Eletronic Frontier Foundation

Syndicate content
EFF's Deeplinks Blog: Noteworthy news from around the internet
Updated: 20 weeks 5 days ago

EFF to Supreme Court: Clean Up the Software Patent Mess

Thu, 27/02/2014 - 23:01
‘Abstract Ideas’ Patents Hurt Technology Industry

San Francisco - The Electronic Frontier Foundation (EFF) along with Professor Pamela Samuelson of the University of California, Berkeley, urged the U.S. Supreme Court today to clean up the legal mess that is software patent law, reining in overbroad patents that are impermissibly abstract.

In front of the court is Alice Corp. v. CLS Bank, a long running case about a computer system that helps with closing financial transactions by avoiding settlement risk. In its amicus brief filed today, EFF argues that allowing a patent on this system goes against previous Supreme Court rulings that ideas like these are "abstract" and aren't legally patentable.

"It wouldn't make sense to patent simple ideas like ways of running a business or prioritizing a to-do list," said EFF Senior Staff Attorney Julie Samuels, who also holds the Mark Cuban Chair to Eliminate Stupid Patents. "That's basically what's under consideration here, with the small addition of a step that essentially implements it on a computer. Of course, since basically everything we do today is on the computer, letting patents like this exist shuts down entire business models."

The data on the U.S. technology industry bear this out. Since software patents have boomed, we've seen no corresponding boom in software growth and innovation; to the contrary, that growth maintained the steady pace that existed long before the advent of software patents. Instead, along with software patents, we've seen the rise of patent trolls – companies that don't make or sell anything, but shake down true creators through the loopholes in the law.

"In this case, the Supreme Court has the opportunity to implement a sensible system, limiting these broad and vague claims that do nothing besides fuel lawsuits," said Samuels. "A clear ruling here would limit one of the patent troll's favorite weapons—broad and vague software patents—and keep our innovation economy safe."

For the full amicus brief:
https://www.eff.org/document/amicus-brief-supreme-court-alice-v-cls-bank

For more on abstract software patents:
https://www.eff.org/cases/abstract-patent-litigation

Contact:

Julie Samuels
   Staff Attorney and The Mark Cuban Chair to Eliminate Stupid Patents
   Electronic Frontier Foundation
   julie@eff.org


Share this:   ||  Join EFF
Categories: English

Senators Take Aim at Patent Troll Demand Letter Abuses

Thu, 27/02/2014 - 21:08

We've made considerable progress in our fight against patent trolls. The House, you may remember, resoundingly passed the Innovation Act last year. The President has since said he would sign it, and make a strong statement in support of reform in this year's State of the Union address. Now, we await on the Senate to act (speaking of which, have you signed our letter urging such action?).

Even with this progress, however, we've long worried about the demand letter problem. Last year, when we launched our demand letter database Trolling Effects, we wrote:

The letters demanding these payments are often evasive, failing to include details about the patents, who owns those patents, and the products or services that allegedly infringe. They fail to give recipients the information to make rational decisions, such as whether they should pay the troll, ignore the letter, or go to court to fight it. Just hiring a lawyer to ascertain that seemingly simple information can easily cost well into the tens of thousands of dollars.

The letters raise even more fundamental concerns, too. Because they happen before a legal complaint is ever filed, they are not part of the public record. And once a settlement or license is signed, it will likely include a non-disclosure provision, prohibiting the letter's recipient from talking publicly about its contents. This means that the scope of the problem is often underreported, making it harder for policymakers to understand the true scale of the patent troll problem.

Today, we are one step closer to having a real solution to this problem. Senators McCaskill (D-Mo.) and Rockefeller (D-W.V.) introduced the Transparency in Assertion of Patents Act, an important piece of legislation that would really protect consumers and small businesses by curbing the patent demand letter problem.

The bill would:

  • Require that demand letters contain certain basic information, such as a description of the patent at issue, a description of the product or service that allegedly infringes it, the names and contact information for the patent's owners, and disclosures of ongoing reexaminations or litigations involving that patent.
  • Define as an illegal unfair or deceptive practice certain egregious behaviors, such as sending letters threatening litigation without a real intent to file litigation or sending letters that lack a reasonable basis in the law.
  • Explicitly give state attorneys general the power to to target similar bad behavior in their own states.
  • Allow the Federal Trade Commision to enforce these rules by levying penalties of $16,000 per each violation.

Making this bill law would go a long way toward stoppnig some of the worst demand-letter abuses. We applaud Sens. McCaskill and Rockerfeller and look forward to supporting this piece of legislation as it works its way through the Senate.

Related Issues: PatentsPatent Trolls
Share this:   ||  Join EFF
Categories: English

Lawrence Lessig Settles Fair Use Lawsuit Over Phoenix Music Snippets

Thu, 27/02/2014 - 21:00
Liberation Music Will Fix Its Copyright Policies and Pay Compensation

San Francisco - Prof. Lawrence Lessig has settled his lawsuit against an Australian record label over the use of clips of a popular song by the band Phoenix in a lecture that was later posted online. Liberation Music, which represents Phoenix in New Zealand, claimed the clips infringed copyright, demanded YouTube take down the lecture, and then threatened to sue Lessig. Represented by the Electronic Frontier Foundation (EFF) and Jones Day, Lessig fought back, asserting his fair use rights in court.

"Too often, copyright is used as an excuse to silence legitimate speech," said Lessig, who serves as the Roy L. Furman Professor of Law and Leadership at Harvard Law School and director of the Edmond J. Safra Center for Ethics at Harvard University. "I've been fighting against that kind of abuse for many years, and I knew I had to stand up for fair use here as well. Hopefully this lawsuit and this settlement will send a message to copyright owners to adopt fair takedown practices—or face the consequences."

The settlement requires Liberation Music to pay Lessig for the harm it caused. The amount is confidential under the terms of the settlement, but it will be dedicated to supporting EFF's work on open access, a cause of special importance to Lessig's friend, Aaron Swartz, a technologist and activist who took his own life in early 2013. The parties also worked together to improve Liberation Music's methodology for compliance with the requirements of the DMCA in the United States. Going forward, Liberation Music will adopt new policies that respect fair use.

Neither party concedes the claims or defenses of the other. Liberation Music included this statement in the settlement agreement:

"Liberation Music is pleased to amicably resolve its dispute with Professor Lessig. Liberation Music agrees that Professor Lessig's use of the Phoenix song 'Lisztomania' was both fair use under US law and fair dealing under Australian law. Liberation Music will amend its copyright and YouTube policy to ensure that mistakes like this will not happen again. Liberation Music is committed to a new copyright policy that protects its valid copyright interests and respects fair use and dealing."

A co-founder of the nonprofit Creative Commons and author of numerous books on law and technology, Lessig has played a pivotal role in shaping the debate about copyright in the digital age. In June 2010, Lessig delivered a lecture titled "Open" at a Creative Commons conference in South Korea that included several short clips of amateur dance videos set to the song "Lisztomania" by the French band Phoenix. The lecture, which was later uploaded to YouTube, used the clips to highlight emerging styles of cultural communication on the Internet.

As a condition of the settlement, Liberation Music submitted a declaration explaining its takedown procedures. Liberation Music had allowed a single employee to use YouTube's automatic Content ID system to initiate the takedown process and then, when Lessig challenged the takedown, threaten a lawsuit. The employee, who did not have a legal background, did not actually review Lessig's video before issuing a threat of a lawsuit.

Liberation Music's new policy will still rely on YouTube's system, but it will ensure that no takedown notice is issued without human review, including fair use considerations. Liberation Music will also limit its copyright enforcement to jurisdictions where it actually owns or administers the copyright.

"This is the policy Liberation Music should have had from the beginning," EFF Intellectual Property Director Corynne McSherry said. "Too many content owners are issuing takedowns and manipulating content filters without respect for the rights of users. This fight may be over, but the battle continues until every content owner embraces best practices that protect fair use."

For more on this case:
https://www.eff.org/cases/lawrence-lessig-v-liberation-music

About Prof. Lessig:

Lawrence Lessig is the Roy L. Furman Professor of Law and Leadership at Harvard Law School, director of the Edmond J. Safra Center for Ethics at Harvard University and founder of Rootstrikers, a network of activists leading the fight against government corruption. He has authored numerous books, including The USA is Lesterland, Republic, Lost: How Money Corrupts Our Congress—and a Plan to Stop It, Code and Other Laws of Cyberspace, Free Culture, and Remix.

Contact:

Corynne McSherry
   Intellectual Property Director
   Electronic Frontier Foundation
   corynne@eff.org


Share this:   ||  Join EFF
Categories: English

Congress Must Update Email Privacy Law

Thu, 27/02/2014 - 19:58

It's time for Congress to follow the Sixth Circuit's lead and update one of the main online privacy laws—the Electronic Privacy Communications Act (ECPA). In the past, the Department of Justice has used the archaic law to obtain private online communications without obtaining a probable cause warrant as the Fourth Amendment requires. A bill co-sponsored by Reps. Kevin Yoder, Tom Graves, and Jared Polis—HR 1852, The Email Privacy Act—seeks to update ECPA by requiring a probable cause warrant whenever the government wants to access your online private messages.

The bill is slowly making its way through Congress, but we can speed it up. Tell your representative right now to cosponsor the bill. The bill ensures the government can't try to (ab)use ECPA in order to obtain our private online messages.

ECPA must be updated because the government has used the law to obtain private online messages—like personal email accounts or our social media messages—older than 180 days without a probable cause warrant. The government would have to obtain a warrant if those same messages were printed out on your desk. This difference shouldn't exist. By cosponsoring The Email Privacy Act, the government can no longer neglect the fact that Fourth Amendment protections do not whither with age.

Along with EFF, fifteen other privacy advocates and companies—like the Center for Democracy and Technology and DuckDuckGo—are spurring momentum to pass HR 1852. The bill would finally accomplish one of four goals of the Digital Due Process Coalition, a collection of tech companies, start-ups, privacy advocates, and think tanks working to update ECPA to ensure that laws continue to protect the rights of users as technologies advance and usage patterns evolve.

Updating ECPA is a common-sense move. Our freedom and constitutional protections do not expire with time. Tell your Rep. now to cosponsor HR 1852 and join us in demanding for long-overdue updates to our archaic electronic privacy laws.


Share this:   ||  Join EFF
Categories: English

Show Your Support: Tell the Senate to Pass Patent Reform

Thu, 27/02/2014 - 17:45

The only thing standing in the way of patent reform is the United States Senate.

The House passed the Innovation Act in December with a bipartisan 325-91 vote. President Obama has said he'll sign the bill and asked Congress during his State of the Union to "pass a patent reform bill that allows our businesses to stay focused on innovation, not costly and needless litigation."

It's now up to the Senate to help put an end to costly, destructive patent troll litigation and threats. And they need to hear from you: you the inventor, you the entrepreneur, you the investor, and especially you the concerned individual.

Sign this letter urging the Senate to pass meaningful, comprehensive patent reform.

The most prominent bill in the Senate right now is Sen. Leahy's Patent Transparency and Improvements Act. The bill is a great first step, but it is by no means as comprehensive as the Innovation Act. (And both bills could be even stronger.) We're hoping the Senate factors in proposals to address patent quality (like in S. 866, Sen. Schumer's Patent Quality Improvement Act) as well as includes heightened pleading and fee-shifting language (like in S. 1013, Sen. Cornyn's Patent Abuse Reduction Act). All of these pieces together go a long way toward a patent reform bill that will help fix many of the system's problems.

As we continue to hear about case after case and demand letter after demand letter, it is obvious that innovative businesses and individuals are getting hit everyday—and just how necessary meaningful patent reform really is.

Let your voice be heard. Show the Senate your support for reform today. And stay tuned for more actions to come.

Related Issues: PatentsLegislative Solutions for Patent ReformPatent Trolls
Share this:   ||  Join EFF
Categories: English

Maryland Court Dismisses Landmark Case That Sought to Hold Cisco Responsible for Violating Human Rights

Thu, 27/02/2014 - 09:28

The Federal District Court in Maryland this week dismissed Du Daobin v. Cisco Systems, a case brought by Chinese dissidents alleging that Cisco knowingly customized, marketed, sold, and provided continued support and service for technologies as part of China's Golden Shield, a digital censorship and surveillance system used by the Chinese government to facilitate human rights abuses. EFF filed an amicus brief urging the court to let the case go forward and we also launched an activism campaign calling on Cisco to stand up for writer Du Daobin and human rights in China. We’re deeply disappointed by the court’s decision to dismiss the case.

While a tech company could not (and should not) be held accountable when governments misuse general use products for nefarious purposes, early evidence indicates that Cisco did much more. This included actively customizing, marketing and providing support for its monitoring and censorship technologies even as it knew that they would be used to identify, locate, and surveil Chinese democracy and religious freedom activists. The complaint also alleged that Cisco knew (as the State Department reports confirm) of China’s practice of unlawful detention, torture, and even killing of these activists. In EFF’s amicus brief, we argued that this initial evidence should be sufficient to allow the case to move forward.

The court decision was based mainly on issues not addressed by EFF in our amicus brief. Many of the issues we are most concerned with—namely, whether and how tech companies can be held to account for facilitating human rights violations—remain unresolved.

Are Corporations Really “People” Under the Law?

There have been a number of Supreme Court rulings that found corporations have similar Constitutional rights and protections as people. In particular, Citizens United v. Federal Election Commission, decided in 2010, reaffirmed the First Amendment protections for corporations, associations, and labor unions.

But even as corporations are treated as "people" under the law in many ways, companies are often not being held to account for their actions the way a person would be. We saw a striking example of this when the Supreme Court let Chevron off the hook for its role in killing peaceful protesters in Nigeria under the Torture Victim Protection Act.

Largely Sidestepping the Issues of Corporate Accountability

In the Du v. Cisco case, the Federal District Court in Maryland largely side-stepped the specific issue of when corporations can be held to account for building special technologies that are customized for repressive governments for the explicit purpose of tracking activists who then face human rights abuses like torture. The court's rulings on other legal arguments, however, are troubling for those would like to see basic accountability for those building the tools of repression. 

The court first ruled that that the question of Cisco's involvement in human rights abuses in China was a "political question" that should not be addressed by the courts and pointed to the fact that the export laws and regulations allowed Cisco to export these technologies as somehow precluding a court from providing a remedy to those who are harmed by them. This is incorrect—nothing about the claims raised by the plaintiffs challenged the export decisions made by the executive branch or the export laws passed by the legislature.

Next, the court ruled that the "act of state" doctrine forbid it from ruling on whether China had abused the human rights of the plaintiffs. This doctrine states that, in general, one country should not sit judgment on another government’s official acts within its own territory. But "act of state" doctrine only applies to public, official policies of another country. Since the Chinese government has repeatedly denied that human rights abuses like the detention and torture that the plaintiffs suffered here are its official policies, the court was wrong to dismiss this case under "act of state" doctrine.

Overall, the court’s decision fails to take into account that the U.S. government on all levels, and especially the State Department, has openly and repeatedly criticized China for the very abuses at issue in this case.  Moreover, neither the U.S. nor the Chinese government objected to the case going forward, something that usually happens when a case has actual political or foreign policy implications. For example, the most recent State Department report on human rights in China discusses the abuse and detainment of political prisoners like the plaintiffs:

Numerous former prisoners and detainees reported that they were beaten, subjected to electric shock, forced to sit on stools for hours on end, deprived of sleep, and otherwise subjected to physical and psychological abuse. Although ordinary prisoners were subjects of abuse, political and religious dissidents were singled out for particularly harsh treatment.

With regard to Internet surveillance and censorship, the same report stated that,

The CCP continued to increase efforts to monitor Internet use, control content, restrict information, block access to foreign and domestic Web sites, encourage self-censorship, and punish those who ran afoul of political sensitivities.

The report also noted that “Official monitoring focused on such tools as social networking, microblogging, and video-sharing sites.”

Cisco’s Assistance to China

The court also determined that the plaintiffs had not sufficiently alleged that Cisco created the Golden Shield technologies with the purpose of facilitating the abuses and gave "practical assistance" to the officials in those abuses. The court said, "the technology Cisco has allegedly customized and sold to China to assist them with these purported human rights violations is inherently neutral technology that can clearly be used in a variety of non-offensive ways."

On this point, EFF strongly disagrees and it seems that the court is willfully ignoring the allegations of the complaint. The complaint alleges both Cisco’s role in creating technology and providing assistance in ways sufficient to support the case proceeding to the discovery phase, where the extent of Cisco's knowledge and assistance could have been determined. For example, in one of the documents submitted as evidence, a marketing presentation created by Cisco to describe the benefits of its technology to the Chinese government noted that one of the goals was to "Combat Falun Gong evil religion and other hostilities." It is difficult to imagine a more direct acknowledgement and promotion of the use of a product for repression.

The Role of Tech in Upholding Human Rights

Technologies are being created and customized with the explicit purpose of helping repressive regimes track down, detain, torture and murder people. It’s time for Western companies and American officials to stop pretending this isn’t true.

Earlier this month, John Kerry met with a group of Chinese bloggers who urged him to speak out against Internet monitoring and censorship in China. According to the New York Times, Mr. Kerry, "said he had not heard the charges that American companies had helped the Chinese authorities maintain control over Internet access, but promised to look into the matter."

The protestations of ignorance from American officials and corporations like Cisco ring false to us. But we're happy to provide information to the Secretary of State should he need it.

It’s time for companies and the government to acknowledge how technology is being customized for the abuse of human rights. Let’s stop ignoring the problems and work on policies to prevent and reverse this dangerous trend.  

To that end, EFF has developed "Know Your Customer" standards that can help companies avoid participating in human rights abuses. 

We don’t need to wait for the courts to get this right; forward-thinking companies can adopt these standards right away, and users of technology everywhere can call on companies with which they do business to adhere to these standards of respecting human rights. 

Related Issues: Mass Surveillance TechnologiesState Surveillance & Human Rights
Share this:   ||  Join EFF
Categories: English

Bad Facts, Really Bad Law: Court Orders Google to Censor Controversial Video Based on Spurious Copyright Claim

Thu, 27/02/2014 - 00:12

It's an old legal adage that bad facts lead to bad legal decisions, and today we've got a classic example in Garcia v. Googlethe "Innocence of Muslims" case. Based on a copyright claim that is dubious at best, the Ninth Circuit Court of Appeals has ordered Google to take offline a video that is the center of public controversy. We can still talk about it, but we can't see what we are talking about. We're hard-pressed to think of a better example of copyright maximalism trumping free speech.

For those who haven't been following this, the case was brought by an actress, Cindy Lee Garcia, who was tricked into performing in a short anti-Islamic film (she was told the film was about something very different) and, as a result, found herself subject to death threats. Bad facts, right? Here's the bad law part: Garcia then filed a lawsuit against Google and several others, claiming the video infringed her copyright in her performance (approximately 5 seconds of a 13 minute video). Then she asked the court to require Google to take the video down. The district court wisely refused, noting that Garcia's copyright interest was unclear at best. Garcia appealed, and today the Ninth Circuit agreed with her, and ordered Google to take down all copies of the video and take reasonable steps to prevent further uploads. 

How is this decision wrong? First, the ruling blows past the First Amendment concerns with the time-worn observation that "the First Amendment does not protect copyright infringement." Of course it doesn't, but neither are copyright cases immune from the same balancing test that applies to any injunction. And the standards for this kind of injunction—a classic prior restraint—are particularly high. Indeed, as the Supreme Court has observed repeatedly, injunctions that shut down speech are particularly disfavored. Court after court has held that they should not be issued where, as here, the case is "doubtful" but only where the law and the facts clearly favor an injunction.  

Second, the merits of this case are indeed doubtful. Very doubtful. Garcia is claiming a copyright interest in her brief performance, a novel theory and one that doesn't work well here. After all, Garcia herself admits she had no creative control over the movie, but simply performed the lines given to her. There may be a context where an actor could assert some species of authorship, but this doesn't seem to be one of them. Movie makers of all kinds should be worried indeed.

There are other problems with the legal analysis, but the decision is equally if not more troubling for the signal it sends. Based on nothing more than a tenuous (at best) copyright claim, the court has ordered a service provider to censor a video that has been the subject of considerable debate and comment, with only the most cursory analysis of the speech harms it will cause. If Garcia had brought a claim under virtually any other theory, we expect the court would have taken more care. Unfortunately, it seems copyright exceptionalism has won the day. 

Files:  garcia_opinion_.pdf
Share this:   ||  Join EFF
Categories: English

Fair Use Triumphs in the Munger Games

Wed, 26/02/2014 - 18:04

In a win for online fair use and the free speech it makes possible, a federal district court judge has ruled that using a campaign headshot as part of a critical, noncommercial blog post does not infringe copyright.

The case started back in April, when California Republican Party Vice Chairman Harmeet K. Dhillon sued an anonymous blogger over the use of a five year old headshot on "The Munger Games" website—a site dedicated to criticism of Charles Munger Jr., donor and current chairman of the Santa Clara County Republican Party, and his perceived political allies. The headshot was part of a post criticizing Dhillon and was originally used as part of her failed campaign for the California Assembly in 2008. Given that the use in question was obviously a lawful fair use, it appeared that the suit was motivated more by a desire to use the judicial process to unmask her critics than by any legitimate copyright concern. 

The defendants asked the court to dismiss the case as a matter of law early, before the parties were forced to waste further time and money defending the case. EFF submitted an amicus brief in support, explaining that it is particularly important to call a halt to such cases quickly, lest they be used as a club to punish free speech. While some fair uses cases can be muddy, the right outcome for this one was crystal clear.

Happily, the court agreed, though it did not use quite the procedure we urged. Running through the traditional fair use factors (purpose, nature of the work, amount used, and likelihood of market harm), the court noted that while the headshot was originally created for use in a campaign, the bloggers had used it as part of their criticism of Dhillon's political views—a "paradigmatic" fair use purpose. The court rejected out of hand as a "speculative assertion" Dhillon's contention that the bloggers might have had some commercial purpose. While the work was minimally creative and the bloggers used the entire work, they had to do so to accomplish their purpose. Finally, the court concluded that the Munger Games use of the shot had no impact on any licensing market for the work. The court properly rejected Dhillon's complaint that she had stopped using the photo herself due to the negative publicity:

The plaintiff’s argument that the defendant’s use of the headshot photo in connection with the article commenting on and criticizing her political views has altered the meaning or message of the original work is, in effect, a concession that the defendant’s use was transformative under the first factor of the fair use analysis. The plaintiff’s argument does not, however, establish that the defendant’s use had any impact upon the economic market for the headshot photo . . . .  

The plaintiff in this case should have known better than to waste the court’s time on such an outrageous claim. We're glad to see that Judge Illston took the wise step of dismissing the case now. But it's disappointing that she did not also choose to punish Dhillon for her misuse of the judicial process by requiring Dhillon to pay attorneys fees. Indeed, the case underscores the need for a strong federal anti-SLAPP law. It is likely no accident that Dhillon countered the criticism of her political views with a (federal) copyright infringement suit. Had she brought a similar state-law claim and lost, California's anti-SLAPP statute would likely have left her on the hook for attorney's fees. As long as federal causes of action are exempt from anti-SLAPP protections, plaintiffs will continue to be drawn to such strategies to carry out their transparently improper goals.

In the meantime, as the 2014 campaign season ramps up, let's hope our politicians take note: the best response to critical speech is still more speech, not bogus copyright claims. 

Related Issues: Fair Use and Intellectual Property: Defending the BalanceNo Downtime for Free SpeechRelated Cases: Dhillon v. Doe
Share this:   ||  Join EFF
Categories: English

Security Experts Call on Tech Companies to Defend Against Surveillance

Wed, 26/02/2014 - 17:32

Open Letter to Tech Companies Includes 10 Principles to Protect Users From NSA Sabotage

In the past nine months, our trust in technology companies has been badly shaken. Today, in collaboration with prominent security researchers and technologists, EFF presents an open letter to technology companies, urging them to protect users from NSA backdoors and earn back the trust that has been lost.

From the Snowden revelations emerge stories of collusion between government spy agencies and the companies whose services are integral to our everyday lives. There have been disturbing allegations published by Reuters indicating that RSA, an influential information security firm, accepted a $10 million contract from NSA that included, among other items, an agreement to use what we now know to be an intentionally compromised random number generator as the default for its BSAFE cryptographic library.

A future where we cannot trust the very technologies meant to secure our communications is fundamentally unsustainable. It's time for technology companies to start helping users regain trust, with transparency and active opposition to illegal surveillance. Implementing the requisite changes in technical infrastructure and business practices may have short-term costs; however, the long-term cost of keeping users in perpetual fear of NSA sabotage is far greater.

How to Protect Your Users from NSA Backdoors: An Open Letter to Technology Companies

As security researchers, technologists, and digital rights advocates, we are deeply concerned about collaboration between government agencies and technology companies in undermining users' security. Among other examples, we are alarmed by recent allegations that RSA, Inc. accepted $10 million from NSA to keep a compromised algorithm in the default setting of a security product long after its faults were revealed. We believe that covert collusion with spy agencies poses a grave threat to users and must be mitigated with commitment to the following best practices to protect users from illegal surveillance:

  1. Provide public access to source code whenever possible, and adopt a reproducible build process so that others can verify the integrity of pre-compiled binaries. Both open and closed source software should be distributed with verifiable signatures from a trusted party and a path for users to verify that their copy of the software is functionally identical to every other copy (a property known as "binary transparency").
  2. Explain choices of cryptographic algorithms and parameters. Make best efforts to fix or discontinue the use of cryptographic libraries, algorithms, or primitives with known vulnerabilities and disclose to customers immediately when a vulnerability is discovered.
  3. Hold an open and productive dialogue with the security and privacy communities. This includes facilitating review and responding to productive criticism from researchers.
  4. Provide a clear and secure pathway for security researchers to report vulnerabilities. Fix security bugs promptly.
  5. Publish government request reports regularly (often these are called "Transparency Reports"). Include the most granular reporting allowed by law.
  6. Invest in secure UX engineering to make it as easy as possible for users to use the system securely and as hard as possible for users to use the system unsafely.
  7. Publicly oppose mass surveillance and all efforts to mandate the insertion of backdoors or intentional weaknesses into security tools.
  8. Fight in court any attempt by the government or any third party to compromise users’ security.
  9. Adopt a principle of discarding user data after it is no longer necessary for the operation of the business.
  10. Always protect data-in-transit with strong encryption in order to prevent dragnet surveillance. Follow best practices for setting up SSL/TLS on servers whenever applicable.

Sincerely,
The Electronic Frontier Foundation in collaboration with*:

  • Stephen Checkoway, Assistant Research Professor, Department of Computer Science, Johns Hopkins University
  • Roger Dingledine, Project Leader, Tor Project
  • Brendan Eich, Founder, Mozilla
  • Matthew Green, Assistant Research Professor, Department of Computer Science, Johns Hopkins University
  • Nadia Heninger, Assistant Professor, Department of Computer and Information Science, University of Pennsylvania
  • Tanja Lange, Professor, Department of Mathematics and Computer Science, Technische Universiteit Eindhoven
  • Nick Mathewson, Chief Architect, Tor Project
  • Ruben Niederhagen, Department of Mathematics and Computer Science, Technische Universiteit Eindhoven
  • Eleanor Saitta, OpenITP / IMMI
  • Bruce Schneier, Security Technologist
  • Christopher Soghoian, Principal Technologist, Speech, Privacy and Technology Project, American Civil Liberties Union
  • Ashkan Soltani, Independent Researcher and Consultant
  • Jon A. Solworth, Associate Professor, Department of Computer Science, University of Illinois at Chicago
  • Brian Warner, Tahoe-LAFS Project
  • Zooko Wilcox-O'Hearn, Founder and CEO, LeastAuthority.com

*Affiliations listed for identification purposes only.


Share this:   ||  Join EFF
Categories: English

Three Months Later, Alaa Abd El Fattah Remains Imprisoned

Tue, 25/02/2014 - 20:43

Nearly three months since his arrest, the Egyptian blogger, software developer and activist Alaa Abd El Fattah remains imprisoned. Charged in December with organizing a demonstration to protest the failure of the draft constitution in legislating against military court martialing of civilians, Abd El Fattah is awaiting trial in prison.

In mid-January, a group of bloggers from across the Arab region came together in Amman for the fourth iteration of the Arabloggers conference, a community which Abd El Fattah had been a part of since its beginnings in 2008. It was at this gathering that we released a statement—along with more than 40 other organizations from around the world—calling for the release of Alaa Abd El Fattah and all those unjustly detained in Egypt.

It was also at this meeting that our friends at 7iber—a Jordanian media organization that also fights for digital rights—created the following video in solidarity with Alaa:

Privacy info. This embed will serve content from youtube-nocookie.com
var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22//www.youtube-nocookie.com/embed/iLbfcJgcnyc?autoplay=1%22 allowfullscreen=%22%22 frameborder=%220%22 height=%22369%22 width=%22650%22%3E%3C/iframe%3E'; Related Issues: Free SpeechBloggers Under FireInternational
Share this:   ||  Join EFF
Categories: English

New Decision Shows How Businesses Can Challenge Warrantless Records Collection, Even if You Can't

Fri, 03/01/2014 - 20:22

Much of the debate over modern surveillance—including the NSA mass spying controversy—has centered around whether people can reasonably expect that records about their telephone and Internet activity can remain private when those records belong to someone else: the service providers. Courts have disagreed on whether the 1979 Supreme Court case Smith v. Maryland, which ruled people have no expectation of privacy in the phone numbers they dial, should be extended to cover newer, more invasive forms of technology. But a decision released on December 24th by the Ninth Circuit Court of Appeals looks at the issue from the point of view of businesses, providing a glimpse into how service providers and technology companies could challenge the government's unconstitutional surveillance.

In Patel v. City of Los Angeles, the Ninth Circuit found a city ordinance that required hotels and motels to turn over guest records without any judicial process violated the Fourth Amendment. The ordinance mandated hotels and motels keep a record for 90 days containing things like a guest's name and address, the make, model and license plate number of the guest's car, and the room number assigned and rate charged. The ordinance allowed police to inspect guest records without a search warrant or the hotel's consent at any time. The city believed that collecting the records would deter drug dealing and prostitution, as people would be less inclined to rent a room if police could get access to guest information at any time. Failure to turn the records over was a misdemeanor crime.

The court found that the hotels and motels had an expectation of privacy in their business records, even if those records didn't contain anything of great personal value to the hotel. This was true even if the users themselves didn't have an expectation of privacy in the records. Because the ordinance didn't have a mechanism to allow the hotels and motels to obtain judicial review of whether the demand was reasonable before applying criminal penalties for non-compliance, the Ninth Circuit ruled the ordinance violated the Fourth Amendment. This procedural requirement—obtaining judicial review—is important, so that companies aren't at the mercy of the "unbridled discretion" of officers in the field, who would be free to arbitrarily choose when, whom, and how frequently to inspect a particular business.  

This decision provides ammunition for companies to challenge receipt of other forms of surveillance requests, including National Security Letters which are issued without any oversight or judicial review and require the recipient to remain silent about the fact it even received a request.

More broadly, Patel shows yet again that the Fourth Amendment doesn't die once you turn information over to a business. If courts are going to reject user challenges to government demands for their data, then it's up to the companies to step up to safeguard not only the data entrusted to them by their users, but the data that presumably belong to the companies themselves. As major tech companies have called for NSA reform and have taken steps to implement technological protections to safeguard their users' data, this decision shows that they can also make legal challenges in court. While Yahoo! unsuccessfully challenged an order requiring it turn over data to the NSA under the PRISM program, the phone companies themselves have made no legal challenges to the NSA's bulk collection of phone records, which at least one judge has found to be unconstitutional. This must change so that the public can take advantage of the conveniences of new technologies without having to sacrifice privacy.

Related Issues: PrivacyCell TrackingLocational PrivacyNational Security LettersRelated Cases: Jewel v. NSAFirst Unitarian Church of Los Angeles v. NSA
Share this:   ||  Join EFF
Categories: English

2013 in Review: States Stepping Up Digital Privacy Protection

Fri, 03/01/2014 - 03:05

As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.

As the outcry against NSA spying and electronic surveillance has grown, the need to protect privacy through legislation has never been higher. With law enforcement itching to use aggressive new surveillance techniques from drones to facial recognition to fight crime, privacy is often discarded by the wayside as collateral damage. Ideally it would be Congress that would take the lead in passing privacy legislation, creating uniform standards that protect privacy across the country. And while there were a number of Congressional proposals, none went anywhere in 2013. So while Congress continues to drag its feet, state courts and legislatures have stepped up to protect their citizens' electronic privacy.

This summer, the Massachusetts Supreme Judicial Court ruled, in a case that we filed an amicus brief in, that passengers in a car have an expectation of privacy to be free from persistent GPS location monitoring. Montana and Maine passed legislation that required police to obtain a search warrant before tracking any electronic device. And Texas passed a bill that requires state law enforcement obtain a search warrant before accessing electronic communications like emails from a service provider.

As states placed an emphasis on protecting privacy, we stepped up our efforts to get involved at the state level. We filed numerous amicus briefs in state courts across the country on a whole host of privacy issues. We argued to the Supreme Courts of Rhode Island and Washington that your text messages stored on someone else's cell phone were protected by the Fourth Amendment. We urged courts in Connecticut and Massachusetts to follow New Jersey's lead, and require police obtain a search warrant before getting cell phone tower information. We explained to the Texas high court that unlike a pair of pants, police can't search an arrestee's cell phone without a warrant. And again before the Massachusetts high court, we explained why the Fifth Amendment prohibited a suspect from being forced to decrypt a computer. We got involved in state legislation too, sponsoring an email privacy bill in California that passed the legislature, but was vetoed by Governor Jerry Brown. We also opposed a Massachusetts bill that aimed to expand the state's wiretapping statute.

Early indication suggests 2014 will see more states getting involved to pass privacy legislation. Wisconsin is considering a location privacy bill that would prohibit police tracking a cell phone without a search warrant. Lawmakers in Montana are planning to introduce an initiative to amend the state constitution to protect digital privacy. And we'll be there too, working to convince state courts and legislatures to make privacy conscious decisions, in addition to our federal work. Hopefully 2014 will be the year Congress catches up to the states. 

This article is part of our 2013 Year in Review series; read other articles about the fight for digital rights in 2013.

Related Issues: PrivacyCell TrackingLocational PrivacyRelated Cases: Washington state text message privacy casesCommonwealth v. RousseauCommonwealth v. Augustine
Share this:   ||  Join EFF
Categories: English

2013 in Review: Positive Developments in the Fight to Open Access to Research

Fri, 03/01/2014 - 00:25

As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.

2013 has been a hot year for the movement to democratize publicly funded research. Legislation was introduced in Congress, and the White House issued a directive in support of making the results of billions of dollars of taxpayer-funded research freely available online. Some universities have started their own open access initiatives, and three states have proposed good legislation—one of which, in Illinois, became law.

The traditional publishing industry is fighting back. They have offered their own "fixes" to the problem of closed access—most notably CHORUS, a journal article database controlled by the publishers themselves. Meanwhile, subscription prices continue to rise, forcing university libraries to pick and choose between journal subscriptions, and creating or reinforcing unnecessary barriers to cutting-edge research—much of which is publicly funded.

Two bills—one good, one bad—relating to open access were introduced in Congress this year. The good bill, the Fair Access to Science and Technology Research Act (FASTR), is step in the right direction. If passed, a great majority of federally funded research would be widely available no more than six months after it was originally published. We urge everyone to sign and share the petition in support of FASTR today.

The other bill that addresses open access this year, the FIRST Act of 2013, is bad news. The bill supposedly promotes open access, but the proponents’ idea of “open access” is absurd. The legislation proposes that research funded by taxpayers can live behind a paywall for up to three years. The public shouldn’t have to wait three years to access the results of the science we make possible.

Meanwhile, the White House has come out in favor of more robust public access policy, requiring federal agencies to create plans to ensure the public can read and analyze their work, without charge. We look forward to reading and commenting on what agencies submitted in response to this directive in 2014.

But the action isn’t all inside the Beltway. California, Illinois, and New York have all introduced promising state-level open access bills in 2013. Several universities are instituting their own open access initiatives. For example, the University of California system adopted a policy that will make academic research freely available in an open digital repository. And the University of Iowa has created a fund to help cover the costs of open access publishing.

To close the year, be sure to add your name to our growing list of supporters petitioning Congress to pass FASTR. And stay tuned as we continue to fight for the right to read, analyze, and build on top of the academic research that we–the public–bankroll with our tax dollars.

This article is part of our 2013 Year in Review series; read other articles about the fight for digital rights in 2013. Related Issues: Open Access
Share this:   ||  Join EFF
Categories: English

2013 in Review: CDA 230 and Recurring Threats to Strong Online Speech Protections

Wed, 01/01/2014 - 07:44

As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.

Our favorite online free speech law, Section 230 of the Communications Decency Act (CDA 230), is under attack. The law ensures that online intermediaries are not liable for their users' actions, meaning that online speech platforms remain robust and widely available. While this law's importance is obvious—it allows for the very existence of everything from review sites to Wikipedia—a small but vocal number of law enforcement officials and policymakers, in the name of combating illegal and undesirable behavior, continue to push for sweeping legislative changes to state and federal law that would threaten to upend this bedrock protection.

This year was especially challenging on the legislative front. At the federal level, 47 state attorneys general asked Congress to amend CDA 230 by adding a carve-out for state criminal laws. Currently, there's an exemption for federal laws; a site must take action, for example, if a user posts child pornography or violates federal intellectual property laws. But in an attempt to crack down on legitimate concerns like child sex trafficking, the state AGs went too far with their proposal. They claim that in order to fix this problem, all state criminal law must be exempted as well, a proposal that would necessarily subject service providers across the country to a cumbersome and contradictory patchwork of 50 states' criminal laws—many of which are awful or absurd. Such a "fix"—that would effectively shift regulatory control of the Internet to 50 state governments—would unduly burden online services and threaten the very free speech CDA 230 was supposed to protect.

Specific state-level proposals, many that simply ignore CDA 230 altogether, have been similarly misguided. For example, after EFF last year successfully challenged a Washington State statute aimed at combating online child prostitution by improperly targeting speech platforms themselves (in conflict with CDA 230), New Jersey this year passed a virtually identical law... one that was itself successfully blocked by EFF. Similar proposals, however, continue to be entertained in legislatures around the country.

2013 also saw a number of serious efforts in the courts to chip away at the scope of CDA 230's protections—the most important one a high-profile case involving Sarah Jones, a teacher and cheerleader for the Cincinnati Bengals, and a gossip site called The Dirty. When a federal district court ruled that the operator of The Dirty was liable for defamatory content by its users—something CDA 230 was created to protect against—a broad range of companies, organizations, and individuals groups rallied to the site's aid, focusing not on the nature of the gossip site but on the wisdom of CDA 230's broad protections. Practically every major online service provider signed onto an amicus brief seeking the overturning of the district courts rulings, recognizing the dangerous precedent this case was setting. EFF, the ACLU, and other free speech advocates filed a similar brief of their own, underscoring the need to recognize and uphold strong intermediary protections in every case.

Challenges to strong intermediary protection look to continue into 2014. While advocates are right to highlight online abuses and shortcomings in protections for potential victims, efforts to chip away at the critical speech protections like CDA 230 are misguided and will continue to be actively opposed by EFF.

This article is part of our 2013 Year in Review series; read other articles about the fight for digital rights in 2013.

Related Issues: Free SpeechSection 230 of the Communications Decency Act
Share this:   ||  Join EFF
Categories: English

2013 Year in Review: A Principled Fight Against Global Mass Surveillance

Tue, 31/12/2013 - 00:39

As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.

In early 2013, EFF joined with organizations around the world to try to develop a fairly straightforward set of principles for applying human rights law to modern tools of communications surveillance around the world. The basic ideas seemed obvious:

  • Note that human rights law doesn’t allow mass, untargeted spying on ordinary, innocent people;
  • Secret laws are wrong;
  • Computers collecting and analyzing Internet traffic is just as much "surveillance" as a person peeping through a window;
  • Metadata collection and aggregation can be just as privacy invasive as content review;
  • No-one should be denied privacy rights just because they live in another country from those who are spying on them;
  • States can't dodge their obligations to guard the privacy of their own citizens by swapping snooped data with other nations or private companies;
  • States shouldn't undermine the security of us all by undermining encryption or creating back doors.

When EFF and hundreds of other NGOs began articulating these ideas in the summer of 2012, we saw them primarily as a way for lawmakers around the world to improve their own surveillance laws under a common set of human rights standards. We had no idea that Edward Snowden would step forward and shine a light on the chilling details of how States are already violating international human rights standards.

But because of Snowden’s releases, instead of just being a guide for future law, the principles we created—now called the Necessary and Proportionate Principles—quickly became a touchstone for elected officials and experts needing a way to explain why NSA and other intelligence agencies were on a very wrong path. (If you haven't signed the Principles, you can do so now).

Since the Spring, the Principles have gained a lot of traction:

  • In September at the United Nations Human Rights Council’s 24th session in Geneva, EFF along with Privacy International and Access officially launched the Principles during a side-meeting hosted by Germany and other concerned countries.
  • In October, the Inter-American Commission of Human Rights held its first hearing scrutinizing U.S. mass surveillance practices. EFF wrote a joint brief explaining how some of the NSA's programs impact the rights of non-U.S. persons, also drawing from the Principles. We hope that the Inter-American system will join leaders worldwide in condemning U.S. mass surveillance activities—at home and abroad—in the strongest terms.
  • And the biggest of all, on December 18th, 193 Member States of the United Nations General Assembly unanimously adopted the first Resolution on the right to privacy, ordering a human rights analysis of digital surveillance law. The Resolution drew strongly from our Principles and we look forward to further use of them in the upcoming report.

In 2014, EFF will continue to spread the principles far and wide. But while law and policy are important, true security will also depend on technical decisions, including making available easier-to-use encryption for users. Companies also have a role to play by securing their networks, limiting the information they collect, and standing with their users when governments seek access to user data.

Working together, law, policy, and technology can serve as a foundation for a new era of private and secure digital communications.

This article is part of our 2013 Year in Review series; read other articles about the fight for digital rights in 2013.

Related Issues: InternationalState Surveillance & Human RightsNSA Spying
Share this:   ||  Join EFF
Categories: English

2013 in Review: EFF's Battle Against Privacy Invasive "Cybersecurity" Bill

Mon, 30/12/2013 - 19:21

As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.

This spring, one of EFF's main fights for user privacy concerned the Cyber Intelligence Surveillance Privacy Act, or CISPA. It was the second time in two years that CISPA was introduced, and the second time in two years that privacy advocates were able to stop the bill from advancing. CISPA is a broad, overly vague, and poorly written "cybersecurity" bill. The bill aimed to increase information sharing between the private sector and the government, while granting broad legal immunity to the companies for this sharing.  Worse, it could allow for companies to "hack back" at innocent users.

After being introduced in February by Rep. Mike Rogers and Rep. Dutch Ruppersberger, EFF and a coalition of allies fought back hard against the bill. Within a month, EFF had an FAQ on the bill, analyzed the immunity clauses, and looked into its loopholes. The same problems come up time and time again with "cybersecurity" bills proposed in Congress. And we've had a lot of practice since Congress has tried to pass overly broad "cybersecurity" legislation each year for the past four or five years.

Less than two months into the fight, the coalition put the pressure on the White House, asking for a promise to veto CISPA (just like it did in 2012).  The White House announced that it would veto the bill over concerns about both the privacy clauses and the overly broad immunity in the bill.

Despite passing the House, the major flaws of CISPA were known to many. Spurred by the President's veto threat, multiple Senators noted that CISPA was dead in the Senate due to its lack of privacy protections and overly broad immunity provisions.

Shortly thereafter, the huge onslaught of leaks about the NSA's activities—which include collecting users' phone calls, emails, address books, buddy lists, calling records, mobile phone location, online video game chats, financial documents, browsing history/cookies, calendar data, and probably other data—were released.

Suddenly, immunity for sharing more information with the government did not seem quite as attractive.  For now, the "cybersecurity" bills being introduced stick to what should've been Congress' initial game plan: uncontentious bills that increase funding for security research, organizing the current mish-mash of agencies and departments working on computer and network security, and assessing the already-existing agencies working on to make stronger security.

This article is part of our 2013 Year in Review series; read other articles about the fight for digital rights in 2013.

 

 

 

Related Issues: Cyber Security Legislation
Share this:   ||  Join EFF
Categories: English

2013 in Review: EFF Convinces Court to Declare National Security Letters Unconstitutional - President's Panel Agrees

Sun, 29/12/2013 - 16:14

As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.

In a banner year, one of EFF's court victories stands out: 2013 is the year EFF took a huge step towards taking out a piece of the USA PATRIOT Act. In the spring, we convinced a federal district judge to strike down as unconstitutional a National Security Letter (NSL) statute. And we got a big vote of support on December 20 when the President’s Review Group on Intelligence and Communications Technologies called for the banning of NSLs in their current form, stating that it was “unable to identify a principled reason why NSLs should be issued by FBI officials” when similar processes must issue from judges.

NSLs, relatively narrow (though still hugely problematic) national security investigative tools when they were created in the 80s, were dramatically expanded by the USA PATRIOT Act in 2001. With an NSL, and without any prior court approval or oversight whatsoever, the FBI can compel entities such as telephone companies, Internet service providers, and banks and other financial institutions to turn over records revealing intimate and possibly constitutionally-protected details about their customers, such as the identities of anonymous online speakers and their associations. Worse yet, again without any court approval, the FBI can indefinitely gag NSL recipients, preventing them from even disclosing that they received one.

In March, in a strong opinion, Senior District Court Judge Susan Illston of the Northern District of California granted EFF’s petition—brought on behalf of an unnamed telephone company—to set aside the challenged NSL. Judge Illston agreed that 18 U.S.C. § 2709, the NSL statute in question, was facially unconstitutional because it granted unilateral power to the FBI to silence NSL recipients and that this unconstitutional gag rendered the entire process unlawful. Judge Illston ordered the FBI to cease both issuing future NSLs as well as enforcing any NSL-related gag orders, but, as is often the case in national security cases, the court stayed its groundbreaking order pending appeal. Briefing for the appeal begins in January.

How important is Judge Illston’s decision? NSLs—now found to be illegal in their entirety by the district court—have been a ubiquitous tool used by the FBI over the past decade, with the FBI issuing over 85 requests each and every day on average, amounting to over 300,000 since the passage of the USA PATRIOT Act. Without a requirement that a court sign off on its exercise of this unprecedented power, and no meaningful transparency built into the system, the FBI has been repeatedly tempted over the years to cut corners and even on occasion to blatantly misuse this extraordinary power.

The FBI has repeatedly argued that NSLs are necessary tools. However, with a wide range of other options under existing laws that permit the FBI to obtain exactly the same information but with court supervision, the government is in essence arguing for the right to collect sensitive information on its own, without anyone looking over its shoulder.

The government is wrong. As the President’s Review Group on Intelligence and Communications Technologies affirmed, such unchecked access to our records is too dangerous and too ripe for abuse. And as Review Group co-author Richard Clarke diplomatically put it later, NSLs are "a little difficult to square with constitutionality."

We agree: NSLs must end. Whether that end comes through litigation or legislation, EFF looks forward to continue fighting NSLs in the new year.

This article is part of our 2013 Year in Review series; read other articles about the fight for digital rights in 2013.

Related Issues: PrivacyNational Security LettersRelated Cases: In re: National Security Letter
Share this:   ||  Join EFF
Categories: English

2013 in Review: As Governments in the Arab World Crack Down, Activists Fight Back

Sun, 29/12/2013 - 14:58

As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.

The uprisings of 2011 gave hope to many for a new era of Internet governance. While Tunisia made concrete steps toward a freer Internet, many governments throughout the region have grappled with finding a balance between instituting the harsh restrictions that helped create Tunisia's uprising and implementing enough control to prevent their own. In 2013, many governments tended toward the former, implementing censorship for the first time or arresting bloggers, creating a deterrent for those who might dare speak their minds. Here are a few of the threats we've tracked this year and the ways in which activists have fought back.

Censorship on the rise

By far, the biggest surprise this year occurred in Jordan, where a Press and Publications Law created in 2012 resulted in the censorship of more than 300 websites this June. Local news websites that failed or refused to obtain a license under the new law were subsequently blocked, along with a handful of foreign websites that had not been subject to the law in the first place. We've also seen efforts by the governments of Egypt and Morocco to increase censorship.

Nevertheless, activism against these measures has been strong, particularly in Jordan where groups like 7iber have fought back, with support from a wide range of international organizations. In Morocco, activists recently had success in fighting the "Code Numérique", a draft bill that threatens to rear its ugly head again. Their challenge will continue into 2014.

An increase in speech-related arrests

Perhaps the most disheartening trend is the increase that we've seen in arrests of individuals exercising their right to free speech. The recent case of Shezanne Casim, a United States citizen detained in the UAE for posting a satirical video to YouTube, is only one of many in the tiny Gulf country. In Morocco, Ali Anouzla's case has brought international attention to the country's repression of journalists. In neighboring Kuwait, dozens have faced charges of blasphemy for content posted on social networks. And the list goes on.

We've ramped up our efforts to track and advocate for such cases and will continue to do so in 2014.

Surveillance run amok

The revelations brought to the world by Edward Snowden about the NSA's spying did not go missed in the Arab world. With Jordan and Egypt close to the top of the list of the countries most spied on, activists are rightfully angry and have joined the global effort to stop mass surveillance. Amongst the signatories to the 13 Principles on the Application of Human Rights to Communications Surveillance are more than a dozen organizations from the region, including the Arab Digital Expression Foundation, Nawaat, MADA Palestine, and Lakome.org.

Some countries in the region have taken the news about the NSA as a cue to conduct their own spying. While Tunisia's hosting of the Freedom Online Coalition conference in June seemed like good news, the government has since created a new agency that seems to have the mandate to bring surveillance back to the country. And localized surveillance remains a threat in most of the region.

The good news

Recognizing the scope of these threats, EFF teamed up this year with 7iber.com, Access, Global Voices Advocacy, and SMEX to create Digital Citizen, a monthly review of digital rights in the Arab World. We've ramped up our programs, and in early 2014 are partnering with Global Voices to host the fourth Arabloggers meeting in Amman, where we will conduct security and policy training and meet with our allies and fellow travelers from throughout the region. We are also working to support several new groups in countries where their presence is much-needed.

Our allies in the Arab world have continued to inspire us in 2013 and will undoubtedly do so long into the future!

This article is part of our 2013 Year in Review series; read other articles about the fight for digital rights in 2013.

Related Issues: Free SpeechBloggers Under FireInternational
Share this:   ||  Join EFF
Categories: English

2013 in Review: Encrypting the Web Takes A Huge Leap Forward

Sun, 29/12/2013 - 02:55

As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.

This year the public got some hints of the scale on which governments are using electronic surveillance to spy on all of us. We learned how pervasively compromised our communications infrastructure is, and how cavalierly governments have spliced, bribed, lied, hacked, cozened, and secret-ordered their way into network backbones. We saw that individual Internet engineers were seen as legitimate hacking targets. We saw that spy agencies speak casually of mastering, controlling, dominating the Internet.

People everywhere fought back by increasing their use of encryption to protect their privacy. From journalism schools to boardrooms to parliaments, crypto tools were the talk of the town. Around the world, cryptoparties taught people more about adopting encryption tools, often teaching the "Encryption Works" guide written by former EFF Staff Technologist Micah Lee for the Freedom of the Press Foundation (an EFF client). Just last week, CyanogenMod adopted TextSecure to protect the text messages of its ten million users against mass surveillance. (Hey, other mobile vendors! Are you going to match Cyanogen's lead?)

We were particularly happy to see a sharp increase in the use of HTTPS encryption to protect everybody's connections to popular web sites, as well as back-end encryption to protect the exchange of data (like our e-mail) within and between companies. This year major providers took seriously the need to turn on encryption for their services, and a notion that secure connections are a basic industry standard began to take root. We had productive conversations about encryption with the operators of several major sites, and many sites rolled out or pledged to roll out secure connections on a major scale. Some mobile carriers started upgrading the encryption they apply to voice calls, and secure mobile communications apps became much more widely available. We're especially grateful to the many engineers, lawyers, and policy people throughout the Internet industry who have taken on this project as their own.

There's much we don't know about the ways that encryption tools and standards may have been subverted and undermined, and the ways governments may have talked companies out of their plans to roll out encryption. (There's also much we don't know about how governments' secret legal theories and secret industry partnerships may influence the design of communications systems.) We need journalists, engineers, mathematicians, and parliamentary committees to keep digging into these questions. But crypto adoption has a momentum now. In 2014, let's keep up that momentum—and keep up the conversation about end-to-end and host-proof encryption designs, which protect our data against all intermediaries, not just network operators.

This article is part of our 2013 Year in Review series; read other articles about the fight for digital rights in 2013.

Related Issues: PrivacyEncrypting the Web
Share this:   ||  Join EFF
Categories: English

2013 in Review: The Trans-Pacific Partnership Agreement

Sat, 28/12/2013 - 21:38

As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.

Negotiations over the Trans-Pacific Partnership (TPP) intensified in 2013, as trade delegates from the 12 participating countries aimed for (and ultimately missed) a year-end target for completing the sprawling agreement. Although the secretive nature of the negotiations means the public can't really know how far along it is, both leaked position documents and public statements indicate that there are still major unresolved areas of disagreement in the 29-chapter deal.

The biggest TPP story this year was the publication by WikiLeaks in November of the chapter titled "Intellectual Property." Unfortunately, its contents confirmed many of our worst fears: from ratcheting up copyright term lengths around the world, to boxing in fair use, to mandating a draconian legal regime around DRM software, section after section contained clauses plucked from corporate wishlists and snubbed the public interest altogether.

Against that backdrop, it makes sense that opposition to the agreement is mounting around the world. In May, EFF joined activists and protesters in Peru surrounding the round of negotiations held in Lima. As has been typical, neither public interest groups nor concerned citizens were allowed time with negotiators, but we helped coordinate a major petition and rally. These joined actions happening in TPP countries around the Pacific rim, from Japan to Australia to Mexico and more.

In the U.S., opposition has focused on the Obama administrations calls for Congress to grant "fast track authority," thus waiving its constitutional role of reviewing international agreements. If it passes fast track, Congress would instead be limited to a single yes-or-no vote. Under normal circumstances that's dangerous. But in a case where the public (and even Congressional staffers) haven't been allowed to read the agreement at all yet, that's reckless behavior.

We've set up a tool to allow people in the U.S. to contact their legislators asking them to oppose fast track authority for TPP, and people have already used it to send tens of thousands of letters. You can use it to send a letter today. Lawmakers seem to be taking notice: in the past few months, bipartisan letters from House Republicans and Democrats have firmly rejected the lack of transparency around the agreement, casting serious doubt on the possibility of fast track authority.

The year-end deadline has passed, but negotiators—especially the U.S. Trade Representative—continue to play up an artificial urgency to push the agreement through. The secret meetings between the trade delegates will continue into the new year, with the first one set for February.

This article is part of our 2013 Year in Review series; read other articles about the fight for digital rights in 2013.

Related Issues: InternationalTrans-Pacific Partnership Agreement
Share this:   ||  Join EFF
Categories: English