U bent hier

Privacy

FISC Assurances on Spying Leave Too Many Questions Unanswered

Electronic Frontier Foundation (EFF) - nieuws - 13 december 2017 - 3:45am

Last week, FBI Director Christopher Wray faced questions from the House Judiciary Committee about how his department is implementing one of the government’s most powerful surveillance tools. Despite repeated bipartisan requests, Director Wray refused to tell the Members of the Committee how many Americans have been impacted by Section 702, enacted as part of the FISA Amendments Act. This isn’t the first time the FBI has refused to answer to Congress.

EFF has long held that Section 702 is being used to violate the privacy guaranteed by the Fourth Amendment. Section 702 authorizes the acquisition of foreign intelligence information; however, because many Americans communicate with foreign persons outside the United States every day, our communications are also being captured and read without a warrant. 

How many Americans have had their communications “incidentally collected” under Section 702? We don’t know. In fact, not even Congress knows. Although the House Judiciary Committee has sent several bipartisan letters to the Office of the Director of National Intelligence asking this exact question, ODNI has refused to respond. 

At the hearing last week, Rep. Ted Poe (R-TX), asked Director Wray to provide information on the number of Americans impacted by Section 702, saying, “this committee has asked for a long time to give us that information. My opinion is that the FBI and the intelligence service is back-walking that information because they know FISA [i.e. Section 702] comes up at the end of this year, and then Congress will just reauthorize without knowing how many Americans are searched.” 

The FBI has also refused to estimate how often it warrantlessly queries databases containing incidentally collected communications using Americans’ identifiers as search terms, a practice known as “backdoor search.” Rep. Poe pressed Director Wray on backdoor searches as well, giving him an ultimatum: “I hope you can provide us that information before we reauthorize FISA, otherwise I'm going to vote against FISA.”

But Wray still didn’t answer these questions. Instead, he claimed that “every court” to have heard arguments against how the government uses Section 702 has found “no abuse” and concluded that it’s being done “consistent with the Fourth Amendment.”

Director Wray is wrong. In 2016, the Ninth Circuit Court of Appeals upheld the use of Section 702 in United States v. Mohamud, but the court specifically said that its decision did not “involve the retention and querying of incidentally collected communications,” i.e. backdoor searches. And when the Foreign Intelligence Surveillance Court of Review (FISCR) upheld warrantless acquisition of foreigners’ communications under an earlier law, it did so because it believed the government would “not maintain a database of incidentally collected information from non-targeted United States persons” that it could search without a warrant.

Meanwhile, the NSA and the FBI won’t even tell Congress how many non-targeted United States persons are impacted by “incidentally collected” information under the 702 program. The FBI may believe it is using Section 702 authority “lawfully and appropriately for the good and protection of the American people,” as Director Wray put it. But using a surveillance power lawfully and appropriately means following the Constitution, answering reasonable questions from Congressional oversight committees, and ensuring that all Americans have the freedom to communicate without fear of government surveillance. 

Chairman Goodlatte agreed with Rep. Poe, saying, “This is a reasonable request from the gentleman from Texas. It has been made in varying forms by this committee in a bipartisan way in the past, and we have not yet received the answers to those questions…. We think that you need to be forthcoming on this.” 

Bottom line: if Section 702 is going to be allowed to continue, Congress must consider the impact it has on Americans’ privacy. The FBI (and the NSA) need to answer the question. 

Categorieën: Openbaarheid, Privacy, Rechten

Amended Version of FOSTA Would Still Silence Legitimate Speech Online

Electronic Frontier Foundation (EFF) - nieuws - 12 december 2017 - 3:24am

The House Judiciary Committee is about to decide whether to approve a new version [.pdf] of the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA, H.R. 1865), a bill that would force online platforms to police their users’ speech more closely.

The new version of FOSTA improves a deeply problematic bill, but it still represents the same fundamentally flawed approach to fighting criminal activity online. Like the earlier version of FOSTA—and like SESTA (S. 1693), its sibling bill in the Senate—the new version of FOSTA would do nothing to fight traffickers. What it would do is create more risk of criminal and civil liability for online platforms, resulting in them pushing legitimate voices offline.

Closing Online Spaces Won’t End Trafficking

Automated filters can be useful as an aid to transparent, human moderation, but when they’re given the final say over who can and can’t speak online, innocent users are invariably pushed offline.

One of the most egregious problems with FOSTA and SESTA is the difficulty of determining whether a given posting online was created in aid of sex trafficking. Even if you can assess that a given posting is an advertisement for sex work—which can be far from obvious—how can a platform determine whether force or coercion played a role? Under SESTA, that uncertainty would force platforms to err on the side of censorship.

SESTA supporters consistently underestimate this difficulty, even suggesting it should be trivial for web platforms to build bots that remove posts in aid of sex trafficking but keep everything else up. That’s simply not true: automated filters can be useful as an aid to transparent, human moderation, but when they’re given the final say over who can and can’t speak online, innocent users are invariably pushed offline.

The House Judiciary Committee appears to have attempted to sidestep this problem, but it’s potentially created a larger problem in the process. That’s because the new version of FOSTA isn’t primarily a sex trafficking bill; it’s a prostitution bill. This bill would expand federal prostitution law such that online platforms would have to take down any posts that could potentially be in support of any sex work, regardless of whether there’s any indication of force or coercion, or whether minors were involved.

The bill includes increased penalties if a court finds that the offense constituted a violation of federal sex trafficking law, or that a platform facilitated prostitution of five or more people. As Professor Eric Goldman points out in his excellent analysis of the bill, the threshold of five prostitutes would implicate nearly any online platform that facilitates prostitution. If a prosecutor could convince a judge that a platform had had the “intent” to facilitate prostitution, then those enhanced penalties would be on the table.

It’s easy to see the effect that those extreme penalties would have on online speech. The bill would push platforms to become more restrictive in their treatment of sexual speech, out of fear of criminal liability if a court found that they’d had the intent to facilitate prostitution. Ironically, such measures would make it more difficult for law enforcement to find and stop traffickers.

Section 230 Is Still Not Broken

Some supporters of SESTA and FOSTA wrongly claim that Section 230 (the law protecting online platforms from some types of liability for their users’ speech) prevents any civil lawsuits against online intermediaries for user-created material that they host. That’s not true. Fair Housing Council of San Fernando Valley v. Roommates.com set a standard for when a platform loses Section 230 immunity in civil litigation—when the intermediary has contributed to the illegal nature of the content. As the Ninth Circuit said: “A website helps to develop unlawful content, and thus falls within the exception to Section 230, if it contributes materially to the alleged illegality of the conduct.”

We think the authors of this new version of FOSTA attempted to acknowledge the Roommates.com line of cases that discuss when a platform will lose Section 230 immunity against a civil claim. However, courts assume that Congress doesn’t write superfluous language. With that in mind, the new FOSTA can be read to authorize civil claims against platforms for user-generated content beyond what existing case law has allowed. The bill would allow civil suits against platforms that were responsible for “the creation or development of all or part of the information or content provided through any interactive computer service.”

That distinction between contributing to part of the content and materially contributing to the illegal nature of the content is an extremely important one. The former could describe routine tasks that online community managers perform every day. It’s dangerous to pass a bill that could create civil liability for the everyday work of running a discussion board or other online platform. The liability would be too high to stay in business, particularly for nonprofit and community-based platforms.

Bottom Line: SESTA and FOSTA Are the Wrong Approach

With this new version of FOSTA, House Judiciary Committee Chair Bob Goodlatte and his colleagues on the Committee have clearly attempted to narrow the types of platforms that would be liable for third-party content that reflects sex trafficking. But a less bad bill is not the same thing as a good bill. Like SESTA, the proposed new FOSTA bill would result in platforms becoming more restrictive in how they manage their online communities. And like SESTA, it would do nothing to fight sex traffickers.

Supporting bills like FOSTA and SESTA might help members of Congress score political points with their constituents, but Congress must do better. It’s urgent that Congress seek real solutions to finding and apprehending sex traffickers, not creating more censorship online.

Take Action

Tell Congress: SESTA and FOSTA are the wrong solution

Categorieën: Openbaarheid, Privacy, Rechten

EFF to Court: Accessing Publicly Available Information on the Internet Is Not a Crime

Electronic Frontier Foundation (EFF) - nieuws - 11 december 2017 - 10:14pm

EFF is fighting another attempt by a giant corporation to take advantage of our poorly drafted federal computer crime statute for commercial advantage—without any regard for the impact on the rest of us. This time the culprit is LinkedIn. The social networking giant wants violations of its corporate policy against using automated scripts to access public information on its website to count as felony “hacking” under the Computer Fraud and Abuse Act, a 1986 federal law meant to criminalize breaking into private computer systems to access non-public information.

EFF, together with our friends DuckDuckGo and the Internet Archive, have urged the Ninth Circuit Court of Appeals to reject LinkedIn’s request to transform the CFAA from a law meant to target “hacking” into a tool for enforcing its computer use policies. Using automated scripts to access publicly available data is not “hacking,” and neither is violating a website’s terms of use. LinkedIn would have the court believe that all “bots” are bad, but they’re actually a common and necessary part of the Internet. “Good bots” were responsible for 23 percent of Web traffic in 2016. Using them to access publicly available information on the open Internet should not be punishable by years in federal prison.

LinkedIn’s position would undermine open access to information online, a hallmark of today’s Internet, and threaten socially valuable bots that journalists, researchers, and Internet users around the world rely on every day—all in the name of preserving LinkedIn’s advantage over a competing service. The Ninth Circuit should make sure that doesn’t happen.

Background: Bad Court Decisions Open Door to Abuse

The CFAA makes it illegal to engage in “unauthorized access” to a computer connected to the Internet, but the statute doesn’t tells us what “authorization” or “without authorization” means. This vague language might have seemed innocuous to some back in 1986 when the statute was passed, but in today’s networked world, where we all regularly connect to and use computers owned by others, this pre-Web law is causing serious problems

In some jurisdictions, the CFAA has metastasized into a tool for companies and websites to enforce their computer use policies, like terms of service (which no one reads) or corporate computer policies. But other courts—including the Ninth Circuit back in 2012—have rejected turning the CFAA “into a sweeping Internet-policing mandate.” The Ninth Circuit instead chose to “maintain[] the CFAA’s focus on hacking,” holding that violating a company’s or website’s terms of use cannot give rise to liability. The court recognized that basing criminal liability on violations of computer use policies would turn innocuous activities like checking the score of a baseball game at work or fudging your age on your social media profile into a felony offenses—and make criminals out of all of us.

Then in 2016, the Ninth Circuit reversed course and delivered two dangerously expansive interpretations of the CFAA in cases involving password sharing. Despite our warnings that the decisions would be easily misused, the court refused to reconsider either case, stressing that the decisions would be limited to their “stark” facts.

Within weeks after the decisions were reached, LinkedIn began using these two decisions in an attempt to get around the Ninth Circuit’s 2012 ruling—and to use the CFAA to enforce its terms of service prohibition on scraping and thereby block competing services from perfectly legal uses of publicly available data on its website.

One company targeted by LinkedIn was hiQ Labs, which provides analysis of data on LinkedIn users’ publicly available profiles. LinkedIn sent hiQ cease and desist letters warning that any future access of its website, even the public portions, were “without permission and without authorization” and thus violations of the CFAA. hiQ challenged LinkedIn’s attempt to use the CFAA as a tool to enforce its terms of use in court. hiQ won a preliminary injunction against LinkedIn in district court, and LinkedIn appealed.

The Problems with LinkedIn’s Position

As we told the court in our amicus brief, Linkedin’s interpretation of the CFAA is problematic for a number of reasons.

First, allowing a website to use the CFAA as a terms of service enforcement mechanism would do precisely what the Ninth Circuit in 2012 sought to avoid: it would “transform the CFAA from an anti- hacking statute into an expansive misappropriation statute” for enforcing the use of publicly available information across the Web. Accessing public information on the open Internet cannot—and should not—give rise to liability under a law meant to target breaking into private computers to access non-public information.

Second, imposing CFAA liability for accessing publicly available information via automated scripts would potentially criminalize all automated “scraping” tools—including a wide range of valuable tools and services that Internet users, journalists, and researchers around the world rely on every day. Automated scraping is the process of using Internet “bots”—software applications that runs automated tasks over the Internet—to extract content and data from a website. LinkedIn tried to paint all bots as bad, but as we explained to the Ninth Circuit, bots are an essential and socially valuable component of the Internet. The Web crawlers that power tools we all rely on every day, including Google Search and Amici DuckDuckGo and Internet Archive, are Internet bots. News aggregation tools, including Google’s Crisis Map, which aggregated critical information about the California’s October 2016 wildfires, are Internet bots. ProPublica journalists used automated scrappers to investigate Amazon’s algorithm for ranking products by price and uncovered that Amazon’s pricing algorithm was hiding the best deals from many of its customers. The researchers who studied racial discrimination on Airbnb also used bots, and found that distinctively African American names were 16 percent less likely to be accepted relative to identical guests with distinctively white names.

Third, by potentially criminalizing what are in fact everyday online tools, LinkedIn’s position violates the long held “Rule of Lenity,” which requires that criminal statutes be interpreted to give clear notice of what conduct is criminal.

Old Laws Can’t Do New Tricks

The CFAA is an old, blunt instrument, and trying to use it to solve a modern, complicated dispute between two companies will undermine open access to information on the Internet for everyone. As we said in our amicus brief:

The power to limit access to publicly available information on the Internet under color of the law should be dictated by carefully considered rules that balance the various competing policy interests. These rules should not allow the handful of companies that collect massive amounts of user data to reap the benefits of making that information publicly available online—i.e., more Internet traffic and thus more data and more eyes for advertisers—while at the same time limiting use of that public information via the force of criminal law.

LinkedIn’s Position Won’t Actually Protect Privacy

Both LinkedIn and the Electronic Privacy Information Center argue that imposing criminal liability for automated access of publicly available LinkedIn data would protect the privacy interests of LinkedIn users who decide to publish their information publicly, but that’s just not true. LinkedIn still wouldn’t have any meaningful control over who accesses the data and how they use it, because the data will still be freely available on the open Internet for malicious actors and anyone not within the jurisdiction of the United States to access and use however they wish. LinkedIn’s contractual use restrictions on automated access may provide an illusion of privacy—and deter law-abiding individuals and U.S.-based companies from using automated tools to access that data—but nothing more.

LinkedIn knows this. Its privacy policy acknowledges the inherent lack of privacy in data posted publicly and makes no promises to users about LinkedIn’s ability to protect it: “Please do not post or add personal data to your profile that you would not want to be publicly available.” LinkedIn shouldn’t be spreading misconceptions about the “privacy” of publicly posted data in court pleadings to advance its corporate interests.

LinkedIn Can’t Have Its Cake and Eat It, Too

The only way for LinkedIn to truly protect the privacy of its users’ is to make their profiles non-public—i.e., to put their information behind a username and password barrier. But instead its profiles are public by default. As LinkedIn itself admits, it benefits from that data remaining public and freely accessible on the Internet: open access on its platforms means more Internet traffic (and thus more data and more eyes for advertisers). As we told the court, “LinkedIn wants to ‘participate in the open Web’ but at the same time abuse the CFAA to avoid ‘accept[ing] the open trespass norms of the Web.’” We hope the court does not allow it.

Related Cases: United States v. David NosalFacebook v. Power Ventures
Categorieën: Openbaarheid, Privacy, Rechten

Video: How the Court System Is Abused to Chill Activist Speech

Electronic Frontier Foundation (EFF) - nieuws - 11 december 2017 - 6:00pm

One of the most pernicious forms of censorship in modern America is the abuse of the court system by corporations and wealthy individuals to harass, intimidate, and silence their critics.

We use the term “Strategic Lawsuit Against Public Participation,” more commonly known as a “SLAPP,” to describe this phenomenon.  With a SLAPP, a malicious party will file a lawsuit against a person whose speech is clearly protected by the First Amendment. The strategy isn’t to win on the legal merits, but to censor their victims through burdensome, distracting, and costly litigation. SLAPP suits often make spurious defamation claims and demand outrageous monetary penalties to bully their enemies.  

In EFF’s work, we’ve seen SLAPPs deployed against journalists and bloggers, cartoonists, and even people who have posted reviews on websites like Yelp and eBay. They’ve been used by election power players against their political opponents and by corporations against non-profits whose job is to hold them in check. In fact, EFF faced such a scheme when an Australian company filed a lawsuit to censor one of our “Stupid Patent of the Month” articles.  Although EFF won in court, the lawsuit required resources that we otherwise could have devoted to other battles.

This tactic is currently being used by energy and logging corporations to target environmental groups. For example, paper-producer Resolute Forest Products sued Greenpeace, claiming they violated racketeering laws because the organization had called the company a “forest destroyer.” After a 17-month legal battle, Greenpeace emerged victorious in October when the case was dismissed in federal court. Greenpeace faces a similar suit from Energy Transfer Partners, a company best known for running the controversial Dakota Access Pipeline project.

mytubethumb play %3Ciframe%20width%3D%22560%22%20height%3D%22315%22%20src%3D%22https%3A%2F%2Fwww.youtube-nocookie.com%2Fembed%2FPlhVHiWM4yk%3Frel%3D0%26autoplay%3D1%22%20frameborder%3D%220%22%20gesture%3D%22media%22%20allow%3D%22encrypted-media%22%20allowfullscreen%3D%22%22%3E%3C%2Fiframe%3E Privacy info. This embed will serve content from youtube-nocookie.com

 

Greenpeace is now among the many voices raising awareness of the danger of SLAPP suits, and it is offering a toolkit for environmental activists. In a new video, UC Berkeley public policy professor Robert Reich explains what’s at stake: "If the goal is to silence public-interest groups, the rest of us must speak out.  Wealthy corporations must know they can't SLAPP the public into silence." 

Greenpeace and its environmental allies are joined by many First Amendment groups—including EFF, the First Amendment Coalition, Freedom of the Press Foundation, and the ACLU—in this campaign to educate the public on the need to fight back against SLAPP suits.  Among the most important measures you can take is joining the Public Participation Project's efforts to pass anti-SLAPP legislation in Congress.

Anti-SLAPP laws are designed to allow defendants to quickly dismiss the frivolous claims brought against them based on a showing that they’re being targeted for engaging in protected First Amendment activity. The plaintiff bringing the suit then has to prove that they can actually substantiate their claims. If they can’t show that their legal claims have merit, a court must dismiss the suit. This allows defendants to avoid what can often be extremely costly and distracting civil discovery.

Further, most anti-SLAPP laws feature cost-shifting provisions, such that once a defendant successfully gets the claims against them dismissed, they can force the companies who sued them to pay their attorneys’ fees and other costs related to the litigation. The threat of paying the other side’s legal fees potentially stops companies from filing SLAPP suits in the first place.

Although some states, including California, have developed robust anti-SLAPP laws, a federal law is needed to protect and advance First Amendment protections for individuals or groups in federal court.  An anti-SLAPP bill introduced in 2015, the SPEAK FREE Act, featured many of the same protections for targets of these lawsuits described above. It would also help defendants sued in states that do not have anti-SLAPP laws or only offer extremely weak protections by allowing them to remove the case to federal court to obtain protections of the SPEAK FREE Act.

EFF is extremely troubled by the latest SLAPP suits filed against organizations such as Greenpeace. Yet we are heartened by the group’s resolve to fight back and to bring attention to this growing threat to free speech. 

Categorieën: Openbaarheid, Privacy, Rechten

Website annasleben.de informiert über Künstliche Intelligenz und Algorithmen im Alltag

iRights.info - 11 december 2017 - 8:56am

In eigener Sache: iRights e.V. hat ein neues Infoangebot gestartet. „ANNA – Das vernetzte Leben“ erzählt und informiert darüber, wie Künstliche Intelligenz und Algorithmen den Alltag prägen.

Wer das Wort „Künstliche Intelligenz“ hört, denkt oft an Science Fiction und die Machtübernahme der Maschinen. Auch Algorithmen, also komplexe To-Do-Listen für Computer, werden häufig als bedrohliche Macht dargestellt.

Im Alltag hat die Technik eine andere Gestalt: Digitale Sprachassistenten in Smartphones und Lautsprechern verstehen zum Beispiel die Frage, wie das Wetter wird oder suchen eine Zugverbindung heraus; ein vernetzter Thermostat nutzt unterschiedliche Daten, um die Raumtemperatur zu regeln.

Dennoch bleibt häufig verborgen, was im Hintergrund passiert, wenn solche lernenden und vernetzten Systeme aktiv sind. Zum Beispiel, welche Daten dabei gesammelt werden und was in diesen Daten steckt. Das Angebot „ANNA – Das vernetzte Leben“ soll dazu beitragen, Chancen und Risiken solcher Dienste, Produkte und Technologien besser einschätzen und sie selbstbestimmt nutzen zu können.

Diener und Datensammler im vernetzten Zuhause

Auf der Seite finden sich zum einen Geschichten und Stücke, die unterhalten und informieren, zum anderen Sach- und Hintergrundinformationen. Das Angebot startet mit dem Thema „Vernetztes Wohnen“:

  • Ein Kurzfilm zeigt, wie komfortabel ein wirklich kluges „Smart Home“ sein könnte, aber auch, dass viele Geräte derzeit vor allem dumm, weil unsicher sind.
  • Eine Kurzgeschichte erzählt davon, wie die fiktive Künstliche Intelligenz „Cassandra“ Datenspuren interpretiert.
  • Eine Hörreportage führt in vernetzte Wohnungen, in denen Sprachassistenten und allerhand clevere Geräte den Bewohnern dienen, ihnen helfen und sie zugleich überwachen.
  • Sachbeiträge und Interviews informieren unter anderem darüber, welche Daten Sprachassistenten sammeln, wie sie funktionieren, wie sich vernetzte Hausgeräte absichern lassen und welche Folgen der Einzug vernetzter und lernender Systeme für den Datenschutz und die informationelle Selbstbestimmung hat.

Weitere Inhalte, unter anderem zu Themen wie Einkauf und Gesundheit, werden folgen. Das Projekt wird vom Bundesjustiz- und Verbraucherschutzministerium gefördert.

Tell the Copyright Office: Keep Safe Harbors Safe

The Digital Millennium Copyright Act (DMCA) safe harbors are a vital protection for websites and Internet services of all sizes. But thanks to a new Copyright Office rule, website owners could lose safe harbor protections if they don’t register online by December 31. And that’s not all: Hollywood lobbyists are pushing the Copyright Office to create even more hoops for website owners to jump through in order to keep their safe harbor.

Under current law, the owners of websites and online services are protected from monetary liability when their users are accused of infringing copyright. Owners must meet many requirements in order to be eligible for that protection, including participating in the notorious notice-and-takedown procedure for allegedly infringing content. They also must register an agent with the Copyright Office, someone who can respond to takedown requests.

The DMCA is far from perfect, but it does allow websites and other intermediaries that host third-party material to thrive and grow without constant threat of litigation. Without safe harbors, small Internet businesses could face bankruptcy over the infringing activities of just a few of their users.

Now, a lot of those small sites risk losing their safe harbor protections. That’s because the Copyright Office recently made new rules for registering agents. Under the new system, the Office has decided that website owners must renew their registrations every three years or risk losing safe harbor protections. As we’ve written before, there’s simply no good reason for agent registrations to expire. We’re also afraid that it will disproportionately affect small businesses, nonprofits, and hobbyists, who don’t have the same staff resources as big Internet companies.

That’s just the beginning. If certain big media and entertainment companies get their way, it will become much more difficult for websites of any size to earn their safe harbor status. That’s because those companies’ lobbyists are pushing for a system where platforms would be required to use computerized filters to check uploads for potential copyright infringement.

Requiring filters as a condition of safe harbor protections would make it much more difficult for smaller web platforms to get off the ground. Automated filtering technology is expensive—and not very good. Even when big companies use them, they’re extremely error-prone, causing lots of lawful speech to be blocked or removed.

Besides, no computer can understand the human context that goes into determining whether a given use of a copyrighted work is a fair use. Requiring websites to monitor uploads more restrictively would result in legitimate uses of copyrighted works being pushed off the Internet.

If you run a website or app that stores material posted by users, then don’t wait. Register (or re-register) a DMCA agent through the Copyright Office’s online system today. Then, whether you own a website or not, sign our letter to the Copyright Office telling them why the safe harbors are vital protection for Internet users, and asking them not to impose new obstacles.

Take action

Tell the Copyright Office: Keep safe harbors safe!

Categorieën: Openbaarheid, Privacy, Rechten

Protect Your Right to Repair and Control the Devices in Your Life

Electronic Frontier Foundation (EFF) - nieuws - 9 december 2017 - 12:50am

Have you encountered difficulties repairing or tinkering with your devices because of technology that stops you from figuring out how it works? EFF wants your stories so that we can defend your right to get around those roadblocks.

We want to hear about your experiences with anything that has a software component, from the Internet of Things, to vehicles, to Smart TVs, to appliances… anything you can think of. We think you should have the right to repair, inspect, and reprogram the devices you rely on. We’re taking an especially close look at new devices that can listen to what goes on in your home, like the Amazon Echo, Google Home, and the Apple HomePod.

How the Law Stops You From Tinkering

Section 1201 of the Digital Millennium Copyright Act (DMCA 1201) gives device manufacturers a legal tool to keep you from understanding and modifying the things you buy. While DMCA 1201’s stated goal was to prevent copyright infringement by punishing people for breaking the technological mechanisms companies put on their material to protect it, the law has been used against artists, researchers, technicians, and users, even when the reasons why they were trying to circumvent digital locks were completely lawful.

That “gotcha” situation, where using material is legal but access to the material is restricted, is one of the reasons the law is so flawed. The law poses an unconstitutional restriction on an entire range of speech that relies on access to copyrighted works or describes flaws in access controls—even where that speech is clearly noninfringing. Another major flaw is that the law, written almost 20 years ago, was initially meant to apply to copyrighted material like music, movies, and books locked down by DRM (digital rights management software that restricts access). But as more pieces of technology come with computerized components, software covered by the law runs on more and more devices we use every day—from tractors to microwaves—so opening up something you bought and own in order to fix it can be a violation.

Why We Need Your Stories Now

Once every three years, there’s a window of opportunity to get exemptions to this law and protect legitimate uses of copyrighted works, like repairing and tinkering. For 2018, we’re seeking a number of exemptions, and we need your help. It would be especially valuable to hear your stories about attempted repairs, modifications, jailbreaking, and so on that have been hindered by the ban on circumvention.

If you have a project you would not be able to do because of the ban on circumvention, or if you’ve been otherwise directly affected by DMCA 1201’s ban on accessing code in your devices, send us a few sentences describing what you were trying to do and how access controls got in the way. We’re going to be presenting evidence to the Copyright Office on why these exemptions are needed, and your stories are a part of that. You can make your voice part of this effort by emailing us at dmcastories@eff.org, and we’ll curate those stories so we can present the most relevant ones alongside our arguments to the Copyright Office.

Add Your Voice

Email us your story about the ban on circumvention

The comments we submit will become a matter of public record, but we will not include your email address. Please sign your message with your name and town of residence, or “Anonymous” if you prefer. If you do not include a name after your message and we submit it, we will attribute it to “Anonymous” as well.

This is a team effort. The last time around, we were focused on cars, and heard some great stories from you about repair problems and creative modifications that helped the Copyright Office understand the human impact of this law. Now we’re interested in all devices. Help us fight for your rights once again!

Categorieën: Openbaarheid, Privacy, Rechten

Nominations Now Open for The Foilies 2018

For the fourth year, EFF is naming and shaming government officials and agencies around the country who stand in the way of transparency. We honor these information gatekeepers with The Foilies, our tongue-in-cheek “awards” during Sunshine Week, which runs from March 11-17, 2018. Think of it like “The Golden Raspberries,” but with outrageous responses to public records requests instead of box-office blunders.

We’re accepting outside nominations through Dec. 31. So please: 

  • Send us your government secrecy Gigli.
  • Tell us about the Freddy Got Fingered response to your Freedom of Information Act request. 
  • If an agency demanded you pay the equivalent of Battlefield Earth’s budget before handing over your records, we want to know. 

Once again, we’re collaborating with the Association of Alternative Newsmedia and its participating member publications to publish The Foilies and ensure they serve as a warning to agencies far and wide. 

For more information on how to offer up agencies for consideration, please keep reading our FAQ below. 

To give you a taste, last year’s winners are available here.

Who Can Win?

The Foilies are not awarded to people who filed FOIA requests. These are not a type of recognition anyone actually should covet. There’s no physical trophy or other tangible award, just a virtual distinction of demerit issued to government agencies and public officials (plus the odd rock star) who snubbed their nose at transparency. If you filed a FOIA request with the Ministry of Silly Walks for a list of grant recipients, and a civil servant in a bowler hat told you to take a ludicrous hike, then the ministry itself would be eligible for the Foilies. 

What Are the Categories?

For the most part, we do not determine the categories in advance. Rather, we look at the nominations we receive, winnow them down to the most outrageous, then come up with fitting tributes, such as the “Most Expensive FOIA Fee Estimate” and “Sue the Messenger Award.” That said, there are a few things we’re looking for in particular, such as extremely long processing times and surreal redactions.

Who Can Nominate 

Anyone, regardless of whether you were involved in the issue or just happened to read about it on Twitter. Send as many nominations as you like! 

Eligibility

All nominations must have had some event happen during calendar year 2017. For example, you can nominate something related to a FOIA request filed in 1994 if you finally received a rejection in 2017.

Deadline

All nominations must be received by Dec. 31, 2017.

How to Submit a Nomination

Send nominations to foilies@eff.org with “FOILIES 2018 NOMINATION” in the subject line. You can nominate multiple entries in a single email, just make sure to enumerate the nominations so we can easily separate them. Please try to include the following information: 

Category: One-line suggested award title

Description: Succinct explanation of the public records issue and why it deserves recognition. 

Links: Include any links to stories, records, or other information that will help us better understand the issue. 

Contact details: Include a way for us to reach you with further questions. This information will remain confidential.

If we short-list your nomination, we may be in touch to request more information.

 

Categorieën: Openbaarheid, Privacy, Rechten

Adult Content Policies: A Textbook Case of Private Censorship

Of the many reasons why social media platforms should resist pressure to “voluntarily” censor their users, one stands out: history shows that they will do it badly, taking down valuable and lawful content in the name of enforcing community standards. The result: practical speech discrimination. 

Facebook’s adult content policy is a textbook example. Since its early days, the platform has banned nearly all forms of nudity. But from day one, it has created reporting processes that conflate mere nudity with sexuality, and sexuality with pornography, and has applied different standards to feminine bodies than to masculine ones.

And the same double standards seem to apply to advertisements. First, the conflation: Facebook’s advertising policy explicitly bans “nudity, depictions of people in explicit or suggestive positions, or activities that are overly suggestive or sexually provocative.” Thanks to this policy, an ad from the National Campaign to Prevent Teen and Unwanted Pregnancy promoting regular health checkups, was rejected for violating Facebook’s advertising guidelines “for language that is profane, vulgar, threatening or generates high negative feedback”—the language in question? “You’re so sexy when you’re well.” Now, the double standard: all of the images used as examples of “inappropriate ads” are of women.

The latter inconsistency is particularly galling given that activists have been challenging Facebook’s gender politics for years. Nonetheless, although Facebook says its policies are intended to apply to all genders, the actual application has never been consistent or fair. For example, the company allows hookup apps to advertise, but has banned images of fat women on the grounds that they promote unhealthy behavior (the company apologized after significant press coverage). 

Most recently, journalist Sarah Lacy complained that advertisements for her book—entitled The Uterus is a Feature, Not a Bug—had been rejected for containing the U-word...meanwhile, many users were recently served an ad containing a graphic depiction of a penis-stretching device from a verified account.

An image of the book "The Uterus Is a Feature, Not a Bug" on the left, and a graphic ad on the right.

Author Sarah Lacy says Facebook refused to advertise the book title on the left. Facebook accepted the advertisement on the right.

In the midst of ongoing political divisions, it’s easy to dismiss an issue like this as trivial, but everyday censorship can have a serious impact on social media users. Reports received by Onlinecensorship.org demonstrate the centrality of Facebook to many individuals’ lives—users who have received temporary or permanent suspensions often express despair at having been disconnected from their friends and families, while others (particularly those in creative industries) have cited professional consequences as a result of bans. 

Facebook’s regulations on adult content and nudity disproportionately affect women and transgender individuals, and its advertising policies are no different. These policies are discriminatory and inconsistently applied, often resulting in censorship of marginalized populations while other, more privileged users are not held to the same standard. We recognize that private companies, including Facebook, have the right to set and enforce whatever regulations on content they choose to apply on their own platforms. However, companies should apply their chosen policies consistently and equally, with clearly defined due process procedures available to users when their content is removed. We call on Facebook to apply equal treatment to content, and consistent application of their policies.

Categorieën: Openbaarheid, Privacy, Rechten

“Selling” Patents to Sovereign Nations Shouldn’t Mean Bad Patents Can’t Be Challenged

On September 8, 2017, the multi-billion dollar pharmaceutical company Allergan announced that it “sold” its patents relating to its eye drops drug “Restasis” to the Saint Regis Mohawk Tribe. But this was not a usual “sale.” The Tribe doesn't appear to have paid anything in exchange for becoming the legal owner of Allergan's patents. Instead, Allergan paid the Tribe $13.75 million, and also agreed to pay the Tribe up to $15 million more each year in exclusive licensing fees.

Last week, EFF and Public Knowledge explained to the Patent Office how Allergan and the Tribe’s deal doesn’t mean Allergan’s bad patents can’t be challenged.

The reason that Allergan and the Tribe engaged in this deal is not a secret. Both Allergan and the Tribe [PDF] readily admit the deal was done to try to prevent Allergan’s patents from being revoked through a Patent Office procedure known as “inter partes review.” Inter partes review allows any member of the public to challenge a patent as improperly granted based on the fact that what the patent claims as an invention was known to the public, or was an obvious change from information and innovation already held by the public.

Allergan and the Tribe’s deal, through the assertion of “sovereign immunity,” tries to prevent the Patent Office from reviewing whether the patents were improperly granted. Generally, sovereign immunity refers to the concept that a sovereign entity (here the Tribe) can’t be subject to the jurisdiction of another sovereign (here the Patent Office) unless the entity agrees. The deal between Allergan and the Tribe requires the Tribe to assert sovereign immunity in an attempt to end the Patent Office procedures before the Restasis patents are revoked.

Stated more bluntly, Allergan paid the tribe in order to block attempts to have its patents invalidated. A decision revoking the patents would lead to generic competition and lower consumer prices for Restasis. A determination that the patents can’t be challenged at the Patent Office could lead to the patents preventing generic entry and keeping prices artificially high.

This deal has significant ramifications for the patent system if it is successful. As one judge described the deal:

What Allergan seeks is the right to continue to enjoy the considerable benefits of the U.S. patent system without accepting the limits that Congress has placed on those benefits through the administrative mechanism for canceling invalid patents.

Shortly after announcing the deal, the Tribe asked the Patent Office to end the proceedings, saying that since the Tribe owns the patents, the Patent Office has no authority to reconsider their legitimacy without the Tribe’s consent. The generic companies have opposed this motion on various grounds, arguing that the proceeding can continue. The Patent Office, perhaps in recognition of the significant controversy generated by the Allergan-Tribe deal, asked the public to weigh in as to whether the proceeding needed to be terminated.

On November 30, 2017, EFF and Public Knowledge submitted a brief arguing that the Patent Office has all the authority it needs to continue the inter partes review proceeding, despite the Tribe’s sovereign immunity. We argued that the proceeding was not one that required the Tribe’s presence at all, meaning sovereign immunity had no application. We also suggested that the Patent Office consider asking its question in a more accessible proceeding, so that more voices could be heard.

EFF and Public Knowledge were not the only parties to weigh in on this high profile dispute. Papers were also filed by other sovereign tribes, scholars, public interest groups, and industry representatives. All briefs are available through the Patent Office’s public portal, available here by searching for AIA Review Number IPR2016-01127.

It may turn out that this dispute is irrelevant in the short term, as after the deal was announced, a federal court invalidated the patents (that decision is on appeal). Regardless of the outcome with respect to the Restasis patents, however, it is clear that other patent holders are engaging in similar deals [PDF] with sovereign tribes. EFF is pushing back against these deals as an improper assertion of sovereign immunity.

 

 

Categorieën: Openbaarheid, Privacy, Rechten

The FCC Still Doesn’t Know How the Internet Works

Earlier this year nearly 200 Internet engineers and computer scientists sent a letter to the FCC that explained facts about the structure, history, and evolving nature of the Internet. The reasons we laid out in that letter for writing it then still apply to the draft now:

Based on certain questions the FCC asks in the Notice of Proposed Rulemaking (NPRM), we are concerned that the FCC (or at least Chairman Pai and the authors of the NPRM) appears to lack a fundamental understanding of what the Internet's technology promises to provide, how the Internet actually works, which entities in the Internet ecosystem provide which services, and what the similarities and differences are between the Internet and other telecommunications systems the FCC regulates as telecommunications services.

Unfortunately it looks like the FCC ignored the technical parts of that letter, because the FCC’s latest plan to kill net neutrality is still riddled with technical errors and factual inaccuracies. Here are just a few.

The FCC Still Doesn’t Understand That Using the Internet Means Having Your ISP Transmit Packets For You

The biggest misunderstanding the FCC still has is the incorrect belief that when your broadband provider sells you Internet access, they’re not selling you a service by which you can transmit data to and from whatever points on the Internet you want. Citing a past order, the FCC demonstrates this misunderstanding by claiming that "[e]nd users do not expect to receive (or pay for) two distinct services—both Internet access service and a distinct transmission service, for example.

This false distinction between “Internet access service” and “a distinct transmission service” is utterly ridiculous and completely ungrounded from reality. As the FCC would have it, there is some sort of “transmission” that is separate from the Internet that ISPs provide access to.

The FCC needs to realize that the Internet is nothing more than transmission between interconnected machines. The FCC’s understanding of the Internet borders on the mystical, as if the Internet itself were some vaguely defined other realm that an ISP opens a portal to. But there is no other realm, only a collection of networks, including the ISP’s networks. There’s no Internet separate from accessing the Internet; the Internet is just machines accessing each other. It’s worrying that such a mischaracterization may be the basis of a federal regulation that will have wide-ranging effects.

The FCC Still Doesn’t Understand How DNS Works

Besides not understanding how Internet access works, the FCC also has a troublingly limited knowledge of how the Domain Name System (DNS) works—even though hundreds of engineers tried to explain it to them this past summer.

Citing back to language dating from the days of Bell Operating Companies, the FCC claims that DNS functions similarly to a gateway. “We do, however, find similarities between functionalities such as address translation and storage and retrieval to key functionalities provided by ISPs as part of broadband Internet access service, and we conclude the court found such gateway and similar functionalities independently sufficient to warrant an information service classification under the MFJ.

Here’s the thing: “address translation” and “storage and retrieval” are fundamental parts of any software implementation; these implementation details have little to do with the service that a system provides. DNS is a fundamental piece of the transmission puzzle. Code translation is a general purpose technique. Every machine translates IP addresses from machine-order to network-order; that doesn’t make every translation point a gateway.

What’s more, the FCC still thinks that “the absence of ISP-provided DNS would fundamentally change the online experience for the consumer.” Although it admits that “ISPs are not the sole providers of DNS services,” it still thinks that DNS is “indispensable to the broadband Internet access service customers use—and expect—today.” As the FCC would have it, an Internet user actively expects their ISP to provide DNS to them.

But that’s hardly the case. Most users don’t know what DNS is, let alone expect that their ISP provides it. As for users who know enough about DNS to have expectations about who provides it, many choose to use third-party services for their speed and value-add functionality separate from the name translation service. ISPs choose to point users to their own DNS service; they could just as easily point to a third-party service instead of their own, and users would rarely ever notice a difference.

The FCC Still Doesn’t Understand How Caching Works

The FCC is also confused on the matter of caching. Like DNS, it treats caching as if it were some specialized service rather than an implementation detail and general-purpose computing technique. In its discussion of Web caching services, which the earlier Notice of Proposed Rulemaking asked for commentary on, the FCC included an irrelevant line about the general computing technique of caching which is usually used as part of implementing a DNS service. This implementation detail certainly has no bearing on either Web caching or DNS as services, and shows how little it understands these services on the whole.

Since the FCC cites them, it clearly read the multiple comments stating that over 50% of Web traffic is now encrypted. Yet, it sticks to the assertion that “truly pervasive encryption on the Internet is still a long way off, and that many sites still do not encrypt,” and use that to dismiss “assertions in record that suggest that ISP-provided caching is not a vital part of broadband Internet access service offerings, as it may be stymied by the use of HTTPS encryption.

Although the FCC tries to claim that offering web caching is an integral part of the functionality that ISPs provide, this is not the case. In fact, Sonic, a San Francisco-based ISP, does not run web caching equipment for its customers (although they do host a number of boxes from non-affiliated CDN platforms, including the Google Global Cache, Netflix OpenConnect, and Akamai—but they don't operate those boxes).

And if the FCC doesn’t understand the Internet in general, it understands mobile telephony and broadband Internet access even less.

The FCC Doesn’t Understand How the Phone System Works

The FCC’s apparent understanding of the phone system seems to be stuck in the days of rotary phones. For users on a modern American network, voice calling is just one of many applications that a phone enables. If the user has poor signal, that voice call might travel at some point over the circuit-switched PSTN, but it might also never leave a packet-switched network if it’s sent over VoIP or LTE/EPC.

To make its case, the FCC cites its Wireless Broadband Internet Access Order from 2007, saying that “‘[m]obile wireless broadband Internet access service in and of itself does not provide the capability to communicate with all users of the public switched network’ because it does ‘not use the North American Numbering Plan to access the Internet, which limits subscribers’ ability to communicate to or receive communications from all users in the public switched network.’

Modern phone users may be shocked to hear that assertion, given the proliferation of VoIP apps that will dial an NANP number over the Internet without a problem.

Further, the FCC completely ignored the fact that mobile carriers are deploying technology which unifies the underlying infrastructure which makes up the public switched telephone network and the Internet on their networks. This omission is so egregious, we had to write them a separate letter just to get the facts into the record.

The FCC’s Plan to Kill Net Neutrality is Based on Faulty Technical Premises

There are at least two possible explanations for all of these misunderstandings and technical errors. One is that, as we’ve suggested, the FCC doesn’t understand how the Internet works. The second is that it doesn’t care, because its real goal is simply to cobble together some technical justification for its plan to kill net neutrality. A linchpin of that plan is to reclassify broadband as an “information service,” (rather than a “telecommunications service,” or common carrier) and the FCC needs to offer some basis for it. So, we fear, it’s making one up, and hoping no one will notice.

We noticed. And we need your help. The one group Chairman Pai might listen to is Congress—after all, Congress has oversight authority over the FCC. If enough members of Congress signal to Pai that his plan will cost them at the ballot box he might just get the message—and reverse course before it’s too late.

Take action

Tell Congress: Don’t sell the Internet out

Categorieën: Openbaarheid, Privacy, Rechten

AP geeft groen licht voor verwerking persoonsgegevens door Dutch FilmWorks

Autoriteit Persoonsgegevens (nieuws) - 7 december 2017 - 1:18pm
De Autoriteit Persoonsgegevens (AP) heeft de voorgenomen verwerking van persoonsgegevens door Dutch FilmWorks B.V. (DFW) rechtmatig verklaard. DFW heeft voldoende waarborgen getroffen voor een behoorlijke en zorgvuldige verwerking van deze persoonsgegevens. Dat betekent dat DFW groen licht heeft van de AP om persoonsgegevens, zoals IP-adressen, te verzamelen van mensen die downloaden uit illegale bronnen. De AP heeft haar besluit op 6 december 2017 gepubliceerd in de Staatscourant. Tegen dit besluit kan nog beroep worden aangetekend.

Argentinian Government Bans Civil Society Organizations From Attending Upcoming WTO Ministerial Meeting

The World Trade Organization (WTO), the multilateral global trade body that has almost all countries as members, has been eyeing an expansion of its work on digital trade for some time. Its current inability to address such issues is becoming an existential problem for the organization, as its relevance is challenged by the rise of smaller regional trade agreements such as the Trans-Pacific Partnership (TPP), North American Free Trade Agreement (NAFTA), and Regional Comprehensive Economic Partnership (RCEP) that do contain digital trade rules.

That's one reason why some experts are now arguing that the WTO ought to retake leadership over digital trade rulemaking. Their reasoning is that a global compact could be more effective than a regional one at combatting digital protectionism, such as laws that restrict Internet data flows or require platforms to install local servers in each country where they offer service.

Civil Society Barred from WTO Ministerial Meeting

It's true that some countries do have protectionist rules that affect Internet freedom, and that global agreements could help address these rules. But the problem in casting your lot in with the WTO is that as closed and opaque as deals like the TPP, NAFTA, and RCEP are, the WTO is in most respects no better. That was underscored last week, when in a surprise move the Argentinian government blocked representatives from civil society organizations (CSOs) from attending the upcoming WTO biennial Ministerial Meeting of 164 member states, which is scheduled between 10-13 December in Buenos Aires.

Last week the WTO reached out to more than than 64 representatives from CSOs,  including digital rights organizations Access Now and Derechos Digitales, to inform them that "for unspecified reasons, the Argentine security authorities have decided to deny your accreditation." The Argentine government later issued a press release claiming that activists had been banned as "they had made explicit calls to manifestations of violence through social networks"—a remarkable claim for which no evidence was presented, and which the groups in question have challenged

Most of the banned organizations belong to the Our World Is Not For Sale network (OWINFS), a global social-justice network which has been engaging in WTO activities, including organizing panels and sessions for over two decades. In a strongly-worded letter, Deborah James, OWINFS Network Coordinator has condemned Argentina's actions and noted that the lack of explanation behind the decision "attacked the conference's integrity" and violated "a key principle of international diplomacy".

Even before these delegates were barred from the meeting, their ability to participate in the WTO Ministerial was tightly constrained. Unlike other international negotiation bodies such as WIPO, the WTO does not permit non-state actors to attend meetings even as observers, nor to obtain copies of documents under negotiation. Their admission into the meeting venue would only authorize them to meet with delegates in corridors and private side-meetings, and Argentina's action has taken away even that. Instead, public interest groups will essentially be limited to meeting and protesting outside the Ministerial venue, out of sight and out of mind of the WTO delegates inside.

Multilateral v. Multistakeholder to Digital Trade

Thus the problem with the suggestion that the WTO should take on the negotiation of new Internet-related issues is that any such expansion of the WTO mandate would require a rehaul of its existing standards and procedures for negotiations. International trade negotiations are government-led, and allow for very limited public oversight or participation in the process. On the other hand, the gold standard for Internet-related policy development is for a global community of experts and practitioners to participate in an open, multistakeholder setting.

Transparent consultative practices are critical in developing rules on complex digital issues as prescriptions nominally about commerce and trade can affect citizens’ free speech and other fundamental individual rights. In this respect and others, digital issues are different from conventional trade issues such as quotas and tariffs, and it is important to involve users in discussion of such issues from the outset. Through documents such as our Brussels Declaration on Trade and the Internet, EFF has been calling upon governments to make trade policy making on Internet issues more transparent and accountable, whether it is conducted at a multilateral or a smaller plurilateral level.

The WTO's lack of any institutional mechanisms to gather inputs from the public and its inability to assure participation for CSOs is a big blow to the WTO's credibility as a leader on global digital trade policy. Argentina's unprecedented ban on CSOs is especially worrying, as e-commerce is expected to be a key topic of discussion at the Ministerial.

E-commerce Agenda Up In The Air

Last week, WTO director general Roberto Azevedo announced that he will be appointing "minister facilitators" to work with sectoral chairs and identified e-commerce as an area for special focus. That doesn't mean that it's an entirely new issue for the WTO. E-commerce (now sometimes also called "digital trade") entered the WTO in 1998, when member countries agreed not to impose customs duties on electronic transmissions, and the moratorium has been extended periodically, though no new substantive issues have been taken on.

This is changing. Since last year, developed and developing countries have been locked in a battle over whether the WTO's digital trade work program should expand to include new digital trade issues such as cross-border data flows and localization, technology transfer, disclosure of source code of imported products, consumer protection, and platform safe harbors.

This push has come most strongly from developed countries including the United States, Japan Canada, Australia, and Norway. During an informal meeting at the WTO in October, the EU, Canada, Australia, Chile, Korea, Norway and Paraguay, among other countries, circulated a restricted draft ministerial decision to establish “a working party” at the upcoming WTO ministerial meeting in Buenos Aires and authorizing it to “conduct preparations for and carry out negotiations on trade-related aspects of electronic commerce on the basis of proposal by Members”.

Amongst these are a May 2017 proposal presented by the European Union in which the co-sponsors mapped out possible digital trade policy issues to be covered, including rules on spam, electronic contracts, and electronic signatures. The co-sponsors noted that the list they provided was not exhaustive, and they invited members to give their views on what additional elements should be added. 

But many developing nations have opposed the introduction of new issues, instead favoring the conclusion of pending issues from the Doha Round of WTO negotiations, which are on more traditional trade topics such as agriculture. In particular, India this week submitted a formal document at the WTO opposing any negotiations on e-commerce. Commerce and Industry minister Suresh Prabhu said, "We don't want any new issues to be brought in because there is a tendency of some countries to keep discussing new things instead of discussing what's already on the plate. We want to keep it focused." India has maintained that although e-commerce may be good for development, it may not be prudent to begin talks on proposals supported by developed countries. A sometimes unspoken concern is that these rules provide "unfair" market access to foreign companies, threatening developing countries' home-grown e-commerce platforms.

China has a somewhat different view, and has expressed openness to engage in discussions on new rules to liberalize cross-border e-commerce. Back in November 2016, China had also circulated a joint e-commerce paper with Pakistan, and has since called for informal talks to "ignite" discussions on new rules, with a focus on the promotion and facilitation of cross-border trade in goods sold online, taking into account the specific needs of developing countries.

A number of other developing nations have their own proposals for what the WTO's future digital trade agenda might include. In March 2017, Brazil  circulated a proposal seeking “shared understandings” among member states on transparency in the remuneration of copyright, balancing the interests of rights holders and users of protected works, and territoriality of copyright. In December 2016, another document prepared by Argentina, Brazil, and Paraguay focused on the electronic signatures and authentication aspect of the work programme. And in February 2017, an informal paper co-sponsored by 14 developing countries identified issues such as online security, access to online payments, and infrastructure gaps in developing countries as important areas for discussion.

Expectations From the Ministerial Meeting

With so many different proposals in play, the progress on digital trade made at the Ministerial Conference is likely to be modest, reflecting the diverging interests of WTO Members on this topic. Reports suggest that India has built strong support amongst a large number of nations including some industrialized countries, for its core demands for reaffirming the principles of multilateralism, inclusiveness and development based on the Doha work program. Given India's proactive stance opposing the expansion of the current work program on e-commerce, this suggests an underwhelming outcome for proponents of the expansion of the WTO's digital trade agenda.

However India's draft ministerial decision on e-commerce also instructs the General Council of the WTO to hold periodic reviews in its sessions in July and December 2018 and July 2019, based on the reports that may be submitted by the four WTO bodies entrusted with the implementation of its e-commerce work program, and to report to the next session of the Ministerial Conference. If enough members agree with India and relevant changes are made to suit all members, India's draft agreement could become an actual declaration.

In other words, even if, as seems likely, no new rules on digital trade issues come out of the 2017 WTO Ministerial Meeting, that won't be the end of the WTO's ambitions in this field. It seems just as likely that whatever protests take place in the streets of Buenes Aires, from activists who were excluded from the venue, will be insufficient to dissuade delegates from this course. But what we believe is achievable is to make further progress towards changing the norms around public participation in trade policy development, with the objective of improving the conditions for civil society stakeholders not only at the WTO, but also in other trade bodies and negotiations going forward.

This is one of the topics that EFF will be focusing on at this month's Internet Governance Forum (IGF), where we will be hosting the inaugural meeting of a new IGF Dynamic Coalition on Trade and the Internet, and hopefully announcing a new multi-stakeholder resolution on the urgent need to improve transparency and public participation in trade negotiations. The closed and exclusive 2017 WTO Ministerial Meeting is an embarrassment to the organization. If and when the WTO does finally expand its work program on digital trade issues, it is essential that public interest representatives be seated around the table—not locked outside the building.

Categorieën: Openbaarheid, Privacy, Rechten

Government Documents Show FBI Cleared Filmmaker Laura Poitras After Six-Year Fishing Expedition

The government recently revealed for the first time that federal agents maintained an open investigation of our client, Academy Award-winning documentary filmmaker Laura Poitras, for six years despite never finding any evidence that she committed a crime or was a threat to national security.

Coming up empty handed after Poitras had been subjected to dozens of border searches, the FBI finally closed the investigation, according to agency documents we obtained. 

We’ve learned about this fishing expedition through documents we obtained in a Freedom of Information (FOIA) lawsuit filed on Poitras’s behalf to find out why she was constantly being stopped by federal agents during her travels. Border agents detained Poitras at airports over 50 times from 2006 to 2012. The detentions began after she directed and released documentary films about post-9/11 life in Iraq and Yemen that challenged the U.S. government’s narrative about the war on terror.

Poitras was subjected to hours of questioning, and had her belongings searched and notes seized at U.S. and international airports. Border agents once threatened to handcuff her when she tried to take notes during a stop. 

On another occasion agents seized her electronic devices without a warrant —an increasingly common U.S. Customs and Border Patrol (CBP) practice in recent years. Her treatment is a clear example of the government abusing its vast surveillance power at the border. 

Poitras filed her FOIA lawsuit in 2015 to find out not only why her detentions started in the first place, but also why they abruptly stopped in June 2012, coincidentally (or not) just two months after her detentions made national news. EFF’s suit forced the government last year to turn over 1,000 pages, some of which answered the first question: The government’s reasoning for making Poitras the target of an intelligence investigation was because they speculated she had foreknowledge of an ambush of American forces in Baghdad in 2004 in which a U.S. soldier was killed and others seriously wounded. Poitras has repeatedly denied the allegation. In addition, the government never sought her footage from that day, which shows she did not film an ambush.

The speculation was based on her mere presence with a film camera on a rooftop on a day of intense fighting. Documents turned over in the FOIA case showed that a journalist embedded with the military, John Bruning, believed Poitras had prior knowledge of the attack and kept quiet so she could film it, which would have been criminal. But Army investigators found no evidence supporting his claim. Furthermore, in April 2006—three months before Poitras’s detentions began—they said in a letter to the FBI that there was “no credible evidence” that she had committed any crime.

The redacted documents obtained by EFF reveal multiple new aspects of the investigation for the first time:

-- The government’s investigation into Poitras was classified as secret

-- A grand jury was convened in 2007

-- Poitras’s personal records were subpoenaed from multiple companies

-- FBI agents were sent to film screenings where Poitras participated in Q&As 

Vast portions of the documents are redacted, so EFF is now challenging the government’s basis for continuing to withhold this information.

However, these documents still didn’t explain why the detentions stopped in 2012. It wasn’t until after we pointed out this missing information that the government turned over another six pages. These heavily redacted pages said, “no potential criminal violations or priority threats to national security warranting further investigation were identified.” Federal agents closed the investigation, according to an August 2012 declassified FBI report.

We now know that even though investigators determined in 2006 that there was no evidence Poitras had committed a crime, the FBI maintained a fishing expedition for another six years, finally closing the matter and giving up its efforts to find something it could use against Poitras after journalist Glenn Greenwald published an article about Poitras’ experiences and a group of documentary filmmakers submitted a petition to the Department of Homeland Security protesting her treatment. It’s concerning to think that these detentions may have continued indefinitely had they not been called out. The government’s use of border crossings as an opportunity to target a journalist for intelligence investigations is disturbing and wrong. 

It’s particularly troubling in light of the exponential increase in warrantless searches and seizures of travelers’ digital devices in recent years—a fact that CBP touts on its website. According to CBP data, the agency conducted 14,993 electronic device searches in the first half of fiscal year 2017 alone, up from 8,503 searches during the entire 2015 fiscal year. These searches have ensnared tens of thousands of Americans from all walks of life, including other journalists, artists, students, former military personnel, engineers, and limousine drivers. In September, EFF and the ACLU filed a lawsuit on behalf of 11 travelers whose smartphones and laptops were searched at the U.S. border without a warrant or explanation. 

Our digital devices contain massive amounts of information—including emails, texts, contact lists, photos, work documents, and medical or financial records—that can reveal sensitive details of our personal lives. The government should not be allowed to use border crossings as an opportunity to conduct fishing expeditions into our personal, private information. The Fourth Amendment requires border agents to have probable cause before seizing digital devices and to get a warrant before searching those devices. 

There is still much we don’t know about how the government decides who to pull out of line and, increasingly, whose digital devices to seize and search. We are seeking additional documents in Poitras’ case and hope to shed more light on the government’s unjust and potentially chilling treatment of a journalist. And we hope our new lawsuit will force the government to start respecting constitutional rights at the border.

 

 

 

Categorieën: Openbaarheid, Privacy, Rechten

Internet Censorship Bills Wouldn’t Help Catch Sex Traffickers

SESTA and FOSTA Could Hide Trafficking from Law Enforcement

In the most illuminating part of last week’s House subcommittee hearing on the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA, H.R. 1865), Tennessee Bureau of Investigation special agent Russ Winkler explained how he uses online platforms—particularly Backpage—to fight online sex trafficking. Winkler painted a fascinating picture of agents on his team posing as johns, gaining trust with traffickers, and apprehending them. His testimony demonstrated how, with proper training and resources, law enforcement officers can navigate the online platforms where sex work takes place to find and stop traffickers, especially those trafficking children.

It was a rare moment of clarity in the debate over FOSTA and its sibling bill, the Stop Enabling Sex Traffickers Act (SESTA, S. 1693). Since these bills were introduced, there’s been little discussion of how law enforcement officers use the online platforms that the bills would threaten and how SESTA and FOSTA would make it more difficult for law enforcement to do its work. Winkler made it crystal clear how heavily his work relies on online platforms: “We've conducted operations and investigations involving numerous perpetrators and victims. The one constant we encounter in our investigations is use of online platforms like Backpage.com by buyers and sellers of underage sex.”

There are some differences between SESTA and FOSTA, but their impact on the Internet would be the same. A website or other online platform could be liable under both civil and criminal law, at both the state and federal levels, for the sex trafficking activities of its users. Since it can be very difficult to determine whether a given posting online is in aid of sex trafficking, the bills would almost certainly force websites to become significantly more restrictive in what sorts of content they allow. Many victims of trafficking would likely be pushed off the Internet entirely, as well as sex workers who weren’t being trafficked.

Winkler didn’t show much interest in the idea of targeting online intermediaries—and neither did fellow witness Derri Smith of End Slavery Tennessee. Understandably, their focus isn’t on holding Internet companies liable for user-generated content; it’s on prosecuting the traffickers themselves and getting trafficking victims out of horrific situations.

When Rep. Marsha Blackburn asked both Tennessee panelists what they need to successfully fight trafficking, neither panelist mentioned proposals like SESTA and FOSTA at all. They discussed more important measures aimed at finding and stopping traffickers and supporting survivors. Winkler referenced changes in state law “to make it more punishable for both buyers and sellers of sex acts with juveniles.”

Winkler isn’t the only person who’s tried to explain to Congress how law enforcement relies on online platforms to find and arrest sex traffickers. Numerous experts in trafficking have pointed out that the visibility of online platforms can both aid law enforcement in apprehending traffickers and provide safety to trafficking victims. Trafficking expert Alexandra Levy notes that the online platforms that FOSTA could undermine are the very platforms that law enforcement agencies rely on to fight trafficking:

While more visibility invites more business, it also increases the possibility that victims will be discovered by law enforcement, or anyone else looking for them. By extension, it also makes it more likely that the trafficker himself will be apprehended: exposure to customers necessarily means exposure to law enforcement.

Levy submitted a letter to the House Energy and Commerce Committee, Subcommittee on Communications and Technology, in advance of last week’s hearing, urging the Subcommittee not to go forward with a bill (.pdf) that would make it harder to apprehend traffickers and expose trafficking victims to more danger.

Freedom Network USA—the nation’s largest network of frontline organizations working to reduce trafficking—agrees (.pdf): “Internet sites provide a digital footprint that law enforcement can use to investigate trafficking into the sex trade, and to locate trafficking victims.”

Four months after SESTA was introduced in Congress—and with SESTA and FOSTA’s lists of cosponsors growing by the day—lawmakers continue to flock to these bills without questioning whether they provide a real solution to sex trafficking. These bills would do nothing to stop traffickers but would push marginalized voices off of the Internet, including those of trafficking victims themselves.

Take Action

Tell Congress: SESTA and FOSTA are the wrong solution

Categorieën: Openbaarheid, Privacy, Rechten

EFF Pushes For More Transparency in Patent Cases, Whether In Court or at Patent Office

In a promising step toward transparency, the Eastern District of Texas (the court that sees many of the nation’s patent cases) recently announced an amendment to its Local Rules that would require parties to file redacted versions of documents that contain confidential information. Previously, parties would file whole briefs under seal, without any public version being provided, even if only one word or line in the brief was claimed to be confidential. One of the few ways the public could protest against this improper sealing was to attempt to intervene in cases so as to require the parties and the courts to justify the sealing. But members of the public can’t possibly intervene to unseal in every case. This rule change is a step toward greater transparency.

EFF has, in recent years, worked to push back against oversealing, especially in patent cases where improper sealing is practically routine. We successfully intervened in several cases in order to provide greater transparency to the public.

For example, EFF recently successfully unsealed materials in the case of My Health v. ALR Technologies. We intervened after the parties filed numerous briefs and documents under seal relating to whether patent owner My Health (whose patent on telehealth we awarded Stupid Patent of the Month in May 2016) litigated its case in an exceptional manner. The court recently agreed to unseal a large amount of information previously withheld from the public.

EFF has also been pushing for greater transparency in the high profile patent litigation between Allergan (a branded pharmaceutical company) and generic companies who wish to make a lower cost version of the drug Restasis. The litigation took on new interest when Allergan announced it had “sold” its patents to the Saint Regis Mohawk Tribe in an attempt to shield the patents from scrutiny at the Patent Office.

Once news of the Allergan-Tribe deal became public, we watched as the parties filed briefs in the related district court case with the most relevant exhibits about the controversial deal being filed under seal, completely hidden from the public. Concerned about this level of sealing, we reached out to the parties and asked them to provide greater transparency, or at minimum, provide justification for the high level of sealing. In the end, Allergan refiled many of the papers, significantly limiting the amount of information withheld from the public.

The Eastern District of Texas’ new rule is a step in the right direction, although we believe it still falls short of what the law requires. We submitted comments regarding the new rules, applauding the positive step, but urging the court to recognize that it is the parties’ burden to show why materials should be kept from the public each and every time they submit documents to the court. The Reporters Committee for Freedom of the Press also submitted comments urging the court to do more to protect the public’s interest in court filings.

Beyond the courts, we have also been pushing for greater transparency at the Patent Office. We recently sought materials from the Patent Office related to the Allergan-Tribe deal (many of which were the same as those filed in court). In October, we sent a Freedom of Information Act (FOIA) Request to the Patent Office asking for records from the proceeding related to Allergan’s patents. There, the Tribe had asked the Patent Office to end the proceedings based on a claim of sovereign immunity. Once again, the most relevant information was filed completely under seal without any justification for withholding it from the public.

The fact that this material was under seal became particularly problematic when the Patent Office issued a call for public input as to whether sovereign immunity applied to the proceedings. The ability of members of the public to evaluate the deal and determine its nature was hampered by the fact that the public could not determine what, exactly, the deal was.

After we filed our FOIA request, the Patent Office asked the parties to explain why the materials were filed under seal and what justification there could be do withhold the information from the public. This led, again, to the materials being significantly unmasked.

In both the district court case and at the Patent Office, it is clear that parties are often sealing much more information than the law allows. It is only when challenged do they agree to reveal what should have been public in the first place. While we’re glad there has been greater transparency in the cases mentioned above, it should not take EFF (or anyone else’s) intervention before the courts and parties make public what should have been public all along.

Categorieën: Openbaarheid, Privacy, Rechten

New Orleans Police Watchdog Warns of Dangers of Expanded Surveillance

In a stern warning to the New Orleans City Council, the city’s top police watchdog has criticized a plan to expand surveillance without also expanding oversight. The Office of Independent Police Monitor (OIPM) warned that the city is on a path that may lead to abuse, racial discrimination, and fiscal waste. 

New Orleans Real Time Crime Center (Source: Nola.gov)

In November, New Orleans Mayor Mitch Landrieu announced a $5-million “Real Time Crime Monitoring Center” near the French Quarter that would allow for 24-7 monitoring of both private and government-owned CCTV cameras, automated license plate readers (ALPRS), and other advanced surveillance technology. The facility coincides with a plan to install 250 new surveillance cameras and 106 new ALPRs in 2018. 

The plan was also criticized by the Music & Culture Coalition of New Orleans [.pdf], which represents the Big Easy’s vibrant art and music scene, as “poorly conceived, reactionary, and intentionally ambiguous.” The group complained that the lack of a public process resulted in the creation of “a blueprint for unconstitutional surveillance.”

In response to community concerns, Acting Police Monitor Ursula Price wrote in a letter that the systems “have the potential to jeopardize the expensive and hard-won police reforms of the past ten years.” She notes that despite earmarking millions for expanded surveillance, the city has not proportionately increased funding for oversight and monitoring to prevent abuse. Drawing from case studies in London, Chicago, and San Francisco, and EFF’s own work in the New Orleans area, she shows that surveillance has historically violated the privacy of constituents, particularly women and communities of color. She predicts the technologies may create civil liability for the city without positively impacting public safety, especially considering the cybersecurity risks associated with large-scale storage of personal data.

OIPM recommended seven key reforms: 

  • Prohibit magnification of an individual’s face without reasonable suspicion or threat to public safety and monitor compliance.
  • Prohibit aiming the camera at an individual’s or group's activity without reasonable suspicion or threat to public safety and monitor compliance.
  • Require camera operators to adhere to the same 4th Amendment-informed NOPD [New Orleans Police Department] policies regarding reasonable suspicion and monitor compliance.
  • Prohibit pointing cameras into private homes and monitor compliance.
  • Balance the need for public information against public privacy when setting rules on dissemination and duration of image retention and monitor compliance.
  • Monitor NOPD to ensure consistent enforcement of camera policies and discipline those who violate policy.
  • Private cameras linked to the command center feeds must follow the same rules and regulations as public cameras. 

Independent and civilian oversight bodies in other cities should take a cue from New Orleans’ OIPM and, in their own communities, begin analyzing the policies governing the use of these spying technologies and investigate how law enforcement abuses surveillance.

Watchdog bodies should start with EFF’s “Law Enforcement Technology Primer for Civilian Oversight Bodies,” [.pdf] a guide developed in 2015 for the National Association of Civilian Oversight of Law Enforcement. The paper outlines the emerging civil liberties issues presented by new technologies, what questions oversight bodies should ask, and what actions can be taken to protect the public from unrestrained surveillance.

For more information on surveillance technologies used by local police department, such as ALRPs, body-worn cameras, cell-site simulators, drones, and face recognition, visit EFF’s Street-Level Surveillance project

Categorieën: Openbaarheid, Privacy, Rechten

Court Recognizes First Amendment Right to Anonymity Even After Speakers Lose Lawsuits

Anonymous online speakers may be able to keep their identities secret even after they lose lawsuits brought against them, a federal appellate court ruled last week.

The decision by the U.S. Court of Appeals for the Sixth Circuit in Signature Management Team, LLC v. John Doe is a victory for online speakers because it recognized that the First Amendment’s protections for anonymous speech do not end once a party suing the anonymous speaker prevails. Instead, the court ruled that revealing anonymous speakers’ identities has far-reaching consequences that must be weighed against opposing parties’ and the general public’s rights to learn speakers’ names once they’ve been found to have violated the law. This is good news, because many vulnerable speakers will self-censor unless they have the ability to speak anonymously and thereby avoid retaliation for their whistleblowing or unpopular views.

The ruling, however, is not all good news for anonymous speech. The test announced by the court sets unmasking as the default rule post-judgment, placing the burden on the anonymous party to argue against unmasking. Additionally, the court expanded the competing First Amendment right of access to judicial proceedings and records—which EFF strongly supports—to a novel right to learn the identity of an anonymous litigant—which we do not support.

Blogger Sued by Company for Copyright Infringement Fights to Keep His Anonymity

The case centers on an anonymous blogger (Doe) who runs the blog “Amthrax,” which is critical of multi-level marketing companies such as Amway. In 2013, the blogger posted a training manual copyrighted by Signature Management Team, another multi-level marketing company. When the company issued a takedown notice, Doe removed the work from the blog. Then Signature Management filed suit. It asked for a court order to unmask Doe and to require Doe to destroy all copies of the book and not to infringe the company’s copyright in the future.

During an early discovery phase of the case, the trial court denied Signature Management’s request to unmask Doe, ruling that the First Amendment protected his identity. Later, on the merits, the court ruled that Doe had infringed Signature Management’s copyright, but indicated that it would likely only require that Doe destroy all copies of the work. After Doe confirmed that he had done so, Signature Management once more asked the court to unmask Doe.

The trial court again denied Signature Management’s request, finding that because Doe had already deleted the infringing work, unmasking the blogger was unnecessary. Signature Management appealed to the Sixth Circuit, arguing that since Doe was found liable, he should no longer maintain his anonymity.

The Good News: Court Recognizes Right to Anonymity Extends to Speakers Who Lose Lawsuits

To EFF’s knowledge, the Sixth Circuit’s decision is the first time a federal appellate court has recognized that the First Amendment can protect speakers’ ability to remain anonymous even when they have been found liable in a civil lawsuit.

An order unmasking Doe would therefore unmask him in connection with both protected and unprotected speech and might hinder his ability to engage in anonymous speech in the future.

This is a great development for anonymous speech online. EFF has long fought for anonymous speech rights, including defending online speakers from lawsuits that are designed to intimidate, harass, or silence them rather than vindicate the plaintiffs’ legitimate legal grievances. Although the right to speak anonymously is not absolute, courts have recognized its historical importance in our democracy and its ability to foster open debate on controversial topics, particularly online.

In most anonymous speech cases, parties seek to unmask speakers at an early stage in a lawsuit. Courts have developed various tests that seek to protect anonymous speech rights and to deter frivolous lawsuits, while still allowing plaintiffs to obtain the evidence they need to pursue their claims.

It was an open question whether the right to anonymity continued after a Doe defendant was found liable for a civil claim. We filed a brief [.pdf] in this case arguing that it did, and the Sixth Circuit agreed.

The appellate court rejected Signature Management’s argument that Doe’s liability for copyright infringement extinguished his First Amendment right to anonymity. This is because his unprotected publication of Signature Management’s book was just one episode in a larger campaign of Doe’s overall anonymous speech. The court explained that although “Doe’s infringing speech is not entitled to First Amendment protection, that speech occurred in the context of anonymous blogging activities that are entitled to such protection.”

The court further reasoned: “An order unmasking Doe would therefore unmask him in connection with both protected and unprotected speech and might hinder his ability to engage in anonymous speech in the future.”

The court’s ruling gives anonymous speakers a chance to show that they should still keep their anonymity even if they’ve been found to have violated the law, laying out factors (discussed below) that courts can weigh when determining if speakers can keep their anonymity.

The Bad News: Court’s Test Places the Burden on Speakers to Maintain Their Anonymity

Unfortunately, maintaining anonymity after being found liable in a civil lawsuit is not guaranteed under the Sixth Circuit’s test. The decision sets a default (in legal jargon, a presumption) that, after being found liable, the speaker should be unmasked. It is then up to the speaker to overcome that default by showing that unmasking is not warranted.

The court’s standard is backwards. The rule—even post-judgment—should be that the First Amendment protects anonymous speakers’ rights by default, and then the party seeking to unmask them should have the burden to show why unmasking is required.

The decision provides several factors for courts to weigh, including the public’s interest in the litigation, the plaintiff’s needs to know the defendant’s identity to enforce the judgment against them, and the anonymous speakers’ ability to show that they engage in substantial protected speech that unmasking will chill. After creating the test, the Sixth Circuit sent the case back to the district court to apply it in this specific case.

The court grounded its default—that Does should be unmasked once they’ve been found liable—in another important First Amendment right: the right of the public to access judicial proceedings and records.

EFF is a strong advocate of this right, and we regularly assert it in court. But as we argued in the brief we filed in this case, that presumptive right of access can yield in narrow circumstances to other important interests, such as an individual’s right to anonymity.

The Sixth Circuit’s ruling, however, expands the First Amendment right of access beyond sealed court records or closed judicial proceedings, to include a new principle: that the public has the right to know the names of anonymous defendants once they’ve been found liable. The court ruled that “like the general presumption of open judicial records, there is also a presumption in favor of unmasking anonymous defendants when judgment has been entered for a plaintiff.”     

This is incorrect. The point of the right of public access to government proceedings and records is for the public to be able to monitor what its government is up to. To know whether judicial rulings are fair and reasonable, the public needs to be able to attend court hearings and read court filings. Irrespective of whether the identify if an anonymous litigant appears in court records, unmasking the litigant will not advance the public’s ability to monitor the actions of the court.

One risk of the Sixth Circuit’s ruling is that it might eventually be extended to create a presumption of post-judgment unmasking for anonymous plaintiffs, who can include parties alleging privacy invasions, who were victims of crime, or those seeking access to abortion or other medical care.

For now, we’re excited that the Sixth Circuit strengthened protections for anonymous speakers and we remain hopeful that our concerns about the decision won’t be realized.

Categorieën: Openbaarheid, Privacy, Rechten

EFF Staffers Jennifer Lynch and Dave Maass Receive Award for Groundbreaking Work In Providing Public Access to Police Surveillance Records

EFF Senior Staff Attorney Jennifer Lynch and Investigative Researcher Dave Maass last night received the First Amendment Coalition’s 2017 Free Speech & Open Government Award in recognition for their work bringing transparency and accountability to law enforcement’s collection and use of automated license plate reader (ALPR) data. The award was shared with Peter Bibring, director of police practices at the ACLU of Southern California.

Lynch and Bibring fought a five-year legal battle to obtain ALPR data from Los Angeles law enforcement agencies to better understand how police use records obtained by scanning the license plates and collecting location data of tens of millions of law-abiding drivers. Mounted on squad cars and telephone poles, ALPR systems indiscriminately read license plates and record the time, date, and location a particular car was encountered. These records can reveal intimate details of our private lives—where we go, who we visit, where we work and when we visit the doctor.

EFF and the ACLU of Southern California filed suit after police agencies refused to turn over the documents, saying they were investigative records, a claim that’s tantamount to saying all drivers in Los Angeles are under investigation at all times, regardless of suspicion of criminal activity. In a major victory for transparency, the California Supreme Court ruled in August that collecting license plate data isn’t targeted at any particular crime, so the records couldn’t be considered part of a police investigation and kept secret.

“This sets a precedent that mass, indiscriminate data collected by the police using any kind of surveillance technology can’t be withheld as an investigative record just because it contains, or may contain, a small amount of criminal data,” said Lynch in her acceptance speech last night. “This should have broad impact on future public records requests filed by anyone in the state.”

The EFF team also worked in the California legislature, helping to pass a bill that requires all agencies or individuals that use ALPRs to publicly post privacy and usage policies. Through public records requests and organized crowdsourcing events with EFF supporters, the team created a definitive map of ALPR policies in California. EFF has also analyzed license plate data in Oakland to show disproportionate targeting of communities of color, revealed cybersecurity vulnerabilities in license plate readers around the country, and exposed how license plate reader companies are turning police into debt collectors.

Congratulations Jen, Dave, and Peter!

Related Cases: Automated License Plate Readers- ACLU of Southern California & EFF v. LAPD & LASD
Categorieën: Openbaarheid, Privacy, Rechten

Deep Dive: DHS and CBP Nominees’ Unsatisfying Responses to Senators’ Questions on Border Device Searches

Electronic Frontier Foundation (EFF) - nieuws - 2 december 2017 - 12:54am

Two of President Trump’s top homeland security nominees faced tough questioning from Sens. Ron Wyden (D-OR) and Rand Paul (R-KY) about the civil liberties implications of border searches of digital devices during their confirmation processes. In this deep-dive legal analysis, we dissect the written responses of Kirstjen Nielsen and Kevin McAleenan to “questions for the record” submitted by Sens. Wyden and Paul.

Nielsen, the nominee for secretary of the U.S. Department of Homeland Security (DHS), served as chief of staff to the former DHS secretary, John Kelly. When Kelly became White House chief of staff for President Trump, Nielsen followed to become a White House aide. McAleenan, the nominee for commissioner of U.S. Customs and Border Protection (CBP), has served as acting commissioner since the beginning of the Trump administration.

Both Nielsen and McAleenan revealed that CBP is currently reviewing its 2009 policy directive on border device searches and will “revise and update it to reflect evolving and operational practices on this important and sensitive issue.” McAleenan also promised Sen. Wyden that he would make the revised policy public. We eagerly await the revised policy.

The only policy update since 2009 that CBP has publicly discussed so far is the April 2017 “muster” that directs border agents not to access cloud data during device searches, and to disable a device’s Internet access prior to searching to ensure this is the case.

Additionally, we will be interested to see whether and how the revised policy addresses two key cases that have come down since 2009: the United States Court of Appeals for the Ninth Circuit’s 2013 decision in U.S. v. Cotterman and the U.S. Supreme Court’s 2014 decision in Riley v. California.

In Cotterman, the Ninth Circuit held that the Fourth Amendment requires border agents to have reasonable suspicion before conducting a software-aided “forensic” search (as opposed to a manual search) of a digital device such as a laptop. In Riley, the Supreme Court held that cell phones are not subject to the search-incident-to-arrest exception—which permits warrantless and suspicionless searches of arrestees and items in their possession—and thus, consistent with the Fourth Amendment, police must first obtain a probable cause warrant before searching the cell phone of an arrestee. As we have extensively argued, Riley should apply at the border given the significant and unprecedented privacy interests travelers have in their cell phones, laptops, and other digital devices.

Referencing Cotterman, Sen. Wyden asked McAleenan: “If CBP has been able to protect our borders and, more broadly, U.S. national security, while following a reasonable suspicion standard in the 9th Circuit, why could the agency not also adopt the same standard elsewhere in the country?”

McAleenan responded: “CBP is actively engaged in reviewing its [2009] governing policy on the border search of electronic devices, to include setting appropriate policy limitations for these searches, particularly when forensic review is involved.”

This response is intriguing because it raises the question whether CBP is actually considering writing the Cotterman rule into its border device search policy directive, which would apply across the country and not just in the nine western states under the jurisdiction of the Ninth Circuit. Moreover, McAleenan could have argued that Cotterman has hampered CBP’s border security mission, yet his silence suggests that this has not been the case.    

Sen. Wyden asked McAleenan how many border device searches were supported by reasonable suspicion.

McAleenan responded: “CBP does not compile this specific data set.”

This is disappointing. It would be helpful to have this statistic to see how often border agents actually operate with some objective reason to believe that a traveler has violated an immigration or customs law. This would shed light on any claims by CBP that a universally applied higher standard of suspicion for border device searches would be impractical. Also, it would be instructive to know at a more granular level whether certain ports-of-entry or even specific agents conduct suspicionless searches more often than others.

Sen. Paul asked Nielsen what the maximum amount of time is that border agents may delay entry for a traveler in order to search their devices.

Nielsen didn’t answer this question, but instead reiterated CBP’s default rule that devices may be detained for not more than five days. However, while the default length of a device detention is five days, § 5.3.1 of CBP’s 2009 policy directive expressly allows for indefinite device detention if a supervisor agrees there are undefined “extenuating circumstances.” Presumably applying this nebulous standard, for the last 10 months CBP has confiscated the phone of Suhaib Allababidi, one of the plaintiffs in our lawsuit against DHS and CBP concerning border device searches and confiscations. As to Sen. Paul’s actual question, our clients suffered entry delays for several hours while agents searched their devices. One client, Jeremy Dupin, was detained for seven hours on Christmas Eve, along with his young daughter.

Sen. Wyden noted: “When meeting with my staff, CBP personnel stated that the agency does occasionally perform border searches of Americans’ electronic devices at the request of other governmental agencies.”

McAleenan responded: “[T]he use of other federal agency analytical resources, such as translation, decryption, and subject matter expertise, may be needed to assist CBP in reviewing the information contained in electronic devices or to determine the meaning, context, or value of information contained in electronic devices.”

McAleenan was referring to § 5.3.2 of CBP’s 2009 policy directive. The problem with McAleenan’s response is that he conflated border device searches at the request of other agencies, with border device searches conducted with the assistance of other agencies. He failed to address the former issue, which raises the specter of government officials evading the Fourth Amendment's warrant requirement by trying to stretch the border search doctrine—which permits warrantless and suspicionless “routine” searches—to cover investigations unrelated to the border.

We know that CBP does conduct searches for other agencies, and that those searches have nothing to do with a traveler at the border possibly violating an immigration or customs law. For example, in U.S. v. Saboonchi, Ali Saboonchi (a dual U.S. and Iran citizen) was returning to the U.S. from a vacation to Niagara Falls with his wife when border agents saw in a government database that he was the subject of a pre-existing investigation for violating the trade embargo with Iran. That investigation started with the FBI and continued with Homeland Security Investigations (HSI), a part of U.S. Immigration and Customs Enforcement (ICE). When border agents called an HSI special agent to flag that Saboonchi was at the border, she told them to detain Saboonchi’s devices to, as the district court explained, “take advantage of” the government’s authority to conduct warrantless border searches, in the hope of furthering that separate investigation—which had no nexus to Saboonchi’s border crossing.

Sen. Wyden asked McAleenan: “Have CBP personnel ever surreptitiously installed surveillance software or malware onto a traveler’s device during a border search? Alternatively, has CBP assisted another government agency in covertly installing malware onto a traveler’s electronic device?”

McAleenan responded “no” to both these questions, but limited his answer “to my knowledge.” If this is true, we welcome this assurance, as we know that this has been a significant fear of many travelers.

Sen. Wyden asked McAleenan: “I think it’s important that people know their rights, and that CBP can’t demand people assist in unlocking a device at the border. Will you commit to making sure that individuals know their rights, and your authorities, before they’re asked to provide assistance in searching a device?”

McAleenan referenced a “tear sheet” claiming that it “clearly explains and details the authority supporting the search of their electronic device.” But this document does not notify travelers that they have a right to refuse to provide their password or PIN, or otherwise provide border agents access to their digital devices. To the contrary, this document commands travelers to comply with border agents’ demands:

CONSEQUENCES OF FAILURE TO PROVIDE INFORMATION: Collection of this information is mandatory at the time that CBP or ICE seeks to copy information from the electronic device. Failure to provide information to assist CBP or ICE in the copying of information from the electronic device may result in its detention and/or seizure.

Finally, McAleenan revealed in his responses to Sen. Wyden that the number of border device searches for fiscal year 2017 (which ran from Oct. 1, 2016-Sept. 30, 2017) was 30,151. This is compared to 5,085 searches for FY 2012—reflecting a six-fold increase in the past five years.

McAleenan also revealed that of the FY 2017 border device searches, 20% (6,003) of travelers were American citizens. This is a large number of Americans whose privacy was invaded simply for traveling abroad. Moreover, this number doesn’t take into account legal permanent residents (green card holders), who also enjoy the Fourth Amendment right to privacy in their cell phones and other digital devices.

We thank Sens. Wyden and Paul for continuing to shine a light on border device searches. The more we know about this rampant invasion of digital liberty, the easier it will be to reform it.

For more information on your rights at the border, read our whitepaper: Digital Privacy at the U.S. Border: Protecting the Data On Your Devices and In the Cloud.

We also urge you to contact your members of Congress and tell them to support the Protecting Data at the Border Act (S. 823/H.R. 1899), which would require border agents to get a probable cause warrant before searching the digital devices of U.S. citizens and lawful permanent residents.

Categorieën: Openbaarheid, Privacy, Rechten

Pagina's

Abonneren op Informatiebeheer  aggregator - Privacy