extend the statutory license to third party Internet broadcasters, so that they too can legally stream continuous broadcast TV to other European countries across the Internet.</p> <p>But this isn't a complete solution, for two reasons. First, the Internet's borders don't stop at Europe, and this proposal does nothing to make European television broadcasts available elsewhere in the world. Second, outside of an original broadcaster's own catch-up TV service, these measures don't allow third party providers such as Netflix to stream content on-demand across Europe. To achieve that, the Commission merely suggests hosting a "stakeholders' dialogue", along with a mechanism to overcome negotiation roadblocks, which is a fancy way of saying that they're not going to do anything much at all. As such, audiovisual content isn't likely to become any simpler to license for use online than it is now, which certainly doesn't <a href="https://www.eff.org/deeplinks/2015/03/achieve-european-digital-single-market-users-must-be-heard">fulfill promises</a> of a digital single market for audiovisual content.</p> <h3>Copyright Exceptions and Licensing: No Fair Use</h3> <p>In the <a href="https://www.eff.org/deeplinks/2015/01/progressive-visions-future-copyright-europe">report that MEP Julia Reda drafted</a> for the European Parliament last year, she suggested that Europe could do with new, standardized copyright exceptions covering topics such as freedom of panorama (the freedom to photograph public buildings and monuments), education and research, and e-book lending by libraries, as well as a general "fair use" style right for other purposes not caught by a more specific exception.</p> <p>Well, the European Commission is having none of that. Instead, the only copyright exceptions proposed are for uses of text and data mining technologies by scientific research organizations, illustration for teaching in the online environment (including by distance education), and for the preservation (but not digital dissemination) of cultural heritage by libraries and archives. The exception covering illustration for teaching is even narrower than the others, because it can be limited where licensing is available; in other words, European countries that make illustration materials available to educators under a statutory or collective licensing scheme can simply opt out of the exception altogether.</p> <p>The Commission is also proposing to make it easier for libraries and archives to digitize and disseminate out of commerce works, which are works that protected by copyright but which aren't commercially available. This isn't in the form of a copyright exception however, but rather some form of extended collective licensing, whereby license fees for the use of out of commerce works are paid to a collecting society, which would notionally be responsible for distributing that money to the author. Notably, there is no separate treatment for orphan works, which are works that are not only out of commerce, but whose author is also unknown or uncontactable. License fees must still be collected for all such works, even if there is no serious prospect of the author ever benefiting from them.</p> <h3>Fair Remuneration to Authors</h3> <p>Although most of the provisions in the new draft Directive are for the benefit of large publishing and entertainment companies, there is one new measure which would directly benefit authors. This would require firstly that "authors and performers receive on a regular basis… timely, adequate and sufficient information on the exploitation of their works and performances from those to whom they have licensed or transferred their rights". Secondly, in cases where the remuneration that authors or performers receive from a publisher in exchange for their copyright "is disproportionately low compared to the subsequent revenues and benefits derived" from it, the Directive would allow them to claim additional payments from the publisher, with disputes to be settled by an alternative dispute resolution mechanism. The provision is clearly geared at preventing the exploitation of artists, particularly those in the early part of their careers, who may see little of the profits earned from the subsequent success of their work. However whether this kind of after-the-fact rewriting of their contracts with publishers is the best way to protect them from exploitation remains to be seen.</p> <p>The only aspect of the European Commission's proposals that can be described as in any way ambitious are its worst parts; the link tax for the benefit of news publishers, and the new obligations on Internet platforms to monitor user uploaded content on behalf of copyright owners. All of the other ways in which European copyright law falls short of the expectations of consumers in the digital age are ignored: these include the lack of a broad and adaptable "fair use' right, the prevalent use of geoblocking to inhibit users from accessing licensed content across borders, and the imposition of unfair copyright levies in "exchange" for the right to make personal copies. (EDRi has a more complete list of <a href="https://edri.org/copyfails/">Europe's copyright fails</a>.)</p> <p>Far from confronting the real problems of copyright in Europe, the draft Directive would actually create new problems, including new barriers for small and start-up user content platforms, and for those who use or disseminate online news. EFF will soon be joining like-minded colleagues in Europe to speak out against this unbalanced copyright reform, and send it back to the drawing board. Keep reading Deeplinks to find out how you can help.</p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Latest%20Leak%20Confirms%20European%20Copyright%20Plans%20Offer%20Little%20for%20Users&amp;url=https%3A//www.eff.org/deeplinks/2016/08/unambitious-european-copyright-plans-offer-little-users&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Latest%20Leak%20Confirms%20European%20Copyright%20Plans%20Offer%20Little%20for%20Users&amp;u=https%3A//www.eff.org/deeplinks/2016/08/unambitious-european-copyright-plans-offer-little-users" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/unambitious-european-copyright-plans-offer-little-users" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Latest%20Leak%20Confirms%20European%20Copyright%20Plans%20Offer%20Little%20for%20Users&amp;url=https%3A//www.eff.org/deeplinks/2016/08/unambitious-european-copyright-plans-offer-little-users" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Wed, 31 Aug 2016 22:20:52 +0000 Jeremy Malcolm 92794 at https://www.eff.org Commentary Fair Use and Intellectual Property: Defending the Balance International https://www.eff.org/deeplinks/2016/08/stupid-patent-month-elsevier-patents-online-peer-review <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><img src="/files/2014/07/30/stupid-patent-square-2.jpg" alt="" class="image-right" height="205" width="205" />On August 30, 2016, the Patent Office issued <a href="https://www.eff.org/document/us-patent-no-9430468">U.S. Patent No. 9,430,468</a>, titled; “Online peer review and method.” The owner of this patent is none other than Elsevier, the giant academic publisher. When it first applied for the patent, Elsevier sought very broad claims that could have covered a wide range of online peer review. Fortunately, by the time the patent actually issued, its claims had been narrowed significantly. So, as a practical matter, the patent will be difficult to enforce. But we still think the patent is stupid, invalid, and an indictment of the system.</p> <p>Before discussing the patent, it is worth considering why Elsevier might want a government granted monopoly on methods of peer review. Elsevier owns <a href="https://www.economist.com/node/21545974">more than 2000 academic journals</a>. It charges <a href="https://infospace.ischool.syr.edu/2012/05/29/academic-journals-are-too-expensive-for-harvard-elsevier-is-mega-greedy-and-why-this-stinks-for-future-librarians/">huge fees</a> and sometimes imposes bundling requirements whereby universities that want certain high profile journals must buy a package including other publications. <a href="https://news.stanford.edu/news/2004/february25/minutes-225.html">Universities</a>, <a href="https://libraries.mit.edu/scholarly/mit-open-access/open-access-at-mit/mit-open-access-policy/publishers-and-the-mit-faculty-open-access-policy/elsevier-fact-sheet/">libraries</a>, and <a href="https://en.wikipedia.org/wiki/The_Cost_of_Knowledge">researchers</a> are increasingly questioning whether this model makes sense. After all, universities usually pay the salaries of both the researchers that write the papers and of the referees who conduct peer review. Elsevier’s business model <a href="https://twitter.com/xor/status/552456370629672960">has been compared</a> to a restaurant where the customers bring the ingredients, do all the cooking, and then get hit with a $10,000 bill.</p> <p>The rise in wariness of Elsevier’s business model correlates with the rise in popularity and acceptance of open access publishing. <a href="https://roarmap.eprints.org/view/country/840.html">Dozens of universities have adopted open access policies</a> mandating or recommending that researchers make their papers available to the public, either by publishing them in open access journals or by archiving them after publication in institutional repositories. In 2013, President Obama mandated that federally funded research be made available to the public no later than a year after publication, and it’s likely that <a href="https://www.eff.org/deeplinks/2016/03/tell-congress-its-time-move-fastr">Congress will lock that policy into law</a>.</p> <p>Facing an evolving landscape, Elsevier has sought other ways to reinforce its control of publishing. The company has tried to stop researchers from <a href="https://www.eff.org/deeplinks/2014/01/open-access-fight-big-publishers-are-biggest-hurdle">sharing their own papers in institutional repositories</a>, and entered an endless legal battle with <a href="https://www.eff.org/deeplinks/2015/12/what-if-elsevier-and-researchers-quit-playing-hide-and-seek">rogue repositories Sci-Hub and LibGen</a>. Again and again, when confronted with the changing face of academic publishing, Elsevier resorts to takedowns and litigation rather than reevaluating or modernizing its business model.</p> <p>Elsevier <a href="https://www.nature.com/news/social-sciences-preprint-server-snapped-up-by-publishing-giant-elsevier-1.19932">recently acquired SSRN</a>, the beloved preprints repository for the social sciences and humanities. There are <a href="https://svpow.com/2016/07/18/elsevier-has-started-destroying-ssrn/">early signs</a> that it will be a poor steward of SSRN. Together, the SSRN acquisition and this month’s stupid patent present a <a href="https://twitter.com/bc_butler/status/770659927618625536">troubling vision of Elsevier’s new strategy</a>: if you can’t control the content anymore, then assert control over the infrastructures of scholarly publishing itself.</p> <p>Elsevier filed its <a href="https://www.eff.org/document/original-specification-drawings-and-claims-us-pantent-no-9430468">patent application</a> on June 28, 2012. The description of the invention is lengthy, but is essentially a description of the process of peer review, but on a computer. For example, it includes a detailed discussion of setting up user accounts, requiring new users to pass a CAPTCHA test, checking to see if the new user’s email address is already associated with an account, receiving submissions, reviewing submissions, sending submissions back for corrections, etc, etc, etc.</p> <p><img src="/files/2016/08/31/figure_5.png" alt="" height="360" align="middle" width="555" /></p> <p>The patent departs slightly from typical peer review in its discussion of what it calls a “waterfall process.” This is “the transfer of submitted articles from one journal to another journal.” In other words, authors who are rejected by one journal are given an opportunity to immediately submit somewhere else. The text of the patent suggests that Elsevier believed that this waterfall process was its novel contribution. But the waterfall idea <b><i>was not new</i></b> in 2012. The process had been written about since <a href="https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2633330/">at least 2009</a> and is often referred to as “<a href="https://scholarlykitchen.sspnet.org/2010/10/12/cascading-peer-review-future-of-open-access/">cascading review</a>.”</p> <p>The patent examiner rejected Elsevier’s application three times. But, taking advantage of the patent system’s <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=462404">unlimited do-overs</a>, Elsevier amended its <a href="https://trollingeffects.org/faq#t57n253">claims</a> by adding new limitations and narrowing the scope of its patent. Eventually, the examiner granted the application. The issued claims include many steps. Some of these steps, like “receive an author-submitted article,” would be quite hard to avoid. Others are less essential. For example, the claims require automatically comparing a submission to previously published articles and using that data to recommend a particular journal as the best place to send the submission. So it would be an exaggeration to suggest the patent locks up <i>all </i>online peer review.</p> <p>We hope that Elsevier will not be aggressive in its own interpretation of the patent’s scope. Unfortunately, its early statements suggest it does take an expansive view of the patent. For example, an Elsevier representative <a href="https://twitter.com/TomReller/status/771004401406345217">tweeted</a>: "There is no need for concern regarding the patent. It’s simply meant to protect our own proprietary waterfall system from being copied." But the waterfall system, aka cascading peer review, was known years before Elsevier filed its patent application. It cannot claim to own that process.</p> <p>Ultimately, even though the patent was narrowed, it is still a very bad patent. It is similar to Amazon’s <a href="https://arstechnica.com/tech-policy/2014/06/how-amazon-got-a-patent-on-white-background-photography/">patent on white-background photography</a> where narrowed but still obvious claims were allowed. Further, Elsevier’s patent would face a significant challenge under <a href="https://www.eff.org/deeplinks/2016/06/happy-birthday-alice-two-years-busting-bad-software-patents"><i>Alice v CLS Bank</i></a>, where the Supreme Court ruled that abstract ideas do not become eligible for a patent simply because they are implemented on a generic computer. To our dismay, the Patent Office did not even raise <i>Alice v CLS Bank </i>even though that case was handed down more than two years before this patent issued<i>. </i>Elsevier’s patent is another illustration of why we still need fundamental patent reform.</p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Stupid%20Patent%20of%20the%20Month%3A%20Elsevier%20Patents%20Online%20Peer%20Review&amp;url=https%3A//www.eff.org/deeplinks/2016/08/stupid-patent-month-elsevier-patents-online-peer-review&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Stupid%20Patent%20of%20the%20Month%3A%20Elsevier%20Patents%20Online%20Peer%20Review&amp;u=https%3A//www.eff.org/deeplinks/2016/08/stupid-patent-month-elsevier-patents-online-peer-review" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/stupid-patent-month-elsevier-patents-online-peer-review" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Stupid%20Patent%20of%20the%20Month%3A%20Elsevier%20Patents%20Online%20Peer%20Review&amp;url=https%3A//www.eff.org/deeplinks/2016/08/stupid-patent-month-elsevier-patents-online-peer-review" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Wed, 31 Aug 2016 19:15:46 +0000 Daniel Nazer and Elliot Harmon 92809 at https://www.eff.org Patents Stupid Patent of the Month Open Access https://www.eff.org/deeplinks/2016/08/do-over-please-eff-and-aclu-ask-ninth-circuit-revisit-two-dangerous-cfaa-rulings <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Imagine being convicted of a crime for logging into a friend's social media account with their permission? Or for logging into your spouse’s bank account to pay a bill, even though a pop-up banner appeared stating that only account holders were permitted to access the system? The Ninth Circuit Court of Appeals last month issued two decisions—by two different 3-judge panels in two separate cases—which seem to turn such actions into federal crimes. We teamed up with the <a href="https://www.aclu.org/">ACLU</a> and <a href="https://www.aclunc.org/">ACLU of Northern California</a> to ask the court to review <a href="https://www.eff.org/document/facebook-v-power-ventures-eff-aclu-amicus-brief">both</a> <a href="https://www.eff.org/document/us-v-nosal-eff-aclu-amicus-brief">decisions</a><i> en banc</i>—with 11 judges, not just 3—and issue a ruling that will ensure innocent Internet users are not transformed into criminals on the basis of innocuous password sharing. We want the court to come up with a clear and limited interpretation of the notoriously vague statute at the heart of both cases, the <a href="https://www.eff.org/issues/cfaa">Computer Fraud and Abuse Act</a> (CFAA).</p> <p>The CFAA makes it illegal to engage in “unauthorized access” to a computer connected to the Internet. But the statute doesn’t actually define what “authorization” or “without authorization” means. Both cases turn on what “authorized access” means, including whether authorization must come from the person or entity that owns the computer or whether authorization can come from an authorized account holder or computer user. These questions are key for anyone who shares online account passwords with their spouse or friends, because they impact the analysis of whether the CFAA was violated. Unfortunately, the two Ninth Circuit panels came to dramatically different conclusions. And in both cases, the panels completely lost sight of the original goal of the CFAA—targeting individuals who break into computer systems to access or alter information—and are thus inconsistent with prior Ninth Circuit decisions holding that the CFAA must be limited to the purpose intended by Congress. </p> <p>The <a href="https://www.eff.org/deeplinks/2016/07/ever-use-someone-elses-password-go-jail-says-ninth-circuit">first decision</a>, in a criminal case called <a href="https://www.eff.org/cases/u-s-v-nosal"><i>United States v. Nosal</i></a><i>, </i>was so broad that it seemed to make it a federal crime to use someone else’s password, <i>even with </i>their knowledge and permission. The case addressed whether David Nosal, a former employee of executive recruiting firm Korn/Ferry, violated the CFAA when other Korn/Ferry ex-employees, on Nosal’s behalf, used the password of a current employee, with her permission, to access an internal company database. This occurred after the company had expressly revoked Nosal’s own login credentials to prevent him from accessing the database. The 3-judge Ninth Circuit panel held that the CFAA is clear that “authorization” can <i>only</i> come from a computer owner (such as an employer or website owner), not a computer user or account holder. According to the panel, Nosal was guilty of violating the CFAA because the authorization he had from the current employee simply didn’t count. (Note: We call this case <i>Nosal II</i> to differentiate it from an <a href="https://www.eff.org/files/filenode/nosal_en_banc.pdf">earlier ruling</a> in this long-running case.)</p> <p>In the <a href="https://www.eff.org/deeplinks/2016/07/ninth-circuit-panel-backs-away-dangerous-password-sharing-decision-creates-even">second decision</a>, in a civil case called <a href="https://www.eff.org/cases/facebook-v-power-ventures"><i>Facebook v. Power Ventures</i></a>, a separate 3-judge Ninth Circuit panel acknowledged that a computer user <i>can</i> provide a third party—here, it was a social medial aggregator—with valid authorization to use their username and password, even if doing so was in violation of company policy. But, according to the panel, if the third party is <i>somehow</i> put on notice that the computer owner has revoked its authorization, then it’s a CFAA violation.</p> <p>The case involved Facebook users who sought out the services of Power Ventures, a social media aggregator that offered the users a way to view all their social media information in one place. To enable Power Ventures to provide its services, the Facebook users shared with the company their Facebook usernames and passwords. Power Ventures then asked for and received permission from the users to send invitations to use Power to the users’ Facebook contacts. Facebook objected to this and sent Power Ventures a cease and desist letter. It also blocked one of Power Venture’s IP addresses, although the block wasn’t effective because Power Ventures had many IP addresses. The company continued to offer its social media aggregating services to Facebook users for a month or so, until Facebook blacklisted the phrase “Power.com.” Facebook also sued.</p> <p>The Ninth Circuit found that Power Ventures <i>initially</i> had valid authorization from the Facebook users, but that Power Ventures violated the CFAA when it accessed Facebook’s data <i>after</i> receiving the cease and desist letter. The court reasoned that the letter had provided the company with notice that Facebook had “revoked its authorization” to access the users’ accounts. The problem is that the panel completely fails to define what adequate notice of revocation looks like, leaving us with a host of <a href="https://www.eff.org/deeplinks/2016/07/ninth-circuit-panel-backs-away-dangerous-password-sharing-decision-creates-even">unanswered questions</a> regarding what would give rise to <a href="https://www.eff.org/document/eff-cfaa-penalty-chart">serious federal criminal liability</a>. The panel seems to be <a href="https://www.washingtonpost.com/news/volokh-conspiracy/wp/2016/07/12/9th-circuit-its-a-federal-crime-to-visit-a-website-after-being-told-not-to-visit-it/">drawing a line</a> between access revocations contained within a subsequent notice and restrictions contained within terms of use or other up-front agreements—and in our view, that’s a distinction without a difference.</p> <p>We've asked the court to review both cases <i>en banc</i> and fix the mess created by these two decisions<i>. </i>In our <a href="https://www.eff.org/document/facebook-v-power-ventures-eff-aclu-amicus-brief">amicus</a> <a href="https://www.eff.org/document/us-v-nosal-eff-aclu-amicus-brief">briefs</a>, we explain how the two panel decisions conflict with not only each other, but also with prior Ninth Circuit decisions holding that the CFAA must be limited to the purpose intended by Congress: targeting those who break into computers to access or alter information. We explain how both panels failed to apply the important rule requiring vague criminal statutes to be interpreted narrowly, called the <a href="https://definitions.uslegal.com/r/rule-of-lenity/">Rule of Lenity</a>. And we explain how the decisions will turn millions of innocent Internet users into criminals on the basis of routine online behavior—<i>i.e</i>., password sharing.</p> <p>We hope the court takes both important cases <i>en banc</i>.</p> <p>Thanks to the <a href="https://www.aclu.org/">ACLU</a> and <a href="https://www.aclunc.org/">ACLU of Northern California</a> for joining our brief.</p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/u-s-v-nosal">United States v. David Nosal</a></div><div class="field-item odd"><a href="/cases/facebook-v-power-ventures">Facebook v. Power Ventures</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Do%20Over%2C%20Please%3A%20EFF%20and%20ACLU%20Ask%20Ninth%20Circuit%20to%20Revisit%20Two%20Dangerous%20CFAA%20Rulings&amp;url=https%3A//www.eff.org/deeplinks/2016/08/do-over-please-eff-and-aclu-ask-ninth-circuit-revisit-two-dangerous-cfaa-rulings&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Do%20Over%2C%20Please%3A%20EFF%20and%20ACLU%20Ask%20Ninth%20Circuit%20to%20Revisit%20Two%20Dangerous%20CFAA%20Rulings&amp;u=https%3A//www.eff.org/deeplinks/2016/08/do-over-please-eff-and-aclu-ask-ninth-circuit-revisit-two-dangerous-cfaa-rulings" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/do-over-please-eff-and-aclu-ask-ninth-circuit-revisit-two-dangerous-cfaa-rulings" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Do%20Over%2C%20Please%3A%20EFF%20and%20ACLU%20Ask%20Ninth%20Circuit%20to%20Revisit%20Two%20Dangerous%20CFAA%20Rulings&amp;url=https%3A//www.eff.org/deeplinks/2016/08/do-over-please-eff-and-aclu-ask-ninth-circuit-revisit-two-dangerous-cfaa-rulings" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Mon, 29 Aug 2016 20:55:46 +0000 Jamie Williams 92782 at https://www.eff.org Computer Fraud And Abuse Act Reform https://www.eff.org/deeplinks/2016/08/transparency-advocates-collect-more-400-database-catalogs <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>A team of over 40 transparency activists aimed their browsers at California this past weekend, collecting more than 400 database catalogs from local government agencies, as required under a new state law. Together, participants in the California Database Hunt shined light on thousands upon thousands of government record systems.</p> <p><a href="https://leginfo.legislature.ca.gov/faces/billCompareClient.xhtml?bill_id=201520160SB272">California S.B. 272</a> requires every local government body, with the exception of educational agencies, to post inventories of their "enterprise systems," essentially every database that holds records on members of the public or is used as a primary source of information. These database catalogs were required to be posted online (at least by agencies with websites) by July 1, 2016.</p> <p>EFF, the <a href="https://www.datafoundation.org/">Data Foundation</a>, the <a href="https://sunlightfoundation.com/">Sunlight Foundation</a>, and <a href="https://www.levelzeroinc.com/">Level Zero</a>, combined forces to host volunteers in San Francisco, Washington, D.C., and remotely. More than 40 volunteers scoured as many local agency websites as we could in four hours—cities, counties, regional transportation agencies, water districts, etc. Here are the rough numbers: </p> <p><strong>680 </strong>- The number of unique agencies that supporters searched</p> <p><strong>970 </strong>- The number of searches conducted (Note: agencies found on the first pass not to have catalogs were searched a second time) </p> <p><strong>430</strong> - Number of agencies with database catalogs online </p> <p><strong>250</strong> - Number of agencies without database catalogs online, as verified by two people</p> <p><em>Download a spreadsheet of local government database catalogs: <a href="https://www.eff.org/files/2016/09/06/ca_sb_272_database_catalogs_-_updated_9-6-16.xls">Excel</a>/<a href="https://www.eff.org/files/2016/09/06/ca_sb_272_database_catalogs_-_updated_9-6-16.txt">TSV </a></em></p> <p><em>Download a spreadsheet of cities and counties where we did not find S.B. 272 catalogs: <a href="https://www.eff.org/files/2016/09/06/cadb_hunt_without_catalog_updated_9-6-16.xls">Excel</a>/<a href="https://www.eff.org/files/2016/09/06/cadb_hunt_without_catalog_updated_9-6-16.txt">TSV</a></em></p> <p><em>Updated 8-29-2016: City of Santa Monica's database catalog was added to the list. </em></p> <p><em>Updated 8-31-2016: The link to the County of San Mateo's data catalog incorrectly went to the San Mateo Local Agency Formation Commission's data catalog. We have corrected this by inserting the correct link for San Mateo County and adding a new line for SMLAFCO. </em></p> <p><em>Updated 9-6-2016: The City of Chico's data inventory has been added to the list. </em></p> <p>Please note that for each of the cities and counties identified as not posting database catalogs, at least two volunteers searched for the catalogs and could not find them. It is possible that those agencies do in fact have S.B. 272-compliant catalogs posted somewhere, but not in what we would call a "prominent location," as required by the new law. If you represent an agency that would like its database catalog listed, please send an email to dm@eff.org. </p> <p>We owe a debt of gratitude to the dozens of volunteers who sacrificed their Saturday afternoons to help make local government in California a little less opaque. Check out this <a href="https://www.facebook.com/eff/photos/a.406154656945.190921.97703891945/10153626393191946/?type=3&amp;theater" target="_blank">360-degree photo of our San Francisco team</a> on Facebook. </p> <p>In the coming days and weeks, we plan to analyze and share the data further. Stay tuned, and if you find anything interesting perusing these database catalogs, please drop us a line at dm@eff.org. </p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Transparency%20Hunters%20Capture%20More%20than%20400%20California%20Database%20Catalogs%20&amp;url=https%3A//www.eff.org/deeplinks/2016/08/transparency-advocates-collect-more-400-database-catalogs&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Transparency%20Hunters%20Capture%20More%20than%20400%20California%20Database%20Catalogs%20&amp;u=https%3A//www.eff.org/deeplinks/2016/08/transparency-advocates-collect-more-400-database-catalogs" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/transparency-advocates-collect-more-400-database-catalogs" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Transparency%20Hunters%20Capture%20More%20than%20400%20California%20Database%20Catalogs%20&amp;url=https%3A//www.eff.org/deeplinks/2016/08/transparency-advocates-collect-more-400-database-catalogs" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Mon, 29 Aug 2016 19:38:07 +0000 Dave Maass 92771 at https://www.eff.org Transparency https://www.eff.org/deeplinks/2016/08/european-copyright-leak-exposes-plans-force-internet-subsidize-publishers <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>A <a href="https://statewatch.org/news/2016/aug/eu-com-copyright-draft.pdf">just-leaked draft impact assessment</a> on the modernization of European copyright rules could spell the end for many online services in Europe as we know them. The document's recommendations foreshadow new a EU Directive on copyright to be introduced later this year, that will ultimately bind each of the European Union's 28 member states. If these recommendations by the European Commission are put in place, Europe's Internet will never be the same, and these impacts are likely to reverberate around the world.</p> <p>The 182-page document identifies three general objectives—ensuring wider access to content, adapting copyright exceptions to the digital and cross-border environment, and achieving a well-functioning marketplace for copyright. In this initial article we examine the recommendations that fall under the third of these three objectives, which are amongst the most alarming proposals, including new obligations on Internet platforms, and new copyright-like powers for news publishers.</p> <p>More specifically, this article will look at two of the proposals for what the Commission calls “upstream” problems, or difficulties faced by copyright owners in extracting value from the use of content online. We'll deal with other parts of the document in later posts.</p> <h3>“Sharing of Value” Proposal Exposes Rightsholder Greed</h3> <p>The assumption that copyright owners <i>should</i> be entitled to share in any value created by online platforms is never really examined by the Commission. The theory is that because online platforms are doing rather well in the digital environment, and because traditional publishing industries are doing less well, this gives the publishers some kind of claim to share in the profits of the platforms. It's a questionable starting point, and as we'll see, the recommendations that flow from it are ill-considered and harmful.</p> <p>The first of the two problems that copyright owners supposedly face in extracting such value is that there is a large amount of user-generated content uploaded by users to sharing platforms, and that European law does not place an obligation on platforms to proactively police this content for possible copyright infringement, but instead relies on the latter to identify that the material has been uploaded without authorization and to request its removal. That existing law strikes a reasonable balance, similar to Section 512 of the Digital Millennium Copyright Act in the U.S.</p> <p>Major entertainment companies characterize this as a problem because it means that copyright owners have less ability to ask online platforms to pay licensing fees for their content. In the case of user-generated content platforms (think YouTube and Soundcloud), the platform can simply offer to remove a copyright-owner's content rather than paying for it—or, in practice, to voluntarily offer a compromise such as <a href="https://www.eff.org/fr/deeplinks/2016/02/content-id-and-rise-machines">YouTube's Content ID</a> that automatically scans uploaded content and shares ad revenues for content identified as the copyright owner's.</p> <p>As for platforms that offer access to their own library of content (think Netflix and Spotify), rightsholders contend that they may be willing to pay less in order to remain competitive with the user-generated content platforms. In either case, major copyright holders contend that platforms should be paying them more for the content that the platforms make available online.</p> <p>The European Commission's proposed solution, however, is worse than the supposed problem. The Commission is proposing that user-generated content platforms should be forced to seek, in good faith, to conclude private agreements with copyright owners and to put in place “appropriate and proportionate content identification technologies”. In short, the use of something like YouTube's Content ID system is being made compulsory.</p> <p>This is a treacherous idea for many reasons, but just to give two:<br /><img src="https://www.eff.org/files/issues/shadow.jpg" alt="Shadow Regulation" align="right" height="130" width="260" /></p> <ul><li>Automated systems, no matter how technically sophisticated, can never replace human judgment about whether user generated content infringes copyright. This is because copyright exceptions that exist in the United States (such as fair use) and in various forms across Europe (such as quotation, parody, and news reporting), mean that not every act of copying is an infringement. As a result, Content ID-type systems will inevitably misflag content, and wrongly allow a copyright claimant to monetize it or take it down.</li> <li>Content ID-type systems are extremely expensive. YouTube reportedly <a href="https://drive.google.com/file/d/0BwxyRPFduTN2cl91LXJ0YjlYSjA/view">spent $60 million</a> on the development of Content ID, but even if a new entrant would have to spend a small fraction of that on a similar system, that would still be an insurmountable obstacle to the majority of small and medium enterprises, and to non-profit organizations and users ranging from Wikipedia, all the way down to your brother who hosts a fanart messageboard on a desktop PC in his bedroom.</li> </ul><p>More broadly, this kind of insidious regime of private agreements pushed by government is the kind of cop-out from good lawmaking that EFF calls “Shadow Regulation”; a concept that we'll be introducing in more depth in subsequent Deeplinks posts, where we will give some other examples of the same. But in short, such agreements can embody the worst of all possible approaches, by combining the coercion of government regulation, with the lack of accountability of corporate self-regulation.</p> <h3>A Link Tax in Favor of News Publishers</h3> <p>The European Commission doesn't stop there, but also has a similarly ham-fisted proposal to address the declining revenues of news publishers from their print publications, which leaves them with fewer resources to continue to invest in journalism.</p> <p><img src="/files/styles/medium/public/2016/04/07/screen_shot_2016-03-08_at_1.22.02_pm.png?itok=kK6D_jxZ" alt="Copyright Creep" class="image-medium" align="left" height="220" width="163" />We have previously agreed that <a href="https://www.eff.org/deeplinks/2016/04/stop-copyright-creep-new-restrictions-are-not-answer-challenges-digital-publishing">this is a real problem</a>. But where the Commission errs is to pin responsibility for this problem on the reuse of news content by Web platforms under exceptions to copyright; and it compounds this error by seeking to limit their use of such copyright exceptions going forward.</p> <p>The Commission's proposal is to award publishers a new copyright-like veto power, layered on top of the copyright that already exists in the published content, allowing them to prevent the online reuse of news content <i>even when a copyright exception applies</i>. This veto power may last for as little as one year, or as many as 50—the Commission leaves this open for now.</p> <p>This kind of veto power has been described as a <a href="https://savethelink.org/eu">link tax</a>—notwithstanding the Commission's protestations that it isn't one—because when the publisher controls even the use of small snippets of news text surrounding a hyperlink to the original article, it essentially amounts to a tax on that link. The result, as seen in Spain, will be the <a href="https://www.eff.org/deeplinks/2014/12/google-news-shuts-shop-spain-thanks-ancillary-copyright-law">closure of online news portals</a>, and a <a href="https://www.eff.org/deeplinks/2016/06/reject-europes-plans-tax-links-and-platforms">reduction in traffic to news publishers</a>.</p> <p>A new wrinkle on this link tax proposal is that the Commission also proposes that publishers who have received a transfer of copyright from authors should also be entitled to collect revenue from whatever copyright levies member states may impose to “compensate” authors for use of their content under copyright exceptions. The notion that “compensation” is needed for users exercising their rights under copyright is a thoroughly perverse one, as we have <a href="https://www.eff.org/deeplinks/2014/05/towards-evidence-based-copyright-and-patent-policymaking-oecd">previously explained</a>. This addition to the link tax proposal is a gift to copyright collecting societies that will further increase the cost and complexity of lawfully reusing content.</p> <h3>What Happens Now?</h3> <p>The impact assessment is not yet a draft law, but it is a crystal clear indication from the European Commission about the content of the law that is is proposing to develop as a draft for approval by the other European institutions, namely the European Parliament, and the Council of the European Union. Users will have further opportunities for input into the proposals when they reach that stage.</p> <p>But we'll have the best chance of stopping these misguided proposals if European officials are alerted to our concerns right away. They need to understand that Internet users won't accept the “Shadow Regulation” of intermediaries by requiring them to enter into expensive and error-prone arrangements with copyright owners for the automating flagging of user content. Neither will they accept a new “link tax” for news publishers that could stifle the dissemination of news online.</p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=European%20Copyright%20Leak%20Exposes%20Plans%20to%20Force%20the%20Internet%20to%20Subsidize%20Publishers&amp;url=https%3A//www.eff.org/deeplinks/2016/08/european-copyright-leak-exposes-plans-force-internet-subsidize-publishers&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=European%20Copyright%20Leak%20Exposes%20Plans%20to%20Force%20the%20Internet%20to%20Subsidize%20Publishers&amp;u=https%3A//www.eff.org/deeplinks/2016/08/european-copyright-leak-exposes-plans-force-internet-subsidize-publishers" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/european-copyright-leak-exposes-plans-force-internet-subsidize-publishers" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=European%20Copyright%20Leak%20Exposes%20Plans%20to%20Force%20the%20Internet%20to%20Subsidize%20Publishers&amp;url=https%3A//www.eff.org/deeplinks/2016/08/european-copyright-leak-exposes-plans-force-internet-subsidize-publishers" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 26 Aug 2016 19:56:23 +0000 Jeremy Malcolm 92761 at https://www.eff.org Commentary Fair Use and Intellectual Property: Defending the Balance International https://www.eff.org/deeplinks/2016/08/justice-department-pressed-intervene-when-police-arrest-grassroots-journalists <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Across the country, civilian journalists have documented government violence using cell phones to record police activities, forcing a much-needed national discourse. But in <a href="https://www.nydailynews.com/news/national/man-shot-dead-minn-police-traffic-stop-article-1.2701935">case</a> after <a href="https://www.democracynow.org/2016/7/13/meet_abdullah_muflahi_he_filmed_alton">case</a> after <a href="https://news.vice.com/article/we-spoke-to-kevin-moore-the-man-who-filmed-freddie-grays-arrest">case</a> after <a href="https://www.democracynow.org/2016/1/12/why_is_ramsey_orta_man_who">case</a>, the people who face penalties in the wake of police violence are the courageous and quick-witted residents who use technology to enable transparency.</p> <p>Earlier this month, the International Documentary Association launched an <a href="https://www.documentary.org/righttorecord">online petition</a> to the <span>Department of </span>Justice asking the federal government to intervene when local police arrest or otherwise harass civilians who document and record police violence. EFF was proud to sign the petition, since this is an issue on which we have been <a href="https://www.eff.org/deeplinks/2015/04/police-must-respect-right-citizens-record-them">increasingly active</a>.</p> <p>Led by film makers <a href="https://boingboing.net/2016/08/12/the-frontline-filmmakers-dema.html">Laura Poitras and David Felix Sutcliffe</a>, the petition also calls for an official investigation exploring "<span>the larger pattern of abuse that has emerged on a federal, state, and local level, and the threat it poses to free speech and a free press.</span>" Finally, the petition urges "our peers in the journalistic community to investigate and report on these abuses."</p> <p>Poitras' film <a href="https://citizenfourfilm.com/">Citizenfour</a>, documenting the Edward Snowden revelations, won the 2015 Oscar award for Best Documentary. Sutcliffe directed <a href="https://terrordocumentary.org/">(T)error</a>, which is the first film ever to document an FBI sting operation as it unfolds (and in the interest of full disclosure, briefly features the author of this post).</p> <p>While the First Amendment protects freedom of the press, and applies to grassroots journalists in addition to their professional counterparts, those <a href="https://thetalkhouse.com/talks/why-the-systematic-targeting-of-citizen-journalists-by-police-must-stop/">protections have often been disregarded</a> by police officers unable to accept civilian oversight and the public exposure of their violence.</p> <p>Meanwhile, despite well-settled jurisprudence establishing the right to observe and record police activities, even the federal judiciary has <a href="https://www.eff.org/deeplinks/2016/02/decision-eroding-first-amendments-rights-civil-rights-transparency-inviting-violence">occasionally failed</a> to vindicate these principles.</p> <p>Arrests of grassroots journalists who record police activities implicate not only the 1st and 14th Amendments to the U.S. Constitution, but also the very legitimacy of our legal system, which grounds its claim to power in impartiality. Yet, around the country, the law has subjected to penalties people pursuing constitutionally protected activities that enhance transparency, while turning a blind eye to the violence prompting residents to place themselves at risk.</p> <p>At issue is not merely a fundamental constitutional right, nor the transparency on which democracy rests, but the ability for community residents to use technology to document <a href="https://www.theguardian.com/us-news/series/counted-us-police-killings">violence endured by their neighbors</a>.</p> <p>The monitoring of public servants who have pledged to "protect and serve" should not represent a risk in a free society. That's why EFF is proud to sign and support the <a href="https://www.documentary.org/righttorecord">International Documentary Association's petition</a>.</p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Justice%20Department%20Pressed%20to%20Intervene%20When%20Police%20Arrest%20Grassroots%20Journalists&amp;url=https%3A//www.eff.org/deeplinks/2016/08/justice-department-pressed-intervene-when-police-arrest-grassroots-journalists&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Justice%20Department%20Pressed%20to%20Intervene%20When%20Police%20Arrest%20Grassroots%20Journalists&amp;u=https%3A//www.eff.org/deeplinks/2016/08/justice-department-pressed-intervene-when-police-arrest-grassroots-journalists" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/justice-department-pressed-intervene-when-police-arrest-grassroots-journalists" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Justice%20Department%20Pressed%20to%20Intervene%20When%20Police%20Arrest%20Grassroots%20Journalists&amp;url=https%3A//www.eff.org/deeplinks/2016/08/justice-department-pressed-intervene-when-police-arrest-grassroots-journalists" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 26 Aug 2016 00:11:51 +0000 Shahid Buttar 92756 at https://www.eff.org Commentary Free Speech Bloggers' Rights Transparency https://www.eff.org/deeplinks/2016/08/nsa-word-games-mass-v-targeted-surveillance-under-section-702 <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="PLBodyText"><img src="/files/2016/08/23/702-og.jpg" alt="" height="325" width="650" /></p> <p class="PLBodyText">We all know that the NSA uses <a href="https://www.eff.org/nsa-spying/wordgames">word games</a> to hide and downplay its activities. Words like "collect," "conversations," "communications," and even "surveillance" have suffered tortured definitions that create confusion rather than clarity.</p> <p class="PLBodyText">There’s another one to watch: "targeted" v. "mass" surveillance.</p> <p class="PLBodyText">Since 2008, the NSA has seized tens of billions of Internet communications. It uses the Upstream and PRISM programs—which the government claims are authorized under Section 702 of the FISA Amendments Act—to collect hundreds of millions of those communications each year. The scope is breathtaking, including the ongoing seizure and searching of communications flowing through key Internet backbone junctures,<a href="#_ftn1" title=""><b><b>[1]</b></b></a>the searching of communications held by service providers like Google and Facebook, and, according to the government's own investigators, the retention of significantly more than 250 million Internet communications per year.<a href="#_ftn2" title=""><b><b>[2]</b></b></a> </p> <p class="PLBodyText">Yet somehow, the NSA and its defenders still try to pass 702 surveillance off as "targeted surveillance," asserting that it is incorrect when EFF and many others call it "mass surveillance."</p> <p class="PLBodyText"><b>Our answer: if "mass surveillance" includes the collection of the content of hundreds of millions of communications annually and the real-time search of billions more, then the PRISM and Upstream programs under Section 702 fully satisfy that definition. </b></p> <p class="PLBodyText">This word game is important because Section 702 is set to expire in December 2017. EFF and our colleagues who banded together to stop the Section 215 telephone records surveillance are gathering our strength for this next step in reining in the NSA. At the same time, the government spin doctors are trying to avoid careful examination by convincing Congress and the American people that this is just "targeted" surveillance and doesn’t impact innocent people.</p> <h2 class="PLBodyText"><b>Section 702 Surveillance: PRISM and Upstream</b></h2> <p class="PLBodyText">PRISM and Upstream surveillance are two types of surveillance that the government admits that it conducts under Section 702 of the FISA Amendments Act, passed in 2008. Each kind of surveillance gives the U.S. government access to vast quantities of Internet communications.<a href="#_ftn3" title="">[3]</a></p> <p class="PLBodyText">Upstream gives the NSA access to communications flowing through the fiber-optic Internet backbone cables within the United States.<a href="#_ftn4" title="">[4]</a> This happens because the NSA, with the help of telecommunications companies like AT&amp;T, makes wholesale copies of the communications streams passing through certain fiber-optic backbone cables. Upstream is at issue in EFF’s <a href="https://www.eff.org/cases/jewel">Jewel v. NSA</a> case.</p> <p class="PLBodyText">PRISM gives the government access to communications in the possession of third-party Internet service providers, such as Google, Yahoo, or Facebook. Less is known about how PRISM actually works, something Congress should shine some light on between now and December 2017.<a href="#_ftn5" title="">[5]</a></p> <p>Note that those two programs existed prior to 2008—they were just done under a shifting set of legal theories and authorities.<a href="#_ftn6" title="">[6]</a> EFF has had evidence of the Upstream program from <a href="https://www.eff.org/document/public-unredacted-klein-declaration">whistleblower Mark Klein</a> since 2006, and we have been suing to stop it ever since.</p> <h2 class="PLBodyText"><b>Why PRISM and Upstream are "Mass," Not "Targeted," Surveillance </b></h2> <p class="PLBodyText">Despite government claims to the contrary, here’s why PRISM and Upstream are "mass surveillance":</p> <p class="PLBodyText">          (1) <b>Breadth of acquisition:  </b>First, the scope of collection under both PRISM and Upstream surveillance is exceedingly broad. The NSA acquires hundreds of millions, if not billions, of communications under these programs annually.<a href="#_ftn7" title="">[7]</a> Although, in the U.S. government’s view, the programs are nominally "targeted," that targeting sweeps so broadly that the communications of innocent third parties are inevitably and intentionally vacuumed up in the process. For example, a review of a "large cache of intercepted conversations" provided by Edward Snowden and analyzed by the Washington Post revealed that 9 out of 10 account holders "were not the intended surveillance targets but were caught in a net the agency had cast for somebody else."<a href="#_ftn8" title="">[8]</a> The material reviewed by the Post consisted of 160,000 intercepted e-mail and instant message conversations, 7,900 documents (including "medical records sent from one family member to another, resumes from job hunters and academic transcripts of schoolchildren"), and more than 5,000 private photos.<a href="#_ftn9" title="">[9]</a> In all, the cache revealed the "daily lives of more than 10,000 account holders who were not targeted [but were] catalogued and recorded nevertheless."<a href="#_ftn10" title="">[10]</a> The Post estimated that, at the U.S. government’s annual rate of "targeting," collection under Section 702 would encompass more than 900,000 user accounts annually. By any definition, this is "mass surveillance."</p> <p class="PLBodyText">          (2) <b>Indiscriminate full-content searching.  </b>Second, in the course of accomplishing its so-called "targeted" Upstream surveillance, the U.S. government, in part through its agent AT&amp;T, indiscriminately searches the contents of billions of Internet communications as they flow through the nation’s domestic, fiber-optic Internet backbone. This type of surveillance, known as "about surveillance," involves the NSA's retention of communications that are neither to nor from a target of surveillance; rather, it authorizes the NSA to obtain any communications "about" the target.<a href="#_ftn11" title="">[11]</a> Even if the acquisition of communications containing information "about" a surveillance target could, somehow, still be considered "targeted," the <i>method</i> for accomplishing that surveillance cannot be: "about" surveillance entails a content search of all, or substantially all, international Internet communications transiting the United States.<a href="#_ftn12" title="">[12]</a>  Again, by any definition, Upstream surveillance is "mass surveillance."  For PRISM, while less is known, it seems the government is able to search through—or require the companies like Google and Facebook to search through—all the customer data stored by the corporations for communications to or from its targets.</p> <h2 class="PLBodyText"><b>Seizure: Fourth Amendment and the Wiretap Act</b></h2> <p class="PLBodyText">To accomplish Upstream surveillance, the NSA copies (or has its agents like AT&amp;T copy) Internet traffic as it flows through the fiber-optic backbone. This copying, even if the messages are only retained briefly, matters under the law. Under U.S. constitutional law, when the federal government "<a href="https://supreme.justia.com/cases/federal/us/466/109/case.html">meaningfully interferes</a>" with an individual’s protected communications, those communications have been "seized" for purposes of the U.S. Constitution’s Fourth Amendment. Thus, when the U.S. government copies (or has copied) communications wholesale and diverts them for searching, it has "seized" those communications under the Fourth Amendment.</p> <p class="PLBodyText">Similarly, U.S. wiretapping law triggers a wiretap at the point of "<a href="https://ilt.eff.org/index.php/Privacy:_Wiretap_Act">interception by a device</a>," which occurs when the Upstream mechanisms gain access to our communications.^{<a href="#_ftn13" title="">^[13]</a>}</p> <p class="PLBodyText">Why does the government insist that it’s targeted?  For Upstream, it may be because the initial collection and searching of the communications—done by service providers like AT&amp;T on the government’s behalf—is really, really fast and much of the information initially collected is then quickly disposed of. In this way the Upstream collection is unlike the telephone records collection where the NSA kept all of the records it seized for years. Yet this difference should not change the conclusion that the surveillance is "mass surveillance." First, all communications flowing through the collection points upstream are seized and searched, including content and metadata. Second, as noted above, the amount of information retained—over 250 million Internet communications per year—is astonishing.</p> <p class="PLBodyText">Thus, regardless of the time spent, the seizure and search are comprehensive and invasive. Using advanced computers, the NSA and its agents can do a full-text, content search within a blink of an eye through billions, if not trillions of your communications, including emails, social media, and web searches. Second, as demonstrated above, the government retains a huge amount of the communications—far more about innocent people than about its targets—so even based on what is retained the surveillance is better described as "mass" rather than "targeted."</p> <h2 class="PLBodyText"><b>Yes, it is Mass Surveillance</b></h2> <p class="PLBodyText">So it is completely correct to characterize Section 702 as mass surveillance. It stems from the confluence of: (1) the method NSA employs to accomplish its surveillance, particularly Upstream, and (2) the breadth of that surveillance.</p> <p class="PLBodyText">Next time you see the government or its supporters claim that PRISM and Upstream are "targeted" surveillance programs, you’ll know better. </p> <p class="PLBodyText"> </p> <div> <div> <p><a href="#_ftnref1" title="">[1]</a> <i>See, e.g.</i>, Charlie Savage, <a href="https://www.nytimes.com/2013/08/08/us/broader-sifting-of-data-abroad-is-seen-by-nsa.html?_r=0"><i>NSA Said to Search Content of Messages to and From U.S.</i></a>, N.Y. Times (Aug 8, 2013) (“The National Security Agency is searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country[.]”). This article describes an NSA practice known as “about surveillance”—a practice that involves searching the contents of communications as they flow through the nation’s fiber-optic Internet backbone. </p> </div> <div> <p><a href="#_ftnref2" title="">[2]</a> FISA Court Opinion by Judge Bates entitled [<a href="https://www.eff.org/document/october-3-2011-fisc-opinion-holding-nsa-surveillance-unconstitutional">Caption Redacted</a>], at 29 (“NSA acquires more than two hundred fifty million Internet communications each year pursuant to Section 702”), https://www.eff.org/document/october-3-2011-fisc-opinion-holding-nsa-surveillance-unconstitutional (Hereinafter, “Bates Opinion”). According to the PCLOB report, the “current number is significantly higher” than 250 million communications. <a href="pclob.gov/library/702-Report.pdf">PCLOB Report on 702</a> at 116.</p> </div> <div> <p><a href="#_ftnref3" title="">[3]</a> Bates Opinion at 29; PCLOB at 116.</p> </div> <div> <p><a href="#_ftnref4" title="">[4]</a> <i>Id. </i>at 35.</p> </div> <div> <p><a href="#_ftnref5" title="">[5]</a> PCLOB at 33-34</p> </div> <div> <p><a href="#_ftnref6" title="">[6]</a> First,  the Bush Administration relied solely on broad claims of Executive power, grounded in secret legal interpretations written by the Department of Justice. Many of those interpretations were subsequently abandoned by later Bush Administration officials.  Beginning in 2006, DOJ was able to turn to the Foreign Intelligence Surveillance Court to sign off on its surveillance programs. In 2007, Congress finally stepped into the game, passing the Protect America Act; which, a year later, was substantially overhauled and passed again as the FISA Amendments Act. While neither of those statutes mention the breadth of the surveillance and it was not discussed publicly during the Congressional processes, both have been cited by the government as authorizing it.</p> </div> <div> <p><a href="#_ftnref7" title="">[7]</a> <i>See </i>note 1.</p> </div> <div> <p><a href="#_ftnref8" title="">[8]</a> Barton Gellman, Julie Tate, and Ashkan Soltani, <a href="https://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html"><i>In NSA-Intercepted Data, Those Not Targeted Far Outnumber the Foreigners Who Are</i></a>, Washington Post (July 5, 2014), <i> </i></p> </div> <div> <p><a href="#_ftnref9" title="">[9]</a> <i>Id</i>.</p> </div> <div> <p><a href="#_ftnref10" title="">[10]</a> <i>Id</i>.</p> </div> <div> <p><a href="#_ftnref11" title="">[11]</a> Bates Opinion at 15.</p> </div> <div> <p><a href="#_ftnref12" title="">[12]</a> PCLOB report at 119-120.</p> </div> <div> <p><a href="#_ftnref13" title="">[13]</a> <i>See </i>18 U.S.C § 2511(1)(a); <i>U.S. v. Councilman</i>, 418 F.3d 67, 70-71, 79 (1st Cir. 2005) (en banc).</p> </div> </div> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/jewel">Jewel v. NSA</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Word%20Games%3A%20What%20the%20NSA%20Means%20by%20%E2%80%9CTargeted%E2%80%9D%20Surveillance%20Under%20Section%20702&amp;url=https%3A//www.eff.org/deeplinks/2016/08/nsa-word-games-mass-v-targeted-surveillance-under-section-702&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Word%20Games%3A%20What%20the%20NSA%20Means%20by%20%E2%80%9CTargeted%E2%80%9D%20Surveillance%20Under%20Section%20702&amp;u=https%3A//www.eff.org/deeplinks/2016/08/nsa-word-games-mass-v-targeted-surveillance-under-section-702" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/nsa-word-games-mass-v-targeted-surveillance-under-section-702" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Word%20Games%3A%20What%20the%20NSA%20Means%20by%20%E2%80%9CTargeted%E2%80%9D%20Surveillance%20Under%20Section%20702&amp;url=https%3A//www.eff.org/deeplinks/2016/08/nsa-word-games-mass-v-targeted-surveillance-under-section-702" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Wed, 24 Aug 2016 23:21:23 +0000 Cindy Cohn 92744 at https://www.eff.org Legal Analysis NSA Spying https://www.eff.org/deeplinks/2016/08/cloudflare-protects-internet-users-insisting-lawful-orders-blocking-customers <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>This month, the online service provider <a href="https://www.cloudflare.com">CloudFlare</a> stood up for its website-owner customers, and for all users of those websites, by telling a court that CloudFlare shouldn’t be forced to block sites without proper legal procedure. Copyright law limits the kinds of orders that a court can impose on Internet intermediaries, and requires courts to consider the pros and cons thoroughly. In this case, as in other recent cases, copyright (and trademark) holders are trying to use extremely broad interpretations of some basic court rules to bypass these important protections. As special interests keep trying to make things disappear from the Internet quickly, cheaply, and <i>without</i> true court supervision, it’s more important than ever that Internet companies like CloudFlare are taking a stand.</p> <p>The current dispute between CloudFlare and a group of record labels arose from the labels’ case against the music streaming site MP3Skull. The website’s owners never appeared in court to defend themselves against a lawsuit by the labels. The labels, who are all members of the Recording Industry Association of America, won a court judgment by default in March of this year. The judgment included a permanent injunction against the site and those in “active concert and participation” with it. On the last day of June, the labels’ lawyers sent the order to CloudFlare and demanded that they immediately stop providing services to various Internet addresses and domain names connected with MP3Skull.</p> <p>CloudFlare provides content delivery network services, optimization, and security for websites. Its CEO previously <a href="https://blog.cloudflare.com/cloudflare-and-free-speech/">said</a> on the company’s blog that “if we were to receive a valid court order that compelled us to not provide service to a customer then we would comply with that court order,” but that “there will be things on our network that make us uncomfortable[, and] our proper role is not that of Internet censor.” Last year, with help from EFF, CloudFlare successfully <a href="https://www.eff.org/deeplinks/2015/07/victory-cloudflare-against-sopa-court-order-internet-service-doesnt-have-police">fought back</a> against a court order that would have required it to act as trademark police for the music labels by shutting down any customer who used domain names like “grooveshark.”</p> <p>CloudFlare is keeping up that legal approach in the MP3Skull case. It <a href="https://www.eff.org/document/cloudflare-response-expedited-motion-clarificaton-arista-records-v-vasilenko">wrote</a> to the U.S. District Court for the Southern District of Florida to say that while it “does not oppose an appropriate injunction,” the RIAA members should be required to follow the procedure set out in <a href="https://www.law.cornell.edu/uscode/text/17/512">Section 512(j)</a> of the Digital Millennium Copyright Act (the DMCA). That law limits the kinds of injunctions that can be imposed on Internet intermediaries like CloudFlare. It also requires courts to consider the pros and cons of ordering an intermediary to help enforce a copyright. Specifically, a court has to consider whether an order would “significantly burden” the service provider or its operations, how much harm the copyright holder is likely to experience without an order, whether the order would be technically feasible and effective, whether it would tend to block non-infringing material, and whether less burdensome measures are available.</p> <p>None of that happened in this case. The court simply entered a broad injunction against the MP3Skull defendants by default after they failed to show up in court, and the labels then <a href="https://www.eff.org/document/riaa-expedited-motion-clarificaton-arista-records-v-vasilenko">attempted</a> to bind CloudFlare with that order months later. The labels didn’t mention the DMCA at all in their request to the court. Instead, they pointed to <a href="https://www.law.cornell.edu/rules/frcp/rule_65">Rule 65</a> of the Federal Rules of Civil Procedure, which says that a court can issue injunctions against a party to the case or anyone in “active concert and participation” with a party. It’s that phrase that rightsholders have used to try to bind Internet intermediaries like CloudFlare without following the procedure laid out in DMCA 512(j), and similar limitations that the courts have created for trademark law.<a class="see-footnote" id="footnoteref1_uwf8eck" title="Tiffany (NJ) Inc. v. eBay Inc., 600 F. 3d 93 (2d. Cir. 2010)" href="#footnote1_uwf8eck">1</a></p> <p>The “active concert” clause of Rule 65 is actually quite narrow: it’s meant to keep parties to a case from evading a court order by acting indirectly through a friend or associate. It doesn’t sweep every company that provides services to a defendant under the court’s power, and it doesn’t bypass more specific rules like DMCA 512(j). Making Rule 65 into an injunction trump card would lead to bizarre results: the courts would have <i>more</i> power over a service provider like CloudFlare if it is <i>not</i> named as a defendant in a lawsuit, and <i>less</i> power if the service provider were actually sued, given their day in court, and found liable. It’s easy to see why the law shouldn’t work that way.</p> <p>Although another court found that CloudFlare was in “active concert and participation” with a trademark-infringing customer last year, that court also narrowed its injunction against CloudFlare, as trademark law requires. Still, the court should reject the record labels' <a href="https://www.eff.org/document/riaa-reply-re-expedited-motion-clarificaton-arista-records-v-vasilenko">argument</a> that one injunction obtained by default can bind "countless conduit online service providers, search engines, web hosts, content delivery networks, and other service providers" -- in other words, the entire Internet -- without considering the burdens, costs, and alternatives for each, as Congress required.</p> <p>The limits on court orders against intermediaries are vital safeguards against censorship, especially where the censorship is done on behalf of a well-financed party. That’s why it’s important for courts to uphold those limits even in cases where copyright or trademark infringement seems obvious. Court precedents and technical tools built today to go after “notorious pirates” <i>will</i> be used tomorrow against popular <a href="https://www.eff.org/deeplinks/2012/05/unsealed-court-records-confirm-riaa-delays-were-behind-year-long-seizure-hip-hop">blogs</a>, political <a href="https://www.eff.org/deeplinks/2016/03/foilies-2016-recognizing-worst-government-responses-public-records-requests/#copywrong">commentators</a>, <a href="https://www.eff.org/takedowns/crude-copyright-complaints-silence-oil-company-satire">satirists</a>, and innocent <a href="https://www.eff.org/deeplinks/2016/03/american-bridal-and-prom-industry-association-slinks-away-after-being-called-out">businesses</a>. Insisting on a full and fair legal process before blocking users becomes more important the larger an online service provider gets. That's why it’s great to see a service like CloudFlare stepping up to protect all Internet users by doing just that.</p> <ul class="footnotes"><li class="footnote" id="footnote1_uwf8eck"><a class="footnote-label" href="#footnoteref1_uwf8eck">1.</a> Tiffany (NJ) Inc. v. eBay Inc., 600 F. 3d 93 (2d. Cir. 2010)</li> </ul><script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=CloudFlare%20Protects%20Internet%20Users%20By%20Insisting%20On%20Lawful%20Orders%20Before%20Blocking%20Customers&amp;url=https%3A//www.eff.org/deeplinks/2016/08/cloudflare-protects-internet-users-insisting-lawful-orders-blocking-customers&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=CloudFlare%20Protects%20Internet%20Users%20By%20Insisting%20On%20Lawful%20Orders%20Before%20Blocking%20Customers&amp;u=https%3A//www.eff.org/deeplinks/2016/08/cloudflare-protects-internet-users-insisting-lawful-orders-blocking-customers" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/cloudflare-protects-internet-users-insisting-lawful-orders-blocking-customers" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=CloudFlare%20Protects%20Internet%20Users%20By%20Insisting%20On%20Lawful%20Orders%20Before%20Blocking%20Customers&amp;url=https%3A//www.eff.org/deeplinks/2016/08/cloudflare-protects-internet-users-insisting-lawful-orders-blocking-customers" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Tue, 23 Aug 2016 22:49:37 +0000 Mitch Stoltz 92739 at https://www.eff.org Legal Analysis Fair Use and Intellectual Property: Defending the Balance SOPA/PIPA: Internet Blacklist Legislation https://www.eff.org/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>U.S. border control agents want to gather Facebook and Twitter identities from visitors from around the world. But this flawed plan would violate travelers’ privacy, and would have a wide-ranging impact on freedom of expression—all while doing little or nothing to protect Americans from terrorism.</p> <p>Customs and Border Protection, an agency within the Department of Homeland Security, has <a href="https://federalregister.gov/a/2016-14848">proposed</a> collecting social media handles from visitors to the United States from <a href="https://travel.state.gov/content/visas/en/visit/visa-waiver-program.html">visa waiver countries</a>. EFF submitted comments both <a href="https://www.eff.org/document/cbp-comments-final-aug-22-2016">individually</a> and as part of a <a href="https://cdt.org/insight/coalition-letter-opposing-dhs-social-media-collection-proposal/">larger coalition</a> opposing the proposal.</p> <p>CBP specifically seeks “information associated with your online presence—Provider/Platform—Social media identifier” in order to provide DHS “greater clarity and visibility to possible nefarious activity and connections” for “vetting purposes.”</p> <p>In our comments, we argue that would-be terrorists are unlikely to disclose social media identifiers that reveal publicly available posts expressing support for terrorism.</p> <p>But this plan would be more than just ineffective. It’s vague and overbroad, and would unfairly violate the privacy of innocent travelers. Sharing your social media account information often means sharing political leanings, religious affiliations, reading habits, purchase histories, dating preferences, and sexual orientations, among many other personal details.</p> <p>Or, unwilling to reveal such intimate information to CBP, many innocent travelers would engage in self-censorship, cutting back on their online activity out of fear of being wrongly judged by the U.S. government. After all, it’s not hard to imagine some public social media posts being taken out of context or misunderstood by the government. In the face of this uncertainty, some may forgo visiting the U.S. altogether.</p> <p>The proposed program would be voluntary, and for international visitors. But we are worried about a slippery slope, where CBP could require U.S. citizens and residents returning home to disclose their social media handles, or subject both foreign visitors and U.S. persons to invasive <i>device</i> searches at ports of entry with the intent of easily accessing <i>any and all </i>cloud data.</p> <p>This would burden constitutional rights under the First and Fourth Amendments. CBP already started a social media monitoring program in 2010, and in 2009 issued a broad policy authorizing <a href="https://www.dhs.gov/sites/default/files/publications/privacy_pia_cbp_laptop.pdf">border searches of digital devices</a>. We oppose CBP further invading the private lives of innocent travelers, including Americans.<b> </b></p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/united-states-v-saboonchi">United States v. Saboonchi</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=U.S.%20Customs%20and%20Border%20Protection%20Wants%20to%20Know%20Who%20You%20Are%20on%20Twitter%E2%80%94But%20It%E2%80%99s%20a%20Flawed%20Plan&amp;url=https%3A//www.eff.org/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=U.S.%20Customs%20and%20Border%20Protection%20Wants%20to%20Know%20Who%20You%20Are%20on%20Twitter%E2%80%94But%20It%E2%80%99s%20a%20Flawed%20Plan&amp;u=https%3A//www.eff.org/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=U.S.%20Customs%20and%20Border%20Protection%20Wants%20to%20Know%20Who%20You%20Are%20on%20Twitter%E2%80%94But%20It%E2%80%99s%20a%20Flawed%20Plan&amp;url=https%3A//www.eff.org/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Mon, 22 Aug 2016 18:46:49 +0000 Sophia Cope 92724 at https://www.eff.org Policy Analysis Free Speech Privacy Travel Screening https://www.eff.org/deeplinks/2016/08/legislation-reclaim-university-invention-trolls <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><a href="/reclaim-invention"><img src="/files/2016/08/03/og-reclaim-invention.png" height="325" width="650" /></a></p> <p>EFF recently launched <a href="https://www.eff.org/reclaim-invention">Reclaim Invention</a>, a project to encourage universities to manage their patent portfolios in a way that maximizes the public benefit. Specifically, we’ve urged universities to sign a <a href="https://www.eff.org/reclaim-invention/pledge">Public Interest Patent Pledge</a> not to sell or exclusively license patents to patent assertion entities, also known as patent trolls. EFF is proud to partner with <a href="https://creativecommons.org/">Creative Commons</a>, <a href="https://www.engine.is/">Engine</a>, <a href="https://www.fightforthefuture.org/">Fight for the Future</a>, <a href="https://www.keionline.org/">Knowledge Ecology International</a>, and <a href="https://www.publicknowledge.org/">Public Knowledge</a> on this initiative.</p> <p>As part of our project, we’ve also released <a href="https://www.eff.org/reclaim-invention/legislation">draft state legislation</a> that we hope state legislators can adapt to promote pro-innovation technology transfer at state universities. Our <a href="https://www.eff.org/files/2016/08/12/reclaiminventionact-09.txt">legislative language</a> has two components. First, it requires university technology transfer offices to adopt a policy committing them to manage patent assets in the public interest. University policy should include:</p> <ul><li>researching the past practices of potential patent buyers or licensees;</li> <li>prioritizing technology transfer that develops inventions and scales their potential user base;</li> <li>endeavoring to nurture startups that will create new jobs, products, and services;</li> <li>fostering agreements and relationships that include the sharing of know-how and practical experience to maximize the value of the assignment or license of the corresponding patents.</li> </ul><p>The second part of the legislation voids any agreement to license or transfer a patent to a patent assertion entity.</p> <p>The policies advanced by the proposed legislation are similar to principles that many in the university sector have already advocated for (like the <a href="https://www.autm.net/advocacy-topics/government-issues/principles-and-guidelines/nine-points-to-consider-when-licensing-university/">Nine Points to Consider</a> promoted by the Association of University Technology Managers). The view that universities should promote true technology transfer, and not trolling, is not radical. Despite general agreement on these points, universities sometimes sell to patent assertion entities like mega-troll <a href="https://www.eff.org/deeplinks/2016/03/stupid-patent-month-mega-troll-intellectual-ventures-hits-florist-do-it-computer">Intellectual Ventures</a> or dietary supplement troll <a href="https://www.npr.org/sections/alltechconsidered/2016/07/08/483438151/bodybuilders-beef-over-a-workout-supplement-and-a-stanford-patent">ThermoLife</a>. Legislation that carefully codifies the public-interest mission of university technology transfer would ensure that trolls don’t get hold of public universities’ patents.</p> <p>Getting tech transfer legislation introduced in 50 states would be an enormous job, but that’s where you come in. If you’d like to see your state legislators fight patent trolls, then <a href="https://act.eff.org/action/keep-state-university-patents-away-from-trolls">use our form to contact your state lawmakers</a>.</p> <p>Both in urging universities to change their patenting policies and in passing reforms on the state legislative level, we can’t replace local, on-the-ground activism. Reclaim Invention relies on our network of local activists in the <a href="https://www.eff.org/electronic-frontier-alliance">Electronic Frontier Alliance</a> and beyond. If you would like to help convince your college to sign the <a href="https://www.eff.org/reclaim-invention/pledge">pledge</a> or work with local lawmakers to introduce legislation, please <a href="https://www.eff.org/about/staff/elliot-harmon">contact us</a>.</p> <p class="eff_digital_voices-take_action"><a href="https://act.eff.org/action/keep-state-university-patents-away-from-trolls"><img src="/sites/all/modules/custom/eff_digital_voices/plugins/take_action/images/button.png" alt="Take Action" title="Take Action" class="eff_digital_voices-take_action" /><strong>Tell your state lawmakers: keep university patents away from trolls.</strong></a></p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Legislation%20to%20Reclaim%20University%20Invention%20from%20the%20Trolls&amp;url=https%3A//www.eff.org/deeplinks/2016/08/legislation-reclaim-university-invention-trolls&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Legislation%20to%20Reclaim%20University%20Invention%20from%20the%20Trolls&amp;u=https%3A//www.eff.org/deeplinks/2016/08/legislation-reclaim-university-invention-trolls" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/legislation-reclaim-university-invention-trolls" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Legislation%20to%20Reclaim%20University%20Invention%20from%20the%20Trolls&amp;url=https%3A//www.eff.org/deeplinks/2016/08/legislation-reclaim-university-invention-trolls" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Mon, 22 Aug 2016 18:22:54 +0000 Daniel Nazer 92722 at https://www.eff.org Call To Action Fair Use and Intellectual Property: Defending the Balance Patents Legislative Solutions for Patent Reform Patent Trolls Reclaim Invention https://www.eff.org/deeplinks/2016/08/update-patent-troll-shipping-transit-llc <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>There has been significant activity relating to cases and patent infringement claims made by Shipping &amp; Transit, LLC, formerly known as ArrivalStar. Shipping &amp; Transit, who we’ve <a href="https://www.eff.org/deeplinks/2015/07/psa-shipping-and-transit-llc-and-electronic-communication-technologies-llc-are-not">written</a> <a href="https://www.eff.org/deeplinks/2015/03/patent-troll-arrivalstar-back-extorting-money-hiding-facts-and-operating-shadows">about</a> on <a href="https://www.eff.org/deeplinks/2012/03/help-eff-bust-dangerous-jones-patent">numerous</a> <a href="https://www.eff.org/deeplinks/2013/06/arrivalstar-how-not-make-friends-and-influence">occasions</a>, is currently one of the most prolific patent trolls in the country. <a href="https://lexmachina.com/">Lex Machina</a> data indicates that, since January 1, 2016, Shipping &amp; Transit has been named in almost 100 cases. This post provides an update on some of the most important developments in these cases.</p> <p>In many Shipping &amp; Transit cases, Shipping &amp; Transit has alleged that retailers allowing their customers to track packages sent by USPS infringe various claims of patents owned by Shipping &amp; Transit, despite previously suing (and <a href="https://www.eff.org/document/exhibit-m-dismissal-against-united-states-america">settling with</a>) USPS. EFF <a href="https://www.eff.org/deeplinks/2016/05/its-time-shut-down-most-prolific-patent-troll-country">represents</a> a company that Shipping &amp; Transit accused of infringing four patents.</p> <h2><b>Shipping &amp; Transit Is Facing Numerous <i>Alice</i> Motions</b></h2> <p>In April 2014, the Supreme Court decided <a href="https://www.eff.org/deeplinks/2014/06/bad-day-bad-patents-supreme-court-unanimously-strikes-down-abstract-software"><i>Alice v. CLS Bank</i></a>, holding that “abstract ideas” are not patentable. Many courts have since applied that ruling, finding that patents are “abstract” and therefore invalid, often very early in litigation, saving significant time, money, and effort by the parties.</p> <p>Several defendants have now asked courts to quickly find Shipping &amp; Transit’s patents invalid under <i>Alice</i>. Neptune Cigars has filed a <a href="https://www.eff.org/document/neptune-cigars-motion-dismiss-re-alice-101">motion</a> with the Central District of California, arguing that two Shipping &amp; Transit patents (U.S. Patent Nos. 6,763,299 and 6,415,207) are invalid. That motion is pending.</p> <p>Another defendant, Loginext, also filed a <a href="https://www.eff.org/document/loginext-motion-dismiss-re-101">motion</a> arguing that U.S. Patent 6,415,207 was invalid under <i>Alice</i>. Shipping &amp; Transit quickly dismissed its case against Loginext, with Loginext paying nothing to Shipping &amp; Transit. Loginext had also sent a “Rule 11” <a href="https://www.eff.org/document/loginext-letter-shipping-transit-re-rule-11">letter</a> to Shipping &amp; Transit pointing out that Loginext did not even exist when U.S. Patent No. 6,763,299 expired.</p> <p>Our clients, Triple7Vaping.com LLC and Jason Cugle (together, Triple7), have also noted that the patents are likely invalid under <i>Alice</i>. When another party in the Southern District of Florida moved to dismiss under <i>Alice</i>, we asked the court to <a href="https://www.eff.org/document/motion-consolidate-cases-or-leave-file-amicus-brief">consolidate</a> our case with that one, and <a href="https://www.eff.org/document/proposed-amicus-brief">provided a brief</a> explaining in detail why the claims are invalid under <i>Alice</i>. The motion, however, was not decided after the original party that moved to dismiss settled with Shipping &amp; Transit.</p> <h2><b>Unified Patents Filed an Inter Partes Review Against the ’270 patent</b></h2> <p>On July 25, 2015, <a href="https://www.unifiedpatents.com/">Unified Patents</a> filed a <a href="https://www.eff.org/document/unified-patents-petition-inter-partes-review">petition</a> for <a href="https://en.wikipedia.org/wiki/Inter_partes_review">inter partes review</a> of U.S. Patent 6,415,207 (the ’270 patent), one of the few Shipping &amp; Transit patents that remains in force (many of Shipping &amp; Transit’s patent expired in 2013). In its petition to the Patent Office to review the ’207 patent, Unified Patents argues that the patent is invalid because it is obvious in light of other patents, including a different, much older, Shipping &amp; Transit patent. </p> <h2><b>Shipping &amp; Transit Disclaims All Liability by Triple7</b></h2> <p>On May 31, 2016, Triple7 filed a <a href="https://www.eff.org/document/cugle-v-shipping-transit">lawsuit</a> asking for a declaratory judgment that four of Shipping &amp; Transit’s patents were invalid and not infringed. Triple7 also asked the court to find that Shipping &amp; Transit violated Maryland state law when it made its claims of infringement, because the claims were made in bad faith.</p> <p>In response, on July 21, 2016, Shipping &amp; Transit <a href="https://www.eff.org/document/shipping-transit-covenant-not-sue-triple7">covenanted not to sue</a> Triple7, meaning it has disclaimed any possible claim of infringement against Triple7. In doing so, Shipping &amp; Transit has sought to <a href="https://www.eff.org/document/shipping-transits-amended-motion-dismiss">prevent</a> the court from deciding the merits of Shipping &amp; Transit’s claims of infringement. Triple7 <a href="https://www.eff.org/document/triple7s-opposition-sts-amended-motion-dismiss">has argued</a> that the court retains that ability as part of the Maryland claim, and the court is expected to decide the issue soon.</p> <h2><b>Shipping &amp; Transit Reveals The Minimal Investigation It Does Before It Sends A Demand Letter</b><b> </b></h2> <p>Shipping &amp; Transit asked the Court to dismiss Triple7’s claims for violations of Maryland State law. In doing so, it submitted <a href="https://www.eff.org/document/dollard-affidavit-support-shipping-and-transits-motion-dismiss">two</a> <a href="https://www.eff.org/document/turnbull-affidavit-support-shipping-and-transits-motion-dismiss">affidavits</a> that detailed the investigation it engages in before sending a demand letter. In response, Triple7 <a href="https://www.eff.org/document/triple7vapings-memorandum-opposition-motion-dismiss">argued</a> that Shipping &amp; Transit’s investigation was plainly deficient under binding Federal Circuit law.</p> <p>While every individual case will have some differences, we hope that these materials are useful to current and future targets of Shipping &amp; Transit’s trolling campaign.</p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/triple7vapingcom-llc-et-al-v-shipping-transit-llc">Triple7Vaping.com, LLC et al. v. Shipping &amp; Transit LLC</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=An%20Update%20on%20Patent%20Troll%20Shipping%20%26%20Transit%2C%20LLC&amp;url=https%3A//www.eff.org/deeplinks/2016/08/update-patent-troll-shipping-transit-llc&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=An%20Update%20on%20Patent%20Troll%20Shipping%20%26%20Transit%2C%20LLC&amp;u=https%3A//www.eff.org/deeplinks/2016/08/update-patent-troll-shipping-transit-llc" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/update-patent-troll-shipping-transit-llc" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=An%20Update%20on%20Patent%20Troll%20Shipping%20%26%20Transit%2C%20LLC&amp;url=https%3A//www.eff.org/deeplinks/2016/08/update-patent-troll-shipping-transit-llc" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 19 Aug 2016 17:02:09 +0000 Vera Ranieri 92700 at https://www.eff.org News Update Fair Use and Intellectual Property: Defending the Balance Patents Patent Busting Project Patent Trolls https://www.eff.org/deeplinks/2016/08/global-ambitions-pakistans-new-cyber-crime-act <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Despite near universal condemnation from Pakistan's tech experts; despite the efforts of a <a href="https://digitalrightsfoundation.pk/2016pecbconsultation/">determined coalition</a> of activists, and despite numerous attempts by <a href="https://bolobhi.org/summary-senate-standing-committee-on-its-subcommittee-meetings-on-pecb/">alarmed politicians</a> to patch its many flaws, Pakistan's <a href="https://digitalrightsfoundation.pk/wp-content/uploads/2016/08/PECB2016.pdf">Prevention of Electronic Crimes Bill (PECB)</a> last week passed into law. Its passage ends an eighteen month long battle between Pakistan's government, who saw the bill as a flagship element of their anti-terrorism agenda, and <a href="https://content.bytesforall.pk/node/196">the technologists and civil liberties groups</a> who slammed the bill as an incoherent mix of anti-speech, anti-privacy and anti-Internet provisions.</p> <p>But the PECB isn't just a tragedy for <a href="https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=16879&amp;LangID=E">free expression</a> and <a href="https://www.privacyinternational.org/node/881">privacy </a>within Pakistan. Its broad reach has wider consequences for Pakistan nationals abroad, and international criminal law as it applies to the<br /> Net.</p> <p>The new law creates broad crimes related to "cyber-terrorism" and its "glorification" online. It gives the authorities the opportunity to threaten, target and censor unpopular online speech in ways that go far beyond international standards or Pakistan's own free speech protections for offline media. Personal digital data will be collected and made available to the authorities without a warrant: the products of these data retention programs can then be handed to foreign powers without oversight.</p> <p>PECB is generous to foreign intelligence agencies. It is far less tolerant of other foreigners, or of Pakistani nationals living abroad. Technologists and online speakers outside Pakistan should pay attention to the first clause of <a href="https://digitalrightsfoundation.pk/wp-content/uploads/2016/08/PECB2016.pdf">the new law</a>:</p> <blockquote><ol><li>This Act may be called the Prevention of Electronic Crimes Act, 2016.</li> <li>It extends to the whole of Pakistan.</li> <li>It shall apply to every citizen of Pakistan <em>wherever he may be</em> and also to every other person for the time being in Pakistan.</li> <li>It shall also apply to <em>any act committed outside Pakistan</em> by any person if the act constitutes an offence under this Act and affects a person, property, information system or data location in Pakistan.</li> </ol></blockquote> <p><a href="https://www.eff.org/issues/cfaa">Poorly-written cyber-crime laws</a> criminalize these everyday and innocent actions by technology users, and the PECB is no exception. It criminalizes the violation of terms of service in some cases, and ramps up the penalties for many actions that would be seen as harmless or positive acts in the non-digital world, including unauthorized copying and access. Security researchers and consumers frequently conduct "unauthorized" acts of access and copying for legitimate and lawful reasons. They do it to exercise of their right of fair use, to exposing wrongdoing in government, or to protect the safety and privacy of the public. Violating website terms of service may be a violation of your agreement with that site, but no nation should turn those violations into felonies.</p> <p>The PECB asserts an international jurisdiction for these new crimes. It says that if you are a Pakistan national abroad (over 8.5 million people, or 4% of Pakistan's total population) you too can be prosecuted for violating its vague statutes. And if a Pakistan court determines that you have violated one of the prohibitions listed in the PECB in such a way that it affects any Pakistani national, you can find yourself prosecuted in the Pakistan courts, no matter where you live.</p> <p>Pakistan isn't alone in making such broad claims of jurisdiction. Some countries claim the power to prosecute a narrow set of serious crimes committed against their citizens abroad under <a href="https://www.asil.org/sites/default/files/benchbook/jurisdiction.pdf">international law's</a> "passive personality principle" (the U.S. does so in some of its anti-terrorism laws). Other countries claim jurisdiction over the actions of its own nationals abroad under the "active personality principle" (for instance, in cases of treason.)</p> <p>But Pakistan's cyber-crime law asserts both principles simultaneously, and explicitly applies them to all cyber-crime, both major and minor, defined in PECB. That includes creating "a sense of insecurity in the [Pakistani] government" (Ch.2, 10), offering services to change a computer's MAC address (Ch.2, 16), or building tools that let you listen to licensed radio spectrum (Ch.2, 13 and 17).</p> <p>The universal application of such arbitrary laws could have practical consequences for the thousands of overseas Pakistanis working in the IT and infosecurity industries, as well for those in the Pakistan diaspora who wish to publicly critique Pakistani policies. It also continues the global jurisdictional trainwreck that surrounds digital issues, where every country demands that its laws apply and must be enforced across a  borderless Internet.</p> <p>Applying what has been described as <a href="https://www.eff.org/deeplinks/2015/11/deeper-look-inside-pecb-pakistans-terrible-cyber-crime-bill">"the worst piece of cyber-crime legislation in the world"</a> <em>to</em> the world is a bold ambition, and the current Pakistani government's reach may well have exceeded its grasp, both under international law and its own constitutional limits. The broad coalition who fought PECB in the legislature will now <a href="https://arstechnica.co.uk/tech-policy/2016/08/pakistan-cyber-law-faces-legal-challenge/">seek to challenge it in the courts</a>.</p> <p>But until they win, Pakistan has overlaid yet another layer of vague and incompatible crimes over the Internet, and its own far-flung citizenry.</p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=The%20Global%20Ambitions%20of%20Pakistan%27s%20New%20Cyber-Crime%20Act&amp;url=https%3A//www.eff.org/deeplinks/2016/08/global-ambitions-pakistans-new-cyber-crime-act&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=The%20Global%20Ambitions%20of%20Pakistan%27s%20New%20Cyber-Crime%20Act&amp;u=https%3A//www.eff.org/deeplinks/2016/08/global-ambitions-pakistans-new-cyber-crime-act" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/global-ambitions-pakistans-new-cyber-crime-act" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=The%20Global%20Ambitions%20of%20Pakistan%27s%20New%20Cyber-Crime%20Act&amp;url=https%3A//www.eff.org/deeplinks/2016/08/global-ambitions-pakistans-new-cyber-crime-act" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Thu, 18 Aug 2016 22:13:12 +0000 Danny O&#039;Brien 92689 at https://www.eff.org Legislative Analysis Coders' Rights Project International Mandatory Data Retention https://www.eff.org/deeplinks/2016/08/california-lawmaker-pulls-digital-currency-bill-after-eff-opposition <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>For the second year in a row, EFF and a coalition of virtual currency and consumer protection organizations have beaten back a California bill that would have created untenable burdens for the emerging cryptocurrency community.</p> <p>This week, the author of <a href="https://leginfo.legislature.ca.gov/faces/billCompareClient.xhtml?bill_id=201520160AB1326">A.B. 1326</a>, Assemblymember Matt Dababneh withdrew the bill from consideration, <a href="https://asmdc.org/members/a45/news-room/press-releases/assemblymember-dababneh-issues-statement-on-the-regulation-of-virtual-currency">saying in a statement</a>:</p> <blockquote><p>Unfortunately, the current bill in print does not meet the objectives to create a lasting regulatory framework that protects consumers and allows this industry to thrive in our state. More time is needed and these conversations must continue in order for California to be at the forefront of this effort.</p></blockquote> <p>State lawmakers were poised to quickly jam through an amended version of a digital currency licensing bill­ with new provisions that were even worse than last year’s version.</p> <p>As in the previous version, the bill required a “digital currency business” to get approval from the state before operating in California and also comply with regulations similar to those applicable to banks and money transmitters. The amended bill, however, was so carelessly drafted that it would have forced Bitcoin miners, video game makers, and even digital currency users to register with a state agency and be subject to the new regulations.</p> <p>Worse, the bill failed to accomplish its intent—protecting consumers—because it would have limited the number of digital currency options available to Californians.</p> <p>EFF is grateful that Assemblymember Dababneh recognized there were problems with the legislation and put the brakes on sending it through the legislature as its session winds down.</p> <p>That said, the bill demonstrates that there are still too many technical and policy gaps in the current thinking about digital currencies and the need for regulation.</p> <p>EFF <a href="https://www.eff.org/deeplinks/2015/08/license-kill-innovation-why-ab-1326-californias-bitcoin-license-bad-business">continues to believe</a> that before lawmakers anywhere consider legislation regulating digital currencies, they need to better understand the technology at issue as well as demonstrating how the legislation actually benefits consumers. The California bill unfortunately failed in both respects.</p> <h3>A.B. 1326 Would Have Hurt Consumers</h3> <p>First, as EFF’s <a href="https://www.eff.org/files/2016/08/18/eff_letter_-_oppose_ab_1326_aug._2016_-_final_.pdf">opposition letter</a> to A.B. 1326 stated, the bill’s goal to protect consumers would have ironically been frustrated by the legislation, as it would have restricted access to currencies that benefit consumers in ways that non-digital currencies do not.</p> <p>Many digital currencies allow individuals to directly transact with one another even when they do not know or trust each other. These currencies have significant benefits to consumers as they eliminate the third parties needed in non-digital transactions that can often be the sources of fraud or other consumer harm.</p> <p>Further, intermediaries in traditional currency transactions, such as payment processers, are often the targets of <a href="https://www.eff.org/fr/deeplinks/2015/12/sheriffs-threats-against-credit-card-companies-violate-first-amendment">financial censorship</a>, which ultimately inhibits people’s ability to support controversial causes or organizations.</p> <p>Because the bill would have allowed California’s Department of Business Oversight to determine which digital currency businesses operated in California, the government would have been deciding which currencies and businesses could be used, rather than consumers. This would have significantly limited Californians’ digital currency options, to their detriment.</p> <h3>A.B. 1326’s Vague Terms Would Have Required Consumers to Register</h3> <p>The bill was also written in a manner that failed to grasp how digital currencies work, leading to broad definitions of “digital currency business” that would have regulated not just businesses transacting on behalf of digital currency users, but the users themselves.</p> <p>There were many vague definitions in the bill. Take for example, a provision requiring anyone who transmits digital currencies to another person to register and comply with its complex regulations.</p> <p>Digital currency users often directly transmit digital currency value to others without any intermediary, meaning those users would have been subject to the regulations even though they are merely using a digital currency. Additionally, despite the bill purporting to have an exemption for parties such as Bitcoin miners, they would also have to register because in appending transactions to the Blockchain, they could be viewed as transmitting digital currency.</p> <p>The bill also would have required video game makers who offer in-game digital currency or goods to register, as the exemption for such activity is limited to items or currency that have no value outside of the game. The reality is that many items and currencies within games often have independent markets in which players buy, sell, or exchange items, regardless of whether a game maker allows for those transactions. Those game makers, however, would have to obtain a license under the bill even though they often do not control the outside markets. The bill would have also created roadblocks for video game companies who offer in-game currency that can be used to buy real world items, such as T-shirts or stickers.</p> <p>Additionally, the bill contained no exemption for start-ups or smaller companies innovating digital currencies, giving established currencies such as Bitcoin and its more sophisticated industry a leg up over competition.</p> <p>The many problems with the bill would ultimately have been bad for the state, as it would have pushed innovation elsewhere and chilled a young and quickly evolving industry.</p> <p>EFF recognizes that there are risks for consumers using digital currencies and appreciates lawmakers interested in addressing them.  We think any legislative response, however, should be based on a better understanding of the state of digital currencies and narrowly focused on the situations that pose risks for consumers. Such an approach would preserve space for innovation in the industry while still protecting users.</p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=California%20Lawmaker%20Pulls%20Digital%20Currency%20Bill%20After%20EFF%20Opposition&amp;url=https%3A//www.eff.org/deeplinks/2016/08/california-lawmaker-pulls-digital-currency-bill-after-eff-opposition&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=California%20Lawmaker%20Pulls%20Digital%20Currency%20Bill%20After%20EFF%20Opposition&amp;u=https%3A//www.eff.org/deeplinks/2016/08/california-lawmaker-pulls-digital-currency-bill-after-eff-opposition" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/california-lawmaker-pulls-digital-currency-bill-after-eff-opposition" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=California%20Lawmaker%20Pulls%20Digital%20Currency%20Bill%20After%20EFF%20Opposition&amp;url=https%3A//www.eff.org/deeplinks/2016/08/california-lawmaker-pulls-digital-currency-bill-after-eff-opposition" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Thu, 18 Aug 2016 16:52:19 +0000 Aaron Mackey 92691 at https://www.eff.org https://www.eff.org/deeplinks/2016/08/civil-liberties-groups-file-fcc-complaint-arguing-baltimore-police-are-illegally <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><b><i>Civil Rights Groups Urge FCC to Issue Enforcement Action Prohibiting Law Enforcement Agencies From Illegally Using Stingrays<br /></i></b></p> <p>This week the <a class="eff-blue" target="_blank" title="Center for Media Justice" href="https://centerformediajustice.org/">Center for Media Justice</a>, <a class="eff-blue" target="_blank" title="Color of Change" href="https://www.colorofchange.org/">ColorOfChange.org</a>, and <a class="eff-blue" target="_blank" title="Open Technology Institute" href="https://www.newamerica.org/oti/">New America’s Open Technology Institute</a> filed <a href="https://s3.documentcloud.org/documents/3015561/CS-Simulators-Complaint.pdf">a complaint</a> with the Federal Communications Commission alleging the Baltimore police are violating the federal Communications Act by using cell site simulators, also known as Stingrays, that disrupt cellphone calls and interfere with the cellular network—and are doing so in a way that has a disproportionate impact on communities of color.</p> <p>Stingrays operate by <a href="https://www.justice.gov/opa/file/767321/download">mimicking a cell tower</a> and directing all cellphones in a given area to route communications through the Stingray instead of the nearby tower. They are especially pernicious surveillance tools because they collect information on every single phone in a given area—not just the suspect’s phone—this means they allow the police to conduct indiscriminate, dragnet searches. They are also able to locate people inside traditionally-protected private spaces like homes, doctors’ offices, or places of worship. Stingrays can also be configured to capture the <a href="https://www.justice.gov/sites/default/files/criminal/legacy/2014/10/29/elec-sur-manual.pdf">content of communications</a>.</p> <p>Because Stingrays operate on the same spectrum as cellular networks but are not actually transmitting communications the way a cell tower would, they interfere with cell phone communications within as much as a <a href="https://www.theglobeandmail.com/news/national/rcmp-listening-tool-capable-of-knocking-out-911-calls-memoreveals/article29672075/">500 meter radius</a> of the device (Baltimore’s devices may be limited to 200 meters). This means that any important phone call placed or text message sent within that radius may not get through. As the complaint notes, “[d]epending on the nature of an emergency, it may be urgently necessary for a caller to reach, for example, a parent or child, doctor, psychiatrist, school, hospital, poison control center, or suicide prevention hotline.” But these and <a href="https://www.theglobeandmail.com/news/national/rcmp-listening-tool-capable-of-knocking-out-911-calls-memoreveals/article29672075/">even 911 calls</a> could be blocked.</p> <p><img src="/files/2016/08/16/stingray_200m_radius.png" alt="Stingrays Cause 200 Meter Radius of Cell Phone Disruption" height="580" width="571" /></p> <p>The Baltimore Police Department could be among the most prolific users of cell site simulator technology in the country. A Baltimore detective testified last year that the BPD used Stingrays <a href="https://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-ci-stingray-case-20150408-story.html">4,300 times</a> between 2007 and 2015. Like other law enforcement agencies, Baltimore has used its devices for <a href="https://www.usatoday.com/story/news/2015/08/23/baltimore-police-stingray-cell-surveillance/31994181/">major and minor crimes</a>—everything from trying to locate a man who had kidnapped two small children to trying to find another man who took his wife’s cellphone during an argument (and later returned it). According to logs obtained by <i>USA Today</i>, the Baltimore PD also <a href="https://assets.documentcloud.org/%20documents/2287407/cell-site-data-request-060815-bds-2.pdf">used </a>its Stingrays to locate witnesses, to investigate unarmed robberies, and for mysterious “other” purposes. And like <a href="https://www.thenewstribune.com/news/local/crime/article25894096.html">other law enforcement agencies</a>, the Baltimore PD has regularly withheld information about Stingrays from defense attorneys, judges, and the public.</p> <p>Moreover, according to the FCC complaint, the Baltimore PD’s use of Stingrays disproportionately impacts African American communities. Coming on the heels of a scathing <a href="https://www.justice.gov/opa/file/883366/download">Department of Justice report</a> finding “BPD engages in a pattern or practice of conduct that violates the Constitution or federal law,” this may not be surprising, but it still should be shocking. The DOJ’s investigation found that BPD not only regularly makes unconstitutional stops and arrests and uses excessive force within African-American communities but also retaliates against people for constitutionally protected expression, and uses enforcement strategies that produce “severe and unjustified disparities in the rates of stops, searches and arrests of African Americans.”</p> <p>Adding Stingrays to this mix means that these same communities are subject to more surveillance that <a href="https://centerformediajustice.org/wp-content/uploads/2016/07/Relentless-Eye.pdf">chills speech</a> and are less able to make 911 and other emergency calls than communities where the police aren’t regularly using Stingrays. A map included in the FCC complaint shows exactly how this is impacting Baltimore’s African-American communities. It plots hundreds of addresses where <i>USA Today</i> discovered BPD was using Stingrays over a map of Baltimore’s black population based on 2010 Census data included in the DOJ’s recent report:</p> <p><img src="/files/2016/08/16/baltimore_stingray_map.png" alt="Map of Baltimore PD Stingray Use in Black Communities" height="627" width="558" /></p> <p>The Communications Act gives the FCC the <a href="https://www.fcc.gov/about/overview">authority to regulate</a> radio, television, wire, satellite, and cable communications in all 50 states, the District of Columbia and U.S. territories. This includes being responsible for <a href="https://www.fcc.gov/%20general/jammer-enforcement">protecting cellphone networks from disruption</a> and ensuring that emergency calls can be completed under any circumstances. And it requires the FCC to ensure that access to networks is available “to all people of the United States, without discrimination on the basis of race, color, religion, national origin, or sex.” Considering that the spectrum law enforcement is utilizing without permission is public property leased to private companies for the purpose of providing them next generation wireless communications, it goes without saying that the FCC has a duty to act.</p> <p>The FCC must protect the American people from law enforcement practices that disrupt emergency communications and unconstitutionally discriminate against communities based on race. The FCC is charged with safeguarding the public's interest in transparency and equality of access to communication over the airwaves. Please join us in calling on the FCC to enforce the Communications Act and put an end to widespread network interference by the rampant unauthorized transmissions of the BPD's illegal use of stingray technology.</p> <p>But we should not assume that the Baltimore Police Department is an outlier—EFF has found that law enforcement has been <a href="https://www.eff.org/deeplinks/2016/04/eff-and-aclu-expose-governments-secret-stingray-use-wisconsin-case">secretly using stingrays</a> for years and <a href="https://www.eff.org/deeplinks/2015/01/2014-review-stingrays-go-mainstream">across the country</a>. No community should have to speculate as to whether such a powerful surveillance technology is being used on its residents. Thus, we also <a href="https://act.eff.org/action/tell-fcc-to-enforce-its-rules-against-police-using-stingrays">ask the FCC</a> to engage in a rule-making proceeding that addresses not only the problem of harmful interference but also the duty of every police department to use Stingrays in a constitutional way, and to publicly disclose—not hide—the facts around acquisition and use of this powerful wireless surveillance technology. </p> <p>Anyone can support the complaint by <a href="https://act.eff.org/action/tell-fcc-to-enforce-its-rules-against-police-using-stingrays">tweeting at FCC Commissioners</a> or by signing the petitions hosted by <a class="eff-blue" target="_blank" title="Color of Change petition" href="https://colorofchange.org/campaigns/end-cell-phone-surveillance/">Color of Change</a> or <a class="eff-blue" target="_blank" title="MAG-Net petition" href="https://action.mag-net.org/baltimore_stingray">MAG-Net</a>.</p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/us-v-damian-patrick">U.S. v. Damian Patrick </a></div><div class="field-item odd"><a href="/cases/state-maryland-v-kerron-andrews">State of Maryland v. Kerron Andrews</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Civil%20Rights%20Coalition%20files%20FCC%20Complaint%20Against%20Baltimore%20Police%20Department%20for%20Illegally%20Using%20Stingrays%20to%20Disrupt%20Cellular%20Communications&amp;url=https%3A//www.eff.org/deeplinks/2016/08/civil-liberties-groups-file-fcc-complaint-arguing-baltimore-police-are-illegally&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Civil%20Rights%20Coalition%20files%20FCC%20Complaint%20Against%20Baltimore%20Police%20Department%20for%20Illegally%20Using%20Stingrays%20to%20Disrupt%20Cellular%20Communications&amp;u=https%3A//www.eff.org/deeplinks/2016/08/civil-liberties-groups-file-fcc-complaint-arguing-baltimore-police-are-illegally" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/civil-liberties-groups-file-fcc-complaint-arguing-baltimore-police-are-illegally" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Civil%20Rights%20Coalition%20files%20FCC%20Complaint%20Against%20Baltimore%20Police%20Department%20for%20Illegally%20Using%20Stingrays%20to%20Disrupt%20Cellular%20Communications&amp;url=https%3A//www.eff.org/deeplinks/2016/08/civil-liberties-groups-file-fcc-complaint-arguing-baltimore-police-are-illegally" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Thu, 18 Aug 2016 01:18:30 +0000 Jennifer Lynch 92673 at https://www.eff.org Commentary Privacy Locational Privacy https://www.eff.org/deeplinks/2016/08/tell-your-university-dont-sell-patents-trolls <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><a href="/reclaim-invention"><img src="/files/2016/08/03/og-reclaim-invention.png" height="325" width="650" /></a>When universities invent, those inventions should benefit everyone. Unfortunately, they sometimes end up in the hands of patent trolls—companies that serve no purpose but to amass patents and demand money from others. When a university sells patents to trolls, it undermines the university’s purpose as a driver of innovation. Those patents become landmines that make innovation more difficult.</p> <p>A few weeks ago, we wrote about the problem of <a href="/deeplinks/2016/07/patents-next-open-access-fight">universities selling or licensing patents to trolls</a>. We said that the only way that universities will change their patenting and technology transfer policies is if students, professors, and other members of the university community start demanding it.</p> <p>It’s time to start making those demands.</p> <p>We’re launching <a href="/reclaim-invention">Reclaim Invention</a>, a new initiative to urge universities to rethink how they use patents. If you think that universities should keep their inventions away from the hands of patent trolls, then <a href="/reclaim-invention">use our form to tell them</a>.</p> <p>EFF is proud to partner with <a href="https://creativecommons.org/">Creative Commons</a>, <a href="https://www.engine.is/">Engine</a>, <a href="https://www.fightforthefuture.org/">Fight for the Future</a>, <a href="https://www.keionline.org/">Knowledge Ecology International</a>, and <a href="https://www.publicknowledge.org/">Public Knowledge</a> on this initiative.</p> <p class="eff_digital_voices-take_action"><a href="/reclaim-invention"><img src="/sites/all/modules/custom/eff_digital_voices/plugins/take_action/images/button.png" alt="Take Action" title="Take Action" class="eff_digital_voices-take_action" /><strong>Tell your university: Don’t sell patents to trolls.</strong></a></p> <h3>A Simple Promise to Defend Innovation</h3> <p>Central to our initiative is the <a href="/reclaim-invention/pledge">Public Interest Patent Pledge</a> (PIPP), a pledge we hope to see university leadership sign. The pledge says that before a university sells or licenses a patent, it will first check to make sure that the potential buyer or licensee doesn’t match the profile of a patent troll:</p> <blockquote><p>When determining what parties to sell or license patents to, [<i>School name</i>] will take appropriate steps to research the past practices of potential buyers or licensees and favor parties whose business practices are designed to benefit society through commercialization and invention. We will strive to ensure that any company we sell or license patents to does not have a history of litigation that resembles patent trolling. Instead, we will partner with those who are actively working to bring new technologies and ideas to market, particularly in the areas of technology that those patents inhabit.</p></blockquote> <p>One of our sources of inspiration for the pledge was the technology transfer community itself. In 2007, the Association of University Technology Managers (AUTM) released a document called <a href="https://www.autm.net/advocacy-topics/government-issues/principles-and-guidelines/nine-points-to-consider-when-licensing-university/">Nine Points to Consider</a>, which advocates transferring to companies that are actively working in the same fields of technology the patents cover, not those that will simply use them to demand licensing fees from others. More recently, the Association of American Universities (AAU) launched a working group on technology transfer policy, and <a href="https://www.eff.org/files/2016/08/17/aau_patent_tech_transfer_working_group_statement.pdf">that group’s early recommendations closely mirror AUTM’s</a> (PDF). EFF has often found itself on the opposite side of policy fights from AUTM and AAU, but we largely agree with them on this issue that something needs to change.</p> <p>Despite that good advice, many research universities continue to sell patents to trolls. Just a few weeks ago, we wrote about My Health, a company that appears to do nothing but file patent and trademark lawsuits. Its primary weapon is a patent from the University of Rochester. Rochester isn’t alone: <a href="https://www.nature.com/news/universities-struggle-to-make-patents-pay-1.13811">dozens of universities regularly license patents</a> to the notorious mega-troll Intellectual Ventures.</p> <p>Good intentions and policy statements won’t solve the problem. Universities will change when students, professors, and alumni insist on it.</p> <h3>Local Organizers: You Can Make a Difference</h3> <p>We’re targeting this campaign at every college and university in the United States, from flagship state research institutions to liberal arts colleges. Why? Because patents affect everyone. The licensing decisions that universities make today will strengthen or sabotage the next generation of inventors and innovators. Together, we can make a statement that universities want more innovation-friendly laws and policies nationwide.</p> <p>It would be impossible for any one organization to persuade every college and university to sign the pledge, so we’re turning to our network of local activists in the <a href="/fight">Electronic Frontier Alliance</a> and beyond.</p> <p>We’ve designed our petition to make it easy for local organizers to share the results with university leadership. For example, <a href="https://act.eff.org/action/reclaim-invention/university-of-south-dakota">here are all of the people who’ve signed the petition</a> with a connection to the University of South Dakota. If you volunteer for the USD digital civil liberties club—or if you’ve been looking to start it—then your group could write a letter to university leadership urging them to sign the pledge, and include the names of all of the signatories. We’re eager to work with you to make sure your voice is heard. You can <a href="https://www.eff.org/about/staff/elliot-harmon">write me directly</a> with any questions.</p> <p>Reclaim Invention represents a new type of EFF campaign. This is the first time we’ve launched a campaign targeting thousands of local institutions at once. It’s a part of our ongoing work to unite the efforts of grassroots digital rights activists across the country. Amazing things can happen when local activists coordinate their efforts.</p> <p class="eff_digital_voices-take_action"><a href="/reclaim-invention"><img src="/sites/all/modules/custom/eff_digital_voices/plugins/take_action/images/button.png" alt="Take Action" title="Take Action" class="eff_digital_voices-take_action" /><strong>Tell your university: Don’t sell patents to trolls.</strong></a></p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Tell%20Your%20University%3A%20Don%27t%20Sell%20Patents%20to%20Trolls&amp;url=https%3A//www.eff.org/deeplinks/2016/08/tell-your-university-dont-sell-patents-trolls&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Tell%20Your%20University%3A%20Don%27t%20Sell%20Patents%20to%20Trolls&amp;u=https%3A//www.eff.org/deeplinks/2016/08/tell-your-university-dont-sell-patents-trolls" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/tell-your-university-dont-sell-patents-trolls" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Tell%20Your%20University%3A%20Don%27t%20Sell%20Patents%20to%20Trolls&amp;url=https%3A//www.eff.org/deeplinks/2016/08/tell-your-university-dont-sell-patents-trolls" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Wed, 17 Aug 2016 22:18:43 +0000 Elliot Harmon 92680 at https://www.eff.org Call To Action Fair Use and Intellectual Property: Defending the Balance Patents Reclaim Invention https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><img src="/files/2016/08/16/og-windows10.gif" alt=" A Deep Dive " height="325" width="650" />Microsoft had an ambitious goal with the launch of Windows 10: a billion devices running the software by the <a href="https://www.bbc.com/news/technology-36824687">end of 2018</a>. In its quest to reach that goal, the company aggressively pushed Windows 10 on its users and went so far as to offer free upgrades for a whole year. However, the company’s strategy for user adoption has trampled on essential aspects of modern computing: user choice and privacy. We think that’s wrong.</p> <p>You don’t need to search long to come across stories of people who are horrified and amazed at just how far Microsoft has gone in order to increase Windows 10’s install base. Sure, there is some <a href="https://www.zdnet.com/article/when-it-comes-to-windows-10-privacy-dont-trust-amateur-analysts/">misinformation</a> and hyperbole, but there are also some real concerns that current and future users of Windows 10 should be aware of. As the company is currently rolling out its “Anniversary Update” to Windows 10, we think it’s an appropriate time to focus on and examine the company’s strategy behind deploying Windows 10.</p> <h3>Disregarding User Choice</h3> <p>The tactics Microsoft employed to get users of earlier versions of Windows to upgrade to Windows 10 went from annoying to downright malicious. Some highlights: Microsoft installed an app in users’ system trays advertising the free upgrade to Windows 10. The app couldn’t be easily hidden or removed, but some enterprising users <a href="https://www.pcworld.com/article/3014238/windows/get-windows-10-prompt-adopts-malware-like-tactics-to-trick-you-into-upgrading.html">figured out a way</a>. Then, the company kept <a href="https://www.pcworld.com/article/3024278/windows/you-will-upgrade-to-windows-10-inside-microsofts-strong-arm-upgrade-tactics.html">changing the app</a> and bundling it into various security patches, creating a cat-and-mouse game to uninstall it.</p> <p>Eventually, Microsoft started pushing Windows 10 via its Windows Update system. It started off by pre-selecting the download for users and downloading it on their machines. Not satisfied, the company eventually made Windows 10 a <a href="https://www.computerworld.com/article/3029664/microsoft-windows/microsoft-pushes-windows-10-upgrade-using-tactic-it-once-called-a-mistake.html">recommended update</a> so users receiving critical security updates were now also downloading an entirely new operating system onto their machines without their knowledge. Microsoft even rolled in the Windows 10 ad as part of an Internet Explorer <a href="https://www.infoworld.com/article/3042155/microsoft-windows/windows-patch-kb-3139929-when-a-security-update-is-not-a-security-update.html">security patch</a>. <span>Suffice to say, this is not the standard when it comes to security updates, and isn’t how most users expect them to work. When installing security updates, users expect to patch their existing operating system, and not see an advertisement or find out that they have downloaded an entirely new operating system in the process.</span></p> <p>In May 2016, in an action designed in a way we think was highly deceptive, Microsoft actually changed the expected behavior of a dialog window, a user interface element that’s been around and acted the same way since the birth of the modern desktop. Specifically, when prompted with a Windows 10 update, if the user chose to decline it by hitting the ‘X’ in the upper right hand corner, Microsoft <a href="https://www.pcworld.com/article/3073457/windows/how-microsofts-nasty-new-windows-10-pop-up-tricks-you-into-upgrading.html">interpreted</a> that as <em>consent </em>to download Windows 10. </p> <p>Time after time, with each update, Microsoft chose to employ questionable tactics to cause users to download a piece of software that many didn’t want. What users actually wanted didn’t seem to matter. In an extreme case, members of a wildlife conservation group in the African jungle felt that the automatic download of Windows 10 on a limited bandwidth connection could have <a href="https://www.reddit.com/r/technology/comments/4mcdon/i_live_in_the_central_african_bush_we_pay_for/">endangered their lives</a> if a forced upgrade had begun during a mission.</p> <h3>Disregarding User Privacy</h3> <p>The trouble with Windows 10 doesn’t end with forcing users to download the operating system. Windows 10 sends an unprecedented amount of usage data back to Microsoft, particularly if users opt in to “personalize” the software using the OS assistant called <a href="https://en.wikipedia.org/wiki/Cortana_(software)">Cortana</a>. Here’s a non-exhaustive list of data sent back: location data, text input, voice input, touch input, webpages you visit, and telemetry data regarding your general usage of your computer, including which programs you run and for how long.</p> <p>While we understand that many users find features like Cortana useful, and that such features would be difficult (though <a href="https://techcrunch.com/2016/06/14/differential-privacy/">not necessarily impossible</a>) to implement in a way that doesn’t send data back to the cloud, the fact remains that many users would much <a href="https://www.windowscentral.com/how-turn-cortana-and-stop-personal-data-gathering-windows-10">prefer</a> not to use these features in exchange for maintaining their privacy.</p> <p>And while users can disable some of these settings, it is not a guarantee that your computer will <a href="https://arstechnica.co.uk/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">stop talking</a> to Microsoft’s servers. A significant issue is the telemetry data the company receives. While Microsoft insists that it <a href="https://blogs.windows.com/windowsexperience/2015/09/28/privacy-and-windows-10/">aggregates and anonymizes</a> this data, it hasn’t explained just how it does so. Microsoft also won’t say how long this data is retained, instead providing only <a href="https://www.zdnet.com/article/windows-10-telemetry-secrets/">general timeframes</a>. Worse yet, unless you’re an enterprise user, no matter what, you <em>have to </em>share at least some of this telemetry data with Microsoft <em>and there’s no way to opt-out of it</em>.</p> <p>Microsoft has tried to <a href="https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-telemetry-in-your-organization">explain</a> this lack of choice by saying that Windows Update won’t function properly on copies of the operating system with telemetry reporting turned to its lowest level. In other words, Microsoft is claiming that giving ordinary users more privacy by letting them turn telemetry reporting down to its lowest level would risk their security since they would no longer get security updates<a class="see-footnote" id="footnoteref1_481x68f" title="Confusingly, Microsoft calls the lowest level of telemetry reporting (which is not available on Home or Professional editions of Windows 10) the “security” level—even though it prevents security patches from being delivered via Windows Update." href="#footnote1_481x68f">1</a>. (Notably, this is not something many articles about Windows 10 have touched on.)</p> <p>But this is a <em>false</em> <em>choice</em> that is entirely of Microsoft’s own creation. There’s no good reason why the types of data Microsoft collects at each telemetry level couldn’t be adjusted so that even at the lowest level of telemetry collection, users could still benefit from Windows Update and secure their machines from vulnerabilities, without having to send back things like app usage data or unique IDs like an IMEI number.</p> <p>And if this wasn’t bad enough, Microsoft’s questionable upgrade tactics of bundling Windows 10 into various levels of security updates have also managed to lower users’ trust in the necessity of security updates. Sadly, this has led some people to <a href="https://www.pcworld.com/article/3075729/windows/fearing-forced-windows-10-upgrades-users-are-disabling-critical-updates-at-their-own-risk.html">forgo security updates</a> entirely, meaning that there are users whose machines are at risk of being attacked.</p> <p class="MsoNormal">There’s no doubt that Windows 10 has some great <a href="https://www.pcworld.com/article/3107611/security/respect-windows-10-security-impresses-hackers.html">security improvements</a> over previous versions of the operating system. But it’s a shame that Microsoft made users choose between having privacy and security.</p> <h3>The Way Forward</h3> <p>Microsoft should come clean with its user community. The company needs to acknowledge its missteps and offer real, meaningful opt-outs to the users who want them, preferably in a single unified screen. It also needs to be straightforward in separating security updates from operating system upgrades going forward, and not try to bypass user choice and privacy expectations.</p> <p>Otherwise it will face backlash in the form of <a href="https://www.pcworld.com/article/3101396/windows/microsoft-faces-two-new-lawsuits-over-aggressive-windows-10-upgrade-tactics.html">individual lawsuits</a>, <a href="https://www.rocklandtimes.com/2016/07/09/ombudsman-alert-new-york-ag-to-pursue-case-against-microsoft-for-windows-10-forced-upgrade/">state attorney general investigations</a>, and <a href="https://www.cnil.fr/en/windows-10-cnil-publicly-serves-formal-notice-microsoft-corporation-comply-french-data-protection">government investigations</a>.</p> <p>We at EFF have heard from many users who have asked us to <a href="https://www.change.org/p/the-electonic-frontier-foundation-have-the-eff-investigate-microsoft-for-malicious-practices-regarding-windows-10">take action</a>, and we urge Microsoft to listen to these concerns and incorporate this feedback into the next release of its operating system. Otherwise, Microsoft may find that it has inadvertently discovered just how far it can push its users before they abandon a once-trusted company for a better, more privacy-protective solution.</p> <div> </div> <div> </div> <div> </div> <div> </div> <div> <p><em>Correction: an earlier version of the blogpost implied that data collection related to Cortana was opt-out, when in fact the service is opt in.</em></p> </div> <ul class="footnotes"><li class="footnote" id="footnote1_481x68f"><a class="footnote-label" href="#footnoteref1_481x68f">1.</a> Confusingly, Microsoft calls the lowest level of telemetry reporting (which is not available on Home or Professional editions of Windows 10) the “security” level—even though it prevents security patches from being delivered via Windows Update.</li> </ul><script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=With%20Windows%2010%2C%20Microsoft%20Blatantly%20Disregards%20User%20Choice%20and%20Privacy%3A%20A%20Deep%20Dive&amp;url=https%3A//www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=With%20Windows%2010%2C%20Microsoft%20Blatantly%20Disregards%20User%20Choice%20and%20Privacy%3A%20A%20Deep%20Dive&amp;u=https%3A//www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=With%20Windows%2010%2C%20Microsoft%20Blatantly%20Disregards%20User%20Choice%20and%20Privacy%3A%20A%20Deep%20Dive&amp;url=https%3A//www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Wed, 17 Aug 2016 14:12:52 +0000 Amul Kalia 92666 at https://www.eff.org Commentary Privacy Security https://www.eff.org/deeplinks/2016/08/demand-california-fix-calgang-its-deeply-flawed-gang-database <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>CalGang is a joke.</p> <p>California’s gang database contains data on more than 150,000 people that police believe are associated with gangs, often based on the flimsiest of evidence. Law enforcement officials would have you believe that it’s crucial to their jobs, that they use it ever so responsibly, and that it would never, ever result in unequal treatment of people of color.</p> <p>But you shouldn’t take their word for it. And you don’t have to take ours either, or the dozens of other civil rights organizations calling for a CalGang overhaul. But you should absolutely listen to the <a href="https://www.eff.org/document/calgang-audit">California State Auditor’s investigation</a>.</p> <p>The state’s top CPA, Elaine Howle, cracked open the books and crunched the numbers as part of an audit:</p> <blockquote><p>This report concludes that CalGang’s current oversight structure does not ensure that law enforcement agencies (user agencies) collect and maintain criminal intelligence in a manner that preserves individuals’ privacy rights.</p></blockquote> <p><i>Brutal.</i>  But then there was more. </p> <p>She wrote that CalGang receives “no state oversight” and operates “without transparency or meaningful opportunities for public input.”</p> <p>She found that agencies couldn’t legitimize 23 percent of CalGang entries she reviewed. Thirteen out of 100 people had no substantiated reason for being in the database.</p> <p>She found that law enforcement had ignored a five-year purging policy for more than 600 people, often extending the purge date to more than 100 years. They also frequently disregarded a law requiring police to notify the parents of minors before adding them to CalGang. </p> <p>She found that there was “little evidence” that CalGang had met standards for protecting privacy and other constitutional rights.</p> <p>As a result, user agencies are tracking some people in CalGang without adequate justification, potentially violating their privacy rights.</p> <p>And then the other shoe dropped:</p> <blockquote><p>Further, by not reviewing information as required, CalGang’s governance and user agencies have diminished the system’s crime-fighting value.</p></blockquote> <p>To recap the audit: CalGang violates people’s rights, operates with no oversight, is chockfull of unsubstantiated information and data that should have been purged, and has diminished value in protecting public safety.</p> <p>Assemblymember Shirley Weber has the start of a solution: <a href="https://leginfo.legislature.ca.gov/faces/billCompareClient.xhtml?bill_id=201520160AB2298">A.B. 2298.</a>  </p> <p>This bill would write into law all new transparency and accountability measures for the controversial CalGang database and at least 11 other gang databases managed by local law enforcement agencies in California.</p> <p>For example:</p> <ul><li>Law enforcement would be required to notify you if they intend to add you to the database.</li> <li>You would have the opportunity to challenge your inclusion in a gang database.</li> <li>Law enforcement agencies would have to produce transparency reports for anyone to look at with statistics on CalGang additions, removals, and demographics.</li> </ul><p>EFF has joined dozens of civil rights groups like the Youth Justice Coalition to support this bill. If you live in California, please join us by emailing Gov. Jerry Brown to encourage him to sign A.B. 2298 into law. </p> <p class="eff_digital_voices-take_action"><img src="/sites/all/modules/custom/eff_digital_voices/plugins/take_action/images/button.png" alt="Take Action" title="Take Action" class="eff_digital_voices-take_action" /><strong><a href="https://action.eff.org/o/9042/p/dia/action3/common/public/?action_KEY=10367">Support Reform of California's Gang Databases</a></strong></p> <p><i>Updated Aug. 31, 2016: The bill passed out of the legislature on Aug. 29. This post has been edited to reflect this development. </i></p> <p>Here are some other things you should know about CalGang.</p> <h3>What is CalGang?</h3> <p><a href="https://oag.ca.gov/calgang">CalGang</a> is a data collection system used by law enforcement agencies to house information on suspected gang members. At last count, CalGang contained data on more than 150,000 people. As of 2016, the CalGang database is accessible by more than 6,000 law enforcement officers across the state from the laptops in their patrol vehicles.</p> <p>As the official A.B. 2298 legislative analysis explains:</p> <blockquote><p>The CalGang system database, which is housed by the [California Department of Justice, is accessed by law enforcement officers in 58 counties and includes 200 data fields containing personal, identifying information such as age, race, photographs, tattoos, criminal associates, addresses, vehicles, criminal histories, and activities.</p></blockquote> <p>Something as simple as living on a certain block can label you as a possible Crip or Hell’s Angel, subjecting you to increased surveillance, police harassment, and gang injunctions. Police use the information in the database to justify an arrest, and prosecutors use it to support their request for maximum penalties.</p> <p>Many of the Californians included in the CalGang database <a href="https://www.revealnews.org/article/you-may-be-in-californias-gang-database-and-not-even-know-it/">don’t know they’re on it</a>. What’s worse: If you’re an adult on the list, you have no right to know you’re on it or to challenge your inclusion. Law enforcement agencies have lobbied aggressively to block legislation that would make the CalGang data more accessible to the public.</p> <h3>How Does CalGang Work?</h3> <p>In use for almost 20 years, CalGang holds information collected by beat officers during traffic stops and community patrols. The officers fill out Field Identification Cards with details supporting their suspicions, which can include pictures of the person’s tattoos and clothing. They can collect this information from any person at any time, no arrest necessary. The cards are then uploaded to CalGang at the discretion of the officer. Detectives also add to the database while mapping out connections and associations to the suspects they investigate. Any officer can access the information remotely at any time. So if, during the course of writing a fix-it ticket, an officer runs the driver’s name through the database and sees an entry, that officer can potentially formulate a bias against the driver.</p> <p>Ali Winston’s <a href="https://www.revealnews.org/article/you-may-be-in-californias-gang-database-and-not-even-know-it/">Reveal News article</a> about the horrors of CalGang shows how Facebook photos with friends can lead to criminal charges.</p> <p>Aaron Harvey, a 26-year-old club promoter in Las Vegas at the time, was arrested and taken back to his native city of San Diego. He was charged with nine counts of gang conspiracy to commit a felony due to the fact that a couple of his Facebook friends from the Lincoln Park neighborhood where he grew up were believed to be in a street gang. Police further suspected that those friends took part in nine shootings, all of which occurred after Harvey had moved to Nevada. Even though no suspects were ever charged in connection to the actual shootings, Harvey still spent eight months in jail before a judge dismissed the gang conspiracy charges against him as baseless. As a direct result of his unjust incarceration, he lost his job and his apartment in Las Vegas and had to move in with family in San Diego.</p> <p>Asked about his experience of gang classification systems, Harvey said,  “It’s like a virus that you have, that you don’t know you have… (Someone) infected me with this disease; now I have it, and there’s no telling how many other people I have infected.”</p> <h3>It’s Based on Subjective Observations</h3> <p>The criteria used for determining gang affiliation are <a href="https://oag.ca.gov/sites/all/files/agweb/pdfs/calgang/policy_procedure.pdf?">laughably broad</a>. Much of the information that is considered to be evidence of gang activity is open to personal interpretation: being seen with suspected gang members, wearing “gang dress”, making certain hand signs, or simply being called a gang member by, as the CalGang procedural manual states, an “untested informant”. The presence of two of these criteria is considered enough evidence for people to be included in the database for at least 5 years and subject to a possible <a href="https://www.aclunc.org/article/gang-injunctions-fact-sheet">gang injunction</a> (a court order that restricts where you can go and with whom you can interact). </p> <blockquote><p>A.B. 2298’s legislative analysis explains the flaw in this system.  </p> <p>[A]s a practical matter, it may be difficult for a minor, or a young-adult, living in a gang-heavy community to avoid qualifying criteria when the list of behaviors includes items such as “is in a photograph with known gang members,” “name is on a gang document, hit list or gang-related graffiti” or “corresponds with known gang members or writes and/or receives correspondence.” In a media-heavy environment, replete with camera phones and social network comments, it may be challenging for a teenager aware of the exact parameters to avoid such criteria, let alone a teenager unaware he or she is being held to such standards.</p></blockquote> <p>As we saw with Aaron Harvey, meeting three of the criteria can get you a gang conspiracy charge.</p> <h3>It’s Racially Biased</h3> <p><b> </b>Patrol officers, because they directly engage the public during their daily beat, make many of the entries. The problem is that communities of color tend to be heavily policed in the first place. In a state that is 45% black and brown, Hispanic and African-American individuals make up <a href="https://www.revealnews.org/article/you-may-be-in-californias-gang-database-and-not-even-know-it/">85% of the CalGang database</a>. In a country where people of color are already targeted and criminally prosecuted at disproportionately higher rates, having a database that intensifies racial bias and penalizes thousands of Californians based on the neighborhood and community in which they live, their friends and other personal connections, what they wear, and the way that they pose in pictures is unconstitutional. </p> <p>That being said, false gang ties can be attributed to anyone (with all the negative ramifications that go along with them) regardless of race. The database also includes people with tenuous ties to Asian gangs, white nationalist groups, and motorcycle clubs.</p> <h3>Lack of Transparency</h3> <p>Even though <a href="https://www.leginfo.ca.gov/pub/13-14/bill/sen/sb_0451-0500/sb_458_cfa_20130409_091917_sen_comm.html">S.B. 458 was passed in 2013</a> requiring that the state of California notify parents of juveniles who are listed on the database (because some registrants are <a href="https://www.documentcloud.org/documents/1676343-calgangs-stats-end-2014.html">as young as 9 years old</a>), a 2014 proposition that would have extended the notification to adults was heavily resisted by law enforcement agencies. That bill ultimately failed. As it stands today, if an adult Californian wanted to know if they are listed in CalGang, they would have absolutely no recourse. There is no way to challenge incorrect assertions of gang affiliation. Most of the adults who are listed as potential gang members won’t find out until after an arrest. </p> <p>In terms of governance, the State Auditor noted that because CalGang wasn’t created by a statute, there is no formal state oversight. Instead, it’s managed by two secretive committees, the CalGang Executive Board and the CalGang Node Advisory Committee. She writes:</p> <blockquote><p>Generally, CalGang’s current operations are outside of public view… we found that the CalGang users self‑administer the committee’s audits and that they do not meaningfully report the results to the board, the committee, or the public. Further, CalGang’s governance does not meet in public, and neither the board nor the committee invites public participation by posting meeting dates, agendas, or reports about CalGang.</p></blockquote> <p>The last report from the California Department of Justice explaining the data in CalGang was published way back in 2010.</p> <p><a href="https://action.eff.org/o/9042/p/dia/action3/common/public/?action_KEY=10367"><i>Tell Gov. Brown to sign A.B. 2298 today. </i></a></p> <p><em>Correction: The figure regarding the number of individuals in the CalGang database has been adjusted from 200,000 to 150,000 based on updated numbers from the auditor's report. </em> </p> <script type="text/javascript">var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Demand%20California%20Fix%20CalGang%2C%20A%20Deeply%20Flawed%20Gang%20Database&amp;url=https%3A//www.eff.org/deeplinks/2016/08/demand-california-fix-calgang-its-deeply-flawed-gang-database&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Demand%20California%20Fix%20CalGang%2C%20A%20Deeply%20Flawed%20Gang%20Database&amp;u=https%3A//www.eff.org/deeplinks/2016/08/demand-california-fix-calgang-its-deeply-flawed-gang-database" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/demand-california-fix-calgang-its-deeply-flawed-gang-database" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Demand%20California%20Fix%20CalGang%2C%20A%20Deeply%20Flawed%20Gang%20Database&amp;url=https%3A//www.eff.org/deeplinks/2016/08/demand-california-fix-calgang-its-deeply-flawed-gang-database" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Tue, 16 Aug 2016 17:56:51 +0000 Camille Ochoa and Dave Maass 92660 at https://www.eff.org https://www.eff.org/deeplinks/2016/08/rock-against-tpp-heads-portland-seattle-and-san-francisco <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>As the <a href="https://www.eff.org/deeplinks/2016/07/eff-joins-stars-rock-against-tpp-and-finally-defeat-it">Rock Against the TPP tour</a> continues its way around the country, word is spreading that it's not too late for us to stop the undemocratic <a href="https://www.eff.org/issues/tpp">Trans-Pacific Partnership</a> (TPP) in its tracks. The tour kicked off in Denver on July 23 with a line-up that included Tom Morello, Evangeline Lilly, and Anti-Flag, before hitting San Diego the following week where Jolie Holland headlined. You can check out the powerful vibe of the kick-off show below.</p> <p></p><center> <div class='mytube' style='width:560px;'><div class='mytubetrigger' id='mytube2'><img width='560' height='315' class='mytubethumb' src='https://www.eff.org/sites/default/files/mytube/yt_OuhYIeX7OqY.jpg' alt='mytubethumb' /><img src='https://www.eff.org/sites/all/modules/mytube/play.png' class='mytubeplay' alt='play' style='top:127.5px;left:250px;' /></div><!--mytubetrigger--><div class='mytubetext' id='mytubetext2'><a href="https://www.eff.org/deeplinks/2008/02/embedded-video-and-your-privacy">Privacy info.</a> This embed will serve content from <em><a rel="nofollow" href="https://www.youtube.com/embed/OuhYIeX7OqY">youtube.com</a></em><br /></div></div><p></p></center> <p>And the tour isn't even half done yet! This weekend, Rock Against the TPP heads to <a href="https://www.rockagainstthetpp.org/seattle-wa/">Seattle</a> on August 19 and <a href="https://www.rockagainstthetpp.org/portland-or/">Portland</a> on August 20, featuring a number of new artists including Danbert Nobacon of Chumbawamba in Seattle, and hip-hop star Talib Kweli in Portland. The latest tour date to be announced is a stop in EFF's home city of <a href="https://www.rockagainstthetpp.org/san-francisco-ca/">San Francisco</a> on September 9, featuring punk legend Jello Biafra.</p> <p>EFF will be on stage for each of the three remaining dates to deliver a short message about the threats that the TPP poses to Internet freedom, creativity, and innovation both here in the United States, and across eleven other Pacific Rim countries. These threats include:</p> <ul><li>Doubling down on U.S. law that makes it easy for copyright owners to have content removed from the Internet without a court order, and hard for users whose content is wrongly removed.</li> <li>Forcing six other countries to go along with our ridiculously long copyright term—life of the author plus another 70 years—which stops artists and fans from using music and art from a century ago.</li> <li>Imposing prison terms for those who disclose corporate secrets, break copyright locks, or share files, even if they are journalists, whistleblowers, or security researchers, and even if they're not making any money from it.</li> </ul><p>In addition, the TPP completely misses the opportunity to include meaningful protections for users. It fails to require other countries to adopt an equivalent to the fair use right in U.S. copyright law, it includes only weak and unenforceable language about the importance of a free and open Internet and net neutrality, and its provisions on encryption technology and software source code fail to offer any protection against crypto backdoors.</p> <p>Rock Against the TPP is an opportunity to spread the word about these problems and to stand up to the corporate lobbyists and their captive trade negotiators who have spent years pushing the TPP against the people's will. First and foremost it's also a celebration of the creativity, passion, and energy of the artists and fans who are going to help to stop this flawed agreement.</p> <p>If you can make it to Portland, Seattle, or San Francisco, please join us! Did we mention that the concerts are absolutely free? <a href="https://www.rockagainstthetpp.org">Reserve your tickets now</a>, and spread the word to all your family and friends. With your help, the TPP will soon be nothing but a footnote in history.</p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Rock%20Against%20the%20TPP%20heads%20to%20Portland%2C%20Seattle%2C%20and%20San%20Francisco&amp;url=https%3A//www.eff.org/deeplinks/2016/08/rock-against-tpp-heads-portland-seattle-and-san-francisco&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Rock%20Against%20the%20TPP%20heads%20to%20Portland%2C%20Seattle%2C%20and%20San%20Francisco&amp;u=https%3A//www.eff.org/deeplinks/2016/08/rock-against-tpp-heads-portland-seattle-and-san-francisco" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/rock-against-tpp-heads-portland-seattle-and-san-francisco" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Rock%20Against%20the%20TPP%20heads%20to%20Portland%2C%20Seattle%2C%20and%20San%20Francisco&amp;url=https%3A//www.eff.org/deeplinks/2016/08/rock-against-tpp-heads-portland-seattle-and-san-francisco" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Tue, 16 Aug 2016 16:07:48 +0000 Jeremy Malcolm 92658 at https://www.eff.org Announcement Trans-Pacific Partnership Agreement https://www.eff.org/deeplinks/2016/08/white-house-source-code-policy-should-go-further <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>A new <a href="https://sourcecode.cio.gov/">federal government policy</a> will result in the government releasing more of the software that it creates under free and open source software licenses. That’s great news, but doesn’t go far enough in its goals or in enabling public oversight.</p> <p>A few months ago, we wrote about a <a href="https://www.eff.org/deeplinks/2016/04/white-house-source-code-policy-big-win-open-government">proposed White House policy</a> regarding how the government handles source code written by or for government agencies. The White House Office of Management and Budget (OMB) has now officially enacted the policy with a few changes. While the new policy is a step forward for government transparency and open access, a few of the changes in it are flat-out baffling.</p> <p>As <a href="/files/2016/08/15/sourcecodepolicy-old.pdf">originally proposed</a> (PDF), the policy would have required that code written by employees of federal agencies be released to the public. For code written by third-party developers, agencies would have been required to release at least 20% of it under <a href="https://opensource.org/licenses">a license approved by the Open Source Initiative</a>—prioritizing “code that it considers potentially useful to the broader community.”</p> <p>At the time, <a href="https://github.com/WhiteHouse/source-code-policy/issues/158">EFF recommended that OMB consider scrapping the 20% rule</a>; it would be more useful for agencies to release <i>everything</i>, regardless of whether it was written by employees or third parties. Exceptions could be made in instances in which making code public would be prohibitively expensive or dangerous.</p> <p>Instead, OMB went in the opposite direction: the official policy treats code written by government employees and contractors the same and puts code in both categories under the 20% rule. OMB was right the first time: code written by government employees is, <a href="https://www.copyright.gov/title17/92chap1.html#105">by law</a>, in the public domain and should be available to the public.</p> <p>More importantly, though, a policy that emphasizes “potentially useful” code misses the point. While it’s certainly the case that people and businesses should be able to reuse and build on government code in innovative ways, that’s not the only reason to require that the government open it. It’s also about public oversight.</p> <p>Giving the public access to government source code gives it visibility into government programs. With access to government source code—and permission to use it—the public can learn how government software works or even identify security problems. The 20% rule could have the unfortunate effect of making exactly the wrong code public. Agencies can easily sweep the code in most need of public oversight into the 80%. In fairness, OMB does encourage agencies to release as much code as they can “to further the Federal Government's commitment to transparency, participation, and collaboration.” But the best way to see those intentions through is to make them the rule.</p> <p>Open government policy is at its best when its mandates are broad and its exceptions are narrow. Rather than trust government officials’ judgment about what materials to make public or keep private, policies like OMB’s should set the default to open. Some exceptions are unavoidable, but they should be limited and clearly defined. And when they’re invoked, the public should know what was exempted and why.</p> <p>OMB has implemented the 20% rule as a three-year pilot. The office says that it will “evaluate pilot results and consider whether to allow the pilot program to expire or to issue a subsequent policy to continue, modify, or increase the minimum requirements of the pilot program.” During the next three years, we’ll be very interested to see how much code agencies release and what stays obscured.</p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=White%20House%20Source%20Code%20Policy%20Should%20Go%20Further&amp;url=https%3A//www.eff.org/deeplinks/2016/08/white-house-source-code-policy-should-go-further&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=White%20House%20Source%20Code%20Policy%20Should%20Go%20Further&amp;u=https%3A//www.eff.org/deeplinks/2016/08/white-house-source-code-policy-should-go-further" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/white-house-source-code-policy-should-go-further" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=White%20House%20Source%20Code%20Policy%20Should%20Go%20Further&amp;url=https%3A//www.eff.org/deeplinks/2016/08/white-house-source-code-policy-should-go-further" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Mon, 15 Aug 2016 22:21:01 +0000 Elliot Harmon 92655 at https://www.eff.org Commentary Fair Use and Intellectual Property: Defending the Balance Innovation Open Access Transparency https://www.eff.org/deeplinks/2016/08/community-broadband-and-fcc-net-neutrality-still-begins-home <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Last year, while most of us were focused on the FCC’s Open Internet Order to protect net neutrality, the FCC quietly did one more thing: it voted to override certain state regulations that inhibit the development and expansion of community broadband projects. The net neutrality rules have since been <a href="https://www.eff.org/deeplinks/2016/06/net-neutrality-rules-upheld-go-team-internet">upheld</a>, but last week a federal appeals court <a href="https://arstechnica.com/tech-policy/2016/08/in-blow-to-muni-broadband-fcc-loses-bid-to-overturn-state-laws/">rejected </a>FCC’s separate effort to preempt state law.</p> <p>The FCC’s goals were laudable. Municipalities and local communities have been experimenting with ways to foster alternatives to big broadband providers like Comcast and Time/Warner. Done right, community fiber experiments have the potential to <a href="https://www.eff.org/deeplinks/2014/07/hate-your-isp-maybe-you-need-community-fiber">create options</a> that empower Internet subscribers and make Internet access more affordable. For example, Chattanooga, Tennessee, is home to one of the nation’s least expensive, most robust municipally-owned broadband networks. The city decided to build a high-speed network initially to meet the needs of the city’s electric company. Then, the local government learned that the cable companies would not be upgrading their Internet service fast enough to meet the city's needs. So the electric utility also became an ISP, and the residents of Chattanooga now have access to a gigabit (1,000 megabits) per second Internet connection. That’s far ahead of the average US connection speed, which typically clocks in at 9.8 megabits per second.</p> <p>But 19 states have laws designed to inhibit experiments like these, which is why the FCC decided to take action, arguing that its mandate to promote broadband competition gave it the authority to override state laws inhibiting community broadband. The court disagreed, finding that the FCC had overstepped its legal authority to regulate.</p> <p>While the communities that looked to the FCC for help are understandably disappointed, the ruling should offer some reassurance for those who worry about FCC overreach. Here, as with net neutrality rulings prior to the latest one, we see that the courts can and will rein in the FCC if it goes beyond its mandate.</p> <p>But there are other lessons to be learned from the decision. One is that we cannot rely on the FCC alone to promote high speed Internet access. If a community wants the chance to take control of its Internet options, it must organize the political will to make it happen – including the will to challenge state regulations that stand in the way. Those regulations were doubtless passed to protect incumbent Internet access providers, but we have seen that a determined public can fight those interests <a href="https://www.eff.org/deeplinks/2015/02/fcc-votes-net-neutrality-big-win">and win.</a> This time, the effort must begin at home. Here <a href="https://www.eff.org/deeplinks/2014/06/neutrality-begins-home-what-us-mayors-can-do-right-now-support-neutral-internet">are a few ideas</a>:</p> <h3>Light Up the Dark Fiber, Foster Competiiton</h3> <p>In most U.S. cities there is <a href="https://arstechnica.com/business/2014/09/most-of-the-us-has-no-broadband-competition-at-25mbps-fcc-chair-says/">only one option</a> for high-speed broadband access. And this lack of competition means that users can’t vote with their feet when monopoly providers like Comcast or Verizon discriminate among Internet users in harmful ways. On the flipside, a lack of competition leaves these large Internet providers with little incentive to offer better service.</p> <p>It doesn't have to be that way. Right now, 89 U.S. cities provide residents with high-speed home Internet, but dozens of additional cities across the country have the infrastructure, such as dark fiber, to either offer high-speed broadband Internet to residents or lease out the fiber to new Internet access providers to bring more competition to the marketplace (the option we prefer).</p> <p>“Dark fiber” refers to unused fiber optic lines already laid in cities around the country, intended to provide high speed, affordable Internet access to residents. In San Francisco, for example, more than 110 miles of fiber optic cable run under the city. Only a fraction of that fiber network is being used.</p> <p>And San Francisco isn’t alone. Cities across the country have invested in laying fiber to connect nonprofits, schools, and government offices with high-speed Internet. That fiber can be used by Internet service startups to help deliver service to residents, reducing the expensive initial investment it takes to enter this market.</p> <p>So the infrastructure to provide municipal alternatives is there in many places—we just need the will and savvy to make it a reality that works.</p> <h3>"Dig Once"—A No Brainer</h3> <p>Building the infrastructure for high-speed internet is expensive. One big expense is tearing up the streets to build out an underground network. But cities regularly have to tear up streets for all kinds of reasons, such as upgrading sewer lines. They should take advantage of this work to create a network of conduits, and then let any company that wants to route their cables through that network, cutting the cost of broadband deployment.</p> <h3>Challenge Artificial Political and Legal Barriers</h3> <p>In addition to state regulations, many cities have created their own unnecessary barriers to their efforts to light up dark fiber or extend existing networks. Take Washington, D.C., where the city’s fiber is bound up in a non-compete contract with Comcast, keeping the network from serving businesses and residents. If that's the case in your town, you should demand better from your representatives. In addition, when there's a local meeting to consider new construction, demand that they include a plan for installing conduit.</p> <p>These are just a few ideas; you can find more <a href="https://muninetworks.org/content/community-connectivity-toolkit">here</a>, along with a wealth of resources. It’s going to take a constellation of solutions to keep our Internet open, but we don't need to wait on regulators and legislators in D.C. This is one area where we can all be leaders. We can organize locally and tell our elected officials to invest in protecting our open Internet.</p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=The%20FCC%20Can%27t%20Save%20Community%20Broadband%20--%20But%20We%20Can&amp;url=https%3A//www.eff.org/deeplinks/2016/08/community-broadband-and-fcc-net-neutrality-still-begins-home&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=The%20FCC%20Can%27t%20Save%20Community%20Broadband%20--%20But%20We%20Can&amp;u=https%3A//www.eff.org/deeplinks/2016/08/community-broadband-and-fcc-net-neutrality-still-begins-home" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/community-broadband-and-fcc-net-neutrality-still-begins-home" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=The%20FCC%20Can%27t%20Save%20Community%20Broadband%20--%20But%20We%20Can&amp;url=https%3A//www.eff.org/deeplinks/2016/08/community-broadband-and-fcc-net-neutrality-still-begins-home" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Sat, 13 Aug 2016 14:39:33 +0000 Corynne McSherry 92643 at https://www.eff.org Net Neutrality https://www.eff.org/press/releases/eff-asks-supreme-court-review-dancing-baby-copyright-case <div class="field field-name-field-pr-subhead field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Copyright Holders Must Be Held Accountable For Baseless Takedown Notices</div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNormal">Washington, D.C.—The Electronic Frontier Foundation (EFF) today filed a <a target="_blank" href="https://www.eff.org/document/petition-writ-lenz-v-universal">petition</a> <span>on behalf of its client Stephanie Lenz </span>asking the U.S. Supreme Court to ensure that copyright holders who make unreasonable infringement claims can be held accountable if those claims force lawful speech offline.</p> <p><span>Lenz filed <a target="_blank" href="https://www.eff.org/cases/lenz-v-universal">the lawsuit</a> that came to be known as the “Dancing Baby” case after she </span><span>posted—back in 2007—a short <a target="_blank" href="https://www.youtube.com/watch?v=N1KfJHFWlhQ">video</a> on YouTube of her toddler son in her kitchen. The 29-second recording, which Lenz wanted to share with family and friends, shows her son bouncing along to the Prince song "Let's Go Crazy," which is heard playing in the background. </span><span>Universal Music Group, which owns the copyright to the Prince song, sent YouTube a notice under the Digital Millennium Copyright Act (<a target="_blank" href="https://www.eff.org/wp/unintended-consequences-16-years-under-dmca">DMCA</a>), claiming that the family video was an infringement of the copyright.</span></p> <p><span>EFF sued Universal on Lenz’s behalf, arguing that the company’s claim of infringement didn’t pass the laugh test and was just the kind of improper, abusive DMCA targeting of lawful material that so often threatens free expression on the Internet. The DMCA includes provisions designed to prevent abuse of the takedown process and allows people like Lenz to sue copyright holders for bogus takedowns.</span></p> <p><span>The San Francisco-based U.S. Court of Appeals for the Ninth Circuit last year <a target="_blank" href="https://www.eff.org/deeplinks/2013/01/lenz-v-universal-baby-may-be-dancing-trial-0">sided in part</a> with Lenz,<a target="_blank" href="https://www.eff.org/deeplinks/2015/09/takedown-senders-must-consider-fair-use-ninth-circuit-rules"> ruling </a>that that copyright holders must consider fair use before sending a takedown notice. But the court also <a href="https://www.eff.org/document/ninth-circuit-amended-opinion">held</a> that copyright holders should be held to a purely subjective standard. In other words, senders of false infringement notices <a target="_blank" href="https://www.eff.org/deeplinks/2016/03/dancing-baby-trial-back-another-mixed-ruling-lenz-v-universal">could be excused</a> so long as they subjectively believed that the material they targeted was infringing, <i>no matter how unreasonable that belief</i>. Lenz is asking the Supreme Court to overrule that part of the Ninth Circuit’s decision to ensure that the DMCA provides the protections for fair use that Congress intended.</span></p> <p class="MsoNormal">“Rightsholders who force down videos and other online content for alleged infringement—based on nothing more than an unreasonable hunch, or subjective criteria they simply made up—must be held accountable,” said EFF Legal Director Corynne McSherry. “<span>If left standing, the Ninth Circuit’s ruling gives fair users little real protection against private censorship through abuse of the DMCA process</span>.”</p> <p class="MsoNormal">For the brief:<br /><a target="_blank" href="https://www.eff.org/document/petition-writ-lenz-v-universal">https://www.eff.org/document/petition-writ-lenz-v-universal</a></p> <p class="MsoNormal">For more on Lenz v. Universal:<br /><a target="_blank" href="https://www.eff.org/cases/lenz-v-universal">https://www.eff.org/cases/lenz-v-universal</a></p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-contact field-type-node-reference field-label-above"><div class="field-label">Contact:&nbsp;</div><div class="field-items"><div class="field-item even"><div class="ds-1col node node-profile node-promoted view-mode-node_embed clearfix"> <div class=""> <div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Corynne</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">McSherry</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Legal Director</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:corynne@eff.org">corynne@eff.org</a></div></div></div> </div> </div> </div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%20Asks%20Supreme%20Court%20To%20Review%20%E2%80%98Dancing%20Baby%E2%80%99%20Copyright%20Case%20&amp;url=https%3A//www.eff.org/press/releases/eff-asks-supreme-court-review-dancing-baby-copyright-case&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%20Asks%20Supreme%20Court%20To%20Review%20%E2%80%98Dancing%20Baby%E2%80%99%20Copyright%20Case%20&amp;u=https%3A//www.eff.org/press/releases/eff-asks-supreme-court-review-dancing-baby-copyright-case" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/press/releases/eff-asks-supreme-court-review-dancing-baby-copyright-case" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%20Asks%20Supreme%20Court%20To%20Review%20%E2%80%98Dancing%20Baby%E2%80%99%20Copyright%20Case%20&amp;url=https%3A//www.eff.org/press/releases/eff-asks-supreme-court-review-dancing-baby-copyright-case" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 12 Aug 2016 21:45:21 +0000 Karen Gullo 92640 at https://www.eff.org https://www.eff.org/deeplinks/2016/08/we-shouldnt-wait-another-fifteen-years-conversation-about-government-hacking <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>With high-profile hacks in the headlines and government officials trying to reopen a long-settled debate about encryption, information security has become a mainstream issue. But we feel that one element of digital security hasn’t received enough critical attention: the role of government in acquiring and exploiting vulnerabilities and hacking for law enforcement and intelligence purposes. That’s why EFF recently published some thoughts on a <a href="https://www.eff.org/deeplinks/2016/08/what-do-about-lawless-government-hacking-and-weakening-digital-security">positive agenda</a> for reforming how the government, obtains, creates, and uses vulnerabilities in our systems for a variety of purposes, from overseas espionage and cyberwarfare to domestic law enforcement investigations.</p> <p>Some influential commentators like Dave Aitel at Lawfare <a href="https://www.lawfareblog.com/slow-down-lawful-hacking-frameworks-and-fixes">have questioned</a> whether we at EFF should be advocating for these changes, because pursuing any controls on how the government uses exploits would be “getting ahead of the technology.” But anyone who follows our work should know we don’t call for new laws lightly.</p> <p>To be clear: We are <i>emphatically not </i>calling for regulation of security research or exploit sales. Indeed, it’s hard to imagine how any such regulation would pass constitutional scrutiny. We <i>are</i> calling for a conversation around how the government <i>uses </i>that technology. We’re fans of transparency; we think technology policy should be subject to broad public debate, heavily informed by the views of technical experts. The agenda in the previous post outlined calls for exactly that.</p> <p>There’s reason to doubt anyone who claims that it’s too soon to get this process started.</p> <p>Consider the status quo: The FBI and other agencies have been <a href="https://www.wired.com/2016/05/history-fbis-hacking/">hacking suspects for at least 15 years</a> without real, public, and enforceable limits. Courts have applied an incredible variety of ad hoc rules around law enforcement’s exploitation of vulnerabilities, with some going so far as to claim that <a href="https://www.eff.org/deeplinks/2016/06/federal-court-fourth-amendment-does-not-protect-your-home-computer"><i>no process at all</i></a> is required. Similarly, the government’s (semi-)formal policy for acquisition and retention of vulnerabilities—the Vulnerabilities Equities Process (VEP)—was apparently motivated in part by public scrutiny of <a href="https://en.wikipedia.org/wiki/Stuxnet">Stuxnet</a> (widely thought to have been developed at least in part by the U.S. government) and the long history of exploiting vulnerabilities in its mission to disrupt Iran's nuclear program. Of course, the VEP <a href="https://www.wired.com/2015/06/turns-us-launched-zero-day-policy-feb-2010/">sat dormant and unused</a> for years until after the <a href="https://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/">Heartbleed</a> disclosure. Even today, the public has seen the policy in redacted form only thanks to <a href="https://www.eff.org/cases/eff-v-nsa-odni-vulnerabilities-foia">FOIA litigation</a> by EFF.</p> <h3>The status quo is unacceptable.</h3> <p>If the Snowden revelations taught us anything, it’s that the government is in <a href="https://www.nytimes.com/2015/05/08/us/nsa-phone-records-collection-ruled-illegal-by-appeals-court.html">little danger of letting law hamstring</a> its opportunistic use of technology. Nor is the executive branch shy about asking Congress for <i>more </i>leeway when hard-pressed. That’s how we got the Patriot Act and the FISA Amendments Act, not to mention <a href="https://www.eff.org/deeplinks/2016/04/rule-41-little-known-committee-proposes-grant-new-hacking-powers-government">the impending changes to Federal Rule of Criminal Procedure 41</a> and the endless encryption “debate.” The notable and instructive exception is the USA Freedom Act, the first statute substantively limiting the NSA’s power in decades, born out of public consternation over the agency’s mass surveillance.</p> <p>So let’s look at some of the arguments for not pursuing limits on the government’s use of particular technologies here.</p> <p>On vulnerabilities, the question is whether the United States should have any sort of comprehensive, legally mandated policy requiring disclosure in some cases where the government finds, acquires, creates, or uses vulnerabilities affecting the computer networks we all rely on. That is, should we take a position on whether it is beneficial for the government to disclose vulnerabilities to those in the security industry responsible for keeping us safe? </p> <p>In one sense, this is a strange question to be asking, since the government says it already has a <a href="https://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities">considered position</a>, as described by White House Cybersecurity Coordinator, Michael Daniel: “[I]n the majority of cases, responsibly disclosing a newly discovered vulnerability is clearly in the national interest.” Other knowledgeable insiders—from former National Security Council Cybersecurity Directors <a href="https://belfercenter.ksg.harvard.edu/publication/26725/governments_role_in_vulnerability_disclosure.html?breadcrumb=%2Fexperts%2F3556%2Fari_schwartz">Ari Schwartz and Rob Knake</a> to President Obama’s hand-picked <a href="https://www.whitehouse.gov/blog/2013/12/18/liberty-and-security-changing-world">Review Group on Intelligence and Communications Technologies</a>—have also endorsed clear, public rules favoring disclosure.</p> <p>But Aitel says all those officials are wrong. He argues that we as outsiders have no evidence that disclosure increases security. To the contrary, Aitel says it’s a “fundamental misstatement” and a “falsehood” that vulnerabilities exploited by the government might overlap with vulnerabilities used by bad actors. “In reality,” he writes, “the vulnerabilities used by the U.S. government are almost never discovered or used by anyone else.”</p> <p>If Aitel has some data to back up his “reality,” he doesn’t share it. And indeed, in the past, Aitel himself has <a href="https://www.businessinsider.com/why-a-time-limit-on-zero-days-is-a-bad-idea-2014-7">written</a> that “bugs are often related, and the knowledge that a bug exists can lead [attackers] to find different bugs in the same code or similar bugs in other products.” This suggests that coordinated disclosure by the government to affected vendors wouldn’t just patch the particular vulnerabilities being exploited, but rather would help them shore up the security of our systems in new, important, and possibly unexpected ways. We already know, in non-intelligence contexts, that <a href="https://threatpost.com/bouncing-rpc-071910/74226/">“bug collision,” while perhaps not common, is certainly a reality</a>. We see no reason, and commentators like Aitel have pointed to none, that exploits developed or purchased by the government wouldn’t be subject to the same kinds of collision.</p> <p>In addition, others with knowledge of the equities process, like Knake and Schwartz, are very much concerned about the risk of these vulnerabilities falling into the hands of groups “working against the national security interest of the United States.” Rather than sit back and wait for that eventuality—which Aitel dismisses without showing his work—we agree with Daniel, Knake and Schwartz and many others that the VEP needs to put defense ahead of offense in most cases.</p> <h3>Democratic oversight won't happen in the shadows</h3> <p>Above all, we can’t have the debate all sides claim to want without a shared set of data. And if outside experts are precluded from participation because they don’t have a TS/SCI clearance, then democratic oversight of the intelligence community doesn’t stand much chance.</p> <p>On its face, the claim that vulnerabilities used by the U.S. are in no danger of being used by others seems particularly weak when combined with the industry’s opposition to “exclusives,” clauses accompanying exploit <i>purchase </i>agreements<i> </i>giving the U.S. exclusive rights to their use. In a piece last month, Aitel’s Lawfare colleague <a href="https://www.lawfareblog.com/vulnerabilities-equities-reform-makes-everyone-and-no-one-happy">Susan Hennessey laid out her opposition</a> to any such requirements. But we know for instance that the <a href="https://www.washingtonpost.com/news/the-switch/wp/2013/10/04/why-everyone-is-left-less-secure-when-the-nsa-doesnt-help-fix-security-flaws/">NSA buys vulnerabilities from the prolific French broker/dealer Vupen.</a> Without any promises of exclusivity from sellers like Vupen, it’s implausible for Aitel to claim that exploits the US purchases will “almost never” fall into others’ hands. </p> <p>Suggesting that no one else will happen onto exploits used by the U.S. government seems overconfident at best, given that <a href="https://www.schneier.com/blog/archives/2016/02/simultaneous_di.html">collisions of vulnerability disclosure are well-documented</a> in the wild. And if disclosing vulnerabilities will truly burn “techniques” and expose “sensitive intelligence operations,” that seems like a good argument for formally weighing the equities on both sides on an individualized basis, as we advocate.</p> <p>In short, we’re open to data suggesting we’re wrong about the substance of the policy, but we’re not going to let Dave Aitel tell us to “slow our roll.” (No disrespect, Dave.)</p> <p>Our policy proposal draws on familiar levers—public reports and congressional oversight. Even those who say that the government’s vulnerability disclosure works fine as is, like Hennessey, have to acknowledge that there’s too much secrecy. EFF shouldn’t have had to sue to see the VEP in the first place, and we shouldn’t still be in the dark about certain details of the process. As recently as <i>last year</i>, the <a href="https://www.eff.org/deeplinks/2015/11/its-no-secret-government-uses-zero-days-offense">DOJ claimed</a> under oath that merely admitting that the U.S. has “offensive” cyber capabilities would endanger national security. Raising the same argument about simply providing insight into that process is just as unpersuasive to us. If the government truly does weigh the equities and disclose the vast majority of vulnerabilities, we should have some way of seeing its criteria and verifying the outcome, even if the actual deliberations over particular bugs remain classified. </p> <p>Meanwhile, the arguments against putting limits on government use of exploits and malware—what we referred to as a “<a href="https://www.eff.org/deeplinks/2016/08/what-do-about-lawless-government-hacking-and-weakening-digital-security#Title-III">Title III for hacking</a>”—bear even less scrutiny.</p> <p>The FBI’s use of malware <a href="https://scholar.google.com/scholar_case?case=18419685373619995659">raises serious constitutional and legal questions</a>, and the warrant issued in the widely publicized <a href="https://www.techdirt.com/blog/?tag=playpen">Playpen case</a> arguably <a href="https://www.justsecurity.org/31365/remote-hacking-governments-particularity-problem-isnt/">violates both the Fourth Amendment and Rule 41</a>. Further problems arose at the trial stage in one Playpen prosecution when the government <a href="https://motherboard.vice.com/read/playpen-tor-browser-exploit">refused to disclose all evidence material to the defense,</a> because it <a href="https://motherboard.vice.com/read/the-fbi-is-classifying-its-tor-browser-exploit">“derivatively classified" the exploit used by the FBI.</a> The government would apparently prefer dismissal of prosecutions to disclosure, under court-supervised seal, of exploits that would reveal intelligence sources and methods, even indirectly. Thus, even where exploits are widely used for law enforcement, the government’s policy appears to be driven by the Defense Department, not the Justice Department. That ordering of priorities is incompatible with prosecuting serious crimes like child pornography. Hence, those that ask us to slow down should recognize that the alternative to a Title III for hacking is actually a series of court rulings putting a stop to the government’s use of such exploits.</p> <p>Adapting Title III to hacking is also a case where public debate should inform the legislative process. We’re not worried about law enforcement and the intelligence community advocating for their vision of how technology should be used. But given calls to slow down, however, we are very concerned that there be input from the public, especially technology experts charged with defending our systems—not just exploit developers with Top Secret clearances.</p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/playpen-cases-mass-hacking-us-law-enforcement">The Playpen Cases: Mass Hacking by U.S. Law Enforcement</a></div><div class="field-item odd"><a href="/cases/eff-v-nsa-odni-vulnerabilities-foia">EFF v. NSA, ODNI - Vulnerabilities FOIA </a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=We%20Shouldn%E2%80%99t%20Wait%20Another%20Fifteen%20Years%20for%20a%20Conversation%20About%20Government%20Hacking&amp;url=https%3A//www.eff.org/deeplinks/2016/08/we-shouldnt-wait-another-fifteen-years-conversation-about-government-hacking&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=We%20Shouldn%E2%80%99t%20Wait%20Another%20Fifteen%20Years%20for%20a%20Conversation%20About%20Government%20Hacking&amp;u=https%3A//www.eff.org/deeplinks/2016/08/we-shouldnt-wait-another-fifteen-years-conversation-about-government-hacking" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/we-shouldnt-wait-another-fifteen-years-conversation-about-government-hacking" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=We%20Shouldn%E2%80%99t%20Wait%20Another%20Fifteen%20Years%20for%20a%20Conversation%20About%20Government%20Hacking&amp;url=https%3A//www.eff.org/deeplinks/2016/08/we-shouldnt-wait-another-fifteen-years-conversation-about-government-hacking" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 12 Aug 2016 17:46:59 +0000 Andrew Crocker and Nate Cardozo 92635 at https://www.eff.org Government Hacking and Subversion of Digital Security https://www.eff.org/deeplinks/2016/08/illinois-sets-new-limits-cell-site-simulators <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><img src="/files/2016/08/11/stingray-2016-og-2.png" alt="" height="325" width="650" /></p> <p>Illinois has joined the growing ranks of states <a href="https://arstechnica.com/tech-policy/2016/07/illinois-governor-signs-new-law-requiring-stricter-rules-for-stingrays/">limiting how police may use cell-site simulators</a>, invasive technology devices that masquerade as cell phone towers and turn our mobile phones into surveillance devices. By adopting <a href="https://www.ilga.gov/legislation/publicacts/fulltext.asp?Name=099-0622">the Citizen Privacy Protection Act,</a> Illinois last month joined half a dozen other states—as well as the Justice Department and one federal judge—that have reiterated the constitutional requirement for police to obtain a judicial warrant before collecting people's location and other personal information using cell-site simulators.</p> <p>By going beyond a warrant requirement and prohibiting police from intercepting data and voice transmissions or conducting offensive attacks on personal devices, the Illinois law establishes a new high watermark in the battle to prevent surveillance technology from undermining civil liberties. Illinois also set an example for other states to follow by providing a powerful remedy when police violate the new law by using a cell-site simulator without a warrant: wrongfully collected information is inadmissible in court, whether to support criminal prosecution or any other government proceedings.</p> <p><b>Tools to monitor cell phones</b></p> <p>Cell-site simulators are sometimes called “IMSI catchers” because they seize from every cell phone within a particular area its unique International Mobile Subscriber Identity, and force those phones to connect to them, instead of real cell towers.</p> <p>Early versions of the devices—such as the Stingray device used by police in major U.S. cities since <a href="https://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-ci-stingray-case-20150408-story.html">at least 2007</a> after having been used by <a href="https://www.wired.com/2013/04/verizon-rigmaiden-aircard/">federal authorities since at least the 1990s</a>—were limited to location tracking, as well as capturing and recording data and voice traffic transmitted by phones. Later versions, however, added <a href="https://www.schneier.com/blog/archives/2015/04/the_further_dem_1.html">further capabilities</a> which policymakers in Illinois have become the first to address.</p> <p>Cell phone surveillance tools have eroded constitutional rights guaranteed under the Fourth Amendment’s protection from unreasonable searches and seizures in, at minimum, tens of thousands of cases. Stingrays were deployed <a href="https://www.nyclu.org/news/nypd-has-used-stingrays-more-1000-times-2008">thousands of times in New York City alone</a>—and even <a href="https://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-ci-stingray-case-20150408-story.html">more often in Baltimore</a>—without legislative or judicial oversight, until <a href="https://www.wired.com/2013/04/verizon-rigmaiden-aircard/">in 2011</a> a jailhouse lawyer accused of tax fraud discovered the first known reference to a “Stingray” in court documents relating to the 2008 investigation that led to his arrest and conviction.</p> <p>Meanwhile, government and corporate secrecy surrounding police uses of Stingrays has undermined Fifth and Sixth Amendment rights to due process, such as the right to challenge evidence used by one’s accusers. Contracts with police departments demanded by corporate device manufacturers imposed secrecy so severe that <a href="https://arstechnica.com/tech-policy/2015/04/prosecutors-drop-robbery-case-to-preserve-stingray-secrecy-in-st-louis/">prosecutors walked away from legitimate cases</a> across the country rather than risk revealing Stingrays to judges by pursuing prosecutions based on Stingray-collected evidence.</p> <p>Citing the constraint of a corporate non-disclosure agreement, a police officer in Baltimore even <a href="https://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-ci-stingray-officer-contempt-20141117-story.html">risked contempt charges</a> by refusing to answer judicial inquiries about how police used the devices. Baltimore public defender Deborah Levi <a href="https://www.theguardian.com/us-news/2016/apr/05/maryland-stingray-ruling-baltimore-convictions-privacy">explains</a>, “They engage in a third-party contract to violate people’s constitutional rights.”</p> <p><b>Several states agree: Get a warrant</b></p> <p>In one respect, Illinois is walking well-settled ground.</p> <p>By requiring that state and local police agents first seek and secure a judicial order based on individualized probable cause of criminal misconduct before using a cell-site simulator, Illinois has joined <a href="https://arstechnica.com/tech-policy/2015/05/cops-must-now-get-a-warrant-to-use-stingrays-in-washington-state/">half a dozen other states</a> (including <a href="https://www.eff.org/deeplinks/2015/10/california-leads-way-digital-privacy">California</a>, Washington, Utah, Minnesota, and Virginia) that have already paved that road.</p> <p>At the federal level, the Justice Department <a href="https://www.justice.gov/opa/pr/justice-department-announces-enhanced-policy-use-cell-site-simulators">took action in 2015</a> to require federal agencies to seek warrants before using the devices. And just two weeks before Illinois enacted its new law, a federal judge in New York <a href="https://www.reuters.com/article/us-usa-crime-stingray-idUSKCN0ZS2VI">ruled for the first time</a> that defendants could exclude from trial evidence collected from <a href="https://www.eff.org/deeplinks/2015/01/2014-review-stingrays-go-mainstream">an IMSI-catcher device</a> by police who failed to first obtain a judicial order.</p> <p>These decisions vindicate core constitutional rights, as well as the separation of powers and underscore that warrants are constitutionally crucial.</p> <p>It's true that warrants are <a href="https://apublicdefender.com/2014/02/26/because-getting-a-warrant-is-just-so-tedious-grumble/">not particularly difficult</a> for police to obtain when based on legitimate reasons for suspicion. When New York Court of Appeals Chief Judge Sol Wachtler observed in 1985 that any prosecutor could persuade a grand jury to “<a href="https://www.independent.co.uk/news/world/americas/a-grand-jury-could-indict-a-ham-sandwich-but-apparently-not-a-white-police-officer-9882529.html">indict a ham sandwich</a>,” he was talking about the ease with which the government can satisfy the <a href="https://www.eff.org/deeplinks/2016/03/hubris-investigators">limited scrutiny applied in any one-sided process</a>, including that through which police routinely secure search warrants.</p> <p>But while judicial warrants do not present a burdensome constraint on legitimate police searches, they play an important role in the investigative process. Warrantless searches are conducted essentially by fiat, without independent review, and potentially arbitrarily. Searches conducted pursuant to a warrant, however, bear the stamp of impartial judicial review and approval.</p> <p>Warrants ensure, for instance, that agencies do not treat their public safety mandate as an excuse to pursue <a href="https://www.inquisitr.com/1682146/eric-garner-corrupt-police/">personal vendettas</a>, or the kinds of <a href="https://www.washingtonpost.com/blogs/the-switch/wp/2013/08/24/loveint-when-nsa-officers-use-their-spying-power-on-love-interests">stalking “LOVEINT” abuses</a> to which NSA agents and contractors have occasionally admitted. Requiring authorization from a neutral magistrate, put simply, maintains civilian control over police.</p> <p>Despite its importance and ease for authorities to satisfy, the warrant requirement has ironically suffered <a href="https://www.techdirt.com/articles/20140226/08222126351/supreme-court-has-just-given-police-another-way-to-search-your-house-without-warrant.shtml">frequent erosion</a> by the courts—making all the more important efforts by states like Illinois to legislatively reiterate and expand it.</p> <p>But in two important respects beyond the warrant requirement, the Illinois Citizen Privacy Protection Act breaks new ground. </p> <p><b>Breaking new ground: Allowing an exclusionary remedy</b></p> <p>First, the Illinois law is the first policy of its kind in the country that carries a price for law enforcement agencies that violate the warrant requirement. If police use a cell-site simulator to gather information without securing a judicial order, then courts will suppress that information and exclude it from any consideration at trial.</p> <p>This vindicates the rights of accused individuals by enabling them to exclude illegally collected evidence. It also helps ensure that police use their powerful authorities for only legitimate reasons based on probable cause to suspect criminal activity, rather than fishing expeditions without real proof of misconduct, or for that matter, the personal, racial, or financial biases of police officers.</p> <p>Like the warrant requirement created to limit the powers of police agencies, the exclusionary rule on which the judiciary relies to enforce the warrant requirement has endured <a href="https://www.foxnews.com/story/2009/01/26/eroding-exclusionary-rule.html">doctrinal erosion</a> over the past generation. Courts have allowed <a href="https://www.eff.org/deeplinks/2016/06/racial-bias-and-arrest-tech">one exception</a> after <a href="https://www.law.cornell.edu/supct/html/9-11328.ZS.html">another</a>, allowing prosecutors to use “<a href="https://supreme.justia.com/cases/federal/us/371/471/case.html">fruits of the poisonous tree</a>” in criminal trials despite violations of constitutional rights committed by police when collecting them.</p> <p>In this context, the new statute in Illinois represents a crucial public policy choice explicitly extending the critical protections of the warrant requirement and exclusionary rule.</p> <p><b>Breaking new ground: Prohibiting offensive uses</b></p> <p>The new Illinois law also limits the purposes for which cell-site simulators may be used, even pursuant to a judicial order. It flatly prohibits several particularly offensive uses that remain largely overlooked elsewhere.</p> <p>When Stingrays (and their <a href="https://arstechnica.com/tech-policy/2014/09/cities-scramble-to-upgrade-stingray-tracking-as-end-of-2g-network-looms/">frequent secret use</a> by local police departments across the country) first attracted attention, most concerns addressed the location tracking capabilities of the device’s first generation, obtained by domestic police departments <a href="https://cdn.arstechnica.net/wp-content/uploads/2013/09/miami-dade.pdf">as early as 2003</a>.</p> <p>But while Stingrays presented profound constitutional concerns 10 years ago, they present even greater concerns now, because of <a href="https://theintercept.com/surveillance-catalogue/drt-1101b/">technology advancements</a> in the past decade enabling stronger surveillance and even militaristic offensive capabilities. Unlike early versions of the devices that could be used only for location monitoring or gathering metadata, later versions, such as the <a href="https://arstechnica.com/tech-policy/2013/09/meet-the-machines-that-steal-your-phones-data/2/">Triggerfish</a>, Hailstorm and <a href="https://theintercept.com/surveillance-catalogue/stargrazer-iii/">Stargrazer</a> series, can be used to intercept voice communications or browsing history in real-time, mount offensive <a href="https://theintercept.com/surveillance-catalogue/windjammer/">denial of service attacks</a> on a phone, or even plant malware on a device.</p> <p>Recognizing how invasive the latest versions of IMSI-catchers can be, legislators in Illinois authorized police to use cell-site simulators in only two ways: after obtaining a warrant, police may use the devices to locate or track a known device, or instead to identify an unknown device.</p> <p>Even if supported by a judicial order, the Citizen Privacy Protection Act affirmatively bans all other uses of these devices. Prohibited activities include intercepting the content or metadata of phone calls or text messages, planting malware on someone’s phone, or blocking a device from communicating with other devices.</p> <p>The use limitations enshrined in Illinois law are among the first of their kind in the country.</p> <p>The Illinois statute also requires police to delete any data (within 24 hours after location tracking, or within 72 hours of identifying a device) incidentally obtained from third parties, such as non-targets whose devices are forced to connect to a cell-site simulator. These requirements are similar to those announced by a federal magistrate judge in Illinois who in November 2015 imposed on a federal drug investigation <a href="https://www.techdirt.com/articles/20151112/07082732799/illinois-magistrate-judge-lays-down-ground-rules-stingray-device-warrants.shtml">minimization requirements</a> including an order to “immediately <a href="https://www.documentcloud.org/documents/2512522-stingray-rules.html#document/p6">destroy all data other than</a> the data identifying the cell phone used by the target. The destruction must occur within forty-eight hours after the data is captured.”</p> <p><b>Enhancing security through transparency</b></p> <p>Beyond enforcing constitutional limits on the powers of law enforcement agencies, and protecting individual rights at stake, the new law in Illinois also appropriately responds to <a href="https://www.eff.org/deeplinks/2016/03/hubris-investigators">an era of executive secrecy</a>.</p> <p>The secrecy surrounding law enforcement uses of IMSI-catchers has also compromised security. As the ACLU’s Chris Soghoian has <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2437678">explained</a> alongside Stephanie Pell from West Point’s Army Cyber Institute and Stanford University, “the general threat that [any particular] technology poses to the security of cellular networks” could outweigh its “increasing general availability at decreasing prices.” With respect to cell-site simulators, in particular:</p> <blockquote><p>[C]ellular interception capabilities and technology have become, for better or worse, globalized and democratized, placing Americans’ cellular communications at risk of interception from foreign governments, criminals, the tabloid press and virtually anyone else with sufficient motive to capture cellular content in transmission. Notwithstanding this risk, US government agencies continue to treat practically everything about this cellular interception technology, as a closely guarded, necessarily secret “source and method,” shrouding the technical capabilities and limitations of the equipment from public discussion….</p></blockquote> <p>Given the persistent secrecy surrounding IMSI-catchers and the unknown risks they pose to both individual privacy and network security, the statutory model adopted by Illinois represents a milestone not only for civil liberties but also for the security of our technological devices. <a href="https://www.aclu-il.org/about/staff/khadine-bennett1/">Khadine Bennett</a> from the ACLU of Illinois explained the new law’s importance in terms of the secrecy pervading how police have used cell-site simulators:</p> <blockquote><p>For so long, uses of IMSI-catchers such as Stingrays have been behind the scenes, enabling searches like the pat down of thousands of cell phones at once without the users ever even knowing it happened. It’s exciting to see Illinois adopt a measure to ensure that these devices are used responsibly and appropriately, and I hope to see more like it emerge around the country.</p></blockquote> <p>EFF enthusiastically agrees with Ms. Bennett. If you’d like to see the Citizen Privacy Protection Act’s groundbreaking requirements adopted in your state, you can find support through the <a href="https://www.eff.org/EFA">Electronic Frontier Alliance</a>.</p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Illinois%20Sets%20New%20Limits%20On%20Cell-Site%20Simulators&amp;url=https%3A//www.eff.org/deeplinks/2016/08/illinois-sets-new-limits-cell-site-simulators&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Illinois%20Sets%20New%20Limits%20On%20Cell-Site%20Simulators&amp;u=https%3A//www.eff.org/deeplinks/2016/08/illinois-sets-new-limits-cell-site-simulators" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/illinois-sets-new-limits-cell-site-simulators" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Illinois%20Sets%20New%20Limits%20On%20Cell-Site%20Simulators&amp;url=https%3A//www.eff.org/deeplinks/2016/08/illinois-sets-new-limits-cell-site-simulators" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Thu, 11 Aug 2016 23:27:48 +0000 Shahid Buttar 92624 at https://www.eff.org Commentary Mass Surveillance Technologies Cell Tracking https://www.eff.org/press/releases/eff-announces-2016-pioneer-award-winners-malkia-cyril-center-media-justice-data <div class="field field-name-field-pr-subhead field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Ceremony for Honorees on September 21 in San Francisco</div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>San Francisco - The Electronic Frontier Foundation (EFF) is pleased to announce the distinguished winners of the 2016 Pioneer Awards: Malkia Cyril of the Center for Media Justice, data protection activist Max Schrems, the authors of the “Keys Under Doormats” report that counters calls to break encryption, and the lawmakers behind CalECPA—a groundbreaking computer privacy law for Californians.</p> <p>The award ceremony will be held the evening of September 21 at Delancey Street’s Town Hall Room in San Francisco. The keynote speaker is award-winning investigative journalist Julia Angwin, whose work on corporate invasions of privacy has uncovered the myriad ways companies collect and control personal information. Her recent articles have sought to hold algorithms accountable for the important decisions they make about our lives. Tickets are $65 for current EFF members, or $75 for non-members.  </p> <p><a href="https://twitter.com/culturejedi">Malkia A. Cyril</a> is the founder and executive director of the Center for Media Justice and co-founder of the Media Action Grassroots Network, a national network of community-based organizations working to ensure racial and economic justice in a digital age. Cyril is one of few leaders of color in the movement for digital rights and freedom, and a leader in the Black Lives Matter Network—helping to bring important technical safeguards and surveillance countermeasures to people across the country who are fighting to reform systemic racism and violence in law enforcement. Cyril is also a prolific writer and public speaker on issues ranging from net neutrality to the communication rights of prisoners. Their comments have been featured in publications like Politico, Motherboard, and Essence Magazine, as well as three documentary films. Cyril is a Prime Movers fellow, a recipient of the 2012 Donald H. McGannon Award for work to advance the roles of women and people of color in the media reform movement, and won the 2015 Hugh Hefner 1st Amendment Award for framing net neutrality as a civil rights issue.</p> <p><a href="https://twitter.com/maxschrems?lang=en">Max Schrems</a> is a data protection activist, lawyer, and author whose lawsuits over U.S. companies’ handling of European Union citizens’ personal information have changed the face of international data privacy. Since 2011 he has worked on the enforcement of EU data protection law, arguing that untargeted wholesale spying by the U.S. government on Internet communications undermines the EU’s strict data protection standards. One lawsuit that reached the European Court of Justice led to the invalidation of the “Safe Harbor” agreement between the U.S. and the EU, forcing governments around the world to grapple with the conflict between U.S. government surveillance practices and the privacy rights of citizens around the world. Another legal challenge is a class action lawsuit with more than 25,000 members currently pending at the Austrian Supreme Court. Schrems is also the founder of “Europe v Facebook,” a group that pushes for social media privacy reform at Facebook and other companies, calling for data collection minimization, opt-in policies instead of opt-outs, and transparency in data collection.</p> <p>The <a href="https://dspace.mit.edu/handle/1721.1/97690">“Keys Under Doormats”</a> report has been central to grounding the current encryption debates in scientific realities. Published in July of 2015, it emerged just as calls to break encryption with “backdoors” or other access points for law enforcement were becoming pervasive in Congress, but before the issue came into the global spotlight with the FBI’s efforts against Apple earlier this year. “Keys Under Doormats” both reviews the underlying technical considerations of the earlier encryption debate of the 1990s and examines the modern systems realities, creating a compelling, comprehensive, and scientifically grounded argument to protect and extend the availability of encrypted digital information and communications. The authors of the report are all security experts, building the case that weakening encryption for surveillance purposes could never allow for any truly secure digital transactions. The “Keys Under Doormats” authors are Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, and Daniel J. Weitzner. Work on the report was coordinated by the MIT Internet Policy Research Initiative.</p> <p><a href="https://www.eff.org/cases/californias-electronic-communications-privacy-act-calecpa">CalECPA</a>—the California Electronic Communications Privacy Act—is a landmark law that safeguards privacy and free speech rights. CalECPA requires that a California government entity gets a warrant to search electronic devices or compel access to any electronic information, like email, text messages, documents, metadata, and location information—whether stored on the electronic device itself or online in the “cloud.” CalECPA gave California the strongest digital privacy law in the nation and helps prevent abuses before they happen. In many states without this protection, police routinely claim the authority to search sensitive electronic information about who we are, where we go, and what we do—without a warrant. CalECPA was introduced by California State Senators <a href="https://sd11.senate.ca.gov/">Mark Leno</a> (D-San Francisco) and <a href="https://anderson.cssrc.us/">Joel Anderson</a> (R-Alpine), who both fought for years to get stronger digital privacy protections for Californians. Leno has been a champion of improved transportation, renewable energy, and equal rights for all, among many other issues. Anderson regularly works across party lines to protect consumer privacy in the digital world.</p> <p>“We are honored to announce this year’s Pioneer Award winners, and to celebrate the work they have done to make communications private, safe, and secure,” said EFF Executive Director Cindy Cohn. “The Internet is an unprecedented tool for everything from activism to research to commerce, but it will only stay that way if everyone can trust their technology and the systems it relies on. With this group of pioneers, we are building a digital future we can all be proud of.”</p> <p>Awarded every year since 1992, EFF’s Pioneer Awards recognize the leaders who are extending freedom and innovation on the electronic frontier. Previous honorees have included Aaron Swartz, Citizen Lab, Richard Stallman, and Anita Borg.</p> <p>Sponsors of the 2016 Pioneer Awards include Adobe, Airbnb, Dropbox, Facebook, and O’Reilly Media.</p> <p>To buy tickets to the Pioneer Awards:<br /><a href="//www.eff.org/Pioneer2016"> https://www.eff.org/Pioneer2016</a></p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-contact field-type-node-reference field-label-above"><div class="field-label">Contact:&nbsp;</div><div class="field-items"><div class="field-item even"><div class="ds-1col node node-profile view-mode-node_embed clearfix"> <div class=""> <div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Rebecca</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Jeschke</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Media Relations Director and Digital Rights Analyst</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:press@eff.org">press@eff.org</a></div></div></div> </div> </div> </div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%20Announces%202016%20Pioneer%20Award%20Winners%3A%20Malkia%20Cyril%20of%20the%20Center%20for%20Media%20Justice%2C%20Data%20Protection%20Activist%20Max%20Schrems%2C%20the%20Authors%20of%20%E2%80%98Keys%20Under%20Doormats%2C%E2%80%99%20and%20the%20Lawmakers%20Behind%20CalECPA&amp;url=https%3A//www.eff.org/press/releases/eff-announces-2016-pioneer-award-winners-malkia-cyril-center-media-justice-data&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%20Announces%202016%20Pioneer%20Award%20Winners%3A%20Malkia%20Cyril%20of%20the%20Center%20for%20Media%20Justice%2C%20Data%20Protection%20Activist%20Max%20Schrems%2C%20the%20Authors%20of%20%E2%80%98Keys%20Under%20Doormats%2C%E2%80%99%20and%20the%20Lawmakers%20Behind%20CalECPA&amp;u=https%3A//www.eff.org/press/releases/eff-announces-2016-pioneer-award-winners-malkia-cyril-center-media-justice-data" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/press/releases/eff-announces-2016-pioneer-award-winners-malkia-cyril-center-media-justice-data" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%20Announces%202016%20Pioneer%20Award%20Winners%3A%20Malkia%20Cyril%20of%20the%20Center%20for%20Media%20Justice%2C%20Data%20Protection%20Activist%20Max%20Schrems%2C%20the%20Authors%20of%20%E2%80%98Keys%20Under%20Doormats%2C%E2%80%99%20and%20the%20Lawmakers%20Behind%20CalECPA&amp;url=https%3A//www.eff.org/press/releases/eff-announces-2016-pioneer-award-winners-malkia-cyril-center-media-justice-data" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Tue, 09 Aug 2016 19:45:19 +0000 Rebecca Jeschke 92577 at https://www.eff.org https://www.eff.org/deeplinks/2016/08/stand-open-access <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><a href="https://act.eff.org/action/let-s-stand-together-to-promote-open-access-worldwide"><img src="/files/2016/08/09/social-diego.png" height="325" width="650" /></a></p> <p>Diego Gomez is a recent biology graduate from the University of Quindío, a small university in Colombia. His research interests are reptiles and amphibians. Since the university where he studied didn’t have a large budget for access to academic databases, he did what any other science grad student would do: he found the resources he needed online. Sometimes he shared the research he discovered, so that others could benefit as well.</p> <p>In 2011, Diego <a href="/deeplinks/2014/09/support-diego-gomez-and-join-global-open-access-movement">shared another student’s Master’s thesis with colleagues over the Internet</a>. That simple act—something that many people all over the world do every day—put Diego at risk of spending years in prison. In Colombia, copying and distribution of copyrighted works without permission can lead to <a href="https://www.karisma.org.co/compartirnoesdelito/?page_id=28">criminal charges of up to eight years</a> if the prosecution can show it hurt the commercial rights of the author (<i>derechos patrimoniales</i>).</p> <p><a href="https://www.eff.org/deeplinks/2016/02/stand-diego-support-open-access">We’ve been following Diego’s trial over the past year</a>, and closing arguments are scheduled for this week. Today, <a href="https://act.eff.org/action/let-s-stand-together-to-promote-open-access-worldwide">we join open access allies all over the world</a> in standing with Diego.</p> <p class="eff_digital_voices-take_action"><a href="https://act.eff.org/action/let-s-stand-together-to-promote-open-access-worldwide"><img src="/sites/all/modules/custom/eff_digital_voices/plugins/take_action/images/button.png" alt="Take Action" title="Take Action" class="eff_digital_voices-take_action" /><strong>Support Open Access Worldwide</strong></a></p> <p>EFF believes that extreme criminal penalties for copyright infringement can chill people’s right of free expression, limit the public’s access to knowledge, and quell scientific research. That’s particularly true in countries like Colombia that pay lip service to free speech and access to education (which are expressly recognized as basic rights in Colombia’s Constitution) but don’t have the robust fair use protections that help ensure copyright doesn’t stymie those commitments.</p> <p>Diego’s case also serves as a wake-up call: it’s time for open access to become the global standard for academic publishing.</p> <div class="align-right"><a href="https://act.eff.org/action/let-s-stand-together-to-promote-open-access-worldwide"><img src="https://www.eff.org/files/2014/09/18/diego_gomez-2b.png" alt="Support Diego Gomez, Fight for Open Access!" border="1" /></a></div> <p>The movement for open access is not new, but it seems to be accelerating. Even since <a href="https://www.eff.org/deeplinks/2014/07/colombian-student-faces-prison-charges-sharing-academic-article-online">we started following Diego’s case</a> in 2014, many parts of the scientific community have begun to fully embrace open access publishing. Dozens of universities have <a href="https://roarmap.eprints.org/view/country/840.html">adopted open access policies</a> requiring that university research be made open, either through publishing in open access journals or by archiving papers in institutional repositories. This year’s groundbreaking discovery on gravitational waves—certainly one of the most important scientific discoveries of the decade—was <a href="https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.116.061102">published in an open access journal</a> under a Creative Commons license. Here in the U.S., it’s becoming more and more clear that an <a href="https://www.eff.org/deeplinks/2016/03/tell-congress-its-time-move-fastr">open access mandate for federally funded research</a> will be written into law; it’s just a matter of <i>when</i>. The tide is changing, and open access will win.</p> <p>But for researchers like Diego who face prison time right now, the movement is not accelerating quickly enough. Open access could have saved Diego from the risk of spending years in prison.</p> <p>Many people reading this remember the tragic story of Aaron Swartz. When Aaron died, <a href="https://www.eff.org/deeplinks/2013/01/aaron-swartz-fix-draconian-computer-crime-law">he was facing severe penalties</a> for accessing millions of articles via MIT’s computer network without "authorization." Diego’s case differs from Aaron’s in a lot of ways, but in one important way, they’re exactly the same: if all academic research were published openly, neither of them would have been in trouble for anything.</p> <p>When laws punish intellectual curiosity and scientific research, everyone suffers; not just researchers, but also the people and species who would benefit from their research. Copyright law is supposed to foster innovation, not squash it.</p> <p>Please join us in standing with Diego. Together, we can fight for a time when <a href="https://act.eff.org/action/let-s-stand-together-to-promote-open-access-worldwide">everyone can access and share the world’s research</a>.</p> <p class="eff_digital_voices-take_action"><a href="https://act.eff.org/action/let-s-stand-together-to-promote-open-access-worldwide"><img src="/sites/all/modules/custom/eff_digital_voices/plugins/take_action/images/button.png" alt="Take Action" title="Take Action" class="eff_digital_voices-take_action" /><strong>Support Open Access Worldwide</strong></a></p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Stand%20Up%20for%20Open%20Access.%20Stand%20Up%20for%20Diego.&amp;url=https%3A//www.eff.org/deeplinks/2016/08/stand-open-access&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Stand%20Up%20for%20Open%20Access.%20Stand%20Up%20for%20Diego.&amp;u=https%3A//www.eff.org/deeplinks/2016/08/stand-open-access" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/stand-open-access" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Stand%20Up%20for%20Open%20Access.%20Stand%20Up%20for%20Diego.&amp;url=https%3A//www.eff.org/deeplinks/2016/08/stand-open-access" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Tue, 09 Aug 2016 18:30:31 +0000 Ana Acosta and Elliot Harmon 92568 at https://www.eff.org Call To Action Fair Use and Intellectual Property: Defending the Balance Innovation Open Access International https://www.eff.org/deeplinks/2016/08/drm-you-have-right-know-what-youre-buying <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Today, the EFF and a coalition of organizations and individuals asked the US Federal Trade Commission (FTC) to explore fair labeling rules that would require retailers to warn you when the products you buy come locked down by DRM ("Digital Rights Management" or "Digital Restrictions Management"). </p> <p>These digital locks train your computerized devices to disobey you when you ask them to do things the manufacturer didn't specifically authorize -- even when those things are perfectly legal. Companies that put digital locks on their products -- ebook, games and music publishers, video companies, companies that make hardware from printers to TVs to cat litter trays -- insist that DRM benefits their customers, by allowing the companies to offer products at a lower price by taking away some of the value -- you can "rent" an ebook or a movie, or get a printer at a price that only makes sense if you also have to buy expensive replacement ink.</p> <p>We don't buy it. We think that the evidence is that customers don't much care for DRM (when was the last time you woke up and said, "Gosh, I wish there was a way I could do <em>less</em> with my games?"). <a href="https://boingboing.net/2014/07/19/drm-free-indie-ebooks-outsell.html">Studies agree</a>.</p> <p>The FTC is in charge of making sure that Americans don't get ripped off when they buy things. We've written the Commission a <a href="https://www.eff.org/document/eff-letter-ftc-re-drm-labeling">letter</a>, drafted and signed by a diverse coalition of public interest groups, publishers, and rightsholders, calling on the agency to instruct retailers to inform potential customers of the restrictions on the products they're selling. In a <a href="https://www.eff.org/files/2016/08/06/eff_request_for_investigation_re_labeling_drm-limited_products.pdf">separate letter</a>, we detail the stories of 22 EFF supporters who unwittingly purchased DRM-encumbered products and later found themselves unable to enjoy their purchases (a travel guide that required a live internet connection to unlock, making it unreadable on holiday), or locked into an abusive relationship with their vendors (a cat litter box that only worked if resupplied with expensive detergent), or even had <em>other</em> equipment they owned rendered permanently inoperable by the DRM in a new purchase (for example, a game that "bricked" a customer's DVD-RW drive).</p> <p>Now the FTC has been equipped with evidence that there are real harms, and that rightsholders are willing to have fair labeling practices, the FTC should act. And if the DRM companies are so sure that their customers love their products, why would they object?</p> <p>EFF is currently <a href="https://www.eff.org/press/releases/eff-lawsuit-takes-dmca-section-1201-research-and-technology-restrictions-violate">suing the US government to invalidate Section 1201 of the DMCA</a>, a law that has been used to threaten research into the security risks of DRM and inhibit the development of products and tools that break digital locks -- again, even if the purpose is otherwise legal (like letting you read your books on an alternate reader, or put a different brand of perfume in your cat litter box). Until we win our lawsuit, people who buy DRM-locked products are unlikely to be rescued from their lock-in by add-ons that restore functionality to their property. That makes labeling especially urgent: it's bad enough to be stuck with product that is <a href="https://www.defectivebydesign.org/">defective by design</a>, but far worse if those defects can't be fixed without risking legal retaliation.</p> <p>For the full letter to the FTC about labeling:<a href="https://www.eff.org/files/2016/08/05/eff_request_for_investigation_re_labeling_drm-limited_products.pdf"></a><br /><a target="_blank" href="https://www.eff.org/document/eff-letter-ftc-re-drm-labeling">https://www.eff.org/document/eff-letter-ftc-re-drm-labeling</a></p> <p>For the full letter to the FTC with the stories of people who've been harmed by DRM they weren't informed of:<br /><a href="https://www.eff.org/files/2016/08/06/eff_request_for_investigation_re_labeling_drm-limited_products.pdf">https://www.eff.org/files/2016/08/06/eff_request_for_investigation_re_labeling_drm-limited_products.pdf</a></p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=DRM%3A%20You%20have%20the%20right%20to%20know%20what%20you%27re%20buying%21&amp;url=https%3A//www.eff.org/deeplinks/2016/08/drm-you-have-right-know-what-youre-buying&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=DRM%3A%20You%20have%20the%20right%20to%20know%20what%20you%27re%20buying%21&amp;u=https%3A//www.eff.org/deeplinks/2016/08/drm-you-have-right-know-what-youre-buying" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/drm-you-have-right-know-what-youre-buying" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=DRM%3A%20You%20have%20the%20right%20to%20know%20what%20you%27re%20buying%21&amp;url=https%3A//www.eff.org/deeplinks/2016/08/drm-you-have-right-know-what-youre-buying" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 05 Aug 2016 19:06:07 +0000 Cory Doctorow 92558 at https://www.eff.org Announcement DMCA DRM https://www.eff.org/press/releases/eff-ftc-online-retailers-must-label-products-sold-digital-locks <div class="field field-name-field-pr-subhead field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Consumers Need Warning If Movies, Music, Games Restrict When and How They Are Used</div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>San Francisco - The Electronic Frontier Foundation (EFF) and a coalition of consumer groups, content creators, and publishers asked the Federal Trade Commission (FTC) today to require online retailers to label the ebooks, songs, games, and apps that come with digital locks restricting how consumers can use them.<br />  <br /> In a <a target="_blank" href="https://www.eff.org/document/eff-letter-ftc-re-drm-labeling">letter</a> sent to the FTC today, the coalition said companies like Amazon, Google, and Apple have a duty to inform consumers if products for sale are locked with some kind of "digital rights management" or <a target="_blank" href="https://www.eff.org/issues/drm">DRM</a>. Companies use DRM to purportedly combat copyright infringement, but <a target="_blank" href="https://www.eff.org/deeplinks/2016/05/yes-all-drm">DRM locks</a> can also block you from watching the movie you bought in New York when you go to Asia on vacation, or limit which devices can play the <a target="_blank" href="https://www.eff.org/deeplinks/2016/05/what-do-customers-think-theyre-getting-when-they-buy-media-online">songs you purchased</a>.<br />  <br /> "Without DRM labeling, it’s nearly impossible to figure out which products have digital locks and what restrictions these locks impose," said EFF Special Advisor <a target="_blank" href="https://craphound.com/">Cory Doctorow</a>. "We know the public prefers DRM-free e-books and other electronic products, but right now buyers are in the dark about DRM locks when they go to make purchases online. Customers have a right to know about these restrictions before they part with their money, not after."<br />  <br /> The letter is accompanied by a request that the FTC <a target="_blank" href="https://www.eff.org/document/eff-request-investigation-re-drm-labeling">investigate</a> and take action on behalf of consumers who find themselves deprived of the enjoyment of their property every day, due to a marketplace where products limited by DRM are sold without adequate notice. The request details the <a target="_blank" href="https://www.eff.org/deeplinks/2016/03/ebooks-games-music-movies-and-internet-things-tell-us-your-drm-horror-stories">stories</a> of 20 EFF supporters who bought products—ebooks, videos, games, music, devices, even a cat-litter box—that came with DRM that caused them grief. They report that DRM left them with broken, orphaned, or useless devices and in some cases even incapacitated other devices.<br />  <br /> The <a target="_blank" href="https://www.ftc.gov/">FTC</a> oversees fair packaging and labeling rules that are supposed to prevent consumers from being deceived and facilitate value comparisons. Today’s letter argues that the FTC should require electronic sellers to use a simple, consistent, and straightforward label about DRM locks for digital media. For example, "product detail" lists—which appear on digital product pages and disclose such basic information as serial number, file size, publisher, and whether certain technological features are enabled—should include a category stating whether a product is DRM-free or DRM-restricted. The latter designation should include a link to a clear explanation of the restrictions imposed on the product.<br />  <br /> "The use of DRM is controversial among creators, studios, and audiences. What shouldn’t be controversial is the right of consumers to know which products have DRM locks. If car companies made vehicles that only drove on certain streets, they’d have to disclose this to consumers. Likewise, digital media products with DRM restrictions should be clearly labeled," said Doctorow.<br />  <br /> Signers of today’s letter include the Consumer Federation of America, Public Knowledge, the Free Software Foundation, McSweeney’s, and No Starch Press.<br />  <br /> For the full letter to the FTC about labeling:<a href="https://www.eff.org/files/2016/08/05/eff_request_for_investigation_re_labeling_drm-limited_products.pdf"></a><br /><a target="_blank" href="https://www.eff.org/document/eff-letter-ftc-re-drm-labeling">https://www.eff.org/document/eff-letter-ftc-re-drm-labeling</a></p> <p>For the full letter to the FTC with the stories of people who've been harmed by DRM they weren't informed of:<a target="_blank" href="https://www.eff.org/files/2016/08/06/eff_request_for_investigation_re_labeling_drm-limited_products.pdf">https://www.eff.org/files/2016/08/06/eff_request_for_investigation_re_labeling_drm-limited_products.pdf</a></p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-contact field-type-node-reference field-label-above"><div class="field-label">Contact:&nbsp;</div><div class="field-items"><div class="field-item even"><div class="ds-1col node node-profile node-promoted view-mode-node_embed clearfix"> <div class=""> <div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Cory</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Doctorow</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">EFF Special Advisor</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:doctorow@craphound.com">doctorow@craphound.com</a></div></div></div> </div> </div> </div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%20to%20FTC%3A%20Online%20Retailers%20Must%20Label%20Products%20Sold%20with%20Digital%20Locks&amp;url=https%3A//www.eff.org/press/releases/eff-ftc-online-retailers-must-label-products-sold-digital-locks&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%20to%20FTC%3A%20Online%20Retailers%20Must%20Label%20Products%20Sold%20with%20Digital%20Locks&amp;u=https%3A//www.eff.org/press/releases/eff-ftc-online-retailers-must-label-products-sold-digital-locks" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/press/releases/eff-ftc-online-retailers-must-label-products-sold-digital-locks" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%20to%20FTC%3A%20Online%20Retailers%20Must%20Label%20Products%20Sold%20with%20Digital%20Locks&amp;url=https%3A//www.eff.org/press/releases/eff-ftc-online-retailers-must-label-products-sold-digital-locks" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 05 Aug 2016 17:24:05 +0000 Karen Gullo 92556 at https://www.eff.org https://www.eff.org/deeplinks/2016/08/join-us-great-california-database-hunt <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Imagine if local governments were like restaurants, where you could pick up a menu of public datasets, read the names and description, then order whatever suits your open data appetite? </p> <p>This transparency advocate’s fantasy became reality in California on July 1, when a new law took effect. <a href="https://leginfo.legislature.ca.gov/faces/billCompareClient.xhtml?bill_id=201520160SB272">S.B. 272</a> added a section to the California Public Records Act that requires local agencies (except school districts) to publish inventories of “enterprise systems” on their websites. We are talking about catalogs of every database that holds information on the public or serves as a primary source of government data. </p> <p>And we need your help on Saturday, Aug. 27 to—as the saying goes—<i>catch ‘em all.</i></p> <div class="pullquote-right"><strong>What: </strong>California Database Hunt <p><strong>Date:</strong> Saturday, August 27, 2016<br /><strong>Time:</strong> 11 a.m. - 3 p.m. PT/ 2 p.m. - 6 p.m. ET<br /><strong>Where:</strong> San Francisco, Washington, D.C., and Remotely<br /><a href="https://supporters.eff.org/sign-california-database-hunt">RSVP Link</a></p> </div> <p>Similar policies are in place on the federal level due to President Obama's 2013 Open Data Policy, which requires every federal agency to compile an inventory of its data resources and say what's public and what's not.</p> <p>Under the new California law, these catalogs don’t just simply list the names of databases. They also contain information such as: the purpose of the system; the type of data collected; how often data is collected and updated; the name of the software product being used; and the vendor supplying it.  </p> <p>The passage of S.B. 272 was a victory on multiple fronts. Now, the public can look through these catalogs in order to file records requests for data sets. Privacy and civil liberties activists can also learn what kind of data is being collected on the public, including police databases and certain surveillance systems.</p> <p>So far, there’s little consistency between local agencies publishing these sets. For example, the City of Manhattan Beach provides its inventory of 13 enterprise systems as <a href="https://www.citymb.info/home/showdocument?id=23688">a .pdf file</a>.  Meanwhile, the City and County of San Francisco offers <a href="https://data.sfgov.org/City-Management-and-Ethics/Inventory-of-citywide-enterprise-systems-of-record/ebux-gcnq">a robust inventory of 451 data systems</a> that can be filtered, searched, sorted, and exported in multiple formats.</p> <p>Currently, however, all these databases reside on individual websites.</p> <p>The Electronic Frontier Foundation, the Data Foundation, the Sunlight Foundation, and S.B. 272's original sponsor, Level Zero, are now teaming up to collect links to all these data catalogs in a single repository. And we need your help.</p> <p>Join us on Aug. 27 for a sprint to track down and index these catalogs across California. We’ll be holding events in San Francisco and Washington, DC, but you will also be able to join us remotely from where you are in the world.</p> <p><a href="https://supporters.eff.org/sign-california-database-hunt">To register for the event or for more information, just sign up.</a> (If you plan on attending in-person in DC, please also <a href="https://www.eventbrite.com/e/california-database-hunt-dc-tickets-26967794399">register with the Data Foundation</a> for logistical coordination.) </p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Join%20Us%20for%20the%20Great%20California%20Database%20Hunt&amp;url=https%3A//www.eff.org/deeplinks/2016/08/join-us-great-california-database-hunt&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Join%20Us%20for%20the%20Great%20California%20Database%20Hunt&amp;u=https%3A//www.eff.org/deeplinks/2016/08/join-us-great-california-database-hunt" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/join-us-great-california-database-hunt" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Join%20Us%20for%20the%20Great%20California%20Database%20Hunt&amp;url=https%3A//www.eff.org/deeplinks/2016/08/join-us-great-california-database-hunt" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 05 Aug 2016 15:29:50 +0000 Dave Maass 92544 at https://www.eff.org Transparency https://www.eff.org/deeplinks/2016/08/fcc-settlement-requires-tp-link-support-3rd-party-firmware <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>In a win for the open source community, router maker TP-Link will be required to allow consumers to install third-party firmware on their wireless routers, the Federal Communications Commission (FCC) <a href="https://transition.fcc.gov/Daily_Releases/Daily_Business/2016/db0801/DOC-340564A1.pdf">announced</a> Monday. The announcement comes on the heels of a settlement requiring TP-Link to pay a $200,000 fine for failing to properly limit their devices' transmission power on the 2.4GHz band to within regulatory requirements. On its face, new rules about open source firmware don't seem to have much to do with TP-Link's compliance problems. But the FCC's new rule helps fix an unintended consequence of a policy the agency made last year, which had led to open source developers being locked out of wireless routers entirely.</p> <p>The FCC set forth a list of <a href="https://assets.documentcloud.org/documents/2339685/fcc-software-security-requirements.pdf">Software Security Requirements</a> in March 2015 that included specific language which appeared to <a href="https://arstechnica.com/information-technology/2015/09/fcc-accused-of-locking-down-wi-fi-routers-but-the-truth-is-a-bit-murkier/">encourage restrictions on third-party firmware</a>—in particular the popular DD-WRT—that could be used to circumvent bandwidth requirements. The purpose of the requirements was to prevent wireless routers from interfering with other communications. In November, the FCC clarified that <a href="https://www.eff.org/deeplinks/2015/11/free-router-software-not-crosshairs-fcc-clarifies">it was not in fact seeking to ban open source software from wireless routers</a>—but by that point the damage had already been done. TP-Link had already <a href="https://yro.slashdot.org/story/16/03/12/176248/tp-link-blocks-open-source-router-firmware-to-comply-with-fcc-rules">begun paving the way</a> for locking out third-party firmware as a way of bringing itself into compliance. Meanwhile, other manufacturers such as Linksys had <a href="https://arstechnica.com/information-technology/2016/05/linksys-wrt-routers-wont-block-open-source-firmware-despite-fcc-rules/">sought to work with the open-source firmware community</a> to allow consumers to install custom firmware without violating FCC rules.</p> <p>This decision is a welcome one for the open-source firmware community, which has worked hard to support the <a href="https://dd-wrt.com/wiki/index.php/Supported_Devices">wide</a> <a href="https://wiki.openwrt.org/toh/start">range</a> of routers in circulation. It's good for security, too. Manufacturers often leave their device firmware neglected after flashing it at the factory, leaving users completely unprotected from security vulnerabilities that are <a href="https://routersecurity.org/bugs.php">frequently discovered</a>. Just last month, TP-Link <a href="https://www.neowin.net/news/tp-link-routers-exposed-to-potential-security-flaw-after-domain-registration-lapses">let the domain registration lapse</a> for a site allowing consumers to configure their devices over the Internet, potentially exposing a large swath of its users to credentials-stealing or malware attacks. Many open-source firmware projects, on the other hand, release regular updates that allow users to make sure vulnerabilities on their devices get patched. In addition, third-party firmware allows users to take more fine-grained control of their routers than is typically granted by manufacturer firmware. This opens a whole range of possibilities, from power-users wishing to extend the range of their home Wi-Fi by setting up repeaters throughout their homes, to community members wishing to take part in <a href="https://nycmesh.net/">innovative</a> <a href="https://peoplesopen.net/">community-based</a> <a href="https://en.wikipedia.org/wiki/Wireless_mesh_network">mesh-networking</a> <a href="https://www.open-mesh.org/projects/open-mesh/wiki">firmware</a> <a href="https://github.com/sudomesh/sudowrt-firmware">projects</a>.</p> <p>Although the FCC statement guarantees TP-Link will allow installation of open-source firmware, they have also made clear that manufacturers have to do something to ensure compliance with a second set of rules, relating to the <a href="https://en.wikipedia.org/wiki/U-NII">U-NII</a> radio band. This could leave manufacturers with a hard choice: locking down the separate, low-level firmware that controls the router radio so that users cannot tamper with it, or limiting the capabilities of the radio itself at the point of manufacture. The first option would prevent users from taking full control of their hardware by replacing the firmware that controls it with open-source alternatives. It means that even if the high-level firmware on the router is open-source, the device can never be fully controlled by the user because the low-level firmware controlling the hardware is encumbered by closed-source binaries. After the unfortunate reaction of router manufacturers to the FCC's 2015 policy, the agency should have been more careful not to create new incentives to lock down router firmware.</p> <p>Overall, the FCC has sent a clear message with the TP-Link settlement: work with the community, not against it, to improve your devices and ensure compliance. But they should be more clear about how router makers can comply while allowing for the possibility of fully open-source routers, right down to the firmware.</p> <p><em>Update 8/8: TP-Link has issued a <a href="https://www.tp-link.us/faq-1058.html">statement on the settlement</a> explaining how they will allow third-party firmware to be installed on their devices, but (following the suggestion of the FCC) "<span>any third-party software/firmware developers must demonstrate how their proposed designs will not allow access to the frequency or power level protocols in our devices."  This seems to confirm <a href="https://wwahammy.com/no-the-fcc-didnt-help-free-software/">earlier concerns</a> of an</span></em><span><i> open source software advocate </i></span><em><span>that "FCC is trying to do something through an settlement agreement that they can't do through law: regulate what ALL software can do if it interacts with radio devices."</span></em></p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=FCC%20Settlement%20Requires%20TP-Link%20to%20Support%203rd-Party%20Firmware&amp;url=https%3A//www.eff.org/deeplinks/2016/08/fcc-settlement-requires-tp-link-support-3rd-party-firmware&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=FCC%20Settlement%20Requires%20TP-Link%20to%20Support%203rd-Party%20Firmware&amp;u=https%3A//www.eff.org/deeplinks/2016/08/fcc-settlement-requires-tp-link-support-3rd-party-firmware" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/fcc-settlement-requires-tp-link-support-3rd-party-firmware" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=FCC%20Settlement%20Requires%20TP-Link%20to%20Support%203rd-Party%20Firmware&amp;url=https%3A//www.eff.org/deeplinks/2016/08/fcc-settlement-requires-tp-link-support-3rd-party-firmware" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 05 Aug 2016 01:30:38 +0000 Bill Budington 92526 at https://www.eff.org Open Wireless https://www.eff.org/deeplinks/2016/08/darpa-cgc-safety-protocol <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Today, DARPA (the Defense Advanced Research Projects Agency, the R&amp;D arm of the US military) is holding the finals for its <a href="https://www.cybergrandchallenge.com/">Cyber Grand Challenge</a> (CGC) competition at DEF CON. We think that this initiative by DARPA is very cool, very innovative, and could have been a little dangerous.</p> <p>In this post, we’re going to talk about why the CGC is important and interesting (it's about building automated systems that can break into computers!); about some of the dangers posed by this line of automated security research; and the sorts of safety precautions that may become appropriate as endeavors in this space become more advanced. We think there may be some real policy concerns down the road about systems that can automate the process of exploiting vulnerabilities. But rather than calling for external policy interventions, we think the best people to address these issues are the people doing the research themselves—and we encourage them to come together now to address these questions explicitly.</p> <h2>The DARPA Cyber Grand Challenge</h2> <p>In some ways, the Cyber Grand Challenge is a lot like normal <a href="https://en.wikipedia.org/wiki/Capture_the_flag#Computer_security">capture the flag</a> (CTF) competitions held at hacker and computer security events. Different teams all connect their computers to the same network and place a special file (the “flag”) in a secure location on their machines. The goal is to secure your team's machines to make sure nobody else can hack into them and retrieve the flag, while simultaneously trying to hack the other teams' machines and exfiltrate their flag. (And of course, your computer has to stay connected to the network the whole time, possibly serving a website or providing some other network service.)</p> <p>The difference with DARPA's Cyber Grand Challenge, though, is that the “hackers” participating in the competition are automated systems. In other words, human teams get to program completely automated offensive and defensive systems which are designed to automatically detect vulnerabilities in software and either patch them or exploit them, using various techniques including <a href="https://en.wikipedia.org/wiki/Fuzz_testing">fuzzing</a>, <a href="https://en.wikipedia.org/wiki/Static_program_analysis">static analysis</a> or <a href="https://scholar.google.com/scholar?q=machine+learning+security+vulnerabilities">machine learning</a>. Then, during the competition, these automated systems face off against each other with no human participation or help. Once the competition starts, it's all up to the automated systems.</p> <p>In principle, autonomous vulnerability detection research like this is only an incremental step beyond the excellent fuzzing work being done at <a href="https://www.google.com/search?q=google+fuzzer">Google</a>, <a href="https://www.computerworld.com/article/2516563/security0/microsoft-runs-fuzzing-botnet--finds-1-800-office-bugs.html">Microsoft</a> and elsewhere, and may be good from a cybersecurity policy perspective, particularly if it serves to level the playing field between attackers and defenders when it comes to computer and network security. To date, attackers have tended to have the advantage because they often only need to find one vulnerability in order to compromise a system. No matter how many vulnerabilities a defender patches, if there's even one critical bug they haven't discovered, an attacker could find a way in. Research like the Cyber Grand Challenge could help even the odds by giving defenders tools which will automatically scan all exposed software, and not only discover vulnerabilities, but assist in patching them, too. Theoretically, if automated methods became the best way of finding bugs, it might negate some of the <a href="https://www.schneier.com/essays/archives/2012/03/how_changing_technol.html">asymmetries</a> that often make defensive computer security work so difficult.</p> <p>But this silver lining has a cloud. We are going to start seeing tools that don't just identify vulnerabilities, but automatically write and launch exploits for them. Using these same sorts of autonomous tools, we can imagine an attacker creating (perhaps even accidentally) a 21st century version of the <a href="https://en.wikipedia.org/wiki/Morris_worm">Morris worm</a> that can discover new <a href="https://en.wikipedia.org/wiki/Zero-day_(computing)">zero days</a> to help itself propagate. How do you defend the Internet against a virus that continuously finds new vulnerabilities as it attacks new machines? The obvious answer would be to use one of the automated defensive patching systems we just described—but unfortunately, in many cases such a system just won't be effective or deployable.</p> <p>Why not? Because not all computer systems can be patched easily. A multitude of Internet of Things devices have already been built and sold where a remote upgrade simply isn't possible—particularly on embedded systems where the software is flashed onto a microcontroller and upgrading requires an actual physical connection. Other devices might technically have the capability to be upgraded, but the manufacturer might not have designed or implemented an official remote upgrade channel.<a class="see-footnote" id="footnoteref1_cz33gt8" title="Of course, manufacturers could turn loose autonomous patching viruses which patch users' devices as they propagate through the Internet, but this could open up a huge can of worms if users aren't expecting their devices to undergo these sorts of aggressive pseudo-attacks (not to mention the possible legal ramifications under the CFAA)." href="#footnote1_cz33gt8">1</a> And even when there is an official upgrade channel, many devices continue to be used long after manufacturers decide it isn't profitable to continue to provide security updates.<a class="see-footnote" id="footnoteref2_hrohiqi" title="We're looking at you, Android device manufacturers, mobile carriers, and Google." href="#footnote2_hrohiqi">2</a></p> <p>In some cases, it may be possible to do automated defensive patching on the network, before messages get to vulnerable end systems. In fact, some people closely familiar with the DARPA CGC have suggested to us that developing these kinds of defensive proxies may be one of the CGC’s long-term objectives. But such defensive patching at the network layer is only possible for protocols that are not encrypted, or on aggressively managed networks where encryption is subject to man-in-the-middle inspection by firewalls and endpoints are configured to trust man-in-the-middle CAs. Both of these situations have serious security problems of their own.</p> <p>Right now, attacking the long tail of vulnerable devices, such as IoT gadgets, isn't worthwhile for many sophisticated actors because the benefit for the would-be hacker is far lower than the effort it would take to make the attack successful. Imagine a hacker thinking about attacking a model of Internet-connected thermostat that's not very popular. It would probably take days or weeks of work, and the number of compromised systems would be very low (compared to compromising a more popular model)—not to mention the systems themselves wouldn't be very useful in and of themselves. For the hacker, focusing on this particular target just isn't worth it.</p> <p>But now imagine an attacker armed with a tool which discovers and exploits new vulnerabilities in any software it encounters. Such an attacker could attack an entire class of systems (all Internet of Things devices using a certain microprocessor architecture, say) much more easily. And unlike when the Morris worm went viral in 1988, today everything from <a href="https://www.washingtonpost.com/news/the-switch/wp/2015/12/04/hello-hackable-barbie/">Barbie dolls</a> to <a href="https://www.techdirt.com/articles/20151015/13551232547/easily-hacked-tea-kettle-latest-to-highlight-pathetic-internet-things-security.shtml">tea kettles</a> are connected to the Internet—as well as parts of our transportation infrastructure like <a href="https://www.techinsider.io/hackers-attack-gas-stations-in-the-us-2015-8">gas pumps</a> and <a href="https://arstechnica.com/security/2014/08/researchers-find-its-terrifyingly-easy-to-hack-traffic-lights/">traffic lights</a>. If a 21st century Morris worm could learn to attack these systems before we replaced them with patchable, upgradable versions, the results would would be highly unpredictable and potentially very serious.</p> <h2>Precautions, Not Prohibitions</h2> <p>Does this mean we should cease performing this sort of research and stop investigating automated cybersecurity systems? Absolutely not. EFF is a pro-innovation organization, and we certainly wouldn’t ask DARPA or any other research group to stop innovating. Nor is it even really clear how you could stop such research if you wanted to; plenty of actors could do it if they wanted.</p> <p>Instead, we think the right thing, at least for now, is for researchers to proceed cautiously and be conscious of the risks. When thematically similar concerns have been raised in other fields, researchers spent some time reviewing their safety precautions and risk assessments, then <a href="https://science.sciencemag.org/content/339/6119/520">resumed their work</a>. That's the right approach for automated vulnerability detection, too. At the moment, autonomous computer security research is still the purview of a small community of extremely experienced and intelligent researchers. Until our civilization's cybersecurity systems aren't quite so fragile, we believe it is the moral and ethical responsibility of our community to think through the risks that come with the technology they develop, as well as how to mitigate those risks, before it falls into the wrong hands.</p> <p>For example, researchers should probably ask questions like:</p> <ul><li>If this tool is designed to find and patch vulnerabilities, how hard would it be for someone who got its source code to turn it into a tool for finding and exploiting vulnerabilities? The differences may be small but still important. For instance, does the tool need a copy of the source code or binary it's analyzing? Does it just identify problematic inputs that may crash programs, or places in their code that may require protections, or does it go further and automate exploitation of the bugs it has found?</li> <li>What architectures or types of systems does this tool target? Are they widespread? Can these systems be easily patched and protected?</li> <li>What is the worst-case scenario if this tool's source code were leaked to, say, an enemy nation-state or authors of <a href="https://en.wikipedia.org/wiki/Ransomware">commercial cryptoviruses</a>? What would happen if the tool escaped onto the public Internet?</li> </ul><p>To be clear, we're not saying that researchers should stop innovating in cases where the answers to those questions are more pessimistic. Rather, we're saying that they may want to take precautions proportional to the risk. In the same way biologists take different precautions ranging from just wearing a mask and gloves to isolating samples in a sealed negative-pressure environment, security researchers may need to vary their precautions from using full-disk encryption, all the way to only doing the research on air-gapped machines, depending on the risk involved.</p> <p>For now, though, the field is still quite young and such extreme precautions probably aren't necessary. DARPA's Cyber Grand Challenge illustrates some of the reasons for this: the tools in the CGC aren't designed to target the same sort of software that runs on everyday laptops or smartphones. Instead, DARPA developed a <a href="https://github.com/cybergrandchallenge">simplified open source operating system extension</a> expressly for the CGC. In part, this was intended to make the work of CGC contestants easier. But it was also done so that any tools designed for use in the CGC would need to be significantly modified for use in the real-world—so they don't really pose much of a danger as is, and no additional safety precautions are likely necessary.</p> <p>But what if, a few years from now, the subsequent rounds of the contest target commonplace software? As they move in that direction, the designers of systems capable of automatically finding and exploiting vulnerabilities should take the time to think through the possible risks, and strategies for how to minimize them in advance. That's why we think the people who are experts in this field should come together, discuss the issues we're flagging here (and perhaps raise new ones), and come up with a strategy for handling the safety considerations for any risks they identify. In other words, we’d like to encourage the field to fully think through the ramifications of new research as it’s conducted. Much like the <a href="https://en.wikipedia.org/wiki/Asilomar_Conference_on_Recombinant_DNA">genetics community did in 1975</a>, we think researchers working in the intersection of AI, automation, and computer security should come together to hold a virtual “Autonomous Cybersecurity Asilomar Conference.” Such a conference would serve two purposes. It would allow the community to develop internal guidelines or suggestions for performing autonomous cybersecurity research safely, and it would reassure the public that the field isn't proceeding blindly forward, but instead proceeding in a thoughtful way with an eye toward bettering computer security for all of us.</p> <ul class="footnotes"><li class="footnote" id="footnote1_cz33gt8"><a class="footnote-label" href="#footnoteref1_cz33gt8">1.</a> Of course, manufacturers could turn loose autonomous patching viruses which patch users' devices as they propagate through the Internet, but this could open up a huge can of worms if users aren't expecting their devices to undergo these sorts of aggressive pseudo-attacks (not to mention the possible legal ramifications under the CFAA).</li> <li class="footnote" id="footnote2_hrohiqi"><a class="footnote-label" href="#footnoteref2_hrohiqi">2.</a> <fn><a href="https://www.eff.org/deeplinks/2015/07/horror-horror-stagefright-androids-heart-darkness">We're looking at you</a>, Android device manufacturers, mobile carriers, and Google.</fn></li> </ul><script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Does%20DARPA%27s%20Cyber%20Grand%20Challenge%20Need%20A%20Safety%20Protocol%3F&amp;url=https%3A//www.eff.org/deeplinks/2016/08/darpa-cgc-safety-protocol&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Does%20DARPA%27s%20Cyber%20Grand%20Challenge%20Need%20A%20Safety%20Protocol%3F&amp;u=https%3A//www.eff.org/deeplinks/2016/08/darpa-cgc-safety-protocol" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/darpa-cgc-safety-protocol" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Does%20DARPA%27s%20Cyber%20Grand%20Challenge%20Need%20A%20Safety%20Protocol%3F&amp;url=https%3A//www.eff.org/deeplinks/2016/08/darpa-cgc-safety-protocol" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Thu, 04 Aug 2016 22:55:30 +0000 Jeremy Gillula and Nate Cardozo and Peter Eckersley 92538 at https://www.eff.org Policy Analysis Security Artificial Intelligence & Machine Learning https://www.eff.org/press/releases/malware-linked-government-kazakhstan-targets-journalists-political-activists-lawyers <div class="field field-name-field-pr-subhead field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Editors Who Exposed Corruption, Political Opponents of Authoritarian Government’s President, and Their Legal Teams Were Sent Malware</div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p class="MsoNoSpacing">San Francisco—Journalists and political activists critical of Kazakhstan’s authoritarian government, along with their family members, lawyers, and associates, have been targets of an online phishing and malware campaign believed to be carried out on behalf of the government of Kazakhstan, according to a new report by the Electronic Frontier Foundation (EFF).</p> <p class="MsoNoSpacing">Malware was sent to Irina Petrushova and Alexander Petrushov, publishers of the independent newspaper <a target="_blank" href="https://www.respublika-kaz.info/">Respublika</a>, which was forced by the government of Kazakhstan to stop printing after years of exposing corruption but has continued to operate online. Also targeted are family members and attorneys of Mukhtar Ablyazov, co-founder and leader of opposition party Democratic Choice of Kazakhstan, as well as other prominent dissidents.</p> <p class="MsoNoSpacing">The campaign—which EFF has called “<a target="_blank" href="https://www.eff.org/wp/operation-manul">Operation Manul</a>,” after endangered wild cats found in the grasslands of Kazakhstan—involved sending victims spearphishing emails that tried to trick them into opening documents which would covertly install surveillance software capable of recording keystrokes, recording through the webcam, and more. <span>Some of the software used in the campaign is commercially available to anyone and sells for as little as $40 online. </span></p> <p class="MsoNoSpacing">Spearphishing emails and malware sent to members of the Ablyazov family while they were in exile in Italy may have helped track the whereabouts of Mukhtar Ablyazov’s wife and young daughter.<span>  </span>Despite having legal European resident permits, the two were taken into custody in Italy in 2013 and forcibly deported to Kazakhastan. Many targets of the malware campaign are also involved in litigation with the government of Kazakhstan, including the publishers of Respublika noted above. EFF <a target="_blank" href="https://www.eff.org/cases/kazakhstan-v-does">represented</a> Respublika in a U.S. lawsuit during the course of which the government has attempted to <a target="_blank" href="https://www.eff.org/wp/operation-manul">censor the site</a> and discover Respublika’s confidential sources</p> <p class="MsoNoSpacing">Kazakhstan is a former Soviet republic that heavily restricts freedom of speech and assembly, and where torture is a serious problem, according to <a target="_blank" href="https://www.hrw.org/europe/central-asia/kazakhstan">Human Rights Watch</a>. The republic was <a target="_blank" href="https://rsf.org/en/kazakhstan">ranked 160</a> out of 180 countries tracked by Reporters Without Borders for attacks on journalistic freedom and independence.</p> <p class="MsoNoSpacing">“The use of malware to spy on and intimidate dissidents beyond their borders is an increasingly common tactic employed by oppressive governments,” said Eva Galperin, Global Policy Analyst at EFF and one of the report’s authors. “As we have seen in places like <a target="_blank" href="https://www.eff.org/deeplinks/2013/12/social-engineering-and-malware-syria-eff-and-citizen-labs-latest-report-digital">Syria</a> and <a target="_blank" href="https://www.eff.org/deeplinks/2014/01/vietnamese-malware-gets-personal">Vietnam,</a> journalists and political opposition leaders are being attacked in both the physical and digital worlds. Regimes are turning to covertly installed malware to track, harass, and silence those who seek to expose corruption and inform the public about human rights abuses—especially targets that have moved beyond the regime's sphere of control. Based on available evidence, we believe this campaign is likely to have been carried out on behalf of the government of Kazakhstan.”</p> <p class="MsoNormal">EFF researchers, along with technologists at First Look Media and Amnesty International, examined data about suspected espionage groups and found overlaps between Operation Manul and Appin Security Group, an Indian company that has been linked with several other attack campaigns. <span></span></p> <p class="MsoNoSpacing">“Appin has been linked by cybersecurity firm Norman Shark to cyber-attacks against a Norwegian telecom company, Punjabi separatists, and others," said EFF Staff Technologist Cooper Quintin. “We found that some of the technology infrastructure used in those cyber attacks overlapped with the infrastructure used in Operation Manul. “</p> <p><span>“Our research shows that such cheap, commercially available malware can have a real impact on vulnerable populations,” said Galperin. “Much of the past research in this area has exposed campaigns carried out by governments using spy software which they have purchased. In this case, the evidence suggests that the government of Kazakhstan hired a company to carry out the attacks on their behalf.”</span></p> <p><span>For the report:<br /><a target="_blank" href="https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf">https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf</a></span></p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-contact field-type-node-reference field-label-above"><div class="field-label">Contact:&nbsp;</div><div class="field-items"><div class="field-item even"><div class="ds-1col node node-profile node-promoted view-mode-node_embed clearfix"> <div class=""> <div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Eva</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Galperin</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Global Policy Analyst</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:eva@eff.org">eva@eff.org</a></div></div></div> </div> </div> </div><div class="field-item odd"><div class="ds-1col node node-profile view-mode-node_embed clearfix"> <div class=""> <div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Cooper</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Quintin</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Staff Technologist</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:cooperq@eff.org">cooperq@eff.org</a></div></div></div> </div> </div> </div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Malware%20Linked%20to%20Government%20of%20Kazakhstan%20Targets%20Journalists%2C%20Political%20Activists%2C%20Lawyers%3A%20EFF%20Report&amp;url=https%3A//www.eff.org/press/releases/malware-linked-government-kazakhstan-targets-journalists-political-activists-lawyers&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Malware%20Linked%20to%20Government%20of%20Kazakhstan%20Targets%20Journalists%2C%20Political%20Activists%2C%20Lawyers%3A%20EFF%20Report&amp;u=https%3A//www.eff.org/press/releases/malware-linked-government-kazakhstan-targets-journalists-political-activists-lawyers" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/press/releases/malware-linked-government-kazakhstan-targets-journalists-political-activists-lawyers" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Malware%20Linked%20to%20Government%20of%20Kazakhstan%20Targets%20Journalists%2C%20Political%20Activists%2C%20Lawyers%3A%20EFF%20Report&amp;url=https%3A//www.eff.org/press/releases/malware-linked-government-kazakhstan-targets-journalists-political-activists-lawyers" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Thu, 04 Aug 2016 17:31:39 +0000 Karen Gullo 92534 at https://www.eff.org https://www.eff.org/deeplinks/2016/08/copyright-office-jumps-set-top-box-debate-says-hollywood-should-control-your-tv <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>The Federal Communications Commission has a plan to bring much-needed competition and consumer choice to the market for set-top boxes and television-viewing apps. Under the FCC’s proposed rule change, <a href="https://www.eff.org/deeplinks/2016/04/new-rules-pay-tv-set-top-boxes-are-about-innovation-and-competition-not-copyright">pay-TV customers would be able to choose devices and apps from anywhere</a> rather than being forced to use the box and associated software provided by the cable company, ending cable companies’ and major TV studios’ monopoly in the field.</p> <p>But major entertainment companies are trying to derail this effort and keep control over TV technology. Central to their argument is a <a href="https://www.eff.org/deeplinks/2016/08/dont-wrap-anti-competitive-pay-tv-practices-copyright-flag">set of misleading claims about copyright law</a>. Hollywood thinks that copyright holders should be able to use licensing agreements to place <a href="https://www.eff.org/deeplinks/2016/05/copyright-doesnt-mean-unlimited-control">whatever restrictions they like</a> on how people can access their content.</p> <p>Unfortunately, the Copyright Office has sent a <a href="https://www.eff.org/document/letter-maria-pallante-fcc-re-set-top-boxes">letter</a> to Congress supporting those claims. The letter is wrong as a matter of law, and it’s also bad policy. Rather than promote innovation, the Copyright Office offers ideas that would be hostile to choice and innovation in all kinds of information technology, not just pay TV.</p> <p>Congress and the courts have repeatedly rejected that vision, and so should the FCC.</p> <p>The FCC’s plan would let cable and satellite subscribers choose the devices and apps they can use to access pay TV content instead of being limited to the leased set-top boxes and walled-garden apps provided by the cable and satellite companies. That’s not just a great goal; it’s also the law—Congress ordered the FCC to pursue this goal <a href="https://www.eff.org/deeplinks/2016/05/copyright-control">all the way back in 1996</a>, but cable companies and TV producers have fought against it for over 20 years. Choice and competition threaten cable and content companies’ power to control what programming gets seen or ignored, how we can search for it, and who can build the hardware and software.</p> <p>Currently, that power over the design of personal TV technology derives from a confluence of unfair private agreements and monopoly power, not from copyright law. Copyright gives rightsholders power to control copying, but not technology design; in fact, that sort of control is antithetical to copyright’s purpose. Over thirty years ago, in <a href="https://scholar.google.com/scholar_case?case=5876335373788447272">Sony v. Universal</a>, the Supreme Court refused to allow movie studios to “extend [their] monopoly” into “control over an article of commerce”—the videocassette recorder—“that is not the subject of copyright protection.” You can search all 280 pages of the Copyright Act, and you won’t find anything that says a copyright holder has the power to control search functionality, or channel placement, or to decide who can build a DVR or video app.</p> <p>Unlocking competition in pay TV hardware and software isn’t a copyright issue - <a href="https://www.eff.org/press/releases/eff-fcc-consumers-need-strong-unlock-box-rules-bring-competition-innovation-set-top">it’s a competition issue</a>. But the Copyright Office mistakenly suggests that a copyright holder “generally has full control as to whether and how to exploit his or her work.” Once a copyright holder has released their work to paying customers, like cable subscribers, those customers have their own set of rights: to view TV programs at home or on the go, to skip around within the programs as they wish, to search for and organize the programs and other content they’re entitled to see, and to choose tools that enable them to do these things.</p> <p>The Copyright Office’s letter implies that cable and content companies could create new rights for themselves just by writing them into private contracts between each other: the right to control which “platforms and devices” customers can use, the right to limit time-shifting and other fair uses, and the right to “exclude” other software from a customer’s device. While private companies are free to negotiate conditions like these between each other, nothing in the law gives copyright holders the power to impose those conditions on <i>the whole world</i>, snuffing out the rights of users.</p> <p>If the law were actually as the Copyright Office says it is, the Internet as we know it would be impossible. Instead, it would look more like today’s cable TV. Imagine that a popular news website made an agreement with your Internet service provider saying that no one should be able to save a local copy of a news article, or to email a link to a friend. Under the Copyright Office’s theory, it might be illegal for you, the subscriber, to do those things. And websites could create other rules dictating subscribers’ activity just by putting them in a secret contract. When you apply the Copyright Office’s reasoning to media in which healthy competition exists, it’s easy to see the logic break down.</p> <p>Re-branding cable and content companies’ private deals as “copyright” issues risks stalling all sorts of efforts to promote competition and innovation that can lead to new markets for creative work. And it’s simply incorrect.</p> <p>Copyright law gives owners specific rights—namely, to control copying and redistribution of their works. Copyright holders cannot control the technologies that customers use to lawfully access their works, nor can they invent new restrictions and rights out of thin air. The Copyright Office should have seen through Hollywood’s attempt to shut out competition through a misinterpretation of copyright law. We hope the FCC does.</p> <p> </p> <script type="text/javascript">var mytubes = new Array(2); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Copyright%20Office%20Jumps%20Into%20Set-Top%20Box%20Debate%2C%20Says%20Hollywood%20Should%20Control%20Your%20TV&amp;url=https%3A//www.eff.org/deeplinks/2016/08/copyright-office-jumps-set-top-box-debate-says-hollywood-should-control-your-tv&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Copyright%20Office%20Jumps%20Into%20Set-Top%20Box%20Debate%2C%20Says%20Hollywood%20Should%20Control%20Your%20TV&amp;u=https%3A//www.eff.org/deeplinks/2016/08/copyright-office-jumps-set-top-box-debate-says-hollywood-should-control-your-tv" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/copyright-office-jumps-set-top-box-debate-says-hollywood-should-control-your-tv" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Copyright%20Office%20Jumps%20Into%20Set-Top%20Box%20Debate%2C%20Says%20Hollywood%20Should%20Control%20Your%20TV&amp;url=https%3A//www.eff.org/deeplinks/2016/08/copyright-office-jumps-set-top-box-debate-says-hollywood-should-control-your-tv" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Thu, 04 Aug 2016 06:36:26 +0000 Mitch Stoltz 92528 at https://www.eff.org Commentary https://www.eff.org/deeplinks/2016/08/eff-eleventh-hope <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Last weekend EFF took part in the Eleventh Hackers On Planet Earth (HOPE) conference in New York City and got to meet so many of our wonderful supporters. We've collected the HOPE talks given by EFF staff below, with the official program abstract, video, and where applicable, the original slides. Once you're done watching those, you can also try your hand at our Capture The Flag competition—the challenges are still up at <a href="https://eff-ctf.org">https://eff-ctf.org</a>, even though the contest is over.</p> <h3>Keynote Address</h3> <p><b>Cory Doctorow</b></p> <div class='mytube' style='width:560px;'><div class='mytubetrigger' id='mytube6'><img width='560' height='315' class='mytubethumb' src='https://www.eff.org/sites/default/files/mytube/yt_f1D7APjmVbk.jpg' alt='mytubethumb' /><img src='https://www.eff.org/sites/all/modules/mytube/play.png' class='mytubeplay' alt='play' style='top:127.5px;left:250px;' /></div><!--mytubetrigger--><div class='mytubetext' id='mytubetext6'><a href="https://www.eff.org/deeplinks/2008/02/embedded-video-and-your-privacy">Privacy info.</a> This embed will serve content from <em><a rel="nofollow" href="https://www.youtube.com/embed/f1D7APjmVbk?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO">youtube.com</a></em><br /></div></div><p> Program abstract: We are so stoked to have Cory Doctorow as our keynote this year. We've been trying to get the stars to align for many HOPEs, and this time they did. But we're glad we waited until now, since so much has happened in the past few years that Cory has been on top of - Snowden, Manning, privacy, copyright issues, surveillance - and his talk will no doubt open your eyes even more. As co-editor of Boing Boing, special advisor to the Electronic Frontier Foundation, a prolific writer of both fiction and non-fiction, and a vocal proponent of changing our copyright laws, Cory really has a lot of super-important and relevant thoughts to share with our HOPE audience.</p> <p>Slides: <a href="https://drive.google.com/file/d/0BxbYd30UHZqHNGU2R2ZMWkppTmc/view" target="_blank">https://drive.google.com/file/d/0BxbYd30UHZqHNGU2R2ZMWkppTmc/view</a></p> <p>Video: <a href="//livestream.com/internetsociety/hopeconf/videos/130727866" target="_blank"> https://livestream.com/internetsociety/hopeconf/videos/130727866</a></p> <h3>Ask the EFF: The Year in Digital Civil Liberties</h3> <p><b>Kurt Opsahl, Jacob Hoffman-Andrews, Vivian Brown, Parker Higgins</b></p> <div class='mytube' style='width:560px;'><div class='mytubetrigger' id='mytube5'><img width='560' height='315' class='mytubethumb' src='https://www.eff.org/sites/default/files/mytube/yt_V2wI5or9Yuo.jpg' alt='mytubethumb' /><img src='https://www.eff.org/sites/all/modules/mytube/play.png' class='mytubeplay' alt='play' style='top:127.5px;left:250px;' /></div><!--mytubetrigger--><div class='mytubetext' id='mytubetext5'><a href="https://www.eff.org/deeplinks/2008/02/embedded-video-and-your-privacy">Privacy info.</a> This embed will serve content from <em><a rel="nofollow" href="https://www.youtube.com/embed/V2wI5or9Yuo?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO">youtube.com</a></em><br /></div></div><p> Program abstract: Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation's premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as surveillance online, encryption (and backdoors), and fighting efforts to use intellectual property claims to shut down free speech and halt innovation. The panel will also include a discussion on their technology project to protect privacy and speech online, updates on cases and legislation affecting security research, and much more. Half the session will be given over to question-and-answer, so it's your chance to ask EFF questions about the law and technology issues that are important to you.</p> <p>Video: <a href="https://livestream.com/internetsociety/hopeconf/videos/130646436" target="_blank">https://livestream.com/internetsociety/hopeconf/videos/130646436</a></p> <h3>The Next Billion Certificates: Let's Encrypt and Scaling the Web PKI</h3> <p><b>Jacob Hoffman-Andrews</b></p> <div class='mytube' style='width:560px;'><div class='mytubetrigger' id='mytube4'><img width='560' height='315' class='mytubethumb' src='https://www.eff.org/sites/default/files/mytube/yt_fOyojK8BlNs.jpg' alt='mytubethumb' /><img src='https://www.eff.org/sites/all/modules/mytube/play.png' class='mytubeplay' alt='play' style='top:127.5px;left:250px;' /></div><!--mytubetrigger--><div class='mytubetext' id='mytubetext4'><a href="https://www.eff.org/deeplinks/2008/02/embedded-video-and-your-privacy">Privacy info.</a> This embed will serve content from <em><a rel="nofollow" href="https://www.youtube.com/embed/fOyojK8BlNs?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO">youtube.com</a></em><br /></div></div><p> Program abstract: Let's Encrypt is a free and automated certificate authority to encrypt the web, launched in December 2015. Jacob will explain why HTTPS is important to Internet freedom and the role certificate authorities play. He'll give an introduction to the ACME protocol that Let's Encrypt uses to automate validation and issuance, discuss Let's Encrypt's progress by the numbers, and outline some of its future plans.</p> <p>Slides: <a href="https://jacob.hoffman-andrews.com/next-billion/#/" target="_blank">https://jacob.hoffman-andrews.com/next-billion/#/</a></p> <p>Video: <a href="https://livestream.com/internetsociety/hopeconf/videos/130646436"> https://livestream.com/internetsociety/hopeconf/videos/130816207</a></p> <h3>Privacy Badger and Panopticlick vs. the Trackers, Round 1</h3> <p><b>William Budington, Cooper Quintin</b></p> <div class='mytube' style='width:560px;'><div class='mytubetrigger' id='mytube3'><img width='560' height='315' class='mytubethumb' src='https://www.eff.org/sites/default/files/mytube/yt_9WbjhuEc2Js.jpg' alt='mytubethumb' /><img src='https://www.eff.org/sites/all/modules/mytube/play.png' class='mytubeplay' alt='play' style='top:127.5px;left:250px;' /></div><!--mytubetrigger--><div class='mytubetext' id='mytubetext3'><a href="https://www.eff.org/deeplinks/2008/02/embedded-video-and-your-privacy">Privacy info.</a> This embed will serve content from <em><a rel="nofollow" href="https://www.youtube.com/embed/9WbjhuEc2Js?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO">youtube.com</a></em><br /></div></div><p> Program abstract: Increasingly, as you navigate the web, your movements are being tracked. Even when you reject browser cookies, you transmit unique information that makes your browser personally identifiable. Ad tech and tracking companies are transforming the web into a platform where your user data is brokered and exchanged freely without your consent or even knowledge - and there is a true absence of limits to the methods trackers are willing to use to get that data from you. Luckily, there is hope. The Electronic Frontier Foundation (EFF) has been developing technologies that let you know exactly how much of this data you are giving out as you browse, as well as releasing tools to help you protect yourselves against the trackers. Panopticlick and Privacy Badger help you keep your personal data private - and this talk will show you how.</p> <p>Slides: <a href="https://www.eff.org/files/privacy-badger-panopticlick-v-trackers.pdf" target="_blank">https://www.eff.org/files/privacy-badger-panopticlick-v-trackers.pdf</a></p> <p>Video: <a href="https://livestream.com/internetsociety/hopeconf/videos/130646436">https://livestream.com/internetsociety/hopeconf/videos/130664570</a></p> <script type="text/javascript">var mytubes = new Array(6); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[3] = '%3Ciframe src=%22https://www.youtube.com/embed/9WbjhuEc2Js?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[4] = '%3Ciframe src=%22https://www.youtube.com/embed/fOyojK8BlNs?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[5] = '%3Ciframe src=%22https://www.youtube.com/embed/V2wI5or9Yuo?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[6] = '%3Ciframe src=%22https://www.youtube.com/embed/f1D7APjmVbk?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%20at%20the%20Eleventh%20Hope&amp;url=https%3A//www.eff.org/deeplinks/2016/08/eff-eleventh-hope&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%20at%20the%20Eleventh%20Hope&amp;u=https%3A//www.eff.org/deeplinks/2016/08/eff-eleventh-hope" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/eff-eleventh-hope" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%20at%20the%20Eleventh%20Hope&amp;url=https%3A//www.eff.org/deeplinks/2016/08/eff-eleventh-hope" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Tue, 02 Aug 2016 21:10:37 +0000 Cooper Quintin 92506 at https://www.eff.org DMCA DRM Privacy Do Not Track Encrypting the Web https://www.eff.org/press/releases/eff-asks-court-uphold-invalidation-podcasting-patent <div class="field field-name-field-pr-subhead field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Thursday Hearing in EFF’s Case Against Patent That Threatened Podcasting</div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><span>Washington, D.C.—The Electronic Frontier Foundation (EFF) will urge a federal appeals court at a hearing Thursday to find that the U.S. Patent and Trademark Office (USPTO) correctly <a target="_blank" href="https://www.eff.org/document/uspto-decision">invalidated</a> key claims of a patent owned by Personal Audio, which had used the patent to threaten podcasters big and small.</span></p> <p><span>EFF is defending a USPTO ruling it <a target="_blank" href="https://www.eff.org/press/releases/eff-busts-podcasting-patent-invalidating-key-claims-patent-office">won</a> last year in its <a target="_blank" href="https://www.eff.org/document/podcasting-petition-inter-partes-review">petition</a> challenging the validity of key claims of <a target="_blank" href="https://www.eff.org/cases/eff-v-personal-audio-llc">Personal Audio’s patent</a>. EFF argued, and the USPTO agreed, that the claimed invention existed before Personal Audio filed its patent application. </span></p> <p><span>Personal Audio maintained that it invented the process of updating a website regularly with new, related content creating a series of episodes—basically podcasting—in 1996. Personal Audio began sending letters to podcasters in 2013, demanding licensing fees from creators such as comedian Adam Carolla and three major television networks. In its challenge to the patent, EFF showed that putting a series of episodes online for everyone to enjoy was not a new idea when the patent application was filed.</span></p> <p><span>Personal Audio asked the U.S. Court of Appeals for the Federal District in Washington D.C. to <a target="_blank" href="https://www.eff.org/deeplinks/2015/09/podcasting-update-personal-audio-files-appeal">overturn</a> the USPTO ruling. At a hearing on Thursday, EFF's pro bono counsel will ask the court to reject Personal Audio’s argument that the USPTO erred when it invalidated the patent claims. </span></p> <p><span>What: Court hearing in <i>Personal Audio LLC v. Electronic Frontier Foundation</i></span></p> <p><span>When:<span>  </span>Thursday, August 4, 10 am</span></p> <p class="MsoNoSpacing">Where:<span>  </span>U.S. Court of Appeals for the Federal Circuit<br />              <span></span>Courtroom 401, Panel J<br />              <span></span>717 Madison Place, N.W.<span>              <br /></span>             Washington, D.C.<span>  </span>20439</p> <p class="MsoNoSpacing"> For more on EFF’s Personal Audio challenge:<br /><a href="https://www.eff.org/cases/eff-v-personal-audio-llc">https://www.eff.org/cases/eff-v-personal-audio-llc</a></p> <script type="text/javascript">var mytubes = new Array(6); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[3] = '%3Ciframe src=%22https://www.youtube.com/embed/9WbjhuEc2Js?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[4] = '%3Ciframe src=%22https://www.youtube.com/embed/fOyojK8BlNs?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[5] = '%3Ciframe src=%22https://www.youtube.com/embed/V2wI5or9Yuo?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[6] = '%3Ciframe src=%22https://www.youtube.com/embed/f1D7APjmVbk?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-contact field-type-node-reference field-label-above"><div class="field-label">Contact:&nbsp;</div><div class="field-items"><div class="field-item even"><div class="ds-1col node node-profile view-mode-node_embed clearfix"> <div class=""> <div class="field field-name-field-profile-first-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Daniel</div></div></div><div class="field field-name-field-profile-last-name field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Nazer</div></div></div><div class="field field-name-field-profile-title field-type-text field-label-hidden"><div class="field-items"><div class="field-item even">Staff Attorney and Mark Cuban Chair to Eliminate Stupid Patents</div></div></div><div class="field field-name-field-profile-email field-type-email field-label-hidden"><div class="field-items"><div class="field-item even"><a href="mailto:daniel@eff.org">daniel@eff.org</a></div></div></div> </div> </div> </div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=EFF%20Asks%20Court%20to%20Uphold%20Invalidation%20of%20Podcasting%20Patent&amp;url=https%3A//www.eff.org/press/releases/eff-asks-court-uphold-invalidation-podcasting-patent&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=EFF%20Asks%20Court%20to%20Uphold%20Invalidation%20of%20Podcasting%20Patent&amp;u=https%3A//www.eff.org/press/releases/eff-asks-court-uphold-invalidation-podcasting-patent" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/press/releases/eff-asks-court-uphold-invalidation-podcasting-patent" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=EFF%20Asks%20Court%20to%20Uphold%20Invalidation%20of%20Podcasting%20Patent&amp;url=https%3A//www.eff.org/press/releases/eff-asks-court-uphold-invalidation-podcasting-patent" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Tue, 02 Aug 2016 17:34:24 +0000 Karen Gullo 92510 at https://www.eff.org https://www.eff.org/deeplinks/2016/08/victory-oregon-supreme-court-agrees-violating-company-rule-not-computer-crime <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Can you imagine being prosecuted for checking personal email while at work because your employer says you can only use your computer for “company business”? Of course not. Violating a company rule is not—and should not be—a computer crime. Prosecutors have tried to use the federal <a href="https://www.eff.org/issues/cfaa">Computer Fraud and Abuse Act</a> (CFAA) and parallel state criminal laws to target violations of company rules, but courts are <a href="https://www.eff.org/deeplinks/2015/03/violating-employers-computer-use-restriction-not-federal-crime">increasingly</a> calling foul on the misuse of statutes intended to criminalize computer break-ins.</p> <p>The Oregon Supreme Court is one of them, saying “no” to prosecutors who tried to hold Caryn Nascimento liable under Oregon’s <a href="https://law.justia.com/codes/oregon/2013/volume-04/chapter-164/section-164.377/">computer crime law</a> for a violation of her employer’s computer use policy. EFF filed an <a href="https://www.eff.org/document/eff-nascimento-amicus-brief">amicus brief</a> in the case, <a href="https://www.eff.org/cases/oregon-v-nascimento"><i>State v. Nascimento</i></a>, and the court specifically cited our argument that “the state’s reading of the statute—which arguably criminalizes any computer use in violation of an employer’s personnel or computer use policies—is unworkably broad because it gives private entities the power to decide what conduct in the workplace is criminal and what is not.”</p> <p>Nascimento worked as a cashier at the deli counter of a convenience store. As part of her job, she was authorized to access a lottery terminal in the store to sell and validate lottery tickets for paying customers. Store policy prohibited employees from purchasing lottery tickets for themselves or validating their own lottery tickets while on duty. A store manager noticed a discrepancy in the receipts from the lottery terminal and discovered that Nascimento had printed lottery tickets for herself without paying for them. She was charged and convicted with not only first-degree theft, but also computer crime on the ground that she accessed the lottery terminal “without authorization.”</p> <p>Nascimento took her case to the Oregon Supreme Court, where we filed a brief in her support. We did not challenge the theft conviction but explained to the court that the state’s interpretation of Oregon's computer crime statute was unworkable because it turned employees into criminals for reading personal email or checking a baseball game's score while at work, in violation of company policy. And, we explained, because Facebook’s terms of use prohibit users from providing false personal information, a Facebook user could be prosecuted for shaving a few years off her age in her profile.</p> <p>The Oregon Supreme Court heeded our advice, rejecting the lower court’s expansive interpretation of the statute. The court held that violating an employer’s personnel or computer use policies could “lead to personnel actions or other private discipline or to possible proceedings under other statutes, but it does not violate” Oregon’s computer crime law. According to the court, the law’s history demonstrated that it was intended to criminalize access or use of a computer by someone who had no authority to do so—“the kind of intrusion or access to a computer by unauthorized third parties commonly referred to as ‘hacking.’” Meanwhile, “Nothing in the legislative history suggests that the statute was intended to reach a person who was trained and authorized to use a particular computer, but did so for an unpermitted purpose.”</p> <p>As the court recognized, a company can restrict a person’s “authorization” to access or use a computer through setting up a password requirement or other authentication or security procedures. But here, Nascimento’s employer had done nothing to restrict her authorization. Because there was no evidence that she had “circumvented any computer security measures, misused another employee’s password, or accessed any protected data,” she was not guilty of violating the state’s computer crime statute.</p> <p>The prosecutor’s interpretation of the statute would have transformed innocent employees and Internet users into criminals on the basis of innocuous, everyday behavior. We’re happy the Oregon Supreme Court took to heart our warnings about the dangers of such an expansive interpretation of the law and adopted a clear rule that limits the discretion of overzealous prosecutors.</p> <p>We also hope this decision sets an example for other courts—including the Ninth Circuit Court of Appeals, which just issued two decisions (<a href="https://www.eff.org/deeplinks/2016/07/ninth-circuit-panel-backs-away-dangerous-password-sharing-decision-creates-even">here</a> and <a href="https://www.eff.org/deeplinks/2016/07/ever-use-someone-elses-password-go-jail-says-ninth-circuit">here</a>) that have eviscerated the clarity of CFAA law in the nine states its rulings affect. The decisions both involve password sharing, rather than Nascimento’s direct use of her employee credentials, but together they raise <a href="https://www.eff.org/deeplinks/2016/07/ninth-circuit-panel-backs-away-dangerous-password-sharing-decision-creates-even#Unanswered%20Questions">all sorts of questions</a> about when an authorized user can give an outside person authorization to use their account and how and when a computer owner can revoke that authorization. We hope the Ninth Circuit rehears both cases and recognizes—just like the Oregon Supreme Court did with its state computer crime statute—that the CFAA should be limited to the purpose intended by Congress: targeting computer break-ins.</p> <p>Special thanks to our local counsel, <a href="https://civilrightspdx.com/index.php?attorney=6">J. Ashlee Albies</a> of Creighton &amp; Rose, PC in Portland, Oregon.</p> <script type="text/javascript">var mytubes = new Array(6); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[3] = '%3Ciframe src=%22https://www.youtube.com/embed/9WbjhuEc2Js?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[4] = '%3Ciframe src=%22https://www.youtube.com/embed/fOyojK8BlNs?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[5] = '%3Ciframe src=%22https://www.youtube.com/embed/V2wI5or9Yuo?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[6] = '%3Ciframe src=%22https://www.youtube.com/embed/f1D7APjmVbk?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/u-s-v-nosal">United States v. David Nosal</a></div><div class="field-item odd"><a href="/cases/oregon-v-nascimento">Oregon v. Nascimento</a></div><div class="field-item even"><a href="/cases/facebook-v-power-ventures">Facebook v. Power Ventures</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Victory%21%20Oregon%20Supreme%20Court%20Agrees%20that%20Violating%20a%20Company%20Rule%20is%20Not%20a%20Computer%20Crime%20%20%20&amp;url=https%3A//www.eff.org/deeplinks/2016/08/victory-oregon-supreme-court-agrees-violating-company-rule-not-computer-crime&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Victory%21%20Oregon%20Supreme%20Court%20Agrees%20that%20Violating%20a%20Company%20Rule%20is%20Not%20a%20Computer%20Crime%20%20%20&amp;u=https%3A//www.eff.org/deeplinks/2016/08/victory-oregon-supreme-court-agrees-violating-company-rule-not-computer-crime" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/victory-oregon-supreme-court-agrees-violating-company-rule-not-computer-crime" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Victory%21%20Oregon%20Supreme%20Court%20Agrees%20that%20Violating%20a%20Company%20Rule%20is%20Not%20a%20Computer%20Crime%20%20%20&amp;url=https%3A//www.eff.org/deeplinks/2016/08/victory-oregon-supreme-court-agrees-violating-company-rule-not-computer-crime" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Tue, 02 Aug 2016 16:55:22 +0000 Jamie Williams 92507 at https://www.eff.org Computer Fraud And Abuse Act Reform https://www.eff.org/deeplinks/2016/08/dont-wrap-anti-competitive-pay-tv-practices-copyright-flag <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>The Federal Communications Commission has <a href="https://www.eff.org/deeplinks/2016/02/lets-unlock-set-top-box-real">proposed</a> to break cable and satellite TV companies’ monopoly over the hardware and software used by their subscribers. Those companies are fighting back hard, probably to preserve the $20 billion in revenue they collect every year from set-top box rental fees. Major TV producers and copyright holders are pushing back too. They want to control how you can search for TV shows and discover new ones, and the order in which shows appear to you. And they want to limit the features of your home and mobile TV setups, like how and when you can control the playback.</p> <p>One tactic these major media companies are using to try to derail the FCC’s proposal is to claim that allowing customers to buy pay-TV viewing technology from independent vendors (something that Congress actually ordered the FCC to do way back in 1996) somehow violates “principles of copyright law.”</p> <p>As we <a href="https://www.eff.org/document/fcc-unlock-box-reply-comments">explained</a> to the FCC along with top legal scholars, the plan to break the set-top box monopoly doesn’t change copyright law or allow anyone to get pay-TV content without paying for it. But by crying “copyright,” cable companies and TV producers have rallied opposition to the FCC’s plan from some members of Congress, and possibly from the Copyright Office. It’s a misleading tactic.</p> <p>Today, TV studios influence the design and features of home video equipment by specifying them as terms in the deals they make with cable companies. The cable companies have to accept those terms because under copyright law, they need permission from major copyright holders (the TV studios) to transmit programming to subscribers. And because cable companies have a monopoly over the technology on the subscriber’s end—the set-top boxes and apps that can access cable channels—the TV studios effectively have veto power over that technology.</p> <p>TV studios’ power over the design of personal TV technology derives from that confluence of market agreements and monopoly—not from the law. Copyright gives rightsholders power to control copying, but not technology design. In fact, that sort of control is the antithesis of copyright’s purpose. Over thirty years ago, in <a href="https://scholar.google.com/scholar_case?case=5876335373788447272&amp;q=sony+universal&amp;hl=en">Sony v. Universal</a>, the Supreme Court refused to allow movie studios to “extend [their] monopoly” into “control over an article of commerce”—the videocassette recorder—“that is not the subject of copyright protection.” Today, you can search all 280 pages of the Copyright Act, and you won’t find anything that says a copyright holder has the power to control search functionality, or channel placement, or to decide who can build a DVR or video app.</p> <p>The studios claim that things are different this time, because the successors to the VCR—today’s smart TVs, DVRs, set-top boxes, and mobile apps—are more sophisticated and have an online component. But the law remains the same, and for good reason. Allowing pay-TV subscribers to choose the devices and software they want to use doesn’t permit or encourage copyright infringement. Illegal copying is still illegal, and under every version of the FCC’s plan, pay-TV content will continue to be wrapped in user-unfriendly DRM at every step. (That raises <a href="https://www.eff.org/deeplinks/2016/06/call-security-community-w3cs-drm-must-be-investigated">other problems</a>, including privacy and security threats.) A competitive set-top box or video app will be subject to the same copyright law as a TV, DVR, or home audio system is today.</p> <p>In short, <a href="https://www.eff.org/deeplinks/2016/04/new-rules-pay-tv-set-top-boxes-are-about-innovation-and-competition-not-copyright">this isn’t a copyright issue</a>. Yet TV studios and other opponents of the Unlock the Box proposal have draped their existing contracts and market relationships in the rhetoric of copyright and creativity in order to preserve their veto power over the design of consumer technology. When two businesses enter an agreement, they can include almost any terms they want to include. Adding terms to a copyright license doesn’t automatically make them copyright issues.</p> <p>Imagine, if you will, that a movie studio refused to let their film play in theaters unless the theaters promised to serve a particular brand of cola. The studio has licensed its copyrighted movie to the theater with certain conditions, but no one would claim that movie-goers drinking Coke instead of Pepsi offends principles of copyright law, or hurts artists, or requires intervention by the Copyright Office and members of Congress. It’s simply an agreement between businesses.</p> <p>That’s essentially what defenders of the set-top box monopoly mean when they argue that the proposal will harm “property rights” and interfere with “licensing.” Not coincidentally, the license terms that they want to maintain are the ones that preserve the competition-free status quo that the FCC’s plan seeks to transform. At best, the only new devices and apps that would be allowed under the cable industry’s latest proposal will be so much like today’s set-top boxes that no real competition will be possible.</p> <p>Cloaking those anti-competitive contracts and practices in the language of copyright may <a href="https://cyberlaw.stanford.edu/files/blogs/IP%20Professors%20Letter%20to%20Librarian%20of%20Congress%207.22.2016_3.pdf">lead the Copyright Office</a> and certain members of Congress to toss monkey wrenches across the National Mall in the direction of the FCC building. Fortunately, it seems that FCC Chairman Tom Wheeler sees this tactic for what it is — an attempt at misdirection.</p> <p>Bringing competition to pay-TV technology is a complex issue. Crafting good rules on consumer privacy, and closing off sneaky avenues of cable company influence over consumer technology, will take care and cooperation to get right. That’s why the FCC should not allow misleading copyright rhetoric to derail those discussions, and the Copyright Office should keep its thumb off of the scales.</p> <script type="text/javascript">var mytubes = new Array(6); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[3] = '%3Ciframe src=%22https://www.youtube.com/embed/9WbjhuEc2Js?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[4] = '%3Ciframe src=%22https://www.youtube.com/embed/fOyojK8BlNs?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[5] = '%3Ciframe src=%22https://www.youtube.com/embed/V2wI5or9Yuo?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[6] = '%3Ciframe src=%22https://www.youtube.com/embed/f1D7APjmVbk?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Don%E2%80%99t%20Wrap%20Anti-Competitive%20Pay-TV%20Practices%20In%20A%20Copyright%20Flag&amp;url=https%3A//www.eff.org/deeplinks/2016/08/dont-wrap-anti-competitive-pay-tv-practices-copyright-flag&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Don%E2%80%99t%20Wrap%20Anti-Competitive%20Pay-TV%20Practices%20In%20A%20Copyright%20Flag&amp;u=https%3A//www.eff.org/deeplinks/2016/08/dont-wrap-anti-competitive-pay-tv-practices-copyright-flag" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/dont-wrap-anti-competitive-pay-tv-practices-copyright-flag" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Don%E2%80%99t%20Wrap%20Anti-Competitive%20Pay-TV%20Practices%20In%20A%20Copyright%20Flag&amp;url=https%3A//www.eff.org/deeplinks/2016/08/dont-wrap-anti-competitive-pay-tv-practices-copyright-flag" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Mon, 01 Aug 2016 20:36:29 +0000 Mitch Stoltz 92503 at https://www.eff.org Commentary Digital Video https://www.eff.org/deeplinks/2016/08/what-do-about-lawless-government-hacking-and-weakening-digital-security <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don’t have clear, enforceable rules for government activities like <a href="https://www.eff.org/issues/government-hacking-digital-security">hacking and "digital sabotag</a><a href="https://www.eff.org/issues/government-hacking-digital-security">e."</a> And this is no abstract question—these actions increasingly endanger everyone’s security.</p> <p><img src="/files/2016/08/01/fpg-vulnerability-equities.png" alt="" height="265" width="650" /></p> <p>The problem became especially clear this year during the San Bernardino case, involving the FBI’s demand that Apple <a href="https://www.eff.org/deeplinks/2016/02/eff-support-apple-encryption-battle">rewrite its iOS operating system to defeat security features on a locked iPhone</a>. Ultimately the FBI exploited an existing vulnerability in iOS and accessed the contents of the phone <a href="https://www.eff.org/deeplinks/2016/03/win-now-court-postpones-hearing-apple-v-fbi">with the help of an "outside part</a><a href="https://www.eff.org/deeplinks/2016/03/win-now-court-postpones-hearing-apple-v-fbi">y."</a> Then, with no public process or discussion of the tradeoffs involved, the government <a href="https://www.bloomberg.com/politics/articles/2016-04-27/fbi-makes-official-its-decision-to-keep-apple-iphone-hack-secret">refused to tell Apple about the flaw.</a> Despite the obvious fact that the security of the computers and networks we all use is both collective and interwoven—other iPhones used by millions of innocent people presumably have the same vulnerability—the government chose to withhold information Apple could have used to improve the security of its phones.</p> <p>Other examples include intelligence activities like <a href="https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/">Stuxnet</a> and <a href="https://en.wikipedia.org/wiki/Bullrun_(decryption_program)">Bullrun</a>, and law enforcement investigations like the FBI’s mass use of malware <a href="https://motherboard.vice.com/read/the-fbis-unprecedented-hacking-campaign-targeted-over-a-thousand-computers">against Tor users engaged in criminal behavior</a>. These activities are often disproportionate to stopping legitimate threats, resulting in unpatched software for millions of innocent users, overbroad surveillance, and other collateral effects.<b> </b></p> <p>That’s why we’re working on a positive agenda to confront governmental threats to digital security. Put more directly, we’re calling on lawyers, advocates, technologists, and the public to demand a public discussion of whether, when, and how governments can be empowered to break into our computers, phones, and other devices; sabotage and subvert basic security protocols; and stockpile and exploit software flaws and vulnerabilities.<b>  </b></p> <p><a href="https://scholarlycommons.law.northwestern.edu/njtip/vol12/iss1/1/">Smart people in academia</a> and <a href="https://www.newamerica.org/oti/policy-papers/bugs-system/">elsewhere</a> have been thinking and writing about these issues for years. But it’s time to take the next step and make clear, public rules that carry the force of law to ensure that the government weighs the tradeoffs and reaches the right decisions.</p> <p>This long post outlines some of the things that can be done. It frames the issue, then describes some of the key areas where EFF is already pursuing this agenda—in particular <a href="#VEP">formalizing the rules for disclosing vulnerabilities</a> and setting out <a href="#Title-III">narrow limits for the use of government malware</a>. Finally it lays out where we think the debate should go from here.    </p> <h3>Recognizing That Government Intrusion and Subversion of Digital Security Is a Single Issue</h3> <p>The first step is to understand a wide range of government activities as part of one larger threat to security. We see the U.S. government attempt to justify and compartmentalize its efforts with terms like "lawful hacking" and "computer network attack." It is easy for the government to argue that the FBI’s attempts to subvert the security of Apple iOS in the San Bernardino case are entirely unrelated to the <a href="https://www.eff.org/deeplinks/2016/03/thinking-about-term-backdoor">NSA’s apparent sabotage of the Dual_EC_DRBG algorithm</a>. Likewise, the intelligence community’s development of the Stuxnet worm to target the Iranian nuclear program was governed by a set of rules entirely separate from the FBI’s use of malware to target criminals using Tor hidden services.</p> <p>These activities are carried out by different agencies with different missions. But viewing them as separate—or allowing government to present it that way—misses the forest for the trees. <b>When a government takes a step to create, acquire, stockpile or exploit weaknesses in digital security, it risks making us all less safe by failing to bolster that security.</b> </p> <p>Each of these techniques should involve consideration of the tradeoffs involved, and none of them should be viewed as risk-free to the public. They require oversight and clear rules for usage, including consideration of the safety of innocent users of affected technologies.</p> <p>There is hope, albeit indirectly. In the United States, high-ranking government officials have acknowledged that <a href="https://www.washingtontimes.com/news/2015/feb/26/james-clapper-intel-chief-cyber-ranks-highest-worl/">"cyber threats" are the highest priority</a>, and that we should be strengthening our digital security rather than weakening it to facilitate government access. In some cases, this is apparently reflected in government policy. For instance, in explaining the government’s policy on software vulnerabilities, <a href="https://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities">the cybersecurity coordinator for the White House</a> and the <a href="https://icontherecord.tumblr.com/post/82416436703/statement-on-bloomberg-news-story-that-nsa-knew">Office of the Director of National Intelligence</a> have both stated in blog posts that the there is a "strong presumption" in favor of disclosing these vulnerabilities to the public so they can be fixed.</p> <p>But the government shouldn’t engage in "policy by blog post." Government action that actively sabotages or even collaterally undermines digital security is too important to be left open to executive whim.</p> <h3>Finding Models for Transparency and Limits on When Government Can Harm Digital Security</h3> <p>While government hacking and other activities that have security implications for the rest of us <a href="https://www.wired.com/2016/05/history-fbis-hacking/">are not new</a>, they are usually secret. We should demand more transparency and real, enforceable rules.</p> <p>Fortunately, this isn’t the first time that new techniques have required balancing public safety along with other values. Traditional surveillance law gives us models to draw from. The Supreme Court’s 1967 decision in <a href="https://www.law.cornell.edu/supremecourt/text/388/41"><i>Berger v. New York</i></a><i> </i>is a<i> </i>landmark recognition that electronic wiretapping presents a significant danger to civil liberties. The Court held that because wiretapping is both invasive and surreptitious, the Fourth Amendment required "precise and discriminate" limits on its use.</p> <p>Congress added considerable structure to the <i>Berger</i> Court’s pronouncements with the <a href="https://www.law.cornell.edu/uscode/text/18/part-I/chapter-119">Wiretap Act</a>, first passed as Title III of the Omnibus Crime Control and Safe Streets Act of 1968. First, Title III places a high bar for applications to engage in wiretapping, so that it is more of an exception than a rule, to be used only in serious cases. Second, it imposes strict limits on using the fruits of surveillance, and third, it requires that the <a href="https://www.uscourts.gov/statistics-reports/analysis-reports/wiretap-reports">public be informed on a yearly basis</a> about the number and type of government wiretaps.</p> <p>Other statutes concerned with classified information also find ways of informing the public while maintaining basic secrecy. For example, the USA Freedom Act, passed in 2015 to reform the intelligence community, requires that <a href="https://www.congress.gov/bill/114th-congress/house-bill/2048/text">significant decisions of the FISA Court either be published in redacted form</a> or be summarized in enough detail to be understood by the public.</p> <p>These principles provide a roadmap that can be used to prevent government from unnecessarily undermining our digital security. Here are a few areas where EFF is working to craft these new rules:</p> <p><u><b><a id="VEP"></a>Item 1: Rules for When Government Stockpiles Vulnerabilities</b></u></p> <p>It’s no secret that governments look for vulnerabilities in computers and software that they can exploit for a range of intelligence and surveillance purposes. The Stuxnet worm, which was notable for causing physical or "kinetic" damage to its targets, relied on<a href="https://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities"> several previously unknown vulnerabilities, or "zero days," in Windows.</a> Similarly, the FBI relied on a third party’s knowledge of a vulnerability in iOS to access the contents of the iPhone in the San Bernardino case.</p> <p><a href="https://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html?_r=0">News reports</a> suggest that many governments—including the U.S.—<a href="https://www.wired.com/2014/05/alexander-defends-use-of-zero-days/">collect these vulnerabilities for future use</a>. The problem is that if a vulnerability has been discovered, it is likely that other actors will also find out about it, meaning the same vulnerability may be exploited by malicious third parties, ranging from nation-state adversaries to simple thieves. This is only exacerbated by the practice of selling vulnerabilities to multiple buyers, sometimes even multiple agencies within a single government.</p> <p><a href="https://www.eff.org/cases/eff-v-nsa-odni-vulnerabilities-foia">Thanks to a FOIA suit by EFF,</a> we have seen the U.S. government’s internal policy on how to decide whether to retain or disclose a zero day, the <a href="https://www.eff.org/document/vulnerabilities-equities-process-january-2016">Vulnerabilities Equities Process</a> (VEP). Unfortunately, the VEP is not a model of clarity, setting out a bureaucratic process without any substantive guidelines in favor of disclosure, More concerning, <a href="https://www.eff.org/deeplinks/2016/04/will-apple-ever-find-out-how-fbi-hacked-phone-faq">we’ve seen no evidence of how the VEP actually functions.</a> As a result, we have no confidence that the government discloses vulnerabilities as often as claimed. The lack of transparency fuels an ongoing divide between technologists and the government.</p> <p><a href="https://belfercenter.ksg.harvard.edu/publication/26725/governments_role_in_vulnerability_disclosure.html">A report published in June</a> by two ex-government officials—relying heavily on the document from EFF’s lawsuit—offers a number of helpful recommendations for improving the government’s credibility and fueling transparency.   </p> <p>These proposals serve as an excellent starting point for legislation that would create a Vulnerabilities Equities Process with the force of law, formalizing and enforcing a presumption in favor of disclosure. VEP legislation should also:</p> <ul><li>Mandate periodic reconsideration of any decision to retain a vulnerability;</li> <li>Require the government to publish the criteria used to decide whether to disclose;</li> <li>Require regular reports to summarize the process and give aggregate numbers of vulnerabilities retained and disclosed in a given period;</li> <li>Preclude contractual agreements that sidestep the VEP, as in the San Bernardino case, where the FBI apparently signed a form of non-disclosure agreement with the "outside party." The government should not be allowed to enter such agreements, because when the government buys a zero day, we should not have to worry about <a href="https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/">defending ourselves from a hostile state exploiting the same vulnerability</a>. If tax dollars are going to be used to buy and exploit vulnerabilities, the government should also eventually use them to patch the security of affected systems, with benefits to all.</li> </ul><p>Above all, formalizing the VEP will go a long way to reassuring the public, especially members of the technology industry, that the U.S. government takes its commitment to strengthening digital security seriously.</p> <p><u><b>Item 2:  Preventing Disproportionate Use of Government Malware and Global Hacking Warrants</b></u></p> <p>EFF has also long been concerned about <a href="https://www.eff.org/issues/state-sponsored-malware">state-sponsored malware</a>. It’s at the heart of our <a href="https://www.eff.org/cases/kidane-v-ethiopia">suit against the government of Ethiopia</a>. Even in the United States, when the government seeks court permission to use malware to track and surveil suspects over the Internet, it can endanger innocent users as well as general network security.</p> <p>A particularly egregious example is the <a href="https://motherboard.vice.com/read/the-fbis-unprecedented-hacking-campaign-targeted-over-a-thousand-computers">Playpen case</a>, involving an FBI investigation into a Tor hidden service that hosted large amounts of child pornography. The FBI seized the site’s server and operated it as a honey pot for visitors. A single warrant authorized the FBI to install malware on any and all visitors’ computers in order to breach the anonymity otherwise provided by Tor. By not specifying particular users—even though the list of users and logs of their activity was available to the FBI—the warrant <a href="https://www.justsecurity.org/31365/remote-hacking-governments-particularity-problem-isnt/">totally failed to satisfy the Fourth Amendment requirement that warrants particularly describe persons and places to be searched.</a></p> <p>What’s more, the FBI asked the court to trust that it would operate its malware safely, without accidentally infecting innocent users or causing other collateral damage. Once defendants began to be charged in these cases, the government staunchly refused to turn over certain information about how the malware operated to the defense, even under seal, arguing that it would compromise other operations. As a result, defendants are left unable to exercise their right to challenge the evidence against them. And of course, anyone else whose computer is vulnerable to the same exploit remains at risk.</p> <p>In these cases, the FBI flouted existing rules: the Playpen warrant <a href="https://www.eff.org/deeplinks/2016/06/making-sense-troubling-decision-new-court-ruling-underscores-need-stop-changes">violated both the Fourth Amendment and Rule 41 of the Federal Rules of Criminal Procedure</a>. <a href="https://scholar.google.com/scholar_case?case=18419685373619995659">Other cases</a> have involved similarly overboard uses of malware. EFF has been working to explain the danger of this activity to courts, asking them to apply Fourth Amendment precedent and require that the FBI confront serious threats like Playpen in a constitutional manner. We have also been leaders of a <a href="https://act.eff.org/action/stop-the-changes-to-rule-41">coalition to stop an impending change</a> that would <i>loosen </i>the standards for warrants under Rule 41 and make it easier for the FBI to remotely hack users all over the world. </p> <p><u><b><a id="Title-III"></a>Item 3:  A "Title III for Hacking"</b></u></p> <p>Given the dangers posed by government malware, the public would likely be better served by the enactment of affirmative rules, something like a "Title III for Hacking." The legislative process should involve significant engagement with technical experts, soliciting a range of opinions about whether the government can ever use malware safely and if so, how. Drawing from Title III, the law should:</p> <ul><li>Require that the government not use invasive malware when more traditional methods would suffice or when the threats being addressed are relatively insignificant;</li> <li>Establish strict minimization requirements, so that the targets of hacking are identified with as much specificity as the government can possibly provide;</li> <li>Include public reporting requirements so that the public has a sense of the scope of hacking operations; and</li> <li>Mandate a consideration of the possible collateral effects—on individuals and the public interest as a whole—on the decision to unleash malware that takes advantages of known or unknown vulnerabilities. Even if the VEP itself does not encompass publicly known vulnerabilities ("N-days"), using remote exploits should impose an additional requirement on the government to mitigate collateral damage, through disclosure and/or notice to affected individuals. </li> </ul><p>The same principles should apply to domestic law enforcement activities and foreign intelligence activities overseen by the FISA Court or conducted under the guidelines of Executive Order 12333.</p> <p>Of course, these sorts of changes will not happen overnight. But digital security is an issue that affects everyone, and it’s time that we amplify the public’s voice on these issues. We’ve created a <a href="https://www.eff.org/issues/government-hacking-digital-security">single page</a> that tracks our work as we fight in court and pursue broader public conversation and debate in the hopes of changing government practices of sabotaging digital security. We hope you join us. </p> <script type="text/javascript">var mytubes = new Array(6); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[3] = '%3Ciframe src=%22https://www.youtube.com/embed/9WbjhuEc2Js?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[4] = '%3Ciframe src=%22https://www.youtube.com/embed/fOyojK8BlNs?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[5] = '%3Ciframe src=%22https://www.youtube.com/embed/V2wI5or9Yuo?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[6] = '%3Ciframe src=%22https://www.youtube.com/embed/f1D7APjmVbk?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/playpen-cases-mass-hacking-us-law-enforcement">The Playpen Cases: Mass Hacking by U.S. Law Enforcement</a></div><div class="field-item odd"><a href="/cases/eff-v-nsa-odni-vulnerabilities-foia">EFF v. NSA, ODNI - Vulnerabilities FOIA </a></div><div class="field-item even"><a href="/cases/apple-challenges-fbi-all-writs-act-order">Apple Challenges FBI: All Writs Act Order (CA)</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=What%20to%20Do%20About%20Lawless%20Government%20Hacking%20and%20the%20Weakening%20of%20Digital%20Security%20&amp;url=https%3A//www.eff.org/deeplinks/2016/08/what-do-about-lawless-government-hacking-and-weakening-digital-security&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=What%20to%20Do%20About%20Lawless%20Government%20Hacking%20and%20the%20Weakening%20of%20Digital%20Security%20&amp;u=https%3A//www.eff.org/deeplinks/2016/08/what-do-about-lawless-government-hacking-and-weakening-digital-security" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/08/what-do-about-lawless-government-hacking-and-weakening-digital-security" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=What%20to%20Do%20About%20Lawless%20Government%20Hacking%20and%20the%20Weakening%20of%20Digital%20Security%20&amp;url=https%3A//www.eff.org/deeplinks/2016/08/what-do-about-lawless-government-hacking-and-weakening-digital-security" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Mon, 01 Aug 2016 16:47:59 +0000 Andrew Crocker 92498 at https://www.eff.org Government Hacking and Subversion of Digital Security https://www.eff.org/deeplinks/2016/07/protecting-fourth-amendment-information-age-response-robert-litt <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>The Yale Law Journal has published<a href="https://www.yalelawjournal.org/forum/protecting-the-fourth-amendment-in-the-information-age"> a short essay</a> that I wrote in response to <a href="https://www.yalelawjournal.org/forum/fourth-amendment-information-age">an article by Robert Litt</a>, General Counsel to the Office of the Director of National Intelligence on the Fourth Amendment in the Digital Age. Mr. Litt uses EFF's NSA Spying case <a href="https://www.eff.org/cases/jewel">Jewel v. NSA</a> and the <a href="https://www.eff.org/cases/klayman-v-obama">Klayman v. Obama</a> case, where I argued as amicus, as examples, so it seemed only reasonable that EFF reply. It's here and it's only 10 pages long:</p> <p><a href="https://www.yalelawjournal.org/forum/protecting-the-fourth-amendment-in-the-information-age#_ftnref1">Protecting the Fourth Amendment in the Information Age: A Response to Robert Litt</a></p> <p>In the article, I agree with a couple of Mr. Litt's observations about how the Fourth Amendment, as currently interpreted, is not suited to the digital age. But, as you might expect, I disagree very sharply with how he’d like it to change.</p> <p>Specifically, Mr. Litt and I agree that the Fourth Amendment's current “reasonable expectation of privacy” test and the third party doctrine do not work well and should likely be dispensed with for digital search and seizure. Where we disagree, though, is that Mr. Litt removes the reasonable expectation of privacy without offering a replacement, leaving just a balancing test where the people being affected by surveillance have to show that they were individually harmed by the government's activities but the government only has to show <em>potential</em> benefit from its surveillance. Mr. Litt likens his formulation to an insurance policy, which protects its holder even when no claim is filed.</p> <p>Additionally, within the doctrine this shift would also eliminate the core protections against general warrants which are one of the reasons the Fourth Amendment exists at all, as well as the presumption that searches of content are “per se” unreasonable. So while the "reasonable expectation of privacy" formulation is a problem, we need to search for suitable, privacy protective replacements, not just eliminate it entirely.</p> <p>Mr. Litt agrees that the third party doctrine, where the government claims that your data in the hands of third parties like your ISP or Facebook or Google or Amazon simply loses all Fourth Amendment protection, should go. On that we agree. But he proposes something worse: that computer searches through masses of data—like those done by the NSA when it searches through the data carried on the fiberoptic cables via its Upstream program at issue in Jewel v. NSA—just shouldn't count for purposes of the Fourth Amendment. I call this the "human eyes" thesis.  The idea that no search or seizure occurs until human eyes actually see your communications. I point out why that proposal, variations of which the government has made and lost in other contexts, is dangerous.</p> <p>On both points, I note that a better place to start than Mr. Litt's suggestions is the <a href="https://necessaryandproportionate.org/principles">Necessary and Proportionate Principles,</a> an interpretation of international human rights law written by an international team of privacy advocates and attorneys and signed on by over 400 organizations, international experts, politicians and political parties around the world. Updating the Fourth Amendment is critically needed, but as I say in the piece:</p> <blockquote><p>What is clear is that if we are going to address where the Fourth Amendment should be in the digital age, we must do better than a free-form balancing test where the government will always be perched on the heavy end of the scales, and where the substitution of computers for humans somehow eliminates our Fourth Amendment right to be secure from unreasonable seizures and searches of our most private communications.</p></blockquote> <script type="text/javascript">var mytubes = new Array(6); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[3] = '%3Ciframe src=%22https://www.youtube.com/embed/9WbjhuEc2Js?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[4] = '%3Ciframe src=%22https://www.youtube.com/embed/fOyojK8BlNs?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[5] = '%3Ciframe src=%22https://www.youtube.com/embed/V2wI5or9Yuo?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[6] = '%3Ciframe src=%22https://www.youtube.com/embed/f1D7APjmVbk?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="field field-name-field-related-cases field-type-node-reference field-label-above"><div class="field-label">Related Cases:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/cases/smith-v-obama">Smith v. Obama</a></div><div class="field-item odd"><a href="/cases/jewel">Jewel v. NSA</a></div><div class="field-item even"><a href="/cases/first-unitarian-church-los-angeles-v-nsa">First Unitarian Church of Los Angeles v. NSA</a></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Protecting%20the%20Fourth%20Amendment%20in%20the%20Information%20Age%3A%20A%20Response%20to%20Robert%20Litt&amp;url=https%3A//www.eff.org/deeplinks/2016/07/protecting-fourth-amendment-information-age-response-robert-litt&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Protecting%20the%20Fourth%20Amendment%20in%20the%20Information%20Age%3A%20A%20Response%20to%20Robert%20Litt&amp;u=https%3A//www.eff.org/deeplinks/2016/07/protecting-fourth-amendment-information-age-response-robert-litt" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/07/protecting-fourth-amendment-information-age-response-robert-litt" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Protecting%20the%20Fourth%20Amendment%20in%20the%20Information%20Age%3A%20A%20Response%20to%20Robert%20Litt&amp;url=https%3A//www.eff.org/deeplinks/2016/07/protecting-fourth-amendment-information-age-response-robert-litt" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Sun, 31 Jul 2016 16:06:30 +0000 Cindy Cohn 92497 at https://www.eff.org Announcement Free Speech International Privacy Standards Mass Surveillance Technologies Surveillance and Human Rights NSA Spying https://www.eff.org/deeplinks/2016/07/new-tool-help-notify-users-when-their-content-taken-offline <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>When user content is threatened with removal from the Internet, it's unlikely that anyone is going to put up more of a fight than the user who uploaded it. That's what makes it so critically important that the user is informed whenever an Internet intermediary is asked to remove their content from its platform, or decides to do so on its own account.</p> <p>Unfortunately this doesn't consistently happen. In the case of content taken down for copyright infringement under the DMCA or its foreign equivalents, the law typically requires the user to be informed. But for content that allegedly infringes other laws (such as defamation, privacy, hate speech, or obscenity laws), or content that isn't alleged to be illegal but merely against the intermediary's terms of service, there is often no requirement that the user be informed, and some intermediaries don't make a practice of doing so.</p> <p>Another problem is that even when intermediaries do pass on notices about allegedly illegal content to the user who uploaded it, this notice might be inaccurate or incomplete. This led to the situtation in Canada where <a href="https://www.eff.org/deeplinks/2015/04/call-canada-fix-rightsholder-abuse-its-copyright-notice-system">ISPs were passing on misleading notices from US-based rightsholders</a>, falsely threatening Canadian users with penalties that are not even applicable under Canadian law.</p> <p>As a result of the failure to accurately inform users about why their content is being targeted for removal, users remain confused about their rights, and may fail to defend themselves against removal requests that are mistaken or abusive. The ultimate result of this is that much legitimate content silently disappears from the Internet.</p> <p>To help with this, EFF and our Manila Principles partners <a href="https://www.manilaprinciples.org/template">have this week released a tool</a> to help intermediaries generate more accurate notices to their users, when those users' content is threatened with removal. An alpha release of the tool was previewed at this year's <a href="https://www.rightscon.org/">RightsCon</a> (on the first anniversary of the launch of the Manila Principles), and yesterday at the <a href="https://2016.aprigf.asia/">Asia-Pacific Regional Internet Governance Forum</a> it was finally launched in beta.</p> <p>The tool is simply a <a href="https://www.manilaprinciples.org/template">Web form</a> that an intermediary can complete, giving basic details of what content was (or might be) removed and why, and what the user can do about it. Submitting the questionnaire will crunch the form data and produce a draft notice that the intermediary can copy, review, and send to the user. (Note that the form itself doesn't send anything automatically, and the form data is not stored for longer than required to generate the draft notice.)</p> <p>We don't expect that this form will be needed by most large intermediaries, who will have staff to write their own notices to users. Further information to help users restore content taken down for terms of service violations by several of these large platforms, including Facebook, Twitter, and YouTube, is also available on <a href="https://www.onlinecensorship.org/resources/how-to-appeal">onlinecensorship.org</a>.</p> <p>But bearing in mind that small businesses and hobbyists can also be intermediaries who host other users' content, this form may provide a useful shortcut for them to generate a draft notice that covers most of the important information that a user needs to know. <a href="https://www.manilaprinciples.org/template">The form remains in beta</a>, and we welcome your suggestions for improvement!</p> <script type="text/javascript">var mytubes = new Array(6); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[3] = '%3Ciframe src=%22https://www.youtube.com/embed/9WbjhuEc2Js?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[4] = '%3Ciframe src=%22https://www.youtube.com/embed/fOyojK8BlNs?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[5] = '%3Ciframe src=%22https://www.youtube.com/embed/V2wI5or9Yuo?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[6] = '%3Ciframe src=%22https://www.youtube.com/embed/f1D7APjmVbk?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=New%20Tool%20to%20Help%20Notify%20Users%20When%20Their%20Content%20is%20Taken%20Offline&amp;url=https%3A//www.eff.org/deeplinks/2016/07/new-tool-help-notify-users-when-their-content-taken-offline&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=New%20Tool%20to%20Help%20Notify%20Users%20When%20Their%20Content%20is%20Taken%20Offline&amp;u=https%3A//www.eff.org/deeplinks/2016/07/new-tool-help-notify-users-when-their-content-taken-offline" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/07/new-tool-help-notify-users-when-their-content-taken-offline" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=New%20Tool%20to%20Help%20Notify%20Users%20When%20Their%20Content%20is%20Taken%20Offline&amp;url=https%3A//www.eff.org/deeplinks/2016/07/new-tool-help-notify-users-when-their-content-taken-offline" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 29 Jul 2016 21:22:46 +0000 Jeremy Malcolm 92478 at https://www.eff.org Announcement https://www.eff.org/deeplinks/2016/07/first-aereo-now-filmon-another-fight-innovation-and-competition-tv-technology <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p>Why is it so hard to see our local TV stations these days? Even as more and more people watch TV via the Internet, streaming local TV stations to our Internet-enabled devices is next to impossible in most places. Companies that try to bring local TV to the Internet have faced relentless <a href="https://www.eff.org/ro/cases/wnet-v-aereo">legal challenges</a> from major media companies and the broadcast stations they own. The latest is FilmOn (formerly called Aereokiller), which is fighting in <a href="https://www.eff.org/ro/deeplinks/2015/07/filmon-can-use-cable-systems-copyright-license-stream-broadcast-tv">multiple lawsuits</a> around the U.S. for the right to capture local TV broadcasts and stream them to paying subscribers, much as a traditional cable company does. This week, EFF and Public Knowledge filed a <a title="EFF-PK Amicus Brief in Support of FilmOn - DC Circuit" href="https://www.eff.org/document/eff-pk-amicus-brief-support-filmon-cadc">brief</a> at the Court of Appeals for the District of Columbia Circuit to explain why copyright law doesn’t favor big pay-TV players over newer, Internet-based services like FilmOn.</p> <p>For over four years, major TV producers like Comcast, Viacom, Fox, Time Warner, and Disney, along with TV station owners like Comcast, Fox, Disney, and Sinclair, and cable companies like--well, Comcast--have fought in court to shut down new services that deliver local broadcast TV via the Internet. In 2014, the Supreme Court <a href="https://www.scotusblog.com/case-files/cases/american-broadcasting-companies-inc-v-aereo-inc/">ruled</a> that one of those services, Aereo, performed a function that was so similar to a traditional cable system that, like a cable system, it needed permission from copyright holders for the TV programs it transmitted.</p> <p>After the Supreme Court ruled, the titans of television <a href="https://www.eff.org/ro/deeplinks/2015/07/filmon-can-use-cable-systems-copyright-license-stream-broadcast-tv">pressed</a> to tip the playing field of competition in their favor. Cable and satellite TV companies don’t have to ask permission from the thousands of copyright holders whose works they transmit to paying subscribers every day. Using a “<a href="https://www.law.cornell.edu/uscode/text/17/111">statutory license</a>” built into the Copyright Act, today’s major pay-TV services can simply file some paperwork, pay a fee set by the government, and transmit TV shows to their hearts’ content. (Under Federal Communications Commission rules, pay-TV services have to get permission from broadcast TV stations to retransmit their signals, but this is more feasible, since there are far fewer broadcast stations than there are copyright holders.)</p> <p>Neither cable companies, nor satellite TV companies, nor phone companies like AT&amp;T and Verizon who sell pay-TV, have ever had to negotiate licenses with every copyright holder for every TV show on every channel they carry.</p> <p>Unfortunately, <a href="https://www.eff.org/ro/press/mentions/2011/3/1-0">several</a> <a href="https://gigaom.com/2014/10/23/judge-says-aereo-must-shut-for-good-as-live-tv-but-service-may-survive-as-a-cloud-dvr/">courts</a> have now <a href="https://www.bna.com/filmon-held-contempt-n17179893108/">ruled</a> that new pay-TV services who use the Internet, like FilmOn and the now-defunct ivi and Aereo, can’t use the statutory license and pay the government-set fee. In order to stream local broadcast TV at all, say these courts, Internet-based services must perform the nearly impossible task of getting permission from every copyright holder whose TV shows are broadcast on the local channels.</p> <p>As we explained this week in our <a href="https://www.eff.org/document/eff-pk-amicus-brief-support-filmon-cadc">brief</a> to the appeals court, those rulings give established pay-TV companies an unfair advantage over newer competitors like FilmOn. When it passed the current Copyright Act back in 1976, Congress intended the rules to be technology-neutral, applying equally to pay-TV systems whether they used copper wires, microwaves, or other technologies to reach customers’ homes. Though the established players may not like it, that includes the Internet.</p> <p>We also explained to the court that it doesn’t need to defer to the opinions of the Copyright Office on this issue. The Copyright Office has written several reports in which it said that Internet-based pay-TV services shouldn’t be able to use the statutory license for cable companies. But while the Copyright Office acts as an advisor to the government on copyright issues, it has no legal authority to decide how to interpret Congress’s rules on most issues, including this one. That means that courts should use their own judgment.</p> <p>Finally, we explained why copyright provisions in trade agreements negotiated in secret shouldn’t control the outcome of a U.S. case. The lower federal court in D.C. pointed out that several recent trade agreements between the U.S. and other countries contained language that seems to bar the signing countries from creating statutory licenses for Internet streaming of broadcast TV. But, as we said in our brief, trade agreements don’t change U.S. law unless Congress explicitly makes a change. And when Congress ratified the recent trade agreements, it said explicitly that existing U.S. law would not change. That means the statutory licenses for pay-TV, which have existed since 1978, still apply to Internet-based services within the U.S., in spite of the trade agreements. Allowing secretive trade negotiations to affect the outcome of lawsuits in U.S. courts, between U.S. companies, would be undemocratic. That’s not the way the law works.</p> <p>This battle is likely to continue for a while yet. Major media companies are pressing their lawsuits against FilmOn in three appeals courts. Whether or not FilmOn is allowed to keep streaming broadcast TV in different areas of the country, we’ll continue to push for copyright law that’s friendly to innovation and competition.</p> <script type="text/javascript">var mytubes = new Array(6); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[3] = '%3Ciframe src=%22https://www.youtube.com/embed/9WbjhuEc2Js?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[4] = '%3Ciframe src=%22https://www.youtube.com/embed/fOyojK8BlNs?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[5] = '%3Ciframe src=%22https://www.youtube.com/embed/V2wI5or9Yuo?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[6] = '%3Ciframe src=%22https://www.youtube.com/embed/f1D7APjmVbk?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=First%20Aereo%2C%20Now%20FilmOn%3A%20Another%20Fight%20for%20Innovation%20and%20Competition%20in%20TV%20Technology&amp;url=https%3A//www.eff.org/deeplinks/2016/07/first-aereo-now-filmon-another-fight-innovation-and-competition-tv-technology&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=First%20Aereo%2C%20Now%20FilmOn%3A%20Another%20Fight%20for%20Innovation%20and%20Competition%20in%20TV%20Technology&amp;u=https%3A//www.eff.org/deeplinks/2016/07/first-aereo-now-filmon-another-fight-innovation-and-competition-tv-technology" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/07/first-aereo-now-filmon-another-fight-innovation-and-competition-tv-technology" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=First%20Aereo%2C%20Now%20FilmOn%3A%20Another%20Fight%20for%20Innovation%20and%20Competition%20in%20TV%20Technology&amp;url=https%3A//www.eff.org/deeplinks/2016/07/first-aereo-now-filmon-another-fight-innovation-and-competition-tv-technology" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 29 Jul 2016 17:35:17 +0000 Mitch Stoltz 92482 at https://www.eff.org https://www.eff.org/deeplinks/2016/07/stupid-patent-month-solocron-education-trolls-password-patent <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even"><p><img src="/files/2014/07/30/stupid-patent-square-2.jpg" alt="" class="image-right" height="195" width="195" />Another month, another terrible patent being asserted in the <a href="https://www.eff.org/deeplinks/2015/08/deep-dive-why-we-need-venue-reform-restore-fairness-patent-litigation">Eastern District of Texas</a>. Solocron Education LLC, a company whose entire “education” business is filing lawsuits, owns <a href="https://www.google.com/patents/US6263439">U.S. Patent No. 6,263,439</a>, titled “Verification system for non-traditional learning operations.” What kind of “verification system” does Solocron claim to have invented? Passwords.</p> <p>The patent describes a mundane process for providing education materials through video cassettes, DVDs, or online. Students are sent course materials, take tests, and, if they pass the tests, are allowed to continue on to the next part of the course. At various times, students confirm their identity by entering their biographical details and passwords.</p> <p>Solocron did not invent distance education, encryption, or passwords. The patent doesn’t describe any new technology, it just applies existing technology in a routine way to education materials. That should not be enough to get a patent. Unfortunately, the Patent Office does not do enough to prevent obvious patents from issuing, which is how we get patents on <a href="https://arstechnica.com/tech-policy/2014/06/how-amazon-got-a-patent-on-white-background-photography/">white-background photography</a> or on <a href="https://www.eff.org/deeplinks/2014/10/octobers-very-bad-no-good-totally-stupid-patent-month-filming-yoga-class">filming a Yoga class</a>.</p> <p>The extraordinary breadth of Solocron’s patent is clearest in its first <a href="https://trollingeffects.org/faq#t57n253">claim</a>. The claim, with added comments, is below:</p> <blockquote><p>1. A process which comprises the steps of:</p> <p>encoding at least one personal identifier onto a user interface media [i.e. set up an interface requiring a particular user ID];</p> <p>displaying a prompt on said user interface media for the at least one personal identifier which requires a match of the at least one personal identifier encoded on the user interface media [i.e. ask the user to enter their user ID];</p> <p>encoding at least one password onto a data storage media [i.e. encrypt or otherwise password-lock a file];</p> <p>encoding the at least one password from the data storage media onto the user interface media [i.e. set up the user interface so it can check if the password is correct]; and</p> <p>displaying a prompt on the user interface media for entering the at least one password which requires a match of the at least one password from the data storage media with the at least one password encoded on the user interface media [i.e. require users to enter their passwords into the interface].</p></blockquote> <p><img src="/files/2016/07/28/figure_7.png" alt="" class="image-left" height="276" width="385" />Although the claim runs 119 words, it just describes an ordinary system for accessing content via inputting a user ID and password. These kinds of systems for user identification <a href="https://books.google.com/books?id=wshm3f0hyI8C&amp;pg=PA4&amp;lpg=PA4&amp;dq=needham+password+hashing&amp;source=bl&amp;ots=-g3q0dUVB1&amp;sig=1trvacZ18M1BRxxc3IDRXe_hmoM&amp;hl=en&amp;sa=X&amp;ei=uVu0UvngC6_MsQT5h4LACA#v=onepage&amp;q=needham%20password%20hashing&amp;f=false">predate the patent</a> by many, many years. The claim is not even limited to education materials but, by its terms, applies to any kind of “data storage media.” The Patent Office should not allow itself to be hoodwinked by overly verbose language that, when read closely, describes an obvious process.</p> <p>Solocron is asserting its stupid patent aggressively. It has sued dozens of companies, including many new suits filed this year. As with so many patents we have featured in this series, it is suing in the <a href="https://www.eff.org/deeplinks/2014/07/why-do-patent-trolls-go-texas-its-not-bbq">Eastern District of Texas</a>, taking advantage of the court’s patent-owner-friendly rules. We need fundamental <a href="https://www.eff.org/issues/legislative-solutions-patent-reform">patent reform</a>, including <a href="https://www.eff.org/deeplinks/2016/03/tell-senate-pass-venue-act">venue reform</a>, to stop patents like this from being granted and from being abused in the courts.</p> <script type="text/javascript">var mytubes = new Array(6); mytubes[1] = '%3Ciframe src=%22https://www.youtube.com/embed/9ugC4NG1Zoc??autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 frameborder=%220%22 height=%22315%22%3E%3C/iframe%3E'; mytubes[2] = '%3Ciframe src=%22https://www.youtube.com/embed/OuhYIeX7OqY??autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[3] = '%3Ciframe src=%22https://www.youtube.com/embed/9WbjhuEc2Js?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[4] = '%3Ciframe src=%22https://www.youtube.com/embed/fOyojK8BlNs?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[5] = '%3Ciframe src=%22https://www.youtube.com/embed/V2wI5or9Yuo?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; mytubes[6] = '%3Ciframe src=%22https://www.youtube.com/embed/f1D7APjmVbk?list=PLIj2gbMyP1RW3Sv92eegyYHJ13YgVlQDO%26?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E'; </script></div></div></div><div class="share-links" style="margin-bottom:10px"><br/>Share this: <a href="https://twitter.com/intent/tweet?text=Stupid%20Patent%20of%20the%20Month%3A%20Solocron%20Education%20Trolls%20With%20Password%20Patent&amp;url=https%3A//www.eff.org/deeplinks/2016/07/stupid-patent-month-solocron-education-trolls-password-patent&amp;related=eff&amp;via=eff" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/twitter48.png" alt="Share on Twitter" /></a> <a href="https://www.facebook.com/share.php?t=Stupid%20Patent%20of%20the%20Month%3A%20Solocron%20Education%20Trolls%20With%20Password%20Patent&amp;u=https%3A//www.eff.org/deeplinks/2016/07/stupid-patent-month-solocron-education-trolls-password-patent" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/facebook48.png" alt="Share on Facebook" /></a> <a href="https://plus.google.com/share?url=https%3A//www.eff.org/deeplinks/2016/07/stupid-patent-month-solocron-education-trolls-password-patent" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/gplus48.png" alt="Share on Google+" /></a> <a href="https://sharetodiaspora.github.com/?title=Stupid%20Patent%20of%20the%20Month%3A%20Solocron%20Education%20Trolls%20With%20Password%20Patent&amp;url=https%3A//www.eff.org/deeplinks/2016/07/stupid-patent-month-solocron-education-trolls-password-patent" target="_blank"><img src="https://www.eff.org/sites/all/themes/frontier/supporters/images/diaspora48.png" alt="Share on Diaspora" /></a> <a href="https://supporters.eff.org/join" style="background-color:#cc0000; color:#ffffff; text-decoration:none; cursor:pointer; padding:5px 8px; font-family:verdana; font-weight:bold; border-radius:8px; text-shadow: 1px 1px #660000; text-transform:uppercase;">Join EFF</a></div> Fri, 29 Jul 2016 13:01:35 +0000 Daniel Nazer 92479 at https://www.eff.org Patents Stupid Patent of the Month Innovation