Affiliated with the University of California's systemwide
Humanities Research Institute
The MacArthur Foundation
The NSA appears to have been involved in the surveillance of privileged attorney-client communications, and the legal community is not happy about it. The New York Times reports that communications between an American law firm and its foreign client may have been among the information one of the NSA’s "five eyes" intelligence partners, the Australian Signals Dictorate, shared with the NSA. The American Bar Association has responded to these allegations by urging the NSA to clarify its procedures for minimizing exposure of privileged information- and rightly so. Surveillance of attorney-client communications is anathema to to the fundamental system of justice established by our Constitution.
The Times reported that the newly leaked document provides evidence that the Australian spy agency asked the NSA for guidance on how to handle surveillance of privileged attorney-client communications while monitoring trade talks between the Indonesian government and the US. The NSA’s guidance apparently allowed the Australian agency "to continue to cover the talks, providing highly useful intelligence for interested US customers." An NSA spokeswoman did not deny the allegations, but did note that the NSA could offer a variety of limitations on the collection and dissemination of privileged communications.
ABA president James R. Silkenat writes in his letter to NSA Director Keith Alexander: "The attorney client privilege is a bedrock legal principle of our free society." The privilege protects communications between attorneys giving their clients or potential clients professional legal advice or assistance and ensures that people can seek candid advice from a qualified attorney without fear their discussions will be used against them. It allows clients to prevent disclosure of privileged information by others, and to refuse to disclose that information themselves. As the Supreme Court held in Upjohn Co. v. United States : "The privilege recognizes that sound legal advice or advocacy . . . depends on the lawyer’s being fully informed by the client.
President Obama has nominated former SOPA lobbyist Robert Holleyman to join the team of U.S. negotiators leading the Trans-Pacific Partnership (TPP) talks. If confirmed by the Senate, the former chief executive officer of the Business Software Alliance (BSA) would serve as a Deputy to the U.S. Trade Representative. Coincidentally, the current head of the BSA is former White House IP Czar Victoria Espinel.
Holleyman is an interesting choice for the Obama administration, given the current standstill in TPP negotiations. Reports from the TPP ministerial meeting last weekend said that nothing substantive came out of those talks and that an end date for this sprawling deal is growing increasingly uncertain. One of the many topics of contention is the copyright enforcement sections. On these, the U.S. refuses to agree to provisions that would allow signatory countries flexibility in their copyright regimes.
As a result, countries like Chile and Canada are standing firm against U.S. proposals—a stance confirmed by the “Intellectual Property” chapter published by Wikileaks in November. These proposals include provisions that would place greater liabilities on Internet Service Providers, create new tools of censorship, and new restrictions on how users can access and interact with digital content. Instead of allowing other countries to choose their own approaches to copyright, Obama's choice to appoint a prominent supporter of the spectacularly failed SOPA bill indicates the White House's unwillingness to let up on its extreme stance on copyright enforcement.
The evidence of corporate influence on trade talks doesn't stop there. Recent reports revealed that prominent U.S. trade officials had received millions of dollars in bonuses before they left their corporate jobs to take up their position at the Obama administration. Soon after these revelations, the U.S. Trade Rep Michael Froman—who received $4 million in bonuses from banking giant CitiGroup—introduced plans to create a new Public Interest Trade Advisory Committee.
Since June, ongoing revelations about the NSA's activities have shown us the expanding scope of government surveillance. Today is the day people around the world are demanding an end to mass spying.
A broad coalition of organizations, companies, and individuals are loudly voicing their stance against unwarranted mass spying—over 6,000 websites have joined together today to demand reform. EFF stands by millions of users—represented by groups like Demand Progress, ACLU, PEN, and Access as well as companies like Google, Twitter, Mozilla, and reddit—to reform governmental collection of innocent users' information.
Over the past few years, we've seen the Internet as a political force make waves in Washington. From our defeat of the Internet censorship bill SOPA to our battles over CISPA, TPP, and patent reform, history has shown that we can activate our networks to beat back legislation that threatens our ability to connect, as well as champion bills that will further our rights online.
We can win this. We can stop mass spying. With public opinion polls on our side, unprecedented pressure from presidential panels and oversight boards, and millions of people speaking out around the world, we've got a chance now to change surveillance policy for good.
Last year, we were presented with a new opportunity—an opportunity in the form of leaks that showed us the truth about deeply invasive surveillance programs around the world. This is the year we make good on that opportunity. Let's ensure that sacrifices made by whistleblowers and risks taken by brave journalists were not done in vain.
Join us in fighting back. We've laid out below how you can speak out against mass spying.
In the US? Call Congress today.
Dial 202-552-0505 or click here to enter your phone number and have our call tool connect you
On back-to-back days this week, residents in Texas and Washington received some extra legal protection for the contents of their cell phones. These decisions, while only binding on law enforcement within each respective state, could play an important role on the ongoing debate on cell phone privacy specifically, and applying legal protections against unreasonable searches and seizures to new technologies generally.
Texas: a cellphone is not like a pair of pants or shoes
First, the Texas Court of Criminal Appeals ruled in State v. Granville that an inmate locked in jail maintained an expectation of privacy in the contents of his cell phone even when the phone was out of his custody and in the control of the jail guards. A Huntsville police officer arrested high-school student Anthony Granville on a misdemeanor charge, and he was locked up in jail. Three hours after his arrest, a different officer than the one who arrested him retrieved Granville's phone from the evidence locker and, without a warrant, looked through the contents of the phone for evidence of an unrelated crime.
The government attempted to justify the search by claiming that, similar to clothing worn by an inmate, once the phone was in the control of the jail officials, Granville no longer had any expectation of privacy in its contents. We filed an amicus brief explaining that a cell phone really isn't anything like a pair of pants given the immense amount of data stored on the phone, meaning that police needed to get a warrant to search it. The high court agreed with us, with Judge Cathy Cochran writing unequivocally:
[W]e conclude, as did the court of appeals, that a cell phone is not like a pair of pants or a shoe. Given modern technology and the incredible amount of personal information stored and accessible on a cell phone, we hold that a citizen does not lose his reasonable expectation of privacy in the contents of his cell phone merely because that cell phone is being stored in a jail property room.
Washington: A text message is like a phone call or letter
The Intercept recently published an article and supporting documents indicating that the NSA and its British counterpart GCHQ surveilled and even sought to have other countries prosecute the investigative journalism website WikiLeaks. GCHQ also surveilled the millions of people who merely read the Wikileaks website. The article clarifies the lengths that these two spy organizations go to track their targets and confirms, once again, that they do not confine themselves to spying on to those accused of terrorism.
One document contains a summary of an internal discussion in which officials from two NSA offices discuss whether to categorize WikiLeaks as a "malicious foreign actor" for surveillance targeting purposes. This would be an important categorization because agents have significantly more authority to engage in surveillance of malicious foreign actors.
The response provided by the agency’s general counsel and an arm of its Threat Operations Center was simply "Let us get back to you"—leaving the matter unresolved. The answer, of course, should have been an unequivocal "no."
Another document, branded with GCHQ's logo, showed passive surveillance of a website in January and February 2012. The keywords leading to the site, including “wikileaks” and “http://wikileaks.org/” indicate that the website under surveillance was WikiLeaks. As The Intercept explains:
By exploiting its ability to tap into the fiber-optic cables that make up the backbone of the Internet, the agency confided to allies in 2012, it was able to collect the IP addresses of visitors in real time, as well as the search terms that visitors used to reach the site from search engines like Google.
Yet another document shows the depth of the legal effort against WikiLeaks, indicating that the Obama administration "urged foreign allies to file criminal charges against Assange over the group’s publication of the Afghanistan war logs."
This is particularly troubling since it appears that, instead of honoring the American tradition (and law protecting) of freedom of speech, the US government is engaging in forum shopping, trying to get countries with less speech-protective laws to engage in prosecutions that would violate the Constitution if they were tried here.
For the last month, Venezuela has been caught up in widespread protests against its government. The Maduro administration has responded by cracking down on what it claims as being foreign interference online. As that social unrest has escalated, the state's censorship has widened: from the removal of television stations from cable networks, to the targeted blocking of social networking services, and the announcement of new government powers to censor and monitor online. Last night, EFF heard the first reports from Venezuelans of a complete Internet shutdown in San Cristóbal, a regional capital in the west of the country.
The censorship began early last week when the authorities removed a Columbian news network, NTN24, from Venezuelan cable, and simultaneously published a reminder that TV stations could be in violation of a law that forbids the incitement or promotion of "hatred", or "foment citizens' anxiety or alter public order."
Venezuelan Internet users on a variety of ISPs lost connectivity last Thursday to an IP address owned by the content delivery network, Edgecast. That address provided access to, among other services, Twitter's images at pbs.twimg.com. A separate block prevented Venezuelans from reaching the text hosting site, Pastebin.
No official explanation for the loss of access to these general purpose communication platforms was given by either the government or the ISPs (the country's largest ISP, CANTV, is government-owned). Twitter later reconfigured their services to point to another IP in response to Venezuelan complaints, bypassing the block. Twitter also communicated to users in Venezuela how to use Twitter using SMS, in anticipation of further Internet interruptions.
William Castillo, the director of CONATEL, the country's media regulator, later claimed that Internet censorship was necessary to fight off online attacks. He said that his organization had blocked several links "where public sites were being attacked." Castillo added (ironically, via his own Twitter account) that "they might move to new addresses, but we're conducting permanent monitoring.
The U.S. Attorney for the Northern District of Texas today filed a motion to dismiss 11 charges against Barrett Brown in a criminal prosecution that would have had massive implications for journalism and the right of ordinary people to share links. EFF has written extensively about the case and had planned to file an amicus brief on Monday on behalf of several reporters groups arguing for the dismissal of the indictment.
Brown, an independent journalist, was prosecuted after he shared a link to thousands of pages of stolen documents in an attempt to crowdsource the review of those documents—a common technique for many journalists. The records came from the US government contractor, Stratfor Global Intelligence and documented discussions of assassination, rendition and how to undermine journalists and foreign governments. They also included thousands of stolen credit card numbers. Brown had no involvement in the hack, but was charged nonetheless with identity theft.
In response to the decision by the federal prosecutor’s office to drop some, but not all of Brown's charges, EFF issued the following statement:
"We are relieved that federal prosecutors have decided to drop these charges against Barrett Brown. In prosecuting Brown, the government sought to criminalize a routine practice of journalism—linking to external sources—which is a textbook violation of free speech protected by the First Amendment. Although this motion is good news for Brown, the unnecessary and unwarranted prosecution has already done much damage; not only has it harmed Brown, the prosecution—and the threat of prosecution it raised for all journalists—has chilled speech on the Internet. We hope that this dismissal of charges indicates a change in the Department of Justice priorities. If not, we will be ready to step in and defend free speech.”
EFF plans to publish its draft brief and deeper analysis later this week.
Files: barrett_brown_mtd.pdfRelated Issues: Free SpeechShare this: || Join EFF
Liberation Music Will Fix Its Copyright Policies and Pay CompensationSan Francisco - Prof. Lawrence Lessig has settled his lawsuit against an Australian record label over the use of clips of a popular song by the band Phoenix in a lecture that was later posted online. Liberation Music, which represents Phoenix in New Zealand, claimed the clips infringed copyright, demanded YouTube take down the lecture, and then threatened to sue Lessig. Represented by the Electronic Frontier Foundation (EFF) and Jones Day, Lessig fought back, asserting his fair use rights in court.
"Too often, copyright is used as an excuse to silence legitimate speech," said Lessig, who serves as the Roy L. Furman Professor of Law and Leadership at Harvard Law School and director of the Edmond J. Safra Center for Ethics at Harvard University. "I've been fighting against that kind of abuse for many years, and I knew I had to stand up for fair use here as well. Hopefully this lawsuit and this settlement will send a message to copyright owners to adopt fair takedown practices—or face the consequences."
The settlement requires Liberation Music to pay Lessig for the harm it caused. The amount is confidential under the terms of the settlement, but it will be dedicated to supporting EFF's work on open access, a cause of special importance to Lessig's friend, Aaron Swartz, a technologist and activist who took his own life in early 2013. The parties also worked together to improve Liberation Music's methodology for compliance with the requirements of the DMCA in the United States. Going forward, Liberation Music will adopt new policies that respect fair use.
Neither party concedes the claims or defenses of the other. Liberation Music included this statement in the settlement agreement:
"Liberation Music is pleased to amicably resolve its dispute with Professor Lessig. Liberation Music agrees that Professor Lessig's use of the Phoenix song 'Lisztomania' was both fair use under US law and fair dealing under Australian law. Liberation Music will amend its copyright and YouTube policy to ensure that mistakes like this will not happen again.
The Mexican website 1dmx.org (mirror here), was set up in the wake of a set of controversial December 1st 2012 protests against the inauguration of the new President of Mexico, Enrique Peña Nieto. For a year, the site served as a source of information, news, discussion and commentary from the point of view of the protestors. As the anniversary of the protests approached, the site grew to include organized campaign against proposed laws to criminalize protest in the country, as well as preparations to document the results of a memorial protest, planned for December 1 2013.
On December 2nd, 2013, the site disappeared offline. The United States host, GoDaddy, suspended the domain with no prior notice. GoDaddy told its owners that the site was taken down "as part of an ongoing law enforcement investigation." The office in charge of this investigation was listed as "Special Agent Homeland Security Investigations, U.S. Embassy, Mexico City." (The contact email pointed to "ice.dhs.gov," implying that this agent was working as part of the Immigration and Customs Enforcement wing, who have been involved in curious domain name takedowns in the past.)
Email received by 1dmx.org owners from GoDaddy.
Luis Fernando García, 1dmx.org lawyer for the protestors, suspected that the call to bring down the site came from further afield than the U.S. embassy, and is suing several authorities in the Mexican courts to discover exactly which government agency passed on the order to the U.S. Embassy. Their court case, announced today, will continue to pursue the Mexican authorities to find the source of the demand, which the case contends violates Mexico's legal protections for freedom of expression.
If there are many questions to be answered by the Mexican authorities about this act of prior restraint on speech, there are no shortage of queries about the United States' involvement in this takedown. Why did GoDaddy take down content with the excuse of it being part of a legal investigation, when the company did not request or relay any formal judicial documents or an official court order? And why is the U.
Legal Briefings Still Under Seal After Government Demands for SecrecyThe Electronic Frontier Foundation (EFF) filed two briefs on Friday challenging secret government demands for information known as National Security Letters (NSLs) with the Ninth Circuit Court of Appeals. The briefs—one filed on behalf of a telecom company and another for an Internet company—remain under seal because the government continues to insist that even identifying the companies involved might endanger national security.
While the facts surrounding the specific companies and the NSLs they are challenging cannot be disclosed, their legal positions are already public: the NSL statute is a violation of the First Amendment as well as the constitutional separation of powers.
“The NSL statute allows the FBI to demand potentially protected information without any court oversight,” EFF Senior Staff Attorney Matt Zimmerman said. “Furthermore, it permits the FBI to independently gag recipients so that NSL recipients like our clients have no ability to notify their customers or the public that any demands were made, let alone that they went to court to stop them. Our clients strongly desire to bring their unique perspectives to the ongoing national discussion on intrusive government spying, and they have timely and relevant information to contribute to that debate. However, the FBI’s unconstitutional NSL authority prevents these companies from exercising their rights and taking part in this critically important conversation.”
In March 2013 a federal district court judge in San Francisco agreed with EFF and ruled the NSL provisions unconstitutional, barring future NSLs and accompanying gag orders. That ruling was stayed pending appeal, however, and the district court has subsequently enforced separate NSLs—including NSLs issued to both EFF clients—and indicates that it will continue to do so until the Ninth Circuit rules on EFF’s challenges.
“The fight over NSLs and the government’s dangerous practice of bypassing meaningful review by the judicial branch is not an academic one—real people and real companies are involved, battling for their constitutional rights and the rights of their users,” Zimmerman said.
The Department of Homeland Security and its component Immigration and Customs Enforcement recently issued a solicitation for bids to build and maintain a national database of motor vehicle license plate data. Not only would this database include plate data collected by DHS — it would also include data from other law enforcement agencies and private companies.
This is the first time any federal agency has proposed a database of this size and scope, and this "National License Plate Recognition" program raises significant privacy concerns. As we’ve said before, this kind of license plate data is location data — it tells the data gatherer where you’ve been and when, and can be aggregated to present a detailed picture of your life and who you associate with—whether you’re at a lawful protest or house of worship; a gay bar or your doctor’s office; your brother’s house or your lover’s. License plate data allows the data gatherer to track all movement in and out of an area; specifically target certain neighborhoods or organizations; or place political activists on hot lists so that their movements trigger alerts.
A Massive Expansion of Plate Data Collection
Automated License Plate Reader or ALPR cameras already scan and record the plates of millions of cars across the country. Law enforcement agencies in large metropolitan areas like Los Angeles and New York have databases of millions of plates—and these databases will only increase in size over time. A 2011 survey of more than 70 police departments showed that 79 percent used ALPR technology and 85 percent expected to acquire or increase use in the next five years. On average, these agencies expected that 25 percent of police vehicles would be equipped with license plate readers by 2016.
However, DHS doesn’t want to limit its data collection to law enforcement agencies. It also wants to include data from “asset recovery specialists” (repo companies) and “access control systems” (private security cameras in parking lots like malls). Private companies already collect data on a nationwide basis and may have more data than all law enforcement records combined.
The only thing standing in the way of patent reform is the United States Senate.
The House passed the Innovation Act in December with a bipartisan 325-91 vote. President Obama has said he'll sign the bill and asked Congress during his State of the Union to "pass a patent reform bill that allows our businesses to stay focused on innovation, not costly and needless litigation."
It's now up to the Senate to help put an end to costly, destructive patent troll litigation and threats. And they need to hear from you: you the inventor, you the entrepreneur, you the investor, and especially you the concerned individual.
Sign this letter urging the Senate to pass meaningful, comprehensive patent reform.
The most prominent bill in the Senate right now is Sen. Leahy's Patent Transparency and Improvements Act. The bill is a great first step, but it is by no means as comprehensive as the Innovation Act. (And both bills could be even stronger.) We're hoping the Senate factors in proposals to address patent quality (like in S. 866, Sen. Schumer's Patent Quality Improvement Act) as well as includes heightened pleading and fee-shifting language (like in S. 1013, Sen. Cornyn's Patent Abuse Reduction Act). All of these pieces together go a long way toward a patent reform bill that will help fix many of the system's problems.
As we continue to hear about case after case and demand letter after demand letter, it is obvious that innovative businesses and individuals are getting hit everyday—and just how necessary meaningful patent reform really is.
Let your voice be heard. Show the Senate your support for reform today. And stay tuned for more actions to come.
Related Issues: PatentsLegislative Solutions for Patent ReformPatent TrollsShare this: || Join EFF
House Minority leader Nancy Pelosi firmly announced her rejection of the “Fast Track” bill at an event on Wednesday, saying it was “out of the question.” Its passage has become increasingly tenuous since Senate Majority leader Harry Reid came out against it two weeks ago.
Fast Track is a mechanism that empowers the White House with sweeping authority to sign off on trade deals like the Trans-Pacific Partnership (TPP), limiting Congress' constitutional powers to set trade objectives, choose trading partners, and call hearings and amend all provisions. Opposition from Democrat leaders in the House and Senate is a major setback for the Fast Track bill, and likely comes as a result of public opposition from hundreds of thousands of individuals and organizations across the US.
Despite these blows, Obama and the US Trade Rep are still forging ahead to try to bring TPP closer to agreement among the 12 negotiating countries. US Trade Rep Michael Froman will meet this weekend with Japan's trade minister, who is head of the country's TPP negotiations, to reconcile differences on some major remaining sticking points around tariffs and auto trade. The next TPP meeting, already delayed several times, will begin on February 22 in Singapore. Then in April, President Obama is scheduled to make a trip to Asia. A White House press statement this week shows that TPP is clearly on his agenda as he visits two countries participating in the negotiations.
However, resistance continues to mount abroad. Over 80 senior legislators from seven TPP negotiating countries issued a joint letter demanding that the entire draft text of the agreement be published before it is signed, “to enable detailed scrutiny and public debate.” Vice President of Peru, Marisol Espinoza, is also a signatory to the letter.
The next few months will be interesting for the White House as it struggles to pull together support on this sprawling trade deal both at home and abroad. Senator Ron Wyden has become the new Chair of the Senate Finance Committee, where he will face pressure from the President to pass some form of Fast Track legislation to pass TPP as quickly as possible.
It's an old legal adage that bad facts lead to bad legal decisions, and today we've got a classic example in Garcia v. Google—the "Innocence of Muslims" case. Based on a copyright claim that is dubious at best, the Ninth Circuit Court of Appeals has ordered Google to take offline a video that is the center of public controversy. We can still talk about it, but we can't see what we are talking about. We're hard-pressed to think of a better example of copyright maximalism trumping free speech.
For those who haven't been following this, the case was brought by an actress, Cindy Lee Garcia, who was tricked into performing in a short anti-Islamic film (she was told the film was about something very different) and, as a result, found herself subject to death threats. Bad facts, right? Here's the bad law part: Garcia then filed a lawsuit against Google and several others, claiming the video infringed her copyright in her performance (approximately 5 seconds of a 13 minute video). Then she asked the court to require Google to take the video down. The district court wisely refused, noting that Garcia's copyright interest was unclear at best. Garcia appealed, and today the Ninth Circuit agreed with her, and ordered Google to take down all copies of the video and take reasonable steps to prevent further uploads.
How is this decision wrong? First, the ruling blows past the First Amendment concerns with the time-worn observation that "the First Amendment does not protect copyright infringement." Of course it doesn't, but neither are copyright cases immune from the same balancing test that applies to any injunction. And the standards for this kind of injunction—a classic prior restraint—are particularly high. Indeed, as the Supreme Court has observed repeatedly, injunctions that shut down speech are particularly disfavored. Court after court has held that they should not be issued where, as here, the case is "doubtful" but only where the law and the facts clearly favor an injunction.
Second, the merits of this case are indeed doubtful.
February is Black History Month and that history is intimately linked with surveillance by the federal government in the name of ‘national security. Indeed, the history of surveillance in the African-American community plays an important role in the debate around spying today and in the calls for a congressional investigation into that surveillance. Days after the first NSA leaks emerged last June, EFF called for a new Church Committee. We mentioned that Dr. Martin Luther King, Jr., was one of the targets of the very surveillance that eventually led to the formation of the first Church Committee. This Black History Month, we should remember the many African-American activists who were targeted by intelligence agencies. Their stories serve as cautionary tales for the expanding surveillance state.
The latest revelations about surveillance are only the most recent in a string of periodic public debates around domestic spying perpetrated by the NSA, FBI, and CIA. This spying has often targeted politically unpopular groups or vulnerable communities, including anarchists, anti-war activists, communists, and civil rights leaders.
Government surveillance programs, most infamously the FBI’s “COINTELPRO”, targeted Black Americans fighting against segregation and structural racism in the 1950s and 60s. COINTELPRO, short for Counter Intelligence Program, was started in 1956 by the FBI and continued until 1971. The program was a systemic attempt to infiltrate, spy on, and disrupt activists in the name of “national security.” While it initially focused on the Communist Party, in the 1960s its focus expanded to include a wide swathe of activists, with a strong focus on the Black Panther Party and civil rights leaders such as Dr. Martin Luther King, Jr.
FBI papers show that in 1962 “the FBI started and rapidly continued to gravitate toward Dr. King.” This was ostensibly because the FBI believed black organizing was being influenced by communism. In 1963 FBI Assistant Director William Sullivan recommended “increased coverage of communist influence on the Negro.
February 11, 2014—The Day We Fought Back. We started something.
Of course, the battle didn’t begin today. The groups that organized this action have long been pushing hard for real surveillance reform. But we knew that the time was ripe—that the Snowden leaks, unrelenting media pressure, grassroots activism, and even pressure from within Congress—were creating a once-in-a-lifetime opportunity to give the public—worldwide—the chance to voice its opposition to mass spying. We knew that 6,000+ websites were committing to stand with us in a global day of action, that dozens of advocacy organizations worldwide would fight with us. What we didn’t know was how big today’s stand against mass spying would be.
In one day, over 71,000 concerned Americans picked up the phone and told their Congress to rein in the NSA. Far more sent emails to their members of Congress. Around the world over 200,000 put their name to a set of founding principles against suspicionless surveillance: by the NSA, by their own governments, by anyone who dares to violate our human rights.
We’ve done more in this single day to pressure the U.S. Congress to reform surveillance law than what months or even years of lobbying to date have accomplished.
We’ve demonstrated our strength. We’ve shown those who want to watch us that the whole world is watching them.
This was a community-driven protest created by advocacy groups and everyday Internet users who wanted to defend the Internet from the creeping shadow of surveillance. Tech companies helped amplify their voices. Users worldwide were bolstered by the support of giants like Google, Facebook, Twitter, Tumblr, reddit, Automattic, Thoughtworks, Namecheap, Hover and many others. In dozens of countries, activists united their forces, forming new powerful coalitions and new legal campaigns.
This day of action tapped into the creativity and diversity of the Internet. Advocates for press freedom described how surveillance chills freedom of expression. International human rights organizations articulated how unrestrained, illegal surveillance violates human rights.
Remember when Rep. Mike Rogers likened opponents of pernicious cybersecurity legislation to 14-year-olds? It turns out that middle-school-age students are also well-prepared to debate him on the NSA's programs as well.
EFF congratulates students from two middle schools who took home top prizes in the C-SPAN StudentCam 2014 competition for young filmmakers with their documentaries on the debate over mass surveillance.
According to the C-SPAN press release:
Peter Jasperse, Antonia Torfs-Leibman and Madeleine Hutchins, eighth graders at Eastern Middle School in Silver Spring, Md., are national First Prize winners in the Middle School division. Peter, Antonia and Madeleine will share $3,000 for their First Prize documentary, 'The NSA: The Lengths of America's Security,' about NSA surveillance."
The video, featuring an interview with author James Bamford, will air on C-SPAN at 6:50 a.m. E.T. and throughout the day on April 23. You can also watch it online.
Ben Blum, a filmmaker at Saint Mark's School in San Rafael, California, scored second place in the same category for his documentary "Data Obsession," featuring EFF Activist Parker Higgins. It will air on Friday, April 11 and you can watch it below:
Privacy info. This embed will serve content from youtube-nocookie.comIf you're a student interested in ways to join our fight against NSA surveillance, please visit https://supporters.eff.org/engage.
var mytubes = new Array(1);
mytubes = '%3Ciframe src=%22//www.youtube-nocookie.com/embed/AI4VaRgpDCs%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22315%22 width=%22560%22%3E%3C/iframe%3E';
Share this: || Join EFF
After an encouraging debate at the Oakland City Council meeting on February 18, EFF has submitted another letter opposing Oakland’s Domain Awareness Center (DAC). The DAC is a potent surveillance system that could enable ubiquitous privacy and civil liberties violations against Oakland residents. The city appeared set to approve a resolution that would have handed the City Administrator authority to sign a contract for completion of the project. However, after strenuous discussion, Councilmember Desley Brooks made a motion to delay the vote for two weeks in order to get more information about the potential civil liberties and financial impacts of the DAC. The council passed the motion with 6 yes votes and 2 abstentions.
Phase I of the DAC, funded by a Department of Homeland Security grant, is already operational. It integrates Port security cameras and an intrusion detection system with City of Oakland traffic cameras, city geographic information system (GIS) mapping, and a gun shot detector called ShotSpotter. The information from these various data sources is integrated using “Physical Security Information Management” PSIM. This allows law enforcement and other agencies to access and analyze all of these data sources through a single user interface. This means DAC staff can look at a single screen and see various video and information feeds at once, allowing much more invasive surveillance of Oaklanders.
At the February 18 meeting, speakers raised myriad issues. One of those was the racial profiling of Yemeni, Muslim, and African-American communities already happening in Oakland. Mokhtar Alkhanshali, a community organizer, talked about how law enforcement already targets the thousands of Muslims in Oakland, stating, “I represent people who are afraid to come here." Fred Hampton, Jr., son of the murdered Black Panther Party member Fred Hampton, reminded the council about the legacy of surveillance and targeting experienced by African-American activists.
At issue now is whether the Oakland City Council will approve an expansion of the system to include more data sources, considering all the outstanding questions.
Massachusetts police must now get a search warrant before they can track a person's past movements through their cell phone in an important new decision that has implications beyond just cell tracking in the Bay State.
In Commonwealth v. Augustine, state police relied on federal law to obtain an order authorizing the disclosure of two weeks worth of historical cell site records from Sprint in connection with a murder investigation. But the order wasn't a search warrant supported by probable cause. Years after obtaining the records and a criminal case was brought against Augustine, a different judge found the police had violated the Massachusetts state constitution when it failed to get a warrant.
The judge reasoned people have an expectation of privacy in their movements under the state constitution. That was true even though the records were owned by Sprint. The state appealed to the Massachusetts Supreme Judicial Court, and with the help of Kit Walsh of the Berkman Center for Internet and Society at Harvard Law School, we filed an amicus brief arguing that the trial judge got it right, and that a search warrant is needed before police can track a person's every movement for an extended period of time.
Thankfully, the high court agreed with us, becoming the second state supreme court—after New Jersey—to rule police need to get a warrant to track. Noting that a cell phone is an "indispensable" part of modern life and are ubiquitous as almost a "permanent attachment" to our body, the court ruled that people have a right to be free from invasive, long term tracking of their movements. While the state quibbled with whether cell tracking is as precise or accurate as GPS tracking of a car, the high court believed cell tracking implicated even greater privacy concerns than GPS tracking because unlike a device attached to a car, a cell phone is carried almost everywhere a person goes. If the location information police can obtain from a cell phone wasn't precise, there'd be no reason for the government to request it.
EFF is bringing the security and privacy of HTTPS Everywhere to an important new frontier: your Android phone. As of today, you can install HTTPS Everywhere on Firefox for Android (until now, it could only protect desktop browsers). With HTTPS Everywhere installed, Firefox for Android encrypts thousands of connections from your browser that would otherwise be insecure. This gives Firefox a huge security advantage over every other mobile browser available today.
This is exciting news, because HTTPS encryption allows smartphone users to safely download apps, browse the web, exchange emails and instant messages, sync data between devices, and countless other everyday tasks. As we carry around our phones and tablets, we often connect to unfamilar WiFi networks, putting our personal data at risk of being monitored, collected, and tampered with by anyone else on the same network, as well as Internet Service Providers, network operators, and government agencies. In fact, we discovered last week that NSA and GCHQ have been invisibly tracking and profiling users based on data leakage from smartphone apps.
HTTPS Everywhere guards agains these attacks in your browser by switching insecure HTTP connections to secure HTTPS connections whenever possible using thousands of URL rewrite rules. Whereas data sent to a server over HTTP can easily be read and modified by third parties, HTTPS uses strong encryption to guarantee data confidentiality and integrity.
To install HTTPS Everywhere for Firefox Android:
Install the latest release of Firefox on your Android phone.
Open the HTTPS Everywhere download link in Firefox for Android.
Once HTTPS Everywhere is installed, you'll see its icon on the right hand side of the address bar. You can click the icon to turn rewrite rules on/off for the current page or click-and-hold the icon to restore default settings.
By our estimates, HTTPS Everywhere encrypts hundreds of billions of page views and over a trillion individual requests per year. However, there's an important limitation: it can only encrypt requests where the website you're connecting to supports HTTPS in the first place.
Months of Electronic Espionage Put American Citizen and Family at RiskWashington, D.C. - An American citizen living in Maryland sued the Ethiopian government today for infecting his computer with secret spyware, wiretapping his private Skype calls, and monitoring his entire family's every use of the computer for a period of months. The Electronic Frontier Foundation (EFF) is representing the plaintiff in this case, who has asked the court to allow him to use the pseudonym Mr. Kidane – which he uses within the Ethiopian community – in order to protect the safety and wellbeing of his family both in the United States and in Ethiopia.
"We have clear evidence of a foreign government secretly infiltrating an American's computer in America, listening to his calls, and obtaining access to a wide swath of his private life," said EFF Staff Attorney Nate Cardozo. "The current Ethiopian government has a well-documented history of human rights violations against anyone it sees as political opponents. Here, it wiretapped a United States citizen on United States soil in an apparent attempt to obtain information about members of the Ethiopian diaspora who have been critical of their former government. U.S. laws protect Americans from this type of unauthorized electronic spying, regardless of who is responsible."
A forensic examination of Mr. Kidane's computer showed that the device had been infected when he opened a Microsoft Word document that contained hidden malware. The document had been an attachment to an email message sent by agents of the Ethiopian government and forwarded to Mr. Kidane. The spyware contained in the attachment was a program called FinSpy, a suite of surveillance software marketed exclusively to governments by the Gamma Group of Companies. In the several months FinSpy was on Mr. Kidane's computer, it recorded a vast array of activities conducted by users of the machine. Traces of the spyware inadvertently left on his computer show that information – including recordings of dozens of Skype phone calls – was surreptitiously sent to a secret control server located in Ethiopia and controlled by the Ethiopian government.
The European Commission's open consultation on copyright ends in less than a week. It's a rare and important opportunity for anyone who uses the Internet— whether you are a student or artists, librarian or entrepreneur— to influence the future of innovation policy in the region.
The 80 question "Public Consultation on the Review of the EU Copyright Rules" can be dizzying to tackle on its own, but there are several easy-to-use platforms that can help anyone with navigating the survey.
How to Submit Your Own Comments
Let's Fix EU Copyright! — Choose from a list of categories that best describe you, and this site will give you a list of questions that may be relevant to your interests.
Copywrongs.eu — Pick from a variety of activities and statements about your experience with copyright, and this site will select related questions for you to answer.
Webform: Public Consultation on the review of the EU copyright rules — Use this form if you would like to answer any of the 80 questions. As you answer the questions, you can read other organizations' answers. When you're done, you can download your comments as a text document, and a pop-up will provide you with the address to email it to the European Commission.
Submission and Guides from Other Organizations
Digital rights organizations across the EU have submitted their own comments, addressing a wide range of restrictive copyright policies that afflict Internet users across the region. You can check out these various replies below:
Copyright4Creativity, a coalition of groups, including EFF, who advocate for an EU policy of balanced copyright and exceptions, have published their response in PDF form.
The French digital rights organization, Le Quadrature du Net, have published an English language version of its submission
The Foundation for a Free Information Infrastructure have published its answers, connecting copyright to the goal of rewarding software development, and creating an open and free Internet.
Finally, Swedish MEP Amelia Andersdotter gives a guide to the questionnaire and explains why this consultation matters.
Posted by Susan Molinari, VP Public Policy The revelations about government surveillance practices—both in the U.S. and globally—over the past eight months have sparked a serious and overdue debate about the nature and scope of existing laws and programs. Today, many organizations and companies are participating in “The Day We Fight Back,” a series of events and awareness campaigns highlighting the urgent need for surveillance reform around the world.Google recognizes the very real threats that the U.S. and other countries face, but we strongly believe that government surveillance programs should operate under a legal framework that is rule-bound, narrowly tailored, transparent, and subject to oversight.In December, along with other technology companies, we unveiled a set of government surveillance reform principles that address many of the recent concerns around government surveillance. In Congress, Representative Sensenbrenner (R-Wis.) and Senator Leahy (D-Vt.) have introduced legislation—the USA Freedom Act—that would codify many of these principles. As they both noted when introducing this bill, government surveillance programs “have come at a high cost to Americans’ privacy rights, business interests and standing in the international community.”The USA Freedom Act reflects some of the key recommendations made by the President’s Review Group on Intelligence Communications and Technologies as well as the Privacy and Civil Liberties Oversight Board. We support this legislation and we urge Congress to enact it into law.But there’s more that can be done as we consider appropriate reforms to government surveillance laws. Congress should update the Electronic Communications Privacy Act (ECPA) to require governmental entities to obtain a warrant before they can compel online companies to disclose the content of users’ communications. Legislation introduced by Senators Leahy and Lee (R-Utah) in the Senate and Representatives Yoder (R-Kan.), Graves (R-Ga.), and Polis (D-Colo.) in the House would achieve that goal.
The net neutrality fight is moving in new directions, and quickly. Today FCC Chair Tom Wheeler announced that the FCC would press forward with new “Open Internet” rules, undeterred by last month’s court decision striking down most of the old ones. Last week, Comcast and Time Warner Cable announced plans to merge. The merger would create the largest Internet Service Provider (ISP) in the nation, with five times the subscribers of its closest competitor. With only one or two broadband providers available in most parts of the country, prices may soar while the quality of services plummets. A lack of competition raises serious concerns that huge ISPs will be able to favor particular sites and services.
Wheeler’s announcement today included a strong commitment to promoting the piece of the Open Internet rules that did survive judicial review: transparency. Unfortunately, even “transparency” is tougher to enforce than many might think. That’s because so much of our connectivity depends on essentially secret “peering” agreements between providers.
To understand peering, let’s back up to last week: news of the Comcast-Time Warner Cable merger broke while EFF was investigating a claim that Verizon was discriminating against traffic from Netflix and Amazon Web Services. A blogger in Texas named David Raphael reported that his home Internet speed to Netflix was dramatically slowed down. He tested his connection, and it turned out that indeed his Verizon FiOS Internet connection was operating thousands of kilobytes per second slower than normal—when connecting to certain sites, but not others.
Dave’s problems made some nervous that Verizon had already begun to slow down connections to disfavored websites. In light of last month’s court decision, many feared ISPs would act like the door was wide open for them to discriminate against traffic on their networks. As broadband markets appear to consolidate, those who care about an open, innovative Internet are rightly worried.
Verizon denied that it was discriminating against Netflix or other types of traffic, but we’ve seen ISPs dissemble on this point before.
We thought we won the Crypto Wars, the fight to make strong encryption accessible to all, in the 1990s.1 We were wrong. Last month, Reuters broke news about a deal struck between the popular computer security firm RSA and the National Security Agency. RSA reportedly accepted $10 million from NSA to make Dual_EC_DRBG—an intentionally weakened random number generator—the default in its widely used BSAFE encryption toolkit.
RSA encryption tools are an industry standard used by large tech companies and individuals alike, to protect hundreds of millions of people by encrypting our daily online interactions. We trust RSA’s encryption every time we rely on the security of our communications, including our email, financial and e-commerce transactions, medical and legal records, web searches, airplane traffic communications, text messages, and phone calls. Without trustworthy encryption, safe business transactions are impossible and speech is chilled.
The allegation of the $10 million RSA/NSA deal compounded with leaks earlier in the year about NSA’s efforts to sabotage global cryptography has lead some speakers to withdraw from the 2014 RSA Conference in San Francisco, which attracts some 25,000 attendees each year. Nine speakers have canceled their coveted slots and many have chosen to speak instead at TrustyCon, an alternative conference started this year to provide a platform for speakers who protest RSA and NSA's long-standing collaboration.
At the same time and around the corner from the RSA Conference in San Francisco, TrustyCon is a “Trustworthy Technology Conference” organized by DEF CON, EFF, and iSEC Partners. All proceeds from TrustyCon will be donated to the Electronic Frontier Foundation to support our work against illegal and unethical government surveillance all over the world.
A Shortlist of Rockstars
Those who abandoned their speaking gig at the RSA conference are a shortlist of rockstars in the world of Internet security, including privacy lawyer and EFF Special Counsel Marcia Hoffman; Chris Soghoian, a principle technologist at the ACLU's Speech, Privacy and Technology Project; and Jeff Moss, founder of DEF CON.
Academics have joined the fight against mass surveillance. Two open letters were published last month from the academic and research communities. One is signed by U.S. information security and cryptography researchers, and the other is signed by over one thousand scholars from a wide range of disciplines who work in universities all over the world.
Both letters agree: global surveillance conducted by U.S. and European governments undermines democracy, the global economy, academic freedom, and our most depended-upon technologies, paradoxically making us all less safe. The signatories of both letters urge that intelligence agencies and national security policies be subject to the kind of transparency and public scrutiny that leads to democratic accountability, underlining the fact that what’s at stake with NSA spying boils down to our—the public’s—fundamental relationship with our government.
The signatories represent many of the most respected thinkers in security research and the ethical application of technology, including Hal Abelson, one of the founders of Creative Commons and the Free Software Foundation; Bruce Schneier, a member of EFF’s advisory board; and Gabriella Coleman, author of Coding Freedom. The signatories are some of the most celebrated experts in national security in the world, and they say that it is possible to effectively protect people from terrorist threats without dumbing-down our most relied upon technologies.
It’s no surprise that the letter from U.S. security researchers condemns NSA efforts to insert vulnerabilities into our technology. “Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals,” reads the letter. “But we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life.” If it’s easier for the government to hack into a system, it’s easier for anyone to break in, breach security, and cause serious damage.
FBI agents arrested a Mexican tycoon named Jose Susumo Azano Matsura at his Coronado, Calif. home on Wednesday as part of a political bribery investigation based on captured emails, seized banking records, and covertly recorded conversations.
The unfolding scandal is soaked in irony: Azano is a surveillance evangelist whose company won a secret, no-bid contract with the Mexican military for computer and mobile phone hacking and spying technology in 2011. He is chairman of a company called Security Tracking Devices SA de CV, and he is now chained to a tracking device—on house arrest.
When documents leaked to the Mexican press two years ago revealed Azano’s role in a massive expansion of Mexico’s electronic surveillance power, the story developed into a national scandal surrounding the business owner’s almost legendary political power. What received less attention is how Azano began an effort to expand his pull in the U.S. and elsewhere through an online pro-surveillance marketing campaign. He also started dabbling in U.S. politics—and that’s what got him into trouble.
Azano, and three Americans who acted as his agents, are now facing felony charges in an alleged conspiracy to illegally pump roughly $500,000 into local election campaigns in the bordertown of San Diego.
The Azano case illustrates how officials around the world must not only exercise skepticism toward new surveillance technologies, but also toward the shady contractors hawking spy products.
The Company in Question
Security Tracking Devices, or STDi as it has more recently been branded, aspires to be a global go-to company for surveillance technology. In addition to its Mexico City headquarters, STDi’s website (hidden behind a “under construction” front page) advertises offices in Singapore, the United Kingdom, and the United Arab Emirates. Azano’s public biography further describes his company’s security systems as being in high demand in Europe, the Middle East, and Latin America.
As EFF explained in 2012, leaked Secretariat of National Defense contracts revealed that Azano’s company provided Mexico with an arsenal of invasive eavesdropping technologies, including systems “capable of extracting text and multimedia messages, contact lists, agenda registries, email monitoring, voice interception, background sounds, [and] room monitoring via microphone activation.
South Dakota has put forth new legislation to support to a simple principle: if you own something, you ought to be allowed to fix it. The new bill, SB 136, would require manufacturers of electronics and appliances that contain embedded software to make available to consumers and independent repair shops the information and parts they need to repair those devices, and fully disclose any contract provision standing in the way of full repair and reuse.
That seems like a pretty uncontroversial goal, but lots of major manufacturers that purport to "sell" you all kinds of products are doing their level best to make sure that if your product breaks, only they (or someone they authorize) can repair it. They do this in all kinds of ways—by tying your purchase (or update) to an expensive repair contract; burying sneaky clauses into license agreements (remember, you might buy a device, but if it contains software to make it more functional you probably only "rent" that software); treating repair information (like diagnostic codes) as proprietary; or refusing to sell repair parts to "unauthorized" independent shops (and then calling in the feds to prosecute shops that sell those parts anyway).
That's bad for consumers and for the environment—how often have many of us tossed a device into the trash, or recycled it, because repairing it was too expensive? If that device contains electronics, that casual decision added to the e-waste that is slowly poisoning the planet.
South Dakota isn't the first state to step in to defend its residents' right to repair. In Massachusetts, legislators and voters passed legislation requiring automakers to provide affordable access to all tools, software and information used to repair late model cars and heavy duty vehicles. That legislation will go into effect in 2015.
SB 136 in South Dakota isn't perfect—we'd love to see an additional requirement that the information be freely accessible and online, for example—but it's an important step in the right direction.
The bill will be debated in the Commerce committee today, and will move on to a larger vote later this week.
"I am not going to answer any questions as to my association, my philosophical beliefs, or how I voted in any election, or any of these private affairs. I think these are very improper questions for any American to be asked, especially under such compulsion as this."
Pete Seeger, 1955, testimony pursuant to subpoena before the House Un-American Activities Committee.
The world lost a clear, strong voice for peace, justice, and community with the death of singer and activist Pete Seeger last week. While Seeger was known as an outspoken musician not shy about airing his political opinions, it’s also important to remember he was once persecuted for those opinions, despite breaking no law. And the telling of this story should give pause to those who claim to be unconcerned about the government's metadata seizure and search programs that reveal our associations to the government today.
In 1955, Seeger was called before the House Un-American Activities Committee, where he defiantly refused to answer questions about others who he associated with and who shared his political beliefs and associations, believing Congress was violating his First Amendment rights. He was especially concerned about revealing his associations:
I will be glad to tell what songs I have ever sung, because singing is my business. . . . But I decline to say who has ever listened to them, who has written them, or other people who have sung them.
But if the same thing were to happen today, a Congressional subpoena and a public hearing wouldn’t be necessary for the government to learn all of our associations and other "private affairs." Since the NSA has been collecting and keeping them, they could just get that same information from their own storehouses of our records.
According to the Constitution, the government is supposed to meet a high standard before collecting this private information about our associations, especially the political ones that the Congressmen were demanding of Seeger. For instance, under the First Amendment, it must “serve compelling state interests, unrelated to the suppression of ideas, that cannot be achieved through means significantly less restrictive of associational freedoms.
February 11th is The Day We All Fight Back. From Uganda to Poland, from Colombia to the Philippines, the people of the Internet have united to fight back. The Day We Fight Back’s main international action is to sign and promote the 13 Principles. The 13 Principles outline how communications surveillance can be conducted consistent with human rights and serve as a model for surveillance reform. Over the past year, nearly 370 organizations have come together to support it. Today, these Principles are about to receive their most important endorsement: the people’s.
The Principles make clear:
States must recognize that mass surveillance threatens the human right to privacy, as welll as freedom of expression and association, and they must place these Principles at the heart of communications surveillance legal frameworks.
States must commit to ensuring that advances in technology do not lead to disproportionate increases in the State’s capacity to interfere with the private lives of individuals.
Transparency and rigorous adversarial oversight is needed to ensure changes in surveillance activities benefit from public debate and judicial scrutiny; this includes effective protections for whistleblowers.
Just as modern surveillance transcends borders, so must privacy protections.
The signatories of the 13 Principles Against Mass Surveillance explain why they’re taking part in the Day We Fight Back:
Annie Game, Executive Director, IFEX, International: "We can't do it alone. Mass surveillance is a global threat to free expression that calls for a global response. This day provides the opportunity for all of us to take action."
John Ralston Saul, President of PEN International, International: "For two centuries citizens, societies, civilizations have struggled to establish binding declarations of rights, bills of rights, and charters of rights. In a single decade governments around the world have now broken these rules – broken the law – through the unbridled use of new technology. Privacy plays a central role in free expression.